Windows security for n00bs part 1 Security architecture & Access Control

Size: px
Start display at page:

Download "Windows security for n00bs part 1 Security architecture & Access Control"

Transcription

1 Grenoble INP Ensimag _ (in)security we trust _!! SecurIMAG Windows security for n00bs part 1 Security architecture & Access Control Description: whether you are in favor or against it, the Windows NT OS does not let any IT engineer nor researcher indifferent. We will first introduce some basics regarding the OS structure, then talk about authentication, and each time remind some attacks. Lecturer: Fabien Duchene WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and opinions are not related to Ensimag. The authors assume no liability including for errors and omissions.

2 Summary 0. Introduction 1. Security components 2. Access control ==next session== Memory (Guillaume & Karim) ==next next session== 3. Authentication (Fabien) 4. Network (Fabien)

3 0. Introduction What Windows is What else not? Windows NT brief history Talk perimeter

4 0. Introduction What windows is? A major OS in the market # numbers Windows XP SP3 major in the corporation client OS o ~ 10y old

5 0. Introduction What else not? NOT The most secure system ever built Important attack surface but ability to harden it NOT The most configurable OS Source code «normally» not available o Government, security agencies o you know where ;)

6 0. Windows NT brief history NT 4.0 (1996) NT 5.0 (1999) NT5.1 (2001) NT6.0 (2008) NT 7 (2009) 2000 XP Vista, Server , Server 2008 R2 SSPI DEP ASLR More granular UAC MSGINA Integrity Levels NLA firewall UAC BitLocker CredentialProviders

7 0. Talk perimeter Security mechanisms regarding: Windows XP Vista And 7 Not necessarily presented per version, but more per functionality

8 1. Windows NT6 & NT7 Security components Security components (Windows Vista ie NT6) Windows XP vs Vista & 7 processes hierarchy Security Reference Monitor (SRM) Local Security Authority SubSystem (LSASS) Session Manager SubSystem (SMSS) Wininit Services SAM

9 1.1. Security components (Windows Vista) System threads Session Windows Mgr DLLs Windows LSA DLLs Windows Winlogon DLLs Windows Wininit DLLs Windows DLLs I/O Manager Device & File System Driver Cache manager Service Host Windows Print spooler DLLs Windows DLLs Task Mgr SubSystem Explorer DLLs User SubSystem application DLLs System service dispatcher (Kernel-mode callable interfaces) Object Manager PnP Manager NTDLL.DLL Power Manager Security Ref. Monitor Kernel SubSystem DLLs Virtual Memory Process Mgr Hardware Abstraction Layer (HAL) Configuration Mgr (Registry) Local Procedure Call POSIX Windows DLLs Windows Win32 USER, GDI Graphics Drivers User Mode Kernel Mode Windows Internals, 5th Edition Windows Vista & Server 2008, Mark Russinovich, David Salomon

10 1.2. Windows XP processes hierarchy System Idle Process (0) System (4) Explorer.exe Interrupts SMSS Notepad.exe cmd.exe CRSS Winlogon Services LSASS Service1 (identity1)

11 1.2. Windows Vista & 7 process hierarchy Thanks to ProcessExplorer ;) System Idle Process (0) System (4) CRSS CRSS Wininit winlogon Explorer.exe Interrupts SMSS Services LSASS Notepad.exe cmd.exe Service1 (identity1)

12 1.2. Security Reference Monitor Controls performed on objects and access allowed or restricted regarding Privileges Users rights (ACL) Generating auditing entries Security Ref. Monitor

13 1.3. Local Security Authority SubSystem User-mode process running under SYSTEM identity SID=S Authentication o Trusted domains Token LSA Policy Privileges Netlogon LSA Server LSASS Msv1_0.dll Kerberos.dll Audit entries (security event user logs) Parameters stored under HKLM\security Active Directory SAM Server Active Directory SAM Mécanismes internes de la sécurité Windows, Pascal Saulière, 2010, Microsoft Event Logger

14 1.3. LSASS enforces password policy Locally or via GPO configurable

15 Session Manager SubSystem (SMSS)

16 WinInit.exe

17 Services

18 2. Access Control Access control? Securable Windows NT objects SID Privileges Security Descriptor Access Control Lists Token Impersonation Mandatory Integrity Levels Auditing

19 Access Control? Several models: Mandatory Access Control o Several levels o Eg (Windows NT): Mandatory Integrity Level Discretionary Access Control: o Eg (Windows NT): Files ACL Role-Based Access Control o When ACL permissions are only defined on security groups

