Bus 4951-8 Unit VIII Project Implementation Plan: Part 3 For the final assignment of this course, you will continue your work with the company you used in Unit 4 and Unit 6 which was Buffalo Wild Wings, Inc., 2013. For the Unit 8 Project, you will complete the final components of your implementation plan. For Part 3, you will focus on the following points: · internal and external issues, · competition , · future outlook for the organization, and · Implementation of tools for measuring business success. Much of the information you will need to complete this segment can be found in the case study in the textbook. However, you are welcome to conduct further research as needed. For the future of the organization, you may be creative and add your own insight on where you see the company going. Your project must be a minimum of three full pages in length, not including the title and reference page. Make certain to include an introductory paragraph. Below is the information from Unit 4 and 6. Buffalo Wild Wings, Inc., 2013 www.buffalowildwings.com , BWLD Headquartered in Minneapolis, Minnesota, Buffalo Wild Wings (BWW) is the largest chicken wing–based sports bar in the USA. BWW offers a welcoming atmosphere, open layout catering to families, sports enthusiasts, and chicken wing lovers. The typical store offers 20 to 30 different beers on draft and tap, up to 10 projection TV screens, and up to 50 smaller TVs for people to watch sporting events. BWW specializes in traditional bone-in chicken wings and boneless chicken wings complimented by its 16 different wing sauces. BWW also sells burgers, other finger foods, and alcoholic beverages. The typical restaurant offers a diverse selection of beers, wines, and liquor options. As of year end 2012, BWW operated 891 stores of which 381 were company-owned and 510 were franchisee-owned. The company expects to increase its total number of restaurants by 105 in 2013 and approximately by the same amount in 2014. The typical restaurant is between 4,000 and 10,000 square feet and costs around $2 million to build, including the land, building, appliances, etc. Each has 50 high-definition flat-screen TV’s and 10 large projection screen TV’s. Takeout orders comprise 14 percent of BWW sales. In their company-owned restaurants, BWW employs 25,500 people, 2,800 full-time and 22,300 part-time, which it calls team members. Five of the top nine executives are females including the CEO, Sally J. Smith. BWW operates its 817 stores in 48 U.S. states and Canada. BWW opened five new restaurants in 2012 on the parking lots of big-box retail stores such as Home Depot. BWW expects to have 1,500 restaurants in the USA and Canada by 2016, and many of them will be in vacant space of Sears stores, parking lots, and malls. Copyright by Fred David Books LLC. (Written by Forest R. David) History In 1981, James Disbrow, from Buffalo, New York, along with friend, Scott Lowery, went looking for a Buffalo-style chicken wing restaurant aro ...

1. Bus 4951-8 Unit VIII Project
Implementation Plan: Part 3
For the final assignment of this course, you will continue your
work with the company you used in Unit 4 and Unit 6 which
was Buffalo Wild Wings, Inc., 2013. For the Unit 8 Project, you
will complete the final components of your implementation
plan.
For Part 3, you will focus on the following points:
· internal and external issues,
· competition ,
· future outlook for the organization, and
· Implementation of tools for measuring business success.
Much of the information you will need to complete this segment
can be found in the case study in the textbook. However, you
are welcome to conduct further research as needed. For the
future of the organization, you may be creative and add your
own insight on where you see the company going.
Your project must be a minimum of three full pages in length,
not including the title and reference page. Make certain to
include an introductory paragraph.
Below is the information from Unit 4 and 6.
Buffalo Wild Wings, Inc., 2013
www.buffalowildwings.com , BWLD
Headquartered in Minneapolis, Minnesota, Buffalo Wild Wings
(BWW) is the largest chicken wing–based sports bar in the
USA. BWW offers a welcoming atmosphere, open layout
catering to families, sports enthusiasts, and chicken wing
lovers. The typical store offers 20 to 30 different beers on draft
and tap, up to 10 projection TV screens, and up to 50 smaller
TVs for people to watch sporting events.
BWW specializes in traditional bone-in chicken wings and
boneless chicken wings complimented by its 16 different wing

2. sauces. BWW also sells burgers, other finger foods, and
alcoholic beverages. The typical restaurant offers a diverse
selection of beers, wines, and liquor options. As of year end
2012, BWW operated 891 stores of which 381 were company-
owned and 510 were franchisee-owned. The company expects to
increase its total number of restaurants by 105 in 2013 and
approximately by the same amount in 2014. The typical
restaurant is between 4,000 and 10,000 square feet and costs
around $2 million to build, including the land, building,
appliances, etc. Each has 50 high-definition flat-screen TV’s
and 10 large projection screen TV’s. Takeout orders comprise
14 percent of BWW sales.
In their company-owned restaurants, BWW employs 25,500
people, 2,800 full-time and 22,300 part-time, which it calls
team members. Five of the top nine executives are females
including the CEO, Sally J. Smith. BWW operates its 817 stores
in 48 U.S. states and Canada. BWW opened five new restaurants
in 2012 on the parking lots of big-box retail stores such as
Home Depot. BWW expects to have 1,500 restaurants in the
USA and Canada by 2016, and many of them will be in vacant
space of Sears stores, parking lots, and malls.
Copyright by Fred David Books LLC. (Written by Forest R.
David)
History
In 1981, James Disbrow, from Buffalo, New York, along with
friend, Scott Lowery, went looking for a Buffalo-style chicken
wing restaurant around the campus of Kent State University in
Ohio while judging a figure skating competition. Unable to find
a satisfactory restaurant in the area similar to what they knew
was good from back home, the concept of opening Buffalo Wild
Wings and expanding this tradition of Buffalo, New York, to
other areas of the country was born. The first restaurant named
Buffalo Wild Wings & Weck or BW3, was opened in Columbus,
Ohio, in 1982 near the campus of Ohio State University. In
1991, BWW began its franchising program and in 2003 the
company completed its initial public offering.

3. Vision and Mission
BWW refers to its mission statement in its code of ethics, but
the firm does not provide an explicit mission or vision
statement on its website or its annual report. However, BWW
does provide its “concept and business strategy” as follows:
· Continue to strengthen the Buffalo Wild Wings brand
· Deliver a unique guest experience
· Offer boldly-flavored menu items with broad appeal
· Create an inviting, neighborhood atmosphere,
· Focus on operational excellence,
· Open restaurants in new and exciting domestic markets and
new countries and
· Increase same-store sales, average unit volumes and
profitability.
EXHIBIT 1 BWW’s Organizational Design
Source: Company documents.
Organizational Chart
As indicated in Exhibit 1, BWW appears to operate from a
divisional by geographic region structure.
Internal Issues
Statement of Ethics and Governance
BWW has two statements of ethics: one for regular employees
and one for executives. For employees, the Code of Ethics
provides an overall standard for ethical conduct in conjunction
with what is viewed today as ethical business behavior. The
statement also provides the following: (a) how to report
violations of conduct, (b) extensive personal conduct policies,
(c) conflicts of interests, (d) protecting trade secrets, (e)
disclosure of financial data, (f) environmental impact, and much
more. The executive code of ethics is similar to the document
for employees. Both codes of ethics stress doing the job to the
best of one’s ability and seeking help before making a decision
on any matters of which the employee is not sure of.
BWW provides a well-detailed corporate governance document
for view on its website. This document stresses all key issues

4. related to the governance of BWW, including but not limited to:
board size, board leadership policies, selection of new directors,
retirement, compensation, and stock ownership policies.
Business Segments
As indicated in Exhibit 2, 22 percent of BWW’s revenues come
from alcoholic beverages. Not included in the chart but
important to note is that 13 percent of BWW’s sales come from
takeout orders, an area in which BWW states it does not try to
compete on and do not consider takeout wing establishments its
primary competitors. But 13 percent is quite large and may be a
growth area for the company in the future.
Exhibit 3 reveals strong revenue growth for BWW’s company-
owned and franchised stores over the last three years. Revenue
from company-owned stores increased 34 percent in
2012. Exhibit 4reveals average revenue per store. Note that
franchised stores are outperforming company-owned stores on
average, but this is partly the result of BWW repurchasing
underper-forming franchised stores.
EXHIBIT 2 A BWW Revenue-by-Product Percentage Analysis
Traditional Wings
Boneless Wings
Alcoholic Beverages
Other Food/Beverages
Years
20%
19%
24%
37%
2011
20%
19%
22%
39%
2012
Source: Company documents.
EXHIBIT 3 BWW Revenue Analysis: Company Owned versus

