MCSA Guide to Administering Microsoft Windows Server 2012/R2, Exam Chapter 8 User and Service Account Configuration

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "MCSA Guide to Administering Microsoft Windows Server 2012/R2, Exam Chapter 8 User and Service Account Configuration"

Transcription

1 MCSA Guide to Administering Microsoft Windows Server 2012/R2, Exam Chapter 8 User and Service Account Configuration

2 Objectives Configure user accounts and group policies Configure account policies Create password settings objects Work with service accounts 2012/R2, Exam

3 Overview of User Accounts and Group Policies User accounts have two main functions: Provide a method for user authentication to the network Provide detailed information about a user On local computers, user accounts are stored in the Security Accounts Manager (SAM ) database A network running Active Directory should limit the use of local user accounts on client computers User accounts created in Active Directory are referred to as domain user accounts 3

4 Creating and Modifying User Accounts User accounts can be created with GUI tools: Active Directory Users and Computers (ADUC) and Active Directory Administrative Center (ADAC) User accounts can also be created with commandline tools, such as dsadd and the PowerShell cmdlet New-ADUser When creating accounts keep the following in mind: A user account must have a unique logon name throughout the domain User account names are NOT case sensitive and can be from 1 to 20 characters 4

5 Creating and Modifying User Accounts When creating accounts keep the following in mind (cont d): Devise a naming standard for user accounts By default, a complex password is required and passwords ARE case sensitive By default, only a logon name is required to create a user account 5

6 Creating and Configuring Group Policies GPO - a list of settings administrators use to configure user and computer operating environments remotely GPO scope - defines which objects a GPO affects When AD is installed, two GPOs are created and linked to two containers: Default Domain Policy - lined to the domain object and specifies default settings for all users and computers in the domain Default Domain Controllers Policy - linked to the Domain Controllers OU and specifies default policy settings for all domain controllers in the domain 6

7 Creating and Configuring Group Policies You view, create, and manage GPOs by using the Group Policy Management console (GPMC) Each GPO has two main nodes in GPMC: Computer Configuration - used to set policies that apply to computers in the GPO s scope User Configuration - used to set policies that apply to all users in the GPO s scope You can initiate a group policy update for both users and computers by entering gpupdate at a command prompt 7

8 Creating and Configuring Group Policies Figure 8-1 The Group Policy Management console 8

9 Configuring Account Policies Account policies control settings related to user authentication and logon They are found in a GPO in the path Computer Configuration, Policies, Windows Settings, Security Settings, Account Policies Account policies are effective only if the GPO where they are configured is linked to the domain If you configure account policies on a GPO and link it to an OU, these policies don t affect domain users 9

10 Configuring Account Policies There are three subnodes under Account Policies Password Policy - contains the policies that control password properties Account Lockout Policy - contains the policies that control user account lockout (if a user account is locked, the user can t log on until the account is unlocked) Kerberos Policy - administrators can use these policies to fine-tune parameters for Kerberos and deal mostly with the length of time Kerberos authentication tickets are active 10

11 Configuring Account Policies Figure 8-2 Account policies configured in the Default Domain Policy GPO 11

12 Local Account Policies Account policies set in GPOs linked to OUs take precedence over policies set at the domain level Unless the GPO linked to the domain has the Enforced setting enabled Polices that aren t defined in a GPO linked to an OU use the policy setting defined in the domainlinked GPO If a policy is defined in both, the OU-linked policy is used Account policies are set in the Local Security Policy MMC on non-domain member computers 12

13 Kerberos Policy Settings Kerberos - the authentication protocol used in a Windows domain environment to authenticate logons and grant accounts access to domain resources Kerberos provides mutual authentication between a client and server or between two servers Means the identity of both parties is verified Kerberos uses shared key encryption to ensure privacy and passwords are never sent across the network 13

14 Kerberos Policy Settings Kerberos uses the following components: Key Distribution Center - every domain controller (DC) is a KDC, which uses the AD database to store keys Ticket-granting tickets - when an account successfully authenticates with a DC/KDC, it s issued a ticket-granting ticket (TGT), which grants access to the DC and is used to request a service ticket without having to authenticate again Service tickets - a service ticket is requested by an account when it wants to access a network resource 14

15 Kerberos Policy Settings Kerberos uses the following components (cont d): Timestamps - a timestamp is a record of the time a message is sent and are used in Kerberos to determine a message s validity and prevent replay attacks A replay attack occurs when an attacker captures a stream of packets transmitted between two computers and later replays the packets to one of the computers 15

