NetTech Solutions

Security and SecurityPermissions

Lesson Nine

NetTech Solutions

Exam Objectives

• Identify and troubleshoot problems related to security issues

• Answer end-user questions related to application security

• Troubleshoot access to local resources

• Troubleshoot access to network resources

• Troubleshoot insufficient user permissions and rights

NetTech Solutions

Lessons in this Chapter:

• Understanding Security Permissions

• Troubleshooting Group Membership

• Troubleshooting Local Security Settings

• Understanding Group Policy

NetTech Solutions

Understanding Security Permissions

• Windows XP Simple File Sharing is enabled by default for workgroups

NetTech Solutions

What you can do with Simply File Sharing

• users can do the following:– Share folders with everyone on

the network– Allow users who access the

folder to view the files, edit the files, or both

– Make folders in his or her user profile private

NetTech Solutions

What you can’t do with Simply File Sharing

• does not permit users to do the following:– Prevent specific users and

groups from accessing folders– Assign folder permissions to

specific users and groups– View the Security tab of a shared

folder’s Properties dialog box

NetTech Solutions

To enable or disable Simple File Sharing

• Under FolderOptions > Viewtab.

• Check the boxto enable

• Uncheck thebox to disable

NetTech Solutions

Simple File Sharing Disabled

NetTech Solutions

Simple File Sharing Enabled

NetTech Solutions

Exam Tip

• Remember the limitations of Simple File Sharing when you are exploring a situation on the exam.

• Simple File Sharing is really an all-or-none proposition; the object is shared with everyone on the network or not shared at all.

NetTech Solutions

Sharing on the same computer

• Windows creates a shared folder for each user. You can drag files to share into that folder.

NetTech Solutions

Troubleshooting Simple File Sharing

• Table 9-1– Page 9-5,6

NetTech Solutions

Working with Shared Folders

NetTech Solutions

Know the File Sharing Permissions

• Read Allow Deny

• Change Allow Deny • Full Control Allow Deny

NetTech Solutions

Troubleshooting Share Permissions

• Table 9-2– Page 9-8

NetTech Solutions

Working with NTFS Permissions

NetTech Solutions

Know the File Security Permissions

• Read Allow Deny

• Write Allow Deny

• List Folder Contents Allow Deny

• Read and Execute Allow Deny

• Modify Allow Deny

• Full Control Allow Deny

NetTech Solutions

Troubleshooting NTFS Permissions

• Table 9-3– Page 9-12

NetTech Solutions

When Both Share and NTFS Permissions Exist

• Effective folder permission of both is the most restrictive.

• Effective group permission to share or NTFS is the least restrictive.

• Effective permission where Deny is applied will be Deny.

NetTech Solutions

Built-In Local Groups and Their Privileges

• Administrators, • Power Users,• Users, and• Backup Operators• Guest

NetTech Solutions

Administrators

• Take ownership of files and folders• Back up and restore system data• Set local policies• Install service packs and Windows

updates• Perform upgrades• Perform system repairs such as

installing device drivers and system services

• Audit the network and manage logs

NetTech Solutions

Power Users

• Modify computer-wide settings such as date, time, and power options

• Run older and noncertified Microsoft applications

• Install programs that do not modify operating system files or install system services

• Create local user accounts and local groups• Manage local user accounts and local groups• Stop and start system services that are not

started by default• Customize network printers• Take ownership of files• Back up and restore directories• Install device drivers

NetTech Solutions

Users

• Members of the Users group can do the following:– Shut down their own workstations– Lock the workstation– Create local groups– Manage the local groups they have created– Run programs that are certified by Microsoft as

compatible and that have been previously installed by administrators

– Retain ownership of files and folders that they create

• Members of the Users group cannot do the following:– Modify system wide registry settings, operating system

files, or program files– Shut down servers– Manage local groups that they did not create– Run older applications or applications that are not

certified by Microsoft– Share directories– Share printers

NetTech Solutions

Backup Operators

• Can back up and restore files on the computer, regardless of the permissions on those files.

NetTech Solutions

Practice: Configure Security Permissions

• Page 9-16

NetTech Solutions

Troubleshooting Group Membership

• When Users Are Members of More than One Group– Permissions are cumulative

• Changes in Group Membership– You can use the Effective

permission tab to determine effective permissions

NetTech Solutions

Effective Permissions

NetTech Solutions

Practice:

• Add a User to the Backup Operators Group– Page 9-21

NetTech Solutions

Troubleshooting Local Security Settings

• Understanding Local Security Settings– Account policies– Local security policies

NetTech Solutions

Two Kinds Of Account Policies:

• Password policies• Account lockout policies

NetTech Solutions

Three Kinds Of Local Security Policies:

• Audit policies• User rights assignments• Security options

NetTech Solutions

Local Security Policy

• Through Control Panel Administrative Tools:

NetTech Solutions

Account Policies

• Password Policies• Enforce Password History• Maximum Password Age• Minimum Password Age• Minimum Password Length• Password Must Meet Complexity

Requirements• Store Password Using Reversible

Encryption For All Users In The Domain

NetTech Solutions

Account Lockout Policies

• Account Lockout Duration• Account Lockout Threshold• Reset Account Lockout

Counter After

NetTech Solutions

Reset a User’s Password

• Must be logged in as Administrator

NetTech Solutions

Force a User to Change a Password at Next Logon

• User Account Properties

NetTech Solutions

Local Security Policies

• Audit Policies• User Rights Assignment

– Access the computer from the network– Add workstations to a domain– Back up files and directories– Change the system time– Create permanent shared objects– Load and unload device drivers– Log on locally– Manage auditing and the security log– Remove a computer from a docking station– Shut down the system– Take ownership of objects

NetTech Solutions

Local Security Policies

• Security Options– Administrator account status– Guest account status– Renaming the Administrator or Guest account– Shutting down the system if security audits

cannot be logged– Preventing users from installing printer drivers– Unsigned device driver installation behavior– Displaying the last user name– Requiring CTRL+ALT+DEL when logging on– If message text is to appear when users log on– If logoff is forced when users’ logon hours expire– If the virtual memory pagefile should be cleared

when the computer is shut down

NetTech Solutions

Practice:

• Configure Local Security Settings– Page 9-30

NetTech Solutions

Understanding Group Policy

• Understanding Group Policy• Used to customize and standardize

– Which programs can be accessed by users– What is shown on the desktop– What the Start menu and taskbar look like– Which screen saver or wallpaper is used– Where data is saved (which can be on a

network server, not the local computer)– Which Control Panel tools can be accessed

NetTech Solutions

Group Policy Settings in a Workgroup

• You configure Group Policy for computers, users, or both

• To open use gpedit.msc

NetTech Solutions

Group Policy

• Two View: Extended and Standard

NetTech Solutions

To Set a Group Policy

NetTech Solutions

Group Policy Settings in a Domain

• Two Default Policies– Default Domain– Default Domain Controller

NetTech Solutions

Troubleshooting Group Policy

• Problems occur when there is a conflict between Local and Non-Local Group Policies.

• Non-local policies can over ride local policies.

NetTech Solutions

Common Group Policy Restrictions

• Table 9-4– Page 9-37

NetTech Solutions

Practice:

• Configure Group Policy in a Workgroup– Page 9-38

NetTech Solutions

Summary

• Case Scenario– Page 9-39

• Troubleshooting Lab– Page 9-40

• Exam Highlights– Page 9-42