Standard vs Custom Battery Packs - Decoding the Power Play
Managing security settings in windows server with group policy
1. Administración y Seguridad en Windows Server 1
Managing Security Settings in Windows Server with Group Policy
Estela Cruz Díaz
Miguel A. Morales de la Cruz
Francisco de Jesús Sánchez Enríquez
Instituto Tecnológico de Tuxtepec
Febrero 2014
2. Administración y Seguridad en Windows Server 2
ABSTRACT
To safeguard Windows it’s required a successful deployment of Group Policy,
which depends on Active Directory and is the primary means for securing servers
and desktop environments. Group Policy can define the status of the work
environment of users and computers allowing recovery services, securities
registration, account policies, group memberships and other features of machines
on the network. Provide to administrators a high degree of administrative control
over users and computers on the network. The main objective of this article is to
give you ways of how security policies, through Group Policy allow to define the
procedures for configuring and managing security to computing environment.
3. Administración y Seguridad en Windows Server 3
KEYWORDS
Security
Configuration
Templates
Passwords
4. Administración y Seguridad en Windows Server 4
INTRODUCTION
Group Policy is implemented in Windows Server since its inception infrastructure,
which allows you to specify managed for users and computers through Group
Policy settings and policy preferences settings. You can manage your settings and
preferences in an environment of Domain Services Active Directory through the
Management Console Group Policy Management (GPMC).
Group Policy is an infrastructure that allows to implement specific configurations for
users and computers. Unfortunately, these guidelines are not easy to implement,
since they are linked to Active Directory containers and therefore users must first
know this tool.
This article aims to IT professionals and general users to understand the
characteristics of security auditing in Windows and how your organization can
benefit from using these technologies to enhance security and network
administration.
5. Administración y Seguridad en Windows Server 5
Security Auditing Overview
Feature description
Security auditing is a powerful tool to help maintain the security of an enterprise.
Auditing can be used for a variety of purposes, including forensic analysis,
regulatory compliance, monitoring user activity, and troubleshooting. Industry
regulations in various countries or regions require enterprises to implement a strict
set of rules related to data security and privacy. Security audits can help implement
such policies and prove that these policies have been implemented. Also, security
auditing can be used for forensic analysis, to help administrators detect anomalous
behavior, to identify and mitigate gaps in security policies, and to deter
irresponsible behavior by tracking critical user activities.
Managing security auditing
To use security auditing, you need to configure the system access control list
(SACL) for an object, and apply the appropriate security audit policy to the user or
computer. For more information, see Managing Security Auditing.
(http://technet.microsoft.com/library/cc771475.aspx).
6. Administración y Seguridad en Windows Server 6
AUDIT GUIDELINES
Before implementing an audit, you must decide on an audit. An audit policy
specifies the categories of security-related events you want to audit. When this
version of Windows is first installed, all audit categories are disabled. Enabling
several categories of audit events, you can deploy an adequate audit to the
security needs of your organization.
Event categories you can choose to audit are:
Audit logon events account
Audit account management
Audit directory service access
Audit logon events
Audit object access
Audit policy change
Audit privilege use
Audit process tracking
Audit system events
If you choose to audit access to objects as part of your audit, you must enable the
category Audit directory service access (for audit objects in a domain controller) or
category Audit object access (to audit objects a member server or workstation).
After you enable the Object Access category, you can specify the types of access
you want to audit for each group or user.
To enable auditing of local objects, you must be logged as member of the
predefined administrator accounts.
7. Administración y Seguridad en Windows Server 7
CONFIGURATION SET OR CHANGE OF DIRECTORS OF A CATEGORY EVENT.
When defining auditing settings for specific event categories, you can create a
proper audit for security needs of your organization. On servers and work stations
member who join a domain, configuration audit event categories are not defined by
default. On domain controllers, auditing is enabled by default.
To set or change the configuration of the audit policy for a category of
events on the local computer
1. Open the Local Security Policy snap-in and select Local Policies.
2. In the console tree, click Audit Policy.
Where?
Security Settings / Local Policies / Audit Policies
3. In the results pane, double-click an event category for which you want to
modify the audit policy setting.
4. Perform one of the following, or both, and click OK.
To audit successful attempts, select the Success check box.
To audit unsuccessful attempts, select the Failed check box
ADDITIONAL CONSIDERATIONS
To open Microsoft Management Console using the Windows interface, click
Start, in the Start Search text box, type mmc, and then press ENTER.
To audit access to objects, enable auditing of the category of object access
events following the steps above. Next, enable auditing specific object.
After configuring the audit, the events are stored in the security log. Open
the Security log to view these events.
The default configuration of the audit policy for domain controllers is No
Auditing. That means that even if auditing is enabled in the domain, domain
controllers do not inherit auditing policy locally. If you want the audit policy to
apply to domain controllers, you must modify this policy setting.
8. Administración y Seguridad en Windows Server 8
APPLY OR MODIFY THE SETTING OF DIRECTORS AUDIT OF A STOCK OR A
LOCAL FOLDER.
To apply or modify auditing policy settings for a local file or
folder.
1. - Open Windows Explorer.
2. - Click the right mouse button on the file or folder you want to audit, click
Properties, then click the Security tab.
3. - Click Edit, and then click Advanced. (If not logged in as a member of the
Administrators group on this computer, you must provide administrative credentials to continue).
4. - The box for Advanced Security Settings dialog <object> click the Auditing
tab.
5. - Do one of the following steps:
To configure auditing for a user or group, click Add. In Enter the object
name to select, type the name of the user or group you want, and then click
OK.
To remove auditing for an existing group or user, click on their name, click
Remove, click OK, and then skip the rest of this procedure.
