Professional Documents
Culture Documents
Zaawansowana
administracja systemem
Autor: Andrzej Szelg
ISBN: 978-83-246-2461-4
Format: 158x235, stron: 360
01234567892
!
"
#$#$%&'()*+,-.-/0123,4)*'&3-,5,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$#6
#$#$#$4)*'&3-,5,7/+8/08,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$#9
#$#$:$4)*'&3-,5,;&10,<+-)=,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$#9
#$#$>$4)*'&3-,5,;&10,?801)@1,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$#9
#$#$A$4)*'&3-,5,?8&B0--)&*+C,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$#5
#$#$6$4)*'&3-,5,DC/)1+/0,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$#E
#$#$9$4)*'&3-,5,F*/08G8)-0,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$:H
#$:$IC+=(0J&,3+8/&,3.K8+L,-.-/01,4)*'&3-,5M,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$:#
#$:$#$N+/3&OLP,G8&-/&/+,),)*/@)=.Q*&OL,@R./S&3+*)+,-.-/01@,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$:#
#$:$:$DG8&-(=(&*0,(+8(T'(+*)0,-G8(U/01,),+GC)S+=Q+1),$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$:E
#$:$>$%&(-(08(&*0,1&RC)3&O=),(+8(T'(+*)+,'+*.1),$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$>A
#$:$A$V3)US-(&*+,3.'+Q*&OL,),-S+C&3+C*&OL,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$>6
#$:$6$DC0G-(&*.,-.-/01,(+K0(G)0=(0W,),&=X8&*.,'+*.=X,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$>9
Y
Z
[\]
!
^_
:$#$?8(.J&/&3+*)0,'&,)*-/+C+=Q),$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$A>
:$#$#$`8=X)/0S/@8+,>:,=(.,9A,K)/.M,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$AA
:$#$:$D+S/@+C*)0*)0,-.-/01@,=(.,=(.-/+,)*-/+C+=Q+M,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$AA
:$#$>$a+S),@Sb+',G+8/.=Q),'.-S&3.=X,),-.-/01,GC)S23M,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$A6
:$#$A$?+8/.=Q&*&3+*)0,c<%,=(.,d?eM,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$A5
:$#$6$7G8+3'(0*)0,1)*)1+C*.=X,3.1+J+W,-G8(U/&3.=X,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$AE
:$#$9$f&*B)J@8&3+*)0,@-/+3)0W,<gh7,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$AE
:$:$g*-/+C+=Q+,-.-/01@,4)*'&3-,5,?8&B0--)&*+C,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$Ai
:$:$#$4.1+J+*)+,-G0=Q+C*0,'C+,'.-S23,G&'-/+3&3.=X,),'.*+1)=(*.=X,$$$$$$$$$$$$$$$$Ai
:$:$:$g*-/+C&3+*)0,-.-/01@,4)*'&3-,5,?8&B0--)&*+C
(+,G&1&=T,-S8.G/@,I)-S?+8/$0j0,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$6H
:$>$k(.**&O=),G&)*-/+C+=.Q*0,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$66
:$>$#$?08-&*+C)(&3+*)0,-.-/01@,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$66
:$>$:$D+S/@+C*)0*)0,-.-/01@,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$6E
:$>$>$?&K)08+*)0,),)*-/+C&3+*)0,G8&J8+1@,+*/.3)8@-&30J&,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$9>
_
Zl
m
!
