Exporter (0) Imprimer
Développer tout

Security Tools to Administer Windows Server 2012

Publication: octobre 2012

Mis à jour: octobre 2012

S'applique à: Windows 8, Windows Server 2012

This topic for the IT professional lists and describes Microsoft tools that are available for Windows Server 2012 to administer security technologies and address ongoing threats to your computers and network.

Managing user identities and processes for logon and authentication involve important yet often repetitive tasks. To obtain information about and manage user accounts, groups, and credentials, use one of the following tools.

 

Tool Type Description

Whoami

Windows command-line tool

Displays user, group, and privileges information for the user who is currently logged on to the local computer. If used without parameters, whoami displays the current domain and user name.

cmdkey

Windows command-line tool

Creates, lists, and deletes stored user names and passwords or credentials.

NET LocalGroup

Windows command-line tool

Adds, displays, or modifies local groups.

NET User

Windows command-line tool

Adds or modifies user accounts, or displays user account information.

Get-Credential

Windows PowerShell cmdlet

Gets a credential object based on a user name and password.

Get-Authenticode Signature

Windows PowerShell cmdlet

Gets information about the Authenticode signature in a file.

LogonSessions

Sysinternals utility

Lists active logon sessions.

PsLoggedOn

Sysinternals utility

Lists users logged on to a computer.

Adding, deleting, and modifying account and group information is one of the most frequent administrator tasks. To modify or create new security principals, use one of the following tools.

 

Tool Type Description

Ktpass

Windows command-line tool

Configures the server principal name for the host or service in Active Directory Domain Services (AD DS) and generates a .keytab file containing the shared secret key of the service.

noteRemarque
The .keytab file is based on the Massachusetts Institute of Technology (MIT) implementation of the Kerberos authentication protocol. The Ktpass command-line tool allows UNIX-based services that support Kerberos authentication to use the interoperability features provided by the Key Distribution Center (KDC) service in Windows Server 2008.

cmdkey

Windows command-line tool

Creates, lists, and deletes stored user names and passwords or credentials.

NET LOCALGROUP

Windows command-line tool

Adds, displays, or modifies local groups.

NET USER

Windows command-line tool

Adds or modifies user accounts, or displays user account information.

Dsadd

Windows command-line tool

Allows you to add specific types of objects to the directory.

Add-Computer

Windows PowerShell cmdlet

Adds computers to a workgroup or domain.

Remove-Computer

Windows PowerShell cmdlet

Removes computers from workgroups or domains.

Reset-ComputerMachinePassword

Windows PowerShell cmdlet

Resets the computer account password.

Certificate and encryption can significantly strengthen the security of a network and its resources. To manage certificate requests and encrypted files or directories, use the following tools.

 

Tool Type Description

Certreq

Windows command-line tool

Requests certificates from a certification authority (CA), retrieves a response to a previous request from a CA, creates a new request from an .inf file, accepts and installs a response to a request, constructs a cross-certification or qualified subordination request from an existing CA certificate or request, or signs a cross-certification or qualified subordination request.

Cipher

Windows command-line tool

Displays or alters the encryption of directories and files on NTFS volumes. If used without parameters, cipher displays the encryption state of the current directory and any files it contains.

Get-PfxCertificate

Windows PowerShell cmdlet

Gets information about .pfx certificate files on the computer.

Certificate Provider

Windows PowerShell provider

Allows you to navigate the certificate namespace and view the certificate stores and certificates. You can also copy, move, and delete certificates and certificate stores, and open the Certificates snap-in for the Microsoft Management Console (MMC).

Active Directory Certificate Services (AD CS) role services allow an organization to issue and manage certificates that enable a variety of network infrastructure requirements. To manage a CA and complete a variety of other AD CS tasks, use the following tool.

 

Tool Type Description

Certutil

Windows command-line tool

Collects and displays certification authority (CA) configuration information, configures AD CS, backs up and restores CA components, and verifies certificates, key pairs, and certification paths.

Files, folders, and shares that are protected by using access control lists (ACLs) can be monitored and managed by using the following tools, cmdlets, and utilities. To obtain information about access permissions on resources, use one of the following tools.

 

Tool Type Description

Icacls

Windows command-line tool

Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories. Icacls.exe replaces the Cacls.exe tool for viewing and editing DACLs.

