The Auditing Active Directory Users, Groups, and OUs lesson will explain the different types of AD objects, and how to independently audit them using the LDAPSoft AD Browser software, and also using in-built Windows features. This lesson will explain the different types of Active Directory objects: Users, Groups and Organizational Units (OUs).

• Overview of Active Directory Users, Groups and OUs
• Overview of LDAPSoft AD Browser
• AD Browser Text Search Audit vs. SQL Audit
• Auditing Domain Users with AD Browser
• Audit Disabled Users with AD Browser
• Audit Disabled Users with in-built AD Features
• Auditing Users Created within a Custom Period
• Auditing AD Attributes
• Filtering AD Attributes with AD Browser
• Auditing AD Objects (Users and Groups) in the Administrators Group
• Audit user accounts with passwords set to never expire
• Audit user accounts with passwords set to never expire
• Active Directory LDAP Query Filters Reference

The Auditing Administrative Accounts Security lesson will explain the in-built Windows Active Directory Administrative Groups. We will also walk through the process in configuring and auditing Windows Local Admin passwords using the Local Administrator Password Solution (LAPS).

• Administrative Accounts Overview – Enterprise Admins, Administrators, and Domain Admins
• Auditing the ‘Account is sensitive and cannot be delegated’ AD Option
• Auditing the ‘Access this computer from the network’ User Right
• Auditing the ‘Allow log on through Remote Desktop Services’ User Right
• Auditing Members of the Enterprise Admins Group
• Auditing Local Administrator Accounts Using the Local Administrator Password Solution (LAPS)

The Auditing Windows Ports, Protocols, and Services lesson will explain the differences between Ports, Protocols and Services. We will review some of the commonly used ports in a Windows environment. We will also use Nmap and Microsoft’s Port Query to scan for open ports and map the discovered ports to specific applications and services running on the system.

• Overview of Ports, Protocols and Services
• Overview of Nmap (Network Mapper)
• Auditing Common Windows Ports, and Services
• Windows Ports, and Services Reference List
• Mapping HTTP(S) Ports to Applications and Services
• Mapping Active Directory and DNS Ports to Applications and Services
• Mapping Email Ports to Applications and Services
• Scanning for Open Ports and Services with Nmap
• Auditing Windows Ports Using PortQueryUI

In the Auditing Windows Firewall Policies, and Rules lesson, we will review the Windows Defender Firewall with Advanced Security settings in Group Policy. We will test the permit and deny rules for some of the incoming firewall rules, to understand how the firewall allows or blocks specific ports and services on the network, based on the configured rules.

• Overview of the Windows Defender Firewall with Advanced Security
• Auditing Windows Defender Firewall Profiles
• Windows Firewall Rule Precedence for Inbound Rules
• Auditing Windows Firewall Inbound Rules
• Auditing HTTP, and ICMP Firewall Rules

In the Auditing Windows Event Logs lesson, we will explain the in-built Windows log categories, and how we can analyze them using Event Viewer. We will also walk through the Advanced Audit Policy Configuration, and test how we can use the Auditpol command to review the configured settings in the Advanced Audit subcategories.

• Overview of Event Viewer
• Windows Event Log Properties
• Built-in Event logs
• Basic vs. Advanced Event Log Policy
• Basic vs. Advanced Audit Policy Configuration
• Advanced Audit Policy Category Descriptions
• Using the Auditpol Command to Audit the Advanced Audit Policy Configuration
• Auditing Event Log Files Permissions
• Auditing Security Logs User Right

In the Auditing Windows Server Domain Name System (DNS) lesson, we will explain the in-built Forward and Reverse DNS Zones, and the different types of DNS records. We will also enable and review the Audit configurations for DNS related activities, such as adding and deleting DNS records.

• Overview of Windows Server Domain Name System (DNS)
• Forward vs. Reverse DNS Lookup Zones
• Auditing Windows Server DNS Resource Records
• Using PowerShell to Resolve Windows DNS Records
• Auditing the Directory Service Access and Changes Group Policy Settings
• Using ADSI Edit to enable Auditing for Windows DNS
• Auditing Windows Server DNS Event Logs

In the Auditing Windows Transport Layer Security Settings lesson, we will explain the different TLS versions, and their support status on different versions of Windows Operating Systems. We will also walk through the process of disabling the insecure TLS Protocols Using Group Policy, and verify the configured TLS settings from the Windows Registry.

• Overview of Transport Layer Security (TLS)
• Reasons to Disable SSL and Early TLS
• Default TLS Protocol Support and Settings in Windows Operating Systems
• Terminologies Used in Windows TLS Configuration
• Auditing the Default TLS Cipher Suites in Windows Operating Systems
• Disabling Insecure TLS Protocols Using Group Policy
• Auditing TLS Settings Using Group Policy
• Auditing TLS Settings Using Windows Registry

In the Auditing Windows Network Time Protocol (NTP) lesson, we will explain some of the common NTP terminologies, and how to calculate some of the NTP status values. We will review the Windows logs for NTP related events, and go through some of the common Windows Time Audit commands.
We will also highlight some of the popular Time Server Sources, and walk through how to use Group Policy to configure a Domain Controller’s time source.

• Overview of Windows Network Time Protocol (NTP)
• Network Time Protocol (NTP) Terminologies
• Default Windows Time Synchronization Configuration Rules
• Auditing Windows NTP Event Logs
• Common Windows NTP Commands
• Auditing Windows NTP Configurations
• Auditing Windows NTP Group Policy Settings
• Common Time Server Sources