5. You want to configure auditing for the workstations in a specific OU in your network. You have opened Security Configuration and Analysis and selected the basicwk.inf template.What section of the template contains the options that you need to configure to enable auditing? A. Local Policies B. Account Policies C. Event Log D. Registry 6. You are the security administrator for your company’s network.You have 100 Windows Server 2003 and approximately 1,700 Windows XP Professional computers in your organization that you are responsible for that are spread across multiple sites (North America, South America, Europe, Asia) and OUs.You use EventCombMT to collect Event Log data from every computer once a week for analysis by your assistant admin- istrators.You have found that some computers often have less than one week of events in their Event Logs and want to ensure that events are not getting overwritten when the logs have reached their maximum allowed size.You propose to enlarge the max- imum log size from the default value of 512kb for the Application Log, System Log and Security Log. How will you go about performing this change and use the least amount of administrative effort? A. Instruct each of your assistants to visit each and every computer and make the changes locally. B. Configure and test the settings in a security template that is then deployed to the North American site. C. Configure and test the settings in a security template that is then deployed at the domain level. D. Send an e-mail message to your users instructing them how to make the changes. 7. Austin has been delegated administrative responsibility for several OUs in his depart- ment. How can Austin most easily make the same changes to the security settings applied to his OUs? A. Austin should configure and test a template on a local machine using Security Configuration and Analysis.When he gets the configuration established that he requires, he should export the template and then import it into the specific OU GPOs he is responsible for. B. Austin should use the Security Configuration and Analysis snap-in and target it at the specific OU he wants to work with to make the changes. C. Austin should edit the GPOs directly for each of the OUs he is responsible for. D. Austin should ask a Domain Administrator to apply the desired settings at the domain level and let them propagate down to his OUs. www.syngress.com 480 Chapter 7 • Implementing, Managing, and Maintaining Network Security 271_70-292_07.qxd 8/21/03 5:28 PM Page 480 8. You have configured and tested two custom security templates for use on your corpo- rate network, corpserver.inf and corpdesktop.inf.Your network is running all Windows Server 2003 servers and Windows XP Professional workstations and is fragmented into three distinct sections due to the extremely high cost of establishing WAN links between your three geographical locations.You do have dial-up connectivity between the sites using standard POTS lines, but these have proven to be unreliable at best. How can you deploy these templates to the other two sites in your network? A. You will need to deploy them to two extra domain controllers and then ship one each to your other two sites. B. You will need to export them from Security Configuration and Analysis and send the .inf files to your other two remote sites. Once there, the other two sites can import them into the required GPO. C. You will need to establish a Frame Relay connection between all three sites at the same time and push the templates across the WAN link. D. You will need to make a RDP connection to each Domain Controller in the remote sites and apply the template to them. 9. You have customized the securews.inf template to include Account Policy settings spe- cific to your organizations requirements.At what level should you deploy this cus- tomized template to achieve the maximum result? Your network consists of one Windows Server 2003 Active Directory domain, spread out over three sites.You have approximately 18 OUs in use at the present time. A. Domain B. Site C. Local computer D. OU 10. Andrea is the network administrator of 55 Windows XP Professional workstations, 10 Windows Server 2003 member servers and four Windows Server 2003 domain con- trollers. She would like to perform a security analysis on all of her computers without having to physically visit each one. How can Andrea accomplish this task? www.syngress.com Implementing, Managing, and Maintaining Network Security • Chapter 7 481 271_70-292_07.qxd 8/21/03 5:28 PM Page 481 A. This cannot be done at the current time.Andrea will need to sit in front of each machine and use the Security Configuration and Analysis snap-in to perform the analysis. B. Andrea can target a remote computer by right-clicking on Security Configuration and Analysis and selecting Connect to another computer. C. Andrea can create a script or batch file using the secedit.exe utility with the ana- lyze switch that has an entry for each computer that she wants to analyze. D. Andrea can create a script or batch file using the secedit.exe utility with the ana- lyze switch that calls on a pre-populated text file containing the list of computers to be analyzed. 