1 / 8

Some overlap exists between the settings of the MMC and the settings of the registry.

MMC - Policies & Properties. Policies and properties can be edited via the Microsoft Management Console (MMC). Some overlap exists between the settings of the MMC and the settings of the registry. The MMC is extensible. MMC Controls What?. general security controls. audit. user rights.

luz
Télécharger la présentation

Some overlap exists between the settings of the MMC and the settings of the registry.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MMC - Policies & Properties Policies and properties can be edited via the Microsoft Management Console (MMC). Some overlap exists between the settings of the MMC and the settings of the registry. The MMC is extensible.

  2. MMC Controls What? general security controls audit user rights password policies accounts lockout digital certificate management Kerberos public-key policies IPSec policies both local and Active-X user policies device management etc. etc. etc.

  3. Starting MMC The MMC is a framework. Using the MMC requires snap-ins. File > Add/Remove Snap-ins

  4. The MMC Interface

  5. Important Microsoft Snap-ins ActiveX Control  manage domain users Certificates  manage digital certificates for users, computers, and/or services Computer Management  manage local/remote computers • includes elements of other snap-ins (event logs, shared folders local users & groups, performance logs Local Users & Groups  create/modify local accounts  disable local accounts  set password expiration parameters  create/modify/delete local groups  assign local user(s) to groups

  6. Important Microsoft Snap-ins (continued) Device Manager  troubleshoot local hardware  install/update device drivers  view/configure various hardware parameters Disk Defragmenter  analyze/defragment secondary storage volumes (a utility) Disk Management  view/configure partitions • format drives and assign drive letters Event Viewer  view application, security and/or system logs Group Policy  apply policy settings to computers, users and/or groups

  7. Important Microsoft Snap-ins (continued) IP Security Policy Management  manage various policies associated with IP (e.g. authenticated protocols) Local Users and Groups  create/modify/delete local users and/or groups • create/modify user/group profiles Performance Monitor  view/manage performance logs Resultant Set of Policy  view policies set by selected other snap-ins Security Templates  create/modify security templates that can be applied to users Services  edit services (terminal services, telnet, smart card, RPC, net login, ICF)

  8. Group Policies A policyis a centralized collection of operational/security controls. Policy application is accomplished via group policy objects (GPO). GPOs can be applied to local, site, domain, organizational unit The last applicable GPO that is applied takes precedent. GPOs are inherited by default. GPO settings include no override, enable, disable, allow/deny. Limitation: user that is a member of more than 70 to 80 groups. EXAMPLE POLICIES  password age, complexity, size  account lockout duration  auditing of logon, directory access, processes, policy changes  user/group privileges  IPSec

More Related