Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.

Slides:



Advertisements
Similar presentations
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Advertisements

Deploying and Managing Active Directory Certificate Services
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Lesson 17: Configuring Security Policies
Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog:
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Chapter 7 Installing and Using Windows XP Professional.
Microsoft ® Official Course Module 9 Configuring Applications.
Microsoft ® Official Course Module 12 Monitoring, Managing, and Recovering AD DS.
Microsoft ® Official Course Module 8 Deploying and Managing Certificates.
Course 6425A Module 9: Implementing an Active Directory Domain Services Maintenance Plan Presentation: 55 minutes Lab: 75 minutes This module helps students.
Module 6 Securing Windows 7 Desktops. Module Overview Overview of Security Management in Windows 7 Securing a Windows 7 Client Computer by Using Local.
Securing Windows Servers Using Group Policy Objects
Deploying and Managing Windows Server 2012
Overview of Access and Information Protection
Troubleshoot Access, Authentication, and User Account Control Issues Lesson 8.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Microsoft ® Official Course Module 13 Troubleshooting and Recovering Windows 8.
Hands-On Microsoft Windows Server 2008
Module 13: Configuring Availability of Network Resources and Content.
Configuring Mobile Computing and Remote Access
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Module 4: Add Client Computers and Devices to the Network.
Microsoft ® Official Course Module 10 Optimizing and Maintaining Windows ® 8 Client Computers.
Week #7 Objectives: Secure Windows 7 Desktop
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 5 Windows XP Professional McGraw-Hill.
Implementing Update Management
Deploying and Maintaining Server Images
Configuring Encryption and Advanced Auditing
Troubleshooting Windows Vista Security Chapter 4.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 14: Configuring Server Security Compliance
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Securing AD DS Module A 3: Securing AD DS
Module 7: Fundamentals of Administering Windows Server 2008.
Managing User Desktops with Group Policy
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Maintaining Active Directory Domain Services
Module 6: Configuring User Environments Using Group Policy.
Module 3 Configuring File Access and Printers on Windows ® 7 Clients.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Module 3: Configuring File Access and Printers on Windows 7 Clients
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Module 5: Creating and Configuring Group Policies.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Implementing Group Policy
Module 7: Implementing Security Using Group Policy.
Managing Applications, Services, Folders, and Libraries Lesson 4.
Implementing a Group Policy Infrastructure
Module 10: Implementing Administrative Templates and Audit Policy.
Understand Encryption LESSON 2.5_A Security Fundamentals.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
Lesson 18: Configuring Security for Mobile Devices MOAC : Configuring Windows 8.1.
Automating Installations by Using the Microsoft Windows 2000 Setup Manager Create setup scripts simply and easily. Create and modify answer files and UDFs.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
Configuring Encryption and Advanced Auditing
Create setup scripts simply and easily.
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

Microsoft ® Official Course Module 8 Securing Windows 8 Desktops

Module Overview Authentication and Authorization in Windows 8 Implementing GPOs Securing Data with EFS and BitLocker Configuring User Account Control

Lesson 1: Authentication and Authorization in Windows 8 What Are Authentication and Authorization? The Process of Authentication and Authorization Important Security Features in Windows 8

What Are Authentication and Authorization? UserResource Who are you? Authentication: Verifying the identity of someone Are you on the list? Authorization: Determining whether someone has permission to access a resource What does the list say you can do? Access: Determining what actions someone can perform on the resource based on permission levels

The Process of Authentication and Authorization Windows Authentication Method Description Kerberos version 5 protocol Used by Windows 8 clients and servers that are running Microsoft Windows Server 2000 or newer versions NTLM Used for backward compatibility with computers that are running pre-Windows 2000 operating systems and some applications Certificate mappingCertificates are used as authentication credentials

Important Security Features in Windows 8 EFS Windows BitLocker and BitLocker To Go Windows AppLocker User Account Control Windows Firewall with Advanced Security Windows Defender Windows 8 Action Center

