...50 LAB #3 | Enable Windows Active Directory and User Access Controls LAB #3 – ASSESSMENT WORKSHEET Enable Windows Active Directory and User Access Controls Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview This lab provided students with the hands-on skills needed to create a new Active Directory domain in Windows Server 2003 and demonstrated how to configure a centralized authentication and policy definition for access controls. The Active Directory users and workstation plug-ins were used to create users, groups, and configure role-based access permissions and controls on objects and folders in a Windows Server 2003 Active Directory system. Lab Assessment Questions & Answers 1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication, and Authorization. 2. What two access controls can be set up for Windows Server 2003 folders and authentication? Authentication and Access control. 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? What type of access control would best describe this access control situation? Assessment Worksheet 4. What is the mechanism on a Windows server where you can administer granular policies and 51 permissions on a Windows network using role-based access? 5. What is two-factor authentication...
Words: 478 - Pages: 2
...JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES LABORATORY MANUAL TO ACCOMPANY Security Strategies in Windows Platforms and Applications 1E REVISED 38542_FMxx.indd i 9/5/12 10:48 AM World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2013 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The Laboratory Manual to accompany Security Strategies in Windowa Platforms and Applications is an independent publication and has not been authorized, sponsored, or otherwise...
Words: 25969 - Pages: 104
...Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean? Discretionary access control List (DACL) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong 2. Why would you add permissions to a group instead of the individual? It is more resourceful and less time consuming. 3. List at least 3 different types of access control permissions available in Windows. Full Control, Modify, Execute, Read, Write 4. What are the least permissions that you need in order to view the contents of a folder? Read, so the user has access to any file on the system that they are entitled to, but they are not able to make any changes. 5. What are other available Password Policy options that could be enforce to improve security? ...
Words: 1093 - Pages: 5
...Lab 6 Controlling Access to local hardware and applications ------------------------------------------------- This lab contains the following exercises and activities: Exercise 6.1 | Installing Remote Server Administration Tools | Exercise 6.2 | Configuring Removable Storage Access Policies | Exercise 6.3 | Using AppLocker | Lab ChallengeLab Challenge | Creating an AppLocker Rule Based on File Hash Using Assigned Access | BEFORE YOU BEGIN The lab environment consists of student workstations connected to a local area network, along with a server that functions as the domain controller for a domain called adatum.com. The computers required for this lab are listed in Table 6-1. Table 6-1 Computers Required for Lab 6 Computer | Operating System | Computer Name | Server | Windows Server 2012 R2 | SERVERA | Client | Windows 8.1 Enterprise | CLIENTB | In addition to the computers, you will also need the software listed in Table 6-2 to complete Lab 6. Table 6-2 Software Required for Lab 6 Software | Location | Remote Server Administration Tools for Windows 8.1 (Windows8.1-KB2693643-x64.msu) | \\SERVERA\Downloads | Lab 6 student worksheet | Lab06_worksheet.docx (provided by instructor) | Working with Lab Worksheets Each lab in this manual requires that you answer questions, shoot screen shots, and perform other activities that you will document in a worksheet named for the lab, such as Lab06_worksheet.docx. You will find these worksheets...
Words: 2361 - Pages: 10
...________________________ Windows Server 2008 - Network Administration INDEX Sr. No. 1 Topic Dynamic Host Configuration Protocol (DHCP) Lab – 1: Installing DHCP Service Lab – 2: Creating a Scope Lab – 3: Creating DHCP Reservations Lab – 4: DHCP Server Backup and Restore Page No. 5 6 12 20 22 2 Domain Naming System (DNS) Lab – 1: Installing DNS Service Lab – 2: Creating Standard Primary Forward Lookup Zones Lab – 3: Creating Standard Primary Reverse Lookup Zones Lab – 4: Creating Secondary Zone Lab – 5: Creating Stub Zone Lab – 6: Creating Active Directory Integrated Primary zone Lab – 7: Conditional Forwarders Lab – 8: Forwarders Lab – 9& 10: Root Hints and Cache Server 24 25 27 33 38 42 44 47 48 49 3 Internet Information Services (IIS)- Web Server Lab – 1: Installing Internet Information Service - Web Server Lab – 2: Creating a Website Lab – 3: Configuring Redirection of Websites Lab – 4: Creating Virtual Directory Lab – 5: Changing the Website IP address or Port no Lab – 6: Creating Self-Signed Certificate for HTTPS Website Lab – 7: Creating a HTTPS Web Site 50 51 54 62 64 67 68 71 4 Internet Information Services (IIS)- Ftp Server Lab – 1: Installing Internet Information Service - FTP Server Lab – 2: Creating Do not Isolate User FTP Site Lab – 3: Creating Isolate User FTP Site Lab – 4: Creating Isolate User using Active Directory FTP Site 84 85 86 90 96 2 Windows Server 2008 - Network Administration 5 Routing Lab – 1: Assigning the...
