|At Hands-On Lab Completion|
After completing this hands-on lab, students will be able to:
Scan computers for missing security updates.
Distribute and install security updates by using Windows Server Update Services (WSUS) and Automatic Updates.
Scan computers by using Systems Management Server (SMS) 2003.
Manage security update distribution by using SMS 2003.
Implement security for member servers and domain controllers by using Group Policy.
Implement security for member servers and domain controllers by using security templates.
Implement security for computers running Windows Server 2003 SP1 by using the Security Configuration Wizard.
Prevent certain applications from running by using software restrictions policies.
Protect Microsoft Windows XP clients by using Windows Firewall.
Protect data by using Encrypting File System (EFS).
Lock down Internet Information Services (IIS) 5.0 Web servers.
Configure security for IIS 6.0 Web servers.
Implement security for Microsoft Exchange Server 2003 servers by using security templates.
(If time permits) Use Data Recovery Agent to recover encrypted data.
Hands-On Lab Outline
Exercise 1: Managing Security Updates
In this lab attendees will perform hands-on exercises that cover key patch management technologies, including Microsoft Baseline Security Analyzer (MBSA), Microsoft Windows Server Update Services (WSUS), and Microsoft Systems Management Server (SMS) 2003.Lab : Exercise 1: Scanning Computers with Microsoft Baseline Security Analyzer (MBSA)
Lab : Exercise 2: Distributing Updates with Windows Server Update Services (WSUS)
Scanning computers for security vulnerabilities with MBSA
Examining the update database version
Examining the update database file
Examining the scan results
Examining the security reports
Lab : Exercise 3: Scanning Computers with SMS 2003 Security Update Inventory Tool
Examining the WSUS Administration Web site
Configuring the WSUS server
Synchronizing the WSUS server with available security updates
Approving a list of updates for client computers
Configuring Automatic Updates by using Group Policy
Lab : Exercise 4: Distributing and Installing Updates with SMS 2003
Verifying the SMS Management Point
Installing the Security Update Inventory Tool
Examining the collections, packages, programs, and advertisements created
Running the scanner program on the client
Collecting security update information from the client
Exercise 2: Implementing Server Security
Running the Distribute Software Update Wizard
Forcing client computers to install an advertised update
Verifying the installation of the security updates
In this lab, attendees will perform hands-on exercises that cover key concepts necessary to increase security for Windows server computers.Lab : Exercise 1: Configuring Active Directory for Security
Exercise 2: Implementing Server Security by using Security Templates
- Examining the current organizational unit (OU) structure
- Creating a new OU
- Creating a new administrative group
- Delegating administrative control
- Creating new Group Policy Objects (GPO) and linking them to Active Directory objects
Exercise 3: Implementing Client Security for Windows 2000 and Windows XP
- Examining pre-defined security templates
- Importing security templates
- Modifying security templates
- Using the Resultant Set of Policy Wizard
In this lab, attendees will perform hands-on exercises that cover key technologies for managing the configuration of client security.Lab : Exercise 1: Implementing Security by Using Software Restriction Policies
Lab : Exercise 2: Troubleshooting Software Restriction Policies
- Creating a new GPO for software restriction
- Changing software restriction policy rules
- Verifying the software restriction policies
Lab : Exercise 3: Protecting Client Computers by Using Internet Connection Firewall (ICF)
- Using Event Viewer to identify software restriction policies in force
- Using the Resultant Set of Policy console to examine software restriction policies
Lab : Exercise 4: Protecting Data by Using Encrypting File System (EFS)
- Examining the status of TCP ports
- Enabling ICF
- Verifying that ICF is blocking access to TCP ports
- Using Group Policy to enable ICF
Lab : Exercise 5: Recovering Encrypted Data with a Data Recovery Agent (If Time Permits)
- Encrypting files and folders by using EFS
- Examining EFS certificates
- Exporting and importing EFS certificates
Exercise 4: Implementing Application Security
- Examining the EFS data recovery agent certificate
- Creating and configuring a new EFS data recovery agent certificate
- Restoring access to encrypted files
In this lab, attendees will perform hands-on exercises that introduce key security concepts for Microsoft Windows Server SystemT applications.Lab : Exercise 1: Implementing Security with IIS 5.0
Lab : Exercise 2: Default Lockdown of IIS 6.0
- Examining the default configuration of IIS 5.0
- Running the IIS Lockdown Wizard
- Examining the locked-down configuration of IIS 5.0
- Installing URLScan
- Examining IIS log files
Lab : Exercise 3: Implementing IIS 6.0 Web Server Security
- Examining the default configuration of IIS 6.0
Lab : Exercise 4: Implementing Security with Exchange Server 2003
- Creating and configuring application pools
- Listing current worker processes
- Examining the automatic recycling options for an application pool
- Using the Log Parser tool to examine IIS log files
- Examining and implementing Exchange Server 2003 security templates
- Configure OWA security by using the Outlook Web Access Administration tool.