20 Securable Windows NT Objects Mailslots Timers Peripherals Semaphores Files Access tokens Jobs Window stations Shared Desktops memory sections I/O SMB completion shares ports Pipes Services (named & anonymous) LPC Registry ports keys Events Printers Mutexes SecurIMAG - Windows security for n00bs part 1 - Fabien Windows Internal 5 th Edition (Windows Vista & Server 2008)

21 Security Identifier (SID) Statistically unique worldwide Not all AD Objects do own a SID ONLY the following AD objects: o Computer: (when the computer joins the domain) o Domain controllers: (same above) o User/service account (when the account is created) o Security group (a security group can contain security groups, users, and computers) These objects are named security principal. They all: o owns a SID: user account SID o member of [0..n] security groups: Group SIDs 24 Technical overview of the Microsoft PKI ADCS 2008 R2

22 Brief SID summary S Revision Level 4 bits Valeur : 1 Authority, 48 bits 0 = null 1 = world 2 = local 3 = creator owner 4 = non unique 5 = NT Domain / Computer SID RID du compte 500 = Administrator 501 = Guest 1000 = user = user2 Sub-Authorities(=RID) Exemples : 0 = null 0 = world 0 = creator owner 1 = creator group 2 = creator owner server 3 = creator group server Well-Known SID examples: S-1-0-0: Null S-1-1-0: Everyone S-1-2-0: Local S-1-3-0: Creator Owner S-1-3-1: Creator Group S-1-5-1: Dialup S-1-5-2: Network S-1-5-3: Batch S-1-5-4: Interactive S X-Y : Logon Session S-1-5-6: Service S-1-5-7: Anonymous Logon S-1-5-9: Enterprise Domain Controlers S : Self S : Authenticated Users S : Restricted S : Terminal Server User S : Remote Interactive Logon S : System (LocalSystem) S : Local Service S : Network Service

23 Well-Know SID for the «built-in» groups SID S S S S S S S S S S S S Name Administrators Users Guests Power Users Account Operators Server Operators Print Operators Backup Operators Replicator Pre-Windows 2000 Compatible Access Remote Desktop Users Network Configuration Operators

24 RID examples for SID S-1-5-domain-500 S-1-5-domain-501 S-1-5-domain-502 S-1-5-domain-512 S-1-5-domain-513 S-1-5-domain-514 S-1-5-domain-515 S-1-5-domain-516 S-1-5-domain-517 S-1-5-root domain-518 S-1-5-root domain-519 S-1-5-domain-520 S-1-5-domain-553 Name Administrator Guest krbtgt Domain Admins Domain Users Domain Guests Domain Computers Domain Controllers Cert Publishers Schema Admins Enterprise Admins Group Policy Creator Owners RAS and IAS Servers

25 Know your SID! whoami /all

26 Storing SID? https://secure.wikimedia.org/wikipedia/en/w iki/security_identifier Technical overview of the Microsoft PKI ADCS 2008 R2

27 Privileges Right to perform a specific action on several Windows NT objects. Eg: Shutdown the computer Allow logon locally Load and Unload Devices drivers Create a pagefile Ajust memory quotas for processes

28 Privileges changing them graphically Windows Server 2008 and WS 2008 R2 user rights -

29 Privileges - Know yours! whoami /all once more usefull!

30 Security descriptor for a securable object S contains ACL: DACL: contains 0 n ACE o ACE: a security principal (SID) SACL: log who attempted to perform specific actions on S

31 Access Control Lists a list of ACE (Access Control Entries) ACE: right/privilege/permission given to a specific SID on a specific object/resource Resource examples: Shared folder LDAP object certificate template 36 Technical overview of the Microsoft PKI ADCS 2008 R2

32 DACL File object Security descriptor ACE ACE Windows Internals, 5th Edition Windows Vista & Server 2008, Mark Russinovich, David Salomon Technical overview of the Microsoft PKI ADCS 2008 R2

33 ACL application order From the most "generic" scope to the most precise one Technical overview of the Microsoft PKI ADCS 2008 R2

34 Exercise is Sophie able to? Technical overview of the Microsoft PKI ADCS 2008 R2 https://ensiwiki.ensimag.fr/index.php/fichie r:4mmsr-ensimag-telecom-2a- Network_Security-Examination EN_US.pdf

35 SMB Share ACL Share ACL are applied Then system ACL

36 Token Security context: thread, process Privileges, SPN (user SID, group SIDs) Logon process: Winlogon creates a token related to a user Inheritance: a child process automatically inherits the token of the parent Token fields immutable (because located in the kernel memory) Token Source Impersonation type Token ID Authentication ID Modified ID Expiration time Default Primary Group Default DACL User Account SID Group 1 SID Group n SID Restricted SID 1 Restricted SID n Privilege 1 Privilege n

