Analyzing Administrative Template Settings To Control Application Features

By Author: unknownmem
Total Articles: 128
Comment this article

In this practice, you will analyze the administrative template settings for terminal Designing exam(http://www.mcse-70-297.com)
services and provide recommendations for hardening terminal services. Read and follow the instructions, and then complete the table that follows. If you are unable to complete the table, review the lesson materials and try again. You can find answers to this practice in the "Questions and Answers" section at the end of the chapter.
This is a continuation of the practice at the end of Lesson 1. Complete this practice as if you are still a security designer for Humongous Insurance.

Spend time learning about each selection in the Terminal Services section of the administrative templates in Group Policy. Use the Explain tabs and any additional resources that you need, such as the results from searching the Technet Web site or the Windows XP Security Guide. Then use Table 11-5 to record at least five recommendations for hardening terminal services (making sure they are things that can be done with Group Policy), and provide your reasons for making these recommendations. You cannot ...
... use any recommendations that were already used in this lesson.
There are four types of software restriction policies:
Certificate. Certificate rules allow MCITP Enterprise Administrator(http://www.certtopper.com)
or restrict software by checking for a signature by a trusted publisher. If the signature is valid and the publisher is approved, the software will be either allowed to run or is not allowed to run, depending on the security level set in the rule.
Hash. Hash rules create a hash of a selected executable. When an attempt is made to run an executable, it is hashed and the hash is checked against existing, restricted hashes. If a match is found, the software is allowed to run or is prevented from running, depending on the security level set in the rule. The hash of an executable will never change, so regardless of where the software is located the policy can still take effect. If a new version of the software is released, the hash will not match and the software is not restricted by the policy.
Internet Zone. Windows installer package software is allowed or restricted based on the Internet Zone it is downloaded from. Other types of software are not
restricted by these rules.Path. A path rule designates a Windows file or registry path in which software will be either allowed or denied. If the software is copied to another path, the policy will not apply. Four default registry paths are set. The default paths allow system software to run
CompTIA Security+ Exam(http://www.securityplus-sy0-201.com)
even if the security level is set to Disallowed.