MODULE 10: TRIEN KHAI ADMINISTRATIVE TEMPLATES VA AUDIT POLICY
Bai tap 1 Tao Template tuy bién
Run >mmc new Padd/remove snap-in ya Consolei - [Console Root] Save Ctrl+5 _ s.\SIC EDUCATIONI CORPORATION - >:‹-: 1 C:1WINDOWStsystern32\gpmc.msc 2 C:\WINDOWStsystem23Zdsa.msc .3 Console1 ,msc 4 C:\WINDOWS\system32\gpedit msc Exit Dua hai Snap-in vao ax sselssesl V§IC EDUCATION CÓRPORATION _ Use this page to add co: remove a standalone Snap-n from the console
Snap-ns added to: {GY Console Root *ị fra | There are no items to show in this view
Add Standalone Snap-in
Security Templates ees
EP Security Configuration and Analysis Available Standalone Snap-ins: _Snap+ | ¥Yendor 2 Micros: (2Shared Folders (Telephony “Đan giai (J Terminal Services Configuration () Wireless Monitor WM! Control ~tP
Tạo template tùy biến nhập tên vào Template name
Trang 3(lu l221À⁄20ka40)as,Ä eee Leah eke
EMT meee) etme idl ce mre a
‘Bh Ble Action View Favortes Window Help
»imm xwŒ& ø VSI(
‘Ly Console Root T8 a1 de œ CỔ C:|WINDOWS1zecuity\temgkstes oe cecil Sane ey Account Pokies
4 Be scare Cotas tien gdká6 Cấu hình Audit Systemevents
BR) Aude process trading
8Š] Ausit system events le - dud account logon events
Í etre tose oy segs ene Audit these attempts:
T S3
m¬=
» Consolet - [Console Root\ Security Templates C\WINDOWS security Remplites Acepulee Server Ðolícv +1 oczl F P Fe Action Yew Favarites M@wiow Help e- ®iml x @t @
(5) Console Root Policy _/ | Computer Setting _
â) ĐP Securky Templates account logon events Fadure €¡ CÔ C:\WINOOWS\zecurtyltemplstes account management Success, Failure
sh! 2 yerctontioliegs Sg]Audk directory service access Not Defined
tae beieg, CATON EE Faure -
› e
PORATION<
thine Success, Failure + An ưng
& Restricted Groups
Trang 4Tỉ Coqsole1 - (Console Root\Sex ri Templates), eee we cee aS ANS tM Gre eee Kia 13042 22
Be] Macau system log size Not Defined
BE) Prevent local quests group from accessing a Not Defined
Se]Prevent local quests group from accessing s Not Defined Prevent local quests group From accessing s Not Defined
2in application log 7 days 8Ä]Retan securty log ‘Not Defined |
system log Not Defined
S]Retention method for appbcation log By days
Si}Retention methor Retain securíty loqg Properties 8)Retention metho — — ` a Lonsolel - ÁN 0U 4 lá 21140) 01020/20)01%23/541,00À)0/0)/2).J437)0)1 000/04/2 te ire lees eeu eats lol œ2 |BÏm|x#fạl@ Ge Console Rook Tere SS es ; =) ED Security Templates 1x
M Z9 snt & BP Account Pokci 2 0ene my OS and si @+sœ
c2 Local Policies My Computer
DI nea [on™ %) em 5
3 C8 Regstry &
& $ GÑ) PÉe 5yztem (8/2 1063)
chế wa \VSIC EDUCATION CORPORATION 2 ne My Documents rootsec atin | @ securews “" % sex secisty Mựụ Cœmputet i BỒ Security Configuration an = “ : ` > N
Dae Fle perme: (aespaeo Server Pokey) xi \ [save
Trang 5Open database Look jn [S Database | xị oS ei ở Mụ Recant Doœcnsenlz Mu Docuener+z "¬_- s a ba Rete tit
My Network sve ott Föepame: |acapdco Secunty Tesi gi
