Designing An Incremental Template For A Perimeter Network Server

By Author: Shirley Green
Total Articles: 129
Comment this article

In this practice, you will develop a list of items to consider when developing an incremental template for MCSA Certification and sketch an OU infrastructure that can provide security in the perimeter network. Read the scenario and then complete the exercises that follow. If you are unable to answer a question, review the lesson mate-rials and try the question again. You can find answers to the questions in the "Questions and Answers" section at the end of the chapter.

While developing your baseline and incremental templates, you've had to struggle with what to do with the servers on the perimeter. You have identified two file servers that sit on the perimeter partner network. There is a partner network that is a segmented network area that provides access to researchers from a partner toy company, Tailspin Toys. The network is segmented from the internal Wingtip Toys network by a firewall that restricts traffic between the internal network and the partner network. Researchers from Wingtip Toys can access the partner network across the boundary between internal and partner networks, ...
... and researchers from Tailspin Toys can access the partner network via a special free A+ practice exams and via a special VPN. The file servers contain research documents. A separate forest has been established, and the file servers are member servers in a domain in this forest.
This is a good place to restrict access to only those who need it, depending on computer role. Use the High Security recommendation, and make other decisions in the incremental templates. Restricting access further here might cause problems, especially if few server roles really need restrictions.
By default, this setting is not defined in other templates and the member server default is Administrators, NETWORK SERVICE, LOCAL SERVICE. The reason for repeating this information in the template is to be able to reapply the defaults. If an administrator granted this right to other users, thus making an attack or misuse more likely to succeed, a GPO that uses this template will maintain the defaults. This is a good use of templates, and you might consider using this strategy to protect other critical security settings.
There have been cases where a user with this right was able to elevate his privileges to administrator and thus take over a computer. Note how the template removes a right free Security+ practice exams that could prove dangerous in the wrong hands a right that is not necessary anyway in a production environment.