The International Leader
            in Audit and Information
            Security Training

EARN 30 CPE CREDITS                                                                 HANDS-ON

                     SECURING AND AUDITING
                            WINDOWS 2003
                                       A Detailed Look Inside the Security and Control Features of
                                                      Microsoft’s Latest Server Operating System

                                                                    13th - 16th March 2007, London

                                           COURSE DIRECTOR: Steve Rimell, CPFA, PIIA

In this hands-on, four-day programme you will:
  Learn how to install Windows 2003 and Active Directory to your best
  Master a methodology for managing your network through improved
  security and audit features
  Assess the effects of Windows 2003 security settings
  Gain an understanding in role-based security and software restriction
  policies to create new security mechanisms
  Display, modify and test the effect of Group Policies for Windows 2003
  Acquire the knowledge needed to conduct an efficient and effective audit
  of a Windows 2003 based network

COURSE DIRECTOR:                                                                    Controlling and Securing
                                                                                      Windows 2003 Server

Steve Rimell, CPFA, PIIA, has a        courses in this subject for Systems                  13 - 16 March 2007,
reputation as the most respected       Security's Bristol training centre
authority in the UK with over 20       since 1996, where he proves to the
years practical experience in          students that apparently highly                              Prerequisite
information systems audit. He          technical areas are not as hard to            A basic knowledge of the principles of
provides training, security reviews,   audit as they appear. Steve is a          operating systems. No previous experience
consulting services, and internal      member of CIPFA and the Institute              of Windows 2000 or 2003 is required
audit support for a wide range of      of Internal Auditors. He has
public and private sector clients in   delivered public and in-house                                Learning Level
the UK, Europe and many other          training presentations for System                                       Intermediate
customers. He has also had             Security, MIS Training and many
extensive experience as an audit       other clients. He is regularly invited                Who Should Attend
manager running a commercial IS        to speak at professional meetings
                                                                                  Systems Administrators; Information
audit service. Steve specialises in    and conferences in the UK and
the more technical aspects of          overseas, and is presently engaged       Technology and Technical Operational
information systems audit, having      in a variety of projects to develop              Auditors; Information Security
extensive knowledge of the security    audit automation software for                 professionals responsible for the
and control of UNIX, Oracle,           network and operating system              security and audit of Windows 2003
Windows NT/2000, and networking        security testing. Steve is also the
                                                                                    networks; Integrators of Windows
environments such as TCP/IP. He        owner and proprietor of Rimell
has presented hands-on training        Associates Ltd.                                                 2003 networks
                                                                                                       Fee GBP£2,099
                                                                                                     Earn 30 CPE’s

DAY ONE                                   “A valuable course in
                                                                                   Auditing Directory Service
                                                                                   Access – new audit categories
                                                                                   in W2003
                                          many ways - resource
INTRODUCTION                              rich, informative and
   Windows 2003 brief introduction
   Improvements over Windows
                                                   Audit Manager,
                                                                                DAY FOUR
                                                     Old Mutual                 ACTIVE DIRECTORY SERVICES
   Controlled services in Windows                                                 Active Directory Services
   2003 – new service accounts                                                     Interface and how the auditor
   Introduction to Active Directory                                                can use it.
   Active Directory Objects –
   Forests and Trees, Domains and
   Sites, OUs Groups and Users

                                       DAY THREE                                     “The instructor is
                                                                                  extremely helpful, uses

DAY TWO                                AUTHENTICATION
                                         New authentication features–
                                                                                    easy to understand
                                                                                  terminologies (not too
                                          forest trusts, the Credentials          technical, perfect pace
                                          Manager and constrained                     with very clear
  Trust relationships in Active
   Directory                                                                           explanation”
                                          Access Control – Role-based
   Reviewing the deployment of
                                          security, URL-based access
   Active Directory                                                                          Senior Auditor,
                                          control and Software Restriction
   The Active Directory                   Policies
   Management Tools                                                                              Unesco
                                          Group Policy Objects and how
   Object permissions in Active           they are used
   Directory and what they mean
                                          New tools for managing Group             Extracting information from
   File and directory permissions         Policy Objects – The Group               Active Directory for audit
   and how to audit them                  Policy Management Console                purposes
   Delegation of Control and how                                                   Useful audit software:
   to audit it
                                                      SEMINAR FOCUS
                                                      AND FEATURES
                                                      In January 2002, Microsoft announced that it was working to
                                                      develop a new version of Windows that would be the most
                                                      secure and reliable so far. Their aim was for it to be ‘Secure by
                                                      Design’, ‘Secure by Default’ and ‘Secure in Deployment’. In this
                                                      four-day hands-on workshop, you will learn all the essential
                                                      features of Windows 2003 and Active Directory. You’ll learn how
                                                      it is installed, how it works in a networked environment, and
                                                      how it’s much talked about, improved security and audit
                                                      features can be used to create a secure, well managed network.
                                                      With hands-on access to your own Windows 2003 server, you’ll
                                                      learn how to inspect the operating system configuration, and
                                                      see how the new control settings provide a higher standard of
                                                      ‘out of the box’ security than previous versions of Windows.
                                                      Starting with a basic server, you’ll learn how Active Directory,
                                                      the core of Windows networks, is deployed and configured. You
                                                      will be able to use the Active Directory management tools at
                                                      Administrator level to display and inspect all the important areas
                                                      of AD. You’ll learn about the Windows 2003 access permissions
                                                      system, and how it controls access to files, folders, printers,
                                                      registry settings and Active Directory objects. In a series of
   Log dumper tools
                                                      practical exercises you will be able to assess the effects of
The built-in NET commands                             security settings and group membership on the access granted
Using scripts to audit Windows 2003                   to system resources. You’ll learn how to use the Security
                                                      Configuration and Analysis tools to measure the security status
                                                      of your system against a benchmark. Windows 2003 has new
“Very good introduction and                           tools for the management of Group Policy Objects. GPOs are a
                                                      major area of audit interest, as they can be used to control
broad, but in depth review of
                                                      almost every aspect of the behaviour of Windows servers and
 key risk areas re: windows”                          workstations. You’ll be able to use the new Group Policy
                                                      Management Console to display, modify and test the effect of
              Internal Auditor,                       Group Policies on Windows users and computers.

          Kensington Mortgages                        You’ll learn about the Windows auditing system, how it is set up
                                                      and configured, how to recommend a suitable audit policy, and
                                                      how to extract security-related information from the Windows
Auditing features – Operations-based auditing,        event logs. You’ll see how the new authentication features of
‘per-user auditing’, enhanced logon/logoff auditing   Windows 2003 such as role-based security and software
and the Microsoft Audit Collection System (MACS)      restriction policies can be used to create new security
New data encryption features                          mechanisms. You’ll hear about Microsoft’s planned
                                                      enhancements to the auditing system, such as ‘per user’
Security improvements for wired networks and
Wireless LANS                                         auditing and the Microsoft Audit Collection Systems (MACS).

The built-in NET commands                             Windows 2003, despite its heavy emphasis on its graphical user
   Using scripts to audit Windows 2003                interface, has a huge number of command-line tools and
Auditing features – Operations-based auditing,        utilities, and also has excellent support for scripting languages
‘per-user auditing’, enhanced logon/logoff auditing   such as VBScript. You’ll learn how to make the best use of
and the Microsoft Audit Collection System (MACS)      these tools and scripts to extract valuable audit information from
New data encryption features                          the Windows 2003 and Active Directory and how to import the
                                                      data into other Windows programmes for later analysis.
Security improvements for wired networks and
Wireless LANS
                                                      At the end of the course you will have all the knowledge
                                                      required to plan and conduct an efficient and effective audit of a
                                                      Windows 2003-based network.
REGISTRATION FORM                                                                                            TRAINING
                                                                                                             Save up to 50% on training
                                                                                                             Tailored Training for your team and Save up
                                                                                                             to 50% If you have to comply with
                                                                                                             Sarbanes-Oxley, just installed a new ERP
                                                                                                             system, recruited new staff - or maybe you
                                                                                                             are keen to secure your network, take
                                                                                                             preventative measures to counteract fraud
                                                                                                             or comply with the latest legislation. Either
                                                                                                             way if you have 5 or more people who
                                                                                                             require training on the same topic, MIS can
                                                                                                             tailor training courses to meet your exact
                                                                                                             We charge per day and NOT per
                                                                                                             participant so the cost remains the same
                                                                                                             regardless of how many people you have in
                                                                                                             your team.