5. Franchised Restaurants
2012
2011
2010
2009
Company Owned
$964M
$717M
555M
489M
Franchised
$1,510M
$1,326M
1,148M
992M
Source: Company documents.
EXHIBIT 4 BWW’s Average Revenue per Restaurant
2011
2010
2009
Company Owned
$2.25M
2.14M
2.11M
Franchised
$2.66M
2.43M
2.36M
Source: Company documents.
Strategies
BWW is currently employing both market penetration and
market development strategies and plans to have around 1,500
restaurants within the next several years, nearly double what
they currently own. BWW is considering adding locations

6. outside its current two countries: USA and Canada. The
company also expects to maintain its 60–40 split of franchised-
owned to company-owned stores. Opening new stores especially
in new countries would create additional risks, such as limited
brand awareness, supply chain issues, unknown competitors,
and much more. BWW is considering expanding into
international markets via joint ventures with an established
global brand.
Exhibit 5 reveals BWW growth over recent years. Note in 2012
the 19 percent growth in company-owned stores and 2.4 percent
for franchised stores.
Marketing and Advertising
EXHIBIT 5 BWW’s Growth: Number of Restaurants
2012
2011
2010
2009
Company-Owned
381
319
259
232
Franchised
510
498
473
420
Source: Company documents.
Since its inception in 1982, BWW has specialized in offering a
unique brand experience for guests with the wide array of 6
award-winning sauces, beer variety, conveniently located TVs, a
great social and sporting atmosphere, and though not
acknowledged by the company, sex appeal with young attractive
female waitresses. BWW instituted Tablegating at
its restaurants in 2011 to promote sporting events, good food,

7. beverages, and fellowship among fans. BWW maintains a year-
round advertising presence but increases this advertising around
its peak seasons, generally NCAA football in the fall and NCAA
basketball in the spring. Each BWW franchise pays a royalty fee
of 5.0 percent and an advertising fee of 3.5 percent of restaurant
sales.
Finance
In 2011 alone, BWW built 50 new company-owned stores and
repurchased 18 franchised stores. Exhibits 6 and 7 are the
financial statements for BWW. Note net income increased 13.6
percent from 2011 to 2012. Note on the balance sheet that BWW
currently has $32 million in goodwill, up from $17 million in
2011.
EXHIBIT 6 BWW’s Income Statements
(Amounts in thousands except per share data)
Fiscal years ended
December 30, 2012
December 25, 2011
December 26, 2010
Revenue:
Restaurant sales
$ 963,963
717,395
555,184
Franchise royalties and fees
76,567
67,083
58,072
Total revenue
1,040,530

8. 784,478
613,256
Costs and expenses:
Restaurant operating costs:
Cost of sales
303,653
203,291
160,877
Labor
289,167
215,649
167,193
Operating
141,417
109,654
88,694
Occupancy
54,147
44,005
36,501
Depreciation and amortization
67,462
49,913
39,205
General and administrative
84,149
72,689
53,996
Preopening
14,630

9. 14,564
8,398
Loss on asset disposals and store closures
3,291
1,929
2,051
Total costs and expenses
957,916
711,694
556,915
Income from operations
82,614
72,784
56,341
Investment income
754
118
684
Earnings before income taxes
83,368
72,902
57,025
Income tax expense
26,093
22,476
18,625
Net earnings
$ 57,275
50,426
38,400
Earnings per common share – basic
$ 3.08
2.75
2.11
Earnings per common share – diluted
$ 3.06

10. 2.73
2.10
Weighted average shares outstanding – basic
18,582
18,337
18,175
Weighted average shares outstanding – diluted
18,705
18,483
18,270
EXHIBIT 7 BWW’s Balance Sheets
(Dollar amounts in thousands)
December 30, 2012
December 25, 2011
ASSETS
Current assets:
Cash and cash equivalents
$ 21,340
$ 20,530
Marketable securities
9,579
39,956
Accounts receivable, net of allowance of $25
20,203
12,165
Inventory
7,820
6,311

11. Prepaid expenses
3,869
3,707
Refundable income taxes
4,122
7,561
Deferred income taxes
5,774
6,323
Restricted assets
52,829
42,692
Total current assets
125,536
139,245
Property and equipment, net
386,570
310,170
Reacquired franchise rights, net
37,370
21,028
Goodwill
32,365
17,770
Other assets
9,246
7,146
Total assets
$ 591,087
$ 495,359
LIABILITIES AND STOCKHOLDERS’ EQUITY
Current liabilities:

12. Unearned franchise fees
$ 1,763
$ 1,852
Accounts payable
36,418
30,089
Accrued compensation and benefits
39,637
30,499
Accrued expenses
11,461
7,580
System-wide payables
51,564
44,250
Total current liabilities
140,843
114,270
Long-term liabilities:
Other liabilities
1,752
1,544
Deferred income taxes
37,128
38,512
Deferred lease credits
27,992
23,047
Total liabilities
207,715
177,373
Commitments and contingencies

13. Stockholders’ equity:
Undesignated stock, 1,000,000 shares authorized, none issued
—
—
Common stock, no par value. Authorized 44,000,000 shares;
issued and outstanding 18,623,370 and 18,377,920, respectively
121,450
113,509
Retained earnings
262,047
204,772
Accumulated other comprehensive loss
(125)
(295)
Total stockholders’ equity
383,372
317,986
Total liabilities and stockholders’ equity
$ 591,087
$ 495,359
Source: 2012 Form 10K, p. 37.
Locations
BWW’s home office in Minneapolis consists of 48,000 square
feet and is under a lease that terminates in 2017 with an option
to renew for another five-year term. BWW has 891 restaurants
in 49 different U.S. states and 7 additional restaurants in
Ontario, Canada. Exhibit 8 provides the top 10 U.S. markets
ranked by total number of BWW restaurants. Note that Texas
has the most BWWs, followed by Ohio. Exhibit 9 reveals that
approximately 43 percent of all BWW restaurants are located in
Midwestern states. The Northeast, West, Canada, and other
world locations are still relatively untapped by BWW.
Restaurant Franchise Operations
Approximately 59 percent of all BWWs are franchised and

14. owned and operated by the franchisee. Franchises fees range
from $25,000 to $42,500 depending on the owner’s restaurant
experience and the number of stores he or she currently
operates. The general lease is typically for a 20-year initial term
with the possibly to renew subject on certain conditions that the
company does not specify.
In addition to the initial start-up costs, franchisees also pay
royalty fees of 5 percent on all restaurant sales, with an
additional 3.5 percent of sales revenue being attributed to
advertising. There is a provision in all contracts whereby BWW
can increase the fees by 0.5 percent once every three years. It is
unclear from company documents whether this would amount to
a 5.5 percent fee or a 5.025 percent fee. BWW does not expect
to enact this provision in the next two years.
EXHIBIT 8 BWW’s Top 10 U.S. States (Number of Stores)
2011
2012
2011
2012
2011
2012
USA
Company-Owned
Franchised
Total
Texas
37
43
51
45
88
88
Ohio
32
32

15. 53
53
85
85
Illinois
13
18
46
43
59
61
Indiana
7
7
42
42
49
49
Michigan
0
0
43
47
43
47
California
11
18
24
28
35
46
Virginia
15
16
20

16. 20
35
36
Florida
4
5
26
27
30
32
Minnesota
23
23
5
5
28
28
Missouri
7
6
20
21
27
27
Source: Company documents.
EXHIBIT 9 BWWs’ by U.S. Region (2011)
Region
Total Stores
Percent
Midwest
353
43
Southeast
282
35
West

17. 107
13
Northeast
71
9
Canada
4
-
Total
817
100%
Source: Company documents.
Competitors
In the competitive restaurant industry, BWW is attracting
customers based on taste, quality, service, and ambience.
Primary competitors include Hooters, T.G.I Friday’s, Chili’s,
Applebees, and many regional and mom-and-pop sports bars
across the USA and Canada. In addition to sports bars and
chicken wing-themed establishments, BWW does not consider
quick-service restaurants (QSR), such as McDonald’s and
Kentucky Fried Chicken, as competitors, nor surprisingly quick
takeout chicken wing establishments. This corporate view is
surprising because many quick-service chicken wing stores can
offer much lower prices than BWW because its overhead is
significantly less. Recall that 13 percent of all BWW sales are
derived from takeout customers. This 13 percent can somewhat
be considered a gift because BWW does not promote its takeout
business with volume discounts, “tailgate specials,” or any
other marketing strategy.
Exhibit 10 provides a financial comparison of BWW with
DineEquity (owner of Applebees’s) and Brinker International
(owner of Chili’s). Note that BWW has the highest price-
earnings ratio but has the lowest revenues among the three.
T.G.I. Friday’s
With about 1,000 locations worldwide, T.G.I. Friday’s (often
shortened to “Friday’s” in most countries, and stylized

