70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features - PowerPoint PPT Presentation


PPT – 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features PowerPoint presentation | free to view - id: 4c0b88-MzZlY


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features


70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features Objectives Identify the various elements ... – PowerPoint PPT presentation

Number of Views:826
Avg rating:3.0/5.0
Slides: 49
Provided by: SusanL51


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features

70-290 MCSE Guide to Managing a Microsoft
Windows Server 2003 EnvironmentChapter
14Windows Server 2003 Security Features
  • Identify the various elements and techniques that
    can be used to secure a Windows Server 2003
  • Use Security Configuration and Analysis tools to
    configure and review security settings
  • Audit access to resources and review Security log

Securing Your Windows 2003 System
  • Five broad categories of security-related
  • Authentication
  • Access control
  • Encryption
  • Security policies
  • Service packs and hot fixes

  • Most basic level is requiring a user id and
    password to log on to some system
  • In a domain environment, authentication is
    centralized on the network while in a workgroup
    environment, authentication is local
  • In a domain environment, a single authentication
    can provide access to multiple domains and
  • Additional authentication methods can apply to
    other services (e.g., IIS)

Access Control
  • Access control is used to secure resources such
    as files, folders, and printers
  • Common types of access control are NTSF and
    shared folder permissions, printer permissions,
    Active Directory object permissions
  • The principle of least privilege implies that
    users should only have the access that they
    really need

  • Confidential files can be encrypted using the
    Encrypting File System (EFS) for local files
    stored on NTFS volumes
  • EFS uses a combination of public and private keys
  • The IPSec protocol can encrypt the contents of
    packets sent across a TCP/IP network
  • There are two IPSec modes transport and tunnel
  • IPSec is used to make it difficult for hackers to
    intercept sensitive network data

Security Policies
  • Security policy settings can be configured from
    the Local Security Policy and Group Policy Object
    Editor MMC snap-ins
  • Security policies control a range of security
  • Windows Server 2003 includes tools that analyze
    policy settings compared to pre-configured
    security templates
  • Security Configuration and Analysis MMC snap-in
  • Command-line SECEDIT utility

Service Packs and Hot Fixes
  • Many critical updates and patches are related to
    security issues
  • Hot fixes address a specific identified issue
  • A service pack is a cumulative collection of hot
    fixes and updates
  • Service packs and hot fixes can be downloaded and
    installed from Microsoft
  • Software Update Services can assist in automating
    and managing the distribution of updates

Using Security Configuration Manager Tools
  • Windows Server 2003 provides tools specifically
    designed to help configure and manage security
    settings (Security Configuration Manager tools)
  • These tools plus Group Policies can be used to
    set up a Security Policy template which is
    administered centrally

Using Security Configuration Manager Tools
  • The Security Configuration and Analysis tool will
    compare a security template to existing settings
  • The Security Configuration Manager tools include
    these components
  • Security templates
  • Security settings in Group Policy objects
  • Security Configuration and Analysis tool
  • SECEDIT command-line tool

Security Templates
  • Templates help ensure consistency and ease
    maintenance across multiple machines
  • Templates are text-based files
  • Should not be edited or changed using a
    text-based editor
  • There are a number of pre-defined templates for
    various settings

Security Templates (continued)
Activity 14-1 Browsing Security Templates
  • Objective To become familiar with built-in
    security templates
  • Start ? Run ? type mmc ? OK ? File ? Add/Remove
    Snap-in ? Add
  • Locate and view the available templates as
  • Browse through the available templates and the
    specific policies associated with them

Analyzing the Pre-configured Security Templates
  • Network computers can be categorized as
  • Workstations
  • Servers
  • Domain controllers
  • Pre-configured templates are applicable to a
    specific category of computer
  • Only Windows Server 2003, Windows XP, and Windows
    2000 can use security templates

The Default Template
  • The Setup Security.inf template contains default
    security settings applied when Windows Server
    2003 is installed
  • Contents depend upon the original configuration
    of computer (fresh install, upgrade, etc.)
  • Allows an administrator to return to original
    settings easily
  • Should not be applied using Group Policy

Incremental Templates
  • Modify security configurations incrementally
  • Can only be applied on top of default security
    settings because they do not specify baseline
  • Templates include compatws.inf, securews.inf,
    securedc.inf, hisecws.inf, hisecdc.inf,
    iesacls.inf, dc security.inf, rootsec.inf
  • Custom templates can also be created

Applying Security Templates
  • Security templates can be applied to local
    machine or a domain
  • For local machine
  • Open Local Security Setting MMC snap-in and
    import a policy
  • For domain
  • Use Group Policy Objects
  • Security settings from GPOs override local

Applying Security Templates (continued)
Activity 14-2 Creating a Security Template
  • Objective to explore the creation of a custom
    security template
  • Open a New Template from the MMC Security
    Templates snap-in as directed
  • Configure settings for the new template as
  • Save the template
  • View the template file

Activity 14-3 Applying Security Template
Settings to Group Policy Objects
  • Objective to use Group Policy to deploy
    security template settings
  • Start ? Administrative Tools ? Active Directory
    Users and Computers
  • Open the Default Domain Policy from the
    Properties of the domain
  • Import the previously created template as
  • Verify settings

Security Configuration and Analysis
  • The Security Configuration and Analysis snap-in
    permits the comparison of current system settings
    to those configured in templates
  • The comparison identifies changes and potential
  • Multiple templates can be compared at once
  • Multiple templates can be combined and saved
  • Changes can be made directly within the snap-in
    by selecting the desired configuration

