Windows 2000 Competency Model: Security

Article
12/09/2009

	Security Competencies	Security Competencies	Security Competencies
Technical	Security Policy Management - Standards Security Policy Review Business Area Understanding Security vs. Productivity Issue Process Security Profiling Security Procedures Education Security Policy Modification Windows 2000 Security Model Windows 2000 Single Sign On Windows 2000 Active Directory Windows 2000 Security Configuration Manager Windows 2000 Remote Access Windows 2000 Smart Card Infrastructure Windows 2000 IP Security Protocol Windows 2000 User Administration / Group Policies Windows 2000 Access Control Lists Windows 2000 Public Key Certificate Server Windows 2000 Encrypting File System	Security Monitoring - Hardware, Software, Network Networking Virus Types and Anti-Virus Methods Security Product Offerings Security Risk Monitoring Security Audits Asset Protection Windows 2000 Security Model Windows 2000 Kerberos 5 Authentication Capability Windows 2000 Active Directory Windows 2000 Remote Access Security Planning - New Virus Protection Business Area Understanding Virus Types and Anti-Virus Methods Security Breach Scenario Development Security Consulting Security Product Offerings Windows 2000 Security Model Windows 2000 Active Directory Windows 2000 Remote Access Windows 2000 Smart Card Infrastructure	Security Administration - Add New Users Shared Areas Set-up - (on servers) Security Modeling of Operating Platforms Security Profiling Authentication and Encryption Windows 2000 Security Model Windows 2000 Single Sign On Windows 2000 Kerberos 5 Authentication Capability Windows 2000 Active Directory Windows 2000 Security Configuration Manager Windows 2000 Remote Access Windows 2000 Smart Card Infrastructure Windows 2000 IP Security Protocol Windows 2000 User Administration / Group Policies Windows 2000 Access Control Lists Windows 2000 Public Key Certificate Server Windows 2000 NTFS Windows 2000 Encrypting File System

Technical Competencies
Security Competencies
Security Policy Management
Fundamental Competencies

Competencies		IT Executive	IT Management	IT Workforce
Security Policy Review	Understanding of security policies and ability to review them for completeness.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Business Area Understanding	Understanding of business areas and the type of data they deal with, to better work with them from a security standpoint.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Security vs. Productivity Issue Process	Ability to balance security issues with productivity issues in order to ensure that neither is lowered greatly by security policies.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Security Profiling	Ability to set up security profiles for different groups of users.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Security Procedure Education	Ability to educate and inform employees about security procedures.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Security Policy Modification	Ability to modify the security policies when appropriate.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4

