September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

Slides:



Advertisements
Similar presentations
Chapter Five Users, Groups, Profiles, and Policies.
Advertisements

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
CH 13 Server and Network Monitoring. Hands-On Microsoft Windows Server Objectives Understand the importance of server monitoring Monitor server.
Windows Server 2008 Chapter 11 Last Update
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Module 8: Implementing Administrative Templates and Audit Policy.
Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
CH 12 Securing Windows Server Objectives Understand the security enhancements included in Windows Server 2008 Understand how Windows Server 2008.
1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.
70-270: MCSE Guide to Microsoft Windows XP Professional Second Edition, Enhanced Chapter 6: Windows XP Security and Access Controls.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Designing Active Directory for Security
Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz
Module 7: Fundamentals of Administering Windows Server 2008.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 UNDERSTANDING USER ACCOUNTS  Local user accounts  stored in the Security.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Module 9: Preparing to Administer a Server. Overview Introduction to Administering a Server Configuring Remote Desktop to Administer a Server Managing.
Lesson 17-Windows 2000/Windows 2003 Server Security Issues.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Some overlap exists between the settings of the MMC and the settings of the registry. The MMC is extensible. Policies and properties can be edited via.
1 Part-1 Chap 5 Configuring Accounts Definitions.
CHAPTER Creating and Managing Users and Groups. Chapter Objectives Explain the use of Local Users and Groups Tool in the Systems Tools Option to create.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
CH 13 Server and Network Monitoring. Hands-On Microsoft Windows Server Objectives Understand the importance of server monitoring Monitor server.
NetTech Solutions Security and Security Permissions Lesson Nine.
Module 10: Implementing Administrative Templates and Audit Policy.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Chapter 7 Server Management Policies –User accounts –Groups Rights and permissions Examples.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
1 Chapter Overview Monitoring Access to Shared Folders Creating and Sharing Local and Remote Folders Monitoring Network Users Using Offline Folders and.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Configuring Windows Firewall with Advanced Security
Presentation transcript:

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer

September 18, 2002 Win2K Components Overview Monitoring Components User and Group Management Group Security Policies Windows 2000 Security Services

September 18, 2002 Monitoring Components Monitoring Components Computer Management –Click Start, Settings, Control Panel, Administrative Tools, Computer Management Event Viewer Performance Log Shared Folders Services

September 18, 2002 Computer Management Computer Management

September 18, 2002 Event Viewer The Event Viewer gathers information about hardware, software, and system problems and monitor Windows 2000 security events Application Log –Events logged by applications or programs. Security Log –Records security events such as valid and invalid logon attempts, as well as events related to resource use, such as creating, opening, or deleting files. System Log –Events logged by the Windows 2000 system components.

September 18, 2002 Performance Log Performance Logs and Alerts contains features for logging counter and event trace data and for generating performance alerts. Can record data about hardware usage and the activity of system services from local or remote computers. Logging can occur manually on demand, or automatically based on a user-defined schedule

September 18, 2002 Shared Folders Create, view, and set permissions for shares, including shares on computers running Windows NT 4.0. View a list of all users who are connected to the computer over a network and disconnect one or all of them. View a list of files opened by remote users and close one or all of the open files. Configure Services for Macintosh. This enables personal computer users and Macintosh users to share files and other resources, such as printing devices, through a computer running Windows 2000 Server.

September 18, 2002 Services Using Services, you can start, stop, pause, or resume services on remote and local computers, and configure startup and recovery options. You can also enable or disable services for a particular hardware profile. With Services, you can: –Manage services on local and remote computers, including remote computers running Windows NT 4.0. –Set up recovery actions to take place if a service fails, such as restarting the service automatically or restarting the computer (on computers running Windows 2000 only). –Create custom names and descriptions for services so that you can easily identify them (on computers running Windows 2000 only).

September 18, 2002 Users and Groups Overview Administrator Account Guest Account Managing User Accounts Group Types Managing Groups

September 18, 2002 Administrator Account Administrator Account Admins can do the following: Access any file or directory Create and delete users and groups Establish trust relationships Manage printers and print sharing Assign operators Create and modify logon scripts Set default account policies Set and change passwords Manage auditing and security logs Not be deleted

September 18, 2002 Administrator Account (cont.) Admins are by default in the following groups: Administrators Domain Admins Domain Users Enterprise Admins Group Policy Admins Schema Admins

September 18, 2002 Guest Account Guest account is disabled by default Enable the Guest account only in low-security networks Always assign a password Can rename Guest account, but cannot delete it Should only have low privileges

September 18, 2002 Managing User Properties Managing User Properties

September 18, 2002 Manage User Options

September 18, 2002 Managing User Accounts Managing User Accounts Managing User Accounts Click Start, Settings, Control Panel, Administrative Tools, Computer Management Expand System, Local Users and Groups Creating User Accounts Right-Click Users, and then click New User Fill in the appropriate fields Managing User Properties Right-Click on a User, and then click Properties Modify the appropriate fields

September 18, 2002 Group Types Domain Local Group –Open membership: members can come from any domain –Members can access resources only in the local domain Global Group –Limited membership: members only come from local domain –Members can access resources in any domain Universal Group –Open membership: members can come from ay domain –Members can access resources in any domain

September 18, 2002 Groups Types (cont.) Points to keep in mind… Local groups on domain controllers have rights only on the domain where they were created. Local groups on Windows 2000 Workstation computers and member servers (non-Domain Controllers) have rights on the computer where they were created. Local groups cannot contain other local groups; they can contain only user accounts or global groups from the same domain or other domains. Global groups contain user accounts from only one domain. They cannot contain local groups or other global groups. Universal groups contain user accounts from any domain. They can contain universal accounts, global groups, local groups, and user accounts.

