11 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6.

Slides:



Advertisements
Similar presentations
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Advertisements

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
MOAC : Installing and Configuring Windows Server 2012
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 4 Chapter 4: Planning the Active Directory and Security.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.
Chapter 7 Managing OUs and Active Directory Accounts
Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Understanding Workgroups and Active Directory Lesson 3.
Working with Workgroups and Domains
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
8.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 8: Introducing Computer Accounts.
Managing Active Directory Domain Services Objects
Chapter 7: WORKING WITH GROUPS
Designing Active Directory for Security
Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Security Planning and Administrative Delegation Lesson 6.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Microsoft ® Official Course Module 3 Managing Active Directory Domain Services Objects.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Chapter 10: Rights, User, and Group Administration.
Security Planning and Administrative Delegation Lesson 6.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
NetTech Solutions Supporting Local Users and Groups Lesson Three.
Module 3: Planning Administrative Access. Overview Determining the Appropriate Administrative Model Designing Administrative Group Strategies Planning.
Implementing Group Policy
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Administering Groups Chapter Eight. Exam Objectives In this Chapter:  Plan a security group hierarchy based upon delegation requirements  Plan a security.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Implementing a Group Policy Infrastructure
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7.
Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Assignment # 8.
SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
Configuring Windows Firewall with Advanced Security
Module 7: Managing Access to Objects in Organizational Units
Unit 7 NT1330 Client-Server Networking II Date: 7/26/2016
Security Planning and Administrative Delegation
Presentation transcript:

11 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION2 NAMING STANDARDS  Determine the standard for creating user account names  First initial, last name  First name, last initial, and so on  Naming standards document  Defines how user logon names should be created  Part of appropriate planning for Active Directory  Determine the standard for creating user account names  First initial, last name  First name, last initial, and so on  Naming standards document  Defines how user logon names should be created  Part of appropriate planning for Active Directory

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION3 WAYS TO SECURE USER ACCOUNTS  Education of users  Strong passwords  Smart cards  Biometrics  Education of users  Strong passwords  Smart cards  Biometrics

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION4 EDUCATING USERS  Use strong passwords  Keep passwords secure  Don’t write down passwords on paper or leave them in visible places.  Don’t share passwords.  Don’t save passwords to your computer.  Use strong passwords  Keep passwords secure  Don’t write down passwords on paper or leave them in visible places.  Don’t share passwords.  Don’t save passwords to your computer.

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION5 STRONG PASSWORDS  Combination of at least 7 Upper and lower case letters, numbers, and symbols.  At least one character of each type  Alternate characters make passwords extra secure  When changing passwords, vary them by more than one character.  Don’t use your username, real name, or company name.  Don’t use words from the dictionary.  Combination of at least 7 Upper and lower case letters, numbers, and symbols.  At least one character of each type  Alternate characters make passwords extra secure  When changing passwords, vary them by more than one character.  Don’t use your username, real name, or company name.  Don’t use words from the dictionary.

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION6 SMART CARD AUTHENTICATION

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION7 ENTERPRISE CERTIFICATION AUTHORITY REQUIRED

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION8 SMART CARD BENEFITS: INCREASED SECURITY  Keystroke loggers cannot capture passwords because users will not be typing them.  Password complexity is not something you have to teach or enforce upon your users.  Users will not be writing passwords on paper or sharing them.  Security risks related to password cracking or remote attacks are greatly reduced.  Keystroke loggers cannot capture passwords because users will not be typing them.  Password complexity is not something you have to teach or enforce upon your users.  Users will not be writing passwords on paper or sharing them.  Security risks related to password cracking or remote attacks are greatly reduced.

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION9 SMART CARD CONSIDERATIONS  Additional software and administration.  Certification authority (CA)  Internet Information Server (IIS) to distribute smart cards  Need smart card readers for client computers.  Users could lose or forget their smart cards.  Users may be tempted to write their PIN on their smart card.  Additional software and administration.  Certification authority (CA)  Internet Information Server (IIS) to distribute smart cards  Need smart card readers for client computers.  Users could lose or forget their smart cards.  Users may be tempted to write their PIN on their smart card.