Windows 2000 Competencies

Windows 2000 Security Model	Windows 2000 Security Model is the way in which security features are implemented in Windows 2000, i.e. how the different security features of the OS are interrelated and how changes in one security area can possibly affect other security areas.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the overall Windows 2000 Security Model, its benefits and its impact, and the rationale behind it.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to author guidelines for how to best use the Windows 2000 Security features in an organization.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Single Sign On	Windows 2000 Single Sign-On allows the user to use a single login for authentication to all network based resources.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and of the benefits of the single sign-on capability of Windows 2000.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure a single sign-on solution for groups of users.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot a single sign-on solution.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Windows 2000 Active Directory	Windows 2000 Active Directory is an enterprise-class directory service that is highly scaleable, built using Internet-standard technologies, and fully integrated at the operating system level. is designed to be a consolidation point for isolating, migrating, centrally managing and reducing the number of directories that companies have . allows a single point of administration for all published resources, which can include files, peripheral devices, host connections, databases, Web access, users, other arbitrary objects, services and so forth. uses DNS as its locator service, organizes objects in domains into a hierarchy of OU's (Organizational Units), and allows multiple domains to be connected into a tree structure.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Active Directory.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Knowledge of the hierarchy structure used by Active Directory.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of the standard Active Directory objects.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to add/ change/ copy/ delete objects in an Active Directory structure, using the Microsoft Management Console or scripting automation.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to configure security parameters for Active Directory objects.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to create new directory object types via Active Directory's extensible schema.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of the standards upon which Active Directory is based: DNS (Domain Name Service) and LDAP (Lightweight Directory Access Protocol).	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to interface Active Directory with other directory services including Novell Directory Services (NDS) and other LDAP-based directory services.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish a multi-server, multi-domain Enterprise-wide Active Directory structure.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish domain trust relationships using Active Directory.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of Active Directory's backwards compatibility with Windows NT 3.x/ 4.0 domain structures.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Ability to configure and manage Active Directory replication.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot an Active Directory solution.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Windows 2000 Security Configuration Manager	Windows 2000 Security Configuration Manager is a one-stop security configuration and analysis tool for Windows 2000 Server. allows configuration of various security-sensitive registry settings, access controls on files and registry keys, and security configuration of system services.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the benefits of the Windows 2000 Security Configuration Manager.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure security settings using Security Configuration Manager.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot security issues using Security Configuration Manager.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of the Security Configuration Manager.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Remote Access	Windows 2000 Remote Access offers integrated direct-dial and VPN access for individuals and branch offices over IPSec, PPTP and/or L2TP. This gives the flexibility to use direct dial, Internet-based VPN or both to connect remote systems the network.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Remote Access.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, implement, and administer a solution involving Remote Access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot issues involving Remote Access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of Remote Access.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Smart Card Infrastructure	Windows 2000 Smart Cards are a key component of the public-key infrastructure that Microsoft is integrating into the Windows platform. enhance software-only solutions such as client authentication, single sign-on, and secure storage and system administration.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Smart Card Infrastructure.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, implement, and administer a solution involving Smart Cards.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot issues involving Smart Card access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of Smart Cards.	v1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 IP Security Protocol	Windows 2000 IP Security Protocol is an IETF standard for encrypting TCP/IP traffic. integrates IPSec with system policy management to enforce encryption between systems transparently to the end user. can be used to secure communications within an intranet and to create Virtual Private Network solutions across the Internet.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 support for the IP Security Protocol.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, implement, and administer a solution involving IP Security Protocol.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot issues involving IP Security Protocol access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of IP Security Protocol.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 User Administration / Group Policies	Windows 2000 User Administration / Group Policies is used by administrators to create managed desktop environments tailored to users' job responsibilities and level of experience with computers. The Group Policy snapin and its extensions are used to define Group Policy options for managed desktop configurations for computers and users.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Group Policies.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, administer, and implement Windows 2000 Group Policies.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to configure users' security settings/profiles/policies.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot security issues surrounding user permissions.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of group policies.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Access Control List (ACL)	Windows 2000 Access Control List (ACL) is a list of entries that grant or deny specific access rights to individuals or groups located in the security descriptor.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the benefits of Windows 2000 Access Control Lists.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure Access Control Lists.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot solutions involving Access Control Lists.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of Access Control Lists.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Public Key Certificate Server	Windows 2000 Public Key Certificate Server allows organizations to issue public-key certificates to their users without depending on commercial certificate authentication services.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and benefits of the Windows 2000 Public Key Certificate Server.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Windows 2000 Encrypting File System	Windows 2000 Encrypting File System (NTFS) provides protection for sensitive data. can be enabled on a per-file or per-directory basis. (The encryption technology used is public key-based and runs as an integrated system service, making it easy to manage, difficult to attack and transparent to the user.)
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of the Windows 2000 Encrypting File System	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4

Security Monitoring - Hardware, Software, Network
Fundamental Competencies

Competencies		IT Executive	IT Management	IT Workforce
Networking	Knowledge of networking.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Virus Types and Anti-Virus Methods	Understanding of virus types and anti-virus methods.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Security Product Offerings	Ability to work with vendors offering security solutions in order to evaluate product offerings.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Security Risk Monitoring	Ability to monitor security risks, such as outgoing employees, to help ensure that security is maintained.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Security Audits	Ability to conduct security audits.	1 2 3 4	1 2 v 3 4	1 2 3 v 4
Asset Protection	Ability to coordinate with Networking Group to protect company's information assets from external attack.	1 2 3 4	1 2 3 v 4	1 2 3 v 4