Dsacls

Windows command-line tool

Displays and changes permissions (access control entries) in the ACL of objects in Active Directory Domain Services (AD DS).

Get-Acl

Windows PowerShell cmdlet

Gets the security descriptor for a resource, such as a file or registry key.

ShareEnum

Sysinternals utility

Allows you to scan file shares on your network and view their security settings.

AccessChk

Sysinternals utility

Displays access permissions to files, registry keys, or Windows services for a specified user or group.

AccessEnum

Sysinternals utility

Displays access permissions to directories, files, and registry keys for all users and groups on computers in your domain.

Administrators might need to modify the ownership of files or ensure that deleted files cannot be accessed. To take ownership or securely delete files, use one of the following tools.

 

Tool Type Description

Takeown

Windows command-line tool

Enables an administrator to recover access to a file that previously was denied, by making the administrator the owner of the file.

SDelete

Sysinternals utility

Allows you to securely overwrite your sensitive files and remove previously deleted files by using this Department of Defense–compliant secure deletion program.

Security auditing allows you to monitor and analyze a wide variety of computer and network activities. The following utilities can be used to configure event logging and manage event logs and event log entries.

 

Tool Type Description

Auditpol

Windows command-line tool

Displays information about and performs functions to modify audit policy settings.

Logman

Windows command-line tool

Creates and manages Event Trace Session and Performance logs and supports many functions of Performance Monitor from the command line.

Clear-EventLog

Windows PowerShell cmdlet

Deletes all entries from specified event logs on a local or remote computer.

Get-Event

Windows PowerShell cmdlet

Gets the events in the event queue.

Get-EventLog

Windows PowerShell cmdlet

Gets the events in a specified event log or a list of the event logs on a computer.

New-Event

Windows PowerShell cmdlet

Creates a new event.

New-EventLog

Windows PowerShell cmdlet

Creates a new event log and a new event source on a local or remote computer.

Remove-event

Windows PowerShell cmdlet

Deletes events from the event queue.

Remove-EventLog

Windows PowerShell cmdlet

Deletes an event log or unregisters an event source.

Show-EventLog

Windows PowerShell cmdlet

Displays the event logs of the local or a remote computer in Event Viewer.

Write-EventLog

Windows PowerShell cmdlet

Writes an event to an event log.

Limit-EventLog

Windows PowerShell cmdlet

Sets the event log properties that limit the size of the event log and the age of its entries.

PsLogList

Sysinternals utility

Allows you to collect event log records.

WEvtUtil

Windows command-line tool

Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs.

Security policy is the configurable set of rules that the operating system follows when determining the permissions to grant in response to a request for access to resources. You can use the following tools to analyze and manage security policy settings for a single computer or a domain.

 

Tool Type Description

Security Configuration Wizard (SCW)

Windows administrative tool

Determines the minimum functionality required for a server's role or roles and disables functionality that is not required.

Secedit

Windows command-line tool

Configures and analyzes system security by comparing an existing configuration to at least one template.

GPUpdate

Windows command-line tool

Refreshes local and domain Group Policy settings, including security settings.

noteRemarque
This command-line tool supersedes the /refreshpolicy option for the secedit command.

GPResult

Windows command-line tool

Displays Resultant Set of Policy (RSoP) information for a local or domain user and computer.

Local Security Policy

Microsoft Management Console (MMC) snap-in

The Security Policy snap-in (secpol.msc) allows you to adjust settings for Account Policies, Local Policies, Windows Firewall with Advanced Security, Network List Manager Policies, Public Key Policies, Software Restriction Policies, Application Control Policies, IP Security Policies on Local Computer, and Advanced Audit Policy Configuration.

Security templates

Microsoft Management Console (MMC) snap-in

Security templates provide standard security settings to use as a model for your security policies. They help you troubleshoot problems with computers whose security settings are not in compliance with policy or are unknown. Security templates are inactive until imported into a Group Policy object or the Security Configuration and Analysis snap-in to MMC.

Présentation technique AppLocker

Microsoft Management Console (MMC) snap-in

AppLocker helps you control which applications and files users can run. These include executable files, scripts, Windows® Installer files, DLLs, Packaged apps and Packaged app installers. You can also use AppLocker to inventory applications running on your computers.