11. Chris is attempting to use the Security Configuration and Analysis snap-in to perform an analysis of one of her member servers.The member server is currently configured with the default settings. She wants to compare its settings with those in the securewk.inf security template.What is the correct order of steps that she needs to perform in order to perform the analysis? Step 1: Right-click on Security Configuration and Analysis and select Analyze computer now. Step 2: Right-click on Security Configuration and Analysis and select Open database. Step 3: Select the security template to be used in the analysis. Step 4: Select the log file to be used in the analysis. Step 5: Right-click on Security Configuration and Analysis and select Configure computer now. Step 6: Select the database to be used in the analysis. A. 2, 1, 3, 6, 4 B. 1, 6, 4, 5, 3 C. 2, 6, 4, 3, 1 D. 2, 6, 3, 1, 4 E. 1, 6, 3, 2, 4 12. You have just completed an analysis of your local computer using Security Configuration and Analysis.When looking at the analysis results, you notice several icons have a green check mark on them.You are concerned that your settings do not match those of the template you compared your computer to.What do icons with green check marks mean? www.syngress.com 482 Chapter 7 • Implementing, Managing, and Maintaining Network Security 271_70-292_07.qxd 8/21/03 5:28 PM Page 482 A. A discrepancy exists between the database settings and the computer setting. B. No analysis was performed for this item because it was not configured in the database. C. The database setting and the computer setting match. D. No analysis was performed for this item because it is not applicable to the computer. Auditing Security Events 13. Jake is responsible for six Windows Server 2003 computers in his organization. He has noticed that lately there are multiple login attempts on the main file server.What can Jake do to find out if in fact his system is trying to be exploited by a possible attacker? (Choose all that apply.) A. Use DumpEL to find the attack IDs numbered 200–600 in the System Event Log.This will indicate a possible attack. B. Turn on success and failure auditing for Logon events. Check the Application Log daily for possible password cracking attacks C. Set up a Windows Server 2003 security template that will only allow for regis- tered IP’s to connect to and communicate with the file server. D. Configure your router to only let the file server NetBIOS name be authenticated for communication 14. Stan is the network administrator responsible for 10 Windows Server 2003 computers and 400 Windows XP Professional workstations that are separated geographically across four sites: NY, LA,ATL and CHI. Stan is tasked with auditing two of the Windows XP Professional Workstations because the owners of these two workstations are complaining that each time they work on their workstations, they think someone has tried to log in to them. From the list below, what is the most logical way to audit the two workstations so that you can analyze if an attack is actually trying to be per- formed? A. Use the Local Security policy on each local workstation and Audit Logon events (success and failure). B. Use the GPO Security policy on the NY OU and Audit Logon events (success and failure). C. Use the Local Security policy on the Domain Controller and Audit Logon events (success and failure). D. Use the Local Security policy on the Domain and Audit Logon events (success and failure). www.syngress.com Implementing, Managing, and Maintaining Network Security • Chapter 7 483 271_70-292_07.qxd 8/21/03 5:28 PM Page 483 15. Chris is the administrator of a large Windows Server 2003 network.The company that he works for is a leading provider of state-of-the-art rocket propulsion systems that are used by several countries in their space-going rockets. Company policy states that the network access attempts of all temporary employees are to be tracked, regardless of what workstation they logon to.What auditing options does Chris need to configure to ensure that he can track the access of all temporary employees? (Choose two cor- rect options.) A. Audit logon events B. Audit privilege use C. Audit system events D. Audit account logon events 16. Jon is the administrator for a large Windows Server 2003 network for a company that is involved in high-level genetics research.All data transmissions within the company are secured by using IPSec. Recently IPSec communications have intermittently begun to fail as a result of the configured IPSec policies having been changed. Jon needs to determine who is changing the IPSec policies on his network.What should Jon configure auditing for? A. Audit privilege use B. Audit system events C. Audit policy change D. Audit process tracking www.syngress.com 484 Chapter 7 • Implementing, Managing, and Maintaining Network Security 271_70-292_07.qxd 8/21/03 5:28 PM Page 484 www.syngress.com Implementing, Managing, and Maintaining Network Security • Chapter 7 485 Self Test Quick Answer Key For complete questions, answers, and explanations to the Self Test questions in this chapter as well as the other chapters in this book, see the Self Test Appendix. 