Module%208:%20Implementing%20Administrative%20Templates%20and%20Audit%20Policy - PowerPoint PPT Presentation

About This Presentation
Title:

Module%208:%20Implementing%20Administrative%20Templates%20and%20Audit%20Policy

Description:

Assign Judy Lew the right to log on locally to the domain controller ... Configures auditing and permissions on registry keys of Internet Explorer. IESacls.inf ... – PowerPoint PPT presentation

Number of Views:113
Avg rating:3.0/5.0
Slides: 32
Provided by: Bwin6
Category:

less

Transcript and Presenter's Notes

Title: Module%208:%20Implementing%20Administrative%20Templates%20and%20Audit%20Policy


1
Module 8 Implementing Administrative Templates
and Audit Policy
2
Overview
  • Managing User Rights in Windows Server 2003
  • Using Security Templates to Secure Computers
  • Testing Computer Security Policy
  • Configuring Auditing
  • Managing Security Logs

3
Lesson Managing User Rights in Windows Server
2003
  • What Are User Rights?
  • User Rights vs. Permissions
  • User Rights Assigned to Built-In Groups
  • Practice Assigning User Rights

4
What Are User Rights?
Examples of User Rights
5
User Rights vs. Permissions
User Rights Actions on System
Permissions Actions on Object
6
User Rights Assigned to Built-In Groups
Built-in local groups
  • Administrators
  • Backup Operators
  • Power Users
  • Remote Desktop Users
  • Users

Groups in Builtin container
  • Account Operators
  • Administrators
  • Backup Operators
  • PreWindows 2000 Compatible Access
  • Print Operators
  • Server Operators

Groups in Users container
  • Domain Admins
  • Enterprise Admins

7
Practice Assigning User Rights
  • In this practice, you will
  • Assign the Authenticated Users group the right to
    change the system time
  • Assign Judy Lew the right to log on locally to
    the domain controller

8
Lesson Using Security Templates to Secure
Computers
  • What Is a Security Policy?
  • What Are Security Templates?
  • What Are Security Template Settings?
  • Windows Server 2003 Security Guide Templates
  • Windows XP Security Guide Templates
  • Ways to Deploy Security Templates
  • Practice Using Security Templates to Secure
    Computers

9
What Is a Security Policy?
10
What Are Security Templates?
Template Description
Setup security.inf Default security settings
DC security.inf Default security settings for a domain controller
Compatws.inf Modifies permissions and registry settings for application compatibility
Securedc.inf and Securews.inf Enhances security settings
Hisecdc.inf and Hisecws.inf Increases the restrictions on security settings
Rootsec.inf Specifies permissions for the root of the system drive
IESacls.inf Configures auditing and permissions on registry keys of Internet Explorer
11
What Are Security Template Settings?
Security Template Setup Security
Sample Settings
12
Windows Server 2003 Security Guide Templates
The Windows Server 2003 Security Guide provides
  • Security documents and checklists
  • Sample scripts
  • Security templates for
  • Legacy Clients
  • Enterprise Clients
  • High Security

13
Windows XP Security Guide Templates
The Windows XP Security Guide provides
  • Security documents and checklists
  • Sample scripts
  • Administrative templates
  • Security templates for
  • Enterprise Clients
  • High Security
  • Legacy Clients

14
Ways to Deploy Security Templates
15
Practice Using Security Templates to Secure
Computers
  • In this practice, you will
  • Create a security template
  • Import the security template into a GPO and apply
    the GPO to an organizational unit

16
Lesson Testing Computer Security Policy
  • What Is the Security Configuration and Analysis
    Tool?
  • Practice Testing a Computer Security Policy

17
What Is the Security Configuration and Analysis
Tool?
Template Setting
Actual Setting
Setting That Does Not Match Template
18
Practice Testing a Computer Security Policy
  • In this practice, you will analyze a computers
    security policy by using a security template

19
Lesson Configuring Auditing
  • What Is Auditing?
  • What Is an Audit Policy?
  • Types of Events to Audit
  • Guidelines for Planning an Audit Policy
  • Practice Configuring Auditing
  • Best Practices for Configuring Auditing

20
What Is Auditing?
  • Auditing tracks user and operating system
    activities and records selected events in
    security logs
  • Enable auditing to
  • Create a baseline
  • Detect threats and attacks
  • Determine damages
  • Prevent further damage
  • Audit access to objects, management of accounts,
    and users logging on and logging off

21
What Is an Audit Policy?
  • An audit policy determines the security events
    that will be reported to the network
    administrator
  • Set up an audit policy to
  • Track success or failure of events
  • Minimize unauthorized use of resources
  • Maintain a record of activity
  • Security events are stored in security logs

22
Types of Events to Audit
  • Account Logon
  • Account Management
  • Directory Service Access
  • Logon
  • Object Access
  • Policy Change
  • Privilege Use
  • Process Tracking
  • System

23
Guidelines for Planning an Audit Policy
  • Determine the computers to set up auditing on
  • Determine which events to audit
  • Determine whether to audit success or failure
    events
  • Determine whether to track trends
  • Review security logs frequently

24
Practice Configuring Auditing
  • In this practice, you will create a GPO to
    enable auditing for files and folders

25
Best Practices for Configuring Auditing
  • Audit success events in the directory service
    access category
  • Audit success events in the object access category
  • Audit success and failure events in the system
    category
  • Audit success and failure events in the policy
    change category on domain controllers
  • Audit success and failure events in the account
    management category
  • Audit success events in the logon category
  • Audit success events in the account logon
    category on domain controllers

26
Lesson Managing Security Logs
  • Types of Log Files
  • Common Security Events
  • Tasks Associated with Managing the Security Log
    Files
  • Practice Managing Security Logs

27
Types of Log Files
  • The following logs are available in Event Viewer
  • Application
  • Security
  • System
  • Directory service
  • File Replication service

28
Common Security Events
Logon Event description
Event ID 528 Successful logon
Event ID 529 Unsuccessful logon attempt
Event ID 539 Attempts to log on to a locked out account
Security Log Event description
Event ID 517 Security log cleared
Shutdown Event description
Event ID 513 System is shut down
29
Tasks Associated with Managing the Security Log
Files
30
Practice Managing Security Logs
  • In this practice, you will
  • Configure security log properties
  • Create a security log filter that filters the
    failure events for Don Hall

31
Lab Managing Security Settings
  • In this lab, you will
  • Create a custom security template
  • Import and deploy the custom template
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Module%208:%20Implementing%20Administrative%20Templates%20and%20Audit%20Policy" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!