Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.

Published byHester Warren Modified over 9 years ago

Similar presentations

Presentation on theme: "Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System."— Presentation transcript:

1 Windows 2000 Security Yingzi Jin

2 Introduction n Active Directory n Group Policy n Encrypting File System

3 What is a Directory Service n A directory is an information source used to store information about objects. n Users want to find and use these objects n Directory Service makes the information available and usable to the users.

4 What is Active Directory n Essential and inseparable part of the Windows 2000 network architecture n Provide a directory service for distributed networking environment

5 Active Directory - Structure n Tree structure make up of objects and containers n Objects represent network resources –users, groups, devices, applications n Containers represent organizations or collections of related objects –marketing department, printers

6 Active Directory Security n An access-control list(ACL) protects all objects in AD. n An ACL is stored as a binary value, called a security descriptor. n Every object in AD is protected by its own security descriptor.

7 Active Directory - Authentication n Several options for user authentication: –Kerberos: verifies the clients right to access the network and authenticates the server to the client. –Public Key Infrastructure(PKI): normally done to authenticate external users.

8 Group Policy n New Capability in Win2K n Defines, manages, and enforces the environment settings for both computer and user objects. n Integrates with AD and can be assigned to AD sites, domains, and organizational units(OUs) n contained in Group Policy Objects(GPO)

9 Security-related Policies n Account policies - password policies n Local policies - audit policy n File system - permissions for folders and files n System services - permission for system services

10 Group Policy Objects(GPO’s) n Contain a set of “rules”. n To specify account and password setting, audit capabilities, etc. n Can be applied to Windows 2000 sites, domains, or OU’s.

11 Active Directory and Group Policy n Group Policy Objects are created to set the rules that govern the domain. n A Default Domain Policy GPO at the highest lever. n Additional GPO’s can be created and applied for each “child OU”

12 Implement Group Policy n Account policies are domain-wide –GPO’s for account settings defined for lower level OU’s will not work for domain users. n No Override and Block Inheritance Settings n Policy Processed in a hierarchy: –Local GPO’s –GPO’s applied to Sites –GPO’s applied to domain –GPO’s applied to OU’s

13 Encrypting File System n Integral part of the new NTFS file system. n Users can encrypt/decrypt files on the fly to protect sensitive data from unauthorized access. n Uses a combination of symmetric key and public key encryption.

14 Encrypting File System n A random file encryption key (FEK) is generated for each file. n Using the FEK, the file is encrypted using DESX n The FEK is encrypted with the user’s public key n Decryption uses the user’s or recovery agent’s private key to get the FEK

15 Encrypting File System n Protect sensitive files and folders. n Encrypting a directory/folder encrypts all subsequent files n EFS does not cache any of the keys onto the hard disk n EFS does not encrypt required system files and folders

16 Encrypting File System n EFS need a strong password policy n A Windows 2000 user can delete files encrypted by another user

Download ppt "Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System."

Similar presentations

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Introduction to Active Directory

Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory

Administering Active Directory
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.
© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Authentication, Authorization and Accounting

Authentication, Authorization and Accounting
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Security features of Windows 2000. What is computer security ? Computer security refers to the protection of all components—hardware, software, and stored.

Security features of Windows What is computer security ? Computer security refers to the protection of all components—hardware, software, and stored.

Similar presentations

Ads by Google