n"
>$#$?8(.-/+3S+,V+8(T'(+*)0,S&1G@/0801,ok&1GcJ1/$1-=p,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$96
>$#$#$f&8(.-/+*)0,(,*+8(U'(),-.-/01&3.=X,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$95
>$#$:$f&8(.-/+*)0,(,*+8(U'()+,c+J+(.*,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$EH
>$#$>$V+8(T'(+*)0,@-b@J+1),-.-/01&3.1),),+GC)S+=Q+1),$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$E#
01
2345678191
1
748674153438188
!"#!$#%$$&'()$&&'%*+,
-.&#!!/$(!01*21(345(6*1%&(7,
8*9$:;()&&'%;4<5=*9$:>7,
?9*%()*&&'%$4<5?9*>7,@
A$#*+&<:%'?'9(=*%%#B1$4<?=>7,@
61&'*+$4=*'*1>7C
-5&'%$!!/$(!$C
5$D$?''C@
5/!"'$#E+$"2C@
A6*:%CF
@8*';G'2*+$2H+$I$1'*#!$C,
J:1K#$/&*1$!()-LF.:M)"!2$:$*-LA!"#!$';/*1(0#*!!K#!$&2N#$2%$&&'%;-L
A-OPQ>-L
A5=>-LJ
A-O!"#!$#*!!K#!$#&2%$2*%/;'--L
A--6!&'+2.!K#!$#&2%$4]$&2<:%'%&(7--L
A-O!"#!$';/*1(0]$&26'>--A.+&*+!!K#!$2*9$:;()K#&2H+2*%/;'--
A-Q+*!$/'()$/*#&'+*+)OQI5#1/1$2()$--
AQ+*!$/'()$*!&!!*)I^Q#1#(3;G'2*+$2H+ --A
AI*%'*+$$2*%/&)+*1;%$H+OQI5*!%$)#*&'2$1*2()$--@
AA8*+'*+$+*1;%$;I^Q#*&&'%;/1$2H+OQI54=*_'>7--,
A.!K#!$+#)*`($K#&2H+2*%/;'--C
A-]9:%'()#&2;4]Iabc?>$]9:>7-L
Ad(!&!(!$#&2;4=1<:>7-
AA.+&*+!:#$$#*'(!K(#&2H+#%$(!(3-C
AA-*1;%$/*&'-L
AA*1;%$*!N*G*-L
AA*1;%$/&2*+4a^?]BL7-AAA*1;%$#;1*+4a^?]B-7-AA@*1;%$/&2*+!/!&'*`($K4a^?]B@7-
AAJ.%$)&!$+*1;%$;4]$&26'>7-A
AAFa*!&!!$+*1;%$;4]$&2<:%'%&(7-@
A@Q+*!$$;&;+$!&'+;*#/*:*;&!2*#!$4a^?]B-7-F
AJ.!K#!$/!#!$N%$#&2;-AAJ-NK(!$/!#!$N;#&2;#1+&!&'2$(3;G'2*+$2H+-A
AJc!&2$+$$9*%()$*+/$&(3/!#!$N;#&2;-AF
AJQ+*!$+/$&;/!#!$N;#&2;#1+(3;G'2*+$2H+ -A,
AJA8*%/&)OQI5/!#!$N#&2;-@L
AF5/+#!$#&2H++/*&!;2$+$;N"#H+$;&!2*#!*(3&2'*H+
4=32]&2>7-@-
@-O!"#!$#*!!K#!$;G'2*+$2%$$:;/%$-@J
@--6!&'+2cG'2*+$($:;/1*214ic&<:%&(7-@J
@-618*';G'2*+$2H+$I$1'*#!$-@F
@?&'*'2*';G'2*+$2H+$:;/*!HG$(/*%$"#!$%$-@F
012345678924
!"#$%&'(
')*#&+,'(
-./0'12
3"4'1
5$!"$"&#$%4"'15644#7'8'
5'6797/0'8'
5-6/7"%!%7'8!"94&97#:"$'85
'!"94&'8
-;4&494'81
!"%::&94447'88
5<$&&:"$'8=
>?@A@2BC4DE4FBBGBH3?GBH74@B6@IA@BH274J?KA76BL2
241K2MBL24G43N357L274O2HA?G34P4EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEQRQ
1'ST""!"9&UV<'=1''W$X9)X37&$,'=1'-ST"40X#+'=
1-<$&$94)UV<,'=5
1-'Y$$""%$$&UV<'=1
1--<$&UV<$9$&$&'==
1-
<$&UV<$%79Z<[UXX'=(
1-5\97$$&UV<"$%79UXX'=(
1-<949&UXX"$T7&'(1
!"9&UV<)Z\*+,'(8
15!"&$/!"$"#-22
15'6&$/-2'
15-\&$/S6V<$9UV<-215
\&$/"&$/"#)X&+U+"+,-2
>?@A@2BC4PE4FB6@IA@BH27432792BL24]^_`a_4G4O2HA?G34P4EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEbcP
01
2345678191
1
748674153438188
!"#"$"#%$$&#'$()*&+#,#$&,-./0
12#%3./0
.4523.67
/89:993.6.
