• Classroom
Course Description

This four day seminar will focus on the skills required to effectively audit Active Directory. Using VMware workstation, each student will have their own virtualized Windows Server 2012 R2 Domain Controller and Windows 7 Workstation to put into practice the concepts and techniques learned during the class with a series of 15 hands on labs. The output from each of the labs will be incorporated into an Excel spreadsheet that can be used as the basis for an audit program. Separate sheets in the Auditing Active Directory Excel Spreadsheet summarize how to obtain Active Directory data using PowerShell scripts, items to look for in the output and a place to store samples of the PowerShell output. Students will be given their completed spreadsheet to take with them on a USB key along with the lab notes and PowerShell Scripts.

The goal of this class is to develop a practical methodology for auditing and securing Active Directory. It will investigate attacks against Active Directory and how to protect against these attacks. Audit techniques covered are designed to make Active Directory exponentially more secure and difficult to hack. The last day of class will include a role playing exercise to put into practice the skills learned earlier in the class in a challenging real world auditing environment.

This course is available on-site at your location, or offered through open enrollment in San Francisco, CA, and New York, NY.

Learning Objectives

  1. Windows and Windows Networks, Windows Operating Systems and Versions. Windows Patches, Windows Server Builds, vLANs, Siloing
  2. Auditing Active Directory Core Components, Domains, Trees and Forests, Active Directory Structure, Active Directory Sites and Services, Domain Controllers, DNS, Time Configuration, Active Directory Domains and Trusts, Active Directory Federation Services, Active Directory Certification Authority
  3. Auditing Active Directory Users, User Accounts, Windows Services, Active Directory Administrative Center, Active Directory Recycle Bin, Authentication Policies, Authentication Policy Silos
  4. Auditing Active Directory Groups, Group Types, Access Control Lists, Auditing Domain Groups
  5. Auditing Password Policies, Security Identifiers (SIDs), Kerberos, Password Attack Techniques, Protecting Passwords, Password Policies, Fine Grained Password Policies
  6. Auditing Folder Rights, Share Permissions, NTFS Permissions, Inheritance, Folder structure and permissions, Drive mappings, Best Practices, Identify sensitive folders
  7. Auditing Active Directory Delegation, Reasons to Delegate the Administration of Active Directory, Active Directory Administration Delegation, Audit Active Directory Delegation
  8. Security Compliance Manager and Group Policy, Microsoft Security Assessment Tool 4.0, Microsoft Baseline Security Analyzer 2.2, Microsoft Security Compliance Manager (SCM), Group Policy
  9. Auditing User Rights and Event Viewer Logs, User Rights, Auditing Event Viewer Logs
  10. Hardening Active Directory, Password Policies, Patch Management, Upgrade Domain Controllers to Windows Server 2012 R2, Multifactor authentication, Authentication Policy Silos, Silo your Network, Audit Administration Account Use, Limit Membership of Schema Admins and Enterprise Admins Groups., Use Separate Administrative Accounts, Continuous Monitoring, End User Training
  11. Active Directory Case Study

Framework Connections