Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.

Similar presentations


Presentation on theme: "Microsoft ® Official Course Module 8 Securing Windows 8 Desktops."— Presentation transcript:

1 Microsoft ® Official Course Module 8 Securing Windows 8 Desktops

2 Module Overview Authentication and Authorization in Windows 8 Implementing GPOs Securing Data with EFS and BitLocker Configuring User Account Control

3 Lesson 1: Authentication and Authorization in Windows 8 What Are Authentication and Authorization? The Process of Authentication and Authorization Important Security Features in Windows 8

4 What Are Authentication and Authorization? UserResource Who are you? Authentication: Verifying the identity of someone Are you on the list? Authorization: Determining whether someone has permission to access a resource What does the list say you can do? Access: Determining what actions someone can perform on the resource based on permission levels

5 The Process of Authentication and Authorization Windows Authentication Method Description Kerberos version 5 protocol Used by Windows 8 clients and servers that are running Microsoft Windows Server 2000 or newer versions NTLM Used for backward compatibility with computers that are running pre-Windows 2000 operating systems and some applications Certificate mappingCertificates are used as authentication credentials

6 Important Security Features in Windows 8 EFS Windows BitLocker and BitLocker To Go Windows AppLocker User Account Control Windows Firewall with Advanced Security Windows Defender Windows 8 Action Center

7 Lesson 2: Implementing GPOs What Is Group Policy? How Do You Apply GPOs? How Multiple Local GPOs Work Demonstration: How to Create Multiple Local GPOs Demonstration: How to Configure Local Security Policy Settings

8 What Is Group Policy? Group Policy enables IT administrators to automate one-to-several management of users and computers Use Group Policy to: Apply standard configurations Deploy software Enforce security settings Enforce a consistent desktop environment Local Group Policy is always in effect for local and domain users, and local computer settings

9 How Do You Apply GPOs? Computer settings are applied at startup and then at regular intervals, while user settings are applied at logon and then at regular intervals Group Policy Processing Order: 1. Local GPOs 2. Site-level GPOs 3. Domain GPOs 4. OU GPOs

10 How Multiple Local GPOs Work You can use MLGPOs to apply different levels of Local Group Policy to local users on a stand-alone computer There are three layers of local GPOs, which are applied in the following order: 1.Local GPO that may contain both computer and user settings 2.Administrators and Non-Administrators Local GPOs are applied next and contain only user settings 3.User-specific Local Group Policy is applied last, contains only user settings, and applies to one specific user on the local computer

11 Demonstration: How to Create Multiple Local GPOs In this demonstration, you will see how to: Create a custom management console Configure the Local Computer Policy Configure the Local Computer Administrators Policy Configure the Local Computer Non- Administrators Policy Test multiple local Group Policies

12

13

14

15

16

17 Demonstration: How to Configure Local Security Policy Settings In this demonstration, you will see how to review the local Group Policy for security settings

18

19 Lab A: Implementing Local Group Policy Objects (GPOs) Exercise 1: Creating Multiple Local GPOs Exercise 2: Testing the Application of the Local GPOs Logon Information Virtual Machines20687B-LON-DC1 User NameAdatum\Administrator PasswordPa$$w0rd Estimated Time: 20 minutes

20 Lab Scenario Holly Dickson is the IT manager at A. Datum Corp. She has expressed a concern that some of the laptop computers that users utilize outside of the A. Datum network are susceptible to security breaches. She wants you to investigate how best to configure security and other settings on these computers.

21 Lab Review Can you create multiple local Group Policies and apply them to different users?

22 Lesson 3: Securing Data with EFS and BitLocker What Is EFS? Demonstration: How to Encrypt Files and Folders with EFS What Is BitLocker? BitLocker To Go BitLocker Requirements BitLocker Modes Group Policy Settings for BitLocker Configuring BitLocker Configuring BitLocker To Go Recovering BitLocker-Encrypted Drives

23 What Is EFS? EFS is the built-in file encryption tool for Windows file systems: Enables transparent file encryption and decryption Provides for encrypted file recovery Allows encrypted files to be shared with other users

24 Demonstration: How to Encrypt Files and Folders with EFS In this demonstration, you will see how to: Encrypt files and folders Confirm the files and folders have been encrypted Decrypt files and folders Confirm the files and folders have been decrypted

25

26

27 What Is BitLocker? Windows BitLocker Drive Encryption encrypts the computer operating system and data stored on the operating system volume Provides offline data protection Protects all other applications installed on the encrypted volume Includes system integrity verification Verifies integrity of early boot components and boot configuration data Ensures the integrity of the startup process