MEE Fiesottype — [Securty Osrabace Files [2b] ee Chon template vira moi tao ra
n Ñcapulco Server Policy - [Console toot\Securtty Temiplates\C:\WTINXDG
Trang 6‘ya Acapulco Server Policy - [Console Root\Security Configuration and Analysis] =} 3 Security en + bạ s : : Chương trình đang phân tích -+l xị VIC.EDUCATION CORPORATION Browse [_ œ | Cancel | CSE Ce a Analyzing:
¥ User Rights Assignment ~ Active Deectory Objects
¥ Restricted Groups ¥ System
VSIC EDUCATION CORPORATION
¥ Registry > Security Policy
¥ Fite System
Bài tập 2 Xét thử Template tùy biến vừa mời tạo ra và phân tích
những dấu đỏ cho thấy các thiết lập trong template và các thiết lập tương ứng trên máy khác
nhau
Trang 7
s Acapulco Server Policy - [Console Root` Securfty ConfiguraHion and Analysis \Local Policies \Audit Policy)
ĐH Xm Set eins ante e+»|mamif&@@ V LPUNA TI a
J Console Root | Database Setting _| Computer Setting
Securky Tesnpiates Falze S¿cC@54
Security Configuration and Anahysis Success, Faure Success
4 Accourt Policies Not Defined Saxcess
= Local Pobcies Faure Success
t0 để BUIE Hoa Success, Falure No auditing
t Pas nh ae Sexcess, Fature Sexcess
of akin Success, Faiure No auditing
Ee aes Not Defined _ _No ousting _
#) GQ System Services Success, Fahwe Success # CQ Registry # LD Fite system Những thiết lập khác nhau về Event Log
Ja Acapulco Server Policy - [Console Root\Security Configuration and Analysis\Event Log]
"f) Ble Action Yew Favorkes Window Help
e- m3 VSICE LJ Console Rost ; 5e ompute
l# Securty Templates Mcccer aokeao vem 99840 kKiobytes 16384 káobyte<
3G Seourty Configuration and Analysis Maximum securty log size 99640 kilobytes 131022 kdobytes
i EP Account Policies Maximum system log size Not Defined 16384 k#obytes _— #8Ä)Prevert local quests group from 3 Not Defined Enabled ¡9- đã Event Log 88)Prevert locat quests group from a Not Defined Enabled ths ve wget ÂÄ)Prevert local quests group from a Not Defined Enabled
akan pean = Retention method for application log 8y days As ceeded
Gh Pie Spt HiRetention method for securty log By days As needed
= Retention method for systemlog Bydsys = Acree -j|
Baitap2 Thực hién cdé thiét lap ctia template bang GPO
Tạo và liên kết một GPO tớ:QU Computers
Trang 8
“1T tive Direc tory Users and C -omputers
é Ble Action View Window — Help >| OH L@XSPBie “esave & Active Directory Users and Computer | Computers 6 objects: () Saved Queries % Cj Suit VSIE-EBUCATION # CC] ForelgnSecurityPrincipals 51) Locations =) Acapuico +2 ee èÒé 1 Groups Delegate Control %¡ (43J UIsers Moye $¡- CC] LostAndFound Find J NTDS Quotas -
# (Q) Program Data New y &) ©) System All Tasks > (3) Users ew : New Window from Here Cu Delete Refresh Export List | Properties | Click vao open dé mé Group Policy’ Management
4 Active Directory Users and Computers
< Ele Acion Yew Window Help
e -
« 3| 8m ) » ec | > > as rs PropertHies _Ă
S7 AdweDredoyUsesandcom - Benel| ManagedBy| Obiect| Secwiy| COM+
@) QJ Saved Queries
=) BP nwtraders mstt You have intalled the Group Pokey Management snap-in, so this tab ie no
