workingsraka.blogg.se - Windows server 2008 security configuration wizard

#Windows server 2008 security configuration wizard how to
#Windows server 2008 security configuration wizard windows

Browse to D:Security, or other local path, and type a name in the File name: box e.g Security.Right-click Security Configuration and Analysis from the console tree and select Open Database….

#Windows server 2008 security configuration wizard windows

The point of these templates are to lock-down servers using the Windows Security Configuration Wizard but we are only using them for a simple permission change Step 3 – Create a Security Database Click OK and you will see the new template appear in the console.The Description is optional but may be useful if you want to re-use it.Right-click D:Security from the console tree and select New Template ….Browse to D:Security, or other local path, and click OK.Right-click Security Templates from the console tree and select New Template Search Path ….In Windows Server 2003 and below you can store these files anywhere but later versions have tougher restrictions so we will be creating everything in D:Securtiy Step 2 – Create a blank Security Template Scroll down the list of available Snap-ins and select Security Configuration and Analysis.

Click File > Add/Remove Snap-in… (Ctrl+ M)

This opens an empty Microsoft Management Console.

Click Start > Run (or press WIN + R) and type “ mmc.exe”.

Nonetheless, with some time and effort, it’s entirely possible that someone will create a malicious SHA that impersonates a legitimate SHA. Additional security measures, such as requiring IPsec connection security, can help further reduce the opportunity for attackers. It’s not quite as easy as simply lying, because the SHA signs the Statement of Health (SoH) to help prove that the health report is genuine. People with malicious intent would simply lie. So it’s a bit like airport security merely asking people if they are carrying any banned substances-people without any malicious intent would happily volunteer anything they accidentally brought. The SHA is also running on the client computer. When evaluating NAP as a way to protect against malicious attackers, remember that NAP trusts the System Health Agent (SHA) to report on the health of the client. Although NAP can’t prevent a determined, skilled attacker from connecting to your network, NAP can improve your network security by helping keep computers up to date and ensuring that legitimate users do not accidentally connect to your internal network without meeting your security requirements. Instead of absolutes, security can be measured only in degrees of risk. This computer must have at least one network interface that you can connect to either the Internet or a private network. You will also need the following nonproduction hardware connected to test networks:Ī computer named Dcsrv1 that is a domain controller in the Nwtraders.msft domain. To complete the lessons in this chapter, you should be familiar with Windows networking and be comfortable with the following tasks:Īdding roles to a computer running Windows Server 2008 R2Ĭonfiguring Active Directory domain controllers and joining computers to a domainĬonfiguring a basic network, including configuring IP settings Lesson 2: Configuring Network Access Protection

#Windows server 2008 security configuration wizard how to

This lesson describes how to plan and implement Windows Firewall and NAP using Windows Server 2008 R2.Ĭonfigure Windows Firewall with Advanced Security.Ĭonfigure Network Access Protection (NAP).

NAP requires computers to complete a health check before allowing unrestricted access to your network and facilitates resolving problems with computers that do not meet health requirements. Windows Firewall can filter incoming and outgoing traffic, using complex criteria to distinguish between legitimate and potentially malicious communications. Windows Server 2008 R2 supports two technologies that are useful for improving network security: Windows Firewall and Network Access Protection (NAP). This can result in costly security compromises, such as a worm that spreads rapidly through an internal network or a sophisticated attacker who steals confidential data across the network. By their nature, networks can allow healthy computers to communicate with unhealthy computers and malicious tools to attack legitimate applications.