Applying Microsoft Security Guidance
Course 2811: One day; Instructor-Led
On This Page
 | Introduction |
| Audience |
| Prerequisites |
| Microsoft Certification exams |
| Course Materials |
| Course Outline |
| Take This Training |
Introduction
This one-day instructor-led hands-on lab allows students to apply information and guidance that can help in implementing and managing security in a network based on Microsoft Windows.
Audience
Attendees will be current IT professionals with experience using Microsoft Windows 2000 Server or Microsoft Windows Server 2003 and with knowledge of Active Directory concepts. The students will be in an environment where they are responsible for aspects of security management and deployment associated with their internal network infrastructure and Internet or intranet services.
At Hands-On Lab Completion
After completing this hands-on lab, students will be able to:
| • | Scan computers for missing security updates. |
| • | Distribute and install security updates by using Windows Server Update Services (WSUS) and Automatic Updates. |
| • | Scan computers by using Systems Management Server (SMS) 2003. |
| • | Manage security update distribution by using SMS 2003. |
| • | Implement security for member servers and domain controllers by using Group Policy. |
| • | Implement security for member servers and domain controllers by using security templates. |
| • | Implement security for computers running Windows Server 2003 SP1 by using the Security Configuration Wizard. |
| • | Prevent certain applications from running by using software restrictions policies. |
| • | Protect Microsoft Windows XP clients by using Windows Firewall. |
| • | Protect data by using Encrypting File System (EFS). |
| • | Lock down Internet Information Services (IIS) 5.0 Web servers. |
| • | Configure security for IIS 6.0 Web servers. |
| • | Implement security for Microsoft Exchange Server 2003 servers by using security templates. |
| • | (If time permits) Use Data Recovery Agent to recover encrypted data. |
Prerequisites
The target audience must have good baseline IT skills because the concepts presented in these labs will build on the students' current experience.
Microsoft Certification exams
This course will help the student prepare for the following Microsoft Certified Professional exam:
| • | Exam: Certification Exams |
Course Materials
The student kit includes a comprehensive workbook and other necessary materials for this class.
Course Outline
Lab 1: Managing Security Updates
In this lab attendees will perform hands-on exercises that cover key patch management technologies, including Microsoft Baseline Security Analyzer (MBSA), Microsoft Windows Server Update Services (WSUS), and Microsoft Systems Management Server (SMS) 2003.
Exercises
Exercise 1: Scanning Computers with Microsoft Baseline Security Analyzer (MBSA)
| • | Scanning computers for security vulnerabilities with MBSA |
| • | Examining the update database version |
| • | Examining the update database file |
| • | Examining the scan results |
| • | Examining the security reports |
Exercise 2: Distributing Updates with Windows Server Update Services (WSUS)
| • | Examining the WSUS Administration Web site |
| • | Configuring the WSUS server |
| • | Synchronizing the WSUS server with available security updates |
| • | Approving a list of updates for client computers |
| • | Configuring Automatic Updates by using Group Policy |
Exercise 4: Scanning Computers with SMS 2003 Security Update Inventory Tool
| • | Verifying the SMS Management Point |
| • | Installing the Security Update Inventory Tool |
| • | Examining the collections, packages, programs, and advertisements created |
| • | Running the scanner program on the client |
| • | Collecting security update information from the client |
Exercise 5: Distributing and Installing Updates with SMS 2003
| • | Running the Distribute Software Update Wizard |
| • | Forcing client computers to install an advertised update |
| • | Verifying the installation of the security updates |
Lab 2: Implementing Server Security
In this lab, attendees will perform hands-on exercises that cover key concepts necessary to increase security for Windows server computers.
Exercises
Exercise 1: Configuring Active Directory for Security
| • | Examining the current organizational unit (OU) structure |
| • | Creating a new OU |
| • | Creating a new administrative group |
| • | Delegating administrative control |
| • | Creating new Group Policy Objects (GPO) and linking them to Active Directory objects |
Exercise 2: Implementing Server Security by using Security Templates
| • | Examining pre-defined security templates |
| • | Importing security templates |
| • | Modifying security templates |
| • | Using the Resultant Set of Policy Wizard |
Lab 3: Implementing Client Security for Windows 2000 and Windows XP
In this lab, attendees will perform hands-on exercises that cover key technologies for managing the configuration of client security.
Exercises
Exercise 1: Implementing Security by Using Software Restriction Policies
| • | Creating a new GPO for software restriction |
| • | Changing software restriction policy rules |
| • | Verifying the software restriction policies |
Exercise 2: Troubleshooting Software Restriction Policies
| • | Using Event Viewer to identify software restriction policies in force |
| • | Using the Resultant Set of Policy console to examine software restriction policies |
Exercise 3: Protecting Client Computers by Using Internet Connection Firewall (ICF)
| • | Examining the status of TCP ports |
| • | Enabling ICF |
| • | Verifying that ICF is blocking access to TCP ports |
| • | Using Group Policy to enable ICF |
Exercise 4: Protecting Data by Using Encrypting File System (EFS)
| • | Encrypting files and folders by using EFS |
| • | Examining EFS certificates |
| • | Exporting and importing EFS certificates |
Exercise 5: Recovering Encrypted Data with a Data Recovery Agent (If Time Permits)
| • | Examining the EFS data recovery agent certificate |
| • | Creating and configuring a new EFS data recovery agent certificate |
| • | Restoring access to encrypted files |
Lab 4: Implementing Application Security
In this lab, attendees will perform hands-on exercises that introduce key security concepts for Microsoft Windows Server SystemT applications.
Exercises
Exercise 1 - Implementing Security with IIS 5.0
| • | Examining the default configuration of IIS 5.0 |
| • | Running the IIS Lockdown Wizard |
| • | Examining the locked-down configuration of IIS 5.0 |
| • | Installing URLScan |
| • | Examining IIS log files |
Exercise 2 - Default Lockdown of IIS 6.0
| • | Examining the default configuration of IIS 6.0 |
Exercise 3 - Implementing IIS 6.0 Web Server Security
| • | Creating and configuring application pools |
| • | Listing current worker processes |
| • | Examining the automatic recycling options for an application pool |
| • | Using the Log Parser tool to examine IIS log files |
Exercise 4 - Implementing Security with Exchange Server 2003
| • | Examining and implementing Exchange Server 2003 security templates |
| • | Configure OWA security by using the Outlook Web Access Administration tool. |
About Microsoft Hands-On Labs
Microsoft Official Hands-On Lab learning products provide students with prescriptive exercises designed around real-world scenarios that deliver practical experience in a safe, instructor-led environment. Each hands-on lab begins with a short introductory presentation that provides an overview of the technical information covered in the self-guided portion of the lab. After the overview, the student performs the hands-on portion of the lab, following a series of prescriptive instructions to complete a task or procedure relevant to their job.
Take This Training
|