18. “FRiDAY’S”, or “T.G.I.s” in the United Kingdom and the
Republic of Ireland) is a U.S. restaurant chain focusing on
casual dining, similar to BWW. T.G.I is owned by the Carlson
Companies, a privately-held firm, so financial information is
difficult to obtain about T.G.I Friday’s. The company name,
however, is taken from the expression TGIF, which stands for
“Thank Goodness It’s Friday,” although some recent television
commercials for the chain have also made use of the alternative
phrase, “Thank God It’s Friday.” The company is known for its
red-striped canopies, brass railings, Tiffany lamps, and frequent
use of antiques as dècor.
Hooters
HOA Restaurant Group (Hooters), based in Atlanta, Georgia,
was founded in 1983 in Clearwater, Florida, and currently
operates more than 430 franchise restaurants in more than 27
different countries, and additionally, the company operates 160
stores. The theme and concept of Hooters has changed little
over the last 30 years and chicken wings is a main product
served. The typical Hooters restaurant experience includes the
sex appeal of female waitresses, jukebox-style music, sports on
television, and a menu that focuses around chicken wings, but
also includes seafood, salads, and sandwiches. Around 68
percent of all Hooters sales are derived from food and
nonalcoholic beverages, 28 percent from beer or other alcoholic
beverages, and 4 percent from merchandise, such as Hooters
calendars and appeal.
EXHIBIT 10 A Financial Comparison of BWW with Brinker
International and DineEquity
BWW
DineEquity
Brinker Int.
Market Capitalization
1.61B
804M
2.4B

19. Number of Employees
2.8K
640
60.3K
Revenue
1.04B
1.02B
2.81B
Gross Margin
0.26
0.40
0.18
Net Income
57.2M
72.6M
146M
EPS Ratio
2.90
4.00
1.77
P/E Ratio
29.91
10.99
18.00
EPS, earnings per share; P/E, price-to-earnings.
Source: Company documents.
Applebee’s
Founded in 1976 as the International House of Pancakes (IHOP)
and based in Glendale, California, with 640 full-time
employees, DineEquity today operates both Applebee’s
Neighborhood Grill and Bar and IHOP. As of year-end 2011, the
company operated 1,842 Applebee’s franchise restaurants in the
USA and 16 different foreign markets and 177 additional
company-owned restaurants. There were 1,535 IHOP-franchised
restaurants in the USA and 5 in foreign markets and 10
company-owned IHOP restaurants. DineEquity has experienced

20. a 40-percent decline in revenues from $1.4 billion in 2009 to
$1.0 billion in 2011.
The Applebee’s segment of DineEquity competes with BWW by
serving chicken wings, burgers, and other bar finger foods along
with alcoholic and nonalcoholic beverage items. Applebee’s
also sells steaks, its most popular item, and have begun a new
fresh menu offering new chicken, seafood, and salads in an
attempted to capitalize on a healthier-minded consumer. In
addition to the historical similarity in food times with BWW,
Applebee’s also markets itself as a neighborhood bar and grill
and provides a limited sports bar atmosphere around the bar
area during times of significant sporting events. New CEO Mike
Archer of Applebee’s is currently reducing the pop culture feel
of Applebee’s decor, adding healthier items such as its less-than
500-calorie menu, so it has yet to be determined how close of a
competitor of BWW Applebee’s will remain.
Chili’s
Founded in 1975 as Chili’s in Dallas, Texas, Brinker
International operates both Chili’s Grill & Bar and Maggianos’s
Little Italy. As of year-end 2011, Brinker operated 1,534 Chili’s
and 45 Maggiano’s. The company has restaurants in all 50 states
and in more than 30 countries. The company experienced an 18-
percent decline in revenues from $3.2 billion in 2009 to $2.7
billion in 2011. The Chili’s segment most closely competes with
BWW offering many similar food items, alcoholic beverages,
and a care-free atmosphere. However, Chili’s does not
incorporate a sports bar aspect into its stores.
External Issues
Chicken wing prices in 2012 increased 62.8 percent over the
prior year to an average price per pound of $1.97. Chicken
wings accounted for 27 percent of BWW’s cost of sales in 2012,
up from 19 percent the prior year.
Domestic Economy
Unemployment is hovering just above 8 percent and interest
rates are low but banks are not readily lending. Consumers
continue to pinch pennies. “Dining out easily can be postponed,

21. so many restaurants are a “very visible indicator” of what’s
happening in the economy,” says Malcolm Knapp, a New York-
based consultant who created the Knapp-Track Index and has
monitored the industry since 1970. “Amid declining confidence,
consumers don’t have the appetite to eat away from home as
frequently,” he said. The USA is facing more than $600 billion
in higher taxes and reductions in defense and other government
programs in 2013. U.S. retail sales are weakening, and
consumer sentiment, measured by the Bloomberg Comfort
Index, is declining. “It doesn’t feel like we’re out of a recession
for many middle-class American households,” Knapp said. In
what’s become an “allocation nation,” consumers must choose
between different categories of discretionary spending, and
dining out is “very sensitive” to changing habits.
Commodity Prices
BWW does not engage in any form of futures contracts for
purchasing wings, instead purchasing at market prices and
accepting the volatility that comes with that strategy. BWW
acknowledges this problem and is actively looking for a long-
term pricing agreement but has yet to come to agreement with
any provider of chicken wings. Also, most BWW supplies are
provided by third parties, leaving BWW with limited little
control over its supply chain. Failure to deliver chicken wings,
sauce, paper products, beverages, and such on time could
severely impact its business.
Future
BWW is one of the fastest-growing restaurant chains in the USA
and also one of the hottest stocks for investors. The company’s
strategy to focus on chicken wings, beer, sports, and attractive
waitresses continues to be a winning business model. Perhaps
the most important challenge facing BWW is with its expansion
policy. The company expects to double its total stores in the
next three to four years. CEO Sally Smith is currently faced
with continuing expansion in stronghold markets in the Midwest
and Southeast or exploring markets in the Northeast, West,
Canada, and other international markets. BWW has two

22. franchise development agreements for restaurants in the Middle
East and Puerto Rico.
BWW lacks control over its supply chain and has no real futures
contracts in place to hedge against volatile chicken wing prices.
Should CEO Smith actively establish contracts with chicken
producers to buy chicken wings on a futures contract? Are there
other backward integration strategies CEO Smith could pursue
to help protect against untimely delivery, poor quality, or
volatile pricing of supply chain products?
Another strategic issue facing BWW is its neglect of the takeout
business. Although the company focuses on selling a casual
sporty dining environment, many sports fans enjoy watching
games at home, tailgating at the event, or even just enjoying a
day at the lake or beach. Currently BWW does not offer any
type of marketing package or takeout options for this customer
group, rather it expects the customer to pay full menu dine-in
prices with little price discount for volume purchases. However,
with 13 percent of sales, and a much larger percent of food sales
because takeout typically does not include alcohol, there is an
opportunity to grow this business.
Develop a three-year strategic plan for CEO Sally Smith at
BWW.
Lab #3
Student
Teacher
Class

23. Implementing System Restore Points
1. Investigate the System Restore tool (used to manage system
restore points). To access the tool, open the System tool from
Control Panel (Control Panel > System and Security > System).
2. Then, click on System Protection (left menu).
System restore tool helps users of the operating system to
restore back the previous versions of files that were deleted
from the computer. The tool will not affect the state of the
computer in the current condition like affecting the installed
files or software. (Poulton, Bellet & Holt, 2015).
3. Identify appropriate sources of information (e.g. Windows
Help, Microsoft Technet, etc.) for instructions for using the
Windows 8.1 System Restore Point capability. Using those
sources, research the procedures required to perform the
following tasks:
a. Create a system restore point for a Windows 8.1 system
Launch the Windows Help and Support from the start menu,
then search for create restore point.
From the search results, select “create restore point.”
This will take you to the panel with the descriptions on how to
create the restore point on Windows operating system.
b. Use a system restore point to roll-back changes made to a
Windows 8.1 system
To roll-back the changes made is possible on the Windows

