Chapter 7. Maintaining Network Security | MCSA/MCSE Managing and Maintaining a Windows Server 2003 Environment Exam Cram 2 (Exam Cram 70-292)

Terms you'll need to understand:

Security Configuration and Analysis
setup security.inf
DC Security.inf
Compatws.inf
secure*.inf
hisec*.inf
rootsec.inf
notssid.inf
Secedit
Server Message Blocks (SMB)
Software Update Service (SUS)
Automatic Updates
WUAU.ADM

Techniques you'll need to master:

Using security templates to implement security baseline settings
Using, applying, and analyzing security templates
Using security templates to audit and implement security settings
Implementing the Principle of Least Privilege
Installing and configuring software update services
Installing and configuring automatic client update settings
Configuring software updates on earlier operating systems

System administrators are overtaxed administering and maintaining network security. Temporary changes in security settings to resolve administration and network problems often result in unforeseen permanent changes that no longer meet security requirements.

Implementing security analysis enables administrators to track and ensure that adequate levels of security are maintained throughout the enterprise. Regular security analysis not only tunes security levels, but also detects any security flaws that might occur over time. Administrators need an easy-to-use security analysis tool that can track, detect, compare, fix, adjust, reset, and remove security settings.

In earlier chapters, you learned that user and group security permissions could be applied on one or many computers to control password policies, account lockout policies, Kerberos policies, auditing policies, user rights, and other policies. You learned that applying policies to many computers in a domain is best accomplished by using a Group Policy Object (GPO). GPOs are applied at the site, domain, organizational unit (OU), or local level.

In this chapter, you'll learn about another method used to apply security policies systemwide by using the Security Configuration and Analysis tool. Using the Security Configuration and Analysis component built in to Windows Server 2003, you can track, detect, compare, edit, adjust, reset, apply, and remove security policy settings. The Security Configuration and Analysis tool analyzes and configures system security at the local, domain, OU, or site level.

The Security Templates component is used to create, view, and modify security policy templates settings. With one of the predefined, built-in templates as a starting point, you'll learn how to integrate domainwide company security policies. Using Security Templates along with the Security Configuration and Analysis tool, you'll become skilled at how to implement security baseline settings and audit security policy settings.

You'll review the Principle of Least Privilege as it applies to administrators using the Runas command. This chapter also takes an in-depth look, from a security perspective, at installing and configuring Microsoft's Software Update Service along with configuring and deploying Windows clients to use Automatic Updates services.