1. B, C, F, G 2. E, G 3. B 4. C 5. A 6. C 7. A 8. B 9. A 10. C 11. D 12. C 13. B 14. A 15. A, D 16. C 271_70-292_07.qxd 8/21/03 5:28 PM Page 485 271_70-292_07.qxd 8/21/03 5:28 PM Page 486 487 Managing and Implementing Software Updates Exam Objectives in this Chapter: 3.1 Manage software update infrastructure 6.2 Install and configure software update infrastructure 6.2.1 Install and configure software update services 6.2.2 Install and configure automatic client update settings 6.2.3 Configure software updates on earlier operating systems Chapter 8 MCSA/MCSE 70-292  Summary of Exam Objectives  Exam Objectives Fast Track  Exam Objectives Frequently Asked Questions  Self Test  Self Test Quick Answer Key 271_70-292_08.qxd 8/22/03 12:58 PM Page 487 Introduction An important part of the daily job of a Windows Server 2003 network administrator is to keep the network’s servers and client computers up-to-date with required security updates and other patches. Not long ago, this required the use of a third-party solution or Microsoft’s own Systems Management Server (SMS) 2.0. However, times have changed for the better; if an entire network is composed of Windows 2000 or higher computers the network administrator can quickly and easily implement Software Update Services (SUS) to keep their computers up-to-date. SUS is one part of a two-part solution.When paired with the required version of the Automatic Updates client software, SUS acts like a local Windows Update Web server by providing required updates and patches to clients from inside the network. It is not by acci- dent that SUS looks and feels almost identical to Windows Update—Microsoft relied on the Windows Update code extensively when it created and released SUS to the public in 2002.This chapter examines the installation, configuring, and usage of SUS and Automatic Updates both on the server side and on the client side of a network.This chapter also dis- cusses the choices available to keep the legacy network clients up-to-date with required patches and updates. Installing, Configuring, and Managing the Software Update Infrastructure Windows Server 2003 provides native support for SUS, however, it does not include SUS by default.Therefore the network administrator will need to download and install SUS on their server before they can get started. Is it worth the trouble and effort to implement an SUS server? Why not just continue to use the existing methods already in place? The answer to this question varies depending on the size, complexity, and operating system makeup of the organization. If an administrator already has a complex solution utilizing a third-party product or SMS in place, they might not want to make the move to SUS. If they do not have a high-quality solution or have no solution at all, then SUS is most likely what they have been waiting for. SUS provides the ability to centralize the deployment of all approved updates to Windows 2000 or better clients.The network administrator has full control over which of the available updates actually become approved updates and therefore can be downloaded and installed on the client computers. Now instead of the client computers directly con- tacting the Windows Update Web servers either manually or via the Automatic Updates client, they can be pointed to the internal SUS server.The ability to house their own internal Windows Update servers can be a tremendous benefit to network administrators in terms of decreased bandwidth usage, if the majority of their clients are in one location. Even if the administrator has network clients spread all over the globe, they can still use www.syngress.com 488 Chapter 8 • Managing and Implementing Software Updates EXAM 70-292 OBJECTIVE 6.2 271_70-292_08.qxd 8/22/03 12:58 PM Page 488 www.syngress.com SUS to provide a framework in which their clients will still only download and install those updates that they have approved beforehand. SUS can also be configured to not download any updates locally and instead point clients to the Windows Update Web servers to acquire those updates that were previously approved for installation on the network. EXAM W ARNING It is important to understand that SUS can scale to any size Windows Server 2003 network. Options such as the ability to leave updates on the Windows Update Web servers and the ability to have SUS server synchronizing available updates from other SUS servers allow for a greater amount of flexibility and control over the final design. Don’t get trapped in the mindset that every SUS server is its own island—when implemented properly, they can be used to create a large area solution. Installing Software Update Services Before a network administrator can use SUS with the Automatic Updates client, they need to download and install the required files.The SUS installer, the updated Automatic Updates client, and several useful whitepapers on SUS and Automatic Updates can be found at www.microsoft.com/windows2000/windowsupdate/sus/default.asp.The SUS application must be installed regardless of which operating system the server is running. For this instance we will assume that a Windows Server 2003 is being used. Depending on the Service Pack level installed on the client computers, the administrator may or may not need to install an updated Automatic Updates client.They will need to have their clients at the following Service Pack level to avoid installing the Automatic Updates client: ■ Windows 2000 Service Pack 3 (or higher) ■ Windows XP Service Pack 1 (or higher) ■ Windows Server 2003 RTM (no Service Pack required) The server that SUS will be installed on must meet the following requirements: ■ Pentium III 700MHz or higher CPU ■ 512MB RAM ■ 6GB free disk space on an NT File System (NTFS) formatted partition ■ System partition must be formatted with NTFS ■ IIS 6.0 must be installed and operational Managing and Implementing Software Updates • Chapter 8 489 EXAM 70-292 OBJECTIVE 6.2.1 271_70-292_08.qxd 8/22/03 12:58 PM Page 489 [...]