Configure Group Policy to Support EFS
In this exercise, you will configure Group Policy settings relating to EFS. Ensure the 2823_DC1 and 2823_Client1 virtual machines are started. Perform tasks from the 2823_Client1 virtual machine as the user Don Hall unless otherwise directed. Don Hall's username is donh cohovineyard.com and his password is P ssw0rd. Don Hall does not have any administrative rights. Perform all administrative tasks by using the RUNAS command or the secondary logon service. When performing administrative tasks,...
Publishing Authority Information Access and CRL Distribution Point Extensions
In this exercise, you will evaluate a network infrastructure and the needs of clients. You will then configure your CA to publish authority information access and CRL distribution point extensions. Ensure the 2823_DC1, 2823_Web1 and 2823_Client1 virtual machines are started. Perform tasks from the 2823_Client1 virtual machine as the user Don Hall unless otherwise directed. Don Hall's username is donh cohovineyard.com and his password is P ssw0rd. Don Hall does not have any administrative...
Predefined Security Templates 1
Default Security Setup security.inf Domain Controller Default Security DC security.inf Specifies default security settings updated from Setup security.inf for a domain controller Modifies permissions and registry settings for the Users group to enable maximum application compatibility Secure Securedc.inf and Securews.inf Enhances security settings that are least likely to affect application compatibility Highly Secure Hisecdc.inf and Hisecws.inf Increases the restrictions on security settings...
PKI Tools 1
Certificates snap-in Certificate Templates snap-in Certification Authority snap-in illegal for non-trainer use Introduction Windows Server 2003 provides several PKI tools that help you to administer and troubleshoot a PKI. These tools include Microsoft Management Console MMC snap-ins, command-line tools, and management tools for PKI that are included with the Windows Server 2003 Resource Kit. In addition, Windows Server 2003 also provides some programmatic tools that allow applications to apply...
Configuring the VPN Server for Remote Access Quarantine
In this exercise, you will configure the remote access quarantine service on the 2823_Member1 virtual machine to ensure that all computers connecting to the Coho Vineyard VPN meet the corporate security policy. Ensure the 2823_DC1, 2823_Member1, 2823_Server1, and 2823_Client1 virtual machines are started. Perform tasks from the 2823_Client1 virtual machine as the user Don Hall unless otherwise directed. Don Hall's username is donh cohovineyard.com and his password is P ssw0rd. Don Hall does not...
Microsoft Vgc
Module 4 Planning, Implementing, and Troubleshooting Smart Card Certificates Lesson Introduction to Multifactor Authentication Lesson Managing and Troubleshooting a Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company,...
Consider superseding a template when you want to
Consolidate multiple existing certificate templates into a single certificate template Modify a version 1 certificate template Modify the certificate lifetime or the key size Add and remove application or issuance policies Guidelines for modifying a certificate template When making your decision about whether to modify or supersede a certificate template, use the following guidelines. Consider modifying an existing certificate template when The changes affect only a single certificate template....
Reason Codes for Revoking Certificates
A computer is stolen or a smart card is lost An employee is terminated or suspended If a smart card fails or the legal name of a user has changed A certificate needs to be put on hold temporarily You revoke a certificate without providing a reason illegal for non-trainer use Introduction Certificate revocation is the process of removing the validity of a certificate before the certificate is set to expire. For example, an employee is issued a certificate for smart card logon with a certificate...
Troubleshooting EFS
illegal for non trainer use Introduction One of your tasks as a systems administrator is to manage the data on your organization's network. To manage your network data storage effectively, you must, among other things, understand encryption. In this module, you will learn about Encrypting File System EFS , which allows you to store data securely and helps to protect your network. Objectives After completing this module, you will be able to Describe EFS and how it works. Implement EFS in a...
Guidelines for Creating a Strong Password Policy 1
When implementing a password policy Educate users about password requirements in the organization Advise users not to use personal information in passwords Consider the user's ability to remember complex passwords that change frequently Use Group Policy to enforce password policies to control Maximum password age Password history Minimum password age Password length Authentication is your first defense against intruders. A weak password policy will invalidate the security that firewalls,...
