1 / 22

Chapter 6: Configuring Security

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options. Software Installation not available with LGPOs Remote Installation Services Scripts Printers Security Settings Policy-based QOS Administrative Templates Folder Redirection not available with LGPOs

Download Presentation

Chapter 6: Configuring Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 6: Configuring Security

  2. Group Policy and LGPO Setting Options • Software Installation • not available with LGPOs • Remote Installation Services • Scripts • Printers • Security Settings • Policy-based QOS • Administrative Templates • Folder Redirection • not available with LGPOs • Internet Explorer Configuration

  3. GPO Inheritance • Order of Inheritance • Local • Site (physical location) • Domain • Organizational Unit (OU) • Special Options • No Override • Block Inheritance

  4. Group Policy Result Tool • Tool is accessed through the GPResult.exe command-line utility. • GPResult displays the Resultant Set of Policy (RSOP) for the computer and the user who is currently logged in.

  5. Using Local Group Policies • Used to manage configuration settings for workstations in a workgroup environment without an Active Directory domain • Created and assigned through the Local Group Policy snap-in • Two types of policies: • Computer Configuration • User Configuration

  6. Multiple Local Group Policy Objects (MLGPOs) • New to Windows Vista • Enables Vista to apply LGPOs to specific users rather than apply them to every user on a computer • Applied in the following order: • Local Computer Policy • Administrators and Non-Administrators Local Group Policy • User-Specific Group Policy

  7. Setting Computer Configuration Policies • Three folders within the Computer Configuration folder: • Software Settings • Windows Settings • Administrative Templates • Scripts and Security Settings are found within the Windows Settings folder.

  8. Windows Settings • Scripts • Logon – Startup • Logoff – Shutdown • Security Settings • Account Policies • Local Policies • Windows Firewall with Advanced Security • Public Key Policies • Software Restriction Policies • IP Security Policies • Policy-based QOS

  9. Account Policies • Password Policy • Enforce Password History • Maximum Password Age • Minimum Password Age • Minimum Password Length • Password Must Meet Complexity Requirements • Store Passwords Using Reversible Encryption • Account Lockout Policy • Account Lockout Duration • Account Lockout Threshold • Reset Account Lockout Counter After –

  10. Local Policies • Audit Policy • User Rights Assessment • Security Options • Contains new policies relating to User Account Control (UAC)

  11. User Account Control • New to Windows Vista • Protects computers by requiring privilege elevation for all users including local Administrators (except the built-in Administrator account) • Privilege escalation is required whenever the four-color shield icon is present:

  12. Windows Security Center • Used to configure settings for: • Windows Firewall • Automatic Updating • Malware Protection • Other Security Settings

  13. Windows Firewall • Protects computer from unauthorized users or malicious software • Configuration • General Tab • Exceptions Tab • Advanced Tab • Windows Firewall with Advanced Security is used to configure advanced settings, including inbound and outbound rules

  14. Windows Defender • Formerly Microsoft AntiSpyware • Protects computer from spyware threats • Tools and Settings • Options • Microsoft SpyNet • Quarantined Items • Allowed Items • Software Explorer • Windows Defender website

  15. BitLocker Drive Encryption • Included with Vista Enterprise and Vista Ultimate • Used to encrypt the system drive • Files on other drives must be encrypted with another method, such as Encrypting File System (EFS)

  16. NTFS Permissions • Six levels of permissions • Full Control • Modify • Read & Execute • List Folder Contents • Read • Write

  17. Controlling Inheritance • By default, subfolders and files inherit the permissions assigned to the parent folder. • Prevent permissions from propagating to subfolders and files by clearing the Include Inheritable Permissions from This Object’s Parent check box.

  18. Determining Effective Permissions • To determine a user’s effective rights to a file or folder: • Add all the permissions that are allowed to the user to all permissions granted to the groups of which the user is a member. • Subtract any permissions similarly denied to the user or the user’s groups.

  19. Determining NTFS Permissions for Copied and Moved Files

  20. Managing Network Access • Share folders that contain files you want to be accessible over the network • Configure sharing from the Sharing tab of the folder properties dialog box

  21. Configuring Share Permissions • Permissions can be assigned to users and groups • Full Control • Allows full access to the folder • Change • Allows users to change data in files or to delete files • Read • Allows users to view and execute files

  22. NTFS Permissions +Shared Permissions • NTFS security and shared folder security work together • The most restrictive permissions are the effective permissions: • NTFS security more restrictive than shared folder security = NTFS permissions are effective • Shared folder security more restrictive than NTFS security = Shared folder permissions are effective

More Related