12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Slides:



Advertisements
Similar presentations
Chapter Five Users, Groups, Profiles, and Policies.
Advertisements

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Lesson 17: Configuring Security Policies
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Chapter 13 Securing Windows Server 2008
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Module 8: Implementing Administrative Templates and Audit Policy.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Hands-On Microsoft Windows Server 2008
6.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Designing Active Directory for Security
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
Module 14: Configuring Server Security Compliance
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
Configuring the User and Computer Environment Using Group Policy Lesson 8.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
14.70 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 14: Monitoring Windows Server.
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
NetTech Solutions Security and Security Permissions Lesson Nine.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Module 10: Implementing Administrative Templates and Audit Policy.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
1 Administering a Security Configuration Security Configuration Overview Auditing Using Security Logs User Rights Using Security Templates Security Configuration.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.
Configuring Windows Firewall with Advanced Security
Introducing NTFS Reliability Security Long file names Efficiency
Presentation transcript:

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Introduce security configuration  Introduce auditing  Set audit policy on a domain controller  Set audit policy on a stand-alone server or computer  View the Security log  Audit user access to Active Directory objects  Assign user rights to users and groups Goals

12.2 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Implement account policy  Implement security templates  Use the Security Configuration and Analysis console  Use the Security Configuration and Analysis console to configure security  Troubleshoot security configuration issues Goals (2)

12.3 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Security configuration is the process of setting up a security policy  For an individual system  For a network  Security policies are required  Guard against unauthorized internal users  Protect from external threats (Skill 1) Introducing Security Configuration

12.4 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Use security configuration  To set up security policies  Account  Local  To create access control policies  Services  Registry  Files Introducing Security Configuration (2) (Skill 1)

12.5 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Use security configuration  To define event logs settings  To determine group membership settings (restricted groups)  To create public key policies  To set Internet Protocol (IP) security policies Introducing Security Configuration (3) (Skill 1)

12.6 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Factors to consider while designing security policies  Physical distribution of the network  Business model of the organization  Network load due to inter-computer dataflow and access  Overall computer usage Introducing Security Configuration (4) (Skill 1)

12.7 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Windows Server 2003 Security Configuration tools  Group Policy Object Editor is used to apply security settings centrally for the computers in a domain.  Use the Security Settings extension in the Group Policy Object Editor to apply different categories of security policies Introducing Security Configuration (5) (Skill 1)

12.8 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure 12-1 Security extension of the Group Policy Object Editor (Skill 1)

12.9 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Categories of security policies  Account policies  Can only be set for the entire domain  Password policy  Account lockout policy  Kerberos policy Introducing Security Configuration (6) (Skill 1)

12.10 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure 12-2 Password Policy settings (Skill 1)

12.11 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Categories of security policies  Local policies  Audit policy  User rights assignment  Security options Introducing Security Configuration (7) (Skill 1)

12.12 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Categories of security policies  Event log allows you to specify security log settings  Maximum size of the event log file  Logging options  Event log access rights Introducing Security Configuration (8) (Skill 1)

12.13 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Categories of security policies  Restricted Groups allows you to define additional control over the membership of key groups  Defining a group as a restricted group  Setting the membership for the group  Configuring member groups and users for the restricted group Introducing Security Configuration (9) (Skill 1)

12.14 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Categories of security policies  System Services allows you to configure the startup settings for services on a computer  Startup mode settings: Automatic, Manual, and Disabled  Can specify which security group or user can modify a service’s properties (start, stop, or pause) Introducing Security Configuration (10) (Skill 1)

12.15 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure 12-3 System Services security settings (Skill 1)

12.16 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Categories of security policies  Registry  Registry security settings allow you to set permissions for users to read, modify, and add new keys to the Registry  File System  Allows you to set access permissions for folders and files on the computer  Settings only apply to computers with NTFS drives Introducing Security Configuration (11) (Skill 1)

12.17 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure 12-4 Files and Folders permissions settings (Skill 1)

12.18 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Categories of security policies  Wireless Network (IEEE ) Policies control network security settings for supported wireless networking devices  Public Key Policies are used to configure the public key encryption  IP Security Policies are used to configure IP security for TCP/IP-based communication between servers, clients, and domain controllers using Microsoft’s version of IPSec Introducing Security Configuration (12) (Skill 1)

