Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 8 Implementing Security Using Group Policy.

Published byDwain Lynch Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 8 Implementing Security Using Group Policy."— Presentation transcript:

1 Module 8 Implementing Security Using Group Policy

2 Module Overview Configuring Security Policies Implementing Fine-Grained Password Policies Restricting Group Membership and Access to Software Managing Security Using Security Templates

3 What Are Security Policies?

4 What Are Network Security Policies? Separate wireless policies for Windows XP and Windows Vista Windows Vista policies contain more options for wireless Windows Vista wireless policies can deny access to wireless networks 802.1x authentication can be configured via Group Policy Only Windows Vista and later can receive wired network policies Define the available networks and authentication methods for wireless connections for Windows Vista and Windows XP clients, and LAN authentication for Windows Vista and Windows Server 2008 clients Windows XP Windows Vista Wireless Wired Wireless only Windows XP Windows Vista Wireless Wired Wireless only GPO

5 Windows Firewall with Advanced Security Supports filtering for both incoming and outgoing traffic Used for advanced settings configuration IPsec protection settings integrated into Windows Firewall Allows rule configuration for various criteria, such as users, groups, and TCP and UDP ports Provides network location-aware profiles Can import or export policies A stateful host-based firewall that allows or blocks network traffic according to its configuration Windows Server 2008 Internet LAN Firewall Firewall rules control inbound and outbound traffic

6 What Are Fine-Grained Password Policies? Administrator group Manager group End user group Password changes: 7 days Password changes: 14 days Password changes: 30 days Fine-grained passwords allow multiple password policies to exist in the same domain

7 How Fine-Grained Password Policies Are Implemented Considerations when implementing PSOs: Password Settings Container and Password Setting Objects are new schema object classes PSOs can only be applied to users or global groups PSOs can be created through ADSI Edit or LDIFDE A PSO has the following settings available: Password policies Account lockout policies PSO Link Precedence

8 Implementing Fine-Grained Password Policies Shadow groups can be used to apply a PSO to all users that do not already share a global group membership A user or group could have multiple PSOs linked to them The precedence attribute is used to resolve conflicts Lower precedence values have higher priority PSOs linked directly to user objects override PSOs linked to a user’s global groups If there are no PSOs, normal domain account policies apply

9 What Is Restricted Group Membership? Group Policy can control group membership: For any group on a local computer, by applying a GPO to the OU that holds the computer account For any group in AD DS, by applying a GPO to the domain controller

10 What Is a Software Restriction Policy? A policy-driven mechanism that identifies and controls software on a client computer A mechanism restricting software installation and viruses A component with two parts: A default rule with three options: Unrestricted, Basic, and Disallowed Exceptions to the default rule

11 Options for Configuring Software Restriction Policies Certificate Rule Checks for digital signature on application Use when you want to restrict Win32 applications and ActiveX content Certificate Rule Checks for digital signature on application Use when you want to restrict Win32 applications and ActiveX content Internet Zone Rule Controls how Internet Zones can be accessed Use in high-security environments to control access to Web applications Internet Zone Rule Controls how Internet Zones can be accessed Use in high-security environments to control access to Web applications Hash Rule Use to employ MD5 or SHA1 hash of a file to confirm identity Use to allow or prohibit a certain file version from being run Hash Rule Use to employ MD5 or SHA1 hash of a file to confirm identity Use to allow or prohibit a certain file version from being run Path Rule Use when restricting a file path Use when multiple files exist for the same application Essential when SRPs are strict Path Rule Use when restricting a file path Use when multiple files exist for the same application Essential when SRPs are strict

12 What Are Security Templates? Security templates: Allow administrators to apply consistent security settings to multiple computers Can be applied via Group Policy Can be designed based on server roles

13 What Is the Security Configuration Wizard? SCW provides guided attack surface reduction by: Disabling unnecessary services and Internet Information Services (IIS) Web extensions Blocking unused ports and securing ports that are left open using IPSec Reducing protocol exposure Configuring audit settings Security Configuration Wizard supports: Rollback Analysis Remote configuration Command-line support Active Directory integration Policy editing

14 Options for Integrating the Security Configuration Wizard and Security Templates Options: Policies created with the SCW can be applied individually Other Security templates can be incorporated into the SCW Scwcmd.exe command-line utility can be used to convert the XML policy into a GPO

15 What Is the Security Configuration and Analysis Tool? Template Setting Actual Setting Setting That Does Not Match Template Setting That Does Not Match Template

Download ppt "Module 8 Implementing Security Using Group Policy."

Similar presentations

Planning and Administering Windows Server® 2008 Servers

Planning and Administering Windows Server® 2008 Servers
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.

IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Module 7: Implementing Security Using Group Policies.

Module 7: Implementing Security Using Group Policies.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Similar presentations

Ads by Google