Answers to your Windows security questions
If an administrator has set the Force user to change password at next login parameter, you’ll find event ID 628 and two occurrences of event ID 642 in the Security event log. You can use Icacls to remove a user or group’s allow or deny permissions from a file server. To prevent users from changing the Internet zones in Microsoft Internet Explorer (IE), enable the Disable the Security page policy. The Force a Restart to Ensure Removable Storage Access Policy is Enforced policy is useful if you want to force an immediate system restart to keep a user from accessing his or her removable storage device.