: See VSIC EDUCATION CORPORATION Domain Controllers To open Group Policy Management click Open
Trang 9
# š Group Policy Management BS Ble Action View Window Help ISIE
Group Policy Objec Block Inheritance
Nhập tên cho GPO mới
* | Group Policy Management
OIE Ble Action View Window — Help
» &m Xx ®
3z Group Pokcy Management Computers
a ala Linked Group Pokey Objects | Group Pokcy InbeeRance | Delegatin |
=) GP nwtraders.mstt Unk Order | GPO
Defauk Domain Policy | Erfœced | Link + 1 AfDelshDomanConl.NoG Yes 4 Domain Controllers =) as WSIC EDUCATION CORPORATION Locations Acapuko Randardo] “7 Acapuko Standard C & Gy Goups ơ xi
Bđ Users Neme: jAcapulco Security Setting”
Group Policy Objects
) Ge} WMI Fikers =
° Gi stes a «|
Group Policy Modeling
Group Policy Results | = TM Administrator on LONDON-OC
Click edit đề câu:hình cho GPO
Trang 10ẤN : Group Policy Hanagement
SZ Ele Action View Window “—— — -— -.— -——- ——— ——— — —— -———— ——-—
+ œ8 0# VSIC EDUCATION CORPORATION -
BE Group Policy Management Computers
=) Forest: rtraders.msft > Domans Linked Group Pobcy Objects | Group Policy Inheritance | Delegation | :
= GP rotraders.mstt Unk Order = | GPO [Enforced | Link Enabled
ik} Default Domain Policy â 1 s : c+ cau mi = @ Locations a , =) By) Acapulco BA Acapuco Standadt > 43) Acapulco Standard £ = 3: @® Groups 4¡ (0 Users “® Group Policy Objects 4 WII Fibers + Stes
prt T mac BA~ hà» Aalà =
Click phai Security settings, chon import policy
tà Group Polícy Object Editor
Fle Action ew Help
e»\| lm) xB) @
3 Acapulco Security Settings [LONDC | Name j
C) aw Computer Configuration 29 Account Policies se ATIQN€ORPORATION ef] Scripts (Startup/Shutc& = @) 38 Account Po _Qpen- (*) 249 Local Policie Event Log (Brestricted Groups Vices
(Si - Z8) Event L Export pote
isthe ‘ Reload Ptw4Ork (IEEE 802.1
R lice
($¡ CQ System Ser |
5G Registry View : estriction Policies
«' CĐ File System Export List Policies on Active
a Y Wireless Ne
# ( Public Key ¢_Hep
Chon template via tao ra déumport vao GPO Iraport Policy From = 2 Date Modified: 6/22/2007 3:40 PM Size: S15 KB —
File name: Servet Pobey.si | Open
Files of type: | Security Template { inf} | Cancel
T” Cleat this database before importing
Chon Block Inheritance
Trang 11* + Group Policy Mianagement
Sg File a Wew Window Help
—— B hy Set nh ^| | Groups
nwtraders.msft Linked Group Pol
TH cau set [Link Ord
VSIC EDUCATION CORPORATION
=) Acapueo 5 Standard Desktop v Acapulco Standard Desktop 2 Computers
Acapulco Security Settings
Default Domain Controllers Poli
Mới
Acapulco Desktop Settings Acapulco Proxy Settings
“Ze ac Greate and Link 8 GPO Here 5 Link an Existing GPO
3% “¥SI@ EDUCATION CORPORATION _ 3|RÐm se xg tiB\|e@ ePv#avrge
Trang 120ve Move object into container: +13 ¬ yp nwhaders #- } Buttin +} Computers + (3) Domain Controfiers ocahons %2) J Acapulco ) (lợi Des ktops + (Ø] Laptops 4) (jð] Gioups «¡ (Z] Users VI eer om PORATION
Tai khoan may tinh Acapulco nay da 6 trong OU Computers
