Randy Franklin Smith's
Audit and Assessment of Windows Server

Course Outline

1. Windows 2003 Host-Level Security
- differences between Windows 2000 and 2003
- "secure by default" - is it true?
- file system security
- services and their control implications
- server and workstation services
- event log
- Windows Server 2003’s security control areas
- administrative tools

2. User Accounts and Groups
- types of logons
- logon rights
- access token
- logon and password controls
- user-specific logon and password controls

3. User Rights
- rights and privileges vs. permissions
- differences between rights and privileges

4. Resource Access Controls
- understanding access control lists
- bi-directional inheritance control
- ownership and administration
- file, folder and printer permissions
- shared folders and printers
- Windows 2000 vs. 2003 default permissions
- risks on upgraded systems

5. Monitoring the Security Log
- Windows 9 audit categories
- auditing file system activity
- event viewer
- top events that should be monitored
- recommended audit policy
- does auditing slow down the server?
- can auditing crash the server?

6. Tools for Managing/Auditing Windows Server Security
- security templates
- Microsoft Baseline Security Analyzer
- CIS Benchmark: “Gold Standard”
- DumpSEC
- automatic update service options
- Windows Server Update Services
- new security features in Service Pack 1

7. Relating Windows Server to Active Directory
- introduction to Active Directory
- domains
- Kerberos
- local accounts vs. domain accounts
- local groups vs. domain groups
- Group Policy
- group implementation strategy

8. Centralized Security Configuration with Group Policy
- how Group Policy works
- Group Policy inheritance
- computer configuration
- Windows security settings
- user configuration

9. Collecting Windows Server Evidence
- selecting your reporting tool(s)
- evidence collection checklist
- key interview questions
- hands-on lab: collecting Windows Server evidence, including key observation  tasks, reports, and required screen prints

10. Analyzing Windows Server Evidence
- service risks
- user account controls
- group membership
- password and lockout controls
- access control tests
- monitoring and detective controls
- user right tests
- checklist for testing evidence
- hands-on lab: analyzing case study evidence to find vulnerabilities and  control deficiencies

Next:

• Frequently Asked Questions
• Request detailed course outline or training proposal

 

Upcoming Webinars Avoid Group Policy Disasters Auditing User Accounts in Active Directory with the Windows 2003 & 2008 Security Logs

Additional Resources Security Log Quick Reference Chart Security Log Resource Kit Learn about the SharePoint Audit Log Patch Tuesday Analysis

•	Benefits
•	Outline
•	FAQ
•	Availability