This chapter covers the following Microsoft-specified aims for the Configuring and Problem solving Users and Groups, Configuring and Problem fixing Users and System Policies, and Researching, Configuring, and Monitoring Security parts of the Supporting and Maintaining a Microsoft Windows NT Server 4.0 Network exam:
Configure remedy account policy. Considerations include password uniqueness, password length, password age, and account lockout.
Not all users are born equal. As a consequence, you must be ready to adjust account authorizations and limitations (at a domain, not a resource, level) to suit individuals or groups. Account policy assists you to control the password difficulty and change policy to ensure that security is maintained in your domain.
Configure and remedy system policies. Issues include customer PC operating systems, file locations and names, and interchange between local security policy and system policies.
Configure user-specific system policies.
Configure PC policies.
Regularly you'll find a need to customise the environment in which users work. This might include logon banners, wallpaper available, icons on the desktop, and Start menus. System policies permit you to easily apply these types of environmental limitations to a user with no need to run scripts or to configure each machine by hand.
Implement auditing and monitor security. Implementation includes configuring audit policy, enabling checking on objects, and investigating audit logs.
Verifying permits you to track resource access and to check for possible attempts to access forbidden resources. Configuring audit policies, enabling auditing, and doing analysis will permit you to get a good picture of resource access (both successful and failed) in your domain.
Research and configure the operating system environment and the user environment by using Security Configuration Manager.
Apply the proper security template based on server function.
Investigate the existing environment and customise existing security templates to meet organizational security wants.
The Security Configuration Manager lets you create security configurations you can use to be sure that all of your machines meet a specific minimum-security standard. It also permits you to audit the configurations of your Windows NT machines to see where changes are required. In addition, it also permits you to just apply a standard configuration to each machine.
Configure and rectify trust relations. Issues include cross-domain resource access and one-way trusts versus two-way trusts.
In a multidomain environment, the issue of permitting users from one domain to use the resources in another comes to the front. Trusts are the main mechanism for allowing such access. This aim introduces you to the creation, maintenance, and problem-fixing of trusts and the resource access issues that they answer.
Study Systems
The account policy section might seem straightforward. On the examination, you will not get tripped up by the workings of the settings. However , you could get tripped up by the consequences of them. Be certain that you've got a good understanding of why certain settings are significant, and when you would use them. That way, if you're given questions with seemingly incidental info about the minimum or maximum password length, you can determine whether the info provided is vital to the question or merely peripheral info.
When studying for the parts of the examination pertaining to system policy, you can never avoid opening the policy editor and creating a policy file. You'll need to know the difference between making a policy file for Windows NT machines (NTCONFIG.POL) and for non-NT machines (CONFIG.POL) as well as the path in which to save them. You also should play with the policy editor in both Policy mode and Registry mode.
Because the Security Configuration Executive is new, expect a considerable number of questions about it. You need to know the GUI as well as command-line versions and what each will do. Know perhaps the four main switches to use in the command-line editor. Additionally, be familiar with the major sections you can change in the GUI version and how a template becomes a database and then how you can use that database to analyze and configure a Windows NT system.
For the trust piece of the exam, you must understand the terminology of trusts. This can't be overstated. Be sure you understand which is the reliable and. Trusting domain in an one-way trust relationship. Make sure that you understand what is meant when you are told that A trusts B. Know about the intransitivity of trust relationships. Additionally , know the 5 trust models and what the basic configuration is (users in trusted domains, resources in trusting domains).
Introduction
As is obvious by the chapter outline, this chapter covers a selection of advanced topics. The concept that binds them all together is that of security. In a secure environment, these are true:
Users are asked to modify their password often (account policy).
Users get access only to the system resources that they have to access (system policy).
Continual checks ensure that attempts at unapproved access to resources are discovered and corrected/prevented (checking).
All servers are maintained at an identifiable standard of security (Security Configuration Manager).
The interaction between domains is controlled and done in a way so as not to reach a compromise on the security of either domain (trusts).