Words: 12134 - Pages: 49
...Virtual Lab 1 1. Open the Server Manager console on your Windows Server 2008 computer. What selections are available to you in the left pane? The selections available to me include: Roles, Features, Diagnostics, Configuration, and Storage. 2. Using the Windows Help option, describe any roles and features that are currently installed on this server. There are currently no Roles or Features installed on the server. 3. Explain in your own words why it is a best practice to configure a server, such as a DNS server, with a static IP address rather than allowing it to obtain an IP address using DHCP. To put it simply, if the IP address of the server is consistently being changed by DHCP, then the ports that were opened up to allow the server to work through the firewall are going to be remain opened on the server’s old address, and not necessarily on the new one. This could cause applications to not run properly or at all, but worse, could create security vulnerabilities for the network. A static IP address allows other workstations on the network to easily keep track of the server. 4. Explore the netsh command menus. Record three commands that you can issue from the command line using netsh, and describe what each command does. 1. Exec- runs a script file 2. Add- adds a configuration entry to a list of entries 3. Online- sets the current mode to online Matt Carlson IT255.XM1.10WTR Instructor Vincent Tran January 9, 2010 Virtual Lab 2 ...
Words: 3462 - Pages: 14
...Week 1 Lab Part 1: Assess the Impact on Access Controls for a Regulatory Case Study Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: 1. Configure user accounts and access controls in a Windows Server according to role-based access implementation 2. Configure user account credentials as defined policy, and access right permissions for each user 3. Create and administer Group Policy Objects for the management of Windows Active Directory Domain machines within the IT infrastructure 4. Apply the correct Group Policy Object definitions per requirements defined by policies and access right permissions for users 5. Assign and manage access privileges as requested in the case study to apply the recommended and required security controls for the user accounts Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what...
Words: 1428 - Pages: 6
...University of Maryland University College Shiv LLC will greatly benefit from using Windows Server 2012 to manage their network. Windows Server 2012 brings great updates to security and functionality over past editions of Windows. In this proposal, the major areas I will cover are Active Directory, Group Policy, DNS, File Services, Remote Services, and WSUS (Windows Server Update Services). These major roles have features that will make Shiv LLC Company’s infrastructure run smoothly. Active Directory Shiv LLC will have sites across a large geographic location. Because of this, a regional domain model should be used. Domains will be broken down into where users are working. For example, currently Shiv LLC has three locations, Los Angeles, Dallas, and Houston. This means there will be three domains, representing each of these cities. This strategy will make sure the network can be maintained by regional administrators, who will only worry about users in their area of the network. With this style of deployment, it can be difficult to decide what will be the forest root domain. The main staff for the company is in two cities, Dallas and Houston. This makes it difficult to make one of these sites the forest root domain. To make this decision neutral, a dedicated forest root domain can be suggested. This domain will be created only to function as the forest root. It will not contain and users, except for service administrator accounts for the forest root. It will not represent...
Words: 466 - Pages: 2
...Lab 1.2 - Assignment 1) What does DACL stands for and what does it means? DACL (Discretionary access control list) is one of the most popular ACLs (access control lists). It allows or denies trustees access to computer and network resources. It identifies group permissions and determines whether to allow access a securable object or process 2) Why would you add permissions to a group instead of the individual? Because it’s more easy to handle a group than individual employees. Once you have the group setup with the permissions, you add or remove employees to there and you don’t have to do anything else 3) List at least 3 different types of access control permissions available in Windows Read, Write, Full Control, or No Access 4) What are the least permissions that you need in order to view the contents of a folder? Read 5) What are other available Password Policy Options that could be enforce to improve security? a) Strong and complex passwords: * Letters (capital and lower case) * Numbers * Symbols b) Educate users * Do not write passwords in front of the computer * Do not share passwords with friends and family * Do not use common names (friends, spouse, pet, etc) c) Administrators should follow best practices * Force employees to change passwords every 90 days * Do not let them use old passwords * Force employees to use minimum 8 characters 6) Is using the option to “store password using reversible...
