Managing security settings in windows server with group policy

Administración y Seguridad en Windows Server 1

Managing Security Settings in Windows Server with Group Policy

Estela Cruz Díaz Miguel A. Morales de la Cruz

Francisco de Jesús Sánchez EnríquezInstituto Tecnológico de Tuxtepec


Febrero 2014ABSTRACT

To safeguard Windows it’s required a successful deployment of Group Policy,

which depends on Active Directory and is the primary means for securing servers

and desktop environments. Group Policy can define the status of the work

environment of users and computers allowing recovery services, securities

registration, account policies, group memberships and other features of machines

on the network. Provide to administrators a high degree of administrative control

over users and computers on the network. The main objective of this article is to

give you ways of how security policies, through Group Policy allow to define the

procedures for configuring and managing security to computing environment.


KEYWORDS

Security

Configuration

Templates

Passwords


INTRODUCTION

Group Policy is implemented in Windows Server since its inception infrastructure, which allows you to specify managed for users and computers through Group Policy settings and policy preferences settings. You can manage your settings and preferences in an environment of Domain Services Active Directory through the Management Console Group Policy Management (GPMC).

Group Policy is an infrastructure that allows to implement specific configurations for users and computers. Unfortunately, these guidelines are not easy to implement, since they are linked to Active Directory containers and therefore users must first know this tool.

This article aims to IT professionals and general users to understand the characteristics of security auditing in Windows and how your organization can benefit from using these technologies to enhance security and network administration.


Security Auditing Overview

Feature description

Security auditing is a powerful tool to help maintain the security of an enterprise. Auditing can be used for a variety of purposes, including forensic analysis, regulatory compliance, monitoring user activity, and troubleshooting. Industry regulations in various countries or regions require enterprises to implement a strict set of rules related to data security and privacy. Security audits can help implement such policies and prove that these policies have been implemented. Also, security auditing can be used for forensic analysis, to help administrators detect anomalous behavior, to identify and mitigate gaps in security policies, and to deter irresponsible behavior by tracking critical user activities.

Managing security auditing

To use security auditing, you need to configure the system access control list (SACL) for an object, and apply the appropriate security audit policy to the user or computer. For more information, see Managing Security Auditing. (http://technet.microsoft.com/library/cc771475.aspx).

http://technet.microsoft.com/library/cc771475.aspx


AUDIT GUIDELINES

Before implementing an audit, you must decide on an audit. An audit policy specifies the categories of security-related events you want to audit. When this version of Windows is first installed, all audit categories are disabled. Enabling several categories of audit events, you can deploy an adequate audit to the security needs of your organization.

Event categories you can choose to audit are:

Audit logon events account Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events

If you choose to audit access to objects as part of your audit, you must enable the category Audit directory service access (for audit objects in a domain controller) or category Audit object access (to audit objects a member server or workstation). After you enable the Object Access category, you can specify the types of access you want to audit for each group or user.

To enable auditing of local objects, you must be logged as member of the predefined administrator accounts.


CONFIGURATION SET OR CHANGE OF DIRECTORS OF A CATEGORY EVENT.

When defining auditing settings for specific event categories, you can create a proper audit for security needs of your organization. On servers and work stations member who join a domain, configuration audit event categories are not defined by default. On domain controllers, auditing is enabled by default.

To set or change the configuration of the audit policy for a category of events on the local computer

1. Open the Local Security Policy snap-in and select Local Policies.

2. In the console tree, click Audit Policy. Where?

Security Settings / Local Policies / Audit Policies

3. In the results pane, double-click an event category for which you want to modify the audit policy setting.

4. Perform one of the following, or both, and click OK.

To audit successful attempts, select the Success check box. To audit unsuccessful attempts, select the Failed check box

ADDITIONAL CONSIDERATIONS

To open Microsoft Management Console using the Windows interface, click Start, in the Start Search text box, type mmc, and then press ENTER.

To audit access to objects, enable auditing of the category of object access events following the steps above. Next, enable auditing specific object.

After configuring the audit, the events are stored in the security log. Open the Security log to view these events.


The default configuration of the audit policy for domain controllers is No Auditing. That means that even if auditing is enabled in the domain, domain controllers do not inherit auditing policy locally. If you want the audit policy to apply to domain controllers, you must modify this policy setting.

APPLY OR MODIFY THE SETTING OF DIRECTORS AUDIT OF A STOCK OR A LOCAL FOLDER.

To apply or modify auditing policy settings for a local file or folder.

1. - Open Windows Explorer.

2. - Click the right mouse button on the file or folder you want to audit, click Properties, then click the Security tab.

3. - Click Edit, and then click Advanced. (If not logged in as a member of the Administrators group on this computer, you must provide administrative credentials to continue).

4. - The box for Advanced Security Settings dialog <object> click the Auditing tab.

5. - Do one of the following steps:

To configure auditing for a user or group, click Add. In Enter the object name to select, type the name of the user or group you want, and then click OK.

To remove auditing for an existing group or user, click on their name, click Remove, click OK, and then skip the rest of this procedure.

To view or change auditing for an existing group or user, click on his name and then click Edit.

6.- In the Apply onto box, click the location where you want the audit is conducted.