24. platform where there is the undo feature.
c. To access this, utilize the Windows Help and Support, after
launching the Windows Help and Support, type “undo restore
point.”
d. Select on the “undo system restore” option on the search
results. This will give the guidelines on how to undo the system
restore on the Windows operating system.
e. Remove system restore points from a Windows 8.1 system
(some and all).
It is possible to remove the restore points from Windows 8.1
platform. This action is possible through the use of the delete
restore point option in the Windows Help and Support. Search
for “delete a restore point” on the Windows Help and Support
tool. This will give a guide on whether to delete all the restore
points or some of the restore point.
Managing Programs and Features for Windows 8.1
1. Programs and Features tool
This tool is a default point in Windows operating system where
all the installed programs can be located in the computer. This
tools can act as an alternative place for uninstalling programs
from the computer. All the programs installed will be displayed
together with the necessary information regarding the specified
program like date modified, size on the disk etc (Poulton,
Bellet, & Holt, 2015).
To access, launch the control panel on Windows operating
system then under programs item, go to Program and Features
option (Poulton, Bellet, & Holt, 2015).
2. Identify appropriate sources of information (e.g. Windows
Help, Microsoft Technet, etc.) for instructions for using the
Programs and Features tool. Using those sources, research the

25. procedures required to perform the following tasks:
a. Turn Windows Features On or Off.Windows Help and
Support
To launch the windows help and support feature, access the
start menu then locate the help and support menu item. Launch
the help and support item the search help type programs and
features then press enter (Poulton, Bellet & Holt, 2015).
The list provided, contains the instruction on how to use this
feature on the Windows operating system. From the list, click
on ‘turn Windows features on or off’
This tool works best because it has documentation of windows
and all the guidelines to use the platform.
b. Modify, Repair, or uninstall a program from a Windows 8.1
system.Uninstalling a program.
Programs after being installed to the computer, can only be
deleted by uninstalling them off from the computer. Programs
can be uninstalled from the Programs and Features option on the
control panel (Poulton, Bellet, & Holt, 2015). All the installed
programs will be displayed in this area. To uninstall a program,
select on the program you want to uninstall. Then the option
will display on the top of the panel to uninstall. However, some
programs can be changed or repaired while others can only be
uninstalled. You can choose to uninstall the selected program,
change or repair it (Poulton, Bellet, & Holt, 2015).
Windows Help and Support.
Launch the Windows Help and Support from the start menu.
Type program and features then press enter. Select uninstall or
change program.
This will provide the guidelines to uninstall or change a
program on the Windows operating system.

26. c. Select and Install Updates for Windows and Windows
Applications, find an installed Update, Remove an installed
update.Find an installed update
To find Windows Updates, launch the control panel from the
start menu. Go to system and security then WindowsUupdate.
To view the installed updates, click on the update history on the
navigation panel. Then on the opened pane, click on see the
installed updates.
You can choose to remove an installed update by uninstalling
from the system.
Implementing Security Configuration Rules Using the Local
Group Policy Editor
Note: you are NOT implementing the DISA / DoD STIG in this
section. You are implementing a set of security configuration
rules that your “company” has selected from industry accepted
sources.
1. Investigate the Local Group Policy Editor tool (Windows Key
+ R then type gpedit.msc). Pay particular attention to the menu
tree in the left-hand pane (expand and review the categories of
settings which can be changed using this tool).
Security settings policies are the rules that the computer user
can configure on a single computer, or multiple computers, for
the main purpose of protecting resources that are on a computer
or network. The Security Settings extension of the Local Group
Policy Editor snap-in (Gpedit.msc) allows the computer user to
define security configurations as part of a Group Policy Object
(GPO) (Poulton, Bellet, & Holt, 2015).
This security measure operates on the software environment
where the instruction on how the computer works is based
(Poulton, Bellet, & Holt, 2015).

27. Security settings can control:
i. User authentication to the network or computer.
ii. Whether to record a user’s actions in the Event log.
iii. The resources that the computer users are permitted to
access.
iv. Membership in the group.
Logical groupsBanner group
Warning: Using Registry Editor incorrectly can cause serious,
system-wide problems that may require reinstallation of
Windows 2000 to correct them. Microsoft cannot guarantee that
any problems resulting from the use of Registry Editor can be
solved (Poulton, Bellet, & Holt, 2015).
1. Login to the domain controller machine with the
administrator account. Click on Start, Click on Administrative
Tools, Click on Group Policy Management. Under Domains,
right click your domain and click on Create a GPO in this
domain, and link it here. Create the policy of your choice.
2. Write the policy you created and click on Edit. On Group
Policy Management Editor, click on Computer Configuration,
expandPolicies, expand Windows Settings, expand Security
Settings, expand Local Policies, and click on Security Options.
3. On the right pane look for the policy Interactive Logon:
Message text for users attempting to log on.This security setting
specifies a text message that is displayed to users when they log
on. You can paste the Logon text that is to be displayed to the
users before they log in. Click on Apply and OK.
4. On the right pane look for the policy Interactive Logon:
Message title for users attempting to log on.This security
setting allows the title to appear in the title bar of the window
that contains the Interactive logon. Type the title text and click
on Apply and OK.Notification group

28. It is recommended that the system display a warning message to
users before allowing them to log on. It may be necessary to get
help with the wording of the message from the company's legal
department. The message should inform users that the system is
for authorized use only, and that they could be prosecuted if
they misuse the system (Poulton, Bellet, & Holt, 2015). For
example,
1. Log on using an administrator account.
2. Open the Active Directory Users and Computers tool.
3. Right-click the container holding the domain controller and
click Properties.
4. Click the Group Policy tab, and then click Edit to edit the
Default Domain Policy.
5. In the Group Policy window, expand Computer
Configuration, navigate to Windows Settings, to Security
Settings, and then to Local Policies.
6. Select Security Options.
7. In the details pane, double-click Message title for users
attempting to log on.
8. Check the Define this policy setting box.
9. Enter the title for the message (for example, "Warning") and
click OK.
10. Double-click Message text for users attempting to log on.
11. Check the Define this policy setting box.
12. Enter the text for the message and click OK.
13. Exit the Group Policy window.
Restart a domain client and log in to the domain to see the login
banner message.
Since this security setting is associated with the default domain
GPO, it applies to all computers in the domain. This setting will
override any local policies (defined on individual computers)
that specify this security parameter, but will not override any
OU policies that specify this value.Log on group.

29. This security option determines whether a computer can be shut
down without having to log on to Windows. When this policy is
enabled, the Shut Down command is available on the Windows
logon screen. When this policy is disabled, the option to shut
down the computer does not appear on the Windows logon
screen. In this case, users must be able to log on to the
computer successfully and have the Shut down the System user
right in order to perform a system shutdown. By default, this
option is enabled on workstations and disabled on servers in
Local Computer Policy (Poulton, Bellet, & Holt, 2015).
Disable the shutdown button on the Windows logon screen of
Domain Computers as follows:
1. Log on using an administrator account.
2. Open the Active Directory Users and Computers tool.
3. Right-click the container holding the domain controller and
click Properties.
4. Click the Group Policy tab, and then click Edit to edit the
Default Domain Policy.
5. In the Group Policy window, expand Computer
Configuration, navigate to Windows Settings, to Security
Settings, and then to Local Policies.
6. Select Security Options.
7. In the details pane, double-click Allow system to be shut
down without having to log on.
8. Check the Define this policy setting box, select Disabled and
click OK.
9. Exit the Group Policy window.
References
Poulton, D., Bellet, R., & Holt, H. (2015). MCSA 70-687 cert
guide: Configuring Microsoft Windows 8.1. Indianapolis, IN:
Pearson.