16 Kerberos Policy Settings Kerberos policy settings: Enforce user logon restrictions - if this setting is enabled, the KDC validates every request for service tickets against the rights granted to the requesting account Maximum lifetime for service ticket - specifies how long a service ticket can be used before a new ticket must be requested to access the resource the ticket was granted for Maximum lifetime for user ticket - the maximum amount of time a TGT can be used before it must be renewed 16

17 Kerberos Policy Settings Kerberos policy settings: Maximum lifetime for user ticket renewal - the maximum period during which a TGT can be renewed (the default setting is 7 days) Maximum tolerance for computer clock synchronization - determines the maximum time difference allowed between a Kerberos message timestamp and the receiving computer s current time 17

18 Configuring Password Settings Objects Password settings object (PSO) - enables an administrator to configure password settings for users or groups that are different from those defined in a GPO linked to the domain Also referred to as fine-grained password policies PSOs have the effect of overriding account policies set at the domain level, but they aren t configured like a GPO and linked to an OU or domain PSOs are special objects that are assigned to users or groups 18

19 Creating and Configuring a PSO PSOs are created with AD Administrative Center (ADAC), ADSI Edit, or PowerShell cmdlets Using ADAC is the newest and most convenient method With PSOs, you can specify any settings under the Password Policy and Account Lockout Policy nodes but not the Kerberos Policy node If more than one PSO applies to a user, the PSO with the highest precedence value is applied to that user 19

20 Creating and Configuring a PSO Basic steps for creating and using a PSO: 1. Open ADAC, expand the domain node. Doubleclick System, and then double-click Password Settings Container. In the Tasks pane, click New, and then click Password Settings 2. In the Create Password Settings dialog box, give the PSO a name and precedence 3. Configure password and account lockout policy settings 4. Assign the PSO to one or more users or groups 20

21 Service Accounts Service account - a user account that Windows services use to log on to a computer or domain with a specific set of rights and permissions A service needs to log on with a service account if it runs in the background because a user doesn t start it In the past, two types of accounts have been used as service accounts: built-in and administrator created The OS manages the password for built-in service accounts automatically 21

22 Service Accounts An administrator can create a regular user account for use by a service (administrator-created) and manage rights and permissions Managed service account (MSA) - enables administrators to manage rights and permissions for services but with automatic password management Group managed service account (gmsa) - provides the same functions as an MSA but can be managed across multiple servers 22

23 Working with Service Accounts Three built-in service accounts: Local Service - intended for services and background applications that need few rights and privileges Network Service - intended for services that need local and network access Local System - this account should be used with caution because it has privileges that are in some ways more extensive than the Administrator account when accessing local resources 23

24 Working with Service Accounts Figure 8-8 Viewing the Log On As setting in the Services MMC 24

25 Using Administrator-Created Service Accounts By using an administrator-created user account, you can assign only the rights and permissions the service needs to run correctly Guidelines to keep in mind when you use a regular user account as a service account: Assign only the rights and permissions the service needs Use a very complex password Remove the account from the Users or Domain Users group it if doesn t need that group s rights and permissions 25

26 Using Administrator-Created Service Accounts Guidelines to keep in mind when you use a regular user account as a service account (cont d): Set the password to never expire Never use the account to log on interactively Use one account per service To configure a service with a logon account, open the Services MMC, double-click the service, and click the Log On tab You must enter and confirm the password, and then Windows automatically assigns the Log On As A Service right 26

27 Using Administrator-Created Service Accounts Figure 8-9 Configuring a service with a user account 27

28 Service Principal Names Service principal name (SPN) - a name that uniquely identifies a service instance to a client Each service must have a unique SPN and an SPN is required for Kerberos authentication An SPN consists of the following elements: Service type Instance name Port number Service name The service name can be omitted if it s the same as the instance name 28

29 Service Principal Names The SPN is specified with the following syntax: Service type/instance name:port number/service name If you are using user accounts rather than managed service account, you might need to manage SPNs, but in most cases they re created automatically If you need to change an SPN, use the setspn.exe command 29

30 Working with Managed Service Account An MSA has the following attributes: Has a system-managed password Has automatic SPN support Is tied to a specific computer Can be assigned rights and permissions Can t be used for interactive logon Can t be locked out 30

31 Working with Managed Service Account The requirements for using an MSA include the following: It must be created in an Active Directory domain The computer on which the MSA is used must be Windows 2008 R2 or Windows 7 or later The AD module for PowerShell must be installed For automatic SPN support, you must be using a domain functional level of Windows Server 2008 R2 or later 31

