|< Day Day Up >|| |
The skills that you need to successfully master the Managing and Implementing Disaster Recovery objective domain on Exam 70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network include:
Prepare to use security templates.
Practice 1: Create an OU structure for the member servers in your organization. Name the parent OU Member Servers. Under Member Servers, create child OUs for File and Print, Web, and Infrastructure servers. Move each specific category of member server into its appropriate OU container. Edit the properties of the OU and add a new GPO. Edit the GPO. Select the Security Settings node under Computer Configuration\Windows Settings. Right-click and note the import command. This is used to import security templates into a Group Policy object.
Practice 2: Create a custom MMC for editing security templates by following these steps: on the Start menu, click Run and then type MMC. On the File menu, click Add/Remove Snap-in. Select ADD and select the Security Templates snap-in. Save this console to the desktop as SecurityConsole.msc. You will use this security console in later exercises.
Edit and apply security templates.
Practice 1: Use the security console that you created in a previous exercise to create a new security template that sets the maximum application log size to 16,384 kilobytes and sets the retention method for the application log to “Do not overwrite events (clear log manually).”
Practice 2: Create a new universal group named test-restrict in the domain. Create four new user accounts named alpha, beta, gamma, and delta. Create a new security template. Configure the restricted groups option and restrict the membership of the test-restrict group to accounts alpha, beta, and gamma. Save the template. Create a new GPO and apply it to the domain. Import the newly created security template into the new GPO. Run GPUPDATE /FORCE from the command line. Use the NET GROUP TEST-RESTRICT command from the command line to note the membership of the group. Use Active Directory Users and Computers to add the delta user account to the test-restrict group. From the command line, use the NET GROUP TEST- RESTRICT command again to check group membership. Note the group membership. Now force a policy update by typing GPUPDATE /FORCE from the command line. Perform a final check of the group’s membership by running a NET GROUP TEST-RESTRICT.
Analyze and roll back templates.
Practice 1: Use the SECEDIT command to create a rollback policy for the hisecws security template named hsrollbk.inf. Learn the syntax of this command by issuing the SECEDIT /? command from a command prompt.
Practice 2: Create a new MMC, and add the Security Configuration and Analysis snap-in. Open several of the built-in policies and analyze them to gain a greater understanding of the functionality of this tool.
|< Day Day Up >|| |