Presentation on theme: "Auditing Microsoft Active Directory"— Presentation transcript:
1Auditing Microsoft Active Directory Eric DuggerNetwork Services ManagerNevada Legislature
2What is Active Directory A central component of the Windows platform, Active Directory directory service provides the means to manage the identities and relationships that make up network environments.Resources – Computers & PrintersServices – , Policies, DNS, etc.Users – Accounts and security groups
4Primary Items of Importance Business ContinuityIs Active Directory backed up?Are there multiple Domain Controllers?SecurityWho has access to change Active Directory?What settings in Active Directory affect security? (passwords, etc.)PoliciesWhat environment is created from AD Polices?
5Business Continuity Active Directory Backups – Critical Data How often?Where are they stored?see Backing up an Active Directory Server docMultiple Domain ControllersShould have the global catalogshow where in Sites and Services
11Group Policy in Microsoft Windows Active Directory
12What is Active Directory Group Policy? The Group Policy management solution in Microsoft® Windows Server™ 2003 allows administrators to define configurations for both servers and user machines. Local policy settings can be applied to all machines, and for those that are part of a domain, an administrator can use Group Policy to set policies that apply across a given site, domain, or range of organizational units (OUs) in the Active Directory® directory service. Support for Group Policy is available on machines running Microsoft Windows 2000 Server, Microsoft Windows 2000 Professional, Microsoft Windows® XP Professional, and Windows Server 2003.
13Overview Control Internet Explorer Settings Control Computer/User SettingsSoftware DistributionWindows UpdatesMuch, Much More…..
14Getting Started Windows 2003 Active Directory Group Policy Manager Plug-in
15Choose an Organizational Unit Creating a PolicyCreate and Link GPOChoose an Organizational Unit
16Assigning a Policy Policies Linked to this OU Policies Inherited Delegationof this OU
17Defining Internet Explorer Control the Functionality of IEPlug-InsMenusEmpty Temp FolderControl the Security of IEActive X.NETBlock Sites
18Configuring an IE Policy Define your ZonesInternetIntranetTrustedRestrictedDefine your SettingsApply Policy to an OUZONES1 – Intranet2 – Trusted3 – Internet4 - Restricted
19Control User/Computer Settings Configure the DesktopHide icons/menusDictate wallpaperControl Software Installation or UseProhibit software from being installed or uninstalledProhibit software from being runLockdown Administrator FunctionsNetwork or security settingsConfigure Windows Firewall
21Software Distribution Automatically Install Software at LogonPublish SoftwareRemove SoftwareUpdate Software
22Configure a Software Install Policy Install a Software Package on LogonThe software will be installed when the user logs onPublish a Software PackageThe software will be available through “Add/Remove Programs”Redeploy a Software PackageThe package will be redeployed (Update or New Version)Uninstall a Software PackageThe software will be removedInstall Path to MSI File
23Managing Windows Updates Create a policy to use the Windows Update Services serverAssign WSUS ServerAssign WSUS GroupsInstall and Configure WSUS
24Windows System Update Server Updates for Windows, Office, Exchange Server, and SQL Server, with additional product support over timeAutomatic download of specific updatesAutomated actions for updates, determined by administrator approvalAbility to determine the applicability of updates before installing themTargetingReporting
25How WSUS Works Downloads selected updates to central update server Release updates to specified groupsReport on status of updates
26Computer NameOperating SystemLast Status ReportComputer Group
32True Last Logon http://www.dovestones.com/products/True_Last_Logon.asp
33What AD Policies am I getting? GPRESULTOpen a command windowType gpresult
34Export Group Policy Settings AdmX.exe: ADM File ParserCategoryThe ADM File Parser (AdmX) is a command-line tool that enables an administrator to export Group Policy settings to a tab-delimited text file. The administrator can then use the text produced by ADM File Parser (AdmX) to find changes for the policy settings between different versions of the operating systems. AdmX is for use only with policies based on administrative templates.Version compatibilityThe AdmX.exe tool runs on Windows 2000, Windows Server 2003, and Windows XP Professional. AdmX.exe also requires the Microsoft .NET Framework 1.0.