Enabling a VPN Reconnect
You need to know how to configure Windows 7 to use the IKEv2 VPN protocol to automatically connect when the VPN connection is disrupted.
VPN Reconnect uses the IKEv2 VPN protocol. With VPN Reconnect, the underlying network connection can be disrupted for up to 8 hours without the user losing the existing VPN tunnel. This automatic restoration can occur, even when the computer switches Internet connections. If the computer is placed into hibernation, the VPN connection must be manually reestablished.
Learn more about remote access with VPN Reconnect, consult the following webpage: http://technet.microsoft.com/en-us/library/dd637803(WS.10).aspx.
Only Routing and Remote Access servers running Windows Server 2008 R2 support IKEv2. You can configure IKEv2 with mobility to support a network outage time of up to 8 hours. If the disruption lasts longer than 8 hours, the user will have to reconnect manually. You need to configure a special certificate template with Enhanced Key Usage (EKU) options to support IKEv2.
Remember that the only VPN protocol you can use to switch Internet connections while maintaining the VPN link is IKEv2.
Advanced security auditing
You need to know how to enable advanced auditing.
With the Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Audit: Force Audit Policy Subcategory Settings policy, you can perform advanced auditing on computers running Windows 7. Advanced auditing is much more specific than the general audit categories. You configure auditing by configuring the policies that are located in the Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\ System Audit Policies node. Advanced audit policies are available in the following categories:
- Account Logon: Includes the following audit policies: Audit Credential Validation, Audit Kerberos Authentication Service, Audit Kerberos Service Ticket Operations, and Audit Other Account Logon Events.
- Account Management: Includes the following audit policies: Audit Application Group Management, Audit Computer Account Management, Audit Distribution Group Management, Audit Other Account Management Events, Audit Security Group Management, and Audit User Account Management.
- Detailed Tracking: Includes the following audit policies: Audit DPAPI Activity, Audit Process Creation, Audit Process Termination, and Audit RPC Events.
- DS Access: Includes the following audit policies: Audit Detailed Directory Service Replication, Audit Directory Service Access, Audit Directory Service Changes, and Audit Directory Service Replication.
- Logon/Logoff: Includes the following audit policies: Audit Account Lockout, Audit IPsec Extended Mode, Audit IPsec Main Mode, Audit IPsec Quick Mode, Audit Logoff, Audit Logon, Audit Network Policy Server, Audit Other Logon/Logoff Events, and Audit Special Logon.
- Object Access: Includes the following audit policies: Audit Application Generated, Audit Certification Services, Audit Detailed File Share, Audit File Share, Audit File System, Audit Filtering Platform Connection, Audit Filtering Platform Packet Drop, Audit Handle Manipulation, Audit Kernel Object, Audit Other Object Access Events, Audit Registry, and Audit SAM.
- Policy Change: Includes the following audit policies: Audit Audit Policy Change, Audit Authentication Policy Change, Audit Authorization Policy Change, Audit Filtering Platform Policy Change, Audit MPSSVC Rule-Level Policy Change, and Audit Other Policy Change Events.
- Privilege Use: Includes the following audit policies: Audit Non Sensitive Privilege Use, Audit Other Privilege Use Events, and Audit Sensitive Privilege Use.
- System: Includes the following audit policies: Audit IPsec Driver, Audit Other System Events, Audit Security State Change, Audit Security System Extension, and Audit System Integrity.
- Global Object Access Auditing: Includes the following audit policies: File System and Registry.
