Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.

Slides:



Advertisements
Similar presentations
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Advertisements

Module 4: Implementing User, Group, and Computer Accounts
Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Chapter 7 WORKING WITH GROUPS.
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
VPRC Domain Migration Migrating resources from the VPRC domain to the ASURITE domain.
Overview of Active Directory Domain Services Lesson 1.
Overview of Active Directory Domain Services Lesson 1.
Corso referenti S.I.R.A. – Modulo 2 06 – Active Directory 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Understanding Workgroups and Active Directory Lesson 3.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Module 6: Designing Active Directory Security in Windows Server 2008.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
Part I.  NOS  Directory Data Store(directory service, database)  Located on Domain Controllers (DCs), globally distributed, replicated (no longer PDCs/BDCs)
Designing Active Directory for Security
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
ACTIVE DIRECTORY : AN INTRODUCTION The Network Team Knox County Schools.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Active Directory Harikrishnan V G 18 March Presentation titlePage 2 Agenda ► Introduction – Active Directory ► Directory Service ► Benefits of Active.
Chapter 9 Network Printer Terminology Setting Up A Network Printer Adding A Workstation Printer to Network.
Active Directory Travis Favors Ryan Manuel Robert Rayer.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.
Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4.
1 Part-1 Chap 5 Configuring Accounts Definitions.
 Identify Active Directory functions and Benefits.  Identify the major components that make up an Active Directory structure.  Identify how DNS relates.
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
70-412: Configuring Advanced Windows Server 2012 services
MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) Chapter 1 Designing Active Directory Domain Services.
Introduction to Active Directory in Windows 2000/2003.
OVERVIEW OF ACTIVE DIRECTORY
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
MIS Chapter 41 Chapter 4 – Implementing and Managing Group and Computer Accounts MIS 431 – Created Spring 2006.
Chapter 7 Server Management Policies –User accounts –Groups Rights and permissions Examples.
CEG 2400 Fall 2012 Directory Services Active Directory Tree Domain.
Chapter 6 Server Management: Domains Workgroup Domain Trust Relationship Examples.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Overview of Active Directory Domain Services Lesson 1.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Nassau Community College
Assignment # 8.
Overview of Active Directory Domain Services
Overview of Active Directory Domain Services
Active Directory Administration
(ITI310) SESSIONS 6-7-8: Active Directory.
Active Directory Administration
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Network Administration
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Windows Active Directory Environment
Active Directory Organizational Units
Presentation transcript:

Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference

Active directory provides centralized management of network resources. Active directory is not the network. Active directory is not network security. Active directory does not secure all network resources. 2

Active directory only helps secure those resources defined within the active directory domain. These resources can include: Workstations Servers Switches and Routers Printers Firewalls 3

The computer-level security for each resource includes: Users and Groups Password and Lockout Settings Auditing and Lockout Settings Available Services Patch Level 4

Active directory provides a centralized means to manage: Users and Groups Password and Lockout Settings Administrative Authorities 5

Active directory runs on the Windows domain controllers. Domain controllers have no separate: – Users and Groups – Password and Lockout Policies 6

Domain controllers should be dedicated. The domain controller could be compromised if another service is compromised. Nondedicated domain controllers can also lead to inappropriate individuals with domain administrative authority. 7

Active directory structure includes forests, trees, and domains. Due to a Security Identifier (SID) filtering flaw, any domain admin can assume authority anywhere in the forest: – Enterprise Admins – Schema Admins – Domain Admins – Default Administrators Group 8

Domain trusts allow access to users from trusted domains. Two-Way Trusts One-Way Trusts Transitive Trusts 9

Administrators from trusted domains could have rogue administrative access. SID filtering between the trusted domain is required to prevent administrative access from the trusted domain. 10

Password and lockout policy is usually controlled at the domain level. Fine-grain password policies can be defined in the domain. 11

Groups are used to grant rights to objects such as users. Organizational units are used to apply policies to or grant administrative authority over objects such as users or computers. 12

Group policy objects are used to apply policies and security settings to the objects in organizational units. The Group Policy Results Wizard can be used to generate a report of security settings applied to the domain or individual users: – Password and Lockout Settings – Screen Saver Timeout Settings – Logging Settings – Permissions 13

The advanced security settings for an organizational unit can be used to identify specific permissions over the organizational units. Resetting Passwords Full Control 14

Questions? Contact: 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.