70-270: MCSE Guide to Microsoft Windows XP Professional Second Edition, Enhanced Chapter 6: Windows XP Security and Access Controls.

Slides:



Advertisements
Similar presentations
Chapter Five Users, Groups, Profiles, and Policies.
Advertisements

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Chapter 13 Securing Windows Server 2008
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 4: Troubleshoot System Startup and User Logon Problems.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Ch 11 Managing System Reliability and Availability 1.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
11 NETWORK PROTOCOLS AND SERVICES Chapter 10. Chapter 10: Network Protocols and Services2 NETWORK PROTOCOLS AND SERVICES  Identify how computers on TCP/IP.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Chapter Six Windows XP Security and Access Controls.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
Module 14: Configuring Server Security Compliance
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 17-Windows 2000/Windows 2003 Server Security Issues.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
70-270: MCSE Guide to Microsoft Windows XP Professional 1 Windows XP Professional User Accounts Designed for use as a network client for: Windows NT Windows.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
Module 7: Implementing Security Using Group Policy.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Configuring Windows Firewall with Advanced Security
Configuring and Troubleshooting Routing and Remote Access
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Lesson 16-Windows NT Security Issues
Presentation transcript:

70-270: MCSE Guide to Microsoft Windows XP Professional Second Edition, Enhanced Chapter 6: Windows XP Security and Access Controls

Guide to MCSE , Second Edition, Enhanced2 Objectives Describe the Windows XP security model, and the key role of logon authentication Work with access control and customize the logon process Disable the default username Discuss domain security concepts Understand the local computer policy

Guide to MCSE , Second Edition, Enhanced3 Objectives (continued) Enable and use auditing Encrypt NTFS files, folders, or drives using the Encrypting File System (EFS) Understand and implement Internet security

Guide to MCSE , Second Edition, Enhanced4 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access token String of bits representing user Attached to processes

Guide to MCSE , Second Edition, Enhanced5 The Windows XP Security Model (continued) Access token Compared with ACL (Access Control List) Domain security Centered on Active Directory

Guide to MCSE , Second Edition, Enhanced6 Active Directory Centralized database containing: Security Configuration Communication information Manages: Information about domain Resources shared by network

Guide to MCSE , Second Edition, Enhanced7 Logon Authentication Logon is mandatory Logon process components: Identification Authentication Password authentication typically used Access token attached to shell process

Guide to MCSE , Second Edition, Enhanced8 Shell Defines environment inside which user executes programs or spawns other processes Default: Windows Explorer Defines desktop, start menu, etc.

Guide to MCSE , Second Edition, Enhanced9 Resources as Objects Access to individual resources controlled at object level Everything in environment is an object Identified by type Type determines Permitted range of contents Kinds of operations

Guide to MCSE , Second Edition, Enhanced10 Resources as Objects (continued) Service How object can be manipulated Attributes Named characteristics

Guide to MCSE , Second Edition, Enhanced11 Access Control Logon process Initiated with Ctrl+Alt+Delete Hardware interrupt cannot be imitated Mandatory logon Restricted user mode Physical logon User profiles

Guide to MCSE , Second Edition, Enhanced12 Customizing the Logon Process Administrator can alter default process Winlogon process: Produces logon dialog box Controls automated logon Warning text Display of Shutdown button Display of last user to log onto system

Guide to MCSE , Second Edition, Enhanced13 Disabling the Default Username Logon window Displays name of the last user to logon Can be unsecure DontDisplayLastUserName Regisry setting Edit with: Local Computer Policy utility

Guide to MCSE , Second Edition, Enhanced14 Adding a Security Warning Message Might be legally obligated to add a warning message Settings in Registry: LegalNoticeCaption LegalNoticeText

Guide to MCSE , Second Edition, Enhanced15 Changing the Shell Default shell Windows Explorer Change Registry setting

Guide to MCSE , Second Edition, Enhanced16 Disabling the Shutdown Button Windows XP logon window includes Shutdown button Potential for unwanted system shutdowns ShutdownWithoutLogon Registry setting Users can still physically power-off machine Winlogon settings for: Laptop Sleep mode Other advanced shutdown settings

Guide to MCSE , Second Edition, Enhanced17 Automating Logons Values for username and password can be coded into Registry to automate logons Registry settings: DefaultDomainName DefaultUserName DefaultPassword AutoAdminLogon

Guide to MCSE , Second Edition, Enhanced18 Automatic Account Lockout Disables account Predetermined number of failed logins Predetermined amount of time Default: Unlimited number of attempts

Guide to MCSE , Second Edition, Enhanced19 Domain Security Concepts and Systems Domain Collection of computers with centrally managed security and activities Offers: Increased security Centralized control Broader access to resources

Guide to MCSE , Second Edition, Enhanced20 Domain Security Overview Control of: User accounts Group memberships Resource access for all members of a network instead of only a single computer

Guide to MCSE , Second Edition, Enhanced21 Domain Controller Windows 2000 Server Windows Server 2003 system Active Directory support services installed and configured

Guide to MCSE , Second Edition, Enhanced22 Kerberos and Authentication Services Authentication conditions: Interactive logon Press attention sequence Enter username and password Network authentication Attempt to connect to or access resources from some other member of the domain network