Security Configuration and Analysis (continued)
Activity 14-2 Creating a Security Template
Activity 14-4 Analyzing Security Settings Using
Security Configuration and Analysis
  • Objective To use the Security Configuration and
    Analysis snap-in to compare current configuration
    with security template settings
  • Open the Security Configuration and Analysis
    snap-in as directed and open a new database
  • Import the hisecdc.inf template for comparison
  • Perform the analysis
  • Review and compare the settings as directed

Activity 14-4 (continued)
SECEDIT Command-Line Tool
  • SECEDIT is a command-line tool used to create and
    apply security templates and analyze settings
  • Can be used where Group Policy cannot be applied
  • Six main switches
  • Analyze
  • Configure
  • Export
  • Import
  • Validate
  • GenerateRollback

Auditing Access to Resources and Analyzing
Security Logs
  • Auditing is used to track events on a network
  • An audit policy defines which events should be
  • and whether successes and/or failures should be
  • Audited events are written into a security log
    which can be viewed with Event Viewer

Activity 14-5 Exploring Default Auditing Settings
  • Objective to explore the auditing settings of
    the default domain controller GPO
  • Open the Properties of the Domain Controllers OU
    in Active Directory Users and Computers
  • Edit the Default Domain Controllers Policy on the
    Group Policy tab as directed
  • Open the Audit Policy node and browse through the
    various policy settings

Activity 14-5 (continued)
Activity 14-5 (continued)
Configuring Auditing
  • The role of a computer on the network influences
    how an audit policy is configured
  • For member servers or workstations
  • Audit policies are implemented using GPOs
    assigned to the domain or OUs
  • For domain controllers
  • Audit policies are implemented via the Default
    Domain Controllers Policy applied to Domain
    Controllers OU
  • For standalone workstations and servers
  • Audit policies defined using Local Security
    Policy tool

Requirements and Configuring an Audit Policy
  • Requirements
  • You must have proper permissions (Administrators
    Group or Manage auditing and security log user
  • Auditing files and folders can only be done on
    NTFS volumes
  • Configuring an audit policy
  • Configure auditing on events to be monitored and
    if logging occurs on success and/or failure
  • Configure auditing on specific resource objects
    such as files, folders, printers, and Active
    Directory objects

Configuring an Audit Policy (continued)
Activity 14-6 Configuring and Testing New Audit
Policy Settings
  • Objective to become familiar with changing and
    testing the configuration of audit policy
  • Open the Default Domain Controllers Policy GPO
    auditing settings
  • Reconfigure the settings as directed
  • Manually refresh the Group Policy settings
  • Test the new settings and view results using
    Event Viewer

Auditing Object Access
  • When files and folders reside on an NTFS volume,
    you can monitor attempted and successful accesses
    of these objects
  • Caution -- this can result in a large number of
    events being logged
  • Object auditing is configured through the
    Advanced Security Settings on the resource
  • Auditing is also possible for Active Directory

Auditing Object Access (continued)
Activity 14-7 Configuring Auditing on an NTFS
  • Objective to log failed and successful accesses
    to an NTFS folder
  • Create and configure NTFS permissions for a new
  • Configure auditing settings for the folder
  • Test the auditing settings and permissions by
    attempting to access and delete the folder
  • Use Event Viewer to verify correct auditing

Activity 14-7 (continued)
Best Practices
  • Plan carefully before implementing an audit
  • General guidelines
  • Only audit events that provide truly useful
  • Review entries in the security log regularly
  • Audit sensitive and confidential information
  • Audit the Everyone group it includes
    unauthenticated users
  • Audit the assignment of user rights
  • Audit the Administrators group

Analyzing Security Logs
  • For each event defined in an audit policy, an
    entry is written in the Security log if that
    event occurs
  • Use Event Viewer to examine the Security log
  • The log provides a summary of the date and time
    of each event, and the user performing the action
  • More details by double-clicking the entry
  • Event Viewer provides find and filter options to
    assist in managing the Security log

Analyzing Security Logs (continued)
Analyzing Security Logs (continued)
Activity 14-8 Configuring Event Viewer Log
  • Objective to use the find and filter features in
    Event Viewer to manage log files
  • Open Event Viewer and view local Security log
  • Use the Find feature to locate specific types of
    events as directed
  • Next, use the Filter feature to manage the log,
    displaying only events meeting specified criteria
  • Redisplay all records in the log as directed

Configuring Event Viewer
  • There are a number of configurable settings that
    determine the size, number of entries, and
    overwrite policy in a security log
  • Default initial security log size is 16 MB in
    Windows Server 2003 (up from 512 KB in 2000)
  • Settings are configured from the Properties of
    the Security log in Event Viewer

Configuring Event Viewer (continued)
Activity 14-9 Editing Security Log Settings and
Saving Events
  • Objective to configure properties of the
    Security log and save event entries for archiving
  • Open the Properties of the Security log through
    Event Viewer
  • Reconfigure the Security log size and overwrite
    properties as directed
  • Save and clear the Security log as noted
  • Open the saved log to verify

  • Windows Server 2003 offers security-related
    features in five categories authentication,
    access control, encryption, security policies,
    and service packs and hot fixes
  • Windows Server 2003 offers a package of Security
    Configuration Manager tools
  • Security templates, security settings in GPOs,
    Security Configuration and Analysis tool, SECEDIT
    command-line tool

Summary (continued)
  • Auditing is used to log specific events within a
    Windows Server 2003 configuration
  • An audit policy defines the events to be
  • Specific resources and objects can be configured
    for auditing access attempts
  • A Security log contains record of audited events
  • Event Viewer is used to display and manage
    Security logs
About PowerShow.com