65$;93.66
F18!"#"$G"#'#,H+9&)++9);#I$)';9.6F
F112(J9;)I,K#L:,MN,'(O.6F
F1.2+9&IP+"'#,H($I(,-L:,2$()+,O.6F
F1/8!"#P'#,#",-I$9++9);#"$&+
L:+Q3O.60
F.8!"#"$G"#'#,H+9&)'(#I*&++9)$&,-#+9$&#I*&.R1
F.1S"T&U#I9$+9$&#I*&LV#U#3O.R.
F..U#I,K'$"'#+;'(#I;L:#%V#U3O.R
F./Q$9$(+$*&++9);#"$&+L:WJ3O.R0
F/)9$"'#,#I$U#%;,K#++9);.X7
F/1:9$+$&#"$($%$&#I9#9(#%9,-)#+9-+Y.X1
F/.YG,##;T&,-;+Y;%++9)$&,-.X.
F//YG,#;"#Y*&"$)Z(,-.XR
F/6[($I$&#I$)';9L\:]#+,$3O.XF
F/R2%$9$&#'$,";,-#&#,K##$"9&#",-L:]J^\3O.7
F6PG"##+'I,KG"$9,G,G($%$&#.6
F61Q$U#%;$&##+'I,K#"H($%$&#.R
F6.Q$U#%;$&##+'I,K#"H($%$&#I$9,-.
FRP&+$&I$U#%;$&#'#,H&#"$&+.
FR1^$%$&##9I,K_99;YI$);#I9;
"(;T9I$&#I*&'*;KG,,-+#!($%$&`.
FR.^$%$&##9I,K_9I+9I$);#I9;
"(;T9I$&#I*&'*;KG,,-+#!($%$&`.F
FR/Q(#9+#,#S#,$+$U9_'$"'#+;K,U$&$I$);#I,K!L&+O.F
FR6Q'9$%U#++9);_&);Z)$,G$,-$!I(;,
"(I(;,;T9I$&#I*&',-$&&,-I$)';9.0
FRR^$%$&##9I,K_#&Z	(K&$+99#%$;T9I$&#I.F1
FRX^$%$&##9I,K_(#,'$Z"#,-($%$&H"$;U$$&#
L&''"I;#"$+9!'$Z,#I$9$("$)O.F1
FR^$%$&##9I,K_)$#9;K;T9I$&#I$)#!-+Y
'"K%$&%Z#!,#).F.
FRFP)I#!,#_&,Z`'(#I+9$#,$&#')#!,#	(K.F/
01P&+$&!"#"$)$#9$$&#I9&$Z,##&"K$Z,#I$)';9.FX
011S$#9$&"K$Z,#L2US$3O.FX
01.S$#9$+$*&L5+S$3O.F
01/S$#9$#&$"$Z,#.06
0.\&$#+,%*Y$&%$'$9;"$9,G,%$fI$",K#++9);g.0
0/PG"#'(#I,K)#h'$,+)##&"K$Z,#G++9);L\+IS%3O/71
06P&+$&G"#&YZ,#&$Z,#)#++9);
L:+9)2$'9#+4"i,"3O/7F
061PG"#&"K$Z,#G'(#I,K#/70
06.PG"#')#!,#G	(G/11
06/PG"#;;,-)##)#$"+I#&#)++9);/16
012345678924
!"#
"$%&!"'
($%!"
!$$)*+!("
,$*-!("
#.$%/0)1+%%0$!(!
2.0%33 $0-%)!(,
'4%+ %%$!(2
'"5%6%$%!(2
'(5%7/!!,
'!5%.81+!!
