Bezpečnost Windows pro pokročilé: uživatelské účty GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. |

Slides:

Advertisements

Similar presentations

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Advertisements

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | CEH | | |

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 4: Implementing User, Group, and Computer Accounts

Ing. Ondřej Ševeček | GOPAS a.s. | MCSM:Directory | MVP:Enterprise Security | CEH:Certified Ethical Hacker | CHFI:Computer Hacking Forensic Investigator.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.

Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.

Kerberos Underworld Ondrej Sevecek | MCM: Directory | MVP: Security |

Ing. Ondřej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint | Smart card.

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. MCM:Directory | MVP:Security | CEHv7 | Evolution.

Windows Server 2003 使用者及電腦帳號管理林寶森

ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | Certified Ethical Hacker | |

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

1 User Account Administration Introduction to User Accounts Planning New User Accounts Creating User Accounts Creating User Profiles Creating Home Directories.

User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.

5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 

Designing Active Directory for Security

Lawrence Livermore National Laboratory A system for strong local account management. SLAM David Frye Lawrence Livermore National Laboratory, P. O. Box.

What would a real hacker do to your AD GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory.

Security Planning and Administrative Delegation Lesson 6.

1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.

8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.

September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.

Passwords Everywhere GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP:

What is new in security in Windows 2012 or Dynamic Access Control Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security.

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Company Confidential 1 A Course on Global Catalog And Flexible Single Master Operations (Fsmo) Roles Prepared for: *Stars* New Horizons Certified Professional.

Ing. Ondřej Ševeček | | | MCM:Directory | MVP:Security | MCSE:Windows2012 | MCSE:SharePoint | MCT | Certified Ethical.

Bezpečnost Windows pro pokročilé: přístup do sítě GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. | MCM:Directory.

Windows 2000 Certificate Authority By Saunders Roesser.

Designing Secure SharePoint External Access Ondrej Sevecek | MCM: Directory | MVP: Security |

Chapter 10: Rights, User, and Group Administration.

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | CEH | | |

Bezpečnost Windows pro pokročilé: zajímavosti a UAC GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. |

Ing. Ondřej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint | Event Filtering.

Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.

Module 7: Implementing Security Using Group Policy.

Ethical Hacking: Defeating Logon Passwords. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Chapter 7 Server Management Policies –User accounts –Groups Rights and permissions Examples.

Bezpečnost Windows pro pokročilé: protokoly a sledování přihlášení GOPAS: | | Ing. Ondřej Ševeček.

11 GLOBAL CATALOG AND FLEXIBLE SINGLE MASTER OPERATIONS (FSMO) ROLES Chapter 4.

Ing. Ondřej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint | Passwords.

Ondrej Sevecek | GOPAS a.s. MCSM:Directory Services | MVP:Enteprise Security | CISA | CEH | CHFI | facebook: ondrej.sevecek.official.

Implementing SSTP VPN and 802.1x with RADIUS on Windows 2012 Ing. Ondřej Ševeček | Product Manager Windows Server | GOPAS a.s. MCM: Directory | MVP: Security.

Overview Microsoft Windows XP Pro (SP2) Microsoft Windows Server 2003 User accounts and groups File sharing and file permissions Password/Lockout Policy.

Over 18 yrs experience with SQL Server

Ondrej Sevecek | GOPAS a.s. MCSM:Directory Services | MVP:Enteprise Security | CISA | CEH | CHFI | Enterprise certification.

Ondřej Ševeček | GOPAS a.s. MCSM:Directory Services | MVP:Enteprise Security | CISA | CEH | CHFI | facebook: ondrej.sevecek.official.

Ing. Ondrej Sevecek MCSM:Directory2012 | MVP:Security | CEH | MCSE:Windows2012 | What would a real hacker do to your AD.

What is new in security in Windows 2012 or Dynamic Access Control

Module Overview Installing and Configuring a Network Policy Server

Configuring Windows Firewall with Advanced Security

Passwords Everywhere Ing. Ondřej Ševeček | GOPAS a.s. |

SharePoint and IIS core integration

Lesson 16-Windows NT Security Issues

Active Directory Users

Office 365 Identity Management

GOPAS TechEd 2012 Kerberos Delegation

Presentation transcript:

Bezpečnost Windows pro pokročilé: uživatelské účty GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. | MCM:Directory | MVP:Enterprise Security | CEH: Certified Ethical Hacker | CHFI: Computer Hacking Forensic Investigator | |

Local and domain user accounts Advanced Windows Security

Local User Accounts  Stored in local registry HKLM\SAM\Domains\Account  Password hashed (MD4) can be stored in full Policy: Store passwords using reversible encryption  Can enforce password complexity and history Policy: Password complexity requirements Policy: Enforce password history  Single login: COMPUTER\username

Domain User Accounts  Stored in Active Directory database  Password Hashes (MD4) stores Digest (MD5) since Windows 2003 stored AES (SHA-1) since Windows 2008  Two logins user principal name SAM account name (GPS\kamil)  Can enforce password policies Domain-wide using Group Policy Per users/groups using Granular Password Policies

Logins  User Principal Name userPrincipalName attribute up to 64 characters configurable UPN suffixes must be unique forest-wide  SAM Account Name (GPS\kamil) sAMAccountName attribute up to 20 characters always bound to NetBIOS domain name

Alternative UPN Suffixes

Account vs. Password Expiration  Password expiration after policy configured time User Must Change Password at Next Logon Cannot log on in fact  may not be able to change password remotely over VPN or web applications Does not affect smart cards  Account expiration Cannot log on after a specific time regardles of password validity Affect smart cards

Account vs. Password Expiration

Děkuji za pozornost GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. | MCM:Directory | MVP:Enterprise Security | CEH: Certified Ethical Hacker | CHFI: Computer Hacking Forensic Investigator | |