Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS, Users,

Published byAsher Carroll Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS, Users,"— Presentation transcript:

1 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS, Users, and Groups Chapter 16

2 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition In this chapter, you will learn how to –Create and administer Windows user accounts and groups –Define and use NTFS permissions for authorization –Share a Windows computer securely –Secure PCs with User Account Control Overview

3 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Authentication with Users and Groups

4 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Authentication Authentication is the process by which you determine that the person at your computer is who he or she says they are. Simplest way is with a user name and password. –Logging on to a valid user account provides authentication. –Once in, NTFS permissions provide authorization: what you can do with the computer after authentication. Each version of Windows does user accounts differently, so we’ll look at them separately.

5 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Windows and User Accounts Windows requires each user to have a user account. This is the basic element of security, with each user required to present a valid username and password to log on. Every Windows computer has a database of user accounts—an encrypted list of user names with their associated password—that are allowed access to the system.

6 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Windows and User Accounts (continued) Each of these individual records is called a local user account. If you don’t have a local user account created on a particular system, you won’t be able to log on to that computer.

7 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Windows and User Accounts (continued) Figure 1: Windows logon screen

8 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Windows Tools Each version of Windows has different tools used to manage users and their accounts. Home editions of Windows (Windows XP Home Edition, Windows Vista Home Basic and Home Premium, and Windows 7 Home Premium) include a basic tool. The professional editions of Windows include an extra, more advanced utility.

9 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Passwords Passwords are the ultimate key to protecting your computer. –If someone learns your user name and password, they can log on to your computer. Protecting passwords –Never give out passwords over the phone. –If a user forgets a password, the network administrator should reset it to a complex combination of letters and numbers. The user should then change the password to something he or she wants, according to the parameters set by the administrator.

10 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Passwords (continued) Protecting passwords (continued) –Make your users choose good passwords. They should be at least eight characters in length and include letters, numbers, and punctuation symbols. –Have users change passwords at regular intervals. Create a Password Reset Disk—this enables users to fix or reset their own passwords. Create a password hint (it appears after your first logon attempt fails).

11 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Passwords (continued) Figure 2: Password hint on the Windows 7 logon screen

12 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Groups A group is a collection of accounts that share the same capabilities, thus making administration easier. Permissions can be set for the group— whenever a new user is added to the group, that account has the same permissions as the group. An account may belong to more than one group.

13 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Groups (continued) Groups in Windows XP –Windows XP Professional provides seven built-in groups that cannot be deleted: –Administrators: Any account that is a member of the Administrators group has complete administrator privileges. Administrator privileges grant complete control over a machine. –Power Users: Members of the Power Users group are almost as powerful as Administrators, but they cannot install new devices or access other users’ files or folders unless the files or folders specifically provide them access.

14 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Groups (continued) Groups in Windows XP (continued): –Users: Called limited users, members of the Users group cannot edit the Registry or access critical system files. They can create groups but can manage only those they create. –Everyone: This group applies to any user who can log on to the system. You cannot edit this group. –Guests: The Guests group enables someone who does not have an account on the system to log on by using a guest account. –Windows XP Home Edition enables you to use only three groups: Administrators, Users, and Guests.

15 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Groups (continued) Groups in Windows Vista and Windows 7 –Windows Vista and 7 professional editions (Professional/Business, Ultimate, Enterprise) offer the same groups as Windows XP Professional plus a lot more. –Windows Vista/7 home editions (Home Basic and Home Premium) only offer three groups: Administrators, Users, and Guests. –The Users group in Windows Vista/7 offers a significant improvement over the Users group in Windows XP—called standard rather than limited users, in Windows Vista/7 users can accomplish all common tasks on the PC without resorting to an administrator.

16 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Groups (continued) Adding Groups and Changing Group Membership –Use the Local Users and Groups applet for managing groups in the professional versions of Windows. –The applet is located in the Computer Management administrative tool.

17 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows XP Windows XP provides the User Accounts applet in the Control Panel for basic user and group management. –User Accounts uses a reference to account types that is actually a reference to the user account’s group membership. –An account that is a member of the local Administrators group is called a computer administrator; an account that belongs only to the local Users group is called a limited user account. –When an administrator is logged on, the administrator sees both types of accounts and the guest account. Limited users see only their own account in User Accounts.

18 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows XP (continued) To create a user account, you need to provide a user name (a password can and should be added later), and you need to know which type of account to create: computer administrator or limited. –To create a new user in Windows XP, open the User Accounts applet from the Control Panel and click Create a new account. –On the Pick an account type page, you can create either type of account.