30. Kim, D., & Solomon, M. (2011). Fundamentals of information
systems security. Sudbury, MA: Jones & Bartlett Learning.
Zacker, C. (2014). Configuring Windows 8.1, exam 70-687.
Lab #2
Student
Teacher
Class
Introduction
This document provides a brief step by step procedure for
Windows 8.1 antimalware protection tools which will always
secure your system from malware. The document will count
three main antimalware tools namely Windows Defender,
Windows Firewall and Microsoft Baseline Security Analyzer
(MBSA).
All of the three tools come shipped in the Windows 8.1
operating system to help monitor the computer system by
preventing malware from affecting the Windows operating
system.
First I will discuss the configuration of Windows defender and

31. write guidelines on how it monitors malware.Windows Defender
Windows Defender came in with later version of Windows
operating system from Windows 8.1 and sooner Windows
operating system. It came to replace Microsoft security
essentials which has been used in older version of Windows for
malware protection as a standalone antivirus program than the
later embedded windows defender which comes with windows
8.1 and new version of windows.Launching windows defender
By using Windows key + S will help you type in the name of the
Windows Defender. Once done in typing the name of the search,
we can select Windows Defender and run the application
program. Because the Windows Defender is not activated by
default, we need to have a well working internet services to
activate the application for its functionality. We can also opt for
option two to make use of offline installer for Windows
Defender which we can run without need of internet services.
Once installed, we will always be needing internet connection
to allow our Windows Defender to check and download the
latest virus updates and spyware definitions always.Updating
Windows Defender
Keeping Windows Defender up to date will always make
malware detection and protection very active. Expired Windows
Defender definitions will make computer systems vulnerable to
malwares. The expired anti malware definition allows new
malwares to attack and multiply in your computer system
leading program infection and malfunction. The viruses and
Trojans become active and cannot be easily controlled. The
following diagram illustrations how Windows Defender
interface looks like and how to update the Windows Defender to
keep it up to date.
For update, Windows Defender will always display a
notification message to notify you that your Windows Defender
virus and antispyware definitions are up to date and need to be
updated as illustrated below.
The figure above is a good example of out of date Windows

32. Defender which requires internet connection fixes so as it can
update. By clicking the update button, we allow our Windows
Defender to update and the program will check for updates from
the internet. If it finds the up to date updates, it will set virus
and spyware definitions up to date.
As we can see above, the colour of our frame and error picture
symbol is yellow in colour, this means we are operating our PC
at a very severe condition which can lead to harmful effects
through investments of viruses and spywares.
On clicking update button, the following download progress bar
will be seen in the frame shown below indicating that our
Windows Defender is trying to search for any available up to
date definitions. The figure below shows progress bar of
Windows Defender searching for update definitions from online.
If no internet or in case of error in connectivity, the error
message will be displayed as shown below.
The image above shows us that there was error in internet
connection and that’s what made our Windows Defender not to
update.
Else if our Windows Defender finds the internet connection, it
downloads the updates, automatically installs the update and
sets our pc protection status as protected and we are secure from
threats and malware attack.
Figure bellows shows us an up to date Windows Defender.
As we can see above, our PC is fully protected.Using Windows
Defender to scan for malwares
Scanning for Windows against malwares is always
recommended. Although Windows Defender can allow us to set
for scheduled scans after a set interval of time, it is highly
advisable to have continuous daily scan to mitigate our
malwares which are inactive from affecting our systems. To
perform a scan, we consider using the home tab found in
Windows Defender interface as shown below.

33. Using the interface, we can be able to select which type of scan
we want to perform. As shown above, we may opt to use quick
scan which only performs shallow scan without getting deeper
into system files but only scanning the default suspected
directories and computer locations. Custom scan may be used to
scan the system locations and directories which user may
suspect are infected and not the whole system but only some
parts.
Full scan option is used to scan the whole computer system.
Scanning all memory locations, hard disks and registry of the
computer system. It is always advisable to perform full scan to
prevent any chance of having hidden malwares which might
attack the PC later.
After scanning the PC, a history of malwares is always
displayed indicating the malware type and its level of effects on
PC. The levers are either weak, moderate or severe. Whereby a
severe malware can destroy the computer files and interfere
with it completely if they are not monitored or quarantined. By
quarantine the viruses, their risk of effects is minimized.
Windows Defender has scan settings which requires user to
specify which actions to be done on the malwares. Either be
quarantined or removed. But it is highly advised to remove the
virus instead of quarantine to prevent future viral effects by
those quarantined malwares. The figure below shows malware
detected and their effect levels to the system.
The figure above shows worms and Trojan which the risk level
is very severe and can damage the operating system
applications.Setting up Windows Defender
Windows Defender contains settings that allows the user to
specify how he wants it to protect his system. The figure below
shows all possible options available for settings.
i. Starting from setting number one, we find that we can set our
Windows Defender to prevent your PC on real time. Meaning

34. that any harmful software cannot get into our computer from
any connection available. The Windows Defender will block the
software from installing itself into our computer.
ii. Using Excluded files and locations allows us to exclude some
files and locations from scans to speed up the scanning. But this
setting makes our computer to be at risk because some harmful
software may hide themselves in those locations we did exclude.
iii. This setting allows us to exclude files with certain
extensions to speed up the rate of scanning although this makes
our computer risky of some left in malwares.
iv. This setting allows us to exclude some processes from scan
but the pc will be at risk as some malwares may have infected
some the excluded processes.
v. The advanced setting allows us to set more critical settings
that can help us secure our computers more securely. The
setting includes allowing us be able to set scan for archives,
removable disks, create restore points before removing or
deleting quarantined items, allow users to view history reports,
set quarantine and malware removal interval period and even
send files automatically online to Microsoft Support when
further operations are required.
Windows Firewall
As well known, the implementation of Windows Firewall is for
filtering data packets that are sent and coming down stream in a
computer system from internet or any network. It also controls
which program to be allowed to communicate with internet or
network connections so as no malware penetrates into the
computer system.
It prevents attacks from either home, private or public network.
Turning on the Windows Firewall will give chances of malware
entering into your system especially when you connect to
unsecure networks or internet. The malware will be uploaded
into your system computer and cause harmful effects by either
acting as spyware, virus, Trojans or even worms which among
all will affect your system files. How it works
Windows Firewall must be turned on for it be fully operating

35. and preventing your system from attacks. The firewall will
always block all connections to applications which are not in
the list of allowed applications.
In case of any new network connection or any time the PC is
connected, the firewall will always notify you and block all
possible risks and any new app.
By adding any application to the allowed list applications, you
permit that application to communicate with other application
from any connection.Allowing applications and features to
communicate through firewall
Any program can be allowed to communicate through firewall to
the network connection programs. For instance, MySQL and
Apache applications are always to communicate through
firewall in case of server services. Only the allowed programs
can communicate through the connections available or through
connected networks.
To allow any application to communicate through firewall, the
following steps are followed.
Launch Windows Firewall through typing Windows Firewall by
using Windows key + S for search. Then click the link shown to
allow any program communicate through firewall as shown
below:
After clicking the highlighted text link, the below window will
be displayed to allow you select the program to allow in
communication and through which network type should the
application communicate through. The network type can be
private, guest or public network. Your choice of network will
determine how your application communicates with the other
applications via the connections.
Advanced settings in firewall for inbound and outbound rules
The inbound rules will always control which other computers
are allowed to connect into your computer especially for server
cases. For instance, adding MySQL server on port 3306 means
that any computer which requires to connect to the server can
use that port only. On the other hand, the outbound rules

36. describe which applications are allowed to connect to networks
and use internet connections for communication.
When rules are added, they can be disabled or be deleted on
users need. Below is an example illustration of inbound rules
and outbound rules respectively.
Example of adding new inbound rule
Step 1: click the new rule link shown below
Step 2: Select program
The rule that controls connection for a program as shown below:
Step 3: Click next
Browse to the program path that specifies the program file
location and provide the program path.
Step 3: Click next
Select the “allow connection if it is secure” and click next.
Step 4: Select the network profile for which the rule will apply
for.
Step 5: Click next and provide the name for your rule and some
description about the rule and click finish to complete the rule
creation. The figure below shows the naming and description.
Microsoft Baseline Security AnalyzerIntroduction
The MBSA was mainly developed to be used in windows server.
Its main work is to analyse the system for available updates to
the operating environment and scans the computer for wrong
configuration settings.Scanning using MBSA
To scan using the MBSA, we need to provide the IP Address of
the computer we want to scan. But for most cases, the scan is all
to do with scanning for all possible vulnerabilities in the
system. The figure below shows the first phase to start
scanning.
The scanning involves scanning for all possible windows
administrative vulnerabilities, weak passwords, IIS

37. administrative vulnerabilities, SQL administrative
vulnerabilities and the security updates.
While scanning, a progress bar will be shown as given below:
After a scan is complete the following deduction are made. I
just scanned my computer only:
The figure below gives warning and the error message the
MBSA encountered weak passwords and Guest accounts.
The results indicate that my 3 password usages are weak as used
in Internet Explorer. Above that, my passwords are a non-
expiring type.Results of MBSA
The following gives a result of what was scanned in the Guest
account.
The following indicates what was scanned in the local account:
The following figures shows possible solution to my weaknesses
respectively.
Guest account solution
Local account solution
Lab #1: Develop System Administration Procedures for
Windows 8.1 Security Configuration
Purpose: Develop systems administration procedures to
implement systems security configuration guidance and best
practices.
Objectives
1. Develop a Windows system restore point systems
administration procedure to implement an industry recognized
best practice for maintaining system integrity and availability.