37 Token kernel structure on Windows 7

38 Token - administrator "Complete"/"normal Restricted token» token SecurIMAG - Windows security for n00bs part 1 - Fabien

39 Restricted token runas /trustlevel:0x20000 cmd.exe SRP

40

41 Software Restriction Policy Enforce restricted token via group policy for specific executables

42 Mandatory Integrity Level Ensured by the SRM Processes isolation Mandatory Access Control Depending of the process "integrity» Ability to interact with "lower integrity objects" only Mandatory Access Control (Wikipedia)

43 Mandatory Integrity Level - example System 0x4000 Eg: WININIT.EXE High 0x3000 Eg: Admin processes Medium 0x2000 Eg: OUTLOOK.EXE Low 0x1000 Eg: IEXPLORE.EXE Untrusted 0x0000 Processes Object (could be a process) System Eg: kernel variables High Medium Low Untrusted Mandatory Access Control (Wikipedia)

44 Mandatory Integrity Level

45 Shatter attack

46 DLL injection Priviledge: SE_DEBUG (by default only Administrators)

47 Priviledge SE_DEBUG Debug programs o This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution Assigning this user right can be a security risk. Only assign this user right to trusted users. Default: Administrators

48 Mandatory Integrity Level - advantages Consequences: Blocks SHATTER attacks Blocks DLL injection in a higher integrity process!

49 Impersonation

50 User Access Control

51 UAC granularity (Windows 7) Inside Windows 7 UAC

52 UAC autoelevation? Frequent question: when you change the UAC level alert, for which executable will Windows 7 allow to autoelevate? Marker in the executable: <asmv3:windowssettings xmlns="http://schemas.microsoft.com/smi/2005/window ssettings"> <autoelevate>true</autoelevate> </asmv3:windowssettings>

53 UAC autoelevate markers / whitelist

54 UAC attack? How to auto-elevate without the user being prompted? Add that marker to your executable! Additional requirement: executable to be signed by Microsoft! Thus prevening EXTERNAL ones from autoelevating injecting a DLL into an autoelevated allowed executable. Problems: Mandatory integrity levels:

55 Auditing

Security. Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik. Copyright 2001-2004 Hermann Härtig, Ronald Aigner

Security. Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik. Copyright 2001-2004 Hermann Härtig, Ronald Aigner Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik Outline Ratings System Components Logon Object (File) Access Impersonation Auditing 2 Ratings National Computer Center (NCSC) part

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Windows Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Microsoft Windows Family Tree Key security milestones: NT 3.51 (1993): network drivers and

More information

SECURITY SUBSYSTEM IN WINDOWS

SECURITY SUBSYSTEM IN WINDOWS Operating Systems SECURITY SUBSYSTEM IN WINDOWS Zoltán Micskei http://www.mit.bme.hu/~micskeiz Budapesti Műszaki és Gazdaságtudományi Egyetem Neeraj Suri Méréstechnika és Információs Rendszerek Tanszék

More information

Windows Security Environment

Windows Security Environment Motivation Popularity, widespread use of Windows Big surface, big impact Protection via user/kernel architecture and CPU modes Multiple-users environment, same physical resources Easy to install < security

More information

Windows Server 2008/2012 Server Hardening

Windows Server 2008/2012 Server Hardening Account Policies Enforce password history 24 Maximum Password Age - 42 days Minimum Password Age 2 days Minimum password length - 8 characters Password Complexity - Enable Store Password using Reversible

More information

WINDOWS INS AND OUTS MICHELE SENSALARI MCT, MCSE, MCSA,

WINDOWS INS AND OUTS MICHELE SENSALARI MCT, MCSE, MCSA, WINDOWS INS AND OUTS MICHELE SENSALARI MCT, MCSE, MCSA, MCITP MICHELE@SENSALARI.COM, @ILSENSA7 DA WINDOWS 1 A WINDOWS 10 SO MajorNumber MinorNumber Note Windows Vista 6 0 6=6+0 Windows 7 6 1 7=6+1 Windows

More information

Windows Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger. www.cse.psu.edu/~tjaeger/cse497b-s07/

Windows Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger. www.cse.psu.edu/~tjaeger/cse497b-s07/ Windows Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ Windows Security 0 to full speed No protection system in early versions

More information

Web. Security Options Comparison

Web. Security Options Comparison Web 3 Security Options Comparison Windows Server 2003 provides a number of Security Options that can be applied within the scope of managing a GPO. Most are the same as those available in Windows 2000.

