mcdst 70 271 supporting users and troubleshooting a microsoft windows xp operating system n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System PowerPoint Presentation
Download Presentation
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System

Loading in 2 Seconds...

play fullscreen
1 / 30

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System - PowerPoint PPT Presentation


  • 154 Views
  • Uploaded on

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System. Chapter 7: Troubleshoot Security Settings and Local Security Policy. Objectives. Understand the local security policy Understand group policies

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System' - lilike


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
mcdst 70 271 supporting users and troubleshooting a microsoft windows xp operating system

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System

Chapter 7: Troubleshoot Security Settings and Local Security Policy

objectives
Objectives
  • Understand the local security policy
  • Understand group policies
  • Use the Security Configuration and Analysis tool and secedit
  • Perform troubleshooting for group policy

Guide to MCDST 70-271

local security policy
Local Security Policy
  • Windows XP Professional is only subject to security restrictions of local security policy when it is a stand-alone system or member of a workgroup
  • Group policy object
    • A collection of Registry settings that are applied to the system upon startup and user logon

Guide to MCDST 70-271

local security policy continued
Local Security Policy (continued)
  • Contents of local security policy
    • Determined during installation
  • Custom policies
    • Can be created through the use of .adm files
  • .adm files used by group policy editors
    • Reside in the \inf subfolder of the main Windows XP directory

Guide to MCDST 70-271

password policy
Password Policy
  • Defines the restrictions on passwords
  • Items in policy include:
    • Enforce password history: 0 passwords
    • Maximum password age: 42 days
    • Minimum password age: 0 days
    • Minimum password length: 0 characters

Guide to MCDST 70-271

account lockout policy
Account Lockout Policy
  • Defines conditions that result when a user account is locked out
  • Used to prevent brute force attacks against user accounts
  • Items in policy include
    • Account lockout duration
    • Account lockout threshold: 0 invalid logon attempts
    • Reset account lockout counter after: Not Applicable

Guide to MCDST 70-271

audit policy
Audit Policy
  • Defines events recorded in the Security log of the Event Viewer
  • Auditing
    • Used to track resource usage
  • Items in policy include:
    • Audit account logon events: No auditing
    • Audit account management: No auditing
    • Audit directory service access: No auditing

Guide to MCDST 70-271

user rights assignment
User Rights Assignment
  • Defines which groups or users can perform the specific privileged action
  • Troubleshooting user rights
    • A process of test, reconfigure, and retest

Guide to MCDST 70-271

security options
Security Options
  • Defines and controls various security features, functions, and controls
  • Items in this policy include:
    • Accounts―Administrator account status: Enabled
    • Accounts―Guest account status: Disabled
    • Devices―Allow undock without having to logon: Enabled

Guide to MCDST 70-271

security options continued
Security Options (continued)

Guide to MCDST 70-271

public key policies
Public Key Policies
  • Used to:
    • Offer additional controls over the Encrypting File System (EFS)
    • Enable the issuing of certificates
    • Allow you to establish trust in a certificate authority

Guide to MCDST 70-271

public key policies continued
Public Key Policies (continued)

Guide to MCDST 70-271

software restriction policies
Software Restriction Policies
  • Used to restrict the programs and applications allowed to execute on a system
  • Software restriction policies can be one of these:
    • “Deny all but the exceptions” method
    • “Allow all but the exceptions” method

Guide to MCDST 70-271

ip security policies on local computer
IP Security Policies on Local Computer
  • Used to define policies that control the function of IPSec
  • Negotiates a secure encrypted communications link between a client and server through public and private encryption key management

Guide to MCDST 70-271

ip security policies on local computer continued
IP Security Policies on Local Computer (continued)
  • IPSec offers protection against:
    • Eavesdropping
    • Data modification
    • Identity spoofing
    • Password attacks
    • Denial-of-service attacks
    • Man-in-the-middle attacks

Guide to MCDST 70-271

ip security policies on local computer continued1
IP Security Policies on Local Computer (continued)
  • Predefined IPSec policies
    • The Client (Respond Only) policy
    • The Server (Request Security) policy
    • The Secure Server (Require Security) policy
  • Authentication methods
    • Kerberos version 5
    • Public key certificate authentication
    • Preshared key

Guide to MCDST 70-271

group policies
Group Policies
  • An expanded version of the local security policy
  • Divisions
    • Computer Configuration
    • User Configuration

Guide to MCDST 70-271

group policies continued
Group Policies (continued)

Guide to MCDST 70-271

computer configuration
Computer Configuration
  • Used to define and regulate security-related features and functions
  • Subnodes
    • Software Settings
    • The Windows Settings folder
    • The Administrative Templates folder

Guide to MCDST 70-271

user configuration
User Configuration
  • Subfolders
    • Software Settings―empty by default
    • The Windows Settings folder―contains Internet Explorer Maintenance, Scripts (Logon/Logoff), and Security Settings
    • The Administrative Templates folder―contains a multilevel collection of user-specific, Registry-based controls

Guide to MCDST 70-271

application of group policies
Application of Group Policies
  • Applied in the following order:
    • Any existing legacy Windows NT 4.0 ntconfig.pol files are applied
    • Any unique local security policy is applied
    • Any site group policies are applied
    • Any domain group policies are applied
    • Any organizational units (OUs) group policies are applied

Guide to MCDST 70-271

security configuration and analysis tool
Security Configuration and Analysis Tool
  • An MMC snap-in that can be used to analyze, configure, export, and validate system security based on a security template
  • Security template
    • A predefined group policy file with specific levels of security
  • Predefined security templates
    • compatws
    • hisecdc
    • hisecws

Guide to MCDST 70-271

using secedit
Using Secedit
  • Used to analyze, configure, export, and validate security based on a security template
  • Parameters of secedit
    • analyze
    • db FileName
    • cfg FileName
    • log FileName

Guide to MCDST 70-271

troubleshooting policies
Troubleshooting Policies
  • If change does not seem to take effect on a system
    • Log out then back on
    • Reboot the system
    • If change still fails to take effect, examine the RSoP for the local system or access the Help and Support Center

Guide to MCDST 70-271

summary
Summary
  • Local Security Policy tool
    • Used to manage passwords, account lockout parameters, audits, user rights
  • Group policies
    • Domain-level versions of the local security policy
  • Local computer policy (RSoP of applied GPOs)
    • Controls many aspects of the security system
  • Troubleshooting GPOs includes discovering the RSoP

Guide to MCDST 70-271