I am about to give a Windows 2003 security training to junior IT auditor. I was wondering what would be the top 5 issues/elements that all IT Auditor should know when they go to audit Windows 2003?
I was thinking
1) File/Folder permission; yes this looks to be easy but its quite complicated and tricky
2) Active directory -this is the heart of Windows 2003 and all IT auditor should know about Group Policy and how GP is being applied in the Windows environment. - essentially lookinat at the right GP.
what else? any idea? or got training material that freely available on the internet that I can use as a based?