You need to configure automatic updates to reduce the threat of security violations. These updates can be High Priority – Critical updates, Software updates, and Hardware updates. You can configure various options for managing automatic updates. You can also install the WSUS service on one or more servers, which you configure to serve software updates to automatic update clients.
You can pre-configure security settings required for a particular server role by using security templates. You can import these templates into group policy and distribute them over a network. You can use the Security Configuration Wizard to create a customized settings template, which can be distributed and applied to computer systems.
The Security Configuration Wizard performs a scan to identify the services and roles that are currently running on the server. You can create security policies by using the security template snap-in or by using the Security Configuration Wizard.
You can use various built-in tools in Windows Server 2008 such as ADMX Migrator and the Group Policy Management Console. ADMX files provide a new format for displaying registry-based policy settings. ADMX files are divided into language-neutral files and language-specific files. The language-neutral files consist of the actual policy components. This enables the ADMX files to be used in a variety of different languages.
You can use the Group Policy Management Console to manage Windows Server 2000-based domain controllers. This is because Group Policy Management Console is backward compatible with ADM files. You can use the ADMX Migrator to convert ADM files to ADMX format. You can use ADMX Migrator for making multiple ADM file conversions in a single instance.
You can use group policies to configure Windows Firewall, modify an existing policy, or create a new policy in the Group Policy Management Console. You can create an Inbound rule to allow DNS queries only from the local subnet and an Outbound rule to block Internet Explorer from using a specific port. You can also apply this rule to all profiles, such as domain, private, and public. You can follow similar procedures to create connection security rules.
You need to configure the Windows Firewall to prevent malicious users from accessing a network. By default, Windows Firewall blocks all unsolicited incoming traffic and outgoing traffic unless it matches a certain rule. Firewall settings can be distributed by using group policies or can be configured locally. There are various functionalities in Windows Firewall such as firewall enhancement, firewall profiles, firewall rules, firewall management tools, and connection security rule.
You can use the Advanced Security settings by providing three profiles such as domain, private, and public. You can change the status of these profiles by selecting the Windows Firewall Properties option. You can use the New Connection Security Rule Wizard to create different types of rules, such as Isolation, Authentication exemption, Server-to-server, Tunnel, or Custom rule. You can request authentication for both inbound and outbound connections.
You need to implement the new ADMX format for group policies by creating a central store and copying the ADMX and ADML files in to it. You can control group memberships on domain computers by adding that group in the restricted groups.
You can use the PKIView to simplify the management of the PKI of an enterprise by combining vital CA management tasks within a single administrative interface. This apart, there are several features in Certificate Service enhancements such as SCEP, OCSP, and CNG.
You can install the Active Directory Certificate Service role by using Server Manager. You need to set up a CA to install Process for Installing and Configuring Active Directory Certificate Services. There are various types of CAs, such as Enterprise CA and Standalone CA, which can be used to integrate Active Directory Certification Services with Active Directory.
You can use the certificate management process to request and approve certificate requests, manage certificate renewals, manage certificate templates, and configure Web enrollment. You can configure the group policy settings for Certificate Services by launching the Group Policy Management Console. You can configure certificates for certificate stores by selecting the Automatic Certificate Request Settings option.
You can provide OCSP in Windows Server 2008 by using certificate revocation. certificate revocation is a part of the process of managing certificates issued by CAs. Windows Server 2008 provides the OCSP as an alternative means of managing certificate revocation.