Windows 2000 Competencies

Windows 2000 Security Model	Windows 2000 Security Model is the way in which security features are implemented in Windows 2000, i.e. how the different security features of the OS are interrelated and how changes in one security area can possibly affect other security areas.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the overall Windows 2000 Security Model, its benefits and its impact, and the rationale behind it.	1 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to author guidelines for how to best use the Windows 2000 Security features in an organization.	1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Kerberos 5 Authentication Capability	Windows 2000 Kerberos 5 Authentication Capability provides fast, single log-in to Windows 2000 Server-based enterprise resources, as well as other environments that support this protocol . Security policy settings allow configuration of Kerberos 5 protocol options, including maximum ticket lifetimes and ticket renewal options.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Kerberos 5 Authentication Capability.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, implement, and administer a solution utilizing Kerberos 5 Authentification.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot a solution utilizing Kerberos 5 Authentication .	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Windows 2000 Active Directory	Windows 2000 Active Directory is an enterprise-class directory service that is highly scaleable, built using Internet-standard technologies, and fully integrated at the operating system level. is designed to be a consolidation point for isolating, migrating, centrally managing and reducing the number of directories that companies have . allows a single point of administration for all published resources, which can include files, peripheral devices, host connections, databases, Web access, users, other arbitrary objects, services and so forth. uses DNS as its locator service, organizes objects in domains into a hierarchy of OU's (Organizational Units), and allows multiple domains to be connected into a tree structure.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Active Directory.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Knowledge of the hierarchy structure used by Active Directory.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of the standard Active Directory objects.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to add/ change/ copy/ delete objects in an Active Directory structure, using the Microsoft Management Console or scripting automation.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to configure security parameters for Active Directory objects.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to create new directory object types via Active Directory's extensible schema.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of the standards upon which Active Directory is based: DNS (Domain Name Service) and LDAP (Lightweight Directory Access Protocol).	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to interface Active Directory with other directory services including Novell Directory Services (NDS) and other LDAP-based directory services.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish a multi-server, multi-domain Enterprise-wide Active Directory structure.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish domain trust relationships using Active Directory.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of Active Directory's backwards compatibility with Windows NT 3.x/ 4.0 domain structures.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Ability to configure and manage Active Directory replication.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot an Active Directory solution.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Windows 2000 Remote Access	Windows 2000 Remote Access offers integrated direct-dial and VPN access for individuals and branch offices over IPSec, PPTP and/or L2TP. This gives the flexibility to use direct dial, Internet-based VPN or both to connect remote systems the network.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Remote Access.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, implement, and administer a solution involving Remote Access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot issues involving Remote Access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4

Security Planning - New Virus Protection
Fundamental Competencies

Competencies		IT Executive	IT Management	IT Workforce
Business Area Understanding	Understanding of business areas and the type of data they deal with, to better work with them from a security standpoint.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Virus Types and Anti-Virus Methods	Understanding of virus types and anti-virus methods.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Security Breach Scenario Development	Ability to develop scenarios which would require the security group to take action and to react swiftly in the event of a security breach.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Security Consulting	Ability to work and consult with other IT groups when security questions arise, i.e., system administrators want to set up a group of users with limited administration capabilities and want to know the best way to go about this.	1 v 2 3 4	1 2 3 v 4	1 2 3 v 4
Security Product Offerings	Ability to work with vendors offering security solutions in order to evaluate product offerings.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4

