MCSE 70-299

MCSE 70-299:
Implementing and Administering Security in a Windows Server 2003 Network

Topic-Level Outline

Days: 5

Prerequisites: CompTIA A+ and Network+ certification, or equivalent knowledge and skills.

To get the most out of this course, students should have at least 6 to 12 months of experience implementing and administering a network operating system environment with the following characteristics: 250 to 5,000 or more users; 3 or more physical locations; 3 or more domain controllers; network services and resources such as messaging, file and print, proxy server, firewall, public key infrastructure, Internet, intranet, remote access, and client computer management; and connectivity requirements such as connecting branch offices and individual users in remote locations to the corporate network and connecting corporate networks to the Internet.

Unit 1 : Introduction to network security

Topic A: 0 Windows Server 2003 security enhancements

A-1: Identifying security enhancements in Windows Server 2003

Topic B: 0 Client security enhancements

B-1: Identifying client security enhancements in Windows XP SP2

Unit 2 : Implementing security policies

Topic A: 0 Server security

A-1: Installing the Microsoft Security Guidance Kit

A-2: Installing the Group Policy Management Console (GPMC)

A-3: Using Group Policy Management to examine the default domain controllers policy

A-4: Creating the member servers OU

A-5: Delegating responsibility of an OU

A-6: Creating a member server baseline policy

A-7: Creating an infrastructure server baseline policy

A-8: Using the IIS lockdown tool

Topic B: 0 Client security

B-1: Configuring client security settings

B-2: Working with software restriction policies

Unit 3 : Analyzing and deploying security policies

Topic A: 0 Current security configuration

A-1: Analyzing security settings

A-2: Installing the Microsoft Baseline Security Analyzer

A-3: Using the Microsoft Baseline Security Analyzer

A-4: Using the Microsoft Baseline Security Analyzer from a command line

Topic B: 0 Custom security templates

B-1: Viewing the security settings of predefined security templates

B-2: Creating a custom security template

B-3: Copying security settings between templates

Topic C: 0 Security template deployment

C-1: Deploying security templates using GPOs

C-2: Deploying security templates using command line tools

C-3: Deploying security templates using scripts

Unit 4 : Troubleshooting security policies

Topic A: 0 Mixed operating system environment

A-1: Identifying security template issues in a mixed operating system environment

Topic B: 0 Mixed domain level environment

B-1: Raising the domain functional level

B-2: Raising the forest functional level (instructor demo)

