Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.

Slides:



Advertisements
Similar presentations
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Advertisements

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Authentication, Authorization and Accounting
Chapter 7 WORKING WITH GROUPS.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Security features of Windows What is computer security ? Computer security refers to the protection of all components—hardware, software, and stored.
Review. 2 Main Areas Client and Server / Active Directory.
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Week #7 Objectives: Secure Windows 7 Desktop
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Section 7: Implementing Security Using Group Policy Exploring the Windows Security Architecture Securing User Accounts Exploring Security Policies Hardening.
Configuring Encryption and Advanced Auditing
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Module 6: Implementing Group Policy. Overview Implementing Group Policy Objects Implementing GPOs in a Domain Managing the Deployment of Group Policy.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
11.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning.
Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.
Active Directory Travis Favors Ryan Manuel Robert Rayer.
GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.
Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4.
Module 5: Implementing Group Policy
Page 1 System and Group Policies Lecture 7 Hassan Shuja 11/02/2004.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
1 Group Policies (Week 11, Monday 3/19/2007) © Abdou Illia, Spring 2007.
Module 3 Creating Groups and Organizational Units.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Managing Applications, Services, Folders, and Libraries Lesson 4.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
1 Objectives Discuss File Services in Windows Server 2008 Install the Distributed File System in Windows Server 2008 Discuss and create shared file resources.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
11 INTRODUCTION TO GROUP POLICY Chapter 7. Chapter 7: INTRODUCTION TO GROUP POLICY2 WHAT CAN YOU DO WITH GROUP POLICY?  Control the user environment.
11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
4 Securing Secure the hardware –Lock the server room and other ways to get access to the hardware. –Password protect the BIOS-setup Secure the NOS.
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Module 8: Implementing Group Policy. Overview Multimedia: Introduction to Group Policy Implementing Group Policy Objects Implementing GPOs on a Domain.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
11 CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY Chapter 8.
Chapter 5 : Designing Windows Server-Level Security Processes
Windows Active Directory Environment
Module 8: Implementing Group Policy
Presentation transcript:

Windows 2000 Security Yingzi Jin

Introduction n Active Directory n Group Policy n Encrypting File System

What is a Directory Service n A directory is an information source used to store information about objects. n Users want to find and use these objects n Directory Service makes the information available and usable to the users.

What is Active Directory n Essential and inseparable part of the Windows 2000 network architecture n Provide a directory service for distributed networking environment

Active Directory - Structure n Tree structure make up of objects and containers n Objects represent network resources –users, groups, devices, applications n Containers represent organizations or collections of related objects –marketing department, printers

Active Directory Security n An access-control list(ACL) protects all objects in AD. n An ACL is stored as a binary value, called a security descriptor. n Every object in AD is protected by its own security descriptor.

Active Directory - Authentication n Several options for user authentication: –Kerberos: verifies the clients right to access the network and authenticates the server to the client. –Public Key Infrastructure(PKI): normally done to authenticate external users.

Group Policy n New Capability in Win2K n Defines, manages, and enforces the environment settings for both computer and user objects. n Integrates with AD and can be assigned to AD sites, domains, and organizational units(OUs) n contained in Group Policy Objects(GPO)

Security-related Policies n Account policies - password policies n Local policies - audit policy n File system - permissions for folders and files n System services - permission for system services

Group Policy Objects(GPO’s) n Contain a set of “rules”. n To specify account and password setting, audit capabilities, etc. n Can be applied to Windows 2000 sites, domains, or OU’s.

Active Directory and Group Policy n Group Policy Objects are created to set the rules that govern the domain. n A Default Domain Policy GPO at the highest lever. n Additional GPO’s can be created and applied for each “child OU”

Implement Group Policy n Account policies are domain-wide –GPO’s for account settings defined for lower level OU’s will not work for domain users. n No Override and Block Inheritance Settings n Policy Processed in a hierarchy: –Local GPO’s –GPO’s applied to Sites –GPO’s applied to domain –GPO’s applied to OU’s

Encrypting File System n Integral part of the new NTFS file system. n Users can encrypt/decrypt files on the fly to protect sensitive data from unauthorized access. n Uses a combination of symmetric key and public key encryption.

Encrypting File System n A random file encryption key (FEK) is generated for each file. n Using the FEK, the file is encrypted using DESX n The FEK is encrypted with the user’s public key n Decryption uses the user’s or recovery agent’s private key to get the FEK

Encrypting File System n Protect sensitive files and folders. n Encrypting a directory/folder encrypts all subsequent files n EFS does not cache any of the keys onto the hard disk n EFS does not encrypt required system files and folders

Encrypting File System n EFS need a strong password policy n A Windows 2000 user can delete files encrypted by another user

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.