Techniques For Designing Security For Client Computers

By Author: iris
Total Articles: 286
Comment this article

Securing client computers involves both securing the client MCTS: Windows Vista computing device (com-puter, PDA, smart phone, and so on) and locking down what users of the device can do to it and with it. This chapter will concentrate on designing a strategy to secure client computers running Microsoft Windows by using Windows tools. The following sections describe the components of the security strategy that you must think about and the techniques that you must use.
Components of a Security Strategy for Client Computers
The components of a security strategy for client computers include:
Designing an OU infrastructure for computers
Designing an OU infrastructure for users
Designing the GPO infrastructure for user and computer OUs
Designing a strategy for hardening client operating systems
Designing a strategy for restricting users

In Chapter 8, you learned how to design server security by server role. The techniques learned there can be applied to designing security for client devices and users. Ultimately, the design of secure clients ...
... must be based on a security policy but interpreted in a manner necessary for each type of client. To proceed, use the following techniques:
Separate client computers by operating system roles such as desktop or remote computers (laptops and desktops).
Group user accounts by the job that they do. Dividing client computer and user accounts in this manner allows the
Free practice exams for MCTS design to address specific types of
users and computers.
Develop Group Policy Objects (GPOs) that address the management and security concerns of each computer and user role.
Secure computer and user accounts that are not part of an Active Directory directory service infrastructure. Security templates, systems policies and scripts, as well as third-party products can be used to manage and secure these computers and the users who work with them.
Tip This lesson will not directly address client computers other than those with accounts in Active Directory; however, many of the techniques discussed can be used on stand-alone client computers.

The next sections in this lesson will address designing an OU infrastructure to sup?port this type of design. Using OUs and GPOs is the way to secure Windows clients that are members of a Windows Server 2003 or Windows 2000 domain. However, some workstations might not be joined in a Windows domain. Securing these clients will require other techniques. Techniques for securing stand alone Windows clients are addressed in Lessons 2 and 3, which present the design details for securing MCSE exams and clients, respectively.