NetTech Solutions Configuring Security Settings and Internet Options Chapter Sixteen.

transcript

NetTech Solutions

Configuring Security Settings and Internet Options

Chapter Sixteen

NetTech Solutions

Configuring Account Policies

• Configuring Password Policy– Password Policy allows you to improve

security on your computer by controlling how passwords are created and managed.

– Changing passwords decreases the chances of an unauthorized person breaking into your computer

– You can configure Password Policy on a computer running Windows XP Professional by using the Group Policy snap-in.

NetTech Solutions

Group Policy Snap-In

• Use MMC to create a Snap-In

NetTech Solutions

Plan Password Policies

• By carefully planning and configuring your Password Policy settings you can improve the security of your computer by decreasing the chances of an unauthorized user gaining access to it.

NetTech Solutions

Group Policy Snap-In

• Select Password Policy

NetTech Solutions

Group Policy or Local Security Policy

• Password Policy Settings– Enforce Password History– Maximum Password Age– Minimum Password Age– Minimum Password Length– Passwords Must Meet

Complexity Requirements– Store Password Using Reversible

Encryption For All Users In The Domain

NetTech Solutions

Configuring Account Lockout Policy

• The Account Lockout Policy settings also allow you to improve the security on your computer.

• Account Lockout Policy Settings– Account Lockout Duration from 0 to 99999

minutes. (The maximum value of 99999 minutes is approximately 69.4 days.)

– Account Lockout Threshold A value of 0 indicates that the account will not be locked out

– Reset Account Lockout Counter After, this setting is the number of minutes.

NetTech Solutions

Account Lockout Policy

NetTech Solutions

Practice:

Pages 16-19

• Configuring Account Policies

NetTech Solutions

Configuring User Rights

• You can assign specific rights to groups or individual user accounts. To simplify administration of user rights, Microsoft recommends that you assign user rights only to groups and not individual user accounts.

NetTech Solutions

Use MMC Snap-In to set User Rights

• Under Local Policy select User Rights Assignment

NetTech Solutions

Privileges

• Note the table of Privilege and Description on page 16-25.

NetTech Solutions

Configuring Security Options

• There are close to 60 additional security options in Windows XP Professional

• Renaming the Administrator Account

• You cannot delete the Administrator account, but you should rename the built-in Administrator account to provide a greater degree of security.

NetTech Solutions

Renaming the Administrator Account

• To automatically rename the administrator account, access the security options using the Group Policy snap-in, expand Local Policies, and then select Security Options.

• Right-click Accounts: Rename The Administrator Account and then click Properties.

• Type in the new name you wish to use for the Administrator account and click OK.

NetTech Solutions

• Shutting Down the Computer Without Logging On– By default, Windows XP

Professional doesn't require a user to be logged on to the computer to shut it down.

NetTech Solutions

Changing this feature

• Security Options allow you to disable this feature and force users to log on to the computer before it can be shut down.

NetTech Solutions

• Clear Virtual Memory Pagefile When System Shuts Down– By default, Windows XP

Professional doesn't clear the virtual memory pagefile when the system is shut down

– In some organizations, this is considered a breach of security

NetTech Solutions

To Clear the Pagefile

• To force Windows XP Professional to clear the pagefile when the system is shut down, select Enabled.

NetTech Solutions

• Disable CTRL+ALT+DEL Requirement For Logon– By default, Windows XP Professional

doesn’t require users to press Ctrl+Alt+Delete to log on to the computer.

– By forcing users to press Ctrl+Alt+Delete, you are using a key combination recognized only by Windows to ensure that you are giving the password only to Windows and not to a Trojan horse program waiting to capture your password.

NetTech Solutions

• Do Not Display Last User Name In Logon Screen– By default, Windows XP

Professional displays the last user name to log on to the computer in the Windows Security or Log On To Windows dialog box.

NetTech Solutions

Enable Interactive Logon

• Prevent the last user name from being displayed

NetTech Solutions

Practice:

• Configuring Security Settings

NetTech Solutions

Planning an Audit Policy

• Understanding Audit Policies– An audit policy defines the types of

security events that Windows XP Professional records in the security log on each computer. The security log allows you to track the events that you specify.

– Track the success and failure of events

– Eliminate or minimize the risk of unauthorized use of resources

NetTech Solutions

Determining What to Audit

• The types of events that you can audit include the following:

• Accessing files and folders • Logging on and off • Shutting down a computer running

Windows XP Professional • Starting a computer running

Windows XP Professional • Changing user accounts and groups • Attempting to make changes to

Active Directory objects (only if your Windows XP Professional computer is part of a domain)

NetTech Solutions

Audit policy include:

• Determine whether you need to track system usage trends.

