Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 10: Implementing Administrative Templates and Audit Policy.

Published byLiliana Charity Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 10: Implementing Administrative Templates and Audit Policy."— Presentation transcript:

1 Module 10: Implementing Administrative Templates and Audit Policy

2 Overview Overview of Security in Windows Server 2003 Using Security Templates to Secure Computers Testing Computer Security Policy Configuring Auditing Managing Security Logs

3 Lesson: Overview of Security in Windows Server 2003 What Are User Rights? User Rights vs. Permissions User Rights Assigned to Built-in Groups How to Assign User Rights

4 What Are User Rights? Examples of User Rights

5 User Rights vs. Permissions User Rights: Actions on System User Rights: Actions on System Permissions: Actions on Object

6 User Rights Assigned to Built-in Groups Built-in local groups: Administrators Backup Operators Power Users Remote Desktop Users Users Administrators Backup Operators Power Users Remote Desktop Users Users Groups in Builtin container: Account Operators Administrators Backup Operators Pre-Windows 2000 Compatible Access Print Operators Server Operators Account Operators Administrators Backup Operators Pre-Windows 2000 Compatible Access Print Operators Server Operators Groups in Users container: Domain Admins Enterprise Admins Domain Admins Enterprise Admins

7 How to Assign User Rights Your Instructor will demonstrate how to manually assign user rights

8 Practice: Assigning User Rights In this practice, you will:  Remove a user right and test if it was removed  Add a user right and test if it was added

9 Lesson: Using Security Templates to Secure Computers What Is a Security Policy? What Are Security Templates? What Are Security Template Settings? How to Create a Custom Security Template How to Import a Security Template

10 What Is a Security Policy?

11 What Are Security Templates? TemplateDescription Default Security (Setup security.inf) Specifies default security settings Domain Controller Default Security (DC security.inf) Specifies default security settings updated from Setup security.inf for a domain controller Compatible (Compatws.inf) Modifies permissions and registry settings for the Users group to enable maximum application compatibility Secure (Securedc.inf and Securews.inf) Enhances security settings that are least likely to impact application compatibility Highly Secure (Hisecdc.inf and Hisecws.inf) Increases the restrictions on security settings System Root Security (Rootsec.inf) Specifies permissions for the root of the system drive

12 What Are Security Template Settings? Security Template: Setup Security Sample of Settings

13 How to Create a Custom Security Template Your instructor will demonstrate how to: Customize a predefined security template Create a new security template Customize a predefined security template Create a new security template

14 How to Import a Security Template Your instructor will demonstrate how to: Import a security template to a local computer Import a security template to a GPO Import a security template to a local computer Import a security template to a GPO

15 Practice: Using Security Templates to Secure Computers In this practice, you will:  Create a security template  Import a security template to a GPO

16 Lesson: Testing Computer Security Policy What is the Security Configuration and Analysis tool? How to Test Computer Security

17 What is the Security Configuration and Analysis tool? Template Setting Actual Setting Setting That Does Not Match Template

18 How to Test Computer Security Your instructor will demonstrate how to analyze security settings on a computer by using Security Configuration and Analysis

19 Practice: Testing Computer Security In this practice, you will:  Create a custom security template  Analyze the security settings on your computer with the security settings in the custom security template

20 Lesson: Configuring Auditing What Is Auditing? What Is Audit Policy? Types of Events to Audit Guidelines for Planning an Audit Policy How to Enable an Audit Policy How to Enable Auditing for Files and Folders How to Enable Auditing for Active Directory Objects Best Practices for Configuring Auditing

21 What Is Auditing? Auditing tracks user and operating system activities and records selected events in security logs Enable auditing to:  Create a baseline  Detect threats and attacks  Determine damages  Prevent further damage Audit access to objects, management of accounts, and users logging on and logging off What occurred? When? Who did it? What was the result?

22 What Is Audit Policy? An audit policy determines the security events that will be reported to the network administrator Set up an audit policy to:  Track success or failure of events  Minimize unauthorized use of resources  Maintain a record of activity Security events are stored in security logs

23 Types of Events to Audit Account Logon Account Management Directory Service Access Logon Object Access Policy Change Privilege Use Process Tracking System

24 Guidelines for Planning an Audit Policy Determine the computers to set up auditing on Determine which events to audit Determine whether to audit success or failure events Determine whether you need to track trends Review security logs frequently

25 How to Enable an Audit Policy Your instructor will demonstrate how to: Configure an audit policy on a local computer Configure an audit policy on a domain or organizational unit Configure an audit policy on a local computer Configure an audit policy on a domain or organizational unit

26 How to Enable Auditing for Files and Folders Your instructor will demonstrate how to enable auditing for files and folders

27 Practice: Enabling Auditing for Files and Folders In this practice, you will enable auditing for files and folders

28 How to Enable Auditing for Active Directory Objects Your instructor will demonstrate how to: Delegate an account for auditing Enable auditing for an organizational unit Delegate an account for auditing Enable auditing for an organizational unit

29 Practice: Enabling Auditing for an Organizational Unit In this practice, you will enable auditing for an organizational unit

30 Best Practices for Configuring Auditing Audit success events in the directory service access category Audit success events in the object access category Audit success and failure events in the system category Audit success and failure events in the policy change category on domain controllers Audit success and failure events in the account management category Audit success events in the logon category Audit success events in the account logon category on domain controllers Set an appropriate size for the security log

31 Lesson: Managing Security Logs What Are Log Files? Common Security Events Tasks Associated with Managing the Security Log Files How to Manage Security Log File Information How to View Security Log Events

32 What Are Log Files? Application Security System Directory service File Replication service The following logs are available in Event Viewer:

33 Common Security Events Logon Event Description Event ID 528 Successful logon Event ID 529 Unsuccessful logon attempt Event ID 539 Attempts to log on to a locked out account File OwnershipEvent Description Event ID 578 Change in file ownership Security LogEvent Description Event ID 517 Security log cleared ShutdownEvent Description Event ID 513 System is shut down

34 Tasks Associated with Managing the Security Log Files

35 How to Manage Security Log File Information Your instructor will demonstrate how to: Manage security log files by using Computer Management Manage security log files by using Group Policy Manage security log files by using Computer Management Manage security log files by using Group Policy

36 How to View Security Log Events Your instructor will demonstrate how to: Filter security log files View security log files Filter security log files View security log files

37 Practice: Managing Log File Information In this practice, you will:  Configure security log properties  Verify the events being recorded in a security log file

38 Lab A: Managing Security Settings In this lab, you will:  Create a custom security template  Test your computer configuration against the custom security template  Deploy the custom security template by using Group Policy  Audit security of an organizational unit

39 Course Evaluation

Download ppt "Module 10: Implementing Administrative Templates and Audit Policy."

Similar presentations

Guide to MCSE 70-290, Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
 Overview User Accounts Groups User Rights Permissions.

 Overview User Accounts Groups User Rights Permissions.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.

Similar presentations

Ads by Google