Applying Microsoft Security Guidance

Target Audience
This hands-on lab allows students to apply information and guidance that can help in implementing and managing security in a network based on Microsoft Windows. It is intended for current IT professionals with experience using Microsoft Windows 2000 Server or Microsoft Windows Server 2003 and with knowledge of Active Directory concepts

Pre-Requisites
Before attending the hands-on lab, the delegate must have the following pre-requisite:Good baseline IT skills as the concepts presented in these labs will build on their current experience

Purpose
After completing this hands-on lab, students will be able to scan computers for missing security updates; install security updates by using Windows Update; distribute and install security updates by using SUS and Automatic Updates; scan computers by using Systems Management Server (SMS) 2003; manage security update distribution by using SMS 2003; implement security for member servers and domain controllers by using Group Policy; implement security for member servers and domain controllers by using security templates; prevent certain applications to run by using software restrictions policies; protect Windows XP clients by using Internet Connection Firewall (ICF); protect data by using Encrypting File System (EFS); lock down Internet Information Services (IIS) 5.0 Web servers; configure security for IIS 6.0 Web servers; implement security for Exchange Server 2003 servers by using security templates. (If time permits) Use Data Recovery Agent to recover encrypted data; implement security for Outlook Web Access (OWA) connections; analyze security events on servers; secure network traffic and protecting servers by using IPSec

Course outline

1. Managing Security Updates
2. Implementing Server Security
3. Implementing Client Security for Windows 2000 and Windows XP
4. Implementing Application Security
5. Appendix: Implementing Additional Server Security

Module 1:Managing Security Updates

• Scanning Computers with Microsoft Baseline Security Analyzer (MBSA)
• Installing Updates with Windows Update and Windows Update Catalog
• Distributing Updates with Software Update Services (SUS)
• Scanning Computers with SMS 2003 Security Update Inventory Tool
• Distributing and Installing Updates with SMS 2003.

Module 2:Implementing Server Security

• Configuring Active Directory for Security
• Implementing Server Security by using Security Templates

Module 3:Implementing Client Security for Windows 2000 and Windows XP

• Implementing Security by using Software Restriction Policies
• Troubleshooting Software Restriction Policies
• Protecting Client Computers by Using Internet Connection Firewall (ICF)
• Protecting Data by Using Encrypting File System (EFS)
• Recovering Encrypted Data with a Data Recovery Agent (if time permits).

Module 4:Implementing Application Security

• Implementing Security with IIS 5.0
• Default Lockdown of IIS 6.0
• Implementing IIS 6.0 Web Server Security
• Implementing Security with Exchange Server 2003
• Implementing Security with Outlook Web Access and SSL (if time permits)

Module 5:Appendix: Implementing Additional Server Security

• Implementing Event Monitoring (if time permits)
• Implementing Network Security by Using IP Security (IPSec) (if time permits)