• Review security logs frequently.

• Define an audit policy that is useful and manageable.

NetTech Solutions

Implementing an Audit Policy

• For computers running Windows XP Professional, you set up an audit policy for each individual computer.

• Auditing Requirements • You must have the Manage Auditing

And Security Log user right for the computer on which you want to configure an audit policy or review an audit log. By default, Windows XP Professional grants these rights to the Administrators group.

• The files and folders to be audited must be on NT file system (NTFS) volumes.

NetTech Solutions

Setting up Auditing

• Setting up auditing is a two-part process:

1. Set the audit policy. The audit policy enables auditing of objects but doesn't activate auditing of specific objects.

2. Enable auditing of specific resources. You designate the specific events to audit for files, folders, printers, and Active Directory objects. Windows XP Professional then tracks and logs the specified events.

NetTech Solutions

Setting an Audit Policy

• The first step in implementing an audit policy is selecting the types of events for Windows XP Professional to audit.

NetTech Solutions

Auditing Accessto Files and Folders

• When you set your audit policy to audit object access, you enable auditing for specific files and folders and specify which types of access, by which users or groups, to audit.

NetTech Solutions

Auditing Access to Printers

• After you select the printer, you use the same steps that you use to set up auditing on files and folders.

NetTech Solutions

Locating Events

• When you first start Event Viewer, it automatically displays all events that are recorded in the selected log.

• To filter or find events, start Event Viewer, and then on the View menu click Filter or click Find.

NetTech Solutions

Managing Audit Logs

• You can track trends in Windows XP Professional by archiving event logs and comparing logs from different periods.

• To configure the settings for logs, select the log in Event Viewer, and then on the Action menu, click Properties to display the Properties dialog box for the log.

NetTech Solutions

Archiving Logs

• Archiving security logs allows you to maintain a history of security-related events.

NetTech Solutions

Practice:

• Auditing Resources and Events

NetTech Solutions

Configuring Internet Explorer Security Options

• Using Internet Options – Start – Right click Internet Explorer Icon– Select Internet Properties

NetTech Solutions

• There are Seven Tabs– General– Security– Privacy– Content– Connections– Programs– Advanced

NetTech Solutions

Security Tab

• There are Four Zones– The first zone is the Internet,

which contains all Web sites not assigned to another zone

– The second zone is for your local intranet.

– The third zone is for trusted sites.

– The fourth zone is for restricted sites.

NetTech Solutions

The Security Level

– For This Zone section allows you to customize the security settings for each zone.

– The Security Settings dialog box allows you to control what gets loaded onto your computer from the Internet.

– For example, for Download Signed ActiveX Controls you can choose one of the following three options:

• Enable. Allows you to download signed ActiveX controls

• Disable. Disables the downloading of ActiveX controls

• Prompt. Prompts you so that you can determine whether or not you want to download ActiveX controls

NetTech Solutions

Security Settings

• To customize a zone's security level, click the zone and then click Custom Level.– Low Safety. – Medium

Safety. – High Safety.

NetTech Solutions

Using the Privacy Tab

NetTech Solutions

Using the Content Tab

NetTech Solutions

Using the Advanced Tab

NetTech Solutions

Monitoring and Managing Shared Folder Resources

Chapter Seventeen

NetTech Solutions

Monitoring Network Resources

• The three primary reasons why it is important to assess and manage network resources

1. Maintenance

2. Security

3. Planning

NetTech Solutions

Requirements to Monitor Network Resources

• Not all users can monitor access to network resources

• Administrators or Server Operators for the domain can monitor…

– All computers in the domain.

• Administrators or Power Users for a member server can monitor…

– Local or remote computers in the workgroup.

NetTech Solutions

Requirements to Monitor Network Resources

• Only members of the Administrators group or the Power Users group can monitor resources for the local computer or for a remote computer in the workgroup.

NetTech Solutions

Monitoring Access to Shared Folders

• Computer Management snap-in • Shared Folders snap-in

NetTech Solutions

Information in Shared Folders

• Shared Folder• Shared Path• Type• Number of Client Connections• Comment

NetTech Solutions

Determining How Many Users Can Access

• You can use the Computer Management snap-in or Shared Folders snap-in to determine the maximum number of users that are permitted to gain access to a folder.