19 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows XP (continued) Figure 3: User Accounts dialog box showing a computer administrator, a couple of limited accounts, and the guest account (disabled)

20 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows XP (continued) Figure 4: The Pick an account type page showing both options available

21 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows XP (continued) You can also use the Change the way users log on and off option. Select it to see two checkboxes: –If you select the Use the Welcome screen checkbox, Windows brings up the friendly Welcome screen. –If this box is unchecked, you’ll get the classic logon screen.

22 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows XP (continued) Figure 5: Select logon and logoff options

23 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows XP (continued) Fast User Switching enables you to switch to another user without logging off the current user. –Use this option when two people actively share a system, or when someone wants to borrow your system for a moment but you don’t want to close all of your programs. –This option is active only if you have the Use the Welcome screen checkbox enabled.

24 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows XP (continued) Figure 6: Welcome screen with three accounts

25 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows XP (continued) Figure 7: Classic logon screen, XP style

26 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows XP (continued) Figure 8: Switching users on the Welcome screen

27 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows Vista and Windows 7 Three accounts are created at installation: –Guest, Administrator, and a local account that’s a member of the Administrators group Tools used to manage user accounts differ among the versions of Vista: –User Accounts (Professional, Business, and Ultimate in a domain) –User Accounts and Family Safety (all the other versions, including Ultimate not in a domain); offers Parental Controls

28 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows Vista and Windows 7 (continued) Figure 9: User Accounts and Family Safety applet in the Control Panel Home in Windows Vista Home Premium

29 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows Vista and Windows 7 (continued) Figure 10: User Accounts applet in the Control Panel Home in Windows Vista Ultimate

30 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows Vista and Windows 7 (continued) Figure 11: User Accounts applet in Windows Vista Business

31 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows Vista and Windows 7 (continued) Figure 12: User Accounts applet in Windows Vista Home Premium

32 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows Vista and Windows 7 (continued) Parental Controls –Parental Controls enable an administrator account to manage other accounts. Can manage usage, monitor and report activity, block specific applications, and set time limits.

33 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows Vista and Windows 7 (continued) Figure 13: Parental Controls

34 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows Vista and Windows 7 (continued) Figure 14: Manage Accounts

35 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Managing Users in Windows Vista and Windows 7 (continued) Figure 15: Adding a new user

36 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Advanced User Management The professional editions of Windows include the Local Users and Groups tool. –Located in Control Panel | Administrative Tools | Computer Management –Use it to create, modify, and remove users and groups. Using multiple object types, Windows allows you to add more than just users to a group.

37 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Advanced User Management (continued) Figure 16: Local Users and Groups in Windows Vista

38 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Advanced User Management (continued) Figure 17: New Group dialog box in Windows Vista

39 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Advanced User Management (continued) Windows uses multiple object types to define what you can add –Object types include user accounts, groups, and computers –Each object type can be added to a group and assigned permissions You can either add group membership to a user’s properties or add a user to a group’s properties.

40 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Advanced User Management (continued) Figure 18: Select Users, Computers, or Groups dialog box in Windows Vista

41 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Advanced User Management (continued) Figure 19: Select Users, Computers, or Groups dialog box with Advanced options expanded to show user accounts

42 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Advanced User Management (continued) Figure 20: Properties dialog box of a user account, where you can change group memberships for that account

43 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Authorization through NTFS

44 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS Permissions NTFS permissions –Lists users and groups granted access to a file or folder –Lists the specific level of access allowed –Available only on volumes formatted as NTFS (Security tab) –NTFS security is effective whether a user... Gains access at the computer Gains access over the network

45 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS Permissions (continued) Here are a few rules about NTFS permissions: –You can see the NTFS permissions on a folder or file by accessing the file’s or folder’s Properties dialog box and opening the Security tab. –NTFS permissions are assigned to both user accounts and groups, although it’s considered best practice to assign permissions to groups and then add user accounts to groups rather than add permissions directly to individual user accounts. –Whoever creates a folder or a file has control over that folder or file.

46 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS Permissions (continued) Here are a few rules about NTFS permissions (continued): –Administrators do not automatically have complete control over every folder and file. If an administrator wants to access a folder or file they do not have permission to access, they can go through a process called Take Control.

47 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS Permissions (continued) Ownership –When you create a new file or folder you become the owner. –Owners have Full Control. –Owners can change permissions. Take Ownership permission –Enables a user to take ownership of a file or folder. –Administrator account can take ownership of any files or folders. Change Permission –Can give or take away permissions for other accounts.

48 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS Permissions (continued) Figure 21: The Security tab lets you set permissions.

