Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY PLANNING AND ADMINISTRATIVE DELEGATION

Published byEthan Nash Modified over 6 years ago

Similar presentations

Presentation on theme: "SECURITY PLANNING AND ADMINISTRATIVE DELEGATION"— Presentation transcript:

1 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
Chapter 6 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION

2 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
NAMING STANDARDS Determine the standard for creating user account names First initial, last name First name, last initial, and so on Naming standards document Defines how user logon names should be created Part of appropriate planning for Active Directory

3 WAYS TO SECURE USER ACCOUNTS
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION WAYS TO SECURE USER ACCOUNTS Education of users Strong passwords Smart cards Biometrics

4 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
EDUCATING USERS Use strong passwords Keep passwords secure Don’t write down passwords on paper or leave them in visible places. Don’t share passwords. Don’t save passwords to your computer.

5 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
STRONG PASSWORDS Combination of at least 7 Upper and lower case letters, numbers, and symbols. At least one character of each type Alternate characters make passwords extra secure When changing passwords, vary them by more than one character. Don’t use your username, real name, or company name. Don’t use words from the dictionary.

6 SMART CARD AUTHENTICATION
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION SMART CARD AUTHENTICATION

7 ENTERPRISE CERTIFICATION AUTHORITY REQUIRED
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION ENTERPRISE CERTIFICATION AUTHORITY REQUIRED

8 SMART CARD BENEFITS: INCREASED SECURITY
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION SMART CARD BENEFITS: INCREASED SECURITY Keystroke loggers cannot capture passwords because users will not be typing them. Password complexity is not something you have to teach or enforce upon your users. Users will not be writing passwords on paper or sharing them. Security risks related to password cracking or remote attacks are greatly reduced.

9 SMART CARD CONSIDERATIONS
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION SMART CARD CONSIDERATIONS Additional software and administration. Certification authority (CA) Internet Information Server (IIS) to distribute smart cards Need smart card readers for client computers. Users could lose or forget their smart cards. Users may be tempted to write their PIN on their smart card.

10 ENABLING A USER ACCOUNT FOR SMART CARD AUTHENTICATION
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION ENABLING A USER ACCOUNT FOR SMART CARD AUTHENTICATION

11 ADMINISTRATOR ACCOUNT SECURITY
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION ADMINISTRATOR ACCOUNT SECURITY Strong password (rotate frequently). Cannot hide the default administrative account from the experienced hacker (RID of 500). Don’t use for daily tasks; you can use the Run As utility to increase privilege when required. Allows you to use another user’s credentials without a log off event Must be logged on interactively Requires secondary logon service

12 ORGANIZATIONAL UNIT (OU) STRUCTURE
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION ORGANIZATIONAL UNIT (OU) STRUCTURE Representing the company model Delegation of administrative control Group Policy Hide objects within Active Directory

13 DELEGATING ADMINISTRATIVE RESPONSIBILITY
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION DELEGATING ADMINISTRATIVE RESPONSIBILITY OUs can help to decentralize administrative control. You can give certain users or groups permissions to perform specific tasks within particular OUs. Reset passwords. Create and delete user accounts.

14 IMPLEMENTING GROUP POLICIES
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION IMPLEMENTING GROUP POLICIES Covered in greater depth in the following chapters. Allows you to subdivide the organization based on the controls you’d like to implement. Subdividing reduces the amount of Group Policy processing that computers must perform. Faster user logons Quicker computer startups

15 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
HIDING OBJECTS Can prevent users from seeing objects inside OUs to which they do not have Read access Modify the Access Control List (ACL) on the OU In order to see the OU ACL, you must enable Advanced Features on the View menu. Remove Read permission to Authenticated Users. Set appropriate permissions for the users you’d like to see the object.

16 CREATING AN OU STRUCTURE
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION CREATING AN OU STRUCTURE Limit the number of nested OUs. Three to five layers are typical. Most agree that ten or more layers are excessive. Book icon. First-level OUs are directly below the domain.

17 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
PYRAMID OU STRUCTURE cohowinery . com Location 1 Location 2 Location 3 Accounting Production Administration Sales Marketing

18 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
FLAT OU STRUCTURE cohowinery . com Location 1 Administration Sales Production Accounting Marketing Location 2 Location 3

19 USING OUs TO DELEGATE ACTIVE DIRECTORY MANAGEMENT TASKS
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION USING OUs TO DELEGATE ACTIVE DIRECTORY MANAGEMENT TASKS Compartmentalizes administration Limit the number of administrators that have access to the entire domain or forest Limit the scope of administrative control Reset passwords. Create and manage user accounts. Create computer accounts. Limits the scope of errors

20 DELEGATION OF CONTROL WIZARD
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION DELEGATION OF CONTROL WIZARD

21 VERIFYING AND REMOVING DELEGATED PERMISSIONS
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION VERIFYING AND REMOVING DELEGATED PERMISSIONS Cannot use the Delegation Of Control Wizard to remove permissions Must modify the ACL of the OU Need to be sure Advanced Features is enabled on the View menu Security tab is then visible. You can modify permissions for users and groups.

22 MOVING OBJECTS BETWEEN OUs
Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION MOVING OBJECTS BETWEEN OUs Drag and drop from one location to the other in Active Directory Users And Computers Move menu option Dsmove Movetree

23 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
PERMISSIONS Those assigned directly to the OU remain Those inherited are removed and replaced with permissions inherited from new parent OU or domain

24 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
SUMMARY Examples of naming standards. User account security. Passwords User education Smart cards Reduce use of privileged accounts by using the Run As utility. What should you consider when designing an OU structure? What wizard can you use to delegate control? What is a limitation of this wizard? Name several ways to move objects from one OU to another.

Download ppt "SECURITY PLANNING AND ADMINISTRATIVE DELEGATION"

Similar presentations

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
MOAC : Installing and Configuring Windows Server 2012

MOAC : Installing and Configuring Windows Server 2012
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.

11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Chapter 7 Managing OUs and Active Directory Accounts

Chapter 7 Managing OUs and Active Directory Accounts
Guide to MCSE 70-290, Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.

Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.

Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.

Similar presentations

Ads by Google