To view or change auditing for an existing group or user, click on his name
and then click Edit.
6.- In the Apply onto box, click the location where you want the audit is
conducted.
7. - In the Access box, indicate what actions you want to audit to do so, check the
appropriate boxes:
To audit successful events, select the Success check box.
To stop auditing successful events, clear the Success check box.
To audit unsuccessful events, select the Failed check box.
To stop auditing unsuccessful events, clear the Failed check box.
To stop auditing all events, click Clear All.
8. - If you want to prevent files and subfolders of the original object from inheriting
these audit entries, select the Apply these auditing entries to objects and / or
containers within this container only check box.
9. Administración y Seguridad en Windows Server 9
Important: Before you configure auditing of files and folders, you must enable Audit
object access; to do this, set the audit policy setting for the category of object
access events. If you do not enable the Audit object access, an error message to
set up auditing for files and folders appear, and no files or folders are audited.
Additional Considerations
You must be logged on as a member of the Administrators group or you
must have been granted the right to Manage auditing and security in
Group Policy to perform this procedure.
To open Windows Explorer, click Start, point to All Programs, click
Accessories, and then click Windows Explorer.
After you enable auditing of object access, see the Security log in Event
Viewer to check the result of the changes.
You can only configure auditing of files and folders on NTFS drives.
If you notice any of the following situations, the audit has been inherited
from the parent folder:
o Check the box to audit Folder> file> or dialogue in the Access box,
the boxes are not available.
o In the box for Advanced Security Settings dialog file> or Folder>,
the Remove button is unavailable.
Because the security log is limited in size, select the files and folders to be
audited. Also consider the amount of disk space you want to devote to the
security log. The maximum size of the security log is defined in Event
Viewer.
10. Administración y Seguridad en Windows Server
10
SAFETY CHECK REGISTER
The security log records every event as defined in audit policies established in
each object.
To view the security log
1. - Open the event viewer.
2. - In the console tree, open Global Records, and then click Security. The
results pane lists individual security events.
3. - If you want more details about a specific event, double-click the event in
the results pane.
Additional Considerations
To open Event Viewer, click Start, Control Panel, System and
Maintenance, double-click Administrative Tools, and then double-click
Event Viewer.
If the computer is connected to a network, it is likely that the network policy
settings prevent you from performing the procedure.
11. Administración y Seguridad en Windows Server
11
RESULTS
With this research we tried to understand more about Group Policy, one of the
tools that can be used in order to have more effective in the field of security
settings in Windows Server Administration.
This topic is of great importance because the Server Administrator Windows
Server 2008 enables you to view and manage almost all the information and tools
that affect the productivity of a server.
Server Manager increases the efficiency of server administration, since a single
tool (Group Policy) allows administrators to:
View and modify the functions and features installed on the server.
Perform administrative tasks associated with the operational lifecycle of the
server.
Determine server status, identify critical events, and analyze configuration
errors.
Install or remove roles, role services, and features.
The process to implement a Group Policy solution involves planning, design,
implement and manage the solution.
During the design phase:
Define the scope of Group Policy.
Determine the values of policy settings that apply to all corporate users.
Classify users and equipment according to their functions and locations.
Plan desktop configurations depending on the requirements of users and
computers.
12. Administración y Seguridad en Windows Server
12
A well-planned design will help ensure a successful deployment of Group
Policy.
The implementation phase begins with an essay in a test environment. The
process includes:
Creating standard desktop configurations.
Filter the scope of Group Policy objects.
Specifying exceptions to default inheritance of Group Policy.
Delegating administration of Group Policy.
Evaluation of effective policy settings using Group Policy Modeling.
Evaluation of results using Group Policy Results.
Use of a technique for searching for information was made, this technique is known
as an exact phrase, because this is to locate key words or keywords, then locates
documents containing the word to start.
13. Administración y Seguridad en Windows Server
13
DISCUSSION OF RESULTS
Try conscientiously implement Group Policy in a test environment before deploying
it in a production environment. Consider an iterative implementation of Group
Policy: Instead of implementing settings 100 new Group Policy, first try and
implement some values only to validate that the infrastructure of the Group Policy
is working correctly.
Finally, be prepared to maintain Group Policy setting control procedures for
working with objects.
Before designing the implementation of Group Policy, you must understand the
current organizational environment and perform some preparatory steps in the
following areas:
Active Directory: make sure the design of organizational units in Active Directory
for all domains in the forest supports the application of Group Policy. For more
information, see about designing an OU structure.
Red: Make sure that the network meets the requirements of technology change
management and configuration. For example, since the group policy works only
with fully qualified domain names, the Directory Name Service (DNS) must be
running in the forest in order to process the group policy correctly.
Security: Get a list of security groups that are currently in use in the domain. Work
with security administrators, as it delegates the responsibility for the administration
of the OU.
IT Requirements: Get a list of administrative owners and corporate standards
administrative domains and OUs in the domain. This will develop a good plan of
delegation and ensure that Group Policy is inherited correctly.
14. Administración y Seguridad en Windows Server
14
REFERENCES:
http://technet.microsoft.com/library/cc771475.aspx
http://technet.microsoft.com/en-us/library/dn319078.aspx
http://technet.microsoft.com/es-es/library/cc730601.aspx
http://technet.microsoft.com/es-es/library/cc732450.aspx
http://technet.microsoft.com/es-es/library/cc771070.aspx
http://technet.microsoft.com/es-es/library/cc731826.aspx
http://technet.microsoft.com/es-es/library/dd349801(v=ws.10).aspx
http://technet.microsoft.com/es-es/library/cc728909.aspx
http://technet.microsoft.com/es-es/library/hh801901.aspx