Download - Chapter 6 - Power Point
![Page 1: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/1.jpg)
Chapter 6: Configuring Security
![Page 2: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/2.jpg)
Group Policy and LGPO Setting Options
• Software Installation• not available with LGPOs
• Remote Installation Services• Scripts• Printers• Security Settings• Policy-based QOS• Administrative Templates• Folder Redirection
• not available with LGPOs
• Internet Explorer Configuration
2/22
![Page 3: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/3.jpg)
GPO Inheritance
• Order of Inheritance– Local– Site (physical location)– Domain– Organizational Unit (OU)
• Special Options– No Override– Block Inheritance
3/22
![Page 4: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/4.jpg)
Group Policy Result Tool
• Tool is accessed through the GPResult.exe command-line utility.
• GPResult displays the Resultant Set of Policy (RSOP) for the computer and the user who is currently logged in.
4/22
![Page 5: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/5.jpg)
Using Local Group Policies
• Used to manage configuration settings for workstations in a workgroup environment without an Active Directory domain
• Created and assigned through the Local Group Policy snap-in
• Two types of policies:– Computer Configuration– User Configuration
5/22
![Page 6: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/6.jpg)
Multiple Local Group Policy Objects (MLGPOs)
• New to Windows Vista
• Enables Vista to apply LGPOs to specific users rather than apply them to every user on a computer
• Applied in the following order:– Local Computer Policy– Administrators and Non-Administrators
Local Group Policy– User-Specific Group Policy
6/22
![Page 7: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/7.jpg)
Setting Computer Configuration Policies
• Three folders within the Computer Configuration folder:– Software Settings– Windows Settings– Administrative Templates
• Scripts and Security Settings are found within the Windows Settings folder.
7/22
![Page 8: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/8.jpg)
Windows Settings
• Scripts– Logon – Startup– Logoff – Shutdown
• Security Settings– Account Policies– Local Policies– Windows Firewall with Advanced
Security– Public Key Policies– Software Restriction Policies– IP Security Policies
• Policy-based QOS8/22
![Page 9: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/9.jpg)
Account Policies
• Password Policy– Enforce Password History– Maximum Password Age– Minimum Password Age– Minimum Password Length– Password Must Meet Complexity Requirements– Store Passwords Using Reversible Encryption
• Account Lockout Policy– Account Lockout Duration– Account Lockout Threshold– Reset Account Lockout Counter After
–
9/22
![Page 10: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/10.jpg)
Local Policies
• Audit Policy
• User Rights Assessment
• Security Options– Contains new policies relating to
User Account Control (UAC)
10/22
![Page 11: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/11.jpg)
User Account Control
• New to Windows Vista• Protects computers by requiring
privilege elevation for all users including local Administrators (except the built-in Administrator account)
• Privilege escalation is required whenever the four-color shield icon is present:
11/22
![Page 12: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/12.jpg)
Windows Security Center
• Used to configure settings for:– Windows Firewall– Automatic Updating– Malware Protection– Other Security Settings
12/22
![Page 13: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/13.jpg)
Windows Firewall
• Protects computer from unauthorized users or malicious software
• Configuration– General Tab– Exceptions Tab– Advanced Tab
• Windows Firewall with Advanced Security is used to configure advanced settings, including inbound and outbound rules
13/22
![Page 14: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/14.jpg)
Windows Defender
• Formerly Microsoft AntiSpyware• Protects computer from spyware
threats• Tools and Settings
– Options– Microsoft SpyNet– Quarantined Items– Allowed Items– Software Explorer– Windows Defender website
14/22
![Page 15: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/15.jpg)
BitLocker Drive Encryption
• Included with Vista Enterprise and Vista Ultimate
• Used to encrypt the system drive
• Files on other drives must be encrypted with another method, such as Encrypting File System (EFS)
15/22
![Page 16: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/16.jpg)
NTFS Permissions
• Six levels of permissions– Full Control– Modify– Read & Execute– List Folder Contents– Read– Write
16/22
![Page 17: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/17.jpg)
Controlling Inheritance
• By default, subfolders and files inherit the permissions assigned to the parent folder.
• Prevent permissions from propagating to subfolders and files by clearing the Include Inheritable Permissions from This Object’s Parent check box.
17/22
![Page 18: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/18.jpg)
Determining Effective Permissions
• To determine a user’s effective rights to a file or folder:– Add all the permissions that are
allowed to the user to all permissions granted to the groups of which the user is a member.
– Subtract any permissions similarly denied to the user or the user’s groups.
18/22
![Page 19: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/19.jpg)
Determining NTFS Permissions for Copied and Moved Files
Move File Copy File
Same Partition
Retains original NTFS permissions
Inherits permissions from destination folder
Different Partition
Inherits permissions from destination folder
Inherits permissions from destination folder
19/22
![Page 20: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/20.jpg)
Managing Network Access
• Share folders that contain files you want to be accessible over the network
• Configure sharing from the Sharing tab of the folder properties dialog box
20/22
![Page 21: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/21.jpg)
Configuring Share Permissions
• Permissions can be assigned to users and groups– Full Control
• Allows full access to the folder
– Change• Allows users to change data
in files or to delete files
– Read• Allows users to view and
execute files
21/22
![Page 22: Chapter 6 - Power Point](https://reader035.vdocuments.net/reader035/viewer/2022081422/555895c0d8b42a2a738b475e/html5/thumbnails/22.jpg)
NTFS Permissions +Shared Permissions
• NTFS security and shared folder security work together
• The most restrictive permissions are the effective permissions:– NTFS security more restrictive than
shared folder security = NTFS permissions are effective
– Shared folder security more restrictive than NTFS security = Shared folder permissions are effective
22/22