49 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS Standard Permissions Folder permissions –Apply to folders File permissions –Apply to files

50 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS Folder Permissions Full Control –Enables you to do anything you want –To deny all access, deny Full Control Modify –Enables you to do anything except delete files or subfolders, change permissions, or take ownership Read & Execute –Enables you to read files and run programs

51 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS Folder Permissions (continued) List Folder Contents –Enables you to see the contents of the folder and subfolders, but not read or change files Read –Enables you to read any files in the folder Write –Enables you to write to files and create new files and folders

52 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS Folder Permissions (continued) By default, permissions are inherited from parent folders. –This can be prevented by removing the check mark at the bottom.

53 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS File Permissions Full Control –Enables you to do anything Modify –Enables you to do anything except take ownership or change permissions Read & Execute –If the file is a program, you can run it Read –If the file is data, you can read it Write –Enables you to write to the file

54 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition The user’s effective permissions are the cumulative permissions resulting from a combination of user and group permissions. –Sally is in the Administrator group. –Sally has Read permission on a folder. –The Administrator group has Full Control on the folder. –Sally’s effective permission is Full Control—cumulative from Full Control and Read. –Deny permission overrides all other permissions. Deny always becomes the effective permission. Combining Permissions

55 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Permission Propagation Permissions are retained or changed when files and folders are moved or copied. Propagation differs when files and folders are –Copied or moved within an NTFS partition –Copied or moved between two NTFS partitions –Copied or moved between an NTFS and FAT or FAT32 partition

56 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Permission Propagation (continued) Figure 22: Special permissions

57 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Permission Propagation (continued) Within one NTFS partition –Copy Creates two copies of object Original retains permissions New copy inherits permissions of new container –Move Creates one copy of object Object retains permissions

58 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Permission Propagation (continued) Between two NTFS partitions –Copy Creates two copies of object Original retains permissions New copy inherits permissions of new container –Move Creates one copy of object Object inherits permission of new container

59 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Permission Propagation (continued) Between an NTFS partition and a FAT or FAT32 partition –Copy Creates two copies of an object Original retains permissions New copy loses all permissions –Move Creates one copy of object Object loses all permissions FAT32 offers no permissions at all!

60 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Techs and Permissions Need administrative privileges to work Don’t ask for password—make the administrator log you in Avoids false accusations

61 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows XP Lock down My Documents –Selecting the option to Make this folder private blocks the contents from anyone accessing them. –Click the checkbox next to Encrypt contents to secure data to encrypt. Shared Documents make sharing among accounts easy; all accounts can access Shared Documents Simple file sharing does not take advantage of NTFS permissions properly. All or nothing.

62 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows XP (continued) Figure 23: Making personal documents secure from prying eyes

63 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows XP (continued) Figure 24: Shared Music Properties dialog box

64 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows XP (continued) Figure 25: Folder shared, but seriously not secure

65 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows XP (continued) Can turn off simple file sharing in Windows XP Professional –Tools | Folder Options | View | deselect “Use simple file sharing (Recommended)” –Windows XP Professional in a domain automatically disables simple file sharing.

66 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows XP (continued) Figure 26: Turning off simple file sharing

67 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows XP (continued) Figure 27: Full sharing and security options in Windows XP

68 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows Vista In Vista simple file sharing is replaced with targeted sharing; public folder expands on the side of Shared Documents. –Targeted sharing Reader gives read-only permission. Contributor gives read and write, plus delete for documents the user created. Co-owner can do anything with a shared resource. –Public Folder (and subfolders) available both locally and over the network for users.

69 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows Vista (continued) Figure 28: File Sharing dialog box on a standalone machine

70 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows Vista (continued) Figure 29: Permissions options

71 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows Vista (continued) Figure 30: Shared folders in the Public folder

72 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Sharing in Windows 7 Windows 7 keeps the file sharing options of Windows Vista and adds homegroups. Instead of sharing individual files or folders, you can use HomeGroup to share libraries, such as your Documents or Music libraries. –Any files in your shared libraries will be automatically accessible to everyone in the homegroup, though you can also use more specific permissions. –You’ll need a password to join a homegroup, to protect the security of any shared data.

73 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Locating Shared Folders Figure 31: Shared Folders tool in Computer Management Use the Computer Management administrative tool to view all folders shared on a computer.

74 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Administrative Shares Created by default—appear as C$ or E$ Used so administrators can access everything If deleted, they will be recreated at reboot Cannot change their default permissions Hidden—they do not appear when you browse a machine over the network, though you can map them by name

75 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Protecting Data with Encryption Take Ownership permission means that even non-shared documents are not safe from the hands of administrators. Encryption involves scrambling the data in a file or folder so that only the account that encrypts it can read it. The Encrypting File System (EFS) is available only in professional versions of Windows—the home versions have no built-in encryption capabilities.

