Analyzing, Configuring, and Monitoring Windows NT 4.0 Security

• By Jim Cooper, Dennis Maione, Roberta Bragg
• Apr 5, 2002
• Sample Chapter is provided courtesy of New Riders

This chapter is from the book
MCSE Training Guide (70-244) Supporting and Maintaining a Windows NT Server 4.0 Network

Objectives

This chapter covers the following Microsoft-specified objectives for the Configuring and Troubleshooting Users and Groups, Configuring and Troubleshooting Users and System Policies, and Analyzing, Configuring, and Monitoring Security sections of the Supporting and Maintaining a Microsoft Windows NT Server 4.0 Network exam:

• Configure troubleshoot account policy. Considerations include password uniqueness, password length, password age, and account lockout.

Not all users are created equal. As a result, you need to be able to adjust account permissions and restrictions (at a domain, not a resource, level) to suit individuals or groups. Account policy enables you to control the password complexity and change policy to ensure that security is maintained in your domain.

• Configure and troubleshoot system policies. Considerations include client computer operating systems, file locations and names, and interaction between local security policy and system policies.

• Configure user-specific system policies.

• Configure computer policies.

Often you will find a need to customize the environment in which users work. This might include logon banners, wallpaper available, icons on the desktop, and Start menus. System policies enable you to easily apply these kinds of environmental restrictions to a user without having to run scripts or to configure each machine by hand.

• Implement auditing and monitor security. Implementation includes configuring audit policy, enabling auditing on objects, and analyzing audit logs.

Auditing enables you to track resource access and to check for possible attempts to access forbidden resources. Configuring audit policies, enabling auditing, and doing analysis will enable you to get a good picture of resource access (both successful and failed) in your domain.

• Analyze and configure the operating system environment and the user environment by using Security Configuration Manager.

• Apply the appropriate security template based on server function.

• Analyze the current environment and customize existing security templates to meet organizational security requirements.

The Security Configuration Manager enables you to create security configurations that you can use to ensure that all your machines meet a specific minimum-security standard. It also enables you to audit the configurations of your Windows NT machines to see where changes are required. In addition, it also enables you to just apply a standard configuration to each machine.

• Configure and troubleshoot trust relationships. Considerations include cross-domain resource access and one-way trusts versus two-way trusts.

In a multidomain environment, the issue of allowing users from one domain to access the resources in another comes to the fore. Trusts are the primary mechanism for allowing such access. This objective introduces you to the creation, maintenance, and troubleshooting of trusts and the resource access issues that they solve.

Study Strategies

• The account policy section might seem straightforward. On the exam, you might not get tripped up by the mechanics of the settings. However, you could get tripped up by the implications of them. Be sure that you have a good understanding of why certain settings are important, and when you would use them. That way, if you are given questions with seemingly incidental information about the minimum or maximum password length, you can determine whether the information provided is important to the question or just peripheral data.

• When studying for the parts of the exam pertaining to system policy, you cannot avoid opening the policy editor and creating a policy file. You will need to know the difference between creating a policy file for Windows NT machines (NTCONFIG.POL) and for non-NT machines (CONFIG.POL) as well as the path in which to save them. You also should play with the policy editor in both Policy mode and Registry mode.

• Because the Security Configuration Manager is new, expect a number of questions on it. You need to know the GUI as well as command-line versions and what each will do. Know at least the four main switches to use in the command-line editor. In addition, be familiar with the major sections you can modify in the GUI version and how a template becomes a database and then how you can use that database to analyze and configure a Windows NT system.

• For the trust portion of the exam, you need to understand the terminology of trusts. This cannot be overstated. Be sure you understand which is the trusted and trusting domain in a one-way trust relationship. Be sure you understand what is meant when you are told that A trusts B. Know about the intransitivity of trust relationships. Also, know the five trust models and what the basic configuration is (users in trusted domains, resources in trusting domains).

Introduction

As you can see by the chapter outline, this chapter covers a variety of advanced topics. The concept that binds them all together is that of security. In a secure environment, the following are true:

• Users are asked to change their password frequently (account policy).

• Users get access only to the system resources that they need to access (system policy).

• Periodic checks ensure that attempts at unauthorized access to resources are discovered and corrected/prevented (auditing).

• All servers are maintained at an identifiable standard of security (Security Configuration Manager).

• The interaction between domains is controlled and done in a way so as not to compromise the security of either domain (trusts).

This chapter discusses all of these topics.