Security Template
Template means any pre-defined format
like User Template, Security Template
etc. Security template means predefined
format of the security policies and it can be use any OS in the domain and
workgroup. If we will create Security Template on DC, then the policies will be
apply in the entire domain. The extension of security template is *.inf
Security template means we can manage
security policies more effectively by selecting particular policies as per our
requirement. We can get green mark on policy when it is applied otherwise it
will show red mark on policy.
It cannot be use for OU.
There are 3 options to apply security
policies in the workgroup network :-
1. Local Security Policies
2. gpedit.msc or GPO
3. Security template
There are 3 options to apply security
policies in the domain network :-
1. Default Domain Policies
2. gpmc.msc or GPO
3. Security template
NOTE:
1.
Domain security
policies will have priority over Local security policies in the client and member server.
2.
Policies will inherit
from Site ->
Domain -> OU
Objective
:-
To create security template for minimum
password length = 3 characters and without complexity requirement.
NOTE:
Password length can be 0 to
14 characters.
Administrator password length = 127 characters.
Step:
Logon as Administrator ->
RUN mmc -> File menu -> Add/Remove snap-in ->
Select
(i) Security Configuration and Analysis
(ii)Security Templates
-> Add
-> OK -> Console
Root -> Security Templates -> Double click ->
C:\User\Administrator\Document\Security\Template
or C:\Windows\Security\Template ->
Rt. click
-> New Template -> Give
any name (xyz44) -> OK ->
Security Configuration and Analysis -> Rt. click -> Open Database ->
Give any
name to sdb file (aaa.sdb) -> Open ->
Security Configuration and Analysis -> Rt. click -> Configure Computer Now -> OK
->
Security configuration & Analysis
-> Rt. click -> Analyse
computer now -> OK ->
Security configuration and analysis -> Double click -> Account Policies ->
Password
policies ->
Minimum password length = 3 characters
Password
must meet complexity requirement = Disable
->
OK
It will show red mark on policies
We can configure and analyse again to get green
mark and then save console.msc
NOTE: Green mark means policy is applied
Audit
Policy
It is use to check logon events.
Event
Viewer It
is use to check the different events. Event means any significance occurrence.
There are different types of events like
Information, Warning, Error, Success Audit and Failure Audit.
There are different event logs like
Application Log, Security Log, System Log etc.
It is important for monitoring
purpose. We can also use SCOM, Whatsup
Gold, Site Scope, PRTG, MRTG etc. for monitoring purpose. We can check RAM
usage, CPU usage etc.
Working
of Kerberos
Kerberos
is an authentication protocol and LDAP is use to access the resources.
When we
install AD, then Kerberos will be automatically install. Kerberos is more
secure and faster than NTLM (New Technology LAN Manager) which is use the
workgroup network. Kerberos use multiple sessions for high security and better
performance , these sessions are known as Tickets. Kerberos version 6.0 is use
in W2K8 and versions 7.0 is use in Windows 2012 server. According to Greek mythology, Kerberos means a dog with three heads.
step1 User will give username and password . This information will be pass to
Kerberos.
step2 Kerberos will pass this information to Active Directory.
step3 AD will
verify the user's identity with the help of Netlogon service and pass this
information to Kerberos.
step4 Now user can logon
to the domain.
step5 This information
will be pass to KDC (Key Distribution Center). KDC will issue TGT (Ticket Granting Ticket) . TGT means user can
access the domain resources now.
step6 TGT will issue
another ticket which is known as Session Ticket.
step7 User will access
the domain resources.
step8 User will get the
domain resources through LDAP (Lightweight Directory Access Protocol)
No comments:
Post a Comment