September 18, 2002 Predefined Groups

September 18, 2002 Predefined Group (cont.) Predefined Group (cont.)

September 18, 2002 Special Groups

September 18, 2002 Managing Groups Click Start, Settings, Control Panel, Administrative Tools, Computer Management Expand System, Local Users and Groups Creating Groups Right-Click Groups, and then click New Group Fill in the appropriate fields Add Members to Group Right-Click on a Group, and then click Add to Group Click Add, Select User(s), Click Add, Click OK

September 18, 2002 Security Policy Password Policy Account Lockout Policy Audit Policy User Rights Assignment Security Options Encrypting File System Properties Kerberos Properties IPSec Properties Configuring and Analyzing by Templates

September 18, 2002 Opening MMC Snap-Ins To open Microsoft Management Console Snap- ins Click start, run Type “mmc” and hit enter Under the “Console” menu, click “Add/Remove Snap-in” Click “Add”, select Snap-in, click “Add” Opt: Fill any options, click “ok” Click “close”, click “ok”

September 18, 2002 Security Policy It is important to notice: Almost all of these settings can be enforced at the local level, or at the domain level, if the computer is on a domain (in which case the domain settings would be taken from Active Directory) Settings at higher levels of the Active Directory Tree override those at lower levels

September 18, 2002 Password Policy Open “Group Policy” snap-in Under Computer Configuration/Windows Settings/Security Settings/Account Policies Controls the formation and changing of user passwords Age, Length, History, Complexity

September 18, 2002 Account Lockout Policy Open “Group Policy” snap-in Under Computer Configuration/Windows Settings/Security Settings/Account Policies Controls the lockout settings for incorrect passwords

September 18, 2002 Audit Policy Open “Group Policy” snap-in Under Computer Configuration/Windows Settings/Security Settings/Local Policies Controls which system events are recorded in the Event Log, to be viewed in the Eventviewer later For all events, successes and/or failures may be logged Must be careful not to audit too much

September 18, 2002 Audit Policy (Example) By double clicking on Audit Account Logon Events and checking “success” and “failure”, you can log to the Event Log every attempt at access to the computer

September 18, 2002 User Rights Assignment Open “Group Policy” snap-in Under Computer Configuration/Windows Settings/Security Settings/Local Policies Controls which users and groups have access to special system-level commands, such as shutting down the computer

September 18, 2002 Security Options Open “Group Policy” snap-in Under Computer Configuration/Windows Settings/Security Settings/Local Policies Controls miscellaneous other security options, especially the permissions of remotely connected users.

September 18, 2002 Security Options

September 18, 2002 Security Options (Examples) Using “Rename Administrator Account”, you can change the admin name and create a dummy “Administrator” account with no privileges, that is heavily logged Set “Clear memory pagefile when system shuts down” to prevent the swap file from being recovered (easily)

September 18, 2002 Encrypting File System Properties Open “Group Policy” snap-in Under Computer Configuration/Windows Settings/Security Settings/Public Key Policies Or open “Certificates” Snap-in Controls the certificates (public keys) of Encrypted Data Recovery Agents Whenever a file is encrypted by a user, there must be a recovery agent

September 18, 2002 Encrypting File System (Examples) Under certificates for a File Recovery Agent (default Admin), Personal/Certificates, Right click on the file recovery certificate and click All Tasks, export. You can export and delete the recovery agent private key, and store it in a secure location for later recovery Thus, one cannot get the recovery agent key, even by breaking the account password

September 18, 2002 Kerberos in W2K Windows 2000 uses Kerberos V for authenticating computers and users between domains The domain controller acts as the KDC (a trusted third party) in mutually authenticating clients to servers in inter- and intra domain communication Secret-key tickets are given to communicating parties

September 18, 2002 Kerberos Settings Open “Group Policy” snap-in Under Computer Configuration/Windows Settings/Security Settings/Account Policies/Kerberos Policy Only for computers on Domains Controls the details of Kerberos tickets and authentication Microsoft says, and NSA agrees, the default settings are OK

September 18, 2002 IPSec Settings Open “Group Policy” snap-in Computer Configuration/Windows Settings/ Security Settings/IP Security Policy Controls the policies for secure communication via IPSec and its cryptographic settings Allows filtering of packets of various protocols without authentication and IPSec Can require that all communication be Secured (Secure Server)

September 18, 2002 Configuring and Analyzing Security Properties by Templates Open “Security Configuration and Analysis” snap-in Right click “Security Configuration and Analysis” and click “open database”, make a new database file, click “open”, and select a template, such as “hisecws.inf” (high secure workstation/server) and click open Right click “Security Configuration and Analysis” again and choose to configure (set your settings to template) or to analyze (compare your settings to template

September 18, 2002 Any Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.