32 Working with Managed Service Account You create and manage MSAs with PowerShell Follow these steps to use MSAs: 1. Create an MSA in Active Directory in the Managed Service Accounts folder. To create an MSA named LDAPsvc, use the following cmdlet on a DC: New-ADServiceAccount -Name LDAPsvc 2. To allow a computer named ldsserv1 to use the service account, type: Add-ADAComputerServiceAccount -Identity ldsserv1 -ServiceAccount LDAPsvc 32

33 Working with Managed Service Account Follow these steps to use MSAs (cont d): 3. Install the MSA on the target computer by using the following cmdlet on the computer running the service: Install -ADServiceAccount -Identity LDAPsvc 4. On the computer running the service, open the Services MMC, open the service s properties, and click the Log On tab. Specify the name of the account in the format domain\msaname. Clear the password fields and then stop and start the service 33

34 Working with Managed Service Account Other MSA-related PowerShell cmdlets: Set-ADServiceAccount Get-ADServiceAccount Remove-ADServiceAccount Reset-ADServiceAccountPassword UninstallADServiceAccount Test-ADServiceAccount 34

35 Working with Group Managed Service Accounts Managed service accounts can be used only on a single server If a service is running on multiple servers, you can use a group managed service account (gmsa) gmsas can be used only on computers running Windows Server 2012 or later with a domain functional level of Windows Server 2012 Created in a similar way as regular MSAs, only you must use an additional option to specify which servers can use the account 35

36 Working with Group Managed Service Accounts To create a gmsa named LDAPsvc that s available to ldsserv1, ldsserv2, ldsserv3 (all members of the ldsservers global group), use the following cmdlet: New-ADServiceAccount -Name LDAPsvc - PrincipalsAllowedToRetrieveManagedPasswo rd ldsservers After the account is created, you need to go to each server using the account and run the Install-ADServiceAccount cmdlet, using the same syntax described earlier 36

37 Virtual Accounts Virtual accounts - the simplest service accounts to use You don t need to create, delete, or manage them in any way Microsoft refers to them as managed local accounts To use them, configure the service to log on as NT Service\ServiceName with no password Virtual accounts access the network with the credentials of the computer account where they re used 37

38 Virtual Accounts Figure 8-10 Configuring a service to use a virtual account 38

39 Kerberos Delegation Kerberos delegation - a feature of the Kerberos authentication protocol that allows a server to impersonate a client Relieving the client from having to authenticate to more than one service If a client has authenticated to a service successfully, the service can use the user s credentials to authenticate to another service on the client s behalf 39

40 Kerberos Delegation Kerberos delegation is available when you use a domain account as a service account and the account has been assigned an SPN The Delegation tab is added to the account s Properties dialog box and has three main options: Do not trust this user for delegation Trust this user for delegation to any service (Kerberos only) Trust this user for delegation to specified services only 40

41 Kerberos Delegation Figure 8-11 The Delegation tab for a service account 41

42 Kerberos Delegation Constrained delegation - a type of delegation that limits the delegation to specific services running on specific computers The third option on the Delegation tab is called constrained delegation Kerberos delegation relieves administrators of having to find a way for users to authenticate to servers that might not be directly accessible to them 42

43 Summary User accounts have two main functions: providing a method for user authentication to the network and providing detailed information about a user User accounts can be created with GUI tools, such as Active Directory Users and Computers and Active Directory Administrative Center, and with commandline tools, such as dsadd and the PowerShell cmdlet New-ADUser A GPO is a list of settings administrators use to configure user and computer operating environments remotely 2012/R2, Exam

44 Summary Account policies control settings related to user authentication and logon Account policies set in GPOs linked to an OU containing computer accounts affect only local user accounts defined in the computer s SAM database Kerberos is the authentication protocol used in a Windows domain environment to authenticate logons and grant accounts access to domain resources A password settings object enables an administrator to configure password settings for users or groups that are different from those defined in a GPO linked to the domain 2012/R2, Exam

45 Summary A service account is a user account that Windows services use to log on with a specific set of rights and permissions A managed service account enables administrators to manage rights and permissions for services with automatic password management A service principal name is a name that uniquely identifies a service instance to a client Kerberos delegation allows a service to impersonate a client, relieving them from having to authenticate to more than one service 2012/R2, Exam

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 Domain Controllers Version: 3.0.0 Symantec Enterprise Security Manager Baseline Policy Manual for

More information

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers)

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers) Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 (Domain Member Servers and Domain Controllers) Symantec Enterprise Security Manager Baseline Policy

More information

Create, Link, or Edit a GPO with Active Directory Users and Computers

Create, Link, or Edit a GPO with Active Directory Users and Computers How to Edit Local Computer Policy Settings To edit the local computer policy settings, you must be a local computer administrator or a member of the Domain Admins or Enterprise Admins groups. 1. Add the

More information

NetWrix Password Manager. Quick Start Guide

NetWrix Password Manager. Quick Start Guide NetWrix Password Manager Quick Start Guide Contents Overview... 3 Setup... 3 Deploying the Core Components... 3 System Requirements... 3 Installation... 4 Windows Server 2008 Notes... 4 Upgrade Path...