How to Configure DNS Dynamic Update Credentials 1
Your instructor will demonstrate how to configure DNS dynamic update credentials, including Configuring DHCP server to use the account illegal for non trainer use Introduction The Windows Server 2003 DNS Server service supports Dynamic DNS updates, which allow client systems to add DNS records directly into the database. Dynamic DNS servers can receive malicious or unauthorized updates from an attacker by means of a client that supports the Dynamic DNS DDNS protocol if the server is configured...
Lesson Planning and Implementing EFS in a Domain Environment with a PKI 1
Guidelines for Planning for EFS in a Domain Environment with a PKI How to Determine If EFS is Being Used on a Computer How to Change the Recovery Policy for a Domain How to Migrate to New Certificates How to Enable the 3DES Algorithm in Windows XP How to Clear the Page File at Shutdown illegal for non-trainer use Introduction Implementing EFS in a domain environment can be a challenging task, even for the most experienced administrators. There are numerous decisions to make that will affect...
A CAPolicyinf file defines the
illegal for non-trainer use Definition A CAPolicy.inf file is an optional file that you can use to configure Certificate Services. You can use a CAPolicy.inf file for first-time installations of CAs or to renew root CAs and subordinate CAs. A CAPolicy.inf file provides the following Basic information about the CA. For example, it lists distribution points for the self-signed certificate and defines the implemented certification practice statement of the CA. Information about certificate...
Lesson Planning and Implementing EFS in a Domain Environment with a PKI
Guidelines for Planning for EFS in a Domain Environment with a PKI How to Determine if EFS Is Being Used on a Computer How to Change the Recovery Policy for a Domain How to Enable the 3DES Algorithm in Windows XP How to Clear the Page File at Shutdown This lesson describes how to plan for and implement EFS in a domain environment. Explain that an administrator needs to plan for implementing EFS in an organization. Discuss the guidelines covered in the topic. Also ask students if they have any...
Lesson Troubleshooting EFS
Guidelines for Managing Remotely Encrypted Files Guidelines for Troubleshooting Common Issues with EFS This lesson describes how to troubleshoot common EFS errors. Explain that an administrator needs to plan for managing remotely encrypted files. Discuss the guidelines covered in the topic. Also, ask students if they have any suggestions for best practices, and so on. Discuss some common EFS errors and explain how to troubleshoot these problems. Do not go too deep into this topic unless some...
How to Prevent SID Spoofing Using SID Filtering
When a domain administrator from a trusted domain attaches a well-known security principal onto the SID of a privileged user account from the trusted domain Enables administrators to discard credentials that use SIDs that are likely candidates for spoofing SID filtering must be disabled to allow migrated users and groups from other domains to access this domain's resources by using SIDHistory illegal for non trainer use Introduction In a secure Windows environment, users, computers, or services...
Wireless Network Architecture
This lesson explains the benefits of wireless networking. The lesson also describes the threats and vulnerabilities inherent in wireless networking and the wireless standards that you can use to reduce security threats. After completing this lesson, you will be able to Describe the benefits of wireless networks. Describe the threats to a wireless network. Describe the different wireless network standards and the security methods that can be used to secure them. Apply guidelines for using...
Allows the file to be encrypted locally on the client computer and then copied
When a file is encrypted on a remote server, either the server will download the user's roaming profile for the keys to encrypt the files, or unique keys will be generated locally on the remote server. This process can sometimes present a problem when sharing files on a remote server. For example, when a user is not using a roaming profile and encrypts a file on a remote server, there is no way to know which keys were used to encrypt the file. Additionally, when a user attempts to add another...
Practice Installing an SSL Certificate
In this practice, you will install an SSL certificate on a server In this practice, you will install an SSL certificate on dc1.cohovineyard.com. To complete this practice, you must be logged on to dc1.cohovineyard.com as the administrator. Your organization has given administrators in remote office locations the ability to enroll for and issue smart cards on behalf of users. To create a secure communication channel to the certificate services Web page, you will install a certificate and...
How to Create Static WINS Entries
illegal for non-trainer use Introduction Infrastructure servers include DHCP and Windows Internet Naming Service WINS servers. If these servers are attacked, users may not be able to get IP addresses or locate other computers by using their NetBIOS names. In this lesson, you will learn how to plan and configure secure baselines for infrastructure servers. Objectives After completing this lesson, you will be able to Use mitigation techniques to prevent security threats to infrastructure servers...