38. 2. Develop a Windows system administration procedure to
manage programs and features.
3. Develop a systems administration procedure to implement
configuration rules from systems security technicalguidance
issued by a vendor or government organization.
Overview
In this lab, our focus is upon developing a set of procedures
which can be incorporated into an organization’s security
implementation guidance and documentation. For each
procedure, you will develop, test, and document the steps
required to implement the selected best practices and security
configuration guidance (as provided in the lab instructions and
notes). You will write three separate procedures for this lab:
(a) Creating, Using, Removing System Restore Points for
Windows 8.1
(b) Managing Windows 8.1 Programs and Features
(c) Implementing Security Configuration Rules for Windows 8.1
Each procedure will have the following major sections (see
Figure 1):
· Title:
· Operating Environment:
· Description:
· Notes, Warnings, & Restrictions:
· Resources (Further Reading):
· Procedures:
Some procedures will contain a large number of steps. To make
the procedures easier to read, you should divide your
procedures into groups of related steps. Place a group heading
(e.g. Create System Restore Points) at the beginning of each
group. Each group heading should be followed by a brief
paragraph that explains the purpose of the group (e.g. This
group (or “section”) contains step by step instructions for
creating System Restore Points using the “System Restore ”

39. tool….)
Title:
Operating Environment:
1. Hardware
2. Software
Description:
Notes, Warnings, & Restrictions:
Resources (Further Reading):
1.
2.
3.
Procedures:
[Group Heading]
Brief introduction paragraph for this group of steps
1.
2.
3.
[Group Heading]
Brief introduction paragraph for this group of steps
1.
2.
3.
Figure 1. Required Outline for System Administration
Procedures
InstructionsPart (a): Implementing System Restore Points
1. Investigate the System Restore tool (used to manage system

40. restore points). To access the tool, open the System tool from
Control Panel (Control Panel > System and Security > System).
Then, click on System Protection (left menu).
2. Identify appropriate sources of information (e.g. Windows
Help, Microsoft Technet, etc.) for instructions for using the
Windows 8.1 System Restore Point capability. Using those
sources, research the procedures required to perform the
following tasks:
a. Create a system restore point for a Windows 8.1 system
b. Use a system restore point to roll-back changes made to a
Windows 8.1 system
c. Remove system restore points from a Windows 8.1 system
(some and all)
Note: you will not be able to do the full rollback (item 2(b)) in
the VDA due to security restrictions. Your procedure should
contain these steps, however. Use the Microsoft “System
Restore” documentation to obtain the required information
about what happens after the system restart for the rollback.
You do not need to provide an “after” snapshot for this step.
3. Paste the procedure outline (Figure 1) into your Lab #1 file.
Make sure that you insert a page break so that the “Title”
heading appears at the top of a new page.
4. Using the required outline, develop a systems administration
procedure which can be used to perform tasks related to item #1
(management and use of system restore points).
5. Test your draft procedures using the virtual machine provided
in the online lab environment (UMUC’s VDA). Do NOT use
your personal computer or a work computer.
6. As you run your tests, collect screen snapshots to illustrate
key steps in your procedures. (Use the snipping tool on your
local PC to snapshot portions of the VDA browser or client
window.) Insert these snapshots at the appropriate points in
your procedure. The snapshots must show the procedures as run
in the VDA environment.

41. Part (b): Managing Programs and Features for Windows 8.1
1. Investigate the Programs and Features tool (used to manage
installed programs and optional features / capabilities). To
access the tool, open Programs and Features from the Windows
Control Panel.
2. Identify appropriate sources of information (e.g. Windows
Help, Microsoft Technet, etc.) for instructions for using the
Programs and Features tool. Using those sources, research the
procedures required to perform the following tasks:
a. Turn Windows Features On or Off
b. Modify, Repair, or Uninstall a program from a Windows 8.1
system
c. Select and Install Updates for Windows and Windows
Applications, Find an installed Update, Remove an installed
update
3. Paste a second blank copy of the procedure outline (from
Figure 1) at the end of your Lab #1 file. Make sure that you
insert a page break before you paste to ensure the “Title”
heading appears at the top of a new page.
4. Using the required outline, develop a systems administration
procedure which can be used to perform tasks related to item
#2. Provide examples for each of the required tasks. (Select a
specific feature, program, or update and use that as an example
in your procedure.)
5. As you run your tests, collect screen snapshots to illustrate
key steps in your procedures. (Use the snipping tool on your
local PC to snapshot portions of the VDA browser or client
window.) Insert these snapshots at the appropriate points in
your procedure. The snapshots must show the procedures as run
in the VDA environment. Part (c): Implementing Security
Configuration Rules Using the Local Group Policy Editor
Note: you are NOT implementing the DISA / DoD STIG in this
section. You are implementing a set of security configuration
rules that your “company” has selected from industry accepted
sources.
1. Investigate the Local Group Policy Editor tool (Windows Key

42. + R then type gpedit.msc). Pay particular attention to the menu
tree in the left hand pane (expand and review the categories of
settings which can be changed using this tool).
2. Research the security configuration rules listed in Table 1.
These rules were developed from the Department of Defense
Security Technical Implementation Guidance for Windows 8.1.
3. When you are ready to begin writing your procedure, paste a
blank copy of the procedure outline (from Figure 1) at the end
of your Lab #1 file. Make sure that you insert a page break
before you paste to ensure the “Title” heading appears at the top
of a new page.
4. Determine how you will group related security configuration
rules. Each group will need a “section heading” (see Figure 1)
and introductory paragraph (2 -3 sentences) which explains the
purpose of the group.
5. Next, develop a step by step procedure for each group of
rules. See the “Suggested Procedure Group” column in Table 1
for suggested categories. Your groupings should allow for
inclusion of additional, related rules at a later date. (For
example, there are two “energy saving” rules in the table; an
organization may wish to add additional rules to this category at
some point in the future.)
6. For each group of rules, develop step-by-step written
procedures for systems administrators. Your written procedures
must implement the “remediation” guidance as listed in Table
1[endnoteRef:1]. [1: Table 1 was adapted from the Department
of Defense Security Technical Implementation Guidance (STIG)
for Windows 8/8.1. Available from:
http://iasecontent.disa.mil/stigs/zip/Apr2015/U_Windows_8_an
d_8-1_V1R9_STIG.zip]
7. Test your procedures by running them in the VDA. As you
run your tests, collect screen snapshots to illustrate key steps in
your procedures. (Use the snipping tool on your local PC to
snapshot portions of the VDA browser or client window.) Insert
these snapshots at the appropriate points in your procedure. The

43. snapshots must show the procedures as run in the VDA
environment.
8. Incorporate your screen snapshots for key steps into the draft
procedures. Each snapshot should be placed UNDER (after) the
step to which it applies. Captions are not required.
9. Make any additional changes required to address issues found
during testing of the step-by-step procedures.Finalize Your
Deliverable
1. Using the grading rubric as a guide, refine your step-by-step
procedures. Your final products should be suitable for inclusion
in an organization’s Systems Administrator’s Handbook.
Remember that you are preparing multiple system
administration procedures which must be presented separately.
2. As appropriate, cite your sources using footnotes or another
appropriate citation style.
3. Use the resources section to provide information about
recommended readings and any sources that you cite. Use a
standard bibliographic format (you may wish to use APA since
this is required in other CSIA courses). Information about
sources and recommended readings, including in-text citations,
should be formatted consistently and professionally.
4. Each procedure document should be placed in the listed order
in a SINGLE FILE (see deliverables list above). Each file
should start with a title page which lists the following
information:
· Lab Title and Number
· Procedure Name
· Date
· Your Name
5. The CSIA 310 Template for Lab Deliverable.docx file is set
up to provide the required title page and three lab procedure
templates.
Additional Requirements for this Lab
1. Your target audience for these procedures will be Windows
8/8.1 SYSTEM ADMINISTRATORS. Do not write procedures