More information

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users SyAM Management Utilities and Non-Admin Domain Users Some features of SyAM Management Utilities, including Client Deployment and Third Party Software Deployment, require authentication credentials with

More information

Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations

Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations March 2009 Version 2.2 This page intentionally left blank. 2 1. Introduction...4

More information

Configure Single Sign On Access to Resource Servers

Configure Single Sign On Access to Resource Servers Kerberos? Kerberos /ˈkɛərbərəs/ is a computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one

More information

Smartcard Logon Overview

Smartcard Logon Overview etoken for Windows Smartcard Logon Lesson 9 April 2004 etoken Certification Course Smartcard Logon Overview Windows 2000/2003 Enterprise Server built-in feature Smartcard logon requires issuing a personal

More information

Installation Guide. . All right reserved. For more information about Specops Self Service Portal and other Specops products, visit

Installation Guide. . All right reserved. For more information about Specops Self Service Portal and other Specops products, visit . All right reserved. For more information about Specops Self Service Portal and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Self Service Portal is a trademark owned

More information

Windows Server 2008/2012 Server Hardening

Windows Server 2008/2012 Server Hardening Account Policies Enforce password history 24 Maximum Password Age - 42 days Minimum Password Age 2 days Minimum password length - 8 characters Password Complexity - Enable Store Password using Reversible

More information

Creating Organizational Units, Accounts, and Groups. Active Directory Users and Computers (ADUC) 21/05/2013

Creating Organizational Units, Accounts, and Groups. Active Directory Users and Computers (ADUC) 21/05/2013 Creating Organizational Units, Accounts, and Groups Tom Brett Active Directory Users and Computers (ADUC) Active Directory Users and Computers (ADUC) After installing AD DS, the next task is to create

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Number: 6425C Course Length: 5 Days Course Overview This five-day course provides in-depth training on implementing,

More information

Extending Microsoft Windows Active Directory Authentication to Access HP Service Health Reporter

Extending Microsoft Windows Active Directory Authentication to Access HP Service Health Reporter Technical White Paper Extending Microsoft Windows Active Directory Authentication to Access HP Service Health Reporter For the Windows Operation System Software Version 9.40 Table of Contents Introduction...

More information

Advanced Audit Policy Configurations for LT Auditor+ Reference Guide

Advanced Audit Policy Configurations for LT Auditor+ Reference Guide Advanced Audit Policy Configurations for LT Auditor+ Reference Guide Contents WINDOWS AUDIT POLICIES REQUIRED FOR LT AUDITOR+....3 ACTIVE DIRECTORY...3 Audit Policy for the Domain...3 Advanced Auditing

More information

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0 NetIQ Advanced Authentication Framework - Administrative Tools Installation Guide Version 5.1.0 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 NetIQ Advanced Authentication

More information

Windows Server 2012 Directory Partition Containers- A Walk Through

Windows Server 2012 Directory Partition Containers- A Walk Through Windows Server 2012 Directory Partition Containers- A Walk Through Introduction: Active Directory Users and Computers form a centralized management console to manage User objects, computer objects, Groups,

More information

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services Table of Contents Introduction Audience At Clinic Completion Prerequisites Microsoft Certified Professional Exams Student Materials

More information

70-640 R4: Configuring Windows Server 2008 Active Directory

70-640 R4: Configuring Windows Server 2008 Active Directory 70-640 R4: Configuring Windows Server 2008 Active Directory Course Introduction Course Introduction Chapter 01 - Installing the Active Directory Role Lesson: What is IDA? What is Active Directory Identity

More information

WORKING WITH COMPUTER ACCOUNTS

WORKING WITH COMPUTER ACCOUNTS 1 Chapter 8 WORKING WITH COMPUTER ACCOUNTS Chapter 8: WORKING WITH COMPUTER ACCOUNTS 2 CHAPTER OVERVIEW Describe the process of adding a computer to an Active Directory domain Create and manage computer

More information

Configuring Kerberos Authentication For Laserfiche Search Integration 8.2 For SharePoint White Paper

Configuring Kerberos Authentication For Laserfiche Search Integration 8.2 For SharePoint White Paper Configuring Kerberos Authentication For Laserfiche Search Integration 8.2 For SharePoint 2010 White Paper October 2011 2 Table of Contents About SharePoint Search Integration 8.2... 4 SPN Registration

