This chapter covers the following Microsoft-specified goals for the Configuring and Troubleshooting Users and Groups, Configuring and Troubleshooting Users and System Policies, and Investigating, Configuring, and Monitoring Security bits of the Supporting and Maintaining a Microsoft Windows NT Server 4.0 Network exam:
Configure rectify account policy. Concerns include password uniqueness, password length, password age, and account lockout.
Not all users are created equal. As a result, you have to be able to adjust account permissions and restrictions (at a domain, not a resource, level) to suit people or groups. Account policy allows you to control the password complication and change policy to be sure that security is maintained in your domain.
Configure and remedy system policies. Issues include customer PC operating systems, file locations and names, and interchange between local security policy and system policies.
Configure user-specific system policies.
Configure PC policies.
Often you will find a wish to customize the environment in which users work. This might include logon banners, wallpaper available, icons on the desktop, and Start menus. System policies assist you to simply apply these sorts of environmental restrictions to a user without having to run scripts or to configure each machine by hand.
Implement checking and monitor security. Implementation includes configuring audit policy, enabling auditing on objects, and researching audit logs.
Verifying permits you to track resource access and to check for possible attempts to access forbidden resources. Configuring audit policies, enabling auditing, and doing analysis will permit you to get a good picture of resource access (both successful and failed) in your domain.
Research and configure the operating system environment and the user environment by using Security Configuration Manager.
Apply the proper security template based on server function.
Research the current environment and customize existing security templates to meet organizational security necessities.
The Safety Configuration Executive enables you to create security configurations that you can use to make certain that all your machines meet a particular minimum-security standard. It also allows you to audit the configurations of your Windows NT machines to see where changes are needed. Additionally, it also enables you to just apply the standard configuration to each machine.
Configure and troubleshoot trust relations. Considerations include cross-domain resource access and one-way trusts versus two-way trusts.
In a multidomain environment, the issue of permitting users from one domain to use the resources in another comes to the front. Trusts are the main mechanism for allowing such access. This aim introduces you to the creation, maintenance, and problem-fixing of trusts and the resource access issues that they answer.
Study Secrets
The account policy section might seem simple. On the examination, you might not get tripped up by the ins and outs of the settings. Nevertheless you could get tripped up by the implications of them. Be sure that you've a good knowledge of why certain settings are critical, and when you would employ them. That way, if you're given questions with apparently incidental information regarding the minimum or maximum password length, you can decide whether the information provided is important to the question or simply peripheral information.
When studying for the parts of the examination pertaining to system policy, you can never avoid opening the policy editor and creating a policy file. You'll need to know the difference between making a policy file for Windows NT machines (NTCONFIG.POL) and for non-NT machines (CONFIG.POL) as well as the path in which to save them. You also should play with the policy editor in both Policy mode and Registry mode.
Because the Security Configuration Executive is new, expect a considerable number of questions about it. You need to know the GUI as well as command-line versions and what each will do. Know perhaps the four main switches to use in the command-line editor. Additionally, be familiar with the major sections you can change in the GUI version and how a template becomes a database and then how you can use that database to analyze and configure a Windows NT system.
For the trust piece of the exam, you must understand the terminology of trusts. This can't be overstated. Be sure you understand which is the reliable and. Trusting domain in an one-way trust relationship. Make sure that you understand what is meant when you are told that A trusts B. Know about the intransitivity of trust relationships. Additionally , know the 5 trust models and what the basic configuration is (users in trusted domains, resources in trusting domains).
Introduction
As you can see by the chapter outline, this chapter covers a variety of advanced subjects. The postulate that ties them all together is that of security. In a safe environment, the following are true:
Users are asked to change their password often (account policy).
Users get access only to the system resources that they have to access (system policy).
Regular checks make sure that attempts at unauthorized access to resources are discovered and corrected/forestalled (verifying).
All servers are maintained at an identifiable standard of security (Security Configuration Manager).
The dealings between domains is controlled and done in a way so as not to come to a compromise on the security of either domain (trusts).