44. for home users or individuals using their own computers.
2. Your step-by-step procedures should tell the System
Administrator where to find and how to launch the systems
administration tools used to change security configuration
settings for the Windows 8.1 operating system.
3. It is not necessary to specify every step that a system
administrator must take to implement the security rules. But,
you must address each security configuration rule separately
and include enough detail that your reader will understand how
to perform the required steps to implement the security
configuration changes.
4. Use screen snapshots to cue the reader to important steps or
provide information required to complete check points for
proper completion of a step or set of steps (e.g. including a
snapshot which shows the “after” state for a group of security
settings).
5. Make sure that your snapshots will enhance the reader’s
understanding of the procedure and required configuration
changes. Too many snapshots or illustrations can make a
procedure difficult to use.
6. All snapshots must be created by you for this lab using screen
captures showing how you personally performed (tested) the
systems administration procedure as written by you. You may
not copy and paste images from help pages, manuals, or the
Internet.
7. Images (screen snapshots) should be cropped and sized
appropriately.
8. A screen snapshot belonging to a specific procedure step does
not require a caption.
9. Make sure that the sources you cite or recommend (additional
reading) are authoritative and are the best ones available.
10. Your Operating Environment section should identify the
hardware, operating system, and/or software applications to
which the procedure applies. For this lab, your procedures will
apply to:
a. Hardware: Laptop or Desktop Computers

45. b. Operating System: Windows 8.1 Professional
11. Your Notes, Warnings & Restrictions section should include
important information that is not found elsewhere in the
procedures document. For example, this section could include
information about alternatives to the selected security
configuration settings. Or, this section could include
information about related security procedures or policies. If this
procedure implements controls relevant to an external security
requirement, e.g. the HIPAA Security Rule, then that
information should be included in the notes section. Consult the
Windows 8.1 STIG to see what types of information you may
need to include in your document. This section should also
include important information about harm or risk that could
occur if the procedure is not correctly followed or implemented.
12. The procedures that you write for this lab will become part
of the final project for this course (System Administration
Manual).
Table 1 begins on the next page.
Table 1. Required Security Configuration Rules
Rule ID
Rule
Vulnerability Discussion
Remediation
Suggested Procedure Group

46. SV-48022r1_rule
The required legal notice must be configured to display before
console logon.
Failure to display the logon banner prior to a logon attempt will
negate legal proceedings resulting from unauthorized access to
system resources.
Configure the policy value for Computer Configuration ->
Windows Settings -> Security Settings -> Local Policies ->
Security Options -> "Interactive Logon: Message text for users
attempting to log on" to the [banner text]. Note: see STIG for
DoD Warning Notice. In registry, check make sure that you
have configured the "LegalNoticeText" value for key:
HKLMSOFTWAREMicrosoftWindows
NTCurrentVersionWinlogon
Banner
SV-48049r1_rule
The Ctrl+Alt+Del security attention sequence for logons must
be enabled.
Disabling the Ctrl+Alt+Del security attention sequence can
compromise system security. Because only Windows responds
to the Ctrl+Alt+Del security sequence, you can be assured that
any passwords you enter following that sequence are sent only
to Windows. If you eliminate the sequence requirement,
malicious programs can request and receive your Windows
password. Disabling this sequence also suppresses a custom
logon banner.
Configure the policy value for Computer Configuration ->
Windows Settings -> Security Settings -> Local Policies ->
Security Options -> "Interactive Logon: Do not require
CTRL+ALT+DEL" to "Disabled".
Banner
SV-48510r1_rule
The Windows dialog box title for the legal banner must be
configured.
Failure to display the logon banner prior to a logon attempt will
negate legal proceedings resulting from unauthorized access to

47. system resources.
Configure the policy value for Computer Configuration ->
Windows Settings -> Security Settings -> Local Policies ->
Security Options -> "Interactive Logon: Message title for users
attempting to log on" to a site-defined warning. In registry,
check make sure that you have configured both the
"LegalNoticeCaption" value for key:
HKLMSOFTWAREMicrosoftWindows
NTCurrentVersionWinlogon
Banner
SV-48313r2_rule
The display must turn off after 20 minutes of inactivity when
the system is running on battery.
Turning off an inactive display supports energy saving
initiatives. It may also extend availability on systems running
on a battery.
Configure the policy value for Computer Configuration ->
Administrative Templates -> System -> Power Management ->
Video and Display Settings -> "Turn Off the Display (On
Battery)" to "Enabled" with "1200" seconds or less.
Energy Saving
SV-48314r2_rule
The display must turn off after 20 minutes of inactivity when
the system is plugged in.
Turning off an inactive display supports energy saving
initiatives.
Configure the policy value for Computer Configuration ->
Administrative Templates -> System -> Power Management ->
Video and Display Settings -> "Turn Off the Display (Plugged
In)" to "Enabled" with "1200" seconds or less.
Energy Saving
SV-48051r1_rule
The Smart Card removal option must be configured to Force
Logoff or Lock Workstation.
Unattended systems are susceptible to unauthorized use and
must be locked. Configuring a system to lock when a smart card

48. is removed will ensure the system is inaccessible when
unattended.
Configure the policy value for Computer Configuration ->
Windows Settings -> Security Settings -> Local Policies ->
Security Options -> "Interactive logon: Smart card removal
behavior" to "Lock Workstation" or "Force Logoff".
Lock Screen
SV-48310r2_rule
App notifications on the lock screen must be turned off.
App notifications that are displayed on the lock screen could
display sensitive information to unauthorized personnel.
Turning off this feature will limit access to the information to a
logged on user.
Configure the policy value for Computer Configuration ->
Administrative Templates -> System -> Logon -> "Turn off app
notifications on the lock screen" to "Enabled".
Lock Screen
SV-55990r2_rule
Camera access from the lock screen must be disabled. (Windows
8.1)
Enabling camera access from the lock screen could allow for
unauthorized use. Requiring logon will ensure the device is only
used by authorized personnel.
This requirement is NA for the initial release of Windows 8. It
is applicable to Windows 8.1. If the device does not have a
camera, this is NA.
Configure the policy value for Computer Configuration ->
Administrative Templates -> Control Panel -> Personalization -
> "Prevent enabling lock screen camera" to "Enabled".
Lock Screen
SV-55991r2_rule
The display of slide shows on the lock screen must be disabled.
(Windows 8.1)
Slide shows that are displayed on the lock screen could display
sensitive information to unauthorized personnel. Turning off

49. this feature will limit access to the information to a logged on
user.
Configure the policy value for Computer Configuration ->
Administrative Templates -> Control Panel -> Personalization -
> "Prevent enabling lock screen slide show" to "Enabled". This
requirement is NA for the initial release of Windows 8. It is
applicable to Windows 8.1.
Lock Screen
SV-48018r1_rule
The shutdown option must be available from the logon dialog
box.
Preventing display of the shutdown button in the logon dialog
box may encourage a hard shut down with the power button.
(However, displaying the shutdown button may allow
individuals to shut down a system anonymously.)
Configure the policy value for Computer Configuration ->
Windows Settings -> Security Settings -> Local Policies ->
Security Options -> "Shutdown: Allow system to be shutdown
without having to log on" to "Enabled".
Logon Screen
SV-48164r1_rule
The system must be configured to prevent the display of the last
username on the logon screen.
Displaying the username of the last logged on user provides half
of the userid/password equation that an unauthorized person
would need to gain access. The username of the last user to log
onto a system must not be displayed.
Configure the policy value for Computer Configuration ->
Windows Settings -> Security Settings -> Local Policies ->
Security Options -> "Interactive logon: Do not display last user
name" to "Enabled".
Logon Screen
SV-48228r2_rule
The classic logon screen must be required for user logons.
The classic logon screen requires users to enter a logon name
and password to access a system. The simple logon screen or

