1 / 30

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System. Chapter 7: Troubleshoot Security Settings and Local Security Policy. Objectives. Understand the local security policy Understand group policies

lilike
Download Presentation

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security Policy

  2. Objectives • Understand the local security policy • Understand group policies • Use the Security Configuration and Analysis tool and secedit • Perform troubleshooting for group policy Guide to MCDST 70-271

  3. Local Security Policy • Windows XP Professional is only subject to security restrictions of local security policy when it is a stand-alone system or member of a workgroup • Group policy object • A collection of Registry settings that are applied to the system upon startup and user logon Guide to MCDST 70-271

  4. Local Security Policy (continued) • Contents of local security policy • Determined during installation • Custom policies • Can be created through the use of .adm files • .adm files used by group policy editors • Reside in the \inf subfolder of the main Windows XP directory Guide to MCDST 70-271

  5. Local Security Policy (continued) Guide to MCDST 70-271

  6. Local Security Policy (continued) Guide to MCDST 70-271

  7. Password Policy • Defines the restrictions on passwords • Items in policy include: • Enforce password history: 0 passwords • Maximum password age: 42 days • Minimum password age: 0 days • Minimum password length: 0 characters Guide to MCDST 70-271

  8. Account Lockout Policy • Defines conditions that result when a user account is locked out • Used to prevent brute force attacks against user accounts • Items in policy include • Account lockout duration • Account lockout threshold: 0 invalid logon attempts • Reset account lockout counter after: Not Applicable Guide to MCDST 70-271

  9. Account Lockout Policy (continued) Guide to MCDST 70-271

  10. Audit Policy • Defines events recorded in the Security log of the Event Viewer • Auditing • Used to track resource usage • Items in policy include: • Audit account logon events: No auditing • Audit account management: No auditing • Audit directory service access: No auditing Guide to MCDST 70-271

  11. User Rights Assignment • Defines which groups or users can perform the specific privileged action • Troubleshooting user rights • A process of test, reconfigure, and retest Guide to MCDST 70-271

  12. User Rights Assignment (continued) Guide to MCDST 70-271

  13. Security Options • Defines and controls various security features, functions, and controls • Items in this policy include: • Accounts―Administrator account status: Enabled • Accounts―Guest account status: Disabled • Devices―Allow undock without having to logon: Enabled Guide to MCDST 70-271

  14. Security Options (continued) Guide to MCDST 70-271

  15. Public Key Policies • Used to: • Offer additional controls over the Encrypting File System (EFS) • Enable the issuing of certificates • Allow you to establish trust in a certificate authority Guide to MCDST 70-271

  16. Public Key Policies (continued) Guide to MCDST 70-271

  17. Software Restriction Policies • Used to restrict the programs and applications allowed to execute on a system • Software restriction policies can be one of these: • “Deny all but the exceptions” method • “Allow all but the exceptions” method Guide to MCDST 70-271

  18. Software Restriction Policies (continued) Guide to MCDST 70-271

  19. IP Security Policies on Local Computer • Used to define policies that control the function of IPSec • Negotiates a secure encrypted communications link between a client and server through public and private encryption key management Guide to MCDST 70-271

  20. IP Security Policies on Local Computer (continued) • IPSec offers protection against: • Eavesdropping • Data modification • Identity spoofing • Password attacks • Denial-of-service attacks • Man-in-the-middle attacks Guide to MCDST 70-271

  21. IP Security Policies on Local Computer (continued) • Predefined IPSec policies • The Client (Respond Only) policy • The Server (Request Security) policy • The Secure Server (Require Security) policy • Authentication methods • Kerberos version 5 • Public key certificate authentication • Preshared key Guide to MCDST 70-271

  22. Group Policies • An expanded version of the local security policy • Divisions • Computer Configuration • User Configuration Guide to MCDST 70-271

  23. Group Policies (continued) Guide to MCDST 70-271

  24. Computer Configuration • Used to define and regulate security-related features and functions • Subnodes • Software Settings • The Windows Settings folder • The Administrative Templates folder Guide to MCDST 70-271

  25. User Configuration • Subfolders • Software Settings―empty by default • The Windows Settings folder―contains Internet Explorer Maintenance, Scripts (Logon/Logoff), and Security Settings • The Administrative Templates folder―contains a multilevel collection of user-specific, Registry-based controls Guide to MCDST 70-271

  26. Application of Group Policies • Applied in the following order: • Any existing legacy Windows NT 4.0 ntconfig.pol files are applied • Any unique local security policy is applied • Any site group policies are applied • Any domain group policies are applied • Any organizational units (OUs) group policies are applied Guide to MCDST 70-271

  27. Security Configuration and Analysis Tool • An MMC snap-in that can be used to analyze, configure, export, and validate system security based on a security template • Security template • A predefined group policy file with specific levels of security • Predefined security templates • compatws • hisecdc • hisecws Guide to MCDST 70-271

  28. Using Secedit • Used to analyze, configure, export, and validate security based on a security template • Parameters of secedit • analyze • db FileName • cfg FileName • log FileName Guide to MCDST 70-271

  29. Troubleshooting Policies • If change does not seem to take effect on a system • Log out then back on • Reboot the system • If change still fails to take effect, examine the RSoP for the local system or access the Help and Support Center Guide to MCDST 70-271

  30. Summary • Local Security Policy tool • Used to manage passwords, account lockout parameters, audits, user rights • Group policies • Domain-level versions of the local security policy • Local computer policy (RSoP of applied GPOs) • Controls many aspects of the security system • Troubleshooting GPOs includes discovering the RSoP Guide to MCDST 70-271

More Related