More information

windows maurizio pizzonia roma tre university

windows maurizio pizzonia roma tre university windows maurizio pizzonia roma tre university 1 references M. Russinovich, D. A. Solomon Windows Internals: Including Windows Server 2008 and Windows Vista 5 th ed. Microsoft Press 2 architecture overview

More information

Objectives. Windows 7 Security. Desktop OS Market Share. Windows Background. CS140M Fall 2014. Lake

Objectives. Windows 7 Security. Desktop OS Market Share. Windows Background. CS140M Fall 2014. Lake Objectives Windows 7 Security By Al Fall 2014 CS 140M LBCC Background Windows Security Architecture Windows Vulnerabilities Means of Evaluating Metrics System Hardening Windows Defenses OS Security Capabilities

More information

Windows8 Internals, Sixth Edition, Part 1

Windows8 Internals, Sixth Edition, Part 1 Microsoft Windows8 Internals, Sixth Edition, Part 1 Mark Russinovich David A. Solomon Alex lonescu Windows Internals, Sixth Edition, Part i Introduction xvii Chapter 1 Concepts and Tools 1 Windows Operating

More information

Windows servers. NT networks

Windows servers. NT networks Windows servers The NT security model NT networks Networked NT machines can be: Primary Domain controller Centralizes user database/authentication Backup Domain controller Domain member Non-domain member

More information

Security Options... 1

Security Options... 1 Effective Server Security Options Period: Last 20 week(s) Generated: For: Brian Bartlett bbartlett@ecora.com By: Ecora Auditor Professional 4.5 - Windows Module 4.5.8010.20310 Using: Customized FFR Definition

More information

Belarc Advisor Security Benchmark Summary

Belarc Advisor Security Benchmark Summary Page 1 of 5 The license associated with the Belarc Advisor product allows for free personal use only. Use on multiple computers in a corporate, educational, military or government installation is prohibited.

More information

About Microsoft Windows Server 2003

About Microsoft Windows Server 2003 About Microsoft Windows Server 003 Windows Server 003 (WinK3) requires extensive provisioning to meet both industry best practices and regulatory compliance. By default the Windows Server operating system

More information

BMC Performance Manager Windows Security White Paper DCOM / WMI

BMC Performance Manager Windows Security White Paper DCOM / WMI BMC Performance Manager Windows Security White Paper DCOM / WMI Problem The IT department delivers user IT services to their internal and external customers. The IT department wants to maintain control

More information

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term

More information

Windows Advanced Audit Policy Configuration

Windows Advanced Audit Policy Configuration Windows Advanced Audit Policy Configuration EventTracker v7.x Publication Date: May 6, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This document describes auditing

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

T21: Microsoft Windows Server and Client Security Donald E. Hester, Maze Associates

T21: Microsoft Windows Server and Client Security Donald E. Hester, Maze Associates T21: Microsoft Windows Server and Client Security Donald E. Hester, Maze Associates Microsoft Windows Server and Client Security Windows 7, Vista and Server 2008 R2 Donald E. Hester CISSP, CISA, CAP, MCT,

More information

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes

More information

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10 Table Of Contents - - WINDOWS SERVER 2003 MAINTAINING AND MANAGING ENVIRONMENT...1 WINDOWS SERVER 2003 IMPLEMENTING, MANAGING & MAINTAINING...6 WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

WINDOWS 2000 Training Division, NIC

WINDOWS 2000 Training Division, NIC WINDOWS 2000 Active TE Directory Services WINDOWS 2000 Training Division, NIC Active Directory Stores information about objects on the network and makes this information easy for administrators and users

More information

CIS 551 / TCOM 401 Computer and Network Security

CIS 551 / TCOM 401 Computer and Network Security CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 3 1/18/07 CIS/TCOM 551 1 Announcements Email project groups to Jeff (vaughan2 AT seas.upenn.edu) by Jan. 25 Start your projects early!

More information

84-01-31 Windows NT Server Operating System Security Features Carol A. Siegel Payoff

84-01-31 Windows NT Server Operating System Security Features Carol A. Siegel Payoff 84-01-31 Windows NT Server Operating System Security Features Carol A. Siegel Payoff This article is designed to provide security administrators with a security checklist for going live with Windows NT.