50. Welcome screen displays usernames for selection, providing
part of the necessary logon information.
Configure the policy value for Computer Configuration ->
Administrative Templates -> System -> Logon -> "Always use
classic logon" to "Enabled". If the system is a member of a
domain, this is NA.
Logon Screen
SV-48244r2_rule
Users must be prompted for a password on resume from sleep
(on battery).
Authentication must always be required when accessing a
system. This setting ensures the user is prompted for a password
on resume from sleep (on battery).
Configure the policy value for Computer Configuration ->
Administrative Templates -> System -> Power Management ->
Sleep Settings -> "Require a password when a computer wakes
(on battery)" to "Enabled".
Logon Screen
SV-48245r2_rule
The user must be prompted for a password on resume from sleep
(plugged in).
Authentication must always be required when accessing a
system. This setting ensures the user is prompted for a password
on resume from sleep (plugged in).
Configure the policy value for Computer Configuration ->
Administrative Templates -> System -> Power Management ->
Sleep Settings -> "Require a password when a computer wakes
(plugged in)" to "Enabled".
Logon Screen
SV-48460r2_rule
The machine inactivity limit must be set to 15 minutes, locking
the system with the screensaver.
Unattended systems are susceptible to unauthorized use and
should be locked when unattended. The screen saver should be
set at a maximum of 15 minutes and be password protected.
This protects critical and sensitive data from exposure to

51. unauthorized personnel with physical access to the computer.
Configure the policy value for Computer Configuration ->
Windows Settings -> Security Settings -> Local Policies ->
Security Options -> "Interactive logon: Machine inactivity
limit" to "900" seconds".
Logon Screen
SV-55993r2_rule
The network selection user interface (UI) must not be displayed
on the logon screen. (Windows 8.1)
Enabling interaction with the network selection UI allows users
to change connections to available networks without signing
into Windows.
Configure the policy value for Computer Configuration ->
Administrative Templates -> System -> Logon -> "Do not
display network selection UI" to "Enabled".
Logon Screen
SV-48464r2_rule
Notifications from Windows Push Network Service must be
turned off.
The Windows Push Notification Service (WNS) allows third-
party vendors to send updates for toasts, tiles, and badges.
Configure the policy value for User Configuration ->
Administrative Templates -> Start Menu and Taskbar ->
Notifications -> "Turn off notifications network usage" to
"Enabled".
Notifications
SV-48465r2_rule
Toast notifications to the lock screen must be turned off.
Toast notifications that are displayed on the lock screen could
display sensitive information to unauthorized personnel.
Turning off this feature will limit access to the information to a
logged on user.
Configure the policy value for User Configuration ->
Administrative Templates -> Start Menu and Taskbar ->
Notifications -> "Turn off toast notifications on the lock screen"
to "Enabled".

52. Notifications
SV-48240r2_rule
A system restore point must be created when a new device
driver is installed.
A system restore point allows a rollback if an issue is
encountered when a new device driver is installed.
Configure the policy value for Computer Configuration ->
Administrative Templates -> System -> Device Installation ->
"Prevent creation of a system restore point during device
activity that would normally prompt creation of a restore point"
to "Disabled".
Restore Point
SV-48273r2_rule
A screen saver must be enabled on the system.
Unattended systems are susceptible to unauthorized use and
must be locked when unattended. Enabling a password-protected
screen saver to engage after a specified period of time helps
protects critical and sensitive data from exposure to
unauthorized personnel with physical access to the computer.
Configure the policy value for User Configuration ->
Administrative Templates -> Control Panel -> Personalization -
> "Enable Screen Saver"
to "Enabled".
Screen Saver
SV-48274r2_rule
The screen saver must be password protected.
Unattended systems are susceptible to unauthorized use and
must be locked when unattended. Enabling a password-protected
screen saver to engage after a specified period of time helps
protects critical and sensitive data from exposure to
unauthorized personnel with physical access to the computer.
Configure the policy value for User Configuration ->
Administrative Templates -> Control Panel -> Personalization -
> "Password protect the screen saver" to "Enabled".
Screen Saver
SV-48461r2_rule

53. A screen saver must be defined.
Unattended systems are susceptible to unauthorized use and
must be locked when unattended. Enabling a password-protected
screen saver to engage after a specified period of time helps
protects critical and sensitive data from exposure to
unauthorized personnel with physical access to the computer.
Configure the policy value for User Configuration ->
Administrative Templates -> Control Panel -> Personalization -
> "Force specific screen saver" to "Enabled" with "scrnsave.scr"
specified as the Screen saver executable name.
Screen Saver
SV-48462r2_rule
Changing the screen saver must be prevented.
Unattended systems are susceptible to unauthorized use and
must be locked. Preventing users from changing the screen
saver ensures an approved screen saver is used. This protects
critical and sensitive data from exposure to unauthorized
personnel with physical access to the computer.
Configure the policy value for User Configuration ->
Administrative Templates -> Control Panel -> Personalization -
> "Prevent changing screen saver" to "Enabled".
Screen Saver
SV-48337r2_rule
The Windows SmartScreen must be turned off.
Some features may send system information to the vendor.
Turning off this capability will prevent potentially sensitive
information from being sent outside the enterprise.
Configure the policy value for Computer Configuration ->
Administrative Templates -> Windows Components -> File
Explorer -> "Configure Windows SmartScreen" to "Enabled"
with "Turn off SmartScreen" selected.
Smart Screen
SV-48119r1_rule
Media Player must be configured to prevent automatic Codec
downloads.
The Windows Media Player uses software components, referred

54. to as Codecs, to play back media files. By default, when an
unknown file type is opened with the Media Player, it will
search the Internet for the appropriate Codec and automatically
download it. To ensure platform consistency and to protect
against new vulnerabilities associated with media types, all
Codecs must be installed by the System Administrator.
Configure the policy value for User Configuration ->
Administrative Templates -> Windows Components -> Windows
Media Player -> Playback -> "Prevent Codec Download" to
"Enabled".
System Integrity
SV-48218r1_rule
The system must notify antivirus when file attachments are
opened.
Attaching malicious files is a known avenue of attack. This
setting configures the system to notify antivirus programs when
a user opens a file attachment.
Configure the policy value for User Configuration ->
Administrative Templates -> Windows Components ->
Attachment Manager -> "Notify antivirus programs when
opening attachments" to "Enabled".
System Integrity
SV-48300r2_rule
Access to the Windows Store must be turned off.
Uncontrolled installation of applications can introduce various
issues, including system instability and allow access to
sensitive information. Installation of applications must be
controlled by the enterprise. Turning off access to the Windows
Store will limit access to publicly available applications.
Configure the policy value for Computer Configuration ->
Administrative Templates -> System -> Internet Communication
Management -> Internet Communication settings -> "Turn off
access to the Store" to "Enabled".
System Integrity
SV-48341r3_rule
Automatic download of updates from the Windows Store must

55. be turned off.
Uncontrolled system updates can introduce issues to a system.
Obtaining update components from an outside source may also
potentially allow sensitive information outside of the enterprise.
Application updates must be obtained from an internal source.
Windows 8.1 split the original policy that configures this
setting into two separate ones. Configuring either one to
"Enabled" will update the registry value as identified in the
Check section. Configure the policy value for Computer
Configuration -> Administrative Templates -> Windows
Components -> Store -> "Turn off Automatic
Download of updates on Win8 machines" or "Turn off
Automatic Download and install of updates" to "Enabled".
Windows 8:
Configure the policy value for Computer Configuration ->
Administrative Templates -> Windows Components -> Store ->
"Turn off Automatic Download of updates" to "Enabled".
System Integrity
SV-48344r2_rule
The Windows Store application must be turned off.
Uncontrolled installation of applications can introduce various
issues including system instability, and provide access to
sensitive information. Installation of applications must be
controlled by the enterprise. Turning off access to the Windows
Store will limit access to publicly available applications.
Configure the policy value for Computer Configuration ->
Administrative Templates -> Windows Components -> Store ->
"Turn off the Store application" to "Enabled".
System Integrity
SV-55997r2_rule
The option to update to the latest version of Windows from the
Store must be turned off. (Windows 8.1)
Uncontrolled system updates can introduce issues into the
environment. Updates to the latest version of Windows must be
done through proper change management. This setting will

56. prevent the option to update to the latest version of Windows
from being offered through the Store.
Configure the policy value for Computer Configuration ->
Administrative Templates -> Windows Components -> Store ->
"Turn off the offer to update to the latest version of Windows"
to "Enabled". This requirement is NA for the initial release of
Windows 8. It is applicable to Windows 8.1.
System Integrity