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION10 ENABLING A USER ACCOUNT FOR SMART CARD AUTHENTICATION

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION11 ADMINISTRATOR ACCOUNT SECURITY  Strong password (rotate frequently).  Cannot hide the default administrative account from the experienced hacker (RID of 500).  Don’t use for daily tasks; you can use the Run As utility to increase privilege when required.  Allows you to use another user’s credentials without a log off event  Must be logged on interactively  Requires secondary logon service  Strong password (rotate frequently).  Cannot hide the default administrative account from the experienced hacker (RID of 500).  Don’t use for daily tasks; you can use the Run As utility to increase privilege when required.  Allows you to use another user’s credentials without a log off event  Must be logged on interactively  Requires secondary logon service

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION12 ORGANIZATIONAL UNIT (OU) STRUCTURE  Representing the company model  Delegation of administrative control  Group Policy  Hide objects within Active Directory  Representing the company model  Delegation of administrative control  Group Policy  Hide objects within Active Directory

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION13 DELEGATING ADMINISTRATIVE RESPONSIBILITY  OUs can help to decentralize administrative control.  You can give certain users or groups permissions to perform specific tasks within particular OUs.  Reset passwords.  Create and delete user accounts.  OUs can help to decentralize administrative control.  You can give certain users or groups permissions to perform specific tasks within particular OUs.  Reset passwords.  Create and delete user accounts.

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION14 IMPLEMENTING GROUP POLICIES  Covered in greater depth in the following chapters.  Allows you to subdivide the organization based on the controls you’d like to implement.  Subdividing reduces the amount of Group Policy processing that computers must perform.  Faster user logons  Quicker computer startups  Covered in greater depth in the following chapters.  Allows you to subdivide the organization based on the controls you’d like to implement.  Subdividing reduces the amount of Group Policy processing that computers must perform.  Faster user logons  Quicker computer startups

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION15 HIDING OBJECTS  Can prevent users from seeing objects inside OUs to which they do not have Read access  Modify the Access Control List (ACL) on the OU  In order to see the OU ACL, you must enable Advanced Features on the View menu.  Remove Read permission to Authenticated Users.  Set appropriate permissions for the users you’d like to see the object.  Can prevent users from seeing objects inside OUs to which they do not have Read access  Modify the Access Control List (ACL) on the OU  In order to see the OU ACL, you must enable Advanced Features on the View menu.  Remove Read permission to Authenticated Users.  Set appropriate permissions for the users you’d like to see the object.

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION16 CREATING AN OU STRUCTURE  Limit the number of nested OUs.  Three to five layers are typical.  Most agree that ten or more layers are excessive.  Book icon.  First-level OUs are directly below the domain.  Limit the number of nested OUs.  Three to five layers are typical.  Most agree that ten or more layers are excessive.  Book icon.  First-level OUs are directly below the domain.

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION17 PYRAMID OU STRUCTURE Location1 AccountingProduction Location3 SalesMarketingAdministration Location2 cohowinery.com

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION18 FLAT OU STRUCTURE AccountingLocation1 2 3ProductionSalesMarketingAdministration cohowinery.com

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION19 USING OUs TO DELEGATE ACTIVE DIRECTORY MANAGEMENT TASKS  Compartmentalizes administration  Limit the number of administrators that have access to the entire domain or forest  Limit the scope of administrative control  Reset passwords.  Create and manage user accounts.  Create computer accounts.  Limits the scope of errors  Compartmentalizes administration  Limit the number of administrators that have access to the entire domain or forest  Limit the scope of administrative control  Reset passwords.  Create and manage user accounts.  Create computer accounts.  Limits the scope of errors

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION20 DELEGATION OF CONTROL WIZARD

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION21 VERIFYING AND REMOVING DELEGATED PERMISSIONS  Cannot use the Delegation Of Control Wizard to remove permissions  Must modify the ACL of the OU  Need to be sure Advanced Features is enabled on the View menu  Security tab is then visible.  You can modify permissions for users and groups.  Cannot use the Delegation Of Control Wizard to remove permissions  Must modify the ACL of the OU  Need to be sure Advanced Features is enabled on the View menu  Security tab is then visible.  You can modify permissions for users and groups.

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION22 MOVING OBJECTS BETWEEN OUs  Drag and drop from one location to the other in Active Directory Users And Computers  Move menu option  Dsmove  Movetree  Drag and drop from one location to the other in Active Directory Users And Computers  Move menu option  Dsmove  Movetree

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION23 PERMISSIONS  Those assigned directly to the OU remain  Those inherited are removed and replaced with permissions inherited from new parent OU or domain  Those assigned directly to the OU remain  Those inherited are removed and replaced with permissions inherited from new parent OU or domain

Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION24 SUMMARY  Examples of naming standards.  User account security.  Passwords  User education  Smart cards  Reduce use of privileged accounts by using the Run As utility.  What should you consider when designing an OU structure?  What wizard can you use to delegate control? What is a limitation of this wizard?  Name several ways to move objects from one OU to another.  Examples of naming standards.  User account security.  Passwords  User education  Smart cards  Reduce use of privileged accounts by using the Run As utility.  What should you consider when designing an OU structure?  What wizard can you use to delegate control? What is a limitation of this wizard?  Name several ways to move objects from one OU to another.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.