More information

Deploying CTERA Agent via Microsoft Active Directory and Single Sign On. Cloud Attached Storage. September 2015 Version 5.0

Deploying CTERA Agent via Microsoft Active Directory and Single Sign On. Cloud Attached Storage. September 2015 Version 5.0 Deploying CTERA Agent via Microsoft Active Directory and Single Sign On Cloud Attached Storage September 2015 Version 5.0 Copyright 2009-2015 CTERA Networks Ltd. All rights reserved. No part of this document

More information

Technical documentation: SPECOPS PASSWORD POLICY

Technical documentation: SPECOPS PASSWORD POLICY Technical documentation: SPECOPS PASSWORD POLICY By Johan Eklund, Product Manager, April 2011 Table of Contents 1 Overview... 1 1.1 Group Based Policy... 1 1.2 Extended password requirements... 2 1.3 Components...

More information

6425C - Windows Server 2008 R2 Active Directory Domain Services

6425C - Windows Server 2008 R2 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Introduction This five-day instructor-led course provides in-depth training on configuring Active Directory Domain Services

More information

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority In this post we will see the steps for deploying the client certificate for windows computers. This post is a part of Deploy PKI Certificates for SCCM 2012 R2 Step by Step Guide. In the previous post we

More information

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: Chapter 10 Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: Implement and troubleshoot Group Policy. Create a Group Policy object (GPO). Link an existing GPO. Delegate administrative

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Details Course Outline Module 1: Introducing Active Directory Domain Services This module provides

More information

How-to: Single Sign-On

How-to: Single Sign-On How-to: Single Sign-On Document version: 1.02 nirva systems info@nirva-systems.com nirva-systems.com How-to: Single Sign-On - page 2 This document describes how to use the Single Sign-On (SSO) features

More information

Web Interface with Active Directory Federation Services Support Administrator s Guide

Web Interface with Active Directory Federation Services Support Administrator s Guide Web Interface with Active Directory Federation Services Support Administrator s Guide Web Interface with Active Directory Federation Services (ADFS) Support Citrix Presentation Server 4.0 for Windows Copyright

More information

Configuring Windows Server 2008 Active Directory

Configuring Windows Server 2008 Active Directory Configuring Windows Server 2008 Active Directory Course Number: 70-640 Certification Exam This course is preparation for the Microsoft Technical Specialist (TS) exam, Exam 70-640: TS: Windows Server 2008

More information

Your Question. Net Report Answer

Your Question. Net Report Answer Your Question Article: 00120 Question: How to Configure External Authentication for Net Report Web Portal Net Report Answer Introduction Security devices can be used to control access to network resources.

More information

Lab A: Deploying and Managing Software by Using Group Policy Answer Key

Lab A: Deploying and Managing Software by Using Group Policy Answer Key Lab A: Deploying and Managing Software by Using Group Policy Answer Key Exercise 1 Assigning Software This Answer Key provides the detailed steps for completing Lab A: Deploying and Managing Software by

More information

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION Version 1.1 / Last updated November 2012 INTRODUCTION The Cloud Link for Windows client software is packaged as an MSI (Microsoft Installer)

More information

NETWRIX PASSWORD MANAGER

NETWRIX PASSWORD MANAGER NETWRIX PASSWORD MANAGER ADMINISTRATOR S GUIDE Product Version: 6.1 February/2012 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Active Directory About this Course This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting (AD DS) in and R2 environments. It covers core

More information

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4

More information

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0 Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0 Microsoft Corporation Published: September 2009 Abstract This step-by-step guide describes a sample scenario for installing Microsoft

More information

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services www.etidaho.com (208) 327-0768 Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services 5 Days About this Course This five-day instructor-led course provides in-depth

More information

Web Application Container Server White Paper

Web Application Container Server White Paper Web Application Container Server White Paper Copyright 2009 SAP BusinessObjects. All rights reserved. SAP BusinessObjects and its logos, BusinessObjects, Crystal Reports, SAP BusinessObjects Rapid Mart,

More information

2. Using Notepad, create a file called c:\demote.txt containing the following information:

2. Using Notepad, create a file called c:\demote.txt containing the following information: Unit 4 Additional Projects Configuring the Local Computer Policy You need to prepare your test lab for your upcoming experiments. First, remove a child domain that you have configured. Then, configure

More information

EventTracker: Support to Non English Systems

EventTracker: Support to Non English Systems EventTracker: Support to Non English Systems Publication Date: April 25, 2012 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Introduction This document has been prepared to

More information

Kerberos Explained. Kerberos 101. By Mark Walla. Article from the May 2000 issue of Windows 2000 Advantage magazine

Kerberos Explained. Kerberos 101. By Mark Walla. Article from the May 2000 issue of Windows 2000 Advantage magazine Kerberos Explained By Mark Walla Article from the May 2000 issue of Windows 2000 Advantage magazine Although this article is billed as a primer to Kerberos authentication, it is a high technical review.

