Randy Franklin Smith's
Audit and Assessment of Active Directory Training

Course Outline

Chapter 1 - Introduction

  • Introduction
  • Background
  • Chapters overview
  • Hands-on exercises
  • What is AD?
  • Why is AD so important to security and audit?
  • How does AD relate to Windows?
  • Where does Group Policy fit in?
  • What makes AD audits unique?
  • Windows Security

Chapter 2 - Windows Security

Part 1 – On a Standalone Server

  • Local Users
  • Password and Lockout Policy
  • Local Groups
  • Built-in Local Groups
  • User Rights
  • Services
  • Patch Level
  • Audit Policy
  • Security Log Settings

Part 2 – In a Domain Environment

  • Computer roles
  • Domain vs. local
  • Users
  • Groups
  • Password and lockout policy
  • Group policy
  • Patch management
  • Active Directory Structure

Chapter 3 - Active Directory Structure

Part 1 - Introduction to AD

  • Leaf and container objects
  • Windows NT Domain Structure

Part 2 – Container Hierarchy

  • Domains
  • Forests
  • Trees
  • Organizational Units
  • Sites

Part 3 – Trust Relationships

  • Transitivity
  • Direction of trust
  • Risks of trust
  • External trusts

Chapter 4 - Computer Accounts

  • Computers are people too
  • Computer Roles
    • Workstations
    • Member servers
    • Domain controllers
  • Group policy

Chapter 5 - User Accounts

  • Password and lockout policy
  • User specific logon controls
  • User’s location in OU
  • Group policy for user accounts

Chapter 6 - Groups

  • Group Type and Scope
  • Using groups for access control
  • Where to place groups in OU hierarchy

Chapter 7 - Administrative Authority

  • 2 ways to control admin authority
  • Built-in Groups
  • Delegating admin authority
  • Comparing Active Directory Access Control to File System Access Control
  • Inheritance
  • Active Directory Permissions
  • Safe Use of Administrative Privileges

Chapter 8 - Tying It All Together

  • Domain controllers
  • Local vs. domain users and groups
  • Forests
  • Domains
  • OUs
  • Managing end-user access control
  • Managing IT admin authority

Chapter 9 - Planning and scoping your audit

  • Different types of audits
  • Scoping
  • Beyond the forest and outside Windows

Chapter 10 - Gathering evidence

  • Using the audit kit
  • Evidence collection tools
  • Planning evidence collection
  • Evidence collection levels
  • Forest evidence
  • Domain evidence
  • Domain controller evidence
  • Organizational unit evidence

Chapter 11 - Analyzing evidence

  • Forest
  • Domain
  • Domain Controller
  • Organizational Unit

Next:

 

Upcoming Webinars
Additional Resources