Understanding the Security Configuration And Analysis Feature
The Security Configuration And Analysis feature in offers administrators the ability to configure security, analyze security, view results, and resolve any discrepancies revealed by analysis. This lesson shows you how to use the Security Configuration And Analysis feature.
The Security Configuration And Analysis feature is a tool for analyzing and configuring local system security. This feature compares the effects of one security template or the combined effects of a number of security templates with the currently defined security settings on a local computer.
The Security Configuration And Analysis feature allows administrators to perform a quick security analysis. In the security analysis, recommendations are presented alongside current system settings and icons or remarks are used to highlight any areas where the current settings do not match the proposed level of security. The Security Configuration And Analysis feature also offers the ability to resolve any discrepancies revealed by analysis.
The Security Configuration And Analysis feature can also be used to configure local system security. You can import security templates created with the Security Templates console and apply these templates to the windows 7 configuration for the local computer. This immediately configures the system security with the levels specified in the template.
Hisecdc.inf In order to apply Hisecdc.inf to a domain controller, all of the domain controllers in all trusted or trusting domains must run Windows 2000 or later. If a domain controller is configured with Hisecdc.inf, the following constraints apply.
A user with an account in that domain cannot connect to any member server from a client unless both the client and the target server are running Windows 2000 or later and can use Kerberos-based authentication and the client is configured to send NTLM version 2 responses.
Lightweight Directory Access Protocol (LDAP) clients cannot bind with the Active Directory LDAP server unless data signing is negotiated. Bind requests using
Idapjsimplejbind or ldap_simple_bind_s are rejected. By default, all Microsoft LDAP clients that ship with Windows XP request data signing if Transport Layer
Security/Secure Sockets Layer (TLS/SSL) is not already being used. If TLS/SSL is being used, then data signing is considered to be negotiated.
To use the Security Configuration And Analysis feature, you must be logged on as an administrator or a member of the Administrators group. If your computer is connected to a network, network policy settings might prevent CompTIA you from completing this procedure.