Windows 2003 Securitty Training

Hi all,
I am about to give a Windows 2003 security training to junior IT auditor. I was wondering what would be the top 5 issues/elements that all IT Auditor should know when they go to audit Windows 2003?

I was thinking
1) File/Folder permission; yes this looks to be easy but its quite complicated and tricky
2) Active directory -this is the heart of Windows 2003 and all IT auditor should know about Group Policy and how GP is being applied in the Windows environment. - essentially lookinat at the right GP.

what else? any idea? or got training material that freely available on the internet that I can use as a based?

Who is Participating?
tgtranConnect With a Mentor Commented:
1.  Admin group memberships and delegation
2.  Security audit - logon failure events
3.  Rouge DHCP
4.  DNS replication to non-AD DNS servers
5.  Windows Security patches/updates - up to date
6.  RRAS policy
7.  Password policy
8.  Ex-employees and contractors - appropriate access level or lack there of
Hardware Audit, Software Audit, Security Audit, Usage Audit and possibly a appropriateness audit..

Each of these audits have multiple sections, security being the worst..

Cern, NSA etc have extensive information from a gov perspective.
Universities have think tanks about specific subjects and there are a plethora of sites that specialize in specifics like google hacking, linux, windows etc...

Usually, the auditors that I use, have a arsenal of proprietary software products that does 'best practice' auditing on most fronts..
And then, some tests are just done with open source tools...

Security training material is plentiful, getting a structured course it difficult as the standards are constantly changing, so any course will be out of date at the time you get it. But the more reputable courses have people maintaining them constantly.

Its will also depend on their previous experience, its pretty hard to get someone to harden a linux system without understanding the internals...
Or to tech them IP when the most they have done is add a static IP entry...

So usually, security is a senior role, and I wouldnt expect anyone to be any good without at least 5 yrs experience and a degree in computers or equiv.

Domain funtional levels, group types and scopes, DACL/ACL of all security principals, External access through RDP/Telnet/RAS, file and folder auditing, a good understanding of event logs and good sites like to investigate logs with.  
Security account setup and monitoring of SQL, securing Exchange, ISA, IAS, RRAS, WINS, DNS, DHCP, Active Directory.  If you are running any CAs and the use of digital certificates and encryption.  The use of WSUS.

Anything that you might find in the 70-299 MCP is the very least security knowledge an auditor should have.

All Courses

From novice to tech pro — start learning today.