Windows

Windows Local Security Policy SettingsSystem Configuration Settings Windows 2003

Windows GUI15-1

15-1 GUI

GUIRegistryregeditregedit32Windows 2000

15-2

Windows

Windows 2000

LAN Manager LAN ManageerWindows 2000Windows 9598WindowsLAN ManagerWindows NTWindows 2000NTLM v2

NTLM v21.LAN Manager2. LMNTLMLMNTLMNTLM v2

LMNTLMNTLMv2NTLMNTLM v2NTLM v2LMNTLM v2LMNTLM

Windows95Windows98LAN Manager

SAM

Windows 2003 Windows 2003Windows 2000Software Restriction PoliciesSRP15-3SRP

15-3

Service pack

Windows 2000NTFSFATNTFSFATCONVERTNTFS

Windows 2000 NTFS NTFS-5NTFS-5

Woindows 2000

Encrypting File SystemDOSWindows 2000Windows NTNTFSDOSNTFSWindows NTWindows 2000NTFSWindows 2000Encrypting File SystemEFS

EFS EFS EFSAdministratorEFSEncrypting File System

EFSNTFS 5.0 Encrypting File System

ShareWindows NTWindows 2000C$D$IPC$ADMIN$NETLOGON15-4Administrator

15-4

Windows135137139Windows2000Kerberos88SMB over IP445Kerberos kpasswd464 Key ExchangeIKE500UDP

NetBIOSWindows 2000NetBIOSFile and Printer Sharing for Mircosoft Networks15-5

NetBIOS15-5 NetBIOS

Windows 2000AdministratorGuestGuestGeuestWindows 2000Administrator

15-6Active Directory

PASSFILT.DLL

15-6

15-7AdministratorAdministratorconsole

15-7

Service packUpdate

Windows 2003Windows 2000.NET framework

Windows 2003Windows 2000sessionProperties15-8

15-8

56128FIPS140-1

15-9

15-9

.NET Framework .NET framework15-10.NET framework 1.1

.NET Framework 15-10 .NET

.NET Framework

15-2 Windows 200015-2-1 15-2-2 15-2-3

15-2-1 15-11

Windows NTID

15-11

15-1215-13Administrators

15-12

15-2-2 GuestsGuestGuest

15-2-3

30EFS30

15-13

15-3 Windows 2000

15-3-1 secedit15-3-2 15-3-3 15-3-4

15-3-1 seceditWindows 2000secedit.exesecedit

seceditWindows 2000secedit /analyze [/DB filename] [/CFG filename] [/log filename] [/verbose] [/quiet]/DB filenamefilename/CFG filename

/CFG filename/log filename/verbosesecedit/quietsecedit

seceditsecedit /configure [/DB filename] [/CFG filename] [/overwrite] [/areas area1 area2] [/log filename] [/verbose] [/quiet]/DB filename/CFG filename

/overwrite/CFG/areasSecuritypolicyGroup_mgmtUser_rightsRegkeysFilestoreServices/log filename

/verbosesecedit/quietsecedit

secedit secedit /validate filename

secedit:secedit /refreshpolicy [machine_policy or user_policy] [/enforce]machine_policyuser_policy

/enforce

seceditsecedit /export [/MergedPolicy] [/DB filename] [/CFG filename] [/areas area1 area2] [/log filename] [/verbose] [/quiet]/MergedPolicysecedit

/DB filename/CFG filename/areasSecuritypolicyGroup_mgmtUser_rightsRegkeysFilestoreServices/log filename

/verbosesecedit/quietsecedit

15-3-2 Windows 200015-14

15-14 Windows 2000

15-3-3 Windows 2000\%systemroot%\system32\config

*.txtCSV

15-3-4 Windows 200O

Windows 2000

Windows 200015-15CPU

15-15 Windows 2000

CMDCMDDOSCMDCMD

Windows 2000Windows 2003Group PolicyGPOUADGP

GP

Group PolicyGPUser ConfigurationscriptGP

Computer ConfigurationGPbootGPGPOU

GPOUGP

GPO Default Domain PolicyDefault Domain Controller Policydomain container

GPOGroup Policy ObjecttreeGroup Policy Object Editor

SMBLAN40

IPWindows Explorer AuthenticodeWindows

Windows Windows Windows Installer

Windows Update Active DesktopActive Desktop

ADM

Windows 2003 Windows 2003ADSoftware Restriction PoliciesIEEE 802.11OU

IEEE 802.11802.1XOUGPOWindows XPWindows

802.11802.1x15-17EAPPEAPPEAPEAP-MSCHAP v2

15-17 IEEE 802.1x

1.2.3.4.OUOUOU

1.2.3.4.OU

Loopback GPMicrosoftLoopbackGPGP

mergeGPreplace

ACLGPOUblock policy inheritanceGPOUGPOUGPstart fresh from here, and work down

child containerGPGPOOU

Group Policy Management ConsoleGPMCMicrosoftMicrosoft Management ConsoleMMC GP15-18jiloa.com GPMCMicrosoft Windows 2003http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=C355B04F-50CE-42C7-A401-30BE1EF647EA

15-18

15-19

15-20 Administratorjiloa.comIHS

15-20 IHS Administrator

Resultant Set of PolicyRSoPOU

15-21IHSRSoPRSoPMMC MicrosoftActive DirectoryActive Directory

15-21 IHS RSoP

15-4-4 AD

Activate Directory

Activate Directory Aactivate DirectoryActivate Directory15-22OUDC

MMC