Words: 989 - Pages: 4
...Lesson 5 Active Directory Administration Key Terms access token Created when a user logs on, this value identifies the user and all of the user’s group memberships. Like a club membership card, it verifies a user’s permissions when the user attempts to access a local or network resource. Anonymous Logon Special identity that refers to users who have not supplied a username and password. authenticate To gain access to the network, prospective network users must identify themselves to a network using specific user accounts. authentication Process of confirming a user’s identity using a known value such as a password, pin number on a smart card, or the user’s fingerprint or handprint in the case of biometric authentication. authorization Process of confirming that an authenticated user has the correct permissions to access one or more network resources. batch file Files, typically configured with either a .bat extension or a .cmd extension, that can be used to automate many routine or repetitive tasks. built-in user accounts Accounts automatically created when Microsoft Windows Server 2008 is installed. By default, two built-in user accounts are created on a Windows Server 2008 computer: the Administrator account and the Guest account. Comma-Separated Value Directory Exchange (CSVDE) Command-line utility used to import or export Active Directory information from a comma-separated value (.csv) file. Comma-Separated...
Words: 6605 - Pages: 27
...Active Directory Design Guide Thursday, 25 February 2010 Version 2.0.0.0 Baseline Prepared by Microsoft Prepared by Microsoft Copyright This document and/or software (“this Content”) has been created in partnership with the National Health Service (NHS) in England. Intellectual Property Rights to this Content are jointly owned by Microsoft and the NHS in England, although both Microsoft and the NHS are entitled to independently exercise their rights of ownership. Microsoft acknowledges the contribution of the NHS in England through their Common User Interface programme to this Content. Readers are referred to www.cui.nhs.uk for further information on the NHS CUI Programme. All trademarks are the property of their respective companies. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. © Microsoft Corporation 2010. All rights reserved. Disclaimer At the time of writing this document, Web sites are referenced using active hyperlinks to the correct Web page. Due to the dynamic nature of Web sites, in time, these links may become invalid. Microsoft is not responsible for the content of external Internet sites. Page ii Active Directory – Design Guide Prepared by Microsoft, Version 2.0.0.0 Last modified on 26 February 2010 Prepared by Microsoft TABLE OF CONTENTS 1 2 Executive Summary ..............................................................................................
Words: 43732 - Pages: 175
...Understanding Group Policy Objects – There are 3 subheadings listed as Local GPOs, Domain GPOs, and Starter GPOs. The differences between these groups are explained here. 2. B – Ch16 – Page 463 – Under – Viewing the Group Policy Container - By default, installing Active Directory Domain Services on Windows Server 2012 creates two GPOCs, corresponding to two default GPOs: Default Domain Policy and Default Domain Controller Policy. The two GPCs are named using globally unique identifiers (GUIDs) assigned to the GPOs during their creation. 3. D – Ch16 – Page 482 – Under – Create Local GPO – After logging on to a Windows Computer using an account with Administrative privileges, the Server Manager Console appears and the steps to create Local GPO, then Secondary GPO, then a Tertiary GPO and the policy settings for each GPO are outlined here. 4. A – Ch16 – Page 485 – Under – Skill Summary - Group Policies applied to parent containers are inherited by all child containers and objects. You can alter inheritance by using the Enforce, Block Policy Inheritance, or Loopback settings. 5. B – Ch16 – Page 462 – Under Local GPO - All Windows operating systems have support for local Group Policy objects, sometimes known as LGPOs. Windows versions Windows Server 2008 R2 and Windows Vista support multiple local GPOs and enables you to specify a different local GPO for administrators or to create specific GPO settings for one or more local users configured on a workstation. ...
Words: 1144 - Pages: 5
...PowerShell for the IT Administrator, Part 1 Student Lab Manual (v1.1) Microsoft | Services © 2012 Microsoft Corporation Microsoft Confidential ITOE Educate Conditions and Terms of Use Microsoft Confidential - For Internal Use Only This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or software included in such packages is strictly prohibited. The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address...
Words: 37959 - Pages: 152
...New Horizons Computer Learning Center of Cincinnati OFFICIAL MICROSOFT LEARNING PRODUCT 10174A Lab Instructions and Lab Answer Key: Configuring and Administering Microsoft® SharePoint® 2010 New Horizons Computer Learning Center of Cincinnati Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft® Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names...
Words: 74170 - Pages: 297
...ITT Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA NT2580 NT2670 Introduction to Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to Security Auditing for Compliance Countermeasures Information Security Email and Web Services NT1230 NT1330 Client-Server Client-Server Networking I Networking II IS3230 IS3350 NT1230 NT1330 Issues Client-Server Client-Server SecurityContext in Legal Access Security Networking I Networking II NT1110...
Words: 2305 - Pages: 10
