MarkMlnasi Byron Hynes



Similar documents
Get Success in Passing Your Certification Exam at first attempt!

Microsoft Windows 8 Beta Exam by Ding Dong

MS 50292: Administering and Maintaining Windows 7

ICT Professional Optional Programmes

Course Outline. ttttttt

70-685: Enterprise Desktop Support Technician

Administering and Maintaining Windows 7 Course 50292C; 5 Days, Instructor-led

Windows 7, Enterprise Desktop Support Technician

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

Training Guide: Configuring Windows8 8

MICROSOFT EXAM QUESTIONS & ANSWERS

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

Configuring and Administering Windows 7

Course 50322B: Configuring and Administering Windows 7

MS-50292: Administering and Maintaining Windows 7. Course Objectives. Required Exam(s) Price. Duration. Methods of Delivery.

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Implementing and Supporting Microsoft Windows XP Professional

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

How To Manage Hard Disk Partitioning In Windows (Windows 8) (Windows 7) (Powerbook) (For Windows 8) And Windows 8 (Pro) (Winstone) (Probation) (Perl

DriveLock and Windows 8

Installing and Configuring Windows 7 Client

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Course 6292A: Installing and Configuring Windows 7 Client. About this Course. Audience Profile

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

DriveLock and Windows 7

Computer Security: Principles and Practice

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

MS MCITP: Windows 7 Enterprise Desktop Support Technician Boot Camp

Configuring Windows Server 2008 Active Directory

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.

Windows" 7 Desktop Support

Course 20688A: Managing and Maintaining Windows 8

Installation and Administration Guide

for Networks Installation Guide for the application on a server September 2015 (GUIDE 2) Memory Booster version 1.3-N and later

Installing and Upgrading to Windows 7

Enterprise Remote Control 5.6 Manual

ILTA HANDS ON Securing Windows 7

Disk Encryption. Aaron Howard IT Security Office

Microsoft Diagnostics and Recovery Toolset 7 Evaluation Guide

DeployStudio Server Quick Install

Windows Server 2008/2012 Server Hardening

Freshservice Discovery Probe User Guide

Windows Vista (DARC) Matthew Cook

Networking Best Practices Guide. Version 6.5

(Exam ): Configuring

Designing and Deploying Connected Device Solutions for Small and Medium Business

MS Configuring Windows 8.1

Windows 8 Backup, Restore & Recovery By John Allen

Microsoft Exam MB2-702 Microsoft Dynamics CRM 2013 Deployment Version: 6.1 [ Total Questions: 90 ]

Understand Backup and Recovery Methods

How to Encrypt your Windows 7 SDS Machine with Bitlocker

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Inteset Secure Lockdown ver. 2.0

You need to recommend a monitoring solution to ensure that an administrator can review the availability information of Service1. What should you do?

CA ARCserve Replication and High Availability

20688 Managing and Maintaining Windows 8

Mobile Device Security and Encryption Standard and Guidelines

Sophos SafeGuard Native Device Encryption for Mac Administrator help. Product version: 7

Objectif. Participant. Prérequis. Remarque. Programme. Windows 7, Enterprise Desktop Support Technician (seven)

Windows 7. Qing Liu Michael Stevens

Installing and Configuring Windows B; 5 Days, Instructor-led

Introduction to Windows 7 (Brought to you by RMRoberts.com)

BorderGuard Client. Version 4.4. November 2013

Microsoft Windows 7. Administration. Instant Reference. William Panek WILEY. Wiley Publishing, Inc.

Operating System Security

CMB 207 1I Citrix XenApp and XenDesktop Fast Track

Installing and Configuring Windows ; 5 Days; Instructor-led

RDM+ Desktop for Windows Getting Started Guide

Installing and Configuring Windows 7 Client

TPM. (Trusted Platform Module) Installation Guide V for Windows Vista

Windows 10 and Enterprise Mobility

Windows 7/8: Enterprise Desktop Support Technician Ranger Program Five (5) days, Instructor-Led

Windows 7, Enterprise Desktop Support Technician

Administering Windows-based HP Thin Clients with System Center 2012 R2 Configuration Manager SP1

XF Extracellular Flux Analyzer. Installation and Troubleshooting Guide

Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4

Actualtests.com - The Power of Knowing

Installing and Configuring Windows 10 MOC

DataTraveler Vault - Privacy User Manual

MCSA Windows 8 (Exam )

Chapter 5: Operating Systems Part 1

50331D Windows 7, Enterprise Desktop Support Technician (Windows 10 Curriculum)

Encrypting with BitLocker for disk volumes under Windows 7

Acronis Backup & Recovery 11.5

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

Installation Notes for Outpost Network Security (ONS) version 3.2

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

Transcription:

A ul ^HP &1 ^n* JÜ& MarkMlnasi Byron Hynes i 1 8 O 7,^ j Wiley Publishing, Inc. Mark Minasi U Windows Administrator X. Library