• You can also use the Computer Management snap-in or Shared Folders snap-in to determine whether the maximum number of users that are permitted to gain access to a folder has been reached.

• In Windows XP Professional the maximum is 10, but you can set this to a lower value.

NetTech Solutions

Monitoring Shared Folders

• Modifying Shared Folder Properties– You can modify existing

shared folders, including shared folder permissions, from the Shares folder.

NetTech Solutions

Monitoring Open Files

• Information Available in the Open Files Folder– Open File– Accessed By– Type– The number of locks on the

file– Open Mode

NetTech Solutions

Disconnecting Users from Open Files

• Disconnecting all users from all open files.

• Disconnecting all users from one open file

CAUTION: Disconnecting users from

open files can result in data loss.

NetTech Solutions

Practice:

Pages 17-7

• Monitoring Shared Folders

NetTech Solutions

Creating and Sharing Local and Remote Folders

• You can run the Create Shared Folder Wizard to create a new folder and share it. When you use the Computer Management snap-in or Shared Folders snap-in to share an existing folder or to create a new shared folder and share it, Windows XP Professional assigns the Full Control shared folder permission to the Everyone group by default.

NetTech Solutions

Basic Shared Permissions

• The Create Shared Folder wizard assigns the Full Control share permission to the Everyone group and the Full Control NTFS permission for the folder to the Everyone group

• Administrators Have Full Control, Other Users Have Read-Only Access

• Administrators Have Full Control Share and NTFS, Other Users Have No Access

• Customize Share And Folder Permissions

NetTech Solutions

Shared Folders

• NOTE:

Using either the Computer Management snap-in or the Shared Folders snap-in is the only way to create a shared folder on a remote computer. Otherwise, you need to be physically located at the computer where the folder resides to share it.

NetTech Solutions

Practice:

Pages 17-13

• Creating a Shared Folders

NetTech Solutions

Monitoring Network Users

• You can disconnect users and send administrative messages to computers and users, including computers and users who aren't currently gaining access to network resources.

NetTech Solutions

Monitoring User Sessions

• You can disconnect one or more users to free idle connections to the shared folder, to prepare for a backup or restore operation, to shut down a server, and to change group membership and permissions for the shared folder.

• You use the Sessions folder in the Computer Management snap-in or the Shared Folders snap-in to view a list of the users with a current network connection to the computer that you are monitoring

NetTech Solutions

Monitoring User Sessions

• Use Computer Management Snap-in

NetTech Solutions

Disconnecting Users

• You can disconnect one or all users with a network connection to a computer. You disconnect users so that you can do any of the following:– Have changes to shared folder and

NTFS permissions take effect immediately.

– Free idle connections on a computer so that other users can make a connection when you reach the maximum number of connections.

– Shut down a server.

NetTech Solutions

Sending Administrative Messages to Users

• You can send administrative messages to one or more users or computers. You do this for these reasons:– Perform a backup or restore

operation – Disconnect users from a resource – Upgrade software or hardware – Shut down the computer

NetTech Solutions

Practice:

• Sending Console Messages

NetTech Solutions

Using Windows XP Tools

Chapter Eighteen

NetTech Solutions

Working with Services

• From Administrative Tools– Select Services

NetTech Solutions

Change Startup Type

• Three states:– Auto– Manual– Disabled

NetTech Solutions

Service Dependency

• This service depends on• Depends on this service

NetTech Solutions

Practice:

• Working with Services

NetTech Solutions

Using Event Viewer

• Windows XP Professional Logs

• By default, Event Viewer has three logs available to view

• Viewing Security Logs – The security log contains

information about events that are monitored by an audit policy.

NetTech Solutions

Event Viewer

NetTech Solutions

Viewing Events

NetTech Solutions

Filtering Events

NetTech Solutions

Find Events

NetTech Solutions

Using Scheduled Tasks

• Windows XP Professional saves scheduled tasks in the Scheduled Tasks folder, which can be accessed through the Control Panel under Performance And Maintenance.

• Use Scheduled Tasks to perform the following tasks: – Run maintenance programs at specific

intervals – Run programs when there is less

demand for computer resources

NetTech Solutions

Configuring Options

• Application • Name • Perform This Task • Start Time • Start Date • Name And Password • Advanced Properties

NetTech Solutions

Setting Advanced Properties

• Task • Schedule • Settings • Security

NetTech Solutions

Troubleshooting Scheduled Tasks

• The first option on the Advanced menu allows you to stop and start the Task Scheduler Service, and the selection is either Stop Using The Task Scheduler or Start Using The Task Scheduler.

