OUHSC Information Security Update IT, Information Security Services Randy Moore Nathan Gibson Greg Bostic IT, Information Security Services Randy Moore.

Slides:



Advertisements
Similar presentations
IP ADDRESS MANAGEMENT [IPAM]
Advertisements

Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Module 5: Creating and Configuring Group Policy
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Managing User Settings with Group Policy
MY INTERNSHIP AT TFA BY: LARRY NGUYEN. WHAT I LEARNED  TECHNICAL  TECHNICAL SKILLS  TEAM  TEAM WORK  BASIC  BASIC FUNDAMENTALS  COMPUTER  COMPUTER.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
Ch 9 Managing Active Directory User Accounts. Objectives Create Organizational Unit Creating User Accounts in Active Directory Disabling, Enabling, and.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
MS System Setup Securing A System. Use Automatic Updates For a workstation or server, schedule the updates to occur regularly. –Control panel click on.
ManageEngine ADAudit Plus A detailed walkthrough.
SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.
Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
Working with Drivers and Printers Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Understanding Drivers and Devices Install and configure.
Chapter 7 Installing and Using Windows XP Professional.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Introduction to Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
Hands-On Microsoft Windows Server 2008
User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.
1 Chapter Overview Configuring and Troubleshooting the Display Configuring Power Management Configuring Operating System Settings Configuring and Troubleshooting.
Module 15: Manage the Windows ® Small Business Server 2008 Environment Using Group Policy.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Module 7: Fundamentals of Administering Windows Server 2008.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Managing User Desktops with Group Policy
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 UNDERSTANDING USER ACCOUNTS  Local user accounts  stored in the Security.
Installing and Using Active Directory Written by Marc Zacharko.
EPolicy Orchestrator WNUG June Meeting 6/6/2002. Presentation Contents What is ePO? What are the requirements? ePO components Demo of ePO Where to get.
Overview Introduction to Managing User Environments Introduction to Administrative Templates Using Administrative Templates in Group Policy Assigning Scripts.
Module 6: Implementing Group Policy. Overview Implementing Group Policy Objects Implementing GPOs in a Domain Managing the Deployment of Group Policy.
Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
1 Part-1 Chap 5 Configuring Accounts Definitions.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
Security Windows 2000 Richard Goldman © December 4, 2001.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Guide to MCSE , Enhanced1 Activity 1-1: Determining the Windows Server 2003 Edition Installed on a Server Objective is to determine the edition of.
Implementing Group Policy
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Implementing a Group Policy Infrastructure
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
CHAPTER Windows Server Management. Chapter Objectives Give an overview of the Server Manager Provide details of accessing the Server Manager Explain the.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
What’s New in Fireware v WatchGuard Training.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Assignment # 8.
Active Directory Audit | User Logon/Logoff Audit | File Server Audit | Windows Server Audit Printer Audit | Removable Storage Audit | Compliance Reports.
OUHSC Information Security Update
Presentation transcript:

OUHSC Information Security Update IT, Information Security Services Randy Moore Nathan Gibson Greg Bostic IT, Information Security Services Randy Moore Nathan Gibson Greg Bostic

Security Project Update –Active Directory Cleanup Project “Cleaning the house” -- getting rid of old computer accounts –Active Directory GPO project Establishing a security baseline –E-Policy Orchestrator Project Mirroring ePO with AD Centrally Managing Using the tools we have available –Active Directory Cleanup Project “Cleaning the house” -- getting rid of old computer accounts –Active Directory GPO project Establishing a security baseline –E-Policy Orchestrator Project Mirroring ePO with AD Centrally Managing Using the tools we have available

Active Directory Cleanup

Purpose GPOs cannot be applied on the computers container ePO Sync would be inaccurate Hard to manage with erroneous accounts present GPOs cannot be applied on the computers container ePO Sync would be inaccurate Hard to manage with erroneous accounts present

Current Status 1200 inactive computer accounts disabled and moved into the disabled.comps OU Computer Accounts have been moved from the Computers container into the UnAssigned.Comps OU GPO w/ login script applied to UnAssigned.Comps OU 1200 inactive computer accounts disabled and moved into the disabled.comps OU Computer Accounts have been moved from the Computers container into the UnAssigned.Comps OU GPO w/ login script applied to UnAssigned.Comps OU

