Windows 7 Users, Groups and Security

Similar documents
Introduction to Active Directory

Remote Access, VPNs and Terminal Services

Updating The Operating System & User Accounts

C UNIT 4. Active Directory User Accounts

Administering Windows Server 2003 & Data Backup

M C I T P UNIT 9 W I N D O W S. Virtualization S E R V E R. DPW Donna Warren DPW

Windows Server 2012 r2

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security.

MANAGING LOCAL AUTHENTICATION IN WINDOWS

File and Print Services

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

UNIT 2. Internet Information Server

Configuring Windows Security Features

Lesson 3: Identifying Key Characteristics of Workgroups and Domains

Activity 1: Using Windows XP Professional Security Checklist

C UNIT 3. Global Catalog & Flexible Single Master Operations (FSMO)

Windows Server 2008 Security

5 MANAGING USER ACCOUNTS AND GROUPS

Recent Operating System Class notes 04 Managing Users on Windows XP March 22, 2004

SERVER HARDENING CHECKLIST

C UNIT 7. Using Group Policy

ClientNet. Portal Admin Guide

8 Administering Groups

Managing & Supporting Windows XP

Networks: Access Management Windows NT Server Class Notes # 10 Administration October 24, 2003

Pass Microsoft Exam

12 Habits of Highly Secured Magento Merchants

Managing and Maintaining Windows 8

Getting Started Guide. This document provides step-by-step instructions for installing Max Secure Anti-Virus and its prerequisite software.

Identity & Access Management

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

The Microsoft Windows. User Interface

RSA Authentication Manager 8.0 Security Configuration Guide

User Guide. Version R94. English

CS 356 Operating System Security. Fall 2013

Faculty of Engineering Computer Engineering Department Islamic University of Gaza Network Lab # 5 Managing Groups

Tennessee Technological University Policy No Password Management

O UNIT 5. Testing, Auditing & Monitoring

Contents. Introduction 5. McAfee SecurityCenter 7. McAfee QuickClean 39. McAfee Shredder 45

Message Networking 5.2 Administration print guide

Managing NCS User Accounts

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 10 Security Essentials

Authentication, Authorization, and Accounting

Cyber security tips and self-assessment for business

Introduction to Security in Laserfiche 8.3 and later. White Paper

a. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard

Password Reset PRO INSTALLATION GUIDE

CISNTWK-11. Microsoft Network Server. Chapter 4

A+ Guide to Managing & Maintaining Your PC, 8th Edition. Chapter 17 Windows Resources on a Network

How To Reset Local Group Policy Objects To Default Settings Windows 7

Managing SonicWall Gateway Anti Virus Service

Supporting Networked Computers

Password policy settings control the complexity and lifetime for passwords. This section discusses each specific password policy setting

User Guide. Version R92. English

Mission Control for the Microsoft Cloud. 5nine Cloud Security. Web Portal Version 12.o. Getting Started Guide

Endpoint Security Client. User Guide Version R71

Cyber Essentials Questionnaire Guidance

Dynamic Host Configuration Protocol (DHCP)

CompTIA A+ Certification ( ) Study Guide Table of Contents

Airtel PC Secure Trouble Shooting Guide

Web and MAC Authentication

Endpoint Protection with DigitalPersona Pro

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Cyber Essentials - Requirements for IT Infrastructure Questionnaire

INTERNET SAFETY IS IMPORTANT

Aventail Connect Client with Smart Tunneling

Remote Administration

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Trends in IT Technology

Managing WCS User Accounts

Client Installation and User's Guide

INTERNET SAFETY* GALEN GARRETSON RASCAL MARCH 2-3, * Sources include learnfree.org, PC World, wikpedia.com, techterms.com

ADSelfService Plus' Password Policy Enforcer. Active Directory Group Policy Object-based password policy

6 Months Training Module in MS SQL SERVER 2012

Lotus Domino Security NSL, Web SSO, Notes ID vault. Collin Murray Program Director, Lotus Domino Product Management

KASPERSKY LAB. Kaspersky Administration Kit version 6.0. Reference Book

Module 9. Configuring IPsec. Contents:

