Objectives This chapter helps you to prepare for the exam by covering the following Microsoft objectives for the Configuring, Managing, and Troubleshooting section of the Installing, Configuring, and Administering Microsoft Windows XP Professional exam: Configure, manage, and troubleshoot Encrypting File System (EFS). Using EFS, users can encrypt files on their local computers. Administrators need to be prepared to help users establish encryption, use it, and troubleshoot problems with the encrypted files. Configure, manage, and troubleshoot a security configuration and local security policy. When Windows XP Professional participates in an Active Directory domain, its security configuration is provided through Group Policy. When users log on locally to the computer, which most often occurs when it is a member of a workgroup, the security configuration is found in Local Security Policy. Administrators must understand the difference between these two, plus be able to discern the source of a security error and how to repair it. Configure, manage, and troubleshoot Internet Explorer security settings. Users who access web resources through Internet Explorer can inadvertently expose their computer to security problems. Ranging from hackers to malware, the exposure on the Internet can cause serious problems to a computer. Not only does an administrator need to protect the computer, but there are privacy concerns regarding the user's personal information. Outline | | Introduction | 508 | Configuring, Managing, and Troubleshooting Encrypting File System (EFS) | 508 | Encrypting File System Basics
| 508 | Preparing a Disk for EFS
| 511 | Establishing an EFS Policy
| 513 | Using EFS with a Certification Authority (CA)
| 514 | Storing Certificates in Windows XP
| 515 | Allowing EFS to Self-Sign Certificates
| 516 | Encrypting Files
| 517 | Decrypting Files
| 519 | Troubleshooting EFS
| 519 | Configuring, Managing, and Troubleshooting a Security Configuration and Local Security Policy | 523 | Account Policies
| 525 | Local Policies
| 526 | Public Key Policies
| 528 | Software Restriction Policies
| 528 | IP Security Policies on a Local Computer
| 529 | How Local Security Policy Works When Joined to a Domain
| 530 | File System, Registry, and System Services
| 531 | Configuring, Managing, and Troubleshooting Internet Explorer Security Settings | 535 | Managing Security After Installing SP2
| 535 | Chapter Summary | 537 | Apply Your Knowledge | 537 |
Study Strategies To test how EFS works, you should have at least one computer that has two partitions, one formatted with FAT and the other formatted with NTFS. Encrypt a file on the NTFS drive. Move the file to the FAT partition. Test how EFS works when you log on to the computer as a different user. Try to take control of the file as an administrator. Studying security policies can be done with hands-on testing of applied policiesboth group policies and Local Security Policy. With an Active Directory domain controller and a client PC, open Group Policy and change the Enforce Password History policy to one password that is remembered for the domain. Force a Group Policy refresh. Open Local Security Policy on the client, view the password policy, and make certain it says 0 passwords remembered. Log on to the computer with a domain account and attempt to change the user's password to the same password used previously. Log on to the computer with a local user account and attempt to change the user's password to the same password used previously. Internet Explorer security options affect how the computer treats a web resource. Use a Windows XP Professional computer connected to the Internet. Connect to any website. Add the website to the Restricted Sites category. Close the browser, open again, and attempt to connect to the website. |