Lesson 2: Implementing GPOs What Is Group Policy? How Do You Apply GPOs? How Multiple Local GPOs Work Demonstration: How to Create Multiple Local GPOs Demonstration: How to Configure Local Security Policy Settings

What Is Group Policy? Group Policy enables IT administrators to automate one-to-several management of users and computers Use Group Policy to: Apply standard configurations Deploy software Enforce security settings Enforce a consistent desktop environment Local Group Policy is always in effect for local and domain users, and local computer settings

How Do You Apply GPOs? Computer settings are applied at startup and then at regular intervals, while user settings are applied at logon and then at regular intervals Group Policy Processing Order: 1. Local GPOs 2. Site-level GPOs 3. Domain GPOs 4. OU GPOs

How Multiple Local GPOs Work You can use MLGPOs to apply different levels of Local Group Policy to local users on a stand-alone computer There are three layers of local GPOs, which are applied in the following order: 1.Local GPO that may contain both computer and user settings 2.Administrators and Non-Administrators Local GPOs are applied next and contain only user settings 3.User-specific Local Group Policy is applied last, contains only user settings, and applies to one specific user on the local computer

Demonstration: How to Create Multiple Local GPOs In this demonstration, you will see how to: Create a custom management console Configure the Local Computer Policy Configure the Local Computer Administrators Policy Configure the Local Computer Non- Administrators Policy Test multiple local Group Policies

Demonstration: How to Configure Local Security Policy Settings In this demonstration, you will see how to review the local Group Policy for security settings

Lab A: Implementing Local Group Policy Objects (GPOs) Exercise 1: Creating Multiple Local GPOs Exercise 2: Testing the Application of the Local GPOs Logon Information Virtual Machines20687B-LON-DC1 User NameAdatum\Administrator PasswordPa$$w0rd Estimated Time: 20 minutes

Lab Scenario Holly Dickson is the IT manager at A. Datum Corp. She has expressed a concern that some of the laptop computers that users utilize outside of the A. Datum network are susceptible to security breaches. She wants you to investigate how best to configure security and other settings on these computers.

Lab Review Can you create multiple local Group Policies and apply them to different users?

Lesson 3: Securing Data with EFS and BitLocker What Is EFS? Demonstration: How to Encrypt Files and Folders with EFS What Is BitLocker? BitLocker To Go BitLocker Requirements BitLocker Modes Group Policy Settings for BitLocker Configuring BitLocker Configuring BitLocker To Go Recovering BitLocker-Encrypted Drives

What Is EFS? EFS is the built-in file encryption tool for Windows file systems: Enables transparent file encryption and decryption Provides for encrypted file recovery Allows encrypted files to be shared with other users

Demonstration: How to Encrypt Files and Folders with EFS In this demonstration, you will see how to: Encrypt files and folders Confirm the files and folders have been encrypted Decrypt files and folders Confirm the files and folders have been decrypted

What Is BitLocker? Windows BitLocker Drive Encryption encrypts the computer operating system and data stored on the operating system volume Provides offline data protection Protects all other applications installed on the encrypted volume Includes system integrity verification Verifies integrity of early boot components and boot configuration data Ensures the integrity of the startup process

BitLocker To Go Provides enhanced protection against data theft and exposure by extending BitLocker to removable storage devices. When securing a removable drive, you can choose to unlock the drive with either: A password A smart card

BitLocker Requirements Encryption and decryption key: Hardware Requirements: BitLocker encryption requires either: A computer with TPM v1.2 or later A removable USB memory device Have enough available hard drive space for BitLocker to create two partitions Have a BIOS that is compatible with TPM and supports USB devices during computer startup