Guide to MCSE , Second Edition, Enhanced23 Kerberos and Authentication Services (continued) Kerberos version 5: Used for communication between local system and domain controller May be used in network authentication Primary protocol for authentication security Verifies identify of client and server Designed to allow two parties to exchange private information across an open network Assigns unique key to each user that logs on to network

Guide to MCSE , Second Edition, Enhanced24 Kerberos and Authentication Services (continued) Secure Socket Layer/Transport Layer Security (SSL/TLS) Authentication scheme often used by Web-based applications Supported on Windows XP through IIS (Internet Information Server). Uses third-party Certificate Authority Client sends its certificate to the server Uses encrypted communication link

Guide to MCSE , Second Edition, Enhanced25 Kerberos and Authentication Services (continued) NTLM (NT LAN Manager) authentication Used by Windows NT 4.0 Supported by XP for backwards compatibility Uses static encryption level (40-bit or 128-bit) to encrypt traffic between a client and server Less secure than Kerberos

Guide to MCSE , Second Edition, Enhanced26 Local Computer Policy Combination of controls System policies Control panel applets Registry settings Other names: Software policy Environmental policy Windows XP policy

Guide to MCSE , Second Edition, Enhanced27 Local Computer Policy (continued) Local system’s group policy Effective policy: Result of combination of all group policies applicable to system Controlled on a domain basis on a Windows domain controller Add Global Policy snap-in to MMC

Guide to MCSE , Second Edition, Enhanced28 Local Computer Policy (continued) Local Group Policy tool Also called Local Security Policy tool Accessed from Administrative Tools Local computer policy contents: Determined during installation Based on: System configuration Existing devices Selected options and components

Guide to MCSE , Second Edition, Enhanced29 Local Computer Policy (continued) Custom policies: Created through the use of.adm files Local group policy: System.adm file Local Computer Policy snap-in Divided into two sections: User Configuration Computer Configuration Contains over 300 individual controls

Guide to MCSE , Second Edition, Enhanced30 Computer Configuration Subnodes: Software Settings The Windows Settings folder: Scripts Security Settings Administrative Templates folder

Guide to MCSE , Second Edition, Enhanced31 Public Key Policies Three purposes Offers additional controls over the Encrypting File System (EFS) Enables the issuing of certificates Allows you to establish trust in a certificate authority

Guide to MCSE , Second Edition, Enhanced32 IP Security Policies Security measure added to TCP/IP Protects communications between two systems using that protocol Can be used over a RAS or WAN link Creates a secured point-to-point link between two systems Configured and enabled with Advanced TCP/IP Settings dialog box

Guide to MCSE , Second Edition, Enhanced33 IP Security Policies (continued) Modes: Transport Tunneling Predefined IPSec policies: Client (Respond Only) Server (Request Security) Secure Server (Require Security)

Guide to MCSE , Second Edition, Enhanced34 IP Security Policies (continued) Authentication methods: Kerberos version 5 Default and preferred Public key certificate authentication Preshared key Less secure

Guide to MCSE , Second Edition, Enhanced35 Administrative Templates Offer controls on a wide range of environmental functions and features Registry based group policy information Used to overwrite Registry to force compliance with group policy

Guide to MCSE , Second Edition, Enhanced36 User Configuration Subfolders: Software Settings Windows Settings folder Administrative Templates folder

Guide to MCSE , Second Edition, Enhanced37 Security Configuration and Analysis Tool MMC snap-in Used to: Analyze Configure Export Validate system security based on a security template Seven predefined security templates

Guide to MCSE , Second Edition, Enhanced38 Security Configuration and Analysis Tool (continued) Checks system’s current configuration against selected security template Produces a report of discrepancies Apply security templates to system

Guide to MCSE , Second Edition, Enhanced39 Secedit Command-line version of Security Configuration and Analysis tool Favored by administrators Can be scripted Four functions: Analyze Configure Export Validate

Guide to MCSE , Second Edition, Enhanced40 Auditing Security process Records occurrence of specific operating system events inSecurity log Every object has audit events related to it Event Viewer Maintains logs about: Application events Security events System events

Guide to MCSE , Second Edition, Enhanced41 Event Properties Dialog Box

Guide to MCSE , Second Edition, Enhanced42 Encrypting File System Allows you to encrypt data stored on an NTFS drive Only enabling user can gain access to encrypted object Enabled using Properties dialog Uses public and private key encryption method Encryption process is invisible to user

Guide to MCSE , Second Edition, Enhanced43 Encrypting File System (continued) Recovery Agent Used to recover encrypted files Required for EFS to function CIPHER Command-line tool for batch processing of encryption

Guide to MCSE , Second Edition, Enhanced44 Internet Security Risks Unwittingly downloading Trojan horses or viruses, Accepting malicious Allowing a remote cracker to take complete control of your computer Protection: Security features for standalone or LAN system Internet Connection Firewall

Guide to MCSE , Second Edition, Enhanced45 Summary Object-level access controls Winlogon controls how users logon Local computer policy controls many aspects of the security system as well as enabling or restricting specific functions and features of the operating system Encrypting File System (EFS) protects data with an encryption system

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.