Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts."— Presentation transcript:

1 Chapter 6: Configuring Security

2 Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts Printers Security Settings Policy-based QOS Administrative Templates Folder Redirection not available with LGPOs Internet Explorer Configuration 2/22

3 GPO Inheritance Order of Inheritance –Local –Site (physical location) –Domain –Organizational Unit (OU) Special Options –No Override –Block Inheritance 3/22

4 Group Policy Result Tool Tool is accessed through the GPResult.exe command-line utility. GPResult displays the Resultant Set of Policy (RSOP) for the computer and the user who is currently logged in. 4/22

5 Using Local Group Policies Used to manage configuration settings for workstations in a workgroup environment without an Active Directory domain Created and assigned through the Local Group Policy snap-in Two types of policies: –Computer Configuration –User Configuration 5/22

6 Multiple Local Group Policy Objects (MLGPOs) New to Windows Vista Enables Vista to apply LGPOs to specific users rather than apply them to every user on a computer Applied in the following order: –Local Computer Policy –Administrators and Non-Administrators Local Group Policy –User-Specific Group Policy 6/22

7 Setting Computer Configuration Policies Three folders within the Computer Configuration folder: –Software Settings –Windows Settings –Administrative Templates Scripts and Security Settings are found within the Windows Settings folder. 7/22

8 Windows Settings Scripts –Logon – Startup –Logoff – Shutdown Security Settings –Account Policies –Local Policies –Windows Firewall with Advanced Security –Public Key Policies –Software Restriction Policies –IP Security Policies Policy-based QOS 8/22

9 Account Policies Password Policy –Enforce Password History –Maximum Password Age –Minimum Password Age –Minimum Password Length –Password Must Meet Complexity Requirements –Store Passwords Using Reversible Encryption Account Lockout Policy –Account Lockout Duration –Account Lockout Threshold –Reset Account Lockout Counter After – 9/22

10 Local Policies Audit Policy User Rights Assessment Security Options –Contains new policies relating to User Account Control (UAC) 10/22

11 User Account Control New to Windows Vista Protects computers by requiring privilege elevation for all users including local Administrators (except the built-in Administrator account) Privilege escalation is required whenever the four-color shield icon is present: 11/22

12 Windows Security Center Used to configure settings for: –Windows Firewall –Automatic Updating –Malware Protection –Other Security Settings 12/22

13 Windows Firewall Protects computer from unauthorized users or malicious software Configuration –General Tab –Exceptions Tab –Advanced Tab Windows Firewall with Advanced Security is used to configure advanced settings, including inbound and outbound rules 13/22

14 Windows Defender Formerly Microsoft AntiSpyware Protects computer from spyware threats Tools and Settings –Options –Microsoft SpyNet –Quarantined Items –Allowed Items –Software Explorer –Windows Defender website 14/22

15 BitLocker Drive Encryption Included with Vista Enterprise and Vista Ultimate Used to encrypt the system drive Files on other drives must be encrypted with another method, such as Encrypting File System (EFS) 15/22

16 NTFS Permissions Six levels of permissions –Full Control –Modify –Read & Execute –List Folder Contents –Read –Write 16/22

17 Controlling Inheritance By default, subfolders and files inherit the permissions assigned to the parent folder. Prevent permissions from propagating to subfolders and files by clearing the Include Inheritable Permissions from This Object’s Parent check box. 17/22

18 Determining Effective Permissions To determine a user’s effective rights to a file or folder: –Add all the permissions that are allowed to the user to all permissions granted to the groups of which the user is a member. –Subtract any permissions similarly denied to the user or the user’s groups. 18/22

19 Determining NTFS Permissions for Copied and Moved Files Move File Copy File Same Partition Retains original NTFS permissions Inherits permissions from destination folder Different Partition Inherits permissions from destination folder 19/22

20 Managing Network Access Share folders that contain files you want to be accessible over the network Configure sharing from the Sharing tab of the folder properties dialog box 20/22

21 Configuring Share Permissions Permissions can be assigned to users and groups –Full Control Allows full access to the folder –Change Allows users to change data in files or to delete files –Read Allows users to view and execute files 21/22

22 NTFS Permissions + Shared Permissions NTFS security and shared folder security work together The most restrictive permissions are the effective permissions: –NTFS security more restrictive than shared folder security = NTFS permissions are effective –Shared folder security more restrictive than NTFS security = Shared folder permissions are effective 22/22

Download ppt "Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts."

Similar presentations

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.

Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

Similar presentations

Ads by Google