Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 8: Implementing Administrative Templates and Audit Policy.

Published byKevin Hardy Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 8: Implementing Administrative Templates and Audit Policy."— Presentation transcript:

1 Module 8: Implementing Administrative Templates and Audit Policy

2 Overview Managing User Rights in Windows Server 2003 Using Security Templates to Secure Computers Testing Computer Security Policy Configuring Auditing Managing Security Logs

3 Lesson: Managing User Rights in Windows Server 2003 What Are User Rights? User Rights vs. Permissions User Rights Assigned to Built-In Groups Practice: Assigning User Rights

4 What Are User Rights? Examples of User Rights

5 User Rights vs. Permissions User Rights: Actions on System User Rights: Actions on System Permissions: Actions on Object

6 User Rights Assigned to Built-In Groups Built-in local groups: Administrators Backup Operators Power Users Remote Desktop Users Users Administrators Backup Operators Power Users Remote Desktop Users Users Groups in Builtin container: Account Operators Administrators Backup Operators Pre—Windows 2000 Compatible Access Print Operators Server Operators Account Operators Administrators Backup Operators Pre—Windows 2000 Compatible Access Print Operators Server Operators Groups in Users container: Domain Admins Enterprise Admins Domain Admins Enterprise Admins

7 Practice: Assigning User Rights In this practice, you will: Assign the Authenticated Users group the right to change the system time Assign Judy Lew the right to log on locally to the domain controller

8 Lesson: Using Security Templates to Secure Computers What Is a Security Policy? What Are Security Templates? What Are Security Template Settings? Windows Server 2003 Security Guide Templates Windows XP Security Guide Templates Ways to Deploy Security Templates Practice: Using Security Templates to Secure Computers

9 What Is a Security Policy?

10 What Are Security Templates? TemplateDescription Setup security.inf Default security settings DC security.inf Default security settings for a domain controller Compatws.inf Modifies permissions and registry settings for application compatibility Securedc.inf and Securews.inf Enhances security settings Hisecdc.inf and Hisecws.inf Increases the restrictions on security settings Rootsec.inf Specifies permissions for the root of the system drive IESacls.inf Configures auditing and permissions on registry keys of Internet Explorer

11 What Are Security Template Settings? Security Template: Setup Security Sample Settings

12 Windows Server 2003 Security Guide Templates The Windows Server 2003 Security Guide provides: Security documents and checklists Sample scripts Security templates for:  Legacy Clients  Enterprise Clients  High Security Security documents and checklists Sample scripts Security templates for:  Legacy Clients  Enterprise Clients  High Security

13 Windows XP Security Guide Templates The Windows XP Security Guide provides: Security documents and checklists Sample scripts Administrative templates Security templates for:  Enterprise Clients  High Security  Legacy Clients Security documents and checklists Sample scripts Administrative templates Security templates for:  Enterprise Clients  High Security  Legacy Clients

14 Ways to Deploy Security Templates

15 Practice: Using Security Templates to Secure Computers In this practice, you will: Create a security template Import the security template into a GPO and apply the GPO to an organizational unit

16 Lesson: Testing Computer Security Policy What Is the Security Configuration and Analysis Tool? Practice: Testing a Computer Security Policy

17 What Is the Security Configuration and Analysis Tool? Template Setting Actual Setting Setting That Does Not Match Template

18 Practice: Testing a Computer Security Policy In this practice, you will analyze a computer’s security policy by using a security template

19 Lesson: Configuring Auditing What Is Auditing? What Is an Audit Policy? Types of Events to Audit Guidelines for Planning an Audit Policy Practice: Configuring Auditing Best Practices for Configuring Auditing

20 What Is Auditing? Auditing tracks user and operating system activities and records selected events in security logs Enable auditing to:  Create a baseline  Detect threats and attacks  Determine damages  Prevent further damage Audit access to objects, management of accounts, and users logging on and logging off What occurred? When? Who did it? What was the result?

21 What Is an Audit Policy? An audit policy determines the security events that will be reported to the network administrator Set up an audit policy to:  Track success or failure of events  Minimize unauthorized use of resources  Maintain a record of activity Security events are stored in security logs

22 Types of Events to Audit Account Logon Account Management Directory Service Access Logon Object Access Policy Change Privilege Use Process Tracking System

23 Guidelines for Planning an Audit Policy Determine the computers to set up auditing on Determine which events to audit Determine whether to audit success or failure events Determine whether to track trends Review security logs frequently

24 Practice: Configuring Auditing In this practice, you will create a GPO to enable auditing for files and folders

25 Best Practices for Configuring Auditing Audit success events in the directory service access category Audit success events in the object access category Audit success and failure events in the system category Audit success and failure events in the policy change category on domain controllers Audit success and failure events in the account management category Audit success events in the logon category Audit success events in the account logon category on domain controllers

26 Lesson: Managing Security Logs Types of Log Files Common Security Events Tasks Associated with Managing the Security Log Files Practice: Managing Security Logs

27 Types of Log Files The following logs are available in Event Viewer: Application Security System Directory service File Replication service

28 Common Security Events LogonEvent description Event ID 528 Successful logon Event ID 529 Unsuccessful logon attempt Event ID 539 Attempts to log on to a locked out account Security LogEvent description Event ID 517 Security log cleared ShutdownEvent description Event ID 513 System is shut down

29 Tasks Associated with Managing the Security Log Files

30 Practice: Managing Security Logs In this practice, you will: Configure security log properties Create a security log filter that filters the failure events for Don Hall

31 Lab: Managing Security Settings In this lab, you will: Create a custom security template Import and deploy the custom template

Download ppt "Module 8: Implementing Administrative Templates and Audit Policy."

Similar presentations

Guide to MCSE 70-290, Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
 Overview User Accounts Groups User Rights Permissions.

 Overview User Accounts Groups User Rights Permissions.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Similar presentations

Ads by Google