Presentation is loading. Please wait.

Presentation is loading. Please wait.

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

Published byWill Tidd Modified over 9 years ago

Similar presentations

Presentation on theme: "MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security."— Presentation transcript:

1 MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security Policy

2 Guide to MCDST 70-2712 Objectives Understand the local security policy Understand group policies Use the Security Configuration and Analysis tool and secedit Perform troubleshooting for group policy

3 Guide to MCDST 70-2713 Local Security Policy Windows XP Professional is only subject to security restrictions of local security policy when it is a stand-alone system or member of a workgroup Group policy object –A collection of Registry settings that are applied to the system upon startup and user logon

4 Guide to MCDST 70-2714 Local Security Policy (continued) Contents of local security policy –Determined during installation Custom policies –Can be created through the use of.adm files.adm files used by group policy editors –Reside in the \inf subfolder of the main Windows XP directory

5 Guide to MCDST 70-2715 Local Security Policy (continued)

6 Guide to MCDST 70-2716 Local Security Policy (continued)

7 Guide to MCDST 70-2717 Password Policy Defines the restrictions on passwords Items in policy include: –Enforce password history: 0 passwords –Maximum password age: 42 days –Minimum password age: 0 days –Minimum password length: 0 characters

8 Guide to MCDST 70-2718 Account Lockout Policy Defines conditions that result when a user account is locked out Used to prevent brute force attacks against user accounts Items in policy include –Account lockout duration –Account lockout threshold: 0 invalid logon attempts –Reset account lockout counter after: Not Applicable

9 Guide to MCDST 70-2719 Account Lockout Policy (continued)

10 Guide to MCDST 70-27110 Audit Policy Defines events recorded in the Security log of the Event Viewer Auditing –Used to track resource usage Items in policy include: –Audit account logon events: No auditing –Audit account management: No auditing –Audit directory service access: No auditing

11 Guide to MCDST 70-27111 User Rights Assignment Defines which groups or users can perform the specific privileged action Troubleshooting user rights –A process of test, reconfigure, and retest

12 Guide to MCDST 70-27112 User Rights Assignment (continued)

13 Guide to MCDST 70-27113 Security Options Defines and controls various security features, functions, and controls Items in this policy include: –Accounts―Administrator account status: Enabled –Accounts―Guest account status: Disabled –Devices―Allow undock without having to logon: Enabled

14 Guide to MCDST 70-27114 Security Options (continued)

15 Guide to MCDST 70-27115 Public Key Policies Used to: –Offer additional controls over the Encrypting File System (EFS) –Enable the issuing of certificates –Allow you to establish trust in a certificate authority

16 Guide to MCDST 70-27116 Public Key Policies (continued)

17 Guide to MCDST 70-27117 Software Restriction Policies Used to restrict the programs and applications allowed to execute on a system Software restriction policies can be one of these: –“Deny all but the exceptions” method –“Allow all but the exceptions” method

18 Guide to MCDST 70-27118 Software Restriction Policies (continued)

19 Guide to MCDST 70-27119 IP Security Policies on Local Computer Used to define policies that control the function of IPSec Negotiates a secure encrypted communications link between a client and server through public and private encryption key management

20 Guide to MCDST 70-27120 IP Security Policies on Local Computer (continued) IPSec offers protection against: –Eavesdropping –Data modification –Identity spoofing –Password attacks –Denial-of-service attacks –Man-in-the-middle attacks

21 Guide to MCDST 70-27121 IP Security Policies on Local Computer (continued) Predefined IPSec policies –The Client (Respond Only) policy –The Server (Request Security) policy –The Secure Server (Require Security) policy Authentication methods –Kerberos version 5 –Public key certificate authentication –Preshared key

22 Guide to MCDST 70-27122 Group Policies An expanded version of the local security policy Divisions –Computer Configuration –User Configuration

23 Guide to MCDST 70-27123 Group Policies (continued)

24 Guide to MCDST 70-27124 Computer Configuration Used to define and regulate security-related features and functions Subnodes –Software Settings –The Windows Settings folder –The Administrative Templates folder

25 Guide to MCDST 70-27125 User Configuration Subfolders –Software Settings―empty by default –The Windows Settings folder―contains Internet Explorer Maintenance, Scripts (Logon/Logoff), and Security Settings –The Administrative Templates folder―contains a multilevel collection of user-specific, Registry- based controls

26 Guide to MCDST 70-27126 Application of Group Policies Applied in the following order: –Any existing legacy Windows NT 4.0 ntconfig.pol files are applied –Any unique local security policy is applied –Any site group policies are applied –Any domain group policies are applied –Any organizational units (OUs) group policies are applied

27 Guide to MCDST 70-27127 Security Configuration and Analysis Tool An MMC snap-in that can be used to analyze, configure, export, and validate system security based on a security template Security template –A predefined group policy file with specific levels of security Predefined security templates –compatws –hisecdc –hisecws

28 Guide to MCDST 70-27128 Using Secedit Used to analyze, configure, export, and validate security based on a security template Parameters of secedit –analyze –db FileName –cfg FileName –log FileName

29 Guide to MCDST 70-27129 Troubleshooting Policies If change does not seem to take effect on a system –Log out then back on –Reboot the system –If change still fails to take effect, examine the RSoP for the local system or access the Help and Support Center

30 Guide to MCDST 70-27130 Summary Local Security Policy tool –Used to manage passwords, account lockout parameters, audits, user rights Group policies –Domain-level versions of the local security policy Local computer policy (RSoP of applied GPOs) –Controls many aspects of the security system Troubleshooting GPOs includes discovering the RSoP

Download ppt "MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security."

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Chapter 13 Securing Windows Server 2008

Chapter 13 Securing Windows Server 2008
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.

Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.

Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Similar presentations

Ads by Google