Auditing Windows Server and Active Directory

Rimell Associates Ltd is pleased to present an updated training course for IT auditors who need to refresh their knowledge of current Windows technology. The Windows Server family is constantly introducing new areas for the IT auditor to review, and the increasing deployment of Windows Server 2008 has brought new control features such as granular audit policies and new password controls. Windows Server Core (new with the Server 2008 range) brings new challenges for the auditor - how do you audit a version of Windows that doesn't have a graphical desktop?

In this intensive practical course from our popular ‘Need to Know’ series, you will learn how to plan and carry out an audit of a Windows Server-based installation. With the ‘hands-on’ option, access can be provided to a Windows Server network specially set up for the occasion, and each student will be provided with their own Windows workstation and a range of Windows Server software tools to use, including software intended for the use of systems administrators, and not normally provided to a Windows user. We will cover Windows 2008 with a backward look at Windows 2003 to ensure that you'll be fully up to date no matter what mix of systems your company's data centre may be using!

At the end of the event, you will have all the essential knowledge required to conduct a successful Windows Server audit.

Suggested duration: 2 days, but can be customised to your requirements.

Agenda

A basic Windows operating system audit
Windows versions
Operating system roles
Auditing Windows Services
User rights and admin rights

Active Directory Objects
Forests and Trees
Domains and Sites
OUs Groups and Users Risks of inappropriate forest/domain configuration
Risks of trust relationships in an AD forest

Reviewing the deployment of Active Directory
Risks of poor deployment decisions
Replication risks
Accidental deletion of AD objects
Workstation/server controls in an AD environment
Risks associated with workstation and server domain membership

New AD security and control features in Server 2008
Read-only domain controllers
Selective replication
Domain controller loss/theft mitigation
AD object deletion protection

AD User and group management
Risks of poor user account control
Incorrect and inappropriate group membership
Control of dormant accounts
Risks associated with service accounts

New account control features in Server 2008
Granular password policies
New service account management tools

Windows Server Core 2008
Typical Server Core roles and deployments
Auditing Server Core installations with remote admin tools and PowerShell

Object permissions in Active Directory and what they mean
Risks of incorrect object permissions for AD and other objects
Risks of delegation and how to assess them

Group Policy Objects and how they are used
Risks of poor Group Policy design, deployment and monitoring
The Group Policy Management Console and how to use it in a GP audit

Auditing
How the Windows auditing and event log system works
Risks of improper audit logging configuration and monitoring
New auditing features in Server 2008
Granular audit policies
Event log forwarding

Risks of inappropriate file and directory access permissions
How to assess permissions cost-effectively

Useful software:
DumpSec
MBSA
Log dumper tools
The built-in NET commands
Using scripts to control and audit Windows Server and AD
Powershell and its audit uses

The Windows and AD audit programme