Administración y Seguridad en Windows Server 1
Managing Security Settings in Windows Server with Group Policy
Estela Cruz ...
Administración y Seguridad en Windows Server 2
ABSTRACT
To safeguard Windows it’s required a successful deployment of Grou...
Administración y Seguridad en Windows Server 3
KEYWORDS
 Security
 Configuration
 Templates
 Passwords
Administración y Seguridad en Windows Server 4
INTRODUCTION
Group Policy is implemented in Windows Server since its incept...
Administración y Seguridad en Windows Server 5
Security Auditing Overview
Feature description
Security auditing is a power...
Administración y Seguridad en Windows Server 6
AUDIT GUIDELINES
Before implementing an audit, you must decide on an audit....
Administración y Seguridad en Windows Server 7
CONFIGURATION SET OR CHANGE OF DIRECTORS OF A CATEGORY EVENT.
When defining...
Administración y Seguridad en Windows Server 8
APPLY OR MODIFY THE SETTING OF DIRECTORS AUDIT OF A STOCK OR A
LOCAL FOLDER...
Administración y Seguridad en Windows Server 9
Important: Before you configure auditing of files and folders, you must ena...
Administración y Seguridad en Windows Server
10
SAFETY CHECK REGISTER
The security log records every event as defined in a...
Administración y Seguridad en Windows Server
11
RESULTS
With this research we tried to understand more about Group Policy,...
Administración y Seguridad en Windows Server
12
 A well-planned design will help ensure a successful deployment of Group
...
Administración y Seguridad en Windows Server
13
DISCUSSION OF RESULTS
Try conscientiously implement Group Policy in a test...
Administración y Seguridad en Windows Server
14
REFERENCES:
http://technet.microsoft.com/library/cc771475.aspx
http://tech...
Upcoming SlideShare
Loading in …5
×

Managing security settings in windows server with group policy

326 views

Published on

Published in: Engineering, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
326
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Managing security settings in windows server with group policy