Managing the VPN Client

x CH03 2/26/04 1:24 PM Page

Antivirus Solution Guide for Clustered Data ONTAP: Sophos

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Change NETGEAR USB Control Center Settings

Security in Bomgar Remote Support

Client Installation and User's Guide

Information Technology Resource Management Council (ITRMC) ENTERPRISE GUIDELINES G950 SECURITY PROCEDURES

Unit 1. Application Servers

Comodo SecureBox Management Console Software Version 1.9

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

Visitor Management Host User Guide

Florida State University Center for Transportation and Public Safety

Windows 10 and the Enterprise. Craig A. Brown Prepared for: GMIS

Microsoft Exam Security fundamentals Version: 9.0 [ Total Questions: 123 ]

Endpoint Security Client

McAfee Internet Security Suite Quick-Start Guide

Practical Network Defense Labs

Chapter 19 Security. Chapter 19 Security

Minimum Standards for Connecting to the UCLA Network

Security in the Privileged Remote Access Appliance

System Table of Contents:

Discount Kaspersky PURE 3.0 internet download software for windows 8 ]

Transcription:

U indows Users, Groups and ecurity P P onna arren

nstalling opics for this Unit Homegroups, workgroups, and domains reate user and group accounts User Account ontrol panel User authentication and authorization Malware Protection for sensitive data P P onna arren

User Accounts dentify users to the system and to each other Allow authentication proving they are who they say they are Allow authorization - used to grant access to resources such as iles and printers omputer systems etwork esources elegation of authority ollect information about users P P onna arren

Local User Accounts reated on workstations and servers that are not either members of a domain or domain controllers Provides access to the local computer through user rights and access permissions eside in the local security database called the security access manager (AM) You can logon to local machine or the domain but they are mutually exclusive P P onna arren

User ights versus Permissions Permissions - define what objects a user is allowed to access and what actions they can perform on an object such as modify on a file or print on a printer User rights - define what actions a user can take on the operating system such as shut down the system or take ownership of an object P P onna arren

Account Properties Logon is mandatory User length 20 characters max, blank allowed nvalid user characters - \ / [ ] : ;,. + *? < > User s AE case sensitive Passwords AE AE EVE Password complexity use uppercase, lowercase and numbers or symbols an enforce with group policy P P onna arren

Built-in Local User Accounts onfigured during setup Accounts that can log on interactively Administrator basically the computer god or goddess Guest provides limited access and is disabled by default ew User Account - Built-in accounts can be renamed but not deleted ystem Account used by the operating system has full control access and all assignable user rights by default but cannot logon interactively P P onna arren

ther Accounts ervice Accounts - Grant services access to system resources ervice used by the operating system Local ervice used by local services etwork ervice used by network services ncluded built-in and user-defined accounts APE used by asp.net services U_computer-name anonymous user account for the web server AM_computer-name account used to run threads for and AP.net P P onna arren

Managing Local Users omputer Management ontrol Panel user Accounts et.exe command P P onna arren

User Accounts ontrol Panel ntended for users with less experience implified interface Limited access annot create or manage groups P P onna arren

User Profiles Profiles are configuration files that store all of the users preferences Local user profile stored locally and applies to the local machine only oaming user profile stored on a server and applies to any machine that logs into the domain Mandatory user profile has to be used by the user when they logon P P onna arren

User Account ontrol (UA) ecurity measure to prevent users from always being logged on as an administrator Administrators are issued two access tokens 1 standard token 1 administrative token Best Practice is to logon as a standard user Use the runas command to perform administrative tasks P P onna arren

Performing Administrative asks tandard User Account - ystem displays a credential prompt where administrative account information must be entered Administrative Account - witches from standard user token to administrative token Generates an elevation prompt P P onna arren

onfiguring User Account ontrol P P onna arren

ached redentials an store domain credentials locally to allow logon when the domain controller is not available P P onna arren

Groups ollections of user accounts implify access to resources Members receive permissions given to the groups of which they are members Users can be members of multiple groups Groups can be members of other groups (called nested groups) an be used for security and messaging in Active irectory P P onna arren