28 BitLocker To Go Provides enhanced protection against data theft and exposure by extending BitLocker to removable storage devices. When securing a removable drive, you can choose to unlock the drive with either: A password A smart card

29 BitLocker Requirements Encryption and decryption key: Hardware Requirements: BitLocker encryption requires either: A computer with TPM v1.2 or later A removable USB memory device Have enough available hard drive space for BitLocker to create two partitions Have a BIOS that is compatible with TPM and supports USB devices during computer startup

30 BitLocker Modes TPM mode Locks the normal boot process until the user optionally supplies a personal PIN and/or inserts a USB drive containing a BitLocker startup key Performs system integrity verification on boot components Non-TPM mode Uses Group Policy to allow BitLocker to work without a TPM Locks the boot process similar to TPM mode, but the BitLocker startup key must be stored on a USB drive Provides limited authentication Windows 8 supports two modes of BitLocker operation: TPM mode and Non-TPM mode

31 Group Policy Settings for BitLocker Group Policy provides the following settings for BitLocker: Turn on BitLocker backup to AD DS Configure the recovery folder on Control Panel Setup Enable advanced startup options on Control Panel Setup Configure the encryption method Prevent memory overwrite on restart Configure the TPM validation method used to seal BitLocker keys

32 Configuring BitLocker Enabling BitLocker initiates a start-up wizard that: Validates system requirements Creates the second partition if it does not already exist Allows you to configure how to access an encrypted drive: USB User function keys to enter the Passphrase No key Three methods to enable BitLocker: From System and Settings in Control Panel Right-click the volume to be encrypted in Windows Explorer, and then select the Turn on BitLocker menu option Use the manage-bde.wsf command-line tool

33 Configuring BitLocker To Go Enable BitLocker To Go Drive Encryption by right-clicking the portable device, such as a USB drive, and then clicking Turn On BitLocker Select one of the following settings to unlock a drive encrypted with BitLocker To Go: Unlock with a Recovery Password or passphrase Unlock with a Smart Card Always auto-unlock this device on this PC

34 Recovering BitLocker-Encrypted Drives When a BitLocker-enabled computer starts: BitLocker checks the operating system for conditions indicating a security risk If a condition is detected: BitLocker enters recovery mode and keeps the system drive locked The user must enter the correct Recovery Password to continue The BitLocker Recovery Password is: A 48-digit password used to unlock a system in recovery mode Unique to a particular BitLocker encryption Can be stored in AD DS If stored in AD DS, search for it by using either the drive label or the computer’s password

35 Lab B: Securing Data Exercise 1: Protecting Files with BitLocker Logon Information Virtual Machines20687B-LON-DC1 User NameAdatum\Administrator PasswordPa$$w0rd Estimated Time: 20 minutes

36 Lab Scenario A user at A. Datum is working on a project that requires him to take his laptop computer home each day. The data files are very sensitive, and must be secured at all times.

37 Lab Review What are some ways of protecting sensitive data in Windows 8?

38 Lesson 4: Configuring User Account Control What Is UAC? How UAC Works Configuring UAC Notification Settings Demonstration: How to Configure UAC with GPOs

39 What Is UAC? UAC is a security feature that simplifies the ability of users to run as standard users and perform all necessary daily tasks UAC prompts the user for an administrative user’s credentials if the task requires administrative permissions Windows 8 increases user control of the prompting experience

40 How UAC Works In Windows 8, what happens when a user performs a task requiring administrative privileges? Administrative Users UAC prompts the user for permission to complete the task Standard Users UAC prompts the user for the credentials of a user with administrative privileges

41 Configuring UAC Notification Settings UAC elevation prompt settings include the following: Always notify me Notify me only when programs try to make changes to my computer Notify me only when programs try to make changes to my computer (do not dim my desktop) Never notify

42 Demonstration: How to Configure UAC with GPOs In this demonstration, you will see how to: Open the User Accounts window Review user groups View the Credential prompt Change UAC settings and view the Consent prompt

43

44

45 Lab C: Configuring and Testing User Account Control (UAC) Exercise 1: Modifying UAC Prompts Logon Information Virtual Machines20687B-LON-DC1 20687B-LON-CL1 User NameAdatum\Administrator PasswordPa$$w0rd Estimated Time: 15 minutes

46 Lab Scenario Holly, the IT manager, is concerned that staff may be performing configuration changes to their computers for which they have no authorization. While Windows 8 does not allow the users to perform these tasks, Holly wants to ensure users are prompted properly about the actions that they are attempting.

47 Lab Review How can you suppress the notifications about changes to the computer?

48 Module Review and Takeaways Review Questions Best Practice

49

50


Download ppt "Microsoft ® Official Course Module 8 Securing Windows 8 Desktops."

Similar presentations


Ads by Google