Randy Franklin Smith's
Audit and Assessment of Windows Workstations
Course Outline
1. Windows Security
- file system security
- services and their control implications
- security log and audit policy
- administrative tools
- file permissions
- users and groups
- logon rights
- user rights
- group policy security settings
- XP vs Vista - key differences
2. Software Restrictions
- hash based restrictions
- path restrictions
- publisher controls
- centralized control through group policy
3. Controlling Remote Access
- server service
- remote desktop and remote assistance
- IIS
- remote registry access
- RPC
- DCOM
4. Windows Firewall
- Domain and Internet modes
- Port exceptions
- Application exceptions
- Central configuration
5. Encrypting File System / BitLocker
- Encryption algorithms and key size
- Certificates and private keys
- Data recovery
- EFS vulnerabilities
- Hardware based alternatives to EFS
- BitLocker
6. Windows Desktop Controls
- password protected screen saver
- locking down the start menu
- locking down Explorer
- disabling dangerous features
- centralized control through group policy
7. Tools for Managing/Auditing Windows Server Security
- Security templates
- Microsoft Baseline Security Analyzer
- CIS Benchmark and Scoring Tool: “Gold Standard”
- DumpSEC
- Automatic update service options
- Windows Update Services
8. Auditing Windows Workstations
- key control areas
- evidence collection checklist
- analyzing Windows workstation evidence
Next: