Configuring Windows 2000 Server Security

[ Pobierz całość w formacie PDF ]
.Additional parameters include:/DB filenameThis informs secedit.exe what database to apply the security analysis results to./CFG filenameThis points to the location of the template that will be imported into the database for analysis./log logpathThis is the location of the logfile that will be created from the analysis; the default file is used./verboseThis provides additional screen and log output when analysis is carried out./quietThis provides little screen or log output.secedit.exe Switches Used to Configure System Securitysecedit /configureSecedit will apply a template by using the configure switch.Additional parameters include:/DB filenameThis informs secedit.exe what database to apply the security analysis results to./CFG filenameThis points to the location of the template that will be applied to the database.http://corpitk.earthweb.com/reference/pro/1928994024/ch05/05-04.html (2 of 5) [8/3/2000 6:53:04 AM]Configuring Windows 2000 Server Security:Security Configuration Tool Set/overwriteThis switch will cause the current template in the database to be overwritten rather than appended./area area1 area2.This allows you to specify a specific security area to be configured.The default is all areas./log logpathThis is the location of the logfile that will be created with details of the security configuration./verboseProvides additional screen and log output./quietSuppresses screen and log output.Refresh Security Settingssecedit /refreshpolicyThis command updates the system security policy after changes have been made.Additional parameters include:machine_policyThis updates the security settings for the local computer.user_policyThis updates the security settings for the currently logged in local user account./enforceThis refreshes security settings, even if there have been no changes to the group policy object settings.Export Security Settingssecedit /exportUse the export switch to export the template stored in the database to an.inf file.Additional parameters include:/DB filenameThis informs secedit.exe what database to extract the template from./CFG filenameThis is the name and location of the file for the newly exported template./area area1 area2.This allows you to specify a specific security area to be configured.The default is all areas./log logpathhttp://corpitk.earthweb.com/reference/pro/1928994024/ch05/05-04.html (3 of 5) [8/3/2000 6:53:04 AM]Configuring Windows 2000 Server Security:Security Configuration Tool SetThis is the location of the logfile that will be created with details of the security configuration./verboseThis provides additional screen and log output./quietThis suppresses screen and log output.Configuring SecurityThe administrator can configure the entries in the security database via each of the nodes in the SecurityConfiguration and Analysis and Security Templates snap-ins.You cannot define new security attributes.Only modification of existing Windows 2000 security elements are configurable.Microsoft or third partiesmay include extensions to the security attributes in the future.Account PoliciesAccount Policies define aspects of security relating primarily to passwords.The password Policy containsentries related to password aging and password length.Account Lockout Policy determines how many badtries a person gets before the account is locked out.Kerberos Policy applies only to domain controllers, sincelocal logons do not use Kerberos.Entries include maximum lifetimes for various tickets, such as user ticketsand user renewal.Figure 5.9 shows some entries for the account policy nodes.Figure 5.9 These are Account Policies.In Windows NT 4.0, account policies were configured in User Manager for Domains.Local Policies and Event LogLocal Policies include the Audit Policy, User Rights Assignment, and Security Options.Some Audit Policyselections include auditing logon events, use of user privileges, systems events, and object access.The UserRights Assignment node includes granting or denying user rights such as the right to add workstations to thedomain, change the system time, log on locally, and access the computer from the network.The most profound improvements are represented in the Security Options node, where you can makechanges that could be made only via direct registry edits in Windows NT 4.Example of such SecurityOptions include: clearing the pagefile when the system shuts down, message text during logon, number ofprevious logons kept in cache, and shut down system immediately if unable to log security audits.Figure5.10 shows some of the entries seen in the Local Policies node.Figure 5.10 These are local policies.Previous Table of Contents Nexthttp://corpitk.earthweb.com/reference/pro/1928994024/ch05/05-04.html (4 of 5) [8/3/2000 6:53:04 AM]Configuring Windows 2000 Server Security:Security Configuration Tool SetProducts | Contact Us | About Us | Privacy | Ad Info | HomeUse of this site is subject to certain Terms & Conditions, Copyright � 1996-2000 EarthWeb Inc.All rightsreserved.Reproduction whole or in part in any form or medium without express written permission ofEarthWeb is prohibited.Read EarthWeb's privacy statement.http://corpitk.earthweb.com/reference/pro/1928994024/ch05/05-04.html (5 of 5) [8/3/2000 6:53:04 AM]Configuring Windows 2000 Server Security:Security Configuration Tool SetConfiguring Windows 2000 Server Securityby Thomas W.Shinder, M.D., MCSE, MCP+I, MCT, Debra Littlejohn Shinder, MCSE, MCP+I, MCT,D.Lynn White, MCSE, MCPS, MCP+I, MCTSyngress Publishing, Inc.ISBN: 1928994024 Pub Date: 06/01/99Search this book:Search TipsAdvanced SearchPrevious Table of Contents NextThe improvements in local policy management are numerous with the addition of the configurable objectsTitleavailable in the Security Options node.Event LogThe Event Log node allows you to configure settings specifically for event logs, as shown in Figure 5.11.-----------Figure 5 [ Pobierz całość w formacie PDF ]

download @ ebook @ pdf @ pobieranie @ do ÂściÂągnięcia

Tematy