More information

ADMINISTERING WINDOWS VISTA SECURITY: THE BIG SURPRISES

ADMINISTERING WINDOWS VISTA SECURITY: THE BIG SURPRISES ADMINISTERING WINDOWS VISTA SECURITY: THE BIG SURPRISES Introduction. Chapter 1 Administering Vista Security: The Little Surprises. Restoring the Administrator. Making Your Own Administrator. Activating

More information

How to monitor AD security with MOM

How to monitor AD security with MOM How to monitor AD security with MOM A article about monitor Active Directory security with Microsoft Operations Manager 2005 Anders Bengtsson, MCSE http://www.momresources.org November 2006 (1) Table of

More information

70-685: Enterprise Desktop Support Technician

70-685: Enterprise Desktop Support Technician 70-685: Enterprise Desktop Support Technician Course Introduction Course Introduction Chapter 01 - Identifying Cause and Resolving Desktop Application Issues Identifying Cause and Resolving Desktop Application

More information

Objectives. At the end of this chapter students should be able to:

Objectives. At the end of this chapter students should be able to: NTFS PERMISSIONS AND SECURITY SETTING.1 Introduction to NTFS Permissions.1.1 File Permissions and Folder Permission.2 Assigning NTFS Permissions and Special Permission.2.1 Planning NTFS Permissions.2.2

More information

How the Active Directory Installation Wizard Works

How the Active Directory Installation Wizard Works How the Active Directory Installation Wizard Works - Directory Services: Windows Serv... Page 1 of 18 How the Active Directory Installation Wizard Works In this section Active Directory Installation Wizard

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Windows 7, Enterprise Desktop Support Technician Course Number: 70-685 Certification Exam This course is preparation for the Microsoft Certified IT Professional (MCITP) Exam, Exam 70-685: Pro: Windows

More information

Objectives I. IY5512 Computer Security. Agenda. Objectives II. Chris Mitchell. Final part of the course covers:

Objectives I. IY5512 Computer Security. Agenda. Objectives II. Chris Mitchell. Final part of the course covers: Objectives I IY5512 Computer Security Part 7b: Windows security Chris Mitchell me@chrismitchell.net http://www.chrismitchell.net Final part of the course covers: basic security features of Windows; uses

More information

(Advanced Topics in) Operating Systems Winter Term 2009 / 2010. Jun.-Prof. Dr.-Ing. André Brinkmann brinkman@upb.de Universität Paderborn PC

(Advanced Topics in) Operating Systems Winter Term 2009 / 2010. Jun.-Prof. Dr.-Ing. André Brinkmann brinkman@upb.de Universität Paderborn PC (Advanced Topics in) Operating Systems Winter Term 2009 / 2010 Jun.-Prof. Dr.-Ing. André Brinkmann brinkman@upb.de Universität Paderborn PC 1 Overview Overview of chapter 3: Case Studies 3.1 Windows Architecture.....3

More information

Defense Security Service Office of the Designated Approving Authority

Defense Security Service Office of the Designated Approving Authority Defense Security Service Office of the Designated Approving Authority Baseline Technical Security Configuration of Microsoft Windows 7 and Microsoft Server 2008 R2 Version 1.0 Title Page Document Name:

More information

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12 Course Page - Page 1 of 12 Windows 7 Enterprise Desktop Support Technician M-50331 Length: 5 days Price: $2,795.00 Course Description This five-day instructor-led course provides students with the knowledge

More information

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG Role based Administration Abstract In this article I will show you how

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse

More information

OPERATING. William Stallings

OPERATING. William Stallings THE WINDOWS OPERATING S YSTEM William Stallings This document is an extract from Operating Systems: Internals and Design Principles, Fifth Edition Prentice Hall, 2005, ISBN 0-13-147954-7 Copyright 2005

More information

ILTA HANDS ON Securing Windows 7

ILTA HANDS ON Securing Windows 7 Securing Windows 7 8/23/2011 Table of Contents About this lab... 3 About the Laboratory Environment... 4 Lab 1: Restricting Users... 5 Exercise 1. Verify the default rights of users... 5 Exercise 2. Adding

More information

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

More information

Chapter 15 Windows Operating Systems

Chapter 15 Windows Operating Systems Understanding Operating Systems, Fifth Edition 15-1 Chapter 15 Windows Operating Systems At a Glance Instructor s Manual Table of Contents Overview Objectives s Quick Quizzes Class Discussion Topics Additional

More information

Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server 2003, Windows XR and Windows 2000

Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server 2003, Windows XR and Windows 2000 Microsoft* Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server 2003, Windows XR and Windows 2000 Mark E. Russinovich David A. Solomon Historical Perspective Foreword Acknowledgments Introduction

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Managing a Microsoft Windows Server 2003 Environment

