SECURITY PLANNING AND ADMINISTRATIVE DELEGATION

Slides:



Advertisements
Similar presentations
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Advertisements

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
MOAC : Installing and Configuring Windows Server 2012
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.
Chapter 7 Managing OUs and Active Directory Accounts
Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Understanding Workgroups and Active Directory Lesson 3.
Working with Workgroups and Domains
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
8.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 8: Introducing Computer Accounts.
Managing Active Directory Domain Services Objects
Chapter 7: WORKING WITH GROUPS
Designing Active Directory for Security
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Security Planning and Administrative Delegation Lesson 6.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 UNDERSTANDING USER ACCOUNTS  Local user accounts  stored in the Security.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Microsoft ® Official Course Module 3 Managing Active Directory Domain Services Objects.
Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Chapter 10: Rights, User, and Group Administration.
Security Planning and Administrative Delegation Lesson 6.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.
Module 3 Creating Groups and Organizational Units.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
If a bad guy can alter the operating system on your computer, it's not your computer anymore A bad guy could have altered the operating system on EVERY.
NetTech Solutions Supporting Local Users and Groups Lesson Three.
Module 3: Planning Administrative Access. Overview Determining the Appropriate Administrative Model Designing Administrative Group Strategies Planning.
Implementing Group Policy
Administering Groups Chapter Eight. Exam Objectives In this Chapter:  Plan a security group hierarchy based upon delegation requirements  Plan a security.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Implementing a Group Policy Infrastructure
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
Module 3: Managing Groups. Overview Creating Groups Managing Group Membership Strategies for Using Groups Using Default Groups.
11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7.
11 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6.
Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Assignment # 8.
Configuring Windows Firewall with Advanced Security
Module 7: Managing Access to Objects in Organizational Units
Active Directory Administration
Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016
Unit 7 NT1330 Client-Server Networking II Date: 7/26/2016
Chapter 9: Managing Groups, Folders, Files, and Object Security
Windows Vista Inside Out
Security Planning and Administrative Delegation
Presentation transcript:

SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION NAMING STANDARDS Determine the standard for creating user account names First initial, last name First name, last initial, and so on Naming standards document Defines how user logon names should be created Part of appropriate planning for Active Directory

WAYS TO SECURE USER ACCOUNTS Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION WAYS TO SECURE USER ACCOUNTS Education of users Strong passwords Smart cards Biometrics

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION EDUCATING USERS Use strong passwords Keep passwords secure Don’t write down passwords on paper or leave them in visible places. Don’t share passwords. Don’t save passwords to your computer.

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION STRONG PASSWORDS Combination of at least 7 Upper and lower case letters, numbers, and symbols. At least one character of each type Alternate characters make passwords extra secure When changing passwords, vary them by more than one character. Don’t use your username, real name, or company name. Don’t use words from the dictionary.

SMART CARD AUTHENTICATION Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION SMART CARD AUTHENTICATION

ENTERPRISE CERTIFICATION AUTHORITY REQUIRED Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION ENTERPRISE CERTIFICATION AUTHORITY REQUIRED

SMART CARD BENEFITS: INCREASED SECURITY Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION SMART CARD BENEFITS: INCREASED SECURITY Keystroke loggers cannot capture passwords because users will not be typing them. Password complexity is not something you have to teach or enforce upon your users. Users will not be writing passwords on paper or sharing them. Security risks related to password cracking or remote attacks are greatly reduced.

SMART CARD CONSIDERATIONS Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION SMART CARD CONSIDERATIONS Additional software and administration. Certification authority (CA) Internet Information Server (IIS) to distribute smart cards Need smart card readers for client computers. Users could lose or forget their smart cards. Users may be tempted to write their PIN on their smart card.

ENABLING A USER ACCOUNT FOR SMART CARD AUTHENTICATION Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION ENABLING A USER ACCOUNT FOR SMART CARD AUTHENTICATION

ADMINISTRATOR ACCOUNT SECURITY Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION ADMINISTRATOR ACCOUNT SECURITY Strong password (rotate frequently). Cannot hide the default administrative account from the experienced hacker (RID of 500). Don’t use for daily tasks; you can use the Run As utility to increase privilege when required. Allows you to use another user’s credentials without a log off event Must be logged on interactively Requires secondary logon service

ORGANIZATIONAL UNIT (OU) STRUCTURE Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION ORGANIZATIONAL UNIT (OU) STRUCTURE Representing the company model Delegation of administrative control Group Policy Hide objects within Active Directory

DELEGATING ADMINISTRATIVE RESPONSIBILITY Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION DELEGATING ADMINISTRATIVE RESPONSIBILITY OUs can help to decentralize administrative control. You can give certain users or groups permissions to perform specific tasks within particular OUs. Reset passwords. Create and delete user accounts.

IMPLEMENTING GROUP POLICIES Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION IMPLEMENTING GROUP POLICIES Covered in greater depth in the following chapters. Allows you to subdivide the organization based on the controls you’d like to implement. Subdividing reduces the amount of Group Policy processing that computers must perform. Faster user logons Quicker computer startups

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION HIDING OBJECTS Can prevent users from seeing objects inside OUs to which they do not have Read access Modify the Access Control List (ACL) on the OU In order to see the OU ACL, you must enable Advanced Features on the View menu. Remove Read permission to Authenticated Users. Set appropriate permissions for the users you’d like to see the object.

CREATING AN OU STRUCTURE Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION CREATING AN OU STRUCTURE Limit the number of nested OUs. Three to five layers are typical. Most agree that ten or more layers are excessive. Book icon. First-level OUs are directly below the domain.

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION PYRAMID OU STRUCTURE cohowinery . com Location 1 Location 2 Location 3 Accounting Production Administration Sales Marketing

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION FLAT OU STRUCTURE cohowinery . com Location 1 Administration Sales Production Accounting Marketing Location 2 Location 3

USING OUs TO DELEGATE ACTIVE DIRECTORY MANAGEMENT TASKS Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION USING OUs TO DELEGATE ACTIVE DIRECTORY MANAGEMENT TASKS Compartmentalizes administration Limit the number of administrators that have access to the entire domain or forest Limit the scope of administrative control Reset passwords. Create and manage user accounts. Create computer accounts. Limits the scope of errors

DELEGATION OF CONTROL WIZARD Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION DELEGATION OF CONTROL WIZARD

VERIFYING AND REMOVING DELEGATED PERMISSIONS Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION VERIFYING AND REMOVING DELEGATED PERMISSIONS Cannot use the Delegation Of Control Wizard to remove permissions Must modify the ACL of the OU Need to be sure Advanced Features is enabled on the View menu Security tab is then visible. You can modify permissions for users and groups.

MOVING OBJECTS BETWEEN OUs Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION MOVING OBJECTS BETWEEN OUs Drag and drop from one location to the other in Active Directory Users And Computers Move menu option Dsmove Movetree

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION PERMISSIONS Those assigned directly to the OU remain Those inherited are removed and replaced with permissions inherited from new parent OU or domain

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION SUMMARY Examples of naming standards. User account security. Passwords User education Smart cards Reduce use of privileged accounts by using the Run As utility. What should you consider when designing an OU structure? What wizard can you use to delegate control? What is a limitation of this wizard? Name several ways to move objects from one OU to another.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.