Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Published byTerence Bryan Modified over 8 years ago

Similar presentations

Presentation on theme: "© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition."— Presentation transcript:

1 © Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition (70-294) Chapter 6: Planning Security for Active Directory

2 Active Directory Security 2 © Wiley Inc. 2006. All Rights Reserved. Permissions are assigned to AD objects. Through the use of permissions, you can control all aspects of network security.

3 Security Principals 3 © Wiley Inc. 2006. All Rights Reserved. User accounts Groups Computer accounts

4 Types of Groups 4 © Wiley Inc. 2006. All Rights Reserved. Security groups – considered security principals; can contain user accounts Distribution groups – not considered security principals; used only for sending e-mail In Windows 2000 native or Server 2003 functional level domains, you can convert security groups to or from distribution groups

5 Group Scope 5 © Wiley Inc. 2006. All Rights Reserved. Domain local – extends as far as the local machine Global – limited to a single domain Universal – can contain users from any domain within an AD forest

6 Limitations on Group Functionality in Mixed Level 6 © Wiley Inc. 2006. All Rights Reserved. Universal security groups are not available. Changing the scope of groups is not allowed. Group nesting is limited.

7 Native Mode Scope Changes 7 © Wiley Inc. 2006. All Rights Reserved. A domain local group can be changed to a universal group (only if the domain local group does not contain any other domain local groups) A global group can be changed to a universal group (only if the global group is not a member of any other global groups)

8 Built-in Local Groups 8 © Wiley Inc. 2006. All Rights Reserved. Account Operators Administrators Backup Operators Guests Print Operators Replicator Server Operators Users

9 Predefined Global Groups 9 © Wiley Inc. 2006. All Rights Reserved. Cert Publishers Domain Computers Domain Admins Domain Controllers Domain Guests Domain Users Enterprise Admins Group Policy Creator Owners Schema Admins

10 Foreign Security Principles 10 © Wiley Inc. 2006. All Rights Reserved. Allow you to grant permissions to users who reside in domains that are not part of the same forest Process is automatic and does not require intervention of systems administrators

11 Active Directory Object Permissions 11 © Wiley Inc. 2006. All Rights Reserved. Control Access Create Child Delete Child Delete Tree List Contents List Object Read Write

12 ACLs and ACEs 12 © Wiley Inc. 2006. All Rights Reserved. Access Control Lists (ACLs) exist for each object in Active Directory Access Control Entries (ACEs) exist for each ACL, define what a user or group can actually do with the resource

13 Delegating Control 13 © Wiley Inc. 2006. All Rights Reserved. Delegation is the process by which a higher-level security administrator assigns permissions to other users The Delegation of Control Wizard walks through the steps for selecting objects to delegate their permissions, and specifying the allowed permissions and the users who have them

14 Group Policy Security Setting Sections 14 © Wiley Inc. 2006. All Rights Reserved. Account Policies > Password Policy Account Policies > Account Lockout Policy Local Policies > Security Options

15 Smart Card Authentication 15 © Wiley Inc. 2006. All Rights Reserved. Smart cards store user certificate information in a magnetic strip Provide the system with a double- verification secure logon (smart card and accompanying PIN)

16 Security Configuration and Analysis Utility 16 © Wiley Inc. 2006. All Rights Reserved. Simplifies creation and application of security settings Can be used to create, modify, and apply security settings in the Registry through the use of security templates

17 Process for Security Configuration and Analysis 17 © Wiley Inc. 2006. All Rights Reserved. 1.Open or create a security database file 2.Import the existing template file 3.Analyze the local computer 4.Make any setting changes 5.Save any template changes 6.Export the new template (optional) 7.Apply the changes (optional)

18 Working with secedit.exe 18 © Wiley Inc. 2006. All Rights Reserved. Switches include: /analyze /configure /export /validate Has all the functionality of the Security Configuration and Analysis tool

19 Windows Server 2003 Auditing Steps 19 © Wiley Inc. 2006. All Rights Reserved. Configure the size and storage settings for the audit logs Enable categories of events to audit Specify which objects and actions should be recorded in the audit log

20 Main Auditing Categories 20 © Wiley Inc. 2006. All Rights Reserved. Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events

Download ppt "© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition."

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Windows Server 2003 使用者群組管理 林寶森

Windows Server 2003 使用者群組管理 林寶森
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
MOAC : Installing and Configuring Windows Server 2012

MOAC : Installing and Configuring Windows Server 2012
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Administering Active Directory

Administering Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

Similar presentations

Ads by Google