Module 10: Implementing Administrative Templates and Audit Policy

OverviewOverview of Security in Windows Server 2003Using Security Templates to Secure ComputersTesting Computer Security PolicyConfiguring AuditingManaging Security Logs

Lesson: Overview of Security in Windows Server 2003 What Are User Rights?User Rights vs. PermissionsUser Rights Assigned to Built-in GroupsHow to Assign User Rights

What Are User Rights?

User Rights vs. Permissions

User Rights:Actions on SystemPermissions: Actions on Object

User Rights Assigned to Built-in Groups

Built-in local groups:AdministratorsBackup OperatorsPower UsersRemote Desktop UsersUsers

Groups in Users container:Domain AdminsEnterprise Admins

How to Assign User Rights

Your Instructor will demonstrate how to manually assign user rights

Practice: Assigning User RightsIn this practice, you will:Remove a user right and test if it was removedAdd a user right and test if it was added

Lesson: Using Security Templates to Secure ComputersWhat Is a Security Policy?What Are Security Templates?What Are Security Template Settings?How to Create a Custom Security TemplateHow to Import a Security Template

What Is a Security Policy?

What Are Security Templates?

TemplateDescriptionDefault Security (Setup security.inf)Specifies default security settingsDomain Controller Default Security (DC security.inf)Specifies default security settings updated from Setup security.inf for a domain controllerCompatible (Compatws.inf)Modifies permissions and registry settings for the Users group to enable maximum application compatibilitySecure (Securedc.inf and Securews.inf)Enhances security settings that are least likely to impact application compatibilityHighly Secure (Hisecdc.inf and Hisecws.inf)Increases the restrictions on security settingsSystem Root Security (Rootsec.inf)Specifies permissions for the root of the system drive

What Are Security Template Settings?

Security Template: Setup SecuritySample of Settings

How to Create a Custom Security Template

Your instructor will demonstrate how to:Customize a predefined security template Create a new security template

How to Import a Security Template

Your instructor will demonstrate how to:Import a security template to a local computerImport a security template to a GPO

Practice: Using Security Templates to Secure ComputersIn this practice, you will:Create a security templateImport a security template to a GPO

Lesson: Testing Computer Security PolicyWhat is the Security Configuration and Analysis tool? How to Test Computer Security

What is the Security Configuration and Analysis tool?

Template SettingActual Setting

How to Test Computer Security

Your instructor will demonstrate how to analyze security settings on a computer by using Security Configuration and Analysis

Practice: Testing Computer Security In this practice, you will:Create a custom security templateAnalyze the security settings on your computer with the security settings in the custom security template

Lesson: Configuring AuditingWhat Is Auditing?What Is Audit Policy?Types of Events to AuditGuidelines for Planning an Audit PolicyHow to Enable an Audit PolicyHow to Enable Auditing for Files and FoldersHow to Enable Auditing for Active Directory ObjectsBest Practices for Configuring Auditing

What Is Auditing?Auditing tracks user and operating system activities and records selected events in security logs

Enable auditing to:

Create a baselineDetect threats and attacksDetermine damagesPrevent further damageAudit access to objects, management of accounts, and users logging on and logging off

What Is Audit Policy?An audit policy determines the security events that will be reported to the network administrator Set up an audit policy to:

Track success or failure of eventsMinimize unauthorized use of resourcesMaintain a record of activity Security events are stored in security logs

Types of Events to AuditAccount LogonAccount ManagementDirectory Service AccessLogonObject AccessPolicy ChangePrivilege UseProcess TrackingSystem

Guidelines for Planning an Audit Policy

Determine the computers to set up auditing on

Determine which events to audit

Determine whether to audit success or failure events

Determine whether you need to track trends

Review security logs frequently

How to Enable an Audit Policy

Your instructor will demonstrate how to:Configure an audit policy on a local computerConfigure an audit policy on a domain or organizational unit

How to Enable Auditing for Files and Folders

Your instructor will demonstrate how to enable auditing for files and folders

Practice: Enabling Auditing for Files and FoldersIn this practice, you will enable auditing for files and folders

How to Enable Auditing for Active Directory Objects

Your instructor will demonstrate how to:Delegate an account for auditingEnable auditing for an organizational unit

Practice: Enabling Auditing for an Organizational UnitIn this practice, you will enable auditing for an organizational unit

Best Practices for Configuring Auditing

Lesson: Managing Security LogsWhat Are Log Files?Common Security EventsTasks Associated with Managing the Security Log FilesHow to Manage Security Log File InformationHow to View Security Log Events

What Are Log Files?

ApplicationSecuritySystemDirectory serviceFile Replication service

The following logs are available in Event Viewer:

Common Security Events

LogonEvent DescriptionEvent ID 528Successful logonEvent ID 529Unsuccessful logon attemptEvent ID 539Attempts to log on to a locked out account

File OwnershipEvent DescriptionEvent ID 578Change in file ownership

Security LogEvent DescriptionEvent ID 517Security log cleared

ShutdownEvent DescriptionEvent ID 513System is shut down

Tasks Associated with Managing the Security Log Files

How to Manage Security Log File Information

Your instructor will demonstrate how to:Manage security log files by using Computer ManagementManage security log files by using Group Policy

How to View Security Log Events

Your instructor will demonstrate how to:Filter security log filesView security log files

Practice: Managing Log File InformationIn this practice, you will:Configure security log propertiesVerify the events being recorded in a security log file

Lab A: Managing Security SettingsIn this lab, you will:Create a custom security templateTest your computer configuration against the custom security templateDeploy the custom security template by using Group PolicyAudit security of an organizational unit

Course Evaluation