You are in Training / Microsoft / Security / Course MS2811 / Course Outline

MS2811 Applying Microsoft Security Guidance

Lab 1: Managing Security Updates

In this lab, attendees will perform hands-on exercises that cover key patch management technologies, including Microsoft Baseline Security Analyzer (MBSA), Microsoft Software Update Services (SUS), and Microsoft Systems Management Server (SMS) 2003.

Exercises

Exercise 1: Scanning Computers with Microsoft Baseline Security Analyzer (MBSA)

  		•

    Scanning computers for security vulnerabilities with MBSA

  		•

    Examining the update database version

  		•

    Examining the update database file

  		•

    Examining the scan results

  		•

    Examining the security reports

    Exercise 2: Installing Updates with Windows Update and Windows Update Catalog

  		•

    Scanning computers with Windows Update

  		•

    Reviewing the available updates

  		•

    Downloading and installing a recommended update

  		•

    Downloading a specific update from the Windows Update Catalog

    Exercise 3: Distributing Updates with Software Update Services (SUS)

  		•

    Examining the SUS Administration Web site

  		•

    Configuring the SUS server

  		•

    Synchronizing the SUS server with available security updates

  		•

    Approving a list of updates for client computers

  		•

    Configuring Automatic Updates by using Group Policy

    Exercise 4: Scanning Computers with SMS 2003 Security Update Inventory Tool

  		•

    Verifying the SMS Management Point

  		•

    Installing the Security Update Inventory Tool

  		•

    Examining the collections, packages, programs, and advertisements created

  		•

    Running the scanner program on the client

  		•

    Collecting security update information from the client

    Exercise 5: Distributing and Installing Updates with SMS 2003

  		•

    Running the Distribute Software Update Wizard

  		•

    Forcing client computers to install an advertised update

  		•

    Verifying the installation of the security updates

    Lab 2: Implementing Server Security

    In this lab, attendees will perform hands-on exercises that cover key concepts necessary to increase security for Windows server computers.

    Exercises

    Exercise 1: Configuring Active Directory for Security

  		•

    Examining the current organizational unit (OU) structure

  		•

    Creating a new OU

  		•

    Creating a new administrative group

  		•

    Delegating administrative control

  		•

    Creating new Group Policy Objects (GPO) and linking them to Active Directory objects

    Exercise 2: Implementing Server Security by using Security Templates

  		•

    Examining pre-defined security templates

  		•

    Importing security templates

  		•

    Modifying security templates

  		•

    Using the Resultant Set of Policy Wizard

    Lab 3: Implementing Client Security for Windows 2000 and Windows XP

    In this lab, attendees will perform hands-on exercises that cover key technologies for managing the configuration of client security.

    Exercises

    Exercise 1: Implementing Security by Using Software Restriction Policies

  		•

    Creating a new GPO for software restriction

  		•

    Changing software restriction policy rules

  		•

    Verifying the software restriction policies

    Exercise 2: Troubleshooting Software Restriction Policies

  		•

    Using Event Viewer to identify software restriction policies in force

  		•

    Using the Resultant Set of Policy console to examine software restriction policies

    Exercise 3: Protecting Client Computers by Using Internet Connection Firewall (ICF)

  		•

    Examining the status of TCP ports

  		•

    Enabling ICF

  		•

    Verifying that ICF is blocking access to TCP ports

  		•

    Using Group Policy to enable ICF

    Exercise 4: Protecting Data by Using Encrypting File System (EFS)

  		•

    Encrypting files and folders by using EFS

  		•

    Examining EFS certificates

  		•

    Exporting and importing EFS certificates

    Exercise 5: Recovering Encrypted Data with a Data Recovery Agent (If Time Permits)

  		•

    Examining the EFS data recovery agent certificate

  		•

    Creating and configuring a new EFS data recovery agent certificate

  		•

    Restoring access to encrypted files

    Lab 4: Implementing Application Security

    In this lab, attendees will perform hands-on exercises that introduce key security concepts for Windows Server System applications.

    Exercises

    Exercise 1 - Implementing Security with IIS 5.0

  		•

    Examining the default configuration of IIS 5.0

  		•

    Running the IIS Lockdown Wizard

  		•

    Examining the locked-down configuration of IIS 5.0

  		•

    Installing URLScan

  		•

    Examining IIS log files

    Exercise 2 - Default Lockdown of IIS 6.0

  		•

    Examining the default configuration of IIS 6.0

    Exercise 3 - Implementing IIS 6.0 Web Server Security

  		•

    Creating and configuring application pools

  		•

    Listing current worker processes

  		•

    Examining the automatic recycling options for an application pool

  		•

    Using the Log Parser tool to examine IIS log files

    Exercise 4 - Implementing Security with Exchange Server 2003

  		•

    Examining Exchange Server 2003 security templates

    Exercise 5 - Implementing Security with Outlook Web Access and SSL (If Time Permits)

  		•

    Examining the Outlook Web Access security settings

  		•

    Configuring Outlook Web Access to require SSL

  		•

    Enabling Forms-Based Authentication

    Appendix: Implementing Additional Server Security

    In this lab, attendees will perform additional hands-on exercises related to increasing security for Windows server computers.

    Exercises

    Exercise 1 - Implementing Event Monitoring (If Time Permits)

  		•

    Examining event log and auditing options

  		•

    Modifying the GPO auditing policy

  		•

    Examining the security audit logs

  		•

    Using the Event Comb tool to search for events

    Exercise 2 - Implementing Network Security by Using IP Security (IPSec) (If Time Permits)

  		•

    Examining the IPSec configuration model

  		•

    Creating IPSec rules

  		•

    Creating an IPSec policy

  		•

    Assigning an IPSec policy

  		•

    Viewing security associations by using IP Security Monitor

  		•

    Examining IPSec scripts from the Windows Server 2003 Security Guide

    About Microsoft Hands-On Labs

    Microsoft Official Hands-On Lab learning products provide students with prescriptive exercises designed around real-world scenarios that deliver practical experience in a safe, instructor-led environment. Each hands-on lab begins with a short introductory presentation that provides an overview of the technical information covered in the self-guided portion of the lab. After the overview, the student performs the hands-on portion of the lab, following a series of prescriptive instructions to complete a task or procedure relevant to their job.