Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guide to MCSE 70-270, Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.

Published byJob Parrish Modified over 8 years ago

Similar presentations

Presentation on theme: "Guide to MCSE 70-270, Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access."— Presentation transcript:

1 Guide to MCSE 70-270, Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access token String of bits representing user Attached to processes

2 Guide to MCSE 70-270, Second Edition, Enhanced2 The Windows XP Security Model (continued) Access token Compared with ACL (Access Control List) Domain security Centered on Active Directory

3 Guide to MCSE 70-270, Second Edition, Enhanced3 Active Directory Centralized database containing: Security Configuration Communication information Manages: Information about domain Resources shared by network

4 Guide to MCSE 70-270, Second Edition, Enhanced4 Logon Authentication Logon is mandatory Logon process components: Identification Authentication Password authentication typically used Access token attached to shell process

5 Guide to MCSE 70-270, Second Edition, Enhanced5 Shell Defines environment inside which user executes programs or spawns other processes Default: Windows Explorer Defines desktop, start menu, etc.

6 Guide to MCSE 70-270, Second Edition, Enhanced6 Resources as Objects Access to individual resources controlled at object level Everything in environment is an object Identified by type Type determines Permitted range of contents Kinds of operations

7 Guide to MCSE 70-270, Second Edition, Enhanced7 Resources as Objects (continued) Service How object can be manipulated Attributes Named characteristics

8 Guide to MCSE 70-270, Second Edition, Enhanced8 Access Control Logon process Initiated with Ctrl+Alt+Delete Hardware interrupt cannot be imitated Mandatory logon Restricted user mode Physical logon User profiles

9 Guide to MCSE 70-270, Second Edition, Enhanced9 Customizing the Logon Process Administrator can alter default process Winlogon process: Produces logon dialog box Controls automated logon Warning text Display of Shutdown button Display of last user to log onto system

10 Guide to MCSE 70-270, Second Edition, Enhanced10 Disabling the Default Username Logon window Displays name of the last user to logon Can be unsecure DontDisplayLastUserName Regisry setting Edit with: Local Computer Policy utility

11 Guide to MCSE 70-270, Second Edition, Enhanced11 Adding a Security Warning Message Might be legally obligated to add a warning message Settings in Registry: LegalNoticeCaption LegalNoticeText

12 Guide to MCSE 70-270, Second Edition, Enhanced12 Changing the Shell Default shell Windows Explorer Change Registry setting

13 Guide to MCSE 70-270, Second Edition, Enhanced13 Disabling the Shutdown Button Windows XP logon window includes Shutdown button Potential for unwanted system shutdowns ShutdownWithoutLogon Registry setting Users can still physically power-off machine Winlogon settings for: Laptop Sleep mode Other advanced shutdown settings

14 Guide to MCSE 70-270, Second Edition, Enhanced14 Automating Logons Values for username and password can be coded into Registry to automate logons Registry settings: DefaultDomainName DefaultUserName DefaultPassword AutoAdminLogon

15 Guide to MCSE 70-270, Second Edition, Enhanced15 Automatic Account Lockout Disables account Predetermined number of failed logins Predetermined amount of time Default: Unlimited number of attempts

16 Guide to MCSE 70-270, Second Edition, Enhanced16 Domain Security Concepts and Systems Domain Collection of computers with centrally managed security and activities Offers: Increased security Centralized control Broader access to resources

17 Guide to MCSE 70-270, Second Edition, Enhanced17 Domain Security Overview Control of: User accounts Group memberships Resource access for all members of a network instead of only a single computer

18 Guide to MCSE 70-270, Second Edition, Enhanced18 Local Computer Policy Combination of controls System policies Control panel applets Registry settings Other names: Software policy Environmental policy Windows XP policy

19 Guide to MCSE 70-270, Second Edition, Enhanced19 Local Computer Policy (continued) Local system’s group policy Effective policy: Result of combination of all group policies applicable to system Controlled on a domain basis on a Windows domain controller Add Global Policy snap-in to MMC

