Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.

Slides:



Advertisements
Similar presentations
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Advertisements

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
XP Tutorial 9 New Perspectives on Microsoft Windows XP 1 Microsoft Windows XP Exploring Your Network Tutorial 9.
MOAC : Installing and Configuring Windows Server 2012
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Configuring Active Directory Certificate Services Lesson 13.
Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Module 1: Introduction to Administering Accounts and Resources
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Understanding Workgroups and Active Directory Lesson 3.
Working with Workgroups and Domains
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
8.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 8: Introducing Computer Accounts.
Guide to Operating System Security Chapter 4 Account-based Security.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Module 6: Designing Active Directory Security in Windows Server 2008.
CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.
Designing Active Directory for Security
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Security Planning and Administrative Delegation Lesson 6.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
1 Chapter Overview Understanding User Accounts Planning New User Accounts Creating, Modifying, and Deleting User Accounts Setting Properties for User Accounts.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Security Planning and Administrative Delegation Lesson 6.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
NetTech Solutions Supporting Local Users and Groups Lesson Three.
Module 7: Implementing Security Using Group Policy.
Administering Groups Chapter Eight. Exam Objectives In this Chapter:  Plan a security group hierarchy based upon delegation requirements  Plan a security.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
11 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Unit 10 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/24/2016 Instructor: Williams Obinkyereh.
Unit 9 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/17/2016 Instructor: Williams Obinkyereh.
Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016
SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
Active Directory Administration
Unit 10 NT1330 Client-Server Networking II Date: 8/16/2016
Unit 3 NT1330 Client-Server Networking II Date: 1/6/2016
Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016
Unit 7 NT1330 Client-Server Networking II Date: 7/26/2016
Unit 9 NT1330 Client-Server Networking II Date: 8/9/2016
BACHELOR’S THESIS DEFENSE
Unit 6 NT1330 Client-Server Networking II Date: 7/19/2016
Security Planning and Administrative Delegation
Presentation transcript:

Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh

Class Agenda 1 Learning Objectives Lesson Presentation, Discussions and video. Assignments and Lab Activities. Break Times as per School regulation Note: Submit all Assignment and labs due today.

Class Agenda 2 Theory : Unit 6:00pm-8:00pm) Lab : (8:15pm to 11:00pm) Text book for Unit 6: Windows Server 2008 Active Directory Configuration MOAC Lesson 6

Security Planning and Administrative Delegation Lesson 6

Skills Matrix Technology SkillObjective DomainObjective # Creating an OU StructureMaintain Active Directory accounts 4.2

Naming Standard User logon names will typically follow a corporate naming standard set forth during the planning stages of an Active Directory deployment. –You will usually create a naming standards document to outline the rules for naming all Active Directory objects. –This document will specify conventions such as the number and type of characters to use when creating a new object in Active Directory.

Strong Passwords Since user names are often easily guessed, it is essential to have strong passwords: –At least eight characters in length. –Contains uppercase and lowercase letters, numbers, and non-alphabetic characters. –At least one character from each of the previous character types. –Differs significantly from other previously used passwords.

Strong Passwords A strong password should not be left blank or contain any of the following information: –Your user name, real name, or company name. –A complete dictionary word. Windows passwords for Windows Server 2008, Windows Vista, Windows Server 2003 and Microsoft Windows XP clients can be up to 127 characters in length.

Strong Passwords If you use group policies to enforce strong passwords: –Must be at least seven characters. –Must contain three of the four types (uppercase and lowercase letters, numbers, and non-alphabetic characters). –Cannot contain your user name or real name.

Authentication Authentication is the process of proving who you are. There are multiple methods of authentication: –What you know (password or PIN). –Who you are (retinal scan or thumb print). –What you have (smart card). Some of these methods can be used so that users no longer need to remember passwords.

Smart Card Smart cards are cards about the size of a credit card. Login information can be stored on the smart card, making it difficult for anyone except the intended user to use or access it. Security operations, such as cryptographic functions, are performed on the smart card itself rather than on the network server or local computer. This provides a higher level of security for sensitive transactions.

Implementing Smart Cards for Authentication Smart cards can be used from remote locations, such as a home office, to provide authentication services. The risk of remote attacks using a username and password is significantly reduced by smart cards.

