Exam Objectives Fast Track

Windows 2000 Active Directory Review

  • Active Directory in an X.500-compatible directory service utilizes the LDAP protocol.

  • Active Directory is organized in a hierarchical structure modeling the Domain Naming System arrangement.

  • Domains at the root of the forest automatically establish two-way transitive trusts between them, unlike previous versions of Windows NT.

  • Child domains and their parent domain automatically establish two-way transitive trusts between them as well.

  • Group Policy applied to an object is processed in the following order (by default): local, site, domain, organizational unit.

The Basic Windows 2000 Security Tools

  • The key components of the Security Configuration tool set are Security templates, Group Policy security configuration objects, the Security Configuration and Analysis snap-in, and command-line tools.

  • The Security Configuration and Analysis snap-in creates, configures, and tests security scenarios. You can create text-based .inf files that contain security settings. You can apply these files to the computer or save them for later use.

  • Microsoft provides templates for configuring security. Default and incremental templates are available. Default templates are applied during a fresh install only. The incremental templates provide additional security above the defaults.

  • Secedit.exe allows us to configure security from the command prompt.

  • The Security Templates snap-in allows us to view and customize the template files stored in %windir%\security\templates.

Configuring Basic Windows 2000 Security with Templates

  • Account policies define password policy, account lockout policy, and Kerberos policy.

  • Local policies include the audit policy, user rights assignment, and security options.

  • Event Log Configuration settings allow you to configure the length of time logs are retained as well as the size of the Event Logs.

  • The Restricted Groups setting configures group membership and group nesting.

  • Registry Policy sets permissions on Registry keys.

  • The File System Security setting configures NTFS permission for all local drives.

  • The System Services setting controls the startup policy for all local services.

Deploying Security Templates

  • The Security Configuration and Analysis snap-in can be used to deploy a security template to a local machine.

  • Security settings can be deployed to a domain or OU via the security settings in a Group Policy object.

  • You can deploy security templates across the network using the secedit.exe tool in a script or batch file.

Analyzing Your Security Configuration

  • Compare security policies in the template with the actual state of the local machine. This practice allows administrators to see the differences before they apply the policy.

  • Use Security Configuration and Analysis to view the results of an analysis in a graphical format.

  • Use the secedit.exe tool to analyze security settings from the command prompt. This tool can be useful if combined with a script or batch file to automatically scan large numbers of computers.

  • After differences in settings have been identified, you can determine the next course of action.



MCSE. MCSA Implementing & Administering Security in a Windows 2000 Network Study Guide Exam 70-214
MCSE/MCSA Implementing and Administering Security in a Windows 2000 Network: Study Guide and DVD Training System (Exam 70-214)
ISBN: 1931836841
EAN: 2147483647
Year: 2003
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net