M2813 – Applying Microsoft Security Guidance III
Enquire/Book this course
Trained over 60000 delegates
Course delivered by industry expert instructors
Highly competitive pricing
Course Description
Prerequisites: Before attending this course, students must have:
- Hands-on experience with Windows 2000 or Windows Server 2003
- Experience with Active Directory and Group Policy
- Basic understanding of Windows authorization and authentication concepts
- Working knowledge of Internet protocols, including POP3, IMAP4, SMTP, and HTTP
- Basic understanding of public key infrastructure (PKI) concepts and technologies
- Help protect e-mail messages using S/MIME signing and encryption.
- Manage e-mail attachment security using the Outlook Security Template.
- Increase security for Microsoft Office Outlook 2003 by using remote procedure call (RPC) over HTTP(S).
- Enhance security for Outlook Web Access (OWA) connections.
- Install Rights Management Services (RMS) and understand the provisioning and enrollment process for the RMS server.
- Install and activate the RMS client component to protect Microsoft Office 2003 documents and Outlook 2003 e-mail messages.
- Perform administrative tasks such as deploying custom rights policy templates and troubleshooting client configurations using the RMS Administration Toolkit.
- Sub-enroll and provision licensing servers to provide a distributed RMS infrastructure.
- Implement a VPN solution that incorporates L2TP/IPSec and Network Access Quarantine.
- Configure the remote access polices for VPN to support L2TP and PPTP remote access connections. You will also learn how to configure Certificate provisioning to support L2TP VPN connections.
- Implement VPN Network Quarantine: configure a remote access policy for network quarantine and implement the Remote Access Quarantine Service.
- Configure and deploy a Connection Manager profile for use with VPN Network Quarantine.
- Install and configure a stand-alone Root Certification Authority (CA).
- Install and configure a subordinate Enterprise CA.
- Configure custom certificate templates, and deploy certificates using autoenrollment.
- Increase security for e-mail communication and Web-site authentication by using digital certificates.
- Configure Certificate Services.
- Obtain a digital certificate to be used for S/MIME.
- Send and receive a digitally signed e-mail message.
- Send and receive an encrypted e-mail message.
- Test OWA functionality with signed and encrypted e-mail, and install the S/MIME Control.
- Install and configure the Outlook Security Template.
- Modify the default security settings to block specific attachments from within Outlook 2003.
- Install the RPC over HTTP Proxy network service.
- Configure the RPC back-end server.
- Configure ISA Server 2004 to listen for traffic destined for the RPC over HTTP service on the Exchange server.
- Configure Outlook to use RPC over HTTPS to connect to the Exchange server.
- Configure OWA to require Secure Sockets Layer (SSL).
- Configure ISA Server 2004 to provide secure access to OWA.
- Enable OWA to use forms-based authentication.
- Install the Outlook Web Access Administration tool.
- Install Windows RMS.
- Use the Windows RMS Administration Web page to begin the RMS Provisioning process.
- Enroll the RMS server, and request a new server licensor certificate (SLC).
- Import the SLC (ServerCert.xml) to complete the enrollment process.
- Register the RMS service connection point.
- Install the RMS client.
- Protect a Microsoft Office Word 2003 document using rights management.
- Protect an Outlook 2003 e-mail message using rights management.
- Install and configure the Information Rights Management Add-on for Internet Explorer.
- Open a rights-protected document using Microsoft Internet Explorer and the Information Rights Management Add-on for Internet Explorer.
- Create a custom rights policy template.
- Distribute the custom rights policy template.
- Use the IRMCheck tool to obtain information about the RMS client.
- Use the GetRMScp tool to verify that the service connection point can be located from the client.
- Use the RMS Log Viewer to view RMS-related events.
- Configure permissions on the Certification pipeline.
- Install Windows RMS.
- Access the Windows RMS Administration Web page to begin the RMS Provisioning process.
- Verify the configuration of the sub-enrolled licensing server.
- Remove the modified permissions on the Certification pipeline.
- Install and configure Internet Authentication Services.
- Configure Certificate Services.
- Configure Routing and Remote Access (RRAS).
- Install the Connection Manager Administration Kit (CMAK).
- Create a remote access policy for L2TP/IPSec VPN connections.
- Create a remote access policy for PPTP VPN connections.
- Configure Active Directory for autoenrollment of certificates.
- Create and issue certificate templates for L2TP/IPSec VPN access.
- Configure the Certification Authority to issue the new certificates.
- Create a remote access policy for network quarantine.
- Install the Network Access Quarantine Service.
- Create a new Connection Manager Profile using CMAK.
- Add custom actions to the Connection Manager profile to perform quarantine policy checks for VPN users.
- Connect to the VPN, and verify that a network client is now compliant with the company security policy.
- Configure a CAPolicy.inf file.
- Install a stand-alone root CA.
- Define CRL and AIA Publication Settings.
- Publish the CRL and CA certificate to Active Directory directory service.
- Install Certificate Services as a subordinate Enterprise CA.
- In the Certification Authority console, request a new certificate by using the request.req request file.
- Use the PKI Health Tool to verify that the offline root CA's CDP and AIA extensions are properly configured.
- Create the Autoenrollment Group Policy object, and link it to the domain.
- Create an S/MIME signing certificate template.
- Create an S/MIME encryption certificate template.
- Configure the CA to issue the S/MIME certificates.
- Send and receive a digitally signed and encrypted e-mail message.
- Enable SSL on the default Web site.
- Configure authentication for a Web site.
- Enable certificate mapping for a Web site.