  1. 1. Administración y Seguridad en Windows Server 1 Managing Security Settings in Windows Server with Group Policy Estela Cruz Díaz Miguel A. Morales de la Cruz Francisco de Jesús Sánchez Enríquez Instituto Tecnológico de Tuxtepec Febrero 2014
  2. 2. Administración y Seguridad en Windows Server 2 ABSTRACT To safeguard Windows it’s required a successful deployment of Group Policy, which depends on Active Directory and is the primary means for securing servers and desktop environments. Group Policy can define the status of the work environment of users and computers allowing recovery services, securities registration, account policies, group memberships and other features of machines on the network. Provide to administrators a high degree of administrative control over users and computers on the network. The main objective of this article is to give you ways of how security policies, through Group Policy allow to define the procedures for configuring and managing security to computing environment.
  3. 3. Administración y Seguridad en Windows Server 3 KEYWORDS  Security  Configuration  Templates  Passwords
  4. 4. Administración y Seguridad en Windows Server 4 INTRODUCTION Group Policy is implemented in Windows Server since its inception infrastructure, which allows you to specify managed for users and computers through Group Policy settings and policy preferences settings. You can manage your settings and preferences in an environment of Domain Services Active Directory through the Management Console Group Policy Management (GPMC). Group Policy is an infrastructure that allows to implement specific configurations for users and computers. Unfortunately, these guidelines are not easy to implement, since they are linked to Active Directory containers and therefore users must first know this tool. This article aims to IT professionals and general users to understand the characteristics of security auditing in Windows and how your organization can benefit from using these technologies to enhance security and network administration.
  5. 5. Administración y Seguridad en Windows Server 5 Security Auditing Overview Feature description Security auditing is a powerful tool to help maintain the security of an enterprise. Auditing can be used for a variety of purposes, including forensic analysis, regulatory compliance, monitoring user activity, and troubleshooting. Industry regulations in various countries or regions require enterprises to implement a strict set of rules related to data security and privacy. Security audits can help implement such policies and prove that these policies have been implemented. Also, security auditing can be used for forensic analysis, to help administrators detect anomalous behavior, to identify and mitigate gaps in security policies, and to deter irresponsible behavior by tracking critical user activities. Managing security auditing To use security auditing, you need to configure the system access control list (SACL) for an object, and apply the appropriate security audit policy to the user or computer. For more information, see Managing Security Auditing. (http://technet.microsoft.com/library/cc771475.aspx).
  6. 6. Administración y Seguridad en Windows Server 6 AUDIT GUIDELINES Before implementing an audit, you must decide on an audit. An audit policy specifies the categories of security-related events you want to audit. When this version of Windows is first installed, all audit categories are disabled. Enabling several categories of audit events, you can deploy an adequate audit to the security needs of your organization. Event categories you can choose to audit are:  Audit logon events account  Audit account management  Audit directory service access  Audit logon events  Audit object access  Audit policy change  Audit privilege use  Audit process tracking  Audit system events If you choose to audit access to objects as part of your audit, you must enable the category Audit directory service access (for audit objects in a domain controller) or category Audit object access (to audit objects a member server or workstation). After you enable the Object Access category, you can specify the types of access you want to audit for each group or user. To enable auditing of local objects, you must be logged as member of the predefined administrator accounts.
  7. 7. Administración y Seguridad en Windows Server 7 CONFIGURATION SET OR CHANGE OF DIRECTORS OF A CATEGORY EVENT. When defining auditing settings for specific event categories, you can create a proper audit for security needs of your organization. On servers and work stations member who join a domain, configuration audit event categories are not defined by default. On domain controllers, auditing is enabled by default. To set or change the configuration of the audit policy for a category of events on the local computer 1. Open the Local Security Policy snap-in and select Local Policies. 2. In the console tree, click Audit Policy. Where?  Security Settings / Local Policies / Audit Policies 3. In the results pane, double-click an event category for which you want to modify the audit policy setting. 4. Perform one of the following, or both, and click OK.  To audit successful attempts, select the Success check box.  To audit unsuccessful attempts, select the Failed check box ADDITIONAL CONSIDERATIONS  To open Microsoft Management Console using the Windows interface, click Start, in the Start Search text box, type mmc, and then press ENTER.  To audit access to objects, enable auditing of the category of object access events following the steps above. Next, enable auditing specific object.  After configuring the audit, the events are stored in the security log. Open the Security log to view these events.  The default configuration of the audit policy for domain controllers is No Auditing. That means that even if auditing is enabled in the domain, domain controllers do not inherit auditing policy locally. If you want the audit policy to apply to domain controllers, you must modify this policy setting.
  8. 8. Administración y Seguridad en Windows Server 8 APPLY OR MODIFY THE SETTING OF DIRECTORS AUDIT OF A STOCK OR A LOCAL FOLDER. To apply or modify auditing policy settings for a local file or folder. 1. - Open Windows Explorer. 2. - Click the right mouse button on the file or folder you want to audit, click Properties, then click the Security tab. 3. - Click Edit, and then click Advanced. (If not logged in as a member of the Administrators group on this computer, you must provide administrative credentials to continue). 4. - The box for Advanced Security Settings dialog <object> click the Auditing tab. 5. - Do one of the following steps:  To configure auditing for a user or group, click Add. In Enter the object name to select, type the name of the user or group you want, and then click OK.  To remove auditing for an existing group or user, click on their name, click Remove, click OK, and then skip the rest of this procedure.  To view or change auditing for an existing group or user, click on his name and then click Edit. 6.- In the Apply onto box, click the location where you want the audit is conducted. 7. - In the Access box, indicate what actions you want to audit to do so, check the appropriate boxes:  To audit successful events, select the Success check box.  To stop auditing successful events, clear the Success check box.  To audit unsuccessful events, select the Failed check box.  To stop auditing unsuccessful events, clear the Failed check box.  To stop auditing all events, click Clear All. 8. - If you want to prevent files and subfolders of the original object from inheriting these audit entries, select the Apply these auditing entries to objects and / or containers within this container only check box.