Windows 2000 Competencies

Windows 2000 Security Model	Windows 2000 Security Model is the way in which security features are implemented in Windows 2000, i.e. how the different security features of the OS are interrelated and how changes in one security area can possibly affect other security areas.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the overall Windows 2000 Security Model, its benefits and its impact, and the rationale behind it.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to author guidelines for how to best use the Windows 2000 Security features in an organization.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Active Directory	Windows 2000 Active Directory is an enterprise-class directory service that is highly scaleable, built using Internet-standard technologies, and fully integrated at the operating system level. is designed to be a consolidation point for isolating, migrating, centrally managing and reducing the number of directories that companies have . allows a single point of administration for all published resources, which can include files, peripheral devices, host connections, databases, Web access, users, other arbitrary objects, services and so forth. uses DNS as its locator service, organizes objects in domains into a hierarchy of OU's (Organizational Units), and allows multiple domains to be connected into a tree structure.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Active Directory.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Knowledge of the hierarchy structure used by Active Directory.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of the standard Active Directory objects.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to add/ change/ copy/ delete objects in an Active Directory structure, using the Microsoft Management Console or scripting automation.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to configure security parameters for Active Directory objects.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to create new directory object types via Active Directory's extensible schema.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of the standards upon which Active Directory is based: DNS (Domain Name Service) and LDAP (Lightweight Directory Access Protocol).	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to interface Active Directory with other directory services including Novell Directory Services (NDS) and other LDAP-based directory services.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish a multi-server, multi-domain Enterprise-wide Active Directory structure.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish domain trust relationships using Active Directory.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of Active Directory's backwards compatibility with Windows NT 3.x/ 4.0 domain structures.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Ability to configure and manage Active Directory replication.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot an Active Directory solution.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Windows 2000 Remote Access	Windows 2000 Remote Access offers integrated direct-dial and VPN access for individuals and branch offices over IPSec, PPTP and/or L2TP. This gives the flexibility to use direct dial, Internet-based VPN or both to connect remote systems the network.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Remote Access.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, implement, and administer a solution involving Remote Access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot issues involving Remote Access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Windows 2000 Smart Card Infrastructure	Windows 2000 Smart Cards are a key component of the public-key infrastructure that Microsoft is integrating into the Windows platform. enhance software-only solutions such as client authentication, single sign-on, and secure storage and system administration.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Smart Card Infrastructure.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, implement, and administer a solution involving Smart Cards.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot issues involving Smart Card access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of Smart Cards.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4

Security Administration - Add New Users
Fundamental Competencies

Competencies	IT Executive	IT Management	IT Workforce
Shared Areas Set-Up (on-servers)	Ability to set up shared areas on various servers.	v 1 2 3 4	1 2 3 4	1 2 3 v 4
Security Modeling of Operating Platforms	In- Depth understanding of the security model of the company's operating platform(s).	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Security Profiling	Ability to set up security profiles for different groups of users.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Authentication and Encryption	Understanding of the methods of securing data and files such as authentication and encryption and products which serve to enable/improve these methods.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4