Managing a Microsoft Windows Server 2003 Environment Managing a Microsoft Windows Server 2003 Environment Course number: 2274C Course lenght: 5 days Course Outline Module 1: Introduction to Administering Accounts and Resources This module explains how to

More information

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication

More information

BM482E Introduction to Computer Security

BM482E Introduction to Computer Security BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based

More information

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server Inhalte Teil 01 Network Architecture Standards Network Components and Terminology Network Architecture Network Media Access Control Methods

More information

"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary

Charting the Course... ... to Your Success! MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test

More information

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4

More information

Windows" 7 Desktop Support

Windows 7 Desktop Support Windows" 7 Desktop Support and Administration Real World Skills for MCITP Certification and Beyond Darril Gibson WILEY Wiley Publishing, Inc. Contents Introduction xxiii Chapter 1 Planning for the Installation

More information

Windows 7 Security Overview

Windows 7 Security Overview Windows 7 Security: To Protect and Serve Matthew Hartel Application Analyst White and Williams LLP hartelm@whiteandwilliams.com Tel: 215-864-7485 J. Abernethy Practice Manager Legal Applications mindshift

More information

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 Domain Controllers Version: 3.0.0 Symantec Enterprise Security Manager Baseline Policy Manual for

More information

NNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v2-1-0-2

NNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v2-1-0-2 NNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v2-1-0-2: NNTDC01 On NNTDC01 - By admin for time period 5/23/2014 8:49:51 AM to 5/23/2014 8:49:51 AM NNT CIS Microsoft Windows Server

More information

Securing Active Directory Presented by Michael Ivy

Securing Active Directory Presented by Michael Ivy Securing Active Directory Presented by Michael Ivy Presenter: Michael Ivy Consultant, Rook Security Michael Ivy Thank you for being here today August 20, 2014 Brief Overview Securing NTDS and Replication

More information

Networking Best Practices Guide. Version 6.5

Networking Best Practices Guide. Version 6.5 Networking Best Practices Guide Version 6.5 Summer 2010 Copyright: 2010, CCH, a Wolters Kluwer business. All rights reserved. Material in this publication may not be reproduced or transmitted in any form

More information

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment Summary Duration Vendor Audience 5 Days Microsoft IT Professionals Published Level Technology 05 October 2005 200 Microsoft

More information

Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer The (MBSA) checks computers running Microsoft Windows Server 2008 R2 for common security misconfigurations. The following are the scanning options selected for Cisco Unified ICM Real-Time Distributor running

More information

MarkMlnasi Byron Hynes

MarkMlnasi Byron Hynes A ul ^HP &1 ^n* JÜ& MarkMlnasi Byron Hynes i 1 8 O 7,^ j Wiley Publishing, Inc. Mark Minasi U Windows Administrator X. Library Table of Contents Introduction Chapter 1 Administering Vista Security: The

More information

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network 70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites

More information

Guide to deploy MyUSBOnly via Windows Logon Script Revision 1.1. Menu

Guide to deploy MyUSBOnly via Windows Logon Script Revision 1.1. Menu Menu INTRODUCTION...2 HOW DO I DEPLOY MYUSBONLY ON ALL OF MY COMPUTERS...3 ADMIN KIT...4 HOW TO SETUP A LOGON SCRIPTS...5 Why would I choose one method over another?...5 Can I use both methods to assign

More information

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed. CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! 50331 - Windows 7, Enterprise Desktop Support Technician Duration: 5 days About this Course This five-day

More information

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015 Metalogix SharePoint Backup Publication Date: August 24, 2015 All Rights Reserved. This software is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this

More information

MCSA Security + Certification Program

MCSA Security + Certification Program MCSA Security + Certification Program 12 credit hours 270 hours to complete certifications Tuition: $4500 Information technology positions are high-demand occupations that support virtually all industries.

More information

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified

More information

MCSE 2003. Core exams (Networking) One Client OS Exam. Core Exams (6 Exams Required)

MCSE 2003. Core exams (Networking) One Client OS Exam. Core Exams (6 Exams Required) MCSE 2003 Microsoft Certified Systems Engineer (MCSE) candidates on the Microsoft Windows Server 2003 track are required to satisfy the following requirements: Core Exams (6 Exams Required) Four networking

More information

Microsoft Virtual Labs. Active Directory New User Interface

Microsoft Virtual Labs. Active Directory New User Interface Microsoft Virtual Labs Active Directory New User Interface 2 Active Directory New User Interface Table of Contents Active Directory New User Interface... 3 Exercise 1 User Management and Saved Queries...4

