System Management
Security is not only important when a system is configured and set up. It is also important in day-to-day operations. Perhaps the best security mechanism is an administrator who is paying attention to his systems. That said, there are several things that can be done with a Windows 2000 system to enhance the ability of the administrator to detect potential security problems.
The Secedit Command
Windows 2000 provides a tool called secedit.exe, which can be used to manage the security policy on a large number of systems. Secedit provides the following capabilities:
- Analysis The policy on the system in question is analyzed and compared to a provided policy.
- Configuration The policy on the system in question is changed to match a provided policy.
- Validation A security configuration file can be validated.
- Refresh A policy is reapplied to a system.
- Export A stored template from a security database on a system is exported as a security template file.
In the following sections, we will take a look at how these capabilities can be used to manage the security of Windows 2000 systems.
In this tutorial:
- Windows 2000 Security Issues
- Setting up the System
- Local Security Policy Settings
- Logon Message
- LAN Manager Authentication Level
- System Configuration
- File Systems
- Network
- Account Settings
- USER MANAGEMENT
- Setting File Permissions
- System Management
- Analysis
- Configuration
- Validation
- Export
- Auditing a System
- Log Files
- Looking for Suspicious Signs
- Missing Log Files or Gaps in the Log Files
- Unknown Processes