Administering and Auditing Group Policy

As part of your position at DCH Corporation, you maintain 10 servers for the Finance department. These servers are distributed across seven global sites. The Finance folder is replicated to a server in each site. Because the folder contains highly sensitive information about the company's finances, you have been asked to secure it thoroughly and audit inappropriate attempts to access it. You have applied NTFS permissions that allow only appropriate finance personnel access to the finance folders-even the administrators groups on the servers do not have access. Of course, members of a server's administrator group can always take ownership of a resource and give themselves permissions, but that can be audited as well. To improve the security of these servers and their sensitive data further, you want to ensure that only your user account and that of the Vice President of Financial Services are administrators of the server-the vice president's account is to be used as a backup when you are not available. You want to deploy this configuration to all seven servers without having to reproduce each step manually. In respect to the preceding scenario, answer the following:

1. You must audit inappropriate attempts to access the finance folder. You are also to audit any access to the folder by members of the administrators group on the server, including attempts to take ownership of the folder. What auditing entries should you configure and implement on the finance folder?
2. Which audit policies should you configure? Explain why you are recommending these policies and how they would be maintained as well as monitored.
3. Describe how implementing fine grained passwords would be beneficial to the DCH Corporation. What options would you recommend for implementation and how would they be configured?
4. Explain and detail which security procedures you would recommend to authenticate domain users for the finance department.