12.19 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Auditing is used to track user activities and object access on the computers on a network  Regular auditing ensures security of network resources  Auditing can discover security breaches  Auditing can help in resource planning for the computers on the network Introducing Auditing (Skill 2)

12.20 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Steps in setting up a security audit  Determine carefully the events to be audited on each computer  Security events that can be tracked  Who logged on to a computer and when?  What files were accessed or folders were created?  What printers were used?  What Registry keys were accessed when, and by whom?  What actions the users attempted to perform on them? Introducing Auditing (2) (Skill 2)

12.21 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Steps in setting up a security audit  Decide the computers, users, or groups to be tracked  Activate the audit object access policy. Introducing Auditing (3) (Skill 2)

12.22 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Activating the audit object access policy  Configure the audit object access policy in the Properties dialog box and the System ACL editor for the object  Select who you are going to audit  Choose what file system actions you want to monitor in the SACL editor for the file or folder Introducing Auditing (4) (Skill 2)

12.23 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Monitoring a particular event  Define an audit policy in the Audit Policy folder  The audit policy tells the operating system what to record in the Security event log on each computer  On a domain controller, modify the default domain policy by using the Group Policy Management console  Only Domain Administrators and Enterprise Administrators can configure auditing at the domain level Introducing Auditing (5) (Skill 2)

12.24 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure 12-5 Audit policy (Skill 2)

12.25 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Audited events are stored in the Security event log  Success and failure can both be recorded  Security log can be viewed using the Event Viewer  The Security log entries allow identification of existing security problems in the overall network, as well as on individual computers Introducing Auditing (6) (Skill 2)

12.26 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure 12-6 The Security Event log (Skill 2)

12.27 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Unauthorized access to a domain must be monitored  Set up an audit policy on a domain controller by configuring Group Policy  Link the GPO to the default Domain Controllers OU  You must have the Manage auditing and security log right on the system to configure auditing Setting Audit Policy on a Domain Controller (Skill 3)

12.28 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Setting up auditing is a two-step process  Step 1  Configure the audit policy to track particular events, for success, for failure or both  Step 2  Open the specific resource you wish to audit  Enable auditing by selecting the type of event you want to track and the user group or groups for which you want to track that event Setting Audit Policy on a Domain Controller (2) (Skill 3)

12.29 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure 12-7 Creating a GPO (Skill 3)

12.30 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure 12-8 The Audit account logon events Properties dialog box (Skill 3)

12.31 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure 12-9 The Audit object access Properties dialog box (Skill 3)

12.32 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Advanced Security Settings for Annual Reports (Skill 3)

12.33 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Selecting the actions to be audited (Skill 3)

12.34 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure A Security warning dialog box (Skill 3)

12.35 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Problems auditing stand-alone servers and workgroup computers running Windows 2000 or XP Professional  They do not belong to a domain  A domain controller-based audit policy cannot be applied to them  Stand-alone computers and the network computers may be able to access each other and hence require monitoring Setting Audit Policy on a Stand-Alone Server or Computer (Skill 4)

12.36 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security  Audit policy should be set for stand-alone computers  To monitor network access attempts  To monitor local security events Setting Audit Policy on a Stand-Alone Server or Computer (2) (Skill 4)

12.37 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Audit Policy in the Local Security Settings console (Skill 4)

12.38 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Enabling auditing for local logon attempts (Skill 4)

12.39 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Updating local security policy (Skill 4)

12.40 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Viewing the Security Log  Problems with implementation of audit policies  Increases the overhead on a computer  Slows down CPU performance  Security event log can become inundated with entries  Solutions  Set a schedule for checking the Security log regularly  Specify a maximum file size for Security log (Skill 5)

12.41 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Viewing the Security Log (2)  Be aware when the Security log reaches the maximum file size  You may lose data if the log becomes full before you archive it  Archiving is the process of saving a history of events so you can track trends in resource usage  When the log is full, the operating system will stop recording events (Skill 5)