Windows 2000 Competencies

Windows 2000 Security Model	Windows 2000 Security Model is the way in which security features are implemented in Windows 2000, i.e. how the different security features of the OS are interrelated and how changes in one security area can possibly affect other security areas.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the overall Windows 2000 Security Model, its benefits and its impact, and the rationale behind it.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to author guidelines for how to best use the Windows 2000 Security features in an organization.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Single Sign On	Windows 2000 Single Sign-On allows the user to use a single login for authentication to all network based resources.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and of the benefits of the single sign-on capability of Windows 2000.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure a single sign-on solution for groups of users.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot a single sign-on solution.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Windows 2000 Kerberos 5 Authentication Capability	Windows 2000 Kerberos 5 Authentication Capability provides fast, single log-in to Windows 2000 Server-based enterprise resources, as well as other environments that support this protocol . Security policy settings allow configuration of Kerberos 5 protocol options, including maximum ticket lifetimes and ticket renewal options.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Kerberos 5 Authentication Capability.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, implement, and administer a solution utilizing Kerberos 5 Authentification.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot a solution utilizing Kerberos 5 Authentication .	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Windows 2000 Active Directory	Windows 2000 Active Directory is an enterprise-class directory service that is highly scaleable, built using Internet-standard technologies, and fully integrated at the operating system level. is designed to be a consolidation point for isolating, migrating, centrally managing and reducing the number of directories that companies have . allows a single point of administration for all published resources, which can include files, peripheral devices, host connections, databases, Web access, users, other arbitrary objects, services and so forth. uses DNS as its locator service, organizes objects in domains into a hierarchy of OU's (Organizational Units), and allows multiple domains to be connected into a tree structure.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Active Directory.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Knowledge of the hierarchy structure used by Active Directory.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of the standard Active Directory objects.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to add/ change/ copy/ delete objects in an Active Directory structure, using the Microsoft Management Console or scripting automation.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to configure security parameters for Active Directory objects.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to create new directory object types via Active Directory's extensible schema.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of the standards upon which Active Directory is based: DNS (Domain Name Service) and LDAP (Lightweight Directory Access Protocol).	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to interface Active Directory with other directory services including Novell Directory Services (NDS) and other LDAP-based directory services.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish a multi-server, multi-domain Enterprise-wide Active Directory structure.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish domain trust relationships using Active Directory.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Knowledge of Active Directory's backwards compatibility with Windows NT 3.x/ 4.0 domain structures.	1 v 2 3 4	1 2 v 3 4	1 2 3 v 4
Ability to configure and manage Active Directory replication.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot an Active Directory solution.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Windows 2000 Security Configuration Manager	Windows 2000 Security Configuration Manager is a one-stop security configuration and analysis tool for Windows 2000 Server. allows configuration of various security-sensitive registry settings, access controls on files and registry keys, and security configuration of system services.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the benefits of the Windows 2000 Security Configuration Manager.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure security settings using Security Configuration Manager.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot security issues using Security Configuration Manager.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of the Security Configuration Manager.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Remote Access	Windows 2000 Remote Access offers integrated direct-dial and VPN access for individuals and branch offices over IPSec, PPTP and/or L2TP. This gives the flexibility to use direct dial, Internet-based VPN or both to connect remote systems the network.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Remote Access.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, implement, and administer a solution involving Remote Access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot issues involving Remote Access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of Remote Access.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Smart Card Infrastructure	Windows 2000 Smart Cards are a key component of the public-key infrastructure that Microsoft is integrating into the Windows platform. enhance software-only solutions such as client authentication, single sign-on, and secure storage and system administration.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Smart Card Infrastructure.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, implement, and administer a solution involving Smart Cards.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot issues involving Smart Card access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of Smart Cards.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 IP Security Protocol	Windows 2000 IP Security Protocol is an IETF standard for encrypting TCP/IP traffic. integrates IPSec with system policy management to enforce encryption between systems transparently to the end user. can be used to secure communications within an intranet and to create Virtual Private Network solutions across the Internet.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 support for the IP Security Protocol.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, implement, and administer a solution involving IP Security Protocol.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot issues involving IP Security Protocol access.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of IP Security Protocol.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 User Administration / Group Policies	Windows 2000 User Administration / Group Policies is used by administrators to create managed desktop environments tailored to users' job responsibilities and level of experience with computers. The Group Policy snapin and its extensions are used to define Group Policy options for managed desktop configurations for computers and users.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of Windows 2000 Group Policies.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure, administer, and implement Windows 2000 Group Policies.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to configure users' security settings/profiles/policies.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot security issues surrounding user permissions.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of group policies.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Access Control List (ACL)	Windows 2000 Access Control List (ACL) is a list of entries that grant or deny specific access rights to individuals or groups located in the security descriptor.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the benefits of Windows 2000 Access Control Lists.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure Access Control Lists.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to troubleshoot solutions involving Access Control Lists.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to establish guidelines for the use of Access Control Lists.	v 1 2 3 4	1 2 v 3 4	1 2 3 v 4
Windows 2000 Public Key Certificate Server	Windows 2000 Public Key Certificate Server allows organizations to issue public-key certificates to their users without depending on commercial certificate authentication services.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and benefits of the Windows 2000 Public Key Certificate Server.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Windows 2000 NTFS	Windows 2000 NTFS (the Windows 2000 file system) offers support for file encryption, compression, security by file, auditing, and per-user disk quotas to monitor and limit disk space use.
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of the NTFS file system in Windows 2000.	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4
Ability to configure/administer the disk quota system in Windows 2000.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to walk users through configuring NTFS file compression.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Ability to walk users through securing files using NTFS security.	v 1 2 3 4	1 v 2 3 4	1 2 3 v 4
Windows 2000 Encrypting File System	Windows 2000 Encrypting File System (NTFS) provides protection for sensitive data. can be enabled on a per-file or per-directory basis. (The encryption technology used is public key-based and runs as an integrated system service, making it easy to manage, difficult to attack and transparent to the user.)
Competencies	IT Executive	IT Management	IT Workforce
Knowledge of the impact and the benefits of the Windows 2000 Encrypting File System	1 v 2 3 4	1 2 3 v 4	1 2 v 3 4

Windows 2000 Competency Model: Security

On This Page

Position Purpose

Additional resources