Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6.

Published byPaul Byrd Modified over 8 years ago

Similar presentations

Presentation on theme: "11 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6."— Presentation transcript:

1 11 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6

2 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION2 NAMING STANDARDS  Determine the standard for creating user account names  First initial, last name  First name, last initial, and so on  Naming standards document  Defines how user logon names should be created  Part of appropriate planning for Active Directory  Determine the standard for creating user account names  First initial, last name  First name, last initial, and so on  Naming standards document  Defines how user logon names should be created  Part of appropriate planning for Active Directory

3 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION3 WAYS TO SECURE USER ACCOUNTS  Education of users  Strong passwords  Smart cards  Biometrics  Education of users  Strong passwords  Smart cards  Biometrics

4 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION4 EDUCATING USERS  Use strong passwords  Keep passwords secure  Don’t write down passwords on paper or leave them in visible places.  Don’t share passwords.  Don’t save passwords to your computer.  Use strong passwords  Keep passwords secure  Don’t write down passwords on paper or leave them in visible places.  Don’t share passwords.  Don’t save passwords to your computer.

5 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION5 STRONG PASSWORDS  Combination of at least 7 Upper and lower case letters, numbers, and symbols.  At least one character of each type  Alternate characters make passwords extra secure  When changing passwords, vary them by more than one character.  Don’t use your username, real name, or company name.  Don’t use words from the dictionary.  Combination of at least 7 Upper and lower case letters, numbers, and symbols.  At least one character of each type  Alternate characters make passwords extra secure  When changing passwords, vary them by more than one character.  Don’t use your username, real name, or company name.  Don’t use words from the dictionary.

6 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION6 SMART CARD AUTHENTICATION

7 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION7 ENTERPRISE CERTIFICATION AUTHORITY REQUIRED

8 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION8 SMART CARD BENEFITS: INCREASED SECURITY  Keystroke loggers cannot capture passwords because users will not be typing them.  Password complexity is not something you have to teach or enforce upon your users.  Users will not be writing passwords on paper or sharing them.  Security risks related to password cracking or remote attacks are greatly reduced.  Keystroke loggers cannot capture passwords because users will not be typing them.  Password complexity is not something you have to teach or enforce upon your users.  Users will not be writing passwords on paper or sharing them.  Security risks related to password cracking or remote attacks are greatly reduced.

9 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION9 SMART CARD CONSIDERATIONS  Additional software and administration.  Certification authority (CA)  Internet Information Server (IIS) to distribute smart cards  Need smart card readers for client computers.  Users could lose or forget their smart cards.  Users may be tempted to write their PIN on their smart card.  Additional software and administration.  Certification authority (CA)  Internet Information Server (IIS) to distribute smart cards  Need smart card readers for client computers.  Users could lose or forget their smart cards.  Users may be tempted to write their PIN on their smart card.

10 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION10 ENABLING A USER ACCOUNT FOR SMART CARD AUTHENTICATION

11 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION11 ADMINISTRATOR ACCOUNT SECURITY  Strong password (rotate frequently).  Cannot hide the default administrative account from the experienced hacker (RID of 500).  Don’t use for daily tasks; you can use the Run As utility to increase privilege when required.  Allows you to use another user’s credentials without a log off event  Must be logged on interactively  Requires secondary logon service  Strong password (rotate frequently).  Cannot hide the default administrative account from the experienced hacker (RID of 500).  Don’t use for daily tasks; you can use the Run As utility to increase privilege when required.  Allows you to use another user’s credentials without a log off event  Must be logged on interactively  Requires secondary logon service

12 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION12 ORGANIZATIONAL UNIT (OU) STRUCTURE  Representing the company model  Delegation of administrative control  Group Policy  Hide objects within Active Directory  Representing the company model  Delegation of administrative control  Group Policy  Hide objects within Active Directory

13 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION13 DELEGATING ADMINISTRATIVE RESPONSIBILITY  OUs can help to decentralize administrative control.  You can give certain users or groups permissions to perform specific tasks within particular OUs.  Reset passwords.  Create and delete user accounts.  OUs can help to decentralize administrative control.  You can give certain users or groups permissions to perform specific tasks within particular OUs.  Reset passwords.  Create and delete user accounts.

