This online training series prepares users for : Installing, Configuring, and Administering Microsoft Windows XP Professional. Courses cover such topics as attended and unattended installations, managing resources and hardware, networking and security, desktop configuration, and monitoring and optimizing performance. Students taking this course should have general knowledge of Microsoft Windows networking and administration.
Most organizations have existing DNS structures they must maintain. This is especially true for any organization that already has a Active Directory installation. Further, companies that manage medium to large TCP/IP networks usually have existing DNS servers. In these organizations, you’ll probably need to integrate the Windows 2003 Server Active Directory domain and any DNS configuration into the existing environment.
Organizations that already have Windows 2000 Active Directory implementations should be the easiest to integrate because the DNS structure will likely remain the same when the domain is upgraded to the Windows 2003 Server Active Directory domain. Organizations that do not have an existing Active Directory implementa?tion are likely to have a lot more planning to do. For example, the most prevalent non-Windows DNS implementation is the Berkeley Internet Name Domain (BIND), which is maintained by the Internet Software Consortium (ISC). If an organization chooses to keep their BIND DNS servers, there are three main methods for integrating an existing BIND and Active Directory:
Configure BIND DNS to handle all DNS records for Active Directory. In this case, you’d ensure that the BIND DNS server version could support SRV
records (BIND 4.9.7 and later versions work properly for this purpose). Also,it is highly desirable to use a BIND server that supports Dynamic DNS (BIND
versions 8.2.2 and later will do so).
Configure BIND DNS to delegate an specific subdomain.For example, if the company uses contoso.com, the Active Directory name
space might be ad.contoso.com. This is a very popular choice for many companies.
Set to Enabled to prevent access using accounts with no passwords over the network. Of course, on all client computers no account should have blank passwords, and this can be controlled by local security policy. However, if users have local Administra?tor rights, they can change the local password policy. They can change this security option as well, but they might not see a need to because they are only wanting easier local access.
Reduce the attack surface by obscuring the name of this powerful account. Enabling this setting does not change the description of the Administrator account.
Enable this setting to ensure an attacker is not given account names. The last logon name is normally displayed when a user attempts to log on at the console. This scenario provides an attacker with a valid account name; the attacker then only has to guess the password. If no account name is provided, an attacker must guess both the account name and password.
Provide a logon warning prepared by your legal department that identifies the restrictions on logon on this computer. Doing this will not prevent an attacker from logging on if the attacker knows or can deduce an authorized account and password, but it will prove that she was not “invited” in.
Allow Floppy Copy And Access To All Drives And Folders When Using Recovery Console Consider disabling this setting for all client computers. If an attacker can use the recovery console, he can copy the local Security Accounts Manager (SAM) and attack it on a computer where he is administrator. He can also copy sensitive files that might be protected otherwise, or access and delete sensitive files. This setting is sometimes enabled to allow technicians an easier way to repair a computer. This might be acceptable for some client systems, especially those that do not store sensi?tive information, but it is not acceptable for systems that require a high security level.
Read more on Security Option Recommendations to Follow When Creating Security Templates…
Recent Articles