Presentation on theme: "Auditing Microsoft Active Directory"— Presentation transcript:
1 Auditing Microsoft Active Directory Eric DuggerNetwork Services ManagerNevada Legislature
2 What is Active Directory A central component of the Windows platform, Active Directory directory service provides the means to manage the identities and relationships that make up network environments.Resources – Computers & PrintersServices – , Policies, DNS, etc.Users – Accounts and security groups
4 Primary Items of Importance Business ContinuityIs Active Directory backed up?Are there multiple Domain Controllers?SecurityWho has access to change Active Directory?What settings in Active Directory affect security? (passwords, etc.)PoliciesWhat environment is created from AD Polices?
5 Business Continuity Active Directory Backups – Critical Data How often?Where are they stored?see Backing up an Active Directory Server docMultiple Domain ControllersShould have the global catalogshow where in Sites and Services
11 Group Policy in Microsoft Windows Active Directory
12 What is Active Directory Group Policy? The Group Policy management solution in Microsoft® Windows Server™ 2003 allows administrators to define configurations for both servers and user machines. Local policy settings can be applied to all machines, and for those that are part of a domain, an administrator can use Group Policy to set policies that apply across a given site, domain, or range of organizational units (OUs) in the Active Directory® directory service. Support for Group Policy is available on machines running Microsoft Windows 2000 Server, Microsoft Windows 2000 Professional, Microsoft Windows® XP Professional, and Windows Server 2003.
13 Overview Control Internet Explorer Settings Control Computer/User SettingsSoftware DistributionWindows UpdatesMuch, Much More…..
14 Getting Started Windows 2003 Active Directory Group Policy Manager Plug-in
15 Choose an Organizational Unit Creating a PolicyCreate and Link GPOChoose an Organizational Unit
16 Assigning a Policy Policies Linked to this OU Policies Inherited Delegationof this OU
17 Defining Internet Explorer Control the Functionality of IEPlug-InsMenusEmpty Temp FolderControl the Security of IEActive X.NETBlock Sites
18 Configuring an IE Policy Define your ZonesInternetIntranetTrustedRestrictedDefine your SettingsApply Policy to an OUZONES1 – Intranet2 – Trusted3 – Internet4 - Restricted
19 Control User/Computer Settings Configure the DesktopHide icons/menusDictate wallpaperControl Software Installation or UseProhibit software from being installed or uninstalledProhibit software from being runLockdown Administrator FunctionsNetwork or security settingsConfigure Windows Firewall
21 Software Distribution Automatically Install Software at LogonPublish SoftwareRemove SoftwareUpdate Software
22 Configure a Software Install Policy Install a Software Package on LogonThe software will be installed when the user logs onPublish a Software PackageThe software will be available through “Add/Remove Programs”Redeploy a Software PackageThe package will be redeployed (Update or New Version)Uninstall a Software PackageThe software will be removedInstall Path to MSI File
23 Managing Windows Updates Create a policy to use the Windows Update Services serverAssign WSUS ServerAssign WSUS GroupsInstall and Configure WSUS
24 Windows System Update Server Updates for Windows, Office, Exchange Server, and SQL Server, with additional product support over timeAutomatic download of specific updatesAutomated actions for updates, determined by administrator approvalAbility to determine the applicability of updates before installing themTargetingReporting
25 How WSUS Works Downloads selected updates to central update server Release updates to specified groupsReport on status of updates
26 Computer NameOperating SystemLast Status ReportComputer Group
32 True Last Logon http://www.dovestones.com/products/True_Last_Logon.asp
33 What AD Policies am I getting? GPRESULTOpen a command windowType gpresult
34 Export Group Policy Settings AdmX.exe: ADM File ParserCategoryThe ADM File Parser (AdmX) is a command-line tool that enables an administrator to export Group Policy settings to a tab-delimited text file. The administrator can then use the text produced by ADM File Parser (AdmX) to find changes for the policy settings between different versions of the operating systems. AdmX is for use only with policies based on administrative templates.Version compatibilityThe AdmX.exe tool runs on Windows 2000, Windows Server 2003, and Windows XP Professional. AdmX.exe also requires the Microsoft .NET Framework 1.0.