Vue d’ensemble des stratégies de restrictions logicielles

Microsoft Management Console (MMC) snap-in

You can use software restriction policies to create a highly restricted configuration for computers, in which you allow only specifically identified applications to run. Software restriction policies are integrated with Microsoft Active Directory and Group Policy. You can also create software restriction policies on stand-alone computers. Software restriction policies are trust policies, which are regulations set by an administrator to restrict scripts and other code that is not fully trusted from running.

Understanding the configuration and behavior of a computer and the applications and processes running on that computer are important to diagnosing performance issues and system failures but can require detailed investigation. The following tools can assist with many of these tasks.

 

Tool Type Description

Runas

Windows command-line tool

Allows a user to run specific tools and programs with different permissions than the user's current logon provides.

SC

Windows command-line tool

Communicates with the Service Controller and installed services.

Shutdown

Windows command-line tool

Enables you to shut down or restart local or remote computers one at a time.

Tasklist

Windows command-line tool

Displays a list of currently running processes on the local computer or on a remote computer.

Taskkill

Windows command-line tool

Ends one or more tasks or processes. Processes can be ended by process ID or image name.

Bootcfg

Windows command-line tool

Configures, queries, or changes Boot.ini file settings.

Get-ExecutionPolicy

Windows PowerShell cmdlet

Gets the execution policies in the current session.

Set-ExecutionPolicy

Windows PowerShell cmdlet

Changes the user preference for the execution policy of the shell.

ShellRunAs

Sysinternals utility

Allows you to start programs as a different user via a shell context-menu entry.

PsTools

Sysinternals utility

Includes command-line tools for listing the processes running on local or remote computers, running processes remotely, restarting computers, and obtaining copies of event logs.

Autologon

Sysinternals utility

Allows you to bypass the password screen during logon.

Autoruns

Sysinternals utility

Shows what programs are configured to start automatically when a computer starts and the user logs on. Autoruns also shows the registry and file locations where applications can configure auto-start settings.

Process Explorer

Sysinternals utility

Allows you to find out what files, registry keys, and other objects processes are open, which dynamic link libraries (DLLs) they have loaded, and who owns each process.

PsExec

Sysinternals utility

Allows you to run processes with limited-user rights.

Microsoft provides a number of free tools that can be used to diagnose overall system health and security and protect against the risk of infection from malware. The following tools can be used to accomplish these tasks.

 

Tool Type Description

The Security Development Lifecycle Developer Starter Kit

Download

The SDL Developer Starter Kit offers 14 content modules (with speaker notes, presenter guides, and sample comprehension questions) plus eight MSDN virtual labs with lab manuals—all created to help you build a customized SDL training program for your development teams.

Malicious Software Removal Tool

Download

Checks computers running Windows 7, Windows Vista, Windows XP, Windows Server 2008, or Windows Server 2003 for infections by specific, prevalent malicious software and helps remove any infection found.

Microsoft Baseline Security Analyzer (MBSA)

Download

Helps small-sized and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.

Microsoft Security Assessment Tool

Download

Provides information and recommendations about best practices to help enhance security within your IT infrastructure.

Enhanced Mitigation Experience Toolkit v3.0

Download

Allows you to design mitigation methods to help prevent malicious users from gaining access to your system.

Microsoft Threat Analysis & Modeling Tool

Download

Allows you to enter information including business requirements and application architecture, which is then used to produce a threat model.

RootkitRevealer

Sysinternals utility

Allows you to scan your computer for rootkit-based malware.

Sigcheck

Sysinternals utility

Allows you to collect file version information and verify that images on your computer are digitally signed.

Attack Surface Analyzer

Download

Allows you to catalogue changes made to the operating system attack surface by the installation of new software.

The following table provides additional resources for security tools in related technologies.

 

   

Group Policy

Vue d’ensemble de la stratégie de groupe

Active Directory Domain Services

Vue d’ensemble des services de domaine Active Directory

Active Directory Certificate Services

Vue d’ensemble des services de certificats Active Directory

Security Troubleshooting

Wiki: Troubleshooting Portal

Windows Server Update Services

Vue d’ensemble des services WSUS (Windows Server Update Services)

Microsoft System Center

Microsoft System Center 2012

Cela vous a-t-il été utile ?
(1500 caractères restants)
Merci pour vos suggestions.

Ajouts de la communauté

AJOUTER
Afficher:
© 2014 Microsoft