BitLocker Modes TPM mode Locks the normal boot process until the user optionally supplies a personal PIN and/or inserts a USB drive containing a BitLocker startup key Performs system integrity verification on boot components Non-TPM mode Uses Group Policy to allow BitLocker to work without a TPM Locks the boot process similar to TPM mode, but the BitLocker startup key must be stored on a USB drive Provides limited authentication Windows 8 supports two modes of BitLocker operation: TPM mode and Non-TPM mode

Group Policy Settings for BitLocker Group Policy provides the following settings for BitLocker: Turn on BitLocker backup to AD DS Configure the recovery folder on Control Panel Setup Enable advanced startup options on Control Panel Setup Configure the encryption method Prevent memory overwrite on restart Configure the TPM validation method used to seal BitLocker keys

Configuring BitLocker Enabling BitLocker initiates a start-up wizard that: Validates system requirements Creates the second partition if it does not already exist Allows you to configure how to access an encrypted drive: USB User function keys to enter the Passphrase No key Three methods to enable BitLocker: From System and Settings in Control Panel Right-click the volume to be encrypted in Windows Explorer, and then select the Turn on BitLocker menu option Use the manage-bde.wsf command-line tool

Configuring BitLocker To Go Enable BitLocker To Go Drive Encryption by right-clicking the portable device, such as a USB drive, and then clicking Turn On BitLocker Select one of the following settings to unlock a drive encrypted with BitLocker To Go: Unlock with a Recovery Password or passphrase Unlock with a Smart Card Always auto-unlock this device on this PC

Recovering BitLocker-Encrypted Drives When a BitLocker-enabled computer starts: BitLocker checks the operating system for conditions indicating a security risk If a condition is detected: BitLocker enters recovery mode and keeps the system drive locked The user must enter the correct Recovery Password to continue The BitLocker Recovery Password is: A 48-digit password used to unlock a system in recovery mode Unique to a particular BitLocker encryption Can be stored in AD DS If stored in AD DS, search for it by using either the drive label or the computer’s password

Lab B: Securing Data Exercise 1: Protecting Files with BitLocker Logon Information Virtual Machines20687B-LON-DC1 User NameAdatum\Administrator PasswordPa$$w0rd Estimated Time: 20 minutes

Lab Scenario A user at A. Datum is working on a project that requires him to take his laptop computer home each day. The data files are very sensitive, and must be secured at all times.

Lab Review What are some ways of protecting sensitive data in Windows 8?

Lesson 4: Configuring User Account Control What Is UAC? How UAC Works Configuring UAC Notification Settings Demonstration: How to Configure UAC with GPOs

What Is UAC? UAC is a security feature that simplifies the ability of users to run as standard users and perform all necessary daily tasks UAC prompts the user for an administrative user’s credentials if the task requires administrative permissions Windows 8 increases user control of the prompting experience

How UAC Works In Windows 8, what happens when a user performs a task requiring administrative privileges? Administrative Users UAC prompts the user for permission to complete the task Standard Users UAC prompts the user for the credentials of a user with administrative privileges

Configuring UAC Notification Settings UAC elevation prompt settings include the following: Always notify me Notify me only when programs try to make changes to my computer Notify me only when programs try to make changes to my computer (do not dim my desktop) Never notify

Demonstration: How to Configure UAC with GPOs In this demonstration, you will see how to: Open the User Accounts window Review user groups View the Credential prompt Change UAC settings and view the Consent prompt

Lab C: Configuring and Testing User Account Control (UAC) Exercise 1: Modifying UAC Prompts Logon Information Virtual Machines20687B-LON-DC B-LON-CL1 User NameAdatum\Administrator PasswordPa$$w0rd Estimated Time: 15 minutes

Lab Scenario Holly, the IT manager, is concerned that staff may be performing configuration changes to their computers for which they have no authorization. While Windows 8 does not allow the users to perform these tasks, Holly wants to ensure users are prompted properly about the actions that they are attempting.

Lab Review How can you suppress the notifications about changes to the computer?

Module Review and Takeaways Review Questions Best Practice