More information

Optimization in a Secure Windows Environment

Optimization in a Secure Windows Environment WHITE PAPER Optimization in a Secure Windows Environment A guide to the preparation, configuration and troubleshooting of Riverbed Steelhead appliances for Signed SMB and Encrypted MAPI September 2013

More information

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2 Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2 Last revised: November 12, 2014 Table of Contents Table of Contents... 2 I. Introduction... 4 A. ASP.NET Website... 4 B.

More information

NetIQ Advanced Authentication Framework. FIDO U2F Authentication Provider Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework. FIDO U2F Authentication Provider Installation Guide. Version 5.1.0 NetIQ Advanced Authentication Framework FIDO U2F Authentication Provider Installation Guide Version 5.1.0 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 System Requirements

More information

How to monitor AD security with MOM

How to monitor AD security with MOM How to monitor AD security with MOM A article about monitor Active Directory security with Microsoft Operations Manager 2005 Anders Bengtsson, MCSE http://www.momresources.org November 2006 (1) Table of

More information

Quality Management Consultancy

Quality Management Consultancy Microsoft Active Directory Domain Objectives:- Learn what s new and what s updated in Active Directory Domain Services Install, upgrade and configure Windows Server 2012 Domain Controllers Work with the

More information

How to Create a Delegated Administrator User Role / To create a Delegated Administrator user role Page 1

How to Create a Delegated Administrator User Role / To create a Delegated Administrator user role Page 1 Managing user roles in SCVMM How to Create a Delegated Administrator User Role... 2 To create a Delegated Administrator user role... 2 Managing User Roles... 3 Backing Up and Restoring the VMM Database...

More information

Domain Controller Failover When Using Active Directory

Domain Controller Failover When Using Active Directory Domain Controller Failover When Using Active Directory Domain Controller Failover When Using Active Directory published January 2002 NSI and Double-Take are registered trademarks of Network Specialists,

More information

Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting

Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting 1 Active Directory Overview SS4200-E Active Directory is based on the Samba 3 implementation The SS4200-E will function

More information

ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days

ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days Introduction This five-day instructor-led course provides in-depth training

More information

Administration Guide. . All right reserved. For more information about Specops Gpupdate and other Specops products, visit www.specopssoft.

Administration Guide. . All right reserved. For more information about Specops Gpupdate and other Specops products, visit www.specopssoft. . All right reserved. For more information about Specops Gpupdate and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Gpupdate is a trademark owned by Specops Software.

More information

The Zenoss Enablement Series:

The Zenoss Enablement Series: The Zenoss Enablement Series: MONITORING WINDOWS SERVERS WITH MICROSOFT WINDOWS ZENPACK AND WINRM Document Version P4 Zenoss, Inc. www.zenoss.com Zenoss, Inc. Copyright 2014 Zenoss, Inc., 11305 Four Points

More information

Windows Server Update Services 3.0 SP2 Step By Step Guide

Windows Server Update Services 3.0 SP2 Step By Step Guide Windows Server Update Services 3.0 SP2 Step By Step Guide Microsoft Corporation Author: Anita Taylor Editor: Theresa Haynie Abstract This guide provides detailed instructions for installing Windows Server

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services 6425 - Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Duration: 5 days Course Price: $2,975 Software Assurance Eligible Course Description Microsoft Windows Server

More information

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Domain Services Summary Duration Vendor Audience 5 Days Microsoft IT Professionals Published Level Technology 02 June 2011 200 Windows

More information

Administration Guide. . All right reserved. For more information about Specops Password Policy and other Specops products, visit

Administration Guide. . All right reserved. For more information about Specops Password Policy and other Specops products, visit . All right reserved. For more information about Specops Password Policy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Password Policy is a trademark owned by Specops

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425 Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425 Course Outline Module 1: Introducing Active Directory Domain Services This module provides an overview of Active Directory

More information

Threats and Countermeasures Guide: Security Settings in Windows 7 and Windows Server 2008 R2

Threats and Countermeasures Guide: Security Settings in Windows 7 and Windows Server 2008 R2 Threats and Countermeasures Guide: Security Settings in Windows 7 and Windows Server 2008 R2 Microsoft Corporation Published: May 2011 Authors: Starr Andersen, Greg Marshall, Eric Mitchell, Roland Winkler

More information

Password Reset Server Installation Guide

Password Reset Server Installation Guide Table of Contents Introduction... 2 ASP.NET Website... 2 SQL Server Database... 2 Administrative Access... 2 Prerequisites... 2 System Requirements... 2 Domain Account Requirements... 3 Additional Recommendations...

