Windows Server Hardening

The Windows server on which PortalGuard will be installed must be configured to not allow standard user accounts to log on locally. This follows the best practice of least privilege, conserves disk space by ensuring Windows profiles are not created unnecessarily and has no ill effect on PortalGuard server operation.

Please perform the following steps:

1. Access Local Security Policies by running secpol.msc from an administrative command prompt

2. In the left-hand navigator, open the Local Policies -> User Rights Assignment folder.

3. In the right-hand frame, double-click the Allow log on locally policy

4. Remove the Users or Domain Users entry in this list:

Click OK to save the change