Module 8 Implementing Security Using Group Policy.

Slides:



Advertisements
Similar presentations
Planning and Administering Windows Server® 2008 Servers
Advertisements

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 5: Configuring Access to Internal Resources.
Module 5: Creating and Configuring Group Policy
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Lesson 19: Configuring Windows Firewall
IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 Enabling Secure Internet Access with ISA Server.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Module 7: Implementing Security Using Group Policies.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Securing Windows Servers Using Group Policy Objects
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Using Windows Firewall and Windows Defender
Module 6: Designing Active Directory Security in Windows Server 2008.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 14: Configuring Server Security Compliance
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Securing AD DS Module A 3: Securing AD DS
Windows 7 Firewall.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Module 2: Managing User and Computer Accounts. Overview Creating User Accounts Creating Computer Accounts Modifying User and Computer Account Properties.
Module 7: Managing the User Environment by Using Group Policy.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Page 1 System and Group Policies Lecture 7 Hassan Shuja 11/02/2004.
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.
Module 5: Designing Security for Internal Networks.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
Module 5: Creating and Configuring Group Policies.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Implementing Group Policy
Module 7: Implementing Security Using Group Policy.
Module 10: Windows Firewall and Caching Fundamentals.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Implementing Server Security on Windows 2000 and Windows Server 2003
Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Windows Server 2003 SP1 Technical Overview John Howard, IT Pro Evangelist, Microsoft UK
Implementing Client Security on Windows 2000 and Windows XP.
By Daniel Grim. What Is Windows NT? IPSEC/Windows Firewall NTFS File System Registry Permissions Managing User Accounts Conclusion Outline.
Windows Vista Configuration MCTS : Network Security.
Module 8: Implementing Group Policy. Overview Multimedia: Introduction to Group Policy Implementing Group Policy Objects Implementing GPOs on a Domain.
Configuring Windows Firewall with Advanced Security
Securing the Network Perimeter with ISA 2004
Configuring and Troubleshooting Routing and Remote Access
Implementing TMG Server Publishing
Lesson #10 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 10 Configuring Network and Firewall Settings.
Utilize Group Policy Terminal Server Settings
Module 8: Implementing Group Policy
Implementing Advanced Server and Client Security
Presentation transcript:

Module 8 Implementing Security Using Group Policy

Module Overview Configuring Security Policies Implementing Fine-Grained Password Policies Restricting Group Membership and Access to Software Managing Security Using Security Templates

What Are Security Policies?

What Are Network Security Policies? Separate wireless policies for Windows XP and Windows Vista Windows Vista policies contain more options for wireless Windows Vista wireless policies can deny access to wireless networks 802.1x authentication can be configured via Group Policy Only Windows Vista and later can receive wired network policies Define the available networks and authentication methods for wireless connections for Windows Vista and Windows XP clients, and LAN authentication for Windows Vista and Windows Server 2008 clients Windows XP Windows Vista Wireless Wired Wireless only Windows XP Windows Vista Wireless Wired Wireless only GPO

Windows Firewall with Advanced Security Supports filtering for both incoming and outgoing traffic Used for advanced settings configuration IPsec protection settings integrated into Windows Firewall Allows rule configuration for various criteria, such as users, groups, and TCP and UDP ports Provides network location-aware profiles Can import or export policies A stateful host-based firewall that allows or blocks network traffic according to its configuration Windows Server 2008 Internet LAN Firewall Firewall rules control inbound and outbound traffic

What Are Fine-Grained Password Policies? Administrator group Manager group End user group Password changes: 7 days Password changes: 14 days Password changes: 30 days Fine-grained passwords allow multiple password policies to exist in the same domain

How Fine-Grained Password Policies Are Implemented Considerations when implementing PSOs: Password Settings Container and Password Setting Objects are new schema object classes PSOs can only be applied to users or global groups PSOs can be created through ADSI Edit or LDIFDE A PSO has the following settings available: Password policies Account lockout policies PSO Link Precedence

Implementing Fine-Grained Password Policies Shadow groups can be used to apply a PSO to all users that do not already share a global group membership A user or group could have multiple PSOs linked to them The precedence attribute is used to resolve conflicts Lower precedence values have higher priority PSOs linked directly to user objects override PSOs linked to a user’s global groups If there are no PSOs, normal domain account policies apply

What Is Restricted Group Membership? Group Policy can control group membership: For any group on a local computer, by applying a GPO to the OU that holds the computer account For any group in AD DS, by applying a GPO to the domain controller

What Is a Software Restriction Policy? A policy-driven mechanism that identifies and controls software on a client computer A mechanism restricting software installation and viruses A component with two parts: A default rule with three options: Unrestricted, Basic, and Disallowed Exceptions to the default rule

Options for Configuring Software Restriction Policies Certificate Rule Checks for digital signature on application Use when you want to restrict Win32 applications and ActiveX content Certificate Rule Checks for digital signature on application Use when you want to restrict Win32 applications and ActiveX content Internet Zone Rule Controls how Internet Zones can be accessed Use in high-security environments to control access to Web applications Internet Zone Rule Controls how Internet Zones can be accessed Use in high-security environments to control access to Web applications Hash Rule Use to employ MD5 or SHA1 hash of a file to confirm identity Use to allow or prohibit a certain file version from being run Hash Rule Use to employ MD5 or SHA1 hash of a file to confirm identity Use to allow or prohibit a certain file version from being run Path Rule Use when restricting a file path Use when multiple files exist for the same application Essential when SRPs are strict Path Rule Use when restricting a file path Use when multiple files exist for the same application Essential when SRPs are strict

What Are Security Templates? Security templates: Allow administrators to apply consistent security settings to multiple computers Can be applied via Group Policy Can be designed based on server roles

What Is the Security Configuration Wizard? SCW provides guided attack surface reduction by: Disabling unnecessary services and Internet Information Services (IIS) Web extensions Blocking unused ports and securing ports that are left open using IPSec Reducing protocol exposure Configuring audit settings Security Configuration Wizard supports: Rollback Analysis Remote configuration Command-line support Active Directory integration Policy editing

Options for Integrating the Security Configuration Wizard and Security Templates Options: Policies created with the SCW can be applied individually Other Security templates can be incorporated into the SCW Scwcmd.exe command-line utility can be used to convert the XML policy into a GPO

What Is the Security Configuration and Analysis Tool? Template Setting Actual Setting Setting That Does Not Match Template Setting That Does Not Match Template

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.