12.42 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Security Log Properties dialog box (Skill 5)

12.43 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Viewing the Security Log (3)  Set filters to control what is recorded in the log  Event type: Information, Warning, Error, or Success or Failure audit  Event source: Choose a particular source, such as Spooler, LSA (Local Security Authority), or SC (Service Control) Manager  Category: Account Logon, Account Management, Directory Service Access, Privilege Use, Object Access events, and so on  Event ID  User  Computer  Specific time periods (Skill 5)

12.44 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Filter tab in the Security Properties dialog box (Skill 5)

12.45 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Security log (Skill 5)

12.46 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Filtering the Security log (Skill 5)

12.47 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Viewing event details box (Skill 5)

12.48 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Auditing User Access to Active Directory Objects  Active Directory objects  Are the essential building blocks of a Windows Server 2003 network  Include users, computers, OUs, groups, published printers, and so on  Audit policies for Active Directory objects  Are set based explicitly on their functionality  An audit policy set for an Active Directory object is inherited by its child object through Policy Inheritance by default (Skill 6)

12.49 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Auditing tab (Skill 6)

12.50 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Setting printer audit policy (Skill 6)

12.51 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Assigning User Rights to Users and Groups  User rights are different from permissions  Permissions allow a user access to certain resources  User rights allow the user to perform certain restricted actions, such as shutting down the system or logging on locally (Skill 7)

12.52 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Assigning User Rights to Users and Groups (2)  User Rights Assignment policy is used to grant users rights  Rights should be assigned to groups for ease of administration  Users can be added to the group to grant them the same level of user rights  Assign user rights to allow particular users to carry out specific functions  This increases the security of the system (Skill 7)

12.53 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure User rights assignments (Skill 7)

12.54 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Adding a group to assign user rights (Skill 7)

12.55 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Access this computer from the network Properties dialog box (Skill 7)

12.56 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Account Policy  Account policies  Used to set the user account properties that control the logon process  Types of policies  Account lockout policies  Password policies  Kerberos policies (Skill 8)

12.57 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Account Policy (2)  Configuring account policies  Group Policy Object Editor snap-in  Group Policy Management console (GPMC) (Skill 8)

12.58 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Account Policy (3)  Account lockout policy  Objective of the policy is to prevent users from guessing passwords  There is immediate replication of Active Directory data between Windows Server 2003 domain controllers when an account is locked out (Skill 8)

12.59 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Account Policy (4)  Account Lockout policy is configured by setting following policies  Account lockout threshold: Specify the number (0 to 999) of allowed invalid logon attempts  Account lockout duration: Specify the time duration (0 to minutes) during which the account remains disabled  Reset account lockout counter after: Set the time (1 and minutes) duration that must elapse after an invalid logon attempt before the account lockout counter is reset to 0 (Skill 8)

12.60 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Account Policy (5)  Password policy  Allows you to specify how users must manage their passwords  Factors to be considered  Password history  Password age  Password length  Complexity requirements  Encryption and storage methods (Skill 8)

12.61 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Account Policy (6)  Kerberos policies  The Kerberos V5 authentication protocol is implemented through a Key Distribution Center (KDC)  They are applicable to domain user accounts or computer accounts only  They define settings such as ticket lifetimes and logon restriction enforcement (Skill 8)

12.62 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Kerberos policies (Skill 8)

12.63 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Account Policy (7)  Kerberos policy settings  Enforce user logon restrictions policy: If enabled, the KDC performs certain checks before issuing a session ticket  Validity of the user account  User rights policy on the target computer  Maximum lifetime for service ticket: Sets the maximum length of time for a Logon Session Ticket  Maximum lifetime for user ticket: Sets the maximum length of time that the Ticket Granting Ticket (TGT) will be valid  Maximum lifetime for user ticket renewal: Sets the maximum lifetime for both the Ticket Granting Ticket (TGT) and the Logon Session Ticket (Skill 8)

12.64 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Account Policy (8)  Kerberos policy settings  Maximum tolerance for computer clock synchronization  Sets the maximum number of minutes that the clock on the KDC can be different from the clock on the Kerberos client  This acts as a deterrent in replay attacks (Skill 8)

