ourse Summary
The class is designed for
students with extensive Windows 2000 experience. It provides
in-depth tuition on the practical techniques used when fault finding
in an Active Directory environment. Many of the advanced techniques
employed are not publicly documented due to the technical
prerequisites and the complexity of their use. The course focuses
heavily on the inner workings of DNS, Active Directory and their
core processes. Common faults and their associated solutions are
discussed and reproduced in controlled labs.
The class also covers many of
the core security technologies employed by Windows 2000 in an Active
Directory environment including secure authentication, data
protection (on and off the transmission medium), secure remote
access, standards adherence and cryptographic technologies.
Upon completion of the class,
students will be able to:
§
Identify
faults
§
Locate the
source
§
Provide an effective
solution
§
Avoid
problematic configuration scenarios
§
Utilize the correct
tools
§
Reduce
downtime
§
Configure preventative
measures
§
Define Windows 2000 core
security technologies
§
Isolate and remove potential
security flaws
§
Strengthen native
security
Classroom
Dynamics
This class
utilizes a unique delivery approach, in excess of 75% of the
learning time is dedicated to lab work in order to allow the
students to best absorb the material. The majority of topics are
outlined by the instructor and are immediately followed by a lab
allowing the students to understand a concept, experience the
problem and provide the solution. The class provides a forum that
allows the students to put into practice many of the advanced fault
isolation, repair techniques and security technologies discussed
throughout the training program. Students are assigned lab exercises
either individually or as part of a team. The lab exercises are
defined utilizing realistic scenarios (often drawn from the
instructors own experiences), students are then assigned a specific
role and an objective in order to allow both the student and the
instructor to effectively measure the level of success. Course
progression and content depth are tailored
dynamically.
Curriculum
Focus
Domain Name System (DNS)
Integrated lecture and lab
DURATION 11 hours
- Advanced
configuration and practical deployment scenario
(Estimated
duration 5 hours)
- Construct
common place DNS infrastructure
including:
- Selective
configuration of root hints
- Practical
use and limitations of forwarders
- Delegation
of critical forest root sub-domain
(_msdcs)
- Recommended
re-configuration of SOA records
- Securing
dynamic update and zone transfer
- Providing
fault tolerant client resolution
- Resolution
in a multi domain-tree
Forest
- Advanced
configuration options
- Server
side advanced options
- Registry
settings
- Common faults
and solutions
(Estimated
duration 6 hours)
- Corrupted
BOOT file causes DNS server startup
failure
- Registry
startup value
- Use and
creation of null file
- Recreation
of BOOT file content
- Group
Policy editor unworkable response time on Security
node
- Invalid
client side DNS query
- Blocking
recursion for query string
- DNS syntax
fault during dynamic registration
- Stale
NETLOGON.DNS and NETLOGON.DNB
- NETLOGON
service requirements
- Failed
registration of A and PTR records
- ERROR -
Cannot find the file specified
- Apparently
unrelated service causes failure
- Critical
for Domain Controllers
- DNS
management console yields inconsistent monitoring
results
- Bug in
shipped media
- Prevents
accurate monitoring
- Non
registration of DC A records and/or DB
GUID
- Replication
failure
- Domain
Controller unavailable
- FSMO role
functionality offline
- Lack of
availability of Forest Root _msdcs sub
domain
- Catastrophic
failure
- Authentication
failure
- Replication
failure
- DNS
forwarding loops in multi domain-tree
forests
- Occupies
~80% server memory and CPU time
- Potential
BSOD
Domain Name System (DNS)
Integrated lecture and lab
continued
- DNS
management console changes not submitted
- Adjust
tolerance of WAN failures for critical DNS
RRs
- Catastrophic
failure
- Authentication
failure
- Replication
failure
- Zone
modification requirement
- Zone
transfer immediate expiry
- Apparent
inability to replicate DNS zones
- Potential
implementation showstopper
- Secure
dynamic update design flaw in a DHCP
environment
- Use of
DNSAdminUpdateProxy
- Using
fault tolerant DHCP design
- Upgrading
NT4 to Windows 2000
- Configuration
of security context for record
registration
- Severe
Denial of Service (DoS) attack
Active Directory
Integrated lecture and lab
DURATION 14 hours
- Active
Directory advanced configuration, fault finding and repair
(Estimated
duration 14 hours)
- Group
membership constraints
- Primary
groups storage
- Potential
impact of primary group modification
- Replication
failure
- ADSIEDIT/LDIFDE/LDP
- Function
and practical use of
%WINDIR%\SYSTEM32\DSSEC.DAT
- Control
security ACL interface
- Add/remove
custom object classes and attributes to/from ACL
editor
- Domain
creation for non Enterprise
Administrators
- Pre-creating
cross-references
- Permissions
necessary
- Authoritative
restore vs. Non-authoritative restore
- Understanding
the impact
- Restoring
inadvertently erased objects
- Schema
implications
- Bulk object
import/export
- Importing
using a comma delimited file
- Importing
using an LDIFDE import file
- Introduction
to scripting
- Use of the
AdminSDHolder template
- Preservation
of administrative permission
- Re-ACLs
critical administrative objects
- Optimizing
the Active Directory repository
(NTDS.DIT)
- Determining
the need
- Packing
the DIB
- Online
vs. offline defragmentation
Active Directory
Integrated lecture and lab
continued
- Understanding
the Schema/Schema upgrades
- Understanding
the schema
- Where is
the schema maintained?
