NetTech Solutions Security and Security Permissions Lesson Nine

NetTech Solutions Exam Objectives Identify and troubleshoot problems related to security issues Answer end-user questions related to application security Troubleshoot access to local resources Troubleshoot access to network resources Troubleshoot insufficient user permissions and rights

NetTech Solutions Lessons in this Chapter: Understanding Security Permissions Troubleshooting Group Membership Troubleshooting Local Security Settings Understanding Group Policy

NetTech Solutions Understanding Security Permissions Windows XP Simple File Sharing is enabled by default for workgroups

NetTech Solutions What you can do with Simply File Sharing users can do the following: –Share folders with everyone on the network –Allow users who access the folder to view the files, edit the files, or both –Make folders in his or her user profile private

NetTech Solutions What you can’t do with Simply File Sharing does not permit users to do the following: –Prevent specific users and groups from accessing folders –Assign folder permissions to specific users and groups –View the Security tab of a shared folder’s Properties dialog box

NetTech Solutions To enable or disable Simple File Sharing Under Folder Options > View tab. Check the box to enable Uncheck the box to disable

NetTech Solutions Simple File Sharing Disabled

NetTech Solutions Simple File Sharing Enabled

NetTech Solutions Exam Tip Remember the limitations of Simple File Sharing when you are exploring a situation on the exam. Simple File Sharing is really an all-or-none proposition; the object is shared with everyone on the network or not shared at all.

NetTech Solutions Sharing on the same computer Windows creates a shared folder for each user. You can drag files to share into that folder.

NetTech Solutions Troubleshooting Simple File Sharing Table 9-1 –Page 9-5,6

NetTech Solutions Working with Shared Folders

NetTech Solutions Know the File Sharing Permissions Read AllowDeny Change AllowDeny Full Control AllowDeny

NetTech Solutions Troubleshooting Share Permissions Table 9-2 –Page 9-8

NetTech Solutions Working with NTFS Permissions

NetTech Solutions Know the File Security Permissions Read AllowDeny Write AllowDeny List Folder Contents AllowDeny Read and Execute AllowDeny Modify AllowDeny Full Control AllowDeny

NetTech Solutions Troubleshooting NTFS Permissions Table 9-3 –Page 9-12

NetTech Solutions When Both Share and NTFS Permissions Exist Effective folder permission of both is the most restrictive. Effective group permission to share or NTFS is the least restrictive. Effective permission where Deny is applied will be Deny.

NetTech Solutions Built-In Local Groups and Their Privileges Administrators, Power Users, Users, and Backup Operators Guest

NetTech Solutions Administrators Take ownership of files and folders Back up and restore system data Set local policies Install service packs and Windows updates Perform upgrades Perform system repairs such as installing device drivers and system services Audit the network and manage logs

NetTech Solutions Power Users Modify computer-wide settings such as date, time, and power options Run older and noncertified Microsoft applications Install programs that do not modify operating system files or install system services Create local user accounts and local groups Manage local user accounts and local groups Stop and start system services that are not started by default Customize network printers Take ownership of files Back up and restore directories Install device drivers

NetTech Solutions Users Members of the Users group can do the following: –Shut down their own workstations –Lock the workstation –Create local groups –Manage the local groups they have created –Run programs that are certified by Microsoft as compatible and that have been previously installed by administrators –Retain ownership of files and folders that they create Members of the Users group cannot do the following: –Modify system wide registry settings, operating system files, or program files –Shut down servers –Manage local groups that they did not create –Run older applications or applications that are not certified by Microsoft –Share directories –Share printers

NetTech Solutions Backup Operators Can back up and restore files on the computer, regardless of the permissions on those files.

NetTech Solutions Practice: Configure Security Permissions Page 9-16

NetTech Solutions Troubleshooting Group Membership When Users Are Members of More than One Group –Permissions are cumulative Changes in Group Membership –You can use the Effective permission tab to determine effective permissions

NetTech Solutions Effective Permissions

NetTech Solutions Practice: Add a User to the Backup Operators Group –Page 9-21

NetTech Solutions Troubleshooting Local Security Settings Understanding Local Security Settings –Account policies –Local security policies

NetTech Solutions Two Kinds Of Account Policies: Password policies Account lockout policies

NetTech Solutions Three Kinds Of Local Security Policies: Audit policies User rights assignments Security options

NetTech Solutions Local Security Policy Through Control Panel Administrative Tools:

NetTech Solutions Account Policies Password Policies Enforce Password History Maximum Password Age Minimum Password Age Minimum Password Length Password Must Meet Complexity Requirements Store Password Using Reversible Encryption For All Users In The Domain

NetTech Solutions Account Lockout Policies Account Lockout Duration Account Lockout Threshold Reset Account Lockout Counter After

NetTech Solutions Reset a User’s Password Must be logged in as Administrator

NetTech Solutions Force a User to Change a Password at Next Logon User Account Properties

NetTech Solutions Local Security Policies Audit Policies User Rights Assignment –Access the computer from the network –Add workstations to a domain –Back up files and directories –Change the system time –Create permanent shared objects –Load and unload device drivers –Log on locally –Manage auditing and the security log –Remove a computer from a docking station –Shut down the system –Take ownership of objects

NetTech Solutions Local Security Policies Security Options –Administrator account status –Guest account status –Renaming the Administrator or Guest account –Shutting down the system if security audits cannot be logged –Preventing users from installing printer drivers –Unsigned device driver installation behavior –Displaying the last user name –Requiring CTRL+ALT+DEL when logging on –If message text is to appear when users log on –If logoff is forced when users’ logon hours expire –If the virtual memory pagefile should be cleared when the computer is shut down

NetTech Solutions Practice: Configure Local Security Settings –Page 9-30

NetTech Solutions Understanding Group Policy Used to customize and standardize –Which programs can be accessed by users –What is shown on the desktop –What the Start menu and taskbar look like –Which screen saver or wallpaper is used –Where data is saved (which can be on a network server, not the local computer) –Which Control Panel tools can be accessed

NetTech Solutions Group Policy Settings in a Workgroup You configure Group Policy for computers, users, or both To open use gpedit.msc

NetTech Solutions Group Policy Two View: Extended and Standard

NetTech Solutions To Set a Group Policy

NetTech Solutions Group Policy Settings in a Domain Two Default Policies –Default Domain –Default Domain Controller

NetTech Solutions Troubleshooting Group Policy Problems occur when there is a conflict between Local and Non-Local Group Policies. Non-local policies can over ride local policies.

NetTech Solutions Common Group Policy Restrictions Table 9-4 –Page 9-37

NetTech Solutions Practice: Configure Group Policy in a Workgroup –Page 9-38

NetTech Solutions Summary Case Scenario –Page 9-39 Troubleshooting Lab –Page 9-40 Exam Highlights –Page 9-42