  9. 9. Administración y Seguridad en Windows Server 9 Important: Before you configure auditing of files and folders, you must enable Audit object access; to do this, set the audit policy setting for the category of object access events. If you do not enable the Audit object access, an error message to set up auditing for files and folders appear, and no files or folders are audited. Additional Considerations  You must be logged on as a member of the Administrators group or you must have been granted the right to Manage auditing and security in Group Policy to perform this procedure.  To open Windows Explorer, click Start, point to All Programs, click Accessories, and then click Windows Explorer.  After you enable auditing of object access, see the Security log in Event Viewer to check the result of the changes.  You can only configure auditing of files and folders on NTFS drives.  If you notice any of the following situations, the audit has been inherited from the parent folder: o Check the box to audit Folder> file> or dialogue in the Access box, the boxes are not available. o In the box for Advanced Security Settings dialog file> or Folder>, the Remove button is unavailable.  Because the security log is limited in size, select the files and folders to be audited. Also consider the amount of disk space you want to devote to the security log. The maximum size of the security log is defined in Event Viewer.
  10. 10. Administración y Seguridad en Windows Server 10 SAFETY CHECK REGISTER The security log records every event as defined in audit policies established in each object. To view the security log 1. - Open the event viewer. 2. - In the console tree, open Global Records, and then click Security. The results pane lists individual security events. 3. - If you want more details about a specific event, double-click the event in the results pane. Additional Considerations  To open Event Viewer, click Start, Control Panel, System and Maintenance, double-click Administrative Tools, and then double-click Event Viewer.  If the computer is connected to a network, it is likely that the network policy settings prevent you from performing the procedure.
  11. 11. Administración y Seguridad en Windows Server 11 RESULTS With this research we tried to understand more about Group Policy, one of the tools that can be used in order to have more effective in the field of security settings in Windows Server Administration. This topic is of great importance because the Server Administrator Windows Server 2008 enables you to view and manage almost all the information and tools that affect the productivity of a server. Server Manager increases the efficiency of server administration, since a single tool (Group Policy) allows administrators to:  View and modify the functions and features installed on the server.  Perform administrative tasks associated with the operational lifecycle of the server.  Determine server status, identify critical events, and analyze configuration errors.  Install or remove roles, role services, and features. The process to implement a Group Policy solution involves planning, design, implement and manage the solution. During the design phase:  Define the scope of Group Policy.  Determine the values of policy settings that apply to all corporate users.  Classify users and equipment according to their functions and locations.  Plan desktop configurations depending on the requirements of users and computers.
  12. 12. Administración y Seguridad en Windows Server 12  A well-planned design will help ensure a successful deployment of Group Policy. The implementation phase begins with an essay in a test environment. The process includes:  Creating standard desktop configurations.  Filter the scope of Group Policy objects.  Specifying exceptions to default inheritance of Group Policy.  Delegating administration of Group Policy.  Evaluation of effective policy settings using Group Policy Modeling.  Evaluation of results using Group Policy Results. Use of a technique for searching for information was made, this technique is known as an exact phrase, because this is to locate key words or keywords, then locates documents containing the word to start.
  13. 13. Administración y Seguridad en Windows Server 13 DISCUSSION OF RESULTS Try conscientiously implement Group Policy in a test environment before deploying it in a production environment. Consider an iterative implementation of Group Policy: Instead of implementing settings 100 new Group Policy, first try and implement some values only to validate that the infrastructure of the Group Policy is working correctly. Finally, be prepared to maintain Group Policy setting control procedures for working with objects. Before designing the implementation of Group Policy, you must understand the current organizational environment and perform some preparatory steps in the following areas: Active Directory: make sure the design of organizational units in Active Directory for all domains in the forest supports the application of Group Policy. For more information, see about designing an OU structure. Red: Make sure that the network meets the requirements of technology change management and configuration. For example, since the group policy works only with fully qualified domain names, the Directory Name Service (DNS) must be running in the forest in order to process the group policy correctly. Security: Get a list of security groups that are currently in use in the domain. Work with security administrators, as it delegates the responsibility for the administration of the OU. IT Requirements: Get a list of administrative owners and corporate standards administrative domains and OUs in the domain. This will develop a good plan of delegation and ensure that Group Policy is inherited correctly.
  14. 14. Administración y Seguridad en Windows Server 14 REFERENCES: http://technet.microsoft.com/library/cc771475.aspx http://technet.microsoft.com/en-us/library/dn319078.aspx http://technet.microsoft.com/es-es/library/cc730601.aspx http://technet.microsoft.com/es-es/library/cc732450.aspx http://technet.microsoft.com/es-es/library/cc771070.aspx http://technet.microsoft.com/es-es/library/cc731826.aspx http://technet.microsoft.com/es-es/library/dd349801(v=ws.10).aspx http://technet.microsoft.com/es-es/library/cc728909.aspx http://technet.microsoft.com/es-es/library/hh801901.aspx

×