More information

Using LDAP Authentication in a PowerCenter Domain

Using LDAP Authentication in a PowerCenter Domain Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,

More information

Installing, Configuring, and Managing a Microsoft Active Directory

Installing, Configuring, and Managing a Microsoft Active Directory Installing, Configuring, and Managing a Microsoft Active Directory Course Outline Part 1: Configuring and Managing Active Directory Domain Services Installing Active Directory Domain Services Managing

More information

See below for an introduction to Quest Defender, and then follow the step-by-step instructions to experience each user scenario.

See below for an introduction to Quest Defender, and then follow the step-by-step instructions to experience each user scenario. Welcome to QuestDrive Quest Defender This document will guide you through experiencing Quest Defender as a user, a Helpdesk user, a Helpdesk Administrator and a Defender administrator, using a self-contained,

More information

Using Logon Agent for Transparent User Identification

Using Logon Agent for Transparent User Identification Using Logon Agent for Transparent User Identification Websense Logon Agent (also called Authentication Server) identifies users in real time, as they log on to domains. Logon Agent works with the Websense

More information

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services About this Course Configuring and Troubleshooting Windows This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting Active Directory Domain

More information

ibaan ERP 5.2a Configuration Guide for ibaan ERP Windows Client

ibaan ERP 5.2a Configuration Guide for ibaan ERP Windows Client ibaan ERP 5.2a Configuration Guide for ibaan ERP Windows Client A publication of: Baan Development B.V. P.O.Box 143 3770 AC Barneveld The Netherlands Printed in the Netherlands Baan Development B.V. 2002.

More information

Security IIS Service Lesson 6

Security IIS Service Lesson 6 Security IIS Service Lesson 6 Skills Matrix Technology Skill Objective Domain Objective # Configuring Certificates Configure SSL security 3.6 Assigning Standard and Special NTFS Permissions Enabling and

More information

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 7

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 7 Course Page - Page 1 of 7 Configuring and Managing Windows Server 2012 Active Directory BSP-AD2012 Length: 5 days Price: $ 2,795.00 Course Description This course is targeted toward information technology

More information

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Details Course Code: Duration: Notes: 6425C 5 days This course syllabus should be used to determine whether

More information

Outpost Office Firewall

Outpost Office Firewall Technical Reference Outpost Office Firewall Office Firewall Software from Agnitum Abstract This document provides advanced technical information on administering Outpost Office Firewall in a corporate

More information

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Deploy is a trademark owned by Specops Software. All

More information

Active Directory Change Notifier Quick Start Guide

Active Directory Change Notifier Quick Start Guide Active Directory Change Notifier Quick Start Guide Software version 3.0 Mar 2014 Copyright 2014 CionSystems Inc., All Rights Reserved Page 1 2014 CionSystems Inc. ALL RIGHTS RESERVED. This guide may not

More information

DriveLock Quick Start Guide

DriveLock Quick Start Guide Be secure in less than 4 hours CenterTools Software GmbH 2012 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Number: 6425B Course Length: 5 Days Course Overview This five-day course provides to teach Active Directory Technology

More information

Symantec Endpoint Encryption Full Disk

Symantec Endpoint Encryption Full Disk Symantec Endpoint Encryption Full Disk Autologon Utility & Reboot Utility Guide Version 6.1 Information in this document is subject to change without notice. No part of this document may be reproduced

More information

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Five Days, Instructor-Led About this course This five-day instructor-led course provides in-depth training

More information

Active Directory & SQL Server

Active Directory & SQL Server Active Directory & SQL Server How AD can affect your SQL Servers Ryan Adams Blog - http://ryanjadams.com Twitter - @ryanjadams Email ryan@ryanjadams.com DNS Group Policy Security Groups Password Policies

More information

Configuring Security Features of Session Recording

Configuring Security Features of Session Recording Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording

More information

Entrust Managed Services PKI

Entrust Managed Services PKI Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.

More information

Manage Fine-Grained Password and Account Lockout Policies

Manage Fine-Grained Password and Account Lockout Policies CHAPTER 11 Manage Fine-Grained Password and Account Lockout Policies IN THIS CHAPTER. Create Password Settings Objects. Delete Password Settings Objects. View Settings Defined in Password Settings Objects.