- How can a
property have properties?
- Managing
LDIFDE files
- Implications
- Schema
Management console
- Upgrade
prerequisites
- Generating
unique OIDs
- Forced
Domain Controller demotion
- Determining
the need
- Procedural
steps
- Clean-up
requirements
- Orphaned
naming contexts and child domains
- Determining
the need
- Procedural
steps
- Significant
implications
- LDAP
policies and the IP deny lists
- Functionality
- Determining
the need
- Configuration
and assignment
- Significant
implications
- Recovering
erased Domain Controller security principals
- Kerberos
service principal name attribute
- Security
identifier
- Recovering
erased Domain Controller NTDS settings
objects
- Critical
object GUID
- Restoring
replication connection objects
- Recovering
from Group Policy, DCpromo or general SYSVOL
failure
- Recovering
base SYSVOL
- Recovering
customized SYSVOL
- Preserving
existing policies and scripts
- Operational
attributes
- Definition
and purpose
- Non-schema
defined
- Using LDP
to punch operational attributes
- Critical
System Objects
- Definition
and purpose
- Example
objects
- Flexible
Single Master of Operation (FSMO) roles
- Definition
of FSMO roles
- Impact of
absent FSMOs
- Impact of
duplicated FSMOs
- Transferring
and seizing FSMO roles
- Impact of
role seizure
Essential Administrative
Techniques
Integrated lecture and lab
DURATION 2 hours
- Advanced
administrative methods
(Estimated
duration 2 hours)
- Demonstrate
forced logoff and forced shutdown
- Modifier
key within graphical interface
- Default
credentials vs. forced authentication
- Determine
the need
- Use of
the IPC$ share
- Forced
credentials
- Service
Commander
- Control
the active or startup state of remote
services
- Re-configuration
of remote telnet service
- Default
credentials failure
- Pre-authenticated
path failure
- TLNTADMN/REGEDIT
- Network
Monitor
- Practical
uses
- Protocol
parsers
- Promiscuous
mode vs. non-promiscuous mode
- Automated
TCP/IP re-configuration
- Bulk
configuration of TCP/IP related properties and
services
- Command
line interface
- Remote
registry configuration
- Performance
counter corruption
- Inability
to correctly track performance counters
- Re-synchronize
performance libraries with WMI
Core Security
Technologies Lecture and lab
DURATION 9 hours
- Routing and
Remote Access (RRAS)
(Estimated
duration 1 hour)
- Securing
remote authentication
- Virtual
Private Network (VPN)
- Server
side requirements
- Client
side configuration
- Remote
Access Policies
- RADIUS
authentication
- Packet
filters
(Estimated
duration 2 hours)
- Configure
a VPN server and client (PPTP/L2TP)
- Configure
Remote Access Policies
- Install
and configure IAS (RADIUS)
- Implement
packet filters
Core Security
Technologies Lecture and lab
continued
(Estimated
duration 15 minutes)
- What is
SYSKEY?
- Where is it
implemented?
- Configuring
the storage location of the SYSKEY
- Cryptographic
algorithms
- Potential
impact
(Estimated duration 15
minutes)
- Reconfigure
location of SYSKEY
- Configure
a key disk
(Estimated
duration 2 hours)
- What is
Kerberos?
- Cryptographic
technologies and standards adherence
- Time
synchronization requirements
- Benefits of
Kerberos
- Kerberos
details and administrative settings
- Available
tools
- Interoperability
with MIT Kerberos
(Estimated duration 1
hour)
- Customizing
time synchronization
- View and
configure available Kerberos policy
settings
- Establish
shortcut trusts
(Estimated
duration 1 hour)
- What
is IPSec?
- How
does it work?
- Protocols
and services involved
- Configuring
and deploying IPsec policies
- IPsec
transport mode vs. tunnel mode
(Estimated duration 1 ½
hours)
- Using the
default response rule
- Deploying
an enterprise policy
- Securing
data for transmission over public networks