                                                                                                             With In-House Training You
                                                       Please Quote Ref: 206 WEB                             Save money over public seminar fees in
                                                                                                             addition to savings on travel and
Controlling and Securing                                                                                     accommodation costs.
Windows 2003 Server                                       5 easy ways to register                            Save time on travel as the instructor will
(please photocopy form for additional delegates)          Tel: +44 (0)20 7779 8944                           travel to you. Furthermore, the training can
                                                                                                             be held at the most convenient time for
   13th - 16th March 2007 , London                        Fax completed form to:                             you.
    (MT989)                                               +44 (0)20 7779 8293
                                                                                                             Ensure the relevance of the seminar for
GBP £1,995             £                                  Email:                           your organisation and industry. You may
                                                                                                             wish to tailor the structure and
+ VAT @ 17.5%          £                                  Web:
                                                                                                             methodology of your seminar or customise
Grand Total            £                                  Post completed form to:                            the seminar to meet the expertise levels of
                                                          Lisa Davies,                                       your attending employees.
*Discounts: Government, 10% off regular
                                                          MIS Training, Nestor House,
fees. Please call to enquire about corporate
                                                          Playhouse Yard,
discounts. Discounts can not be used in
conjunction with each other.                                                                                Please send me information on:
                                                          EC4V 5EX UK
Fees must be paid in advance of the event.                                                                     In House Training
                                                                                                               Making the Transition from IT to IT Audit,
Customer Information                                                                                           2nd - 4th October 2006, London
Title            First name                                  Surname
                                                                                                               Security & Audit of UNIX/Linux, 24th - 26th
Title/Position                                               Organisation                                      October 2006, London
E-Mail Address (Required)                                                                                      Defending & Testing your Internet DMZs,
Address                                                                                                        25th - 27th October 2006, London

Country                                                      Postcode                                        Registration Information
                                                                                                             (fees must be paid in advance of the event)
Telephone                                                    Fax
                                                                                                             Accommodation: MIS Training has negotiated
The information you provide will be safeguarded by the Euromoney Institutional Investor PLC group whose      special accommodation rates at the Radisson
subsidiaries may use it to keep you informed of relevant products and services. We occasionally allow        Edwardian hotels in London. For further
reputable companies outside the Euromoney Institutional Investor PLC group to contact you with details of    information please email
products that may be of interest to you. As an international group we may transfer your data on a global or visit
basis for the purposes indicated above. If you object to contact by telephone , fax , or email please
tick the relevant box. If you do not want us to share your information with other reputable companies
please tick this box .                                                                                       Cancellation Policy: Should a delegate be unable
                                                                                                             to attend, a substitute may attend in his or her
                                                                                                             place. Cancellations received within 21 working
Payment Information                                                                                          days of the event are liable for the full seminar fee.
                                                                                                             If full payment has been received you are eligible
   Cheque enclosed (payable to MIS Training)                Please invoice my company PO#                    for a 75% reduction on the next run of the
                                                                                                             seminar. This discount will be valid for one year
Please debit my credit card           AMEX         VISA        MasterCard                                    only. MIS reserves the right to change or cancel
                                                                                                             programmes due to unforeseen circumstances.
Card Number                                                   Expiry
Cardholders name                                              Verification Cod                               VAT: All delegates attending are liable to pay VAT.
                                                                                                             After the event organisations registered for VAT in
VAT No.                                                                                                      the UK may reclaim the tax. Delegates from
                                                                                                             outside the UK but within the European
Please include billing address if different from address given                                               Community may also be able to reclaim the VAT.
                                                                                                             Organisations outside the UK should check with
                                                                                                             their excise authority as to which domestic fiscal
                                                                                                             regulations apply. High Yield/No-Risk
Please note that in completing this booking you undertake to adhere to the cancellation
and payment terms listed below                                                                               Guarantee: Attend these workshops and receive
                                                                                                             tools and techniques that will help you do your job
Signature                                                     Date                                           better. If you do not, simply tell us why on your
                                                                                                             company letterhead and we will give you a full
Approving Manager                                             Position                                       credit toward another programme.

To top