12.65 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Account lockout threshold Properties dialog box (Skill 8)

12.66 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Suggested Value Changes dialog box (Skill 8)

12.67 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Enforce password history Properties dialog box (Skill 8)

12.68 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Minimum password length Properties dialog box (Skill 8)

12.69 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Maximum lifetime for service ticket Properties dialog box (Skill 8)

12.70 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Suggested Value Changes dialog box for Maximum lifetime for user ticket (Skill 8)

12.71 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Security Templates  Security template  A group of security settings used to implement security in computers running Windows 2000 or later operating systems  A text-based file with an.inf file extension  You can import these templates into GPOs, and apply the set of common security settings to multiple computers with similar functionality  You can use them to save and restore security settings of a computer (Skill 9)

12.72 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Security Templates (2)  Windows Server 2003 provides several predefined security templates located in the folder %Systemroot%\Security\Templates  The predefined security templates have four standard security levels  Basic  Compatible  Secure  Highly Secure (Skill 9)

12.73 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The predefined security templates (Skill 9)

12.74 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Security Templates (3)  Implementing security templates consists of five steps 1. Accessing the Security Templates console  You can access the Security Templates console in an existing console by adding the Security Templates snap-in to it  You can also create a new Microsoft Management Console (MMC), and add the Security Templates snap-in to it (Skill 9)

12.75 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Security Templates (4)  Implementing security templates consists of five steps 2. Customizing a predefined security template  You can edit a predefined security template  Save the modified template as a new template 3. Defining a new security template  You can define security settings in a new customized security template according to the specific security requirements of your organization (Skill 9)

12.76 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Security Templates (5)  Implementing security templates consists of five steps 4. Importing a security template to a GPO  To apply the same security settings to multiple objects using a GPO, you can import an appropriate security template into the GPO (Skill 9)

12.77 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Implementing Security Templates (6)  Implementing security templates consists of five steps 5. Exporting security settings to a security template  You can export the initial security configuration for a computer to a security template.  Similarly, the effective security settings (the security settings currently applied on the computer) for a computer can be exported to a security template  The initial security template can be used to restore the settings (Skill 9)

12.78 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Creating a new security template (Skill 9)

12.79 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Exporting policy settings to a template (Skill 9)

12.80 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Importing a security template (Skill 9)

12.81 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Using the Security Configuration and Analysis Console  Use the Security Configuration and Analysis snap-in to configure the local security settings on a computer  Importing a security template  Comparing the template to the currently configured computer settings  Performing a “what-if” analysis (Skill 10)

12.82 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Security Configuration and Analysis snap-in (Skill 10)

12.83 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Using the Security Configuration and Analysis Console (2)  Analyzing the comparisons  The security settings that match are marked by a green check mark icon  The security settings that do not match are marked with a red x icon  Action  Update the security settings on the computer that do not match the database settings (Skill 10)

12.84 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Importing a template (Skill 10)

12.85 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Analyzing System Security window (Skill 10)

12.86 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure System security analysis results (Skill 10)

12.87 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Using the Security Configuration and Analysis Console to Configure Security  Use the Security Configuration and Analysis tool to configure security on individual computers  Set security settings by removing or updating any inconsistencies discovered in the analysis  You can construct a composite database security template by importing templates (either predefined or customized) into the database (Skill 11)

12.88 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The Configure System dialog box (Skill 11)

12.89 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Configuring Computer Security (Skill 11)

12.90 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Editing a configuration setting (Skill 11)

12.91 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure The edited security settings (Skill 11)

12.92 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Troubleshooting Security Configuration Issues Improving the success rate for network security  Examine the level of security requirements for the network  High level of security  Reduces efficiency  Increases cost and administrative effort  Low level security leads to unauthorized access, which can have serious repercussions  Identify existing and potential problems in the Security event log and update the security settings accordingly (Skill 12)

12.93 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Troubleshooting Security Configuration Issues (2) Improving the success rate for network security  Determine network usage for certain resources that may cause problems in the future  Identify security patterns that may cause problems in the future (Skill 12)

12.94 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure Lesson 12: Configuring Active Directory Security Figure Security audit event details (Skill 12)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.