IT442 – Fall 2010
Bruce Mahfood
Project 2 Part 1 – Windows Server Security Concepts
Objectives:




Learn how to allow only the access that is necessary from external and internal sources.
Users need only so much access to do their jobs.
The server configuration will focus on authentication and authorization.
Microsoft started as a company that made things very easy to use. Starting with Server
2003 Service Pack 2 (SP2) Microsoft started locking things down. They learned the
lesson that making the system simple to use can cause many security holes.
Book references: The reading for this project is found in Chapter 3, pp. 37-54.
Lab activities:



Start Windows Update and update the computer. If the update window says that the
system is up to date, click on “Check for updates” to make sure. If no updates, then
continue.
Complete all activities given in the chapter, following them step by step. We will cover
the command line in more detail in Project 4, but please complete the command line
activity as it is given.
o NOTE: Use the password “d4f5g6!7&8*9(“ for the user Joe.
 For one thing, the password given in the book doesn’t work on this
system, and also, this is a much better example of a good password. In
this case, it’s not something you remember as a phrase, but as a pattern
for your fingers.
o NOTE: Some things are slightly different with the version of WS2008 used in the
book and the one that we have installed. You will have noticed this already from
project 1.
On page 51, the author gives an example of a filled out SACL list, but the window he has
us open up is empty. Go ahead and click Add, enter the object name Everyone in the
object name area, and click Ok. Don’t bother to actually select any options in the
resulting window, but this gives you a better view of what will be shown in the SACL list.
o Pull down the “Apply onto” list to see the ways that you can apply these settings
to the folder chosen.
1

On page 53, go to Server Manager > Configuration > Local Users and Groups > Groups
to see a list of available groups on the system. If you click on Users, you will see the list
of users defined. In either of these you can right click within the right panel to create
new objects as needed, whether user or group. Now go ahead with step 9, a, b, and c,
on page 53, adding and removing users and groups that are defined on your system.
Useful information:
Microsoft was faced with a serious problem concerning how to provide security over the
network. Information needs to be accessed by different types of personnel within an
organization. Different people need different levels of access. Human Resources needs
access to employee data, while Accounting needs access to financial information. Microsoft
tackled the two main challenges of authentication and authorization by use of a security system
called Kerberos (named after the three-headed dog guarding Hades who was able to look in
multiple directions at the same time. The Kerberos security that Microsoft implemented
attempts to provide multiple checks at the same time.
Written Assignment – Part 1:
For this assignment, a written narrative will be turned in next Monday at the beginning of class.
This is to be a separate document to the written assignment for answering questions that will
come with Part 2.
2