Table of Contents Introduction Chapter 1 Administering Vista Security: The Little Surprises 1 Restoring the Administrator 1 Making Your Own Administrator 2 Activating the Administrator Account 2 Power Users Are Essentially Gone 4 "Run..." Is Off the Start Menü 7 BOOT.INI Is Gone, BCD Is Here 8 boot.ini Review 8 BCD Terminology 10 Creating a Second OS Entry 12 Understanding Vista Boot Manager Identifiers 12 Choosing Timeout and Default OS with bcdedit 13 Changing an Entry Option 14 Cleaning Up: Deleting OS Entries 16 "Documents and Settings" Is Gone, Kind Of 16 IPv6 and Network Properties 17 Remote Desktop Gets a Bit More Secure 21 NTFS and the Registry Are Transaction Based 23 Undelete Comes to Windows for Real! 24 Changes in Security Options 25 Changes to Named Pipe Access 26 Changes to Share and Registry Access 27 LM Deemphasized, NTLMv2 Emphasized 28 No More Unsigned Driver Warnings 30 Encryption News 31 Vista Includes New Cryptographic Services 31 You Can Encrypt Your Pagefile 32 Offline Files Folders Are Encrypted per User 32 New Event Viewer 32 XML Format Comes to Event Viewer 33 Custom Queries Lets You Customize Event Viewer 35 Generating Actions from Events 38 Telling the Event Log Service to Display Messages 41 Forwarding Events from One Computer to Another 43 Subscription Overview 43 Creating an Example Subscription 44 Troubleshooting Subscription Delays 50 Event Forwarding in Workgroups 52

x Table of Contents Chapter 2 Understanding User Account Control (UAC): "Are You Sure, Mr. Administrator?" 59 Introducing UAC 59 Why UAC Is Good, after All 61 UAC Benefits for Users 61 UAC Benefits for Admins 62 UAC as a Transition Tool 62 An Overview of UAC 63 Digging Deeper into UAC 66 How Windows Creates the Standard User Token 66 How to Teil UAC to Use the Administrator Token 74 What Teils Windows to Use the Administrator Token 81 Reconfiguring User Account Control 101 Turning UAC On, Off, or in Overdrive 102 Configuring UAC Junior: UAC for the User 103 Side Point: How "Administrator-ish" Must You Be to Get UACed? 104 Excluding the Built-in Administrator 105 Telling UAC to Skip the Heuristics 106 Controlling Secure Desktop 106 Sign or Go Home: Requiring Signed Applications 109 Working around Apps That Store Data in the Wrong Places 111 The Big Switch: Turning Off UAC Altogether 111 Will UAC Succeed? 112 Summary 113 Chapter 3 Help for Those Lame Apps: File and Registry Virtualization 115 File and Registry Virtualization Basics 115 Seeing File Virtualization in Action 116 File and Registry Virtualization Considerations 118 Which Areas Are Protected and Where They Are Virtualized 118 How Virtualization Handies Files 119 How Virtualization Handies the Registry 120 What Does "Legacy" Mean, Exactly? 122 Seeing Virtualization in Standard Versus Administrative Users 123 Tracking Virtualization 125 A Possible Virtualization Problem 127 Controlling Virtualization 127 The Future of Virtualization 128 Summary 129

Table of Contents xi Chapter 4 Understanding Windows Integrity Control Windows Integrity Control Overview Mandatory Controls Versus Discretionary Controls The Orange Book C2 Certification and NT C and B: Discretionary Versus Mandatory WIC Components WIC's Six Integrity Levels How Objects Get and Store Integrity Levels: Mandatory Labels Process Integrity Levels Seeing Processes in Action Setting Up Example: Starting a Low Integrity Application Internet Explorer Protected Mode and WIC A Prime Directive Puzzle: WIC and Deletes Using WIC ACEs to Restrict Access Things WIC ACEs Can't Do You Cannot Apply Mandatory Labels with Group Policy You Cannot Create Standard Permissions That Name Mandatory Labels A Note on Modifying System Files Dialing Up Custom Labels Meet SDDL Strings Understanding the Secret Language of Bs: SDDL Label Syntax Using SDDL Strings to Set Integrity Levels Summary 131 132 133 134 135 136 139 139 141 153 156 156 156 157 160 166 168 168 169 170 173 173 174 180 181 Chapter BitLocker: Solving the Laptop Security Problem 183 The Laptop Security Problem Today 184 BitLocker Drive Encryption The Overview 185 BitLocker Components 186 WhatlsaTPM? 187 Füll Disk Encryption 188 Encryption Algorithm 191 Key Storage 193 Authentication or Access Control 196 Increasing Security with Additional Key Protectors 196 Boot Process Validation (Integrity Check) 199 Enabling BitLocker for the First Time 201 Using BitLocker without a TPM 204 Summary of Key Protectors 205

xii Table of Contents Recovery Recovery Example 1: Desktop Hardware Failure (Stand-alone System without a TPM) Recovery Example 2: Laptop Hardware Failure (TPM-based) Recovery Example 3: Lost USB Key (Computer with a TPM) Recovery Example 4: "Found" Laptop Recovery Summary BitLocker and Active Directory Group Policy Options Managing the TPM and BitLocker in the Enterprise Servicing a BitLocker-Protected Computer Secure Decommissioning Planning for BitLocker Deployment Summary Chapter 6 Post-Boot Protection: Code Integrity, New Code Signing Rules, and PatchGuard Address Space Layout Randomization Giving 64-bit More Armor PatchGuard Code Integrity What Can Go Wrong? New Code Signing Rules What Is Code Signing and Why Does It Matter? ActiveX Controls Protected Media Path Requirements x64 Requirements Getting Down to Business: Code Signing an Application or Driver Getting Down to Business: Deploying an Application or Driver Signed by a Publisher Summary Chapter 7 How Vista Secures Services Services in Brief Service Control Manager How Vista Toughens Services: Overview Session Separation Reducing Service Privileges Developers Can Reduce Service Privileges Admins Can Also Reduce Service Privileges 209 210 211 212 214 215 216 218 220 223 225 226 227 229 229 230 230 233 234 235 235 236 237 237 238 239 240 241 241 244 245 246 247 248 248

Table of Contents xiii Special Case: Multiple Services Needing Different Privileges 249 Reduced Privilege Summary 250 Service Isolation 251 How Service Isolation Works 251 Restricting a Service's SID 252 Granting Write Permissions to a Service SID 252 Understanding the sc.exe Restricted SID Commands 254 Restricting a Service's Network Ports 255 Summary 255 Index 257

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information