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Length: 5 Days Language(s): English Audience(s): IT Professionals Level: 200 Technology: Windows Server

More information

Objectives. At the end of this chapter students should be able to:

Objectives. At the end of this chapter students should be able to: NTFS PERMISSIONS AND SECURITY SETTING.1 Introduction to NTFS Permissions.1.1 File Permissions and Folder Permission.2 Assigning NTFS Permissions and Special Permission.2.1 Planning NTFS Permissions.2.2

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics Event Source Log Configuration Guide Microsoft Windows using Eventing Collection Last Modified: Thursday, July 30, 2015 Event Source Product Information: Vendor: Microsoft Event

More information

Default Domain Policy Data collected on: 10/12/2012 5:28:08 PM General

Default Domain Policy Data collected on: 10/12/2012 5:28:08 PM General Default Domain Default Domain Data collected on: 10/12/2012 5:28:08 PM General Details Domain Owner Created Modified User Revisions Computer Revisions Unique ID GPO Status webrecon.local WEBRECON\Domain

More information

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services About this Course This five-day instructor-led course provides to teach Active Directory Technology Specialists

More information

Session 17 Windows 7 Professional DNS & Active Directory(Part 2)

Session 17 Windows 7 Professional DNS & Active Directory(Part 2) Session 17 Windows 7 Professional DNS & Active Directory(Part 2) Fall 2011 ITE153 Operating Systems 1 Session 17 Windows 7 Professional Operating in Microsoft Networks Fall 2011 ITE153 Operating Systems

More information

Building the SAP Business One Cloud Landscape Part of the SAP Business One Cloud Landscape Workshop

Building the SAP Business One Cloud Landscape Part of the SAP Business One Cloud Landscape Workshop Building the SAP Business One Cloud Landscape Part of the SAP Business One Cloud Landscape Workshop TABLE OF CONTENTS 1 INTRODUCTION... 3 2 LANDSCAPE DETAILS... 3 2.1 Server Details... 3 2.2 Landscape

More information

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials

More information

Module 1: Introduction to Active Directory Infrastructure

Module 1: Introduction to Active Directory Infrastructure Module 1: Introduction to Active Directory Infrastructure Contents Overview 1 Lesson: The Architecture of Active Directory 2 Lesson: How Active Directory Works 10 Lesson: Examining Active Directory 19

More information

How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator

How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator I. Certificate Services a. Install a Certificate Authority onto a Windows server

More information

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation LDAP Implementation AP561x KVM Switches All content in this presentation is protected 2008 American Power Conversion Corporation LDAP Implementation Does not require LDAP Schema to be touched! Uses existing

More information

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients Note: I have only tested these procedures on Server 2003 SP1 (DC) and XP SPII client, in a controlled lab environment,

More information

Outpost Network Security

Outpost Network Security Administrator Guide Reference Outpost Network Security Office Firewall Software from Agnitum Abstract This document provides information on deploying Outpost Network Security in a corporate network. It

More information

Laserfiche Web Access 8 and Kerberos Configuration in a Windows Server 2008 and IIS 7 Environment. White Paper

Laserfiche Web Access 8 and Kerberos Configuration in a Windows Server 2008 and IIS 7 Environment. White Paper Laserfiche Web Access 8 and Kerberos Configuration in a Windows Server 2008 and IIS 7 Environment White Paper March 2009 The information contained in this document represents the current view of Compulink

More information

Windows Log Monitoring Best Practices for Security and Compliance

Windows Log Monitoring Best Practices for Security and Compliance Windows Log Monitoring Best Practices for Security and Compliance Table of Contents Introduction... 3 Overview... 4 Major Security Events and Policy Changes... 6 Major Security Events and Policy Changes

More information

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements Passwordstate Password Discovery, Reset and Validation Requirements This document and the information controlled therein is the property of Click Studios. It must not be reproduced in whole/part, or otherwise

More information

MailStore Outlook Add-in Deployment

MailStore Outlook Add-in Deployment MailStore Outlook Add-in Deployment A MailStore Server installation deploys the MailStore Outlook Add-in as a Windows Installer package (MSI) that can be installed on client machines using software distribution.

More information

Course 6425C: Five days

Course 6425C: Five days CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Five

More information

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Length: 5 Days Published: June 02, 2011 Language(s): English Audience(s): IT Professionals Level: 200

More information

M.S.Anand Technology Specialist Microsoft Corp

M.S.Anand Technology Specialist Microsoft Corp M.S.Anand Technology Specialist Microsoft Corp What s new in AD DS Active Directory Recycle Bin Active Directory module for Windows PowerShell Active Directory Administrative Center Active Directory Best

More information

Group Policy 21/05/2013

Group Policy 21/05/2013 Group Policy Group Policy is not a new technology for Active Directory, but it has grown and improved with every iteration of the operating system and service pack since it was first introduced in Windows

More information