• The second option is similar to the first, only it pauses and continues the service. If the service is paused, scheduled tasks do not start.

• The third option on the Advanced menu is Notify Me Of Missed Tasks. This option causes the system to send you a message when a scheduled task does not occur.

NetTech Solutions

Practice:

Pages 18-22

• Using Task Scheduler

NetTech Solutions

Using System Restore

• Enable or Disable

NetTech Solutions

Create Restore Point

NetTech Solutions

Restore from a Point

NetTech Solutions

Remote Desktop

• Enable/Disable

NetTech Solutions

Monitoring and Optimizing System Performance

Chapter Nineteen

NetTech Solutions

Using Task Manager

• Task Manager allows you to monitor applications and processes currently running on your computer.

• You can start Task Manager in any of the following three ways:

1. Press Ctrl+Shift+Esc

2. Right-click the Windows taskbar, and then click Task Manager

3. Press Ctrl+Alt+Delete

NetTech Solutions

Task Manager

NetTech Solutions

Monitoring Processes

• The Processes tab lists all processes currently running on your computer that run in their own address space, including all applications and system services.

• By default, the Processes tab shows you the processes, the users running each process, and the CPU and memory usage for each process that is running.

• This can be modified by selecting View and Select Columns…

• Processes are described on page 19-4

NetTech Solutions

Monitoring System Performance

• Performance Tab Fields are described on page 19-7.

NetTech Solutions

Practice:

Pages 19-10

• Using Task Manager

NetTech Solutions

Using Performance Console

• Using System Monitor

• You use System Monitor to collect and view real-time data about memory, disk, processor, network, and other activity on your computer or on remote

computers.

NetTech Solutions

Performance Monitor Features

• Adding Counters • Using Performance Logs and Alerts

NetTech Solutions

Establishing a Baseline

• A baseline is a measurement derived from collecting data over an extended period of time. The data should reflect typical types of workloads and user connections, but should also include any unusual activity that might occur. The baseline represents resource usage under normal conditions.

NetTech Solutions

Identifying and Resolving Bottlenecks

• Deviations from your baseline are good indicators of performance problems.

• Resolving Bottlenecks– Short list on page 19-21.

NetTech Solutions

Practice:

• Using System Monitor

NetTech Solutions

Backing Up and Restoring Data

Chapter Twenty

NetTech Solutions

Using the Backup Utility

• A backup job is a single process of backing up data.

• From the RUN line enter ntbackup

• You can back up to most any device.

NetTech Solutions

Windows Backup

• Run Backup either– Through the start menu or– Run ntbackup.exe

• Backup to back up data manually or

• Schedule unattended backup jobs.

NetTech Solutions

Using The Backup Utility

• Windows XP Backup Utility Advanced Mode

1. Backup Wizard

2. Restore Wizard

3. Automated Systems Recovery Wizard

NetTech Solutions

Local Backup

• Consider several issues 1. Typically, most users fail to

back up their data regularly.

2. You must move from computer to computer

3. The number of removable storage media devices, one for each machine.

NetTech Solutions

To Successfully Backup

• Windows XP Professional, you must have the appropriate permissions and user rights, as described in the following list: – All users can back up their own files and

folders. – All users can restore files and folders for

which they have the Write, Modify, or Full Control permission.

– Members of the Administrators and Backup Operators groups can back up and restore all files (regardless of the assigned permissions).

NetTech Solutions

Planning Issues for Backups

• Determine Which Files and Folders to Back Up

• Determine How Often to Back Up • Determine Which Target Media to

Use for Storing Backup Data • With the Backup Utility, you can back

up to the following removable media: – Files.– Tape.

• Determine Whether to Perform Network or Local Backup Jobs

NetTech Solutions

Selecting the Type of Backup Operation

• Normal: During a normal backup, all selected files and folders are backed up. A normal backup does not rely on markers to determine which files to back up.

• Copy: During a copy backup, all selected files and folders are backed up. It neither looks for nor clears markers.

• Incremental: During an incremental backup, only selected files and folders that have a marker are backed up, and then the backup clears markers.

• Differential: During a differential backup, only selected files and folders that have a marker are backed up, but the backup does not clear markers.

• Daily: During a daily backup, all selected files and folders that have changed during the day are backed up. This backup neither looks for nor clears markers.