This chapter debates all these subjects.
Configure rectify account policy. Concerns include password uniqueness, password length, password age, and account lockout.
Not all users are created equal. As a result, you have to be able to adjust account permissions and restrictions (at a domain, not a resource, level) to suit people or groups. Account policy allows you to control the password complication and change policy to be sure that security is maintained in your domain.
Configure and remedy system policies. Issues include customer PC operating systems, file locations and names, and interchange between local security policy and system policies.
Configure user-specific system policies.
Configure PC policies.
Often you will find a wish to customize the environment in which users work. This might include logon banners, wallpaper available, icons on the desktop, and Start menus. System policies assist you to simply apply these sorts of environmental restrictions to a user without having to run scripts or to configure each machine by hand.
Implement checking and monitor security. Implementation includes configuring audit policy, enabling auditing on objects, and researching audit logs.
Verifying permits you to track resource access and to check for possible attempts to access forbidden resources. Configuring audit policies, enabling auditing, and doing analysis will permit you to get a good picture of resource access (both successful and failed) in your domain.
Research and configure the operating system environment and the user environment by using Security Configuration Manager.
Apply the proper security template based on server function.
Research the current environment and customize existing security templates to meet organizational security necessities.
The Safety Configuration Executive enables you to create security configurations that you can use to make certain that all your machines meet a particular minimum-security standard. It also allows you to audit the configurations of your Windows NT machines to see where changes are needed. Additionally, it also enables you to just apply the standard configuration to each machine.
Configure and troubleshoot trust relations. Considerations include cross-domain resource access and one-way trusts versus two-way trusts.
In a multidomain environment, the issue of permitting users from one domain to use the resources in another comes to the front. Trusts are the main mechanism for allowing such access. This aim introduces you to the creation, maintenance, and problem-fixing of trusts and the resource access issues that they answer.
Study Secrets
The account policy section might seem simple. On the examination, you might not get tripped up by the ins and outs of the settings. Nevertheless you could get tripped up by the implications of them. Be sure that you've a good knowledge of why certain settings are critical, and when you would employ them. That way, if you're given questions with apparently incidental information regarding the minimum or maximum password length, you can decide whether the information provided is important to the question or simply peripheral information.
When studying for the parts of the examination pertaining to system policy, you can never avoid opening the policy editor and creating a policy file. You'll need to know the difference between making a policy file for Windows NT machines (NTCONFIG.POL) and for non-NT machines (CONFIG.POL) as well as the path in which to save them. You also should play with the policy editor in both Policy mode and Registry mode.
Because the Security Configuration Executive is new, expect a considerable number of questions about it. You need to know the GUI as well as command-line versions and what each will do. Know perhaps the four main switches to use in the command-line editor. Additionally, be familiar with the major sections you can change in the GUI version and how a template becomes a database and then how you can use that database to analyze and configure a Windows NT system.
For the trust piece of the exam, you must understand the terminology of trusts. This can't be overstated. Be sure you understand which is the reliable and. Trusting domain in an one-way trust relationship. Make sure that you understand what is meant when you are told that A trusts B. Know about the intransitivity of trust relationships. Additionally , know the 5 trust models and what the basic configuration is (users in trusted domains, resources in trusting domains).
Introduction
As you can see by the chapter outline, this chapter covers a variety of advanced subjects. The postulate that ties them all together is that of security. In a safe environment, the following are true:
Users are asked to change their password often (account policy).
Users get access only to the system resources that they have to access (system policy).
Regular checks make sure that attempts at unauthorized access to resources are discovered and corrected/forestalled (verifying).
All servers are maintained at an identifiable standard of security (Security Configuration Manager).
The dealings between domains is controlled and done in a way so as not to come to a compromise on the security of either domain (trusts).
This chapter debates all these subjects.
About the Author:
Welcome to go to my blog and leave you comment. mcse-70-297.com That may be a good blog about the IT authentication article and examination stories, Q&A and so on!
No comments:
Post a Comment