More information

Setting Up, Managing, and Troubleshooting Security Accounts and Policies

Setting Up, Managing, and Troubleshooting Security Accounts and Policies 3 Setting Up, Managing, and Troubleshooting Security Accounts and Policies............................................... Terms you ll need to understand: Local user account Local group Complex password

More information

SQL Server Hardening

SQL Server Hardening Considerations, page 1 SQL Server 2008 R2 Security Considerations, page 4 Considerations Top SQL Hardening Considerations Top SQL Hardening considerations: 1 Do not install SQL Server on an Active Directory

More information

nitrobit group policy

nitrobit group policy nitrobit group policy Administrator's Guide 2010 analytiq consulting gmbh. All rights reserved. Page 2 nitrobit group policy Administrator's Guide Content I. Introduction...4 Overview...4 Components of

More information

Managing and Maintaining a Microsoft Windows Server 2003 Environment

Managing and Maintaining a Microsoft Windows Server 2003 Environment Managing and Maintaining a Microsoft Windows Server 2003 Environment Course 2273: Five days; Blended (classroom/e-learning) Introduction Elements of this syllabus are subject to change. This course combines

More information

Managing Local Administrator Passwords with LAPS 10/14/2015 PENN STATE SECURITY CONFERENCE

Managing Local Administrator Passwords with LAPS 10/14/2015 PENN STATE SECURITY CONFERENCE Managing Local Administrator Passwords with LAPS 2015 PENN STATE SECURITY CONFERENCE DAN BARR DRB45@PSU.EDU SYSTEMS ADMINISTRATOR, APPLIED RESEARCH LABORATORY The Shared Password Threat Shared passwords

More information

MCSE TestPrep: Windows NT Server 4, Second Edition - 3 - Managing Resources

MCSE TestPrep: Windows NT Server 4, Second Edition - 3 - Managing Resources MCSE TestPrep: Windows NT Server 4, Second Edition - CH 3 - Managing Resources Page 1 of 36 [Figures are not included in this sample chapter] MCSE TestPrep: Windows NT Server 4, Second Edition - 3 - Managing

More information

Websense Support Webinar: Questions and Answers

Websense Support Webinar: Questions and Answers Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user

More information

Windows IIS Server hardening checklist

Windows IIS Server hardening checklist General Windows IIS Server hardening checklist By Michael Cobb Do not connect an IIS Server to the Internet until it is fully hardened. Place the server in a physically secure location. Do not install

More information

The Institute of Internal Auditors Detroit Chapter Presents

The Institute of Internal Auditors Detroit Chapter Presents 1 The Institute of Internal Auditors Detroit Chapter Presents 1 MOST Suitable for all categories business and personal presentation 3 If You Have Questions If you have questions during the webcast: If

More information

Quick Start Guide for Parallels Virtuozzo

Quick Start Guide for Parallels Virtuozzo PROPALMS VDI Version 2.1 Quick Start Guide for Parallels Virtuozzo Rev. 1.1 Published: JULY-2011 1999-2011 Propalms Ltd. All rights reserved. The information contained in this document represents the current

More information

1DV416 Windowsadministration I, 7.5hp MODULE 3 ACTIVE DIRECTORY PART 2

1DV416 Windowsadministration I, 7.5hp MODULE 3 ACTIVE DIRECTORY PART 2 1DV416 Windowsadministration I, 7.5hp MODULE 3 ACTIVE DIRECTORY PART 2 2013-12- 10 2013 Jacob Lindehoff 2 Lecture content Today's lecture Active Directory Installation Joining the domain Centralized user

More information

CSE331: Introduction to Networks and Security. Lecture 34 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 34 Fall 2006 CSE331: Introduction to Networks and Security Lecture 34 Fall 2006 Announcements Problem with Crypto.java Look for a new Crypto.java file later today Project 4 is due Dec. 8th at midnight. Homework 3 is

More information

Microsoft Solutions for Security and Compliance. Windows Server 2003 Security Guide

Microsoft Solutions for Security and Compliance. Windows Server 2003 Security Guide Microsoft Solutions for Security and Compliance Windows Server 2003 Security Guide 2006 Microsoft Corporation. This work is licensed under the Creative Commons Attribution-Non Commercial License. To view

More information

Walton Centre. Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure

Walton Centre. Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure Page 1 Walton Centre Access and Authentication (network) Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure Page 2 Table of Contents Section