20 Guide to MCSE 70-270, Second Edition, Enhanced20 Local Computer Policy (continued) Local Group Policy tool Also called Local Security Policy tool Accessed from Administrative Tools Local computer policy contents: Determined during installation Based on: System configuration Existing devices Selected options and components

21 Guide to MCSE 70-270, Second Edition, Enhanced21 Local Computer Policy (continued) Custom policies: Created through the use of.adm files Local group policy: System.adm file Local Computer Policy snap-in Divided into two sections: User Configuration Computer Configuration Contains over 300 individual controls

22 Guide to MCSE 70-270, Second Edition, Enhanced22 Computer Configuration Subnodes: Software Settings The Windows Settings folder: Scripts Security Settings Administrative Templates folder

23 Guide to MCSE 70-270, Second Edition, Enhanced23 Public Key Policies Three purposes Offers additional controls over the Encrypting File System (EFS) Enables the issuing of certificates Allows you to establish trust in a certificate authority

24 Guide to MCSE 70-270, Second Edition, Enhanced24 IP Security Policies Security measure added to TCP/IP Protects communications between two systems using that protocol Can be used over a RAS or WAN link Creates a secured point-to-point link between two systems Configured and enabled with Advanced TCP/IP Settings dialog box

25 Guide to MCSE 70-270, Second Edition, Enhanced25 IP Security Policies (continued) Modes: Transport Tunneling Predefined IPSec policies: Client (Respond Only) Server (Request Security) Secure Server (Require Security)

26 Guide to MCSE 70-270, Second Edition, Enhanced26 IP Security Policies (continued) Authentication methods: Kerberos version 5 Default and preferred Public key certificate authentication Preshared key Less secure

27 Guide to MCSE 70-270, Second Edition, Enhanced27 Administrative Templates Offer controls on a wide range of environmental functions and features Registry based group policy information Used to overwrite Registry to force compliance with group policy

28 Guide to MCSE 70-270, Second Edition, Enhanced28 User Configuration Subfolders: Software Settings Windows Settings folder Administrative Templates folder

29 Guide to MCSE 70-270, Second Edition, Enhanced29 Security Configuration and Analysis Tool MMC snap-in Used to: Analyze Configure Export Validate system security based on a security template Seven predefined security templates

30 Guide to MCSE 70-270, Second Edition, Enhanced30 Security Configuration and Analysis Tool (continued) Checks system’s current configuration against selected security template Produces a report of discrepancies Apply security templates to system

31 Guide to MCSE 70-270, Second Edition, Enhanced31 Auditing Security process Records occurrence of specific operating system events inSecurity log Every object has audit events related to it Event Viewer Maintains logs about: Application events Security events System events

32 Guide to MCSE 70-270, Second Edition, Enhanced32 Event Properties Dialog Box

33 Guide to MCSE 70-270, Second Edition, Enhanced33 Encrypting File System Allows you to encrypt data stored on an NTFS drive Only enabling user can gain access to encrypted object Enabled using Properties dialog Uses public and private key encryption method Encryption process is invisible to user

34 Guide to MCSE 70-270, Second Edition, Enhanced34 Encrypting File System (continued) Recovery Agent Used to recover encrypted files Required for EFS to function CIPHER Command-line tool for batch processing of encryption

Download ppt "Guide to MCSE 70-270, Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access."

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Guide to MCSE 70-290, Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Windows XP Users, Groups, Profiles and Policies 70-270: MCSE Guide to Microsoft Windows XP Professional.

Windows XP Users, Groups, Profiles and Policies : MCSE Guide to Microsoft Windows XP Professional.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 4: Troubleshoot System Startup and User Logon Problems.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 4: Troubleshoot System Startup and User Logon Problems.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Similar presentations

Ads by Google