This chapter discusses all of these topics.
Configure remedy account policy. Considerations include password uniqueness, password length, password age, and account lockout.
Not all users are born equal. As a consequence, you must be ready to adjust account authorizations and limitations (at a domain, not a resource, level) to suit individuals or groups. Account policy assists you to control the password difficulty and change policy to ensure that security is maintained in your domain.
Configure and remedy system policies. Issues include customer PC operating systems, file locations and names, and interchange between local security policy and system policies.
Configure user-specific system policies.
Configure PC policies.
Regularly you'll find a need to customise the environment in which users work. This might include logon banners, wallpaper available, icons on the desktop, and Start menus. System policies permit you to easily apply these types of environmental limitations to a user with no need to run scripts or to configure each machine by hand.
Implement auditing and monitor security. Implementation includes configuring audit policy, enabling checking on objects, and investigating audit logs.
Verifying permits you to track resource access and to check for possible attempts to access forbidden resources. Configuring audit policies, enabling auditing, and doing analysis will permit you to get a good picture of resource access (both successful and failed) in your domain.
Research and configure the operating system environment and the user environment by using Security Configuration Manager.
Apply the proper security template based on server function.
Investigate the existing environment and customise existing security templates to meet organizational security wants.
The Security Configuration Manager lets you create security configurations you can use to be sure that all of your machines meet a specific minimum-security standard. It also permits you to audit the configurations of your Windows NT machines to see where changes are required. In addition, it also permits you to just apply a standard configuration to each machine.
Configure and rectify trust relations. Issues include cross-domain resource access and one-way trusts versus two-way trusts.
In a multidomain environment, the issue of permitting users from one domain to use the resources in another comes to the front. Trusts are the main mechanism for allowing such access. This aim introduces you to the creation, maintenance, and problem-fixing of trusts and the resource access issues that they answer.
Study Systems
The account policy section might seem straightforward. On the examination, you will not get tripped up by the workings of the settings. However , you could get tripped up by the consequences of them. Be certain that you've got a good understanding of why certain settings are significant, and when you would use them. That way, if you're given questions with seemingly incidental info about the minimum or maximum password length, you can determine whether the info provided is vital to the question or merely peripheral info.
When studying for the parts of the examination pertaining to system policy, you can never avoid opening the policy editor and creating a policy file. You'll need to know the difference between making a policy file for Windows NT machines (NTCONFIG.POL) and for non-NT machines (CONFIG.POL) as well as the path in which to save them. You also should play with the policy editor in both Policy mode and Registry mode.
Because the Security Configuration Executive is new, expect a considerable number of questions about it. You need to know the GUI as well as command-line versions and what each will do. Know perhaps the four main switches to use in the command-line editor. Additionally, be familiar with the major sections you can change in the GUI version and how a template becomes a database and then how you can use that database to analyze and configure a Windows NT system.
For the trust piece of the exam, you must understand the terminology of trusts. This can't be overstated. Be sure you understand which is the reliable and. Trusting domain in an one-way trust relationship. Make sure that you understand what is meant when you are told that A trusts B. Know about the intransitivity of trust relationships. Additionally , know the 5 trust models and what the basic configuration is (users in trusted domains, resources in trusting domains).
Introduction
As is obvious by the chapter outline, this chapter covers a selection of advanced topics. The concept that binds them all together is that of security. In a secure environment, these are true:
Users are asked to modify their password often (account policy).
Users get access only to the system resources that they have to access (system policy).
Continual checks ensure that attempts at unapproved access to resources are discovered and corrected/prevented (checking).
All servers are maintained at an identifiable standard of security (Security Configuration Manager).
The interaction between domains is controlled and done in a way so as not to reach a compromise on the security of either domain (trusts).
This chapter discusses all of these topics.
About the Author:
Welcome to visit my blog and leave you comment. mcse-70-297.com That's a good blog about the IT certification article and exam reports, Q&A and so on!
No comments:
Post a Comment