This hands-on lab provides a Microsoft Windows administrator with an understanding of how to configure basic security controls on a Windows server and within a domain group policy. You will get hands-on experience building out firewall rules that restrict service access to your domain controller and restricts what the domain controller can access. You will learn how to use Windows PowerShell to administer your firewall. To enforce your organization's password policy, you will configure your domain's group policy so that users have minimum password length and minimum password history constraints enabled. Finally, to increase your situational awareness and visibility into suspicious activities, you will configure auditing for a subset of sensitive files. These are basic skills for applying security controls within a Windows server and domain. These skills are essential for someone pursuing a career as a Microsoft Windows Administrator.
Understand the scenario
You are a system administrator for a company that uses the Windows operating system. You need to harden domain-joined computers by using Group Policy. First, you will configure the Windows firewall to allow HTTP, HTTPS, and RDP inbound traffic. Next, you will configure the appropriate Group Policy settings to ensure that computers comply with organizational security policies. Finally, you will enable auditing to ensure your policy is enforced and suspicious behaviors are recorded.
Configure a Windows firewall rule that allows traffic:
The native host-based firewall on a Windows server is a first-line of defense for your systems within your perimeter. It is critically important that your firewalls are well managed and permit traffic that is required and denies all other traffic. Your first task in this lesson is to gain experience managing Windows Firewall. You will use Windows PowerShell cmdlets (i.e., Set-NetFirewallProfile and New-NetFirewallRule) to enable your firewall and build a new inbound rule that allows traffic for different services (i.e., HTTP, HTTPS, and RDP) for your server environment.
Configure a Windows firewall rule that blocks outbound mail:
You will implement an additional firewall rule to secure your Windows server by minimizing the threat attack surface. This rule will control outbound access to your Domain Controller. For this task, you will use Windows PowerShell cmdlets to create a new rule that blocks outbound SMTP and POP3 traffic.
Configure password settings in Group Policy:
Typically, an organization will have an IT Security policy that dictates password requirements. To enforce that policy in a Windows domain environment, you can create a group policy that controls parameters concerning your users' passwords. For this task, you will modify your domain policy to enforce a minimum password length and minimum password history. By increasing the length and complexity of your password requirements and limiting how often passwords can be reused, you will increase your defense against password guessing attacks.
Configure file system auditing:
For this scenario, you will consider sensitive information on your domain controller that you want to monitor for unauthorized access attempts. You will create a dummy folder and file, enable auditing within group policy, then enforce auditing on the folder and file for failed access attempts. It is important to remember that enabling auditing doesn't prevent activity from occurring; however, it can help you mitigate malicious activity quickly, if the audit files are frequently monitored.
Lab Summary Conclusion:
In this hands-on virtual lab, you will learn how to establish some basic security control for a Windows server and domain environment. You will learn how to configure a server's host-based firewall, manage group policy for password policy enforcement, and enable auditing to ensure your sensitive files are appropriately monitored for suspicious behavior. These are essential security-focused skills, required for someone pursuing a career as Microsoft Windows server and domain Administrator.
Other Challenges in this series
- GUIDED CHALLENGE: Run a Network Scan Using Nmap
- ADVANCED CHALLENGE: Can You Secure Network Access?