More information

PLANNING AND DESIGNING GROUP POLICY, PART 1

PLANNING AND DESIGNING GROUP POLICY, PART 1 84-02-06 DATA SECURITY MANAGEMENT PLANNING AND DESIGNING GROUP POLICY, PART 1 Melissa Yon INSIDE What Is Group Policy?; Software Settings; Windows Settings; Administrative Templates; Requirements for Group

More information

Courseware Samples Complete Training Courses available for FREE preview

Courseware Samples Complete Training Courses available for FREE preview Courseware Samples Complete Training Courses available for FREE preview PREVIEW - Cheltenham Computer Training 1998 PLEASE SHOW THIS SAMPLE TO YOUR DEPARTMENT OUR COURSEWARE COULD SAVE THEM A LOT OF TIME

More information

CIS 551 / TCOM 401 Computer and Network Security. Spring 2005 Lecture 4

CIS 551 / TCOM 401 Computer and Network Security. Spring 2005 Lecture 4 CIS 551 / TCOM 401 Computer and Network Security Spring 2005 Lecture 4 Access Control: The Big Picture Objects - resources being protected E.g. files, devices, etc. Subjects - active entities E.g. processes,

More information

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Ch 7 - Security 1 Confidentiality and privacy: Protect

More information

[MS-GPAC]: Group Policy: Audit Configuration Extension

[MS-GPAC]: Group Policy: Audit Configuration Extension [MS-GPAC]: Group Policy: Audit Configuration Extension Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Security IIS Service Lesson 6

Security IIS Service Lesson 6 Security IIS Service Lesson 6 Skills Matrix Technology Skill Objective Domain Objective # Configuring Certificates Configure SSL security 3.6 Assigning Standard and Special NTFS Permissions Enabling and

More information

File Services. File Services at a Glance

File Services. File Services at a Glance File Services High-performance workgroup and Internet file sharing for Mac, Windows, and Linux clients. Features Native file services for Mac, Windows, and Linux clients Comprehensive file services using

More information

Agency Pre Migration Tasks

Agency Pre Migration Tasks Agency Pre Migration Tasks This document is to be provided to the agency and will be reviewed during the Migration Technical Kickoff meeting between the ICS Technical Team and the agency. Network: Required

More information

Windows Internals, Fifth Edition

Windows Internals, Fifth Edition Windows Internals, Fifth Edition Mark E. Russinovich David A. Solomon with Alex lonescu Foreword xix Acknowledgments " xxi Introduction xxiii 1 Concepts and Tools 1 Windows Operating System Versions 1

More information

Objectif. Participant. Prérequis. Remarque. Programme. Windows 7, Enterprise Desktop Support Technician (seven)

Objectif. Participant. Prérequis. Remarque. Programme. Windows 7, Enterprise Desktop Support Technician (seven) Objectif This five-day instructor-ledcourse provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help

More information

Windows 2000/Active Directory Security

Windows 2000/Active Directory Security Information Systems Audit & Control Association Windows 2000/Active Directory Security Presented by: Deloitte & Touche Raj Mehta CPA, CITP, CISA, CISSP Denis Tiouttchev CIA, CISA, CISSP August 21, 2003

More information

MSRPC NULL sessions. Exploitation and protection. Jean-Baptiste Marchand

MSRPC NULL sessions. Exploitation and protection. Jean-Baptiste Marchand <Jean-Baptiste.Marchand@hsc.fr> MSRPC NULL sessions Exploitation and protection Jean-Baptiste Marchand Jean-Baptiste Marchand Agenda - 2 - Introduction to NULL sessions NULL sessions internals Tools to

More information

ICT Professional Optional Programmes

ICT Professional Optional Programmes ICT Professional Optional Programmes Skills Team are a Microsoft Academy with new training rooms and IT labs in our purpose built training centre in Ealing, West London. We offer a range of year-long qualifications

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

Configuring and Administering Windows 7

Configuring and Administering Windows 7 Configuring and Administering Windows 7 Length: 5 days Overview This five-day instructor-led course provides students with the knowledge and skills to configure and administer Microsoft Windows 7 as a

More information

Installation Notes for Outpost Network Security (ONS) version 3.2

Installation Notes for Outpost Network Security (ONS) version 3.2 Outpost Network Security Installation Notes version 3.2 Page 1 Installation Notes for Outpost Network Security (ONS) version 3.2 Contents Installation Notes for Outpost Network Security (ONS) version 3.2...

More information

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM)

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM) Kepware Technologies Remote OPC DA Quick Start Guide (DCOM) March, 2013 Ref. 03.10 Kepware Technologies Table of Contents 1. Overview... 1 1.1 What is DCOM?... 1 1.2 What is OPCEnum?... 1 2. Users and

More information