Topic C: 0 Group Policy inheritance

C-1: Working with security groups

C-2: Applying block inheritance to a Group Policy

C-3: Applying enforced to a Group Policy

C-4: Applying security filtering

Topic D: 0 Security template problems

D-1: Using the Resultant Set of Policy tool

D-2: Using gpresult

Topic E: 0 Security template removal

E-1: Removing security templates

Unit 5 : Planning and deploying patch management

Topic A: 0 Service pack and hotfix planning

A-1: Identifying malicious threats and security vulnerabilities

A-2: Applying a four-step process for updates to your environment

Topic B: 0 Service packs and hotfixes

B-1: Reviewing current security updates

B-2: Searching for Knowledge Base articles

Topic C: 0 Microsoft Software Update Services

C-1: Installing Microsoft Software Update Services

C-2: Configuring Microsoft Software Update Services

C-3: Synchronizing content on an SUS server

C-4: Viewing SUS logs

C-5: Configuring Group Policy for Software Update Services

C-6: Backing up the SUS server

Topic D: 0 Automated deployment

D-1: Automating update deployment

Topic E: 0 Deployment process

E-1: Using the MBSA to check for missing updates

Unit 6 : Managing and troubleshooting software updates

Topic A: 0 Software update distribution management

A-1: Examining patch management features of SMS

A-2: Configuring Windows Update

A-3: Configuring automatic updates using Group Policy

Topic B: 0 Critical patch management

B-1: Determining tasks for managing patches

Topic C: 0 Scan errors

C-1: Troubleshooting MBSA scan errors

C-2: Troubleshooting MBSA command-line scan errors

C-3: Troubleshooting Qchain.exe scans

Topic D: 0 Patch management infrastructure troubleshooting

D-1: Identifying the source of patch management problems

Unit 7 : Planning and deploying security for network communications

Topic A: 0 Internet Protocol Security

A-1: Identifying appropriate uses for IPSec

Topic B: 0 IPSec deployment plan

B-1: Identifying the components of an IPSec deployment

Topic C: 0 IPSec policies

C-1: Creating an IPSec policy

C-2: Configuring authentication for IPSec

C-3: Setting encryption methods for IPSec

C-4: Configuring protocols for IPSec

C-5: Setting IPSec filters

C-6: Editing an IPSec filter

Topic D: 0 IPSec policy deployment

D-1: Assigning an IPSec policy using group policy

D-2: Using the Netsh command-line utility

D-3: Using the Windows Scripting Host (WSH) to create a script file

Topic E: 0 IPSec certificates

E-1: Configuring authentication methods for certificates

Unit 8 : Troubleshooting IPSec policies

Topic A: 0 Default IP Security Policies container permissions

A-1: Delegating control of the IP Security Policies container

Topic B: 0 IPSec persistent policies

B-1: Setting persistent IPSec policies

B-2: Troubleshooting persistent IPSec policies

Topic C: 0 IPSec driver startup mode

C-1: Disabling the IPSec driver

C-2: Enabling logging for the IPSec driver

Topic D: 0 IPSec troubleshooting tools

D-1: Running RSoP to determine applied IPSec policy

D-2: Enabling Oakley logging for IPSec

D-3: Customizing IPSec driver logging

Topic E: 0 IPSec network issues

E-1: Installing and using Network Monitor on Windows Server 2003

E-2: Identifying network issues with IPSec

Topic F: 0 IPSec certificate

F-1: Using the enterprise trust policy wizard

F-2: Modifying strong CRL checking

F-3: Unassigning an IPSec security policy

Unit 9 : Planning and deploying public key infrastructure

Topic A: 0 Certificate requirements

A-1: Determining certificate requirements

Topic B: 0 PKI group structure

B-1: Creating security groups

B-2: Assigning group management

B-3: Creating a distribution group

B-4: Nesting groups

Topic C: 0 Authentication

C-1: Creating a realm trust

C-2: Delegating authentication

Topic D: 0 Authorization

D-1: Determining the appropriate authorization methods

Topic E: 0 Certification Authority hierarchies

E-1: Installing a root CA

E-2: Installing an intermediate CA

Topic F: 0 Certificate Authority configuration and deployment

F-1: Creating a certificate template

F-2: Specifying a CRL publication interval

F-3: Configuring autoenrollment using group policy

F-4: Backing up the CA

F-5: Restoring a CA

Unit 10 : Planning and deploying authentication for remote access users

Topic A: 0 Secure Sockets Layer (SSL)

A-1: Checking LDAP communication

A-2: Requesting a Web server certificate

A-3: Installing a Web server certificate

A-4: Configuring a Web server to accept clients using a SSL certificate and CTL

A-5: Using private or public CAs

A-6: Configuring IE to use SSL

Topic B: 0 Security for remote access users

B-1: Configuring a dial-in server for MS-CHAP v2 authentication

B-2: Configuring a Routing and Remote Access Server for NAT

B-3: Planning a VPN solution

Topic C: 0 Client configuration for RAS

C-1: Creating a new remote access policy

C-2: Using the CMAK to create a service profile

Unit 11 : Planning and configuring security for wireless networks

Topic A: 0 WLAN technology

A-1: Identifying the technology used to implement WLANs

Topic B: 0 Wireless network security

B-1: Installing IAS and configuring wireless authentication

B-2: Configuring IAS for a remote RADIUS server group

B-3: Choosing a wireless network encryption method

Topic C: 0 Wireless access policies

C-1: Creating a wireless access policy

C-2: Configuring the IAS server to accept RADUIS clients

C-3: Creating a new IAS remote access policy

Topic D: 0 Wireless access point configuration

D-1: Configuring a wireless access point (instructor demo)

Topic E: 0 Wireless clients

E-1: Configuring a wireless client (instructor demo)

Unit 12 : Troubleshooting access problems

Topic A: 0 PKI troubleshooting

A-1: Using dsrevoke to view access control entries

A-2: Using perms.exe to view file permissions

A-3: Using klist.exe to view Kerberos authentication

Topic B: 0 Certificate troubleshooting

B-1: Using Certutil.exe to view certificate authority information

B-2: Troubleshooting autoenrollment

Topic C: 0 Remote access troubleshooting

C-1: Enabling RRAS accounting and logging

C-2: Troubleshooting CMAK

Topic D: 0 Wireless troubleshooting

D-1: Viewing activity for Wireless Access Points and clients (instructor demo)

D-2: Monitoring IAS performance objects

Unit 13 : Monitoring systems

Topic A: 0 Auditing

A-1: Configuring audit policies

A-2: Creating a custom event log view

A-3: Exporting an event log

Topic B: 0 Logging

B-1: Enabling ODBC logging on a Web site

B-2: Performing a capacity planning trace

B-3: Logging substatus error codes

B-4: Using log files to determine problems

Topic C: 0 Research

C-1: Using the Knowledge Base to research Windows Server 2003 SP1

C-2: Using ICMP utilities