© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Slides:

Advertisements

Similar presentations

Managing User, Computer and Group Accounts

Advertisements

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Windows Server 2003 使用者群組管理林寶森

Lesson 17: Configuring Security Policies

MOAC : Installing and Configuring Windows Server 2012

Module 4: Implementing User, Group, and Computer Accounts

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

Administering Active Directory

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

Lesson 14: Creating and Managing Active Directory Users and Computers

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

Group Accounts; Securing Resources with Permissions

Understanding Active Directory

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Module 8: Implementing Administrative Templates and Audit Policy.

Chapter 7 WORKING WITH GROUPS.

Guide to MCSE , Enhanced 1 Activity 4-1: Creating and Adding Members to Global Groups Objective: Use Active Directory Users and Computers to create.

Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Chapter 7: WORKING WITH GROUPS

Designing Active Directory for Security

Section 7: Implementing Security Using Group Policy Exploring the Windows Security Architecture Securing User Accounts Exploring Security Policies Hardening.

Designing Group Security Designing security groups Designing user rights.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Two Installing and Configuring Exchange Server 2003.

Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.

70-270: MCSE Guide to Microsoft Windows XP Professional 1 Windows XP Professional User Accounts Designed for use as a network client for: Windows NT Windows.

Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Chapter 10: Rights, User, and Group Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

NetTech Solutions Supporting Local Users and Groups Lesson Three.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Administering Groups Chapter Eight. Exam Objectives In this Chapter:  Plan a security group hierarchy based upon delegation requirements  Plan a security.

Module 10: Implementing Administrative Templates and Audit Policy.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

MIS Chapter 41 Chapter 4 – Implementing and Managing Group and Computer Accounts MIS 431 – Created Spring 2006.

SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.

1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.

MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition (70-294) Chapter 1: Overview of the Active.

6/19/2016 أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 4.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

ACTIVE DIRECTORY ADMINISTRATION

Active Directory Administration

Windows Server 2008 Administration

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

Windows Server 2003 使用者群組管理

Chapter 9: Managing Groups, Folders, Files, and Object Security

Presentation transcript:

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition (70-294) Chapter 6: Planning Security for Active Directory

Active Directory Security 2 © Wiley Inc All Rights Reserved. Permissions are assigned to AD objects. Through the use of permissions, you can control all aspects of network security.

Security Principals 3 © Wiley Inc All Rights Reserved. User accounts Groups Computer accounts

Types of Groups 4 © Wiley Inc All Rights Reserved. Security groups – considered security principals; can contain user accounts Distribution groups – not considered security principals; used only for sending In Windows 2000 native or Server 2003 functional level domains, you can convert security groups to or from distribution groups

Group Scope 5 © Wiley Inc All Rights Reserved. Domain local – extends as far as the local machine Global – limited to a single domain Universal – can contain users from any domain within an AD forest

Limitations on Group Functionality in Mixed Level 6 © Wiley Inc All Rights Reserved. Universal security groups are not available. Changing the scope of groups is not allowed. Group nesting is limited.

Native Mode Scope Changes 7 © Wiley Inc All Rights Reserved. A domain local group can be changed to a universal group (only if the domain local group does not contain any other domain local groups) A global group can be changed to a universal group (only if the global group is not a member of any other global groups)

Built-in Local Groups 8 © Wiley Inc All Rights Reserved. Account Operators Administrators Backup Operators Guests Print Operators Replicator Server Operators Users

Predefined Global Groups 9 © Wiley Inc All Rights Reserved. Cert Publishers Domain Computers Domain Admins Domain Controllers Domain Guests Domain Users Enterprise Admins Group Policy Creator Owners Schema Admins

Foreign Security Principles 10 © Wiley Inc All Rights Reserved. Allow you to grant permissions to users who reside in domains that are not part of the same forest Process is automatic and does not require intervention of systems administrators

Active Directory Object Permissions 11 © Wiley Inc All Rights Reserved. Control Access Create Child Delete Child Delete Tree List Contents List Object Read Write

ACLs and ACEs 12 © Wiley Inc All Rights Reserved. Access Control Lists (ACLs) exist for each object in Active Directory Access Control Entries (ACEs) exist for each ACL, define what a user or group can actually do with the resource

Delegating Control 13 © Wiley Inc All Rights Reserved. Delegation is the process by which a higher-level security administrator assigns permissions to other users The Delegation of Control Wizard walks through the steps for selecting objects to delegate their permissions, and specifying the allowed permissions and the users who have them

Group Policy Security Setting Sections 14 © Wiley Inc All Rights Reserved. Account Policies > Password Policy Account Policies > Account Lockout Policy Local Policies > Security Options

Smart Card Authentication 15 © Wiley Inc All Rights Reserved. Smart cards store user certificate information in a magnetic strip Provide the system with a double- verification secure logon (smart card and accompanying PIN)

Security Configuration and Analysis Utility 16 © Wiley Inc All Rights Reserved. Simplifies creation and application of security settings Can be used to create, modify, and apply security settings in the Registry through the use of security templates

Process for Security Configuration and Analysis 17 © Wiley Inc All Rights Reserved. 1.Open or create a security database file 2.Import the existing template file 3.Analyze the local computer 4.Make any setting changes 5.Save any template changes 6.Export the new template (optional) 7.Apply the changes (optional)

Working with secedit.exe 18 © Wiley Inc All Rights Reserved. Switches include: /analyze /configure /export /validate Has all the functionality of the Security Configuration and Analysis tool

Windows Server 2003 Auditing Steps 19 © Wiley Inc All Rights Reserved. Configure the size and storage settings for the audit logs Enable categories of events to audit Specify which objects and actions should be recorded in the audit log

Main Auditing Categories 20 © Wiley Inc All Rights Reserved. Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events