14 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION14 IMPLEMENTING GROUP POLICIES  Covered in greater depth in the following chapters.  Allows you to subdivide the organization based on the controls you’d like to implement.  Subdividing reduces the amount of Group Policy processing that computers must perform.  Faster user logons  Quicker computer startups  Covered in greater depth in the following chapters.  Allows you to subdivide the organization based on the controls you’d like to implement.  Subdividing reduces the amount of Group Policy processing that computers must perform.  Faster user logons  Quicker computer startups

15 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION15 HIDING OBJECTS  Can prevent users from seeing objects inside OUs to which they do not have Read access  Modify the Access Control List (ACL) on the OU  In order to see the OU ACL, you must enable Advanced Features on the View menu.  Remove Read permission to Authenticated Users.  Set appropriate permissions for the users you’d like to see the object.  Can prevent users from seeing objects inside OUs to which they do not have Read access  Modify the Access Control List (ACL) on the OU  In order to see the OU ACL, you must enable Advanced Features on the View menu.  Remove Read permission to Authenticated Users.  Set appropriate permissions for the users you’d like to see the object.

16 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION16 CREATING AN OU STRUCTURE  Limit the number of nested OUs.  Three to five layers are typical.  Most agree that ten or more layers are excessive.  Book icon.  First-level OUs are directly below the domain.  Limit the number of nested OUs.  Three to five layers are typical.  Most agree that ten or more layers are excessive.  Book icon.  First-level OUs are directly below the domain.

17 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION17 PYRAMID OU STRUCTURE Location1 AccountingProduction Location3 SalesMarketingAdministration Location2 cohowinery.com

18 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION18 FLAT OU STRUCTURE AccountingLocation1 2 3ProductionSalesMarketingAdministration cohowinery.com

19 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION19 USING OUs TO DELEGATE ACTIVE DIRECTORY MANAGEMENT TASKS  Compartmentalizes administration  Limit the number of administrators that have access to the entire domain or forest  Limit the scope of administrative control  Reset passwords.  Create and manage user accounts.  Create computer accounts.  Limits the scope of errors  Compartmentalizes administration  Limit the number of administrators that have access to the entire domain or forest  Limit the scope of administrative control  Reset passwords.  Create and manage user accounts.  Create computer accounts.  Limits the scope of errors

20 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION20 DELEGATION OF CONTROL WIZARD

21 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION21 VERIFYING AND REMOVING DELEGATED PERMISSIONS  Cannot use the Delegation Of Control Wizard to remove permissions  Must modify the ACL of the OU  Need to be sure Advanced Features is enabled on the View menu  Security tab is then visible.  You can modify permissions for users and groups.  Cannot use the Delegation Of Control Wizard to remove permissions  Must modify the ACL of the OU  Need to be sure Advanced Features is enabled on the View menu  Security tab is then visible.  You can modify permissions for users and groups.

22 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION22 MOVING OBJECTS BETWEEN OUs  Drag and drop from one location to the other in Active Directory Users And Computers  Move menu option  Dsmove  Movetree  Drag and drop from one location to the other in Active Directory Users And Computers  Move menu option  Dsmove  Movetree

23 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION23 PERMISSIONS  Those assigned directly to the OU remain  Those inherited are removed and replaced with permissions inherited from new parent OU or domain  Those assigned directly to the OU remain  Those inherited are removed and replaced with permissions inherited from new parent OU or domain

24 Chapter 6: SECURITY PLANNING AND ADMINISTRATIVE DELEGATION24 SUMMARY  Examples of naming standards.  User account security.  Passwords  User education  Smart cards  Reduce use of privileged accounts by using the Run As utility.  What should you consider when designing an OU structure?  What wizard can you use to delegate control? What is a limitation of this wizard?  Name several ways to move objects from one OU to another.  Examples of naming standards.  User account security.  Passwords  User education  Smart cards  Reduce use of privileged accounts by using the Run As utility.  What should you consider when designing an OU structure?  What wizard can you use to delegate control? What is a limitation of this wizard?  Name several ways to move objects from one OU to another.

Download ppt "11 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6."

Similar presentations

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
MOAC : Installing and Configuring Windows Server 2012

MOAC : Installing and Configuring Windows Server 2012
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.

11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.

Similar presentations

Ads by Google