76 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Protecting Data with Encryption (continued) Figure 32: Click the Advanced button on the General tab

77 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Protecting Data with Encryption (continued) Figure 33: Selecting encryption

78 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Protecting Data with Encryption (continued) BitLocker Drive Encryption—offered only on Vista/7 Enterprise and Ultimate editions –Encrypts full drives –Locks the drive –Requires a Trusted Platform Module (TPM) chip on the motherboard –Be sure to store the recovery key securely.

79 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition Protecting Data with Encryption (continued) Figure 34: Enabling BitLocker Drive Encryption

80 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition User Account Control (UAC)

81 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition User Account Control Originally introduced in Windows Vista Not very popular because it was very intrusive –Vista’s UAC manifested as a pop-up dialog box that seemed to appear every time you tried to do anything on a Windows Vista system. –Nevertheless, UAC is an important security update for Windows Vista and Windows 7—it is also a common feature in both Mac OS and Linux/Unix. It was an attempt to solve the problems caused by confusing NTFS permissions, abused administrator accounts, and user accounts that had too many permissions.

82 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition User Account Control (continued) Figure 35: UAC in action—arrgh!

83 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition User Account Control (continued) Figure 36: UAC equivalent on a Mac

84 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition User Account Control (continued) Figure 37: Typically confusing settings for NTFS permissions

85 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition User Account Control (continued) Figure 38: The danger of administrator privileges in the wrong hands!

86 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista Informs users when they are about to do something that has serious consequences Common actions that require administrator privileges include: –Installing and uninstalling applications –Installing a driver for a device –Adjusting Windows Firewall settings –Browsing to another user’s directory –Many more…

87 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) In previous versions of Windows, higher- level privileges were given to the Power Users group. –Often-ignored group, not used in small environments

88 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) Figure 39: Power Users group—almost never used at the small office/home level

89 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) Several changes were made to the way privileges are used: –Daily/routine use of administrator account is no longer necessary. –Any level of account is now able to accomplish tasks easily. –If a standard user account needs to do something that requires higher privileges, the user has to enter the administrator’s password. –If a user with administrator privileges wants to run something that requires administrator privileges, the user does not have to reenter his or her password, but the user does have to respond to an “Are you sure?”- type dialog box.

90 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) How UAC works for both standard and administrator accounts –If a standard user attempts to do something that requires administrator privileges, he or she sees a UAC dialog box that prompts for the administrator password. –If a user with administrator privileges attempts to do something that requires administrator privileges, a simpler UAC dialog box appears.

91 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) Figure 40: Prompting for an administrator password in Vista

92 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) Figure 41: Classic UAC prompt

93 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) There are four different UAC prompts (UAC Consent Prompt) in Vista: –Blocked program: A program blocked by a security policy –Unverified: An unknown third-party program –Verified: A digitally signed, third-party program or non-core OS program –Published by Vista: A core part of the operating system

94 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) Figure 42: Blocked program

95 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) Figure 43: Unverified program

96 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) Figure 44: Verified program

97 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition User Account Control (continued) Figure 45: Published by Vista

98 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) UAC uses small shield icons to warn you ahead of time that it will prompt you before certain tasks. The two most common ways to turn off UAC are: –In the User Accounts Control Panel applet, you’ll see an option to Turn User Account Control on or off. Select this option and uncheck the checkbox to turn UAC off. Check the checkbox to turn it on again. –Open up the System Configuration utility (msconfig) and select Disable UAC on the Tools tab—you will have to reboot for this to take effect.

99 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) Figure 46: Shield icons in the Control Panel

100 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) Figure 47: Turning User Account Control on or off

101 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows Vista (continued) Figure 48: Disabling UAC in the System Configuration utility

102 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows 7 Changed to address customer complaints about how UAC was implemented in Windows Vista (either fully on or completely off). Windows 7 version is “less in your face.”

103 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows 7 (continued) Figure 49: Change User Account Control settings option

104 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows 7 (continued) Four UAC levels: –Always notify—works exactly as it does in Vista, displaying the aggressive consent form every time you do anything that typically requires administrator access –Don’t notify me when I make changes –Notify me only when programs try to make changes –Never notify—effectively turns off UAC

105 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows 7 (continued) Figure 50: Four levels of UAC

106 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows 7 (continued) Whether UAC notifies you with a darkened or undarkened desktop or prompts for an administrator password depends upon the levels set and who you are logged on as (administrator or standard user).

107 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows 7 (continued) Figure 51: Darkened UAC

108 © 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition UAC in Windows 7 (continued) Figure 52: Undarkened UAC

Download ppt "© 2012 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fourth Edition NTFS, Users,"

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.

MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.

Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
File sharing. Connect the two win 7 systems with LAN card Open the network.

File sharing. Connect the two win 7 systems with LAN card Open the network.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Similar presentations

Ads by Google