7. - In the Access box, indicate what actions you want to audit to do so, check the appropriate boxes:

To audit successful events, select the Success check box. To stop auditing successful events, clear the Success check box. To audit unsuccessful events, select the Failed check box. To stop auditing unsuccessful events, clear the Failed check box.


To stop auditing all events, click Clear All.

8. - If you want to prevent files and subfolders of the original object from inheriting these audit entries, select the Apply these auditing entries to objects and / or containers within this container only check box.

Important: Before you configure auditing of files and folders, you must enable Audit object access; to do this, set the audit policy setting for the category of object access events. If you do not enable the Audit object access, an error message to set up auditing for files and folders appear, and no files or folders are audited.

Additional Considerations

You must be logged on as a member of the Administrators group or you must have been granted the right to Manage auditing and security in Group Policy to perform this procedure.

To open Windows Explorer, click Start, point to All Programs, click Accessories, and then click Windows Explorer.

After you enable auditing of object access, see the Security log in Event Viewer to check the result of the changes.

You can only configure auditing of files and folders on NTFS drives. If you notice any of the following situations, the audit has been inherited

from the parent folder: o Check the box to audit Folder> file> or dialogue in the Access box,

the boxes are not available. o In the box for Advanced Security Settings dialog file> or Folder>,

the Remove button is unavailable. Because the security log is limited in size, select the files and folders to be

audited. Also consider the amount of disk space you want to devote to the security log. The maximum size of the security log is defined in Event Viewer.


SAFETY CHECK REGISTER

The security log records every event as defined in audit policies established in each object.

To view the security log

1. - Open the event viewer.

2. - In the console tree, open Global Records, and then click Security. The results pane lists individual security events.

3. - If you want more details about a specific event, double-click the event in the results pane.

Additional Considerations

To open Event Viewer, click Start, Control Panel, System and Maintenance, double-click Administrative Tools, and then double-click Event Viewer.

If the computer is connected to a network, it is likely that the network policy settings prevent you from performing the procedure.


RESULTS

With this research we tried to understand more about Group Policy, one of the

tools that can be used in order to have more effective in the field of security

settings in Windows Server Administration.

This topic is of great importance because the Server Administrator Windows

Server 2008 enables you to view and manage almost all the information and tools

that affect the productivity of a server.

Server Manager increases the efficiency of server administration, since a single

tool (Group Policy) allows administrators to:

View and modify the functions and features installed on the server.

Perform administrative tasks associated with the operational lifecycle of the

server.

Determine server status, identify critical events, and analyze configuration

errors.

Install or remove roles, role services, and features.

The process to implement a Group Policy solution involves planning, design,

implement and manage the solution.

During the design phase:

Define the scope of Group Policy.


Determine the values of policy settings that apply to all corporate users.

Classify users and equipment according to their functions and locations.

Plan desktop configurations depending on the requirements of users and

computers.

A well-planned design will help ensure a successful deployment of Group

Policy.

The implementation phase begins with an essay in a test environment. The

process includes:

Creating standard desktop configurations.

Filter the scope of Group Policy objects.

Specifying exceptions to default inheritance of Group Policy.

Delegating administration of Group Policy.

Evaluation of effective policy settings using Group Policy Modeling.

Evaluation of results using Group Policy Results.

Use of a technique for searching for information was made, this technique is known

as an exact phrase, because this is to locate key words or keywords, then locates

documents containing the word to start.


DISCUSSION OF RESULTS

Try conscientiously implement Group Policy in a test environment before deploying

it in a production environment. Consider an iterative implementation of Group

Policy: Instead of implementing settings 100 new Group Policy, first try and

implement some values only to validate that the infrastructure of the Group Policy

is working correctly.

Finally, be prepared to maintain Group Policy setting control procedures for

working with objects.

Before designing the implementation of Group Policy, you must understand the

current organizational environment and perform some preparatory steps in the

following areas:

Active Directory: make sure the design of organizational units in Active Directory

for all domains in the forest supports the application of Group Policy. For more

information, see about designing an OU structure.

Red: Make sure that the network meets the requirements of technology change

management and configuration. For example, since the group policy works only

with fully qualified domain names, the Directory Name Service (DNS) must be

running in the forest in order to process the group policy correctly.

Security: Get a list of security groups that are currently in use in the domain. Work

with security administrators, as it delegates the responsibility for the administration

of the OU.


IT Requirements: Get a list of administrative owners and corporate standards

administrative domains and OUs in the domain. This will develop a good plan of

delegation and ensure that Group Policy is inherited correctly.

REFERENCES:


http://technet.microsoft.com/en-us/library/dn319078.aspx

http://technet.microsoft.com/es-es/library/cc730601.aspx




http://technet.microsoft.com/es-es/library/dd349801(v=ws.10).aspx


http://technet.microsoft.com/es-es/library/hh801901.aspx

http://technet.microsoft.com/es-es/library/hh801901.aspx


http://technet.microsoft.com/es-es/library/dd349801(v=ws.10).aspx





http://technet.microsoft.com/en-us/library/dn319078.aspx


Managing security settings in windows server with group policy

Engineering

Transcript of Managing security settings in windows server with group policy