Implementing Smart Cards for Authentication Requires Active Directory Certificate Services. Smart cards for authentication must be enabled in the user account properties.

Using Run As from the GUI From the Start button, navigate to the application you wish to run. Press and hold the Shift key and right-click the desired application. Select the Run as administrator option.

Administrative Accounts You should not use an account possessing administrative privileges for daily tasks, such as browsing the Web or monitoring . Administrative accounts should be reserved for tasks that require administrator privileges. Using the Administrator account or an account that is a member of Domain Admins, Enterprise Admins, or Schema Admins for daily tasks offers an opportunity for hackers to attack your network and potentially cause severe and irreversible damage. Limiting the use of the Administrator account for daily tasks, such as , application use, and access to the Internet, reduces the potential for this type of damage.

Run as Administrator and Runas Command The recommended solution for reducing the risks associated with the Administrator account is to use a standard user account and the Run as administrator option in the GUI or the runas command-line tool when it is necessary to perform an administrative task. –The Run as administrator or runas option allows you to maintain your primary logon as a standard user and creates a secondary session for access to an administrative tool. –During the use of a program or tool opened using Run as administrator or runas, your administrative credentials are valid only until you close that program or tool.

Run as Administrator and Runas Command Run as administrator and runas require the Secondary Logon service to be running. The runas command-line tool is not limited to administrator accounts. You can use runas to log on with separate credentials from any account. This can be a valuable tool in testing resource access permissions.

Using Run As from the GUI If you are using User Account Control, you may be prompted for administrative credentials when performing system tasks You can access the Run as Administrator option if you by find the program you want to start from the Start button, and press and hold the Shift key, right-click the desired application, and select the Run as administrator option. You can also use the runas command, such as: runas /user:lucernepublishing.com\domainadmin “mmc %windir%\system32\dnsmgmt.msc”

Organizational Units Can be created to represent your company’s functional or geographical model. Can be used to delegate administrative control over a container’s resources to lower- level or branch office administrators. Can be used to apply consistent configuration to client computers, users and member servers.

Creating an Organizational Unit To create an organizational unit, you would use the Active Directory Users and Computers console.

Delegation of Control Creating OUs to support a decentralized administration model gives you the ability to allow others to manage portions of your Active Directory structure, without affecting the rest of the structure. –Delegating authority at a site level affects all domains and users within the site. –Delegating authority at a domain level affects the entire domain. –Delegating authority at the OU level affects only that OU and its hierarchy.

Delegation of Control Using the Delegation of Control Wizard, you utilize a simple interface to delegate permissions for domains, OUs, or containers. –The interface allows you to specify to which users or groups you want to delegate management permissions and the specific tasks you wish them to be able to perform. –You can delegate predefined tasks, or you can create custom tasks that allow you to be more specific.

Delegating Administrative Control of an OU Open Active Directory Users and Computers. Right-click the object to which you wish to delegate control, and click Delegate Control. Click Next on the Welcome to the Delegation of Control Wizard page.

Delegating Administrative Control of an OU

Verifying and Removing AD Permissions Must Enable Advanced Features in Active Directory Users and Computers. –Found in the View menu. Then right-click an OU or an account and select Properties. Select the Security tab.

Verifying and Removing AD Permissions

Moving Objects within Active Directory Windows Server 2008 allows you to restructure your Active Directory database by moving leaf objects such as users, computers, and printers between OUs, in addition to moving OUs into other OUs to create a nested structure. When you move objects between OUs in a domain, permissions that are assigned directly to objects remain the same. Objects inherit permissions from the new OU. All permissions that were inherited previously from the old OU no longer affect the objects.

Moving Objects within Active Directory Windows Server 2008 provides two methods for moving objects between OUs in the same domain: –Drag-and-drop within Active Directory Users and Computers. If you wish to move multiple objects, press and hold the Ctrl key while selecting the objects you wish to move. –Use the Move menu option within Active Directory Users and Computers. –You can also use the dsmove command.

Summary Creating a naming standards document Securing user accounts Administrative tasks can be delegated for a domain Moving objects between containers and OUs within a domain

Unit 7 Assignments and Labs Unit 7. Assignment 1. AD Password Policy Planning Unit 7. Lab 1. Employing Security Concepts Unit 7. Exercice 1. AD OU Planning Scenario

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.