NetTech Solutions

Combining Backup Types

• If you combine backup types, markers are critical.

• Incremental and differential backup types check for and rely on the markers.

NetTech Solutions

Changing Windows Default Backup Options

• Select Options from Tools on the menu.

NetTech Solutions

Changing Windows Default Backup Options

• Five tabs in the settings for the Backup utility

NetTech Solutions

Backing Up Data

• Performing Preliminary Tasks– You should notify users to close files

before you begin backing up data. – Backup Wizard doesn't back up files

that are locked open by applications. – You can use e-mail or the Send

Console Message dialog box in the Computer Management snap-in to send administrative messages to users.

NetTech Solutions

Sending a Console Message

• Under Computer Management Right click and select All Task then Send Console Message.

NetTech Solutions

The Message Received

• Each client that is sent the message will receive the message on their screen.

NetTech Solutions

When Backing Up

• There are several phases:

• What to Back Up

NetTech Solutions

Second Phase:

• Backup Type, Destination and Name:

1. Select the Backup Type

2. Choose a Place to Save Your Backup

3. Type a Name for this Backup

NetTech Solutions

Third Phase:

• The Completing The Backup Wizard.

– Start the backup. If you click Finish, during the backup process, Backup Wizard displays status information about the backup job in the Backup Progress dialog box.

– Specify Advanced backup options. If you click Advanced, the Backup wizard allows you to select the advanced backup settings

NetTech Solutions

Advanced option

• Select The Type Of Backup • Verify Data After Backup• Use Hardware Compression,

If Available• Disable Volume Shadow Copy • If The Archive Media Already

Contains Backups:• Append This Backup To The

Existing Backup

NetTech Solutions

Advanced option

• Replace The Backups• Allow Only The Owner And The

Administrator Access To The Backup Data And Any Backups Appended To This Medium

• When To Back Up

NetTech Solutions

Specifying Advanced Backup Settings

• When you specify advanced backup settings, you are changing the default backup settings for only the current backup job.

NetTech Solutions

Advanced Backup Settings

• If you chose to finish the backup process, Backup Wizard displays the Completing The Backup Wizard settings and then presents the option to finish and immediately start the backup. During the backup, the wizard displays status information about the backup job.

• If you chose to back up later, you are shown additional dialog boxes to schedule the backup process to occur later, as described in the next section.

NetTech Solutions

Scheduling Backup Jobs

• Task Scheduler presents the Set Account Information dialog box, prompting you for your password.

• The user account must have the appropriate user rights and permissions to perform backup jobs.

• by default, the wizard displays the present date and time for the start date.

NetTech Solutions

Practice:

• Backing Up Files

NetTech Solutions

Restoring Data

• Preparing to Restore Data• Backup provides Restore

Wizard to help you restore data, or you can restore data without using the wizard.

NetTech Solutions

Restoring Data

• Guidelines – Base your restore strategy on the

backup type that you used for the backup.

– Perform a trial restore periodically to verify that Backup Wizard is backing up your files correctly.

– Keep documentation for each backup job.

– Keep a record of multiple backup jobs in a calendar format that shows the days on which you perform the backup jobs.

NetTech Solutions

Selecting Backup Sets, Files, and Folders to Restore

• The first step in restoring data is to select the data to restore.

• You can select individual files and folders, an entire backup job, or a backup set.

• A backup set is a collection of files or folders from one volume that you back up during a backup job.

NetTech Solutions

Specifying Advanced Restore Settings

• The advanced settings in the Backup or Restore Wizard vary, depending on the type of backup media from which you are restoring, such as a tape device or an Iomega Zip drive.

Note pages 20-28.

NetTech Solutions

Practice:

• Restoring Files

NetTech Solutions

Using the Automated System Recovery Wizard

• Using the Automated System Recovery Wizard

• This system is used to recover from a fatal crash.

• The ASR or Automated System Recovery Wizard creates a floppy disk, which contains your system settings, and a backup of your local system partition on tape or as a file located on a network server.

NetTech Solutions

To Create an ASR

• In the Advanced Mode window of the Backup Utility, click Automated System Recovery Wizard.

NetTech Solutions

To Create an ASR

• Click Next• ASR Uses both a

1.44 Floppy disk and your regular backup media.

• Make sure you do not create your backup on Drive C: or your ASR will fail.

NetTech Solutions

Create an ASR

NetTech Solutions Configuring Security Settings and Internet Options Chapter Sixteen.

Documents