Implementing and Administering Security in a Microsoft Windows Server 2003 Network

MOC 2823; 5 Day Training Class

The primary product focus is on Microsoft Windows Server 2003 based infrastructure solutions but will include some client focused content where appropriate. This learning product is to provide functional skills in planning and implementing infrastructure security.

This course is part of the Security Portfolio and will act as the primary entry point for IT Professionals at the implementation level. Course 2810 will provide an entry point for students to broaden their awareness of security issues. Students will be encouraged to enhance their security design skills by attending Course 2830

Audience

The course is for a system administrator or system engineer who has the foundation implementation skills and knowledge for the deployment of secure Microsoft Windows Server 2003 based solutions. This course is not intended to provide design skills, but will cover planning skills at a level sufficient to enable decision making for the implementation process.

At Course Completion

After completing this Microsoft Windows Server 2003 Security training course, students will gain the skills to:

• Determine the necessary group structure for a multi-domain or multi-forest environment.
• Create trusts in a Microsoft Windows Server 2003 environment.
• Plan, implement, and maintain an authorization and authentication strategy in a multi-forest organization.
• Plan and implement an authorization and authentication strategy in a multi-forest organization.
• Install a certification authority (CA).
• Create and publish Certificate Revocation Lists and Authority Information Access (AIA) distribution points.
• Back up and restore a certification authority.
• Configure certificate templates.
• Deploy and revoke certificate templates.
• Manage certificate templates.
• Implement EFS in a standalone Microsoft Windows XP environment.
• Plan and implement EFS in a domain environment that uses public key infrastructure (PKI).
• Implement EFS file sharing.
• Troubleshoot EFS problems.
• Plan for data transmission security.
• Implement secure data transmission methods.
• Troubleshoot data transmission errors.
• Plan a secure WLAN infrastructure.
• Implement a secure WLAN infrastructure.
• Troubleshoot WLAN errors and components.
• Install ISA Server 2000.
• Secure a screened subnet with ISA Server 2000.
• Publish servers.
• Plan a remote access strategy.
• Implement and configure a VPN server.
• Deploying network access Quarantine control components.
• Plan a secure member server baseline.
• Configuring additional security settings.
• Deploy security templates.
• Plan and configure a secure baseline for a server roles.
• Plan, implement, and troubleshoot a smart card infrastructure.
• Plan a secure client computer baseline.
• Configure and deploy a client computer baseline.
• Plan and implement a Software Restriction Policy.

Prerequisites

Before attending this course, students must have:

Completed Course 2810 or equivalent knowledge.

Experience implementing a Windows 2000 or Windows Server 2003 Active Directory environment. Experience with organizational resources such as Web, FTP and Exchange servers, (not expected to have detailed knowledge) shared resources and network services such as DHCP, DNS, and WINS also helpful.

Microsoft Certified Professional Exams

This course will help the student prepare for the following Microsoft Certified Professional exam:

Exam 70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Microsoft Windows Server 2003 Security Training Course Materials

The student kit includes a comprehensive workbook and other necessary materials for this class.

The following software is provided in the student kit:

Evaluation copy of Windows Server 2003 for classroom use only.

Course Outline

Module 1: Planning and Configuring an Authorization and Authentication Strategy

This module explains how to evaluate the infrastructure of your organization and create and document an authorization and authentication plan that allows the appropriate level of access to various security principals. It also describes trust relationships, domain and forest functional levels, and basic security principles.

Lessons

• Groups and Basic Group Strategy in Windows Server 2003
• Creating Trusts in Windows Server 2003
• Planning, Implementing, and Maintaining an Authorization Strategy Using Groups
• Components of an Authentication Model
• Planning and Implementing an Authentication Strategy

Lab A: Planning and Configuring an Authentication and Authorization Strategy

• Planning and Implementing a Resource Authorization Strategy
• Planning and Implementing a Cross-Forest Authentication Strategy

After completing this module, students will be able to:

• Determine the necessary group structure for a multi-domain or multi-forest environment.
• Create trusts in a Microsoft Windows Server 2003 environment.
• Plan, implement, and maintain an authorization and authentication strategy in a multi-forest organization.
• Describe the components, tools, and protocols that support authorization and authentication.
• Plan and implement an authorization and authentication strategy in a multi-forest organization.
• Describe supplemental authorization and authentication strategies.

Module 2: Installing, Configuring, and Managing Certification Authorities

This module describes the fundamentals of the systems that make secure communication possible. It describes methods, such as a public key infrastructure (PKI), that enable you to securely communicate on networks.

Lessons

• Introduction to PKI and Certification Authorities
• Installing a Certification Authority
• Managing a Certification Authority
• Backing Up and Restoring a Certification Authority

Lab A: Installing and Configuring a Certification Authority

• Installing an Enterprise Subordinate Certification Authority
• Publishing Authority Information Access and CRL Distribution Point Data
• Backing Up and Restoring a CA

After completing this module, students will be able to:

• Describe a PKI.
• Describe the applications and components that are used in a PKI.
• Install a certification authority (CA).
• Create and publish Certificate Revocation Lists and Authority Information Access (AIA) distribution points.
• Back up and restore a certification authority.

Module 3: Configuring, Deploying, and Managing Certificates

This Microsoft Windows Server 2003 Security training module explains how to ensure that the certificates are issued to the correct security principals and for the intended purpose. It describes, for example, how to make the deployment of certificates an easy and straightforward task for end.

Lessons

• Configuring Certificate Templates
• Deploying and Revoking User and Computer Certificates
• Managing Certificates

Lab A: Deploying and Managing Certificates

• Configuring Clients for Certificate Autoenrollment Using Certificate Permissions and Group Policy
• Creating a new Certificate Template for Multipurpose Scenarios and Superseding Previous Templates

After completing this Microsoft Windows Server 2003 Security training module, students will be able to:

• Configure certificate templates.
• Deploy and revoke certificate templates.
• Manage certificate templates.