... Figure 8. 28 illustrates an example of a typical entry you might see relating to SUS Figure 8. 28 Examining Event ID 111 Automatic Updates also creates event log entries in the System log as it installs updates Some of the more typical entries that you might see for Automatic Updates include: I 18 Installation ready I 19 Installation successful www.syngress.com 511 271 _70-292_ 08. qxd 512 8/ 22/03 12: 58 PM... context menu to open the Export Registry File dialog box, as seen in Figure 8. 22 www.syngress.com 505 271 _70-292_ 08. qxd 506 8/ 22/03 12: 58 PM Page 506 Chapter 8 • Managing and Implementing Software Updates Figure 8. 21 Examining the Results of Your Registry Editing Figure 8. 22 Easily Exporting the Keys and Values You Have Just Created 8 Enter the location and file name of the file, select the REG file type,... by opening the file from Windows Explorer.Viewing the synchronization logs from within SUS will yield output similar to that seen in Figure 8. 23 Figure 8. 23 Viewing the Synchronization Logs www.syngress.com 507 271 _70-292_ 08. qxd 5 08 8/22/03 12: 58 PM Page 5 08 Chapter 8 • Managing and Implementing Software Updates From this screen you can determine information about the following items from the synchronization... process, click Finish to close it www.syngress.com 271 _70-292_ 08. qxd 8/ 22/03 12: 58 PM Page 493 Managing and Implementing Software Updates • Chapter 8 Figure 8. 3 Configuring SUS to Require Approval of Updated Versions of Approved Updates Figure 8. 4 The URL of Your SUS Server for Later Configuration 11 The SUS administration page, as seen in Figure 8. 5, should automatically open in Internet Explorer If... OUs For this example, we will be configuring the settings at the domain level 3 Right-click on the domain node and select Properties to open the domain Properties dialog box Switch to the Group Policy tab, as seen in Figure 8. 11 Figure 8. 11 Locating the Group Policy Objects www.syngress.com 271 _70-292_ 08. qxd 8/ 22/03 12: 58 PM Page 499 Managing and Implementing Software Updates • Chapter 8 4 Click the... synchronization event and can be refreshed at any time by clicking the Refresh button Figure 8. 26 details a typical server monitor listing www.syngress.com 509 271 _70-292_ 08. qxd 510 8/ 22/03 12: 58 PM Page 510 Chapter 8 • Managing and Implementing Software Updates Figure 8. 26 Viewing the Number of Available Updates Examining the Event Logs The SUS server creates various SUS-specific Event Log entries that... Figure 8. 19 If the WindowsUpdate key does not exist, you must create it by right-clicking on the Windows key and www.syngress.com 503 271 _70-292_ 08. qxd 504 8/ 22/03 12: 58 PM Page 504 Chapter 8 • Managing and Implementing Software Updates selecting New | Key from the context menu Name the key WindowsUpdate Figure 8. 19 Locating the Windows Update Settings 3 If your SUS server is not listed in Figure 8. 19,... will be prompted to approve updates that will be made available for Automatic Updates clients on your network, as seen in Figure 8. 9 Figure 8. 9 Manually Approving All Updates Before They Can be Issued www.syngress.com 495 271 _70-292_ 08. qxd 496 8/ 22/03 12: 58 PM Page 496 Chapter 8 • Managing and Implementing Software Updates NOTE Remember that you should not approve any of the available updates until you... updates EXAM 70-292 OBJECTIVE 6.2.2 Installing and Configuring the Automatic Update Client As mentioned previously, your clients may or may not need to have an updated Automatic Updates client installed on them.Your computers will need to be at the following Service Pack levels to avoid requiring an updated version of the Automatic Updates client: www.syngress.com 497 271 _70-292_ 08. qxd 4 98 8/22/03 12: 58 PM... the left-hand side of the SUS administration window On the Synchronize server page, as seen in Figure 8. 7, click the Synchronize Now button to start the synchronization process www.syngress.com 271 _70-292_ 08. qxd 8/ 22/03 12: 58 PM Page 495 Managing and Implementing Software Updates • Chapter 8 Figure 8. 7 Starting the Manual Synchronization Process 15 After the manual synchronization has started, click . A 8. B 9. A 10. C 11. D 12. C 13. B 14. A 15. A, D 16. C 271 _70-292_ 07.qxd 8/ 21/03 5: 28 PM Page 485 271 _70-292_ 07.qxd 8/ 21/03 5: 28 PM Page 486 487 Managing and Implementing Software Updates Exam. can still use www.syngress.com 488 Chapter 8 • Managing and Implementing Software Updates EXAM 70-292 OBJECTIVE 6.2 271 _70-292_ 08. qxd 8/ 22/03 12: 58 PM Page 488 www.syngress.com SUS to provide. Chapter 8 489 EXAM 70-292 OBJECTIVE 6.2.1 271 _70-292_ 08. qxd 8/ 22/03 12: 58 PM Page 489 Exercise 8. 01 outlines the process to install and configure the SUS server for a network. E XERCISE 8. 01 INSTALLING