Built-in Local Groups Built-in groups cannot be removed but can be renamed Administrators have all user rights and access permissions Backup perators can bypass security to backup files Power Users have limited administrative permissions and rights emote esktop Users allowed to connect to others using remote desktop Users all new account are added to users by default Guests group with very limited and usually temporary access P P onna arren

mplicit Groups Membership can change dynamically etermined by the user s activities Used to grant permissions based on circumstances o not appear in user administration tools nteractive all users logged on locally etwork all users who access the system over a etwork Everyone includes absolutely everyone Authenticated Users been authenticated by system s security manager reator wner the user who creates an object P P onna arren

Using Local Groups Valid only on the computer where you create them nly local users from the same computer can be members of local groups. hen the computer is a member of an A domain, local groups can have domain users and domain global groups as members. Local groups cannot have other local groups as members. However, they can have domain groups as members. You can only assign permissions to local groups when you are controlling access to resources on the local computer. You cannot create local groups on a indows server computer that is functioning as a domain controller. P P onna arren

ecurity Boundaries P P onna arren

Homegroup implified networking Allows users on a home network to share the contents of their libraries without creating user accounts and permissions on each of the other machines P P onna arren

Peer-to-peer network Each computer can function as both a server and a client Each computer has its own set of users and groups to control access to its own resources mall networks only Very little security required orkgroup P P onna arren

Active irectory omain ollection of computers that utilize a central directory service for authentication and authorization At least one omain ontroller is required P P onna arren

omain Accounts Added when a computer joins a domain omain Admins placed in administrators group by default when the computer joins a domain omain Users allows domain users to have the same access permissions as local users omain Guests member of local guest group Provide logon and resource access to local system an be placed into other local groups as well P P onna arren

Users Best Account Practices Place users into groups reate a standard naming convention Accounts Give administrators a limited account for non administrative use Limit the number Administrators ename or disable the Administrator account ename and leave the Guest account disabled bserve the principle of least privilege P P onna arren

he nternet he nternet - A global network connecting thousands of individual networks and millions of users by means of the P/P protocol nternet - a web based network connecting separate individual networks ntranet - a web based internal network used within a single company Both internet and intranets are accessed using web browsers P P onna arren

nternet erminology orld ide eb () - he nternet Hypertext ransport Protocol (HP) A communications protocol that obtains HML formatted documents and that works with P to transport files over the nternet supports HP through windows socket services (winsock) Hypertext Markup Language (HML) programming language used to read and enable documents and graphics images on the orld ide eb P P onna arren

eb Browser eb browser - oftware used to communicate with eb sites Uniform esource Locator (UL) A convention for locating an nternet site Private virtual network - An intranet that basically tunnels though the nternet to provide secure network access for individual organizations P P onna arren

Microsoft nternet ools nternet Assistant - orks within ord to format a document with HML tags and to save document as a text file rontpage - ull-scale eb site development tool Microsoft nternet Explorer - Microsoft's free web browser Microsoft nternet nformation erver - Microsoft's web server shipped with all versions of windows but not installed P P onna arren

eatures runs as a service on windows upports all HP protocol features an be administered over the internet Provides all of the operating system security features to web pages an restrict server bandwidth allocated to web services P P onna arren

ecurity P P onna arren

Authentication Authentication is the process of proving who you are here are several common methods of authentication hat you know (password or P) ho you are (retinal scan or thumb print) hat you have (smart card) ome of these methods can be used so that users no longer need to remember passwords P P onna arren

hould be trong Passwords At least eight characters in length ontain uppercase, lowercase letters, and numbers or symbols ifferent from other previously used passwords an be up to 12 characters in length hould EVE be Blank Your user name or real name hildren s or pet s names ompany name A complete dictionary word P P onna arren

Local ecurity Policy Used on individual computers to enforce restrictions P P onna arren

Password Policy Used to enforce good password security practices P P onna arren

Account Lockout Policies P P onna arren

redential Manager tores usernames and passwords for servers and eb sites in the indows Vault emember my credentials checkbox adds credentials to the indows Vault P P onna arren

mart ards Users no longer have to remember passwords ince stored on smart card, user ids and passwords are hard to steal ecurity operations such as cryptographic functions are performed on the smart card, rather than on the network server or local computer an be used from remote locations to provide authentication services Brute force attacks are usually less successful P P onna arren

