[ Pobierz całość w formacie PDF ]
.Read EarthWeb's privacy statement.http://corpitk.earthweb.com/reference/pro/1928994024/ch05/05-01.html (3 of 3) [8/3/2000 6:52:51 AM] Configuring Windows 2000 Server Security:Security Configuration Tool SetConfiguring Windows 2000 Server Securityby Thomas W.Shinder, M.D., MCSE, MCP+I, MCT, Debra Littlejohn Shinder, MCSE, MCP+I, MCT,D.Lynn White, MCSE, MCPS, MCP+I, MCTSyngress Publishing, Inc.ISBN: 1928994024 Pub Date: 06/01/99Search this book:Search TipsAdvanced SearchPrevious Table of Contents NextTable 5.1 Default and Incremental Security TemplatesTitleTemplate security Level DescriptionBasic These include the basic*.inf templates.Use these tocorrect configuration.These Basic or Defaulttemplates allow the administrator to roll back-----------security to the original installation defaults.Compatible These are the compat*.inf templates.By default, allusers are Power Users on Windows 2000professional.If you do not want your users to havePower User rights, the Compatible configurationalters the default permissions for the Users group sothat legacy applications can run properly.Manyapplications required that a user have an elevatedlevel of permissions in order to run properly.This isnot a secure environment.Secure These are the secure*.inf templates.The Securetemplates will increase the level of security forAccount Policy, certain Registry keys, and Auditing.Permissions to file system objects are not affectedwith this configuration.Highly Secure These include the hisec*.inf templates.HighlySecure configurations add security to networkcommunications.IPSec will be configured for thesemachines, and will be required for communications.Downlevel clients will not be able to communicateDedicated Domain Controller The dedica*.inf templates.These templates optimizesecurity for local users on domain controller that donot run other server applications (which is thepreferred configuration for domain controllers).http://corpitk.earthweb.com/reference/pro/1928994024/ch05/05-02.html (1 of 3) [8/3/2000 6:52:55 AM] Configuring Windows 2000 Server Security:Security Configuration Tool SetThe secedit.exe Command Line ToolThe secedit.exe Command Line tool offer much of the functionality of the Security Configuration andAnalysis snap-in from the command line.This allows the administrator to script security analyses for manymachines across the enterprise, and save the results for later analysis.The reporting capabilities of the secedit.exe tool are limited.Although you can perform a security analysisfrom the command line, you cannot view the results of the analysis with secedit.exe.You must view theresults of the analysis from the graphic Security Configuration and Analysis snap-in interface.Security ConfigurationsOne limitation of the security templates, at this time, is that you cannot test security configurations defined inthe database against current domain or organizational unit security configurations.This functionality willprobably be included with future releases.Figure 5.1 shows the Security Configuration and Analysis snap-intogether with the Security Templates snap-in to create a central security console for managing security policythroughout the organization.Figure 5.1 This is the Security Configuration and Analysis snap-in Security Console.By using the provided security templates, the administrator can implement well thought out and testedsecurity constructions to a new domain rollout without having to reinvent the wheel.Customizations to theprovided security templates can be made at the network manager s convenience as time and experienceallow.Security Configuration and Analysis DatabaseThe Security Configuration and Analysis snap-in database contains all the existing security propertiesavailable for Windows 2000 computers.It does not add any additional settings or extend the securitycapabilities of the operating system.The Security Configuration and Analysis snap-in database contains theadministrator s security preferences.The database is populated with entries derived from security templates.You have the choice to import multiple templates and merge the contents of those templates, or you canimport templates in their entirety after the previous database entries have been cleared.The database is central in the security analysis process.The administrator can initiate a security analysis afterconfiguring the entries in the database to meet the organization s perceived needs.The security analysis willcompare the settings in the database with the actual settings implemented on the local computer.Individualsecurity settings will be flagged by an icon that will change, depending on whether the actual securitysettings are the same or different from those included in the database.You will also be informed if there aresettings that have not been configured at all, and thus may require the administrator s attention.Figure 5.2 shows the results of a security analysis.Prior to the security analysis, the administrator configuredthe preferred security settings into the database.After the database had been populated with an ideal securityscenario, it was tested against the current machine settings.A green check mark indicates that the currentmachine settings are the same as those set in the database; a red  x indicates that there is a conflict, and ageneric icon indicates that the setting was not defined in the database.Figure 5.2 These are the results of a Security Analysis in the Security Configuration and Analysis snap-in.After the analysis has been performed, the administrator can then make changes to the database as desiredand rerun the analysis.When the database matches the precise security configuration required, theadministrator can then apply the settings in the database to the local machine s security policy.http://corpitk.earthweb.com/reference/pro/1928994024/ch05/05-02 [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • higrostat.htw.pl

    •