Implementing and maintaining security of a Windows Server 2003 network is a big jobcertainly not one to be taken lightly. Although an MCP exam (Exam 70-298, "Designing Security for a Microsoft Windows Server 2003 Network") is devoted entirely to the design and implementation of security solutions in a Windows Server 2003 network, there are a few basic things about baseline network security that you need to know to pass Exam 70-291, "Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure." Microsoft lists the following objectives for the baseline security portion of the "Implementing, Managing, and Maintaining Network Security" section of Exam 70-291: Objectives Implement secure network administration procedures. Implement security baseline settings and audit security settings by using security templates. Implement the principle of least privilege. Every plan needs a starting point. When it comes to securing a Windows Server 2003 network, a good starting point is to implement baseline settings with one of the many preconfigured security templates included with Windows Server 2003. In addition, you need to understand and live by the principle of least privilege, whereby users (and administrators) have only the minimum permissions required to reasonably perform their jobs. This helps prevent security problems due to account misuse or compromise. Install and configure software update infrastructure. Install and configure software update services. Install and configure automatic client update settings. Configure software updates on earlier operating systems. In a perfect world, you would be able to install your server or client operating system and have it be perfectly secure right out of the box. Although Microsoft has made great progress toward meeting that ideal in Windows Server 2003, it's not quite a reality yet. Part of keeping an operating system secure involves identifying and applying updates as required. Windows Server 2003 makes this easy for you, however, by providing support for Windows Server Update Services (WSUS). Outline Introduction | 282 | Understanding the Principle of Least Privilege | 282 | Working with Security Templates | 283 | The Windows Server 2003 Security Templates
| 283 | Security Configuration Manager Tools
| 287 | The Security Configuration and Analysis Snap-in
| 289 | The Security Templates Snap-in
| 294 | Group Policy Security Extensions
| 295 | secedit.exe
| 298 | Auditing Server and Network Security | 301 | Configuring Auditing
| 302 | The Security Configuration Wizard | 309 | Using the Security Configuration Wizard
| 310 | Implementing Windows Server Update Services (WSUS) | 326 | Installing the WSUS Server
| 328 | Configuring the WSUS Server
| 332 | Synchronization Options
| 332 | Automatic Approval Options
| 334 | Computers Options
| 335 | The Computers Page
| 336 | The Reports Page
| 337 | The Updates Page
| 338 | Updating Clients with WSUS
| 338 | Synchronizing the WSUS Server
| 338 | Configuring Group Policy for WSUS
| 339 | Configuring Local Group Policy for WSUS
| 343 | Approving WSUS Updates and Updating Client Computers
| 343 | Managing Updates for Legacy Operating Systems
| 345 | Chapter Summary | 347 | Key Terms | 348 | Apply Your Knowledge | 348 | Exercises
| 349 | Exam Questions
| 350 | Answers to Exam Questions
| 355 | Suggested Reading and Resources | 358 |
Study Strategies Practice configuring and implementing the built-in security templates as much as you can, which can be a bit of a challenge to fully understand if you've never worked with them before. You should also practice using auditing; practice is the best way to gain an understanding of the topics being presented here. Get your hands dirty. The Step by Step exercises throughout this book provide plenty of directions and exercises, but you should go beyond those examples and create some of your own. If you can, experiment with each of the topics we discuss in this chapter to see how they work and why you would use each one. |