IT tutorials
 
Applications Server
 

Securing an Exchange Server 2007 Environment : Securing Your Windows Environment (part 2) - Utilizing Security Templates

10/24/2014 3:18:29 AM
- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

Utilizing Security Templates

Security templates are a practical and effective means to apply standardized security policies and configurations to multiple systems in an environment. These security templates can be customized to meet the minimum security requirements of a particular organization, and can be applied to client computers as well as to servers using the Security Configuration and Analysis Microsoft Management Console (MMC) snap-in.

By utilizing the automatic deployment of security templates to client PCs, administrators can ensure that computers are identically configured and utilize available security measures, even if the system is not able to be managed by Group Policy Objects (GPOs).

Tip

Microsoft provides several security templates based on functional roles within a network environment. These can easily be applied to client computers and servers alike. However, organizations often have unique needs that are not met completely by these default templates so, as a best practice, administrators should always customize the security template to address particular application and access needs.


Using the Security Configuration and Analysis Tool

The Security Configuration and Analysis tool is a utility that can apply security templates to computers. It compares a computer’s security configurations against an administrator-defined security template, and reports any differences found between the two. Furthermore, when the security configuration on the computer does not match the settings specified in the template, you can use the tool to update the system accordingly.

This utility has two modes of operation: analysis and configuration. An often-overlooked best practice is to analyze the system prior to making any changes so that you have a baseline frame of reference.

To run the Security Configuration and Analysis tool and analyze a computer, perform the following steps:

1.
Start the Microsoft Management Console by selecting Start, Run, typing MMC in the Open text box, and then clicking OK.

2.
Select File, click Add/Remove Snap-in, and then click Add.

3.
In the Add Standalone Snap-in window, select Security Configuration and Analysis, click Add, and then click Close.

4.
On the Add/Remove Snap-in page, click OK.

5.
In the MMC, right-click the Security Configuration and Analysis snap-in, and select Open Database.

6.
Type a database name, select a location to store the database, and then click Open.

7.
Select a security template from those listed. If you want to implement a security template from another location, use the navigation tools to change to the directory where the .inf file is located. After you have selected the appropriate .inf file, click Open.

8.
Back in the MMC, right-click the Security Configuration and Analysis snap-in, and choose Analyze Computer Now.

9.
Enter a path to store the generated log file, and click OK to continue.

After the System Security Analysis has completed, the utility displays the security settings that are configured in the template you selected, and what is currently configured on the computer. Items for which the computer is not in compliance with the policy appear with a red “x” beside them, as shown in Figure 1.

Figure 1. Reviewing security analysis.

If you want to configure the system with the security settings in the template, you can do so by performing a few extra steps:

1.
In the MMC, right-click the Security Configuration and Analysis snap-in.

2.
Select Configure Computer Now.

3.
Enter a path for the error log to be written to, and then click OK.

Customizing Security Templates

An administrator might want to use custom security templates for several reasons. The organization might want a simple method of ensuring that attached computer systems meet with defined minimum security criteria. They might desire to ensure configured security settings that work for a particular application can be replicated to other servers of the same nature.

Larger organizations often have the need for customized security templates. For example, a member of the Internal Auditing department might need to regularly connect to employee hard drives, whereas the receptionist is only allowed basic Internet access. By applying different security settings to each of these machines, you can help the company ensure people have access to the data they need, and not to the resources they don’t.

Tip

You can download and implement security templates provided by Microsoft, the National Security Agency (NSA), or the National Institute of Standards and Technology (NIST). These templates can be used as baselines, and can be customized to meet the needs of your particular environment. After being customized, you can distribute them to appropriate systems in your organization with minimal effort.


Windows Server 2003, Windows Vista, and Windows XP Professional are equipped with the Security Templates MMC snap-in that enables administrators to quickly and easily customize settings on individual systems. Loading this tool is similar to the Security Configuration and Analysis tool discussed previously. To add the snap-in, follow these steps:

1.
Start the Microsoft Management Console by selecting Start, Run, typing MMC in the Open text box, and then clicking OK.

2.
Select File, click Add/Remove Snap-in, and then click Add.

3.
In the Add Standalone Snap-in window, select Security Templates, click Add, and then click Close.

4.
On the Add/Remove Snap-in page, click OK.

When the Security Templates snap-in is expanded, it displays the default search path to where the built-in security templates are stored. By default, this is the c:\windows\security\templates directory. Other paths can be opened to display other security templates that might reside on the system. Expand the default directory to see the available templates. Rather than editing these default templates, it is recommended that you select the one you are going to use as a baseline, right-click it, and save it as a new template.

After you have created the new template, expand it to display all of the modifiable security settings. From here, you can configure the template to apply the security settings you want.

After you have completed customizing the template, it is an easy process to save the file to an accessible network share, and then use the Security Configuration and Analysis tool to apply it to the appropriate systems.

 
Others
 
- Securing an Exchange Server 2007 Environment : Securing Your Windows Environment (part 1) - Windows Server 2003 Security Improvements , Windows Vista Security Improvements
- Securing an Exchange Server 2007 Environment : Client-Level Secured Messaging - Exchange Server 2007 Client-Level Security Enhancements
- Microsoft Exchange Server 2010 Requirements : Additional Requirements
- Microsoft Exchange Server 2010 Requirements : Software Requirements (part 2) - Windows Server Roles and Features
- Microsoft Exchange Server 2010 Requirements : Software Requirements (part 1) - Additional Software
- Microsoft Exchange Server 2010 Requirements : Getting the Right Server Hardware (part 3) - Disk Requirements
- Microsoft Exchange Server 2010 Requirements : Getting the Right Server Hardware (part 2) - Memory Recommendations, Network Requirements
- Microsoft Exchange Server 2010 Requirements : Getting the Right Server Hardware (part 1) - The Typical User , CPU Recommendations
- Upgrading to Sharepoint 2013 : Upgrading Service Applications
- Upgrading to Sharepoint 2013 : Upgrading Site Collections
 
25 Inspiring Game of Thrones Quotes
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS