70291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Security - PowerPoint PPT Presentation

Loading...

PPT – 70291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Security PowerPoint presentation | free to view - id: 153b54-NWM1O



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

70291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Security

Description:

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced ... View resulting log in Notepad. Guide to MCSE 70-291, Enhanced. 38. Summary ... – PowerPoint PPT presentation

Number of Views:97
Avg rating:3.0/5.0
Slides: 40
Provided by: phil201
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: 70291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Security


1
70-291 MCSE Guide to Managing a Microsoft
Windows Server 2003 Network, Enhanced Chapter
13Security Templates
2
Objectives
  • Identify the components of the Security
    Configuration Manager tools
  • Describe the different predefined security
    templates available on Windows Server 2003
  • Apply security templates to a local computer and
    GPO
  • Create security templates and modify their
    settings
  • Analyze security settings on a computer using
    Secedit.exe and the Security Configuration and
    Analysis snap-in

3
The Security Configuration Manager Tools
  • Tools included for the purpose of allowing you to
    create and maintain security configurations
    across the network
  • Consist of the following core components
  • Security templates
  • Security settings in GPO objects
  • Security Configuration and Analysis snap-in
  • Secedit command-line tool
  • Security template is used to define, edit, and
    save baseline security settings

4
The Security Configuration Manager Tools
(continued)
5
The Security Configuration Manager Tools
(continued)
6
The Security Configuration Manager Tools
(continued)
  • GPO refers to Group Policy Object
  • May import settings from security template to a
    GPO
  • GPO commonly referred to as Security Policy
    Template
  • When a security policy has been designed and
    approved, the settings can be defined in a
    security template
  • Security Configuration and Analysis snap-in or
    Secedit.ext tool can be used to view a security
    template

7
The Security Configuration Manager Tools
(continued)
8
The Security Configuration Manager Tools
(continued)
9
Predefined Security Templates
  • Administrator may design a custom security
    template
  • Windows Server 2003 is packaged with several
    predefined security templates
  • Windows Server 2003 provides a template for each
    category of computer
  • Only computers running Windows Server 2003,
    Windows XP, and Windows 2000 can take advantage
    of security template configurations and
    deployments

10
The Default Template
  • Default security settings are stored in a
    template called Setup Security.inf
  • Contents will depend on the original
    configuration of the computer
  • Allows for easy configuration of security back to
    default, original settings

11
Incremental Templates
  • These templates modify security settings
    incrementally
  • Should only be applied to machines already
    running the default security settings
  • Standard incremental templates include
  • Compatws.inf
  • Securews.inf and Securedc.inf
  • Hisecws.inf and Hisecdc.inf
  • DC Security.inf
  • RootSec.inf

12
Activity 13-1 Browsing Predefined Security
Templates
  • Objective Explore settings associated with
    built-in security templates
  • Start ? Run ? mmc
  • Add the Security Templates snap-in
  • View the contents of various templates
  • View settings of Account Lockout Policy

13
Applying Security Templates
  • Can be applied to either the local machine or the
    domain via GPOs
  • To apply to a local machine, run secpol.msc
  • To apply to several computers using GPO, use
    Active Directory Users and Computers snap-in
  • Settings applied using Group Policy will always
    override local settings
  • Group policy security settings refreshed at
    reboot, at 90-minute intervals for servers and
    workstations, and every 5 minutes on domain
    controllers

14
Applying Security Templates (continued)
15
Applying Security Templates (continued)
16
Applying Security Templates (continued)
17
Activity 13-2 Applying a Security Template
  • Objective Apply a security template to a single
    computer
  • Start ? Run ? secpol.msc
  • Choose Import policy and highlight compatws.inf

18
Creating Security Templates
  • Sometimes you may need to modify a predefined
    security template or create a new one using the
    Security Templates snap-in
  • New security templates not preconfigured with any
    security-related settings
  • The Account Policies node has three
    subcategories
  • Password Policy
  • Account Lockout Policy
  • Kerberos Policy

19
Creating Security Templates (continued)
20
Creating Security Templates (continued)
21
Creating Security Templates (continued)
  • When configuring the account policy for computers
    in Active Directory domain, the GPO containing
    security template settings must be linked to a
    domain object
  • Other nodes include
  • Local policies
  • Event log
  • Restricted groups
  • System services
  • Registry
  • File System

22
Creating Security Templates (continued)
23
Creating Security Templates (continued)
24
Creating Security Templates (continued)
25
Activity 13-3 Creating a Security Template
  • Objective Define a new security template to meet
    custom requirements
  • Start ? run ? mmc
  • Add the Security Templates snap-in
  • Modify Password Policies
  • Modify Account Lockout Policy

26
Managing and Troubleshooting Security Templates
  • A security baseline template is a security
    template that contains a set of security settings
    that define the minimum security settings that
    must be applied to a particular computer
  • Compare a security baseline template to the
    actual configuration of computers in your network
    to ensure that security is maintained

27
Analyzing System Security using the Security
Configuration and Analysis Snap-in
  • Allows administrators to compare current system
    settings to a previously configured security
    template
  • Uses a container, also referred to as a security
    database, to store imported templates
  • You can compare settings of security templates in
    the security database to actual computer settings
    using the Analyze Computer Now option

28
Analyzing System Security using the Security
Configuration and Analysis Snap-in (continued)
29
Analyzing System Security using the Security
Configuration and Analysis Snap-in (continued)
30
Analyzing System Security using the Security
Configuration and Analysis Snap-in (continued)
31
Analyzing System Security using the Security
Configuration and Analysis Snap-in (continued)
  • To apply the settings in the database to a local
    computer, right click Security Configuration and
    Analysis and choose Configure Computer Now
  • You can export settings in the database to a new
    security template file
  • The newly created file can be applied to other
    computers or to a GPO

32
Analyzing System Security using the Security
Configuration and Analysis Snap-in (continued)
33
Analyzing System Security using the Security
Configuration and Analysis Snap-in (continued)
34
Activity 13-4 Analyzing Security Settings Using
Security Configuration and Analysis
  • Objective Use the Security Configuration and
    Analysis snap-in to compare security template
    settings to settings on the local computer
  • Start ? Run ? mmc
  • Add the Security Configuration and Analysis
    snap-in
  • Select the Open Database option
  • Select Analyze Computer Now

35
Using the Secedit Command-Line Tool
  • Used to create and apply security templates and
    analyze security settings
  • Main switches include
  • /analyze
  • /CFG filename
  • /configure
  • /DB filename
  • /export
  • /GenerateRollback
  • /import
  • /log filename

36
Using the Secedit Command-Line Tool (continued)
  • Secedit switches also include
  • /quiet
  • /validate
  • /verbose

37
Activity 13-5 Analyzing Security Settings Using
Secedit.exe
  • Objective Use the Secedit utility to compare
    security template settings to settings on the
    local computer
  • Start ? Run ? cmd
  • Type specified command
  • View resulting log in Notepad

38
Summary
  • Windows Server 2003 simplifies the management of
    security-related settings on computers using
    Security Configuration Manager tools
  • Security templates define baseline security
    settings for use on computers
  • Each security template organizes security-related
    settings into seven categories
  • Windows Server 2003 comes with several predefined
    security templates

39
Summary (continued)
  • You may create security templates using the
    Security Templates snap-in
  • You may apply the settings in a security template
    to the local computer or to a GPO in an Active
    Directory database
  • The Security Configuration and Analysis snap-in
    can analyze a computers security settings,
    modify security template settings, and apply
    security templates to computers
  • Secedit.exe command-line utility can analyze and
    set security-related settings on a computer
About PowerShow.com