New Procedures All new computers should have account created prior to joining domain. Computer Account Lifecycle procedure –30 days UnAssigned.Comp – Active –30 days disabled.comps – Inactive –On the 60th day Computer Account deleted New Computer Checklist All new computers should have account created prior to joining domain. Computer Account Lifecycle procedure –30 days UnAssigned.Comp – Active –30 days disabled.comps – Inactive –On the 60th day Computer Account deleted New Computer Checklist

Cleaning Your OU Weed out old Computer Accounts –Use Active Directory Users and Computers –Go to “View” in the MMC –Check “Advanced Features” –Go to “View” and choose “Add/Remove Columns” –In the left hand “Available columns” table choose “Modified” and click “Add ->” –Hit OK Weed out old Computer Accounts –Use Active Directory Users and Computers –Go to “View” in the MMC –Check “Advanced Features” –Go to “View” and choose “Add/Remove Columns” –In the left hand “Available columns” table choose “Modified” and click “Add ->” –Hit OK

McAfee E-Policy Orchestrator Project(ePO)

ePO McAfee E Policy Orchestrator Provides a way to centrally manage Anti Virus protection on all managed devices Syncs with Active Directory Automatically installs/uninstalls AV Automatic DAT updates Customizable policies Notification Capabilities Report Generation McAfee E Policy Orchestrator Provides a way to centrally manage Anti Virus protection on all managed devices Syncs with Active Directory Automatically installs/uninstalls AV Automatic DAT updates Customizable policies Notification Capabilities Report Generation

Training Greg Bostic 2 nd Annual Cyber Security Day October 24, :00 am Greg Bostic 2 nd Annual Cyber Security Day October 24, :00 am

Cyber Security Day Tier 1 Training Business Manager Briefings End User Briefings Tier 1 Training Business Manager Briefings End User Briefings

Security Baseline Active Directory GPO Project

GPO Review Group Policy Objects: 1.Allows you to configure baseline settings to ensure all resources have the same settings 2.Ease the administrative overhead in applying and modifying end user device and servers. 3.“One-Stop-Shop” for demonstrating policy compliance Group Policy Objects: 1.Allows you to configure baseline settings to ensure all resources have the same settings 2.Ease the administrative overhead in applying and modifying end user device and servers. 3.“One-Stop-Shop” for demonstrating policy compliance

AD GPO Project Round 2 Settings Setting 1- HSC-IT-Automatic Updates (Workstation Only) –Enable Windows Updates Power management to automatically wake up the system: Enabled –4- Auto Download and Schedule the Install –Schedule Install Day: 0-Everyday –Scheduled Install Time: 0300 Setting 2- HSC-IT-No Display Last User Login –Interactive logon: do not display last user name: Enabled Round 2 Settings Setting 1- HSC-IT-Automatic Updates (Workstation Only) –Enable Windows Updates Power management to automatically wake up the system: Enabled –4- Auto Download and Schedule the Install –Schedule Install Day: 0-Everyday –Scheduled Install Time: 0300 Setting 2- HSC-IT-No Display Last User Login –Interactive logon: do not display last user name: Enabled

No Last User Name Impact

Screen Saver Impact

House Cleaning Help Standardize GPO naming scheme –Dept-XXXX –Delete Old GPOs –Combine GPOs If possible –Remove GPOs with settings applied at higher lever Standardize GPO naming scheme –Dept-XXXX –Delete Old GPOs –Combine GPOs If possible –Remove GPOs with settings applied at higher lever

FUTURE GPO Settings Event Logging –Account Management: Success –Account Logon/Logoff: Success/Failure –Policy Change: Success –System Events: Success/Failure Screen Saver –Hide Screen Saver Tab: Enabled –Screen Saver: Enabled –Password protect the Screen Saver: Enabled –Screen Saver Timeout: 600(900?) Event Logging –Account Management: Success –Account Logon/Logoff: Success/Failure –Policy Change: Success –System Events: Success/Failure Screen Saver –Hide Screen Saver Tab: Enabled –Screen Saver: Enabled –Password protect the Screen Saver: Enabled –Screen Saver Timeout: 600(900?)

Let’s Talk Questions & Concerns ???

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.