Exam Objectives Frequently Asked Questions


The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also  gain access to thousands of  other  FAQs at ITFAQnet.com.

1.  

I can t find the Security Configuration Manager, where is it?

the security configuration manager is also known as the security configuration tool set and consists of a set of tools available in windows server 2003 for managing security. these tools include the security configuration and analysis snap-in to the mmc, the security templates snap-in to the mmc, the secedit tool, security extensions to group policy, the secedit.exe command, and the downloadable microsoft baseline security analyzer.

2.  

Why can t I locate IIS on my newly installed Windows Server 2003?

iis is no longer installed by default on windows server 2003. this provides much better baseline security. as a best practice, it is recommended you remove all unused installations of iis on computers to reduce security risks.

3.  

The settings in the secure*.inf template don t provide for certain settings we need to use on our network. What s the best way to deal with this?

in the security templates snap-in, you can open the secure*.inf template, save it with a different name (secure2.inf, for example), and make whatever modifications you need to the template. make sure you thoroughly test the results, however, because the predefined templates are set to create the most secure environment possible, and modifications might expose your network to security problems.

4.  

After I ve analyzed security settings in the Security Configuration and Analysis snap-in, I want to apply these settings to 35 computers on our domain. How can I specify which computers to configure?

the security configuration and analysis snap-in is used to analyze and configure settings, but it cannot be used to apply settings to remote computers. you can use the secedit.exe command in a batch file or schedule task to automate the process, or you can apply the template via security extensions to group policy. using the gpupdate command-line utility will force a refresh of policies without waiting for the specified refresh interval to elapse.

5.  

I want to check three servers that we recently upgraded from Windows NT 4.0 SP6a against our current security settings. What s the best way to do that?

since the computers were upgraded to windows server 2003, you can run the security configuration and analysis snap-in to check security. you can use the setup security.inf template for analysis to check current settings against the baseline settings. you could also download and use the microsoft baseline security analyzer, which will identify security misconfigurations and identify any patches, updates, or hotfixes that are available but not applied to the system. you could also use the secedit.exe command with the /analyze switch to analyze the servers in question. you could automate this task so it occurs during off-peak hours by running a scheduled task that calls the secedit.exe utility.

6.  

What s the best way to secure a server that is running as both a DC and a DHCP server?

the dc security.inf template is applied to the server when it is promoted to a dc. you might also be able to apply the securedc.inf template to the server, depending on your down-level clients on the domain. in some cases, using the hisecdc.inf template might make sense in very sensitive network settings such as financial or medical, but again, down-level clients will determine the security settings you ll be able to implement.

Answers

1.  

The Security Configuration Manager is also known as the Security Configuration Tool Set and consists of a set of tools available in Windows Server 2003 for managing security. These tools include the Security Configuration and Analysis snap-in to the MMC, the Security Templates snap-in to the MMC, the secedit tool, Security Extensions to Group Policy, the secedit.exe command, and the downloadable Microsoft Baseline Security Analyzer.

2.  

IIS is no longer installed by default on Windows Server 2003. This provides much better baseline security. As a best practice, it is recommended you remove all unused installations of IIS on computers to reduce security risks.

3.  

In the Security Templates snap-in, you can open the secure*.inf template, save it with a different name (secure2.inf, for example), and make whatever modifications you need to the template. Make sure you thoroughly test the results, however, because the predefined templates are set to create the most secure environment possible, and modifications might expose your network to security problems.

4.  

The Security Configuration and Analysis snap-in is used to analyze and configure settings, but it cannot be used to apply settings to remote computers. You can use the secedit.exe command in a batch file or schedule task to automate the process, or you can apply the template via Security Extensions to Group Policy. Using the gpupdate command-line utility will force a refresh of policies without waiting for the specified refresh interval to elapse.

5.  

Since the computers were upgraded to Windows Server 2003, you can run the Security Configuration and Analysis snap-in to check security. You can use the Setup security.inf template for analysis to check current settings against the baseline settings. You could also download and use the Microsoft Baseline Security Analyzer, which will identify security misconfigurations and identify any patches, updates, or hotfixes that are available but not applied to the system. You could also use the secedit.exe command with the /analyze switch to analyze the servers in question. You could automate this task so it occurs during off-peak hours by running a scheduled task that calls the secedit.exe utility.

6.  

The DC security.inf template is applied to the server when it is promoted to a DC. You might also be able to apply the securedc.inf template to the server, depending on your down-level clients on the domain. In some cases, using the hisecdc.inf template might make sense in very sensitive network settings such as financial or medical, but again, down-level clients will determine the security settings you ll be able to implement.




MCSE Designing Security for a Windows Server 2003 Network. Exam 70-298
MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298
ISBN: 1932266550
EAN: 2147483647
Year: 2003
Pages: 122

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net