Using Biometrics cans a physical characteristic of a user to confirm identity ingerprints humbprint etina indows Biometric ramework provides core biometric functionality and a Biometric evice control panel P P onna arren

ertificates Used for authentication tasks nternally n the local network n the nternet indows automatically maintains a certificate store for each Users can manage their certificate stores directly using the ertificates snap-in P P onna arren

ertificate Manager P P onna arren

Elevating Privileges Use un As Administrator context menu option Use command line runas.exe command: runas /user:dpw\administrator notepad.exe P P onna arren

ommon Problems Password lost or forgotten - the most common problem Passwords are encrypted which makes them unrecoverable Passwords must be reset Users can change their own password if they know their old password Administrators can reset password without supplying the old password A Password reset isk is a better option P P onna arren

Authorization Authorization grants the user access to resources or allows specific actions Permissions - define what objects a user is allowed to access and what actions they can perform on an object such as modify on a file or print on a printer User rights - define what actions a user can take on the operating system such as shut down the system or take ownership of an object P P onna arren

Malware Malicious software created specifically for the purpose of infiltrating or damaging a computer system without the user s knowledge or consent Viruses self replicating files that need an executable to spread themselves to other computers rojan horses designed to collect user ids, passwords orms self replicating program that does not need assistance to replicate pyware designed to steal private user information such as credit card numbers, etc. Adware designed to collect information on a users web surfing habits P P onna arren

Action enter tarts and runs automatically, to provide automatic notifications to alert the user of security vulnerabilities P P onna arren

ntroducing indows irewall A software program that protects a computer by opening or closing logical ports based on P addresses - pecific computers Protocol numbers - ransport layer protocol Port number - Application running on computer ules are used to filter traffic Admit all traffic, except that which applies to the rules Block all traffic, except that which applies to the rules P P onna arren

indows irewall P P onna arren

indows irewall Advanced ecurity efault profile settings can be modified nbound and outbound rules can be created P P onna arren

indows efender P P onna arren

Malicious oftware emoval ool A single user virus scanner supplied with monthly updates emoves any potentially damaging software it finds here are no controls and is not permanently installed hould install a full-featured antivirus program on indows P P onna arren

Encrypting ile ystem (E) E is a feature of that encrypts files on a computer he system is keyed to a specific user account. Uses public key encryption (PK). he user who creates the file is the only person who can read it. P P onna arren

Parental ontrols Enable parents to limit their children s access to specific nternet sites, games, and applications Based on user accounts Every family member must have their own account mpose restrictions on accounts ilter eb sites users are allowed to access Limit downloads from nternet sites Enforce time limits for computer use estrict access to games by rating, content, or title Allow or block specific applications P P onna arren

ummary User accounts help manage resource access User groups simplify administration. aming conventions uniquely identify users omplex passwords strengthen security ached credentials allow access when the domain is unavailable A workgroup is a collection of computers that are all peers, and can act as a client or server A domain is a collection of computers that all utilize a central directory service for authentication and authorization P P onna arren

ummary Built-in local groups are equipped with the permissions and rights needed to perform certain tasks. indows provides two separate interfaces for creating and managing local user accounts: the User Accounts control panel and the Local Users and Group snap-in he three profile types are local, roaming, and mandatory User Account ontrol (UA) allows an administrative user to perform regular user tasks as a standard user, and switches to an administrative token to perform administrative tasks P P onna arren

ummary Password Policies - enforce password security practices redential Manager - tool that stores the user names and passwords in a indows Vault. Permissions and user rights are used to authorize users access to resources and tasks Action enter - a centralized console used to configure indows security indows irewall - protects a computer by opening and closing logical ports indows efender - helps to defend against spyware he Malicious oftware emoval ool - a single user virus scanner he Encrypting ile ystem (E) encrypts files on the hard drive P P onna arren

EM reating Users & Groups Managing Users Assigning User ights Policies Joining a domain P P onna arren

Lab reate Users and Groups Join a omain Assign User right nstall nternet nformation ervice ownload and install Malware bytes ownload and install Avg antivirus program onfigure windows firewall P P onna arren

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback