1 / 31

Module 8: Implementing Administrative Templates and Audit Policy

Module 8: Implementing Administrative Templates and Audit Policy. Overview. Managing User Rights in Windows Server 2003 Using Security Templates to Secure Computers Testing Computer Security Policy Configuring Auditing Managing Security Logs.

celine
Download Presentation

Module 8: Implementing Administrative Templates and Audit Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 8: Implementing Administrative Templates and Audit Policy

  2. Overview • Managing User Rights in Windows Server 2003 • Using Security Templates to Secure Computers • Testing Computer Security Policy • Configuring Auditing • Managing Security Logs

  3. Lesson: Managing User Rights in Windows Server 2003 • What Are User Rights? • User Rights vs. Permissions • User Rights Assigned to Built-In Groups • Practice: Assigning User Rights

  4. What Are User Rights? Examples of User Rights

  5. User Rights vs. Permissions User Rights: Actions on System Permissions: Actions on Object

  6. User Rights Assigned to Built-In Groups Built-in local groups: • Administrators • Backup Operators • Power Users • Remote Desktop Users • Users Groups in Builtin container: • Account Operators • Administrators • Backup Operators • Pre—Windows 2000 Compatible Access • Print Operators • Server Operators Groups in Users container: • Domain Admins • Enterprise Admins

  7. Practice: Assigning User Rights In this practice, you will: • Assign the Authenticated Users group the right to change the system time • Assign Judy Lew the right to log on locally to the domain controller

  8. Lesson: Using Security Templates to Secure Computers • What Is a Security Policy? • What Are Security Templates? • What Are Security Template Settings? • Windows Server 2003 Security Guide Templates • Windows XP Security Guide Templates • Ways to Deploy Security Templates • Practice: Using Security Templates to Secure Computers

  9. What Is a Security Policy?

  10. What Are Security Templates?

  11. What Are Security Template Settings? Security Template: Setup Security Sample Settings

  12. Windows Server 2003 Security Guide Templates The Windows Server 2003 Security Guide provides: • Security documents and checklists • Sample scripts • Security templates for: • Legacy Clients • Enterprise Clients • High Security

  13. Windows XP Security Guide Templates The Windows XP Security Guide provides: • Security documents and checklists • Sample scripts • Administrative templates • Security templates for: • Enterprise Clients • High Security • Legacy Clients

  14. Ways to Deploy Security Templates

  15. Practice: Using Security Templates to Secure Computers In this practice, you will: • Create a security template • Import the security template into a GPO and apply the GPO to an organizational unit

  16. Lesson: Testing Computer Security Policy • What Is the Security Configuration and Analysis Tool? • Practice: Testing a Computer Security Policy

  17. What Is the Security Configuration and Analysis Tool? Setting That Does Not Match Template Template Setting Actual Setting

  18. Practice: Testing a Computer Security Policy In this practice, you will analyze a computer’s security policy by using a security template

  19. Lesson: Configuring Auditing • What Is Auditing? • What Is an Audit Policy? • Types of Events to Audit • Guidelines for Planning an Audit Policy • Practice: Configuring Auditing • Best Practices for Configuring Auditing

  20. What Is Auditing? What occurred? Who did it? When? What was the result? • Auditing tracks user and operating system activities and records selected events in security logs • Enable auditing to: • Create a baseline • Detect threats and attacks • Determine damages • Prevent further damage • Audit access to objects, management of accounts, and users logging on and logging off

  21. What Is an Audit Policy? • An audit policydetermines the security events that will be reported to the network administrator • Set up an audit policy to: • Track success or failure of events • Minimize unauthorized use of resources • Maintain a record of activity • Security events are stored in security logs

  22. Types of Events to Audit • Account Logon • Account Management • Directory Service Access • Logon • Object Access • Policy Change • Privilege Use • Process Tracking • System

  23. Guidelines for Planning an Audit Policy • Determine the computers to set up auditing on • Determine which events to audit • Determine whether to audit success or failure events • Determine whether to track trends • Review security logs frequently

  24. Practice: Configuring Auditing In this practice, you will create a GPO to enable auditing for files and folders

  25. Best Practices for Configuring Auditing • Audit success events in the directory service access category • Audit success events in the object access category • Audit success and failure events in the system category • Audit success and failure events in the policy change category on domain controllers • Audit success and failure events in the account management category • Audit success events in the logon category • Audit success events in the account logon category on domain controllers

  26. Lesson: Managing Security Logs • Types of Log Files • Common Security Events • Tasks Associated with Managing the Security Log Files • Practice: Managing Security Logs

  27. Types of Log Files The following logs are available in Event Viewer: • Application • Security • System • Directory service • File Replication service

  28. Common Security Events

  29. Tasks Associated with Managing the Security Log Files

  30. Practice: Managing Security Logs In this practice, you will: • Configure security log properties • Create a security log filter that filters the failure events for Don Hall

  31. Lab: Managing Security Settings In this lab, you will: • Create a custom security template • Import and deploy the custom template

More Related