Researching, Configuring, And Monitoring Windows NT 4.0 Security

This chapter covers the following Microsoft-specified goals for the Configuring and Troubleshooting Users and Groups, Configuring and Problem-fixing Users and System Policies, and Analyzing, Configuring, and Monitoring Security bits of the Supporting and Maintaining a Microsoft Windows NT Server 4.0 Network exam:

Configure troubleshoot account policy. Points to consider include password uniqueness, password length, password age, and account lockout.

Not all users are made equal. As a result, you need to be ready to adjust account permissions and restrictions (at a domain, not a resource, level) to suit people or groups. Account policy assists you to control the password complexity and change policy to make sure that security is maintained in your domain.

Configure and troubleshoot system policies. Issues include client computer operating systems, file locations and names, and interchange between local security policy and system policies.

Configure user-specific system policies.

Configure PC policies.

Regularly you'll find a need to customise the environment in which users work. This might include logon banners, wallpaper available, icons on the desktop, and Start menus. System policies enable you to easily apply these kinds of environmental limitations to a user without having to run scripts or to configure each machine by hand.

Implement checking and monitor security. Implementation includes configuring audit policy, enabling verifying on objects, and researching audit logs.

Verifying enables you to track resource access and to check for possible attempts to access prohibited resources. Configuring audit policies, enabling verifying, and doing analysis will allow you to get a good picture of resource access (both successful and failed) in your domain.

Analyze and configure the system software environment and the user environment by employing Security Configuration Executive.

Apply the proper security template primarily based on server function.

Investigate the existing environment and customize existing security templates to meet organizational security requirements.

The Security Configuration Executive lets you create security configurations you can use to ensure that all of your machines meet a specific minimum-security standard. It also permits you to audit the configurations of your Windows NT machines to see where changes are required. In addition, it also helps you to just apply a standard configuration to each machine.

Configure and troubleshoot trust relations. Concerns include cross-domain resource access and one-way trusts vs two-way trusts.

In a multidomain environment, the issue of allowing users from one domain to access the resources in another comes to the front. Trusts are the primary mechanism for permitting such access. This objective introduces you to the creation, upkeep, and troubleshooting of trusts and the resource access issues that they work out.

Study Strategies

The account policy section might seem straightforward. On the examination, you might not get tripped up by the mechanics of the settings. Nevertheless you might get tripped up by the consequences of them. Be sure that you've got a good knowledge of why certain settings are critical, and when you would use them. That way, if you are given questions with seemingly immaterial information regarding the minimum or maximum password length, you can resolve whether the info provided is important to the query or simply peripheral info.

When studying for the parts of the examination applying to system policy, you can never avoid opening the policy editor and creating a policy file. You will need to know the greatest difference between creating a policy file for Windows NT machines (NTCONFIG.POL) and for non-NT machines (CONFIG.POL) as well as the path in which to save them. You also should play with the policy editor in both Policy mode and Registry mode.

As the Security Configuration Boss is new, expect a number of questions on it. You need to know the GUI as well as command-line versions and what each will do. Know perhaps the four main switches to be used in the command-line editor. In addition, be acquainted with the major sections you can change in the GUI version and how a template becomes a database and then how you can use that database to research and configure a Windows NT system.

For the trust portion of the examination, you must understand the terminology of trusts. This cannot be overstated. Be sure you understand which is the reliable and. Trusting domain in an one-way trust relationship. Make sure that you understand what's meant when you're told that A trusts B. Know about the intransitivity of trust relationships. Additionally , know the five trust models and what the basic configuration is (users in trusted domains, resources in trusting domains).


As is clear by the chapter outline, this chapter covers a selection of advanced subjects. The concept that ties them all together is that of security. In a safe environment, these are true:

Users are asked to change their password frequently (account policy).

Users gain access only to the system resources that they have to access (system policy).

Regular checks make sure that attempts at unapproved access to resources are discovered and corrected/prevented (checking).

All servers are maintained at an identifiable standard of security (Security Configuration Executive).

The interactivity between domains is controlled and done in a way so as not to reach a compromise on the security of either domain (trusts).

This chapter discusses all these topics.

Welcome to visit my blog and leave you comment. That's a good blog about the IT certification article and examination stories, Q&A and so on!