Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Planning and Administrative Delegation Lesson 6.

Published byAsher Anthony Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Planning and Administrative Delegation Lesson 6."— Presentation transcript:

1 Security Planning and Administrative Delegation Lesson 6

2 Skills Matrix Technology SkillObjective DomainObjective # Creating an OU StructureMaintain Active Directory accounts 4.2

3 Lesson 6 Configuring Strong Passwords At least eight characters in length Contains uppercase and lowercase letters, numbers, and nonalphabetic characters At least one character from each of the previous character types Differs significantly from other previously used passwords

4 Lesson 6 Implementing Smart Cards for Authentication Users no longer need to remember passwords. All information is stored on the smart card, making it difficult for anyone except the intended user to use or access it. Security operations, such as cryptographic functions, are performed on the smart card itself rather than on the network server or local computer. This provides a higher level of security for sensitive transactions.

5 Lesson 6 Implementing Smart Cards for Authentication (cont.) Smart cards can be used from remote locations, such as a home office, to provide authentication services. The risk of remote attacks using a username and password is significantly reduced by smart cards.

6 Lesson 6 Installing Active Directory Certificate Services Click Start, and then select Server Manager. Click Roles, and then select Add roles. On the Select Server Roles screen, place a checkmark next to Active Directory Certificate Services and click Next. Click Next after you read the information displayed.

7 Lesson 6 Installing Active Directory Certificate Services (cont.) Select the Certification Authority component, and click Next to continue. Select Enterprise and click Next to continue.

8 Lesson 6 Installing Active Directory Certificate Services (cont.) Select Root CA, and click Next to continue. Select Create a new private key, and click Next to continue. On the Configure Cryptography for CA screen, click Next to accept the default values for the cryptographic service provider (CSP), key character length, and hash algorithm.

9 Lesson 6 Installing Active Directory Certificate Services (cont.) Click Next to accept the default values. On the Set the Certificate Validity Period screen, select a validity period of 2 years, and click Next to continue.

10 Lesson 6 Installing Active Directory Certificate Services (cont.) Click Next to accept the default values and continue. Click Install after you confirmed your installation choices. Click Close after the installation has completed.

11 Lesson 6 Enabling a User Account for Smart Card Authentication Open Active Directory Users and Computers. Navigate to the container holding the user you wish to modify. Right-click the user account, and select Properties.

12 Lesson 6 Enabling a User Account for Smart Card Authentication (cont.) In the Properties dialog box, select the Account tab. In the Account Options list, click Smart Card Is Required For Interactive Logon, and then click OK.

13 Lesson 6 Using Run As from the GUI From the Start button, navigate to the application you wish to run. Press and hold the Shift key, and right-click the desired application. Select the Run as administrator option.

14 Lesson 6 Using Run As from the GUI (cont.) If you are already logged on as an administrative user, you will be presented with a User Account Control confirmation dialog box. Click Continue to launch the selected program using administrative credentials.

15 Lesson 6 Delegating Administrative Control of an OU Open Active Directory Users and Computers. Right-click the object to which you wish to delegate control, and click Delegate Control. Click Next on the Welcome to the Delegation of Control Wizard page. Click Add on the Users or Groups page.

16 Lesson 6 Delegating Administrative Control of an OU (cont.) In the Select Users, Computers, or Groups dialog box, key the user or group to which you want to delegate administration in the Enter the object names to select box, and click OK. Click Next to proceed. Click Create a custom task to delegate, and click Next.

17 Lesson 6 Delegating Administrative Control of an OU (cont.) Click This folder, existing objects in this folder, and creation of new objects in this folder. Click Next to proceed.

18 Lesson 6 Delegating Administrative Control of an OU (cont.) On the Permissions page shown in Figure 6-9, set the delegated permissions according to your needs for the user or group that has delegated control. After selecting the appropriate permissions, click Next to proceed. Review your choices carefully, and click Finish.

19 Lesson 6 Verifying and Removing Delegated Permissions Open Active Directory Users and Computers. Click the View menu, and then click Advanced Features. Navigate in the left pane to the object for which you wish to verify delegated permissions, right- click the object, and select Properties. On the Security tab, click Advanced.

20 Lesson 6 Verifying and Removing Delegated Permissions (cont.) On the Permissions tab under Permissions entries, view the assigned permissions. Select the user or group for which you wish to remove delegated control privileges, and click Remove. Click OK twice to exit the Properties window.

21 Lesson 6 Moving an Object Between OUs Using Drag-and-Drop In Active Directory Users and Computers, select the object you wish to move.  If you wish to move multiple objects, press and hold the Ctrl key while selecting the objects you wish to move. While holding down the left mouse button, drag the object to the desired destination OU and release the mouse. The object will appear in its new location.

22 Lesson 6 Moving an Object Between OUs Using the Move Option In Active Directory Users and Computers, select the object you wish to move.  If you wish to move multiple objects, press and hold the Ctrl key while selecting the objects you wish to move. Right-click the selected object(s), and select Move from the shortcut menu.

23 Lesson 6 Moving an Object Between OUs Using the Move Option (cont.) In the Move dialog box, select the container object that is the destination for the selected objects, and click OK.

24 Summary You Learned Creating a naming standards document will assist in planning a consistent Active Directory environment that is easier to manage. Securing user accounts includes educating users to the risks of attacks, implementing a strong password policy, and possibly introducing a smart card infrastructure into your environment.

25 Summary You Learned (cont.) As part of creating a secure environment, you should create standard user accounts for administrators and direct them to use Run as administrator or runas when performing administrative tasks. When planning your OU structure, consider the business function, organizational structure, and administrative goals for your network. Delegation of administrative tasks should be a consideration in your plan.

26 Summary You Learned (cont.) Administrative tasks can be delegated for a domain, OU, or container to achieve a decentralized management structure. Permissions can be delegated using the Delegation of Control Wizard. Verification or removal of these permissions must be achieved through the Security tab in the Properties dialog box of the affected container.

27 Summary You Learned (cont.) Moving objects between containers and OUs within a domain can be achieved by using the Move menu command, the drag-and-drop feature in Active Directory Users and Computers, or the dsmove utility from a command line.

Download ppt "Security Planning and Administrative Delegation Lesson 6."

Similar presentations

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
XP Tutorial 4 New Perspectives on Microsoft Windows XP 1 Microsoft Windows XP Personalizing Your Windows Environment Tutorial 4.

XP Tutorial 4 New Perspectives on Microsoft Windows XP 1 Microsoft Windows XP Personalizing Your Windows Environment Tutorial 4.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 11 Exploring Windows XP Vol. 1 Part One - Windows XP Professional: The Basics.

Chapter 11 Exploring Windows XP Vol. 1 Part One - Windows XP Professional: The Basics.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Lesson 19 – ADMINISTERING WINDOWS 2000 SERVER : THE BASICS.

Lesson 19 – ADMINISTERING WINDOWS 2000 SERVER : THE BASICS.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
WINDOWS XP BACKNEXTEND 1-1 LINKS TO OBJECTIVES Starting Windows Using the Taskbar, opening & switching programs Using the Taskbar, opening & switching.

WINDOWS XP BACKNEXTEND 1-1 LINKS TO OBJECTIVES Starting Windows Using the Taskbar, opening & switching programs Using the Taskbar, opening & switching.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Performing Software Installation with Group Policy

Performing Software Installation with Group Policy
Ch 9 Managing Active Directory User Accounts. Objectives Create Organizational Unit Creating User Accounts in Active Directory Disabling, Enabling, and.

Ch 9 Managing Active Directory User Accounts. Objectives Create Organizational Unit Creating User Accounts in Active Directory Disabling, Enabling, and.
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Copyright 2007, EMC Paradigm Publishing Inc. WINDOWS XP BACKNEXTEND 1-1 LINKS TO OBJECTIVES Starting Windows Using the Taskbar, opening & switching programs.

Copyright 2007, EMC Paradigm Publishing Inc. WINDOWS XP BACKNEXTEND 1-1 LINKS TO OBJECTIVES Starting Windows Using the Taskbar, opening & switching programs.
Configuring Active Directory Certificate Services Lesson 13.

Configuring Active Directory Certificate Services Lesson 13.
Configuring Task Scheduler Lesson 9. Skills Matrix Technology SkillObjective Domain SkillDomain # Understanding Task Scheduler Configure and manage the.

Configuring Task Scheduler Lesson 9. Skills Matrix Technology SkillObjective Domain SkillDomain # Understanding Task Scheduler Configure and manage the.

Similar presentations

Ads by Google