8.1 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.

Slides:



Advertisements
Similar presentations
Chapter Five Users, Groups, Profiles, and Policies.
Advertisements

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies
15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Module 4: Implementing User, Group, and Computer Accounts
Chapter 13 Securing Windows Server 2008
Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
15.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts.
5.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Resource Sharing Over a Network
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 3: Creating and Managing User Accounts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 3: Creating and Managing User Accounts.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Module 2: Managing User and Computer Accounts
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Working with Workgroups and Domains
Securing Windows Servers Using Group Policy Objects
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
8.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 8: Introducing Computer Accounts.
1 User Account Administration Introduction to User Accounts Planning New User Accounts Creating User Accounts Creating User Profiles Creating Home Directories.
Guide to Operating System Security Chapter 4 Account-based Security.
6.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Designing Active Directory for Security
Section 7: Implementing Security Using Group Policy Exploring the Windows Security Architecture Securing User Accounts Exploring Security Policies Hardening.
Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
Securing AD DS Module A 3: Securing AD DS
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 UNDERSTANDING USER ACCOUNTS  Local user accounts  stored in the Security.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Lesson 17-Windows 2000/Windows 2003 Server Security Issues.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
NT4 SP4 Security Jack Schmidt - Fermilab
CHAPTER Creating and Managing Users and Groups. Chapter Objectives Explain the use of Local Users and Groups Tool in the Systems Tools Option to create.
Module 7: Implementing Security Using Group Policy.
NetTech Solutions Security and Security Permissions Lesson Nine.
Chapter 7 Server Management Policies –User accounts –Groups Rights and permissions Examples.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Managing User and Service Accounts
Configuring Windows Firewall with Advanced Security
Lesson 16-Windows NT Security Issues
Greta Mameniskyte IV course 3rd group
Chapter 8: Managing Accounts and Client Connectivity
Presentation transcript:

8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy Goals  Specify account policies and security  Design security groups  Use shortcut trusts

8.2 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Specifying account security  Define optimal settings  Authentication mechanisms  Account properties  Account policies Specifying Account Policies and Security (Skill 1)

8.3 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Authentication mechanisms  LM (LAN Manager)  NTLM (NT LAN Manager)  NTLM2 (NT LAN Manager version 2)  Kerberos Specifying Account Policies and Security (2) (Skill 1)

8.4 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  LM (LAN Manager)  Used by Windows NT and Windows 9x clients simultaneously with NTLM  Low security  NTLM (NT LAN Manager)  Used by Windows NT and Windows 9x clients  Used by Windows 2000, 2003, and XP clients in certain situations, such as when logging on to a Windows NT domain  Moderate security Specifying Account Policies and Security (3) (Skill 1)

8.5 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  NTLM2 (NT LAN Manager version 2)  Used by Windows NT SP4 clients  Used by Windows 9x clients with Directory Services Client installed  Used by Windows 2000, 2003, and XP clients in certain situations  High security  Kerberos  Used by Windows 2000, 2003, and XP when logging on to a Windows 2000 or Windows Server 2003 domain  Optimal security Specifying Account Policies and Security (4) (Skill 1)

8.6 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Account properties  Settings required depend on environment and level of security required  Rules of thumb  Always configure passwords to expire  Properly specify logon restrictions  Correctly specify account expiration settings for temporary employees  Properly specify remote access and Terminal Services permissions settings Specifying Account Policies and Security (5) (Skill 1)

8.7 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Account policies  Used to set user account properties that control the logon process  Three types  Account Lockout  Password  Kerberos  All are configured using the Group Policy Object Editor snap-in or the Group Policy Management Console (GPMC) Specifying Account Policies and Security (6) (Skill 1)

8.8 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Account Lockout policies  Prevent users from guessing passwords by automatically locking out the user account according to specifications that have been set  Configured by setting three policies  Account lockout threshold  Account lockout duration  Reset account lockout counter after Specifying Account Policies and Security (7) (Skill 1)

8.9 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Account lockout threshold: Specifies the number of invalid logon attempts a user can make, after which the account is locked and the user is prevented from making further logon attempts  Account lockout duration: Sets the time duration during which the account is disabled  Reset account lockout counter after: Sets the time duration that must elapse after an invalid logon attempt before the account lockout counter is reset to 0 Specifying Account Policies and Security (8) (Skill 1)

8.10 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Password policies  Allow you to specify how passwords are managed  Policy options (Table 8-2)  Enforce password history  Maximum and minimum password age  Minimum password length  Passwords must meet complexity requirements  Store password using reversible encryption for all users in the domain Specifying Account Policies and Security (9) (Skill 1)

8.11 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Kerberos policies  Used in connection with Kerberos authentication protocol  Apply only to domain user accounts or computer accounts  Default Kerberos policy values set by Default Domain Policy are generally suitable for most networks and do not need to be changed Specifying Account Policies and Security (10) (Skill 1)

8.12 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Kerberos policies  Enforce user logon restrictions  Maximum lifetime for service ticket  Maximum lifetime for user ticket  Maximum lifetime for user ticket renewal  Maximum tolerance for computer clock synchronization Specifying Account Policies and Security (11) (Skill 1)

8.13 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy Figure 8-1 Account settings to configure for increased security (Skill 1)

8.14 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy Figure 8-2 Kerberos Policy in the Group Policy Object Editor (Skill 1)

8.15 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Microsoft rule is the preferred strategy for building and using groups  A-G-DL-P: User Accounts go into Global groups, which go into Domain Local groups, which are assigned Permissions  Benefits of Microsoft rule  Modularity  Ease of modification  Reduction in the size of the global group list Designing Security Groups (2) (Skill 2)

8.16 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Using universal groups  Before creating universal groups, make sure membership of those groups will not change frequently  Never add a user account as a member of a universal group; instead add global groups  Universal groups are designed for one specific situation – when you need multiple users in multiple domains to have the same access to multiple resources in multiple domains  Modification to Microsoft rule for universal groups: A-G-U-DL-P Designing Security Groups (3) (Skill 2)

8.17 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy Figure 8-3 Using the Microsoft rule (Skill 2)

8.18 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy Figure 8-4 The use of universal groups (Skill 2)

8.19 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy  Shortcut trust  A trust established to reduce the normal Kerberos trust resolution path between domains  When a shortcut trust should be used  Domain design is at least part geographically-based  Many users access resources from another domain to which they do not have a direct trust relationship  A faster resolution path can be created by using a shortcut trust Using Shortcut Trusts (Skill 3)

8.20 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning the Authentication Strategy Figure 8-5 Use of shortcut trusts (Skill 3)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.