',5%5/$*-9:!!#
'
5%.81%+$%
%/8& !!#
;<=>57?4@4A<B743?6C5D4?E>B2>5F6<B74B43D357G274H2I=<B34
4J6<K7332<I>E4LLLLLLLLMMN
;<=>57?4O4P<I3<E743D357GF4H2I=<B34
4J6<K7332<I>E4LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLMQR
4
O2SE2<T6>K2>4LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLMQM
4
0?<6<B2=U4LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLMQ
277
Ustawienie zabezpiecze Przeprowad inspekcj zdarze logowania na kontach pozwala okreli (zgodnie z rysunkiem 8.27), czy kada weryfikacja powiadcze konta
na lokalnym komputerze (aktywna opcja Niepowodzenie [Failure]) ma by poddawana inspekcji w systemie Windows 7 Professional.
278
Rysunek 8.28.
Okno dialogowe
Waciwoci:
Logowanie
interakcyjne:
tytu komunikatu
dla uytkownikw
prbujcych si
zalogowa
279
Rysunek 8.29.
Okno dialogowe
Waciwoci:
Logowanie
interakcyjne:
tre komunikatu
dla uytkownikw
prbujcych si
zalogowa
Aby zapobiec atakom pochodzcym wntrza sieci, ktre polegaj np. na modyfikowaniu
transmitowanych pakietw SMB, wspomniany wczeniej protok SMB obsuguje cyfrowe
podpisywanie tych pakietw. Suy do tego zasada ustawienia zabezpiecze lokalnych
o nazwie Klient sieci Microsoft: podpisuj cyfrowo komunikacj (zawsze) (Microsoft network
client: Digitally sign communications (always)), ktrej dwie opcje zostay pokazane na
rysunku 8.30. Po wczeniu tego ustawienia pakiety SMB bd podpisywane cyfrowo przez
system Windows 7 Professional. Warto wiedzie, e klient sieci firmy Microsoft nie bdzie
mg komunikowa si np. z serwerem sieci firmy Microsoft, dopki serwer ten nie zgodzi
si na podpisywanie pakietw SMB.
i uywaniu nowych kluczy (User input is not required when new keys are stored
and used),
280
Rysunek 8.30.
Okno dialogowe
Waciwoci:
Klient sieci Microsoft:
podpisuj cyfrowo
komunikacj (zawsze)
Rysunek 8.31.
Okno dialogowe
Waciwoci:
Kryptografia systemu:
wymu mocn ochron
klucza dla kluczy
uytkownikw
przechowywanych
na komputerze
281
8.5.6.Logowanie interakcyjne:
liczba porednich zalogowa do zbuforowania
(w przypadku niedostpnoci kontrolera domeny)
Ustawienie zabezpiecze lokalnych w postaci zasady Logowanie interakcyjne: liczba
porednich zalogowa do zbuforowania (w przypadku niedostpnoci kontrolera domeny)
(Interactive logon: Numbers of previous logons to cache (in case domain controller is not
available)), ktre zostao pokazane na rysunku 8.33, okrela, czy bdzie moliwe pracowanie na kontach domenowych przy jednoczesnym braku dostpu do jakiegokolwiek
282
Rysunek 8.33.
Okno dialogowe
Waciwoci:
Logowanie
interakcyjne:
liczba porednich
zalogowa
do zbuforowania
(w przypadku
niedostpnoci
kontrolera domeny)
kontrolera domeny. Ustawienie w tej zasadzie wartoci 0 spowoduje wyczenie buforowania lokalnego kont domenowych, a tym samym niemono pracy na tego typu koncie
przy braku moliwoci skontaktowania si z kontrolerem domeny.
Alternatywna metoda zmiany domylnej wartoci powiadcze kont domenowych
przechowywanych w buforze lokalnego komputera zostaa zaprezentowana w rozdziale 7. tej publikacji i polegaa na edycji rejestru systemu Windows, a dokadniej cigu
CachedLogonsCount typu REG_SZ znajdujcego si w kluczu HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
283
Rysunek 8.34.
Okno dialogowe
Waciwoci:
Logowanie
interakcyjne:
monituj uytkownika
o zmian hasa przed
jego wyganiciem
284
Rysunek 8.35.
Okno dialogowe
Waciwoci:
Zamknicie:
wyczy plik
stronicowania
pamici