6406/6407 - Getting Started with Security and Policy Control in Windows Server 2008 with Hands on Labs

• Security Enhancements in Windows Server 2008 and
• Network Access Protection in Windows Server 2008

After completing this course, you will be able to:

• Use Windows Firewall with Advanced Security to configure domain isolation with IPsec
• Enforce network communications policy using Policy-based QOS
• Implement Network Access Protection to enforce minimum standards for computers before they connect to the corporate network

Module 1: Security Enhancements in Windows Server 2008
After completing this module, students will be able to:
• List the new security features in Windows Server 2008
• Understand how security policies are enforced in Windows Server 2008
• Describe the new Windows Firewall
• Understand IPsec, describe how it works, and understand its benefits
• List other enhancements that have been made in Windows Server 2008 to improve security

Exercise 1: Creating a Communications Security Policy for Roaming Users
After completing this module, students will be able to:
• Create a Policy for roaming users.
• Configure Windows Firewall with Advanced Security.
• Create Inbound Rule for Management Application in Domain Profile.
• Create Firewall Exemption for Domain Administrators.
• Verify that the Roaming User Policy is Applied.
• Configure Domain Isolation using WFAS
• Apply the New Group Policy Settings
• Test the Domain Isolation Policy
• Configure the Connection Security Rule to Encrypt IPsec Connections
• Configure WFAS to Require Secure Encrypted Connections
• Clear all WFAS Settings
• Refresh WFAS

Exercise 2: Managing Network Bandwidth using Windows Quality of Service (QOS)
After completing this module, students will be able to:
• Create a Custom Administrative Tool to Monitor the Effects of QOS
• Create and Share a folder
• Perform a Test Upload
• Create a QOS Policy for Managed Desktops
• Perform a New Test

Exercise 3: Network Access Protection with Windows Server 2008
After completing this module, students will be able to:
• Review the Membership of the IPsec NAP Exemptions Global Group
• Create a Certificate Template for NAP Exemptions
• Enable Certificate AutoEnrollment for Domain Members
• Configure the Network Policy Server to Issue Health Certificates
• Configure the Health Registration Authority to Request Certificates from the Subordinate CA
• Add a System Health Validation Certificate to the Network Policy Server
• Configure the Network Policy Server
• Configure Group Policy to Ensure Client Computers are Configured to Implement NAP
• Update Client Computers to Enforce NAP Policy
• Verify Network Access Protection

Module 2: Network Access Protection
After completing this module, students will be able to:
• Describe Network Access Protection (NAP)
• List the benefits of using NAP
• Understand when to use NAP
• Understand what can be controlled by using NAP
• List the methods used to enforce NAP
• List the components of NAP infrastructure
• Describe NAP policies
• Understand how to configure NAP policies

IT professionals currently experienced on the technologies included in Windows Server 2000 and/or Windows Server 2003, and who hold a Microsoft Certified Systems Engineer (MCSE) or Microsoft Certified Systems Administrator (MCSA) certification and/or equivalent knowledge.

• IT professionals skilled on Windows Server 2000 / Windows Server 2003
• An understanding of network protocols and communication including IPsec
• An understanding of firewalls
• An understanding of Microsoft Active Directory
• An understanding of Group Policy