Chapter 14: Users, Groups and Permissions

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which term refers a unique combination of a user name and an associated password?

user account

_______________ refers to a unique combo of a user name and an associated account

user account

What two sets of data does every folder and file on an NTFS partition list?

user group access and level of access

Created automatically by Windows, ________ give local administrators access to resources whether they log on locally or remotely?

Administrative shares

Which string displayed using the ls ?l command in a Linux terminal indicates that group permissions are set to read and modify?

-rw-rw-r--

A strong password is at least ____ characters

8

Which character in a password is most helpful in defeating common word hacks?

@

What process identifies and grants user access to a user who is trying to access a system?

Authentication

What process determines what a legit user can and cannot do on a system?

Authorization

_________ determines what a legit user can and cannot do.

Authorization

What tool or mechanism defines what resources a user may access and what he or she may do with such resources?

Authorization through NTFS

If you use the System Configuration utility (msconfig) and select Disable UAC on the Tools tab, what further action is required to turn off UAC?

Reboot

Beyond Sharing Users and Groups:

Beyond Sharing Users and Groups

How can you encrypt an entire drive, including files and folders belonging to other users?

BitLocker

What tool is offered by Windows Vista Ultimate and Enterprise editions to encrypt entire hard drives?

BitLocker

Passwords help secure user accounts

CompTIA recommends users change password at regular interventions, enforced by a Password Expiration policy.

All Window systems store the user accounts as an encrypted database of user names and passwords. Windows calls each record in this database a LOCAL USER ACCOUNT.

Creating a user account generates a number of folders on a computer. In Windows, for example, each user account gets unique personal folders, such as Documents, Desktop, Pictures, Music and more. By default, only a person logged in as a specific user can acess the personal folders for that user account.

What file system enables you to encrypt files, thus making them unviewable by any account but your own?

EFS

_________ ratings such as E, T and M can be used to allow or block computer game us?

ESRB

All versions of Windows have LOCAL SECURITY POLICY utility. You can access this tool through Control Panel-Administrative Tools-Local Security Policy but you can just open it as a command line and run secpol.msc

EXAM TIP: Local Security policies are very powerful. Covering just enough here to cover a very basic questions on the Exam.

EXAM TIP: The default behavior for the UAC in Windows 7 is the second from top is "Do you want to allow the following program to make changes to this computer?"

Each of these options isn't a program - each is merely a feature built into Windows. Those shields tell you that clicking feature next to a shield will require administrator privileges.

FILES: Modify

Enables you to read, write and delete file

How many notification levels of UAC did MS include in Windows 7?

Four

What type of access is granted if you log on to a computer remotely as an admin with no password?

Guest

What process is described as a file or folder automatically getting all the NTFS permissions of the parent folder?>

Inheritance

On every Windows system, each record in an encrypted database of user names and passwords is called a(n)______________

Local User Accounts

Authorization for Windows files and folders is controlled by the ________ file system, which assigns permissions to users and groups

NTFS

What is the primary tool Windows uses for providing authorization?

NTFS

YOu ropy a file from a folder on a hard drive formatted as NTFS, with permissions set to Read for everyone, to a USB thumb drive formatted as FAT32. What effective permissions does the copy of the file have?

None

In Windows 7, which UAC notification level is the default setting?

Notify me only when programs try to make changes

What option enables you to share files easily among multiple users on a single Windows 8 system?

Place the file in public libraries

By default, who has complete control over a folder of file?

Owner

Everyone

Permissions for anyone for this file or folder

How are Libraries folders displayed in Windows 8.1 File Explorer?

Right click in the navigation and click Show Libraries

What tool in Windows 8.1 enables you to create a new user account based on a global MS account?

Settings charm

What chip on the motherboard validates on boot that you still have the same operating System installed and that the computer was not hacked by some malevolent program?

TPM

What does Bitlocker require on a motherboard to validate on boot that a Windows Vista computer has not been changed?

TPM

Which NTFS permission allows an account to seize control of a file or folder owned by another account?

Take ownership permission

What happens to a file or folder permission if it is copied within an NTFS partition?

The original retains permission and the copy inherits permission

The second from top level will display the typical consent form, but only when programs try to make changes.

The third from top-level displays a consent form but where the normal concent form dims your desktop and doesn't allow you to do anything but address the form, this consent just pops up like a normal dialog box. EXAM TIP: Make sure you know what each of the four UAC Levels does

How to turn off UAC

Two common ways: User Accounts Control Panel applet, you will see option to TURN user Account Control off. You can also configure UAC from the Tools tab in the System Configuration utility. UAC in Windows Vista worked well but it startled users.

An unpopular, but necessary, security feature introduced in Windows Vista was ____________

UAC

What is the Windows Vista tool for managing users and groups>?

User Account Applet

What UAC classification is associated with a digitally signed, third-party program or non-core OS program?

Verified

Authentication

What process identifies and grants access to a user who is trying to access a system

rwx

What three letters are used in a Linux terminal to indicated permissions associated with a file or folder

What's the difference between a program making a change and you making a change?

Windows 7 is set to the second from top option, in this case. A program (the very safe and verified) adobe download manager is attempting to install a feature into Internet Explorer. Because this is a program trying to make changes, the UAC consent form appears and darkens the desktop. If you lower the UAC to the third from top option, you still see a consent form, but now it acts like a typical dialog box.

Change Permissions

can give or take away permissions from other accounts

What command is used to change file permissions in Linux?

chmod

Which Linux command enables you to change the owner and the group with which a file or folder is associated?

chown

A password _______ policy forces users to select a new password periodically

expiration

Chmod Command:

is used to change permissions.

UAC in Modern Windows:

less aggressive in your face. MS introduced four UAC levels. Go to the User Account applet and select Change User Account Control settings A slider with four levels: the top level (Always notify) means you want UAC to work exactly as it does in Vista, displaying the aggressive content form middle level (Don't notify me when I make changes middle level (Notify me when programs try to make changes) The bottom level (Never notify me)

Linux File Permissions accessed by what command?

ls -l

Users Group

members cannot edit the Registry or access critical system files. They can create groups but can manage on those they create. These are called STANDARD USERS.

Opening a command line and running ___________ provides access to a utility called a Local Security Policy

secpol.msc

How to set NTFS permissions

Right click Properties-security tab-"edit" to make changes. Top section shows accounts that have permissions for resource. Bottom section shows permissions assigned to account.

Full Control Permissions

Same for files and folders - grants full control

FOLDER: Write

Enables you to write to files and create new files and folders

Windows security from the point of view or a single or STANDALONE machine.

AUTHENTICATION WITH USERS AND GROUPS

The "primary operating system" is the operating system on which the file sharing protocol in question is most commonly used. On Microsoft Windows, a network share is provided by the Windows network component "File and Printer Sharing for Microsoft Networks", using Microsoft's SMB (Server Message Block) protocol.

Administrative shares give local administrators administrative access to these resources whether they log on locally or remotely. In contrat, shares added manually are called LOCAL SHARES.

Before Vista, MS invented the idea of Power Users group to give users almost all of the power of an admin account without actually giving users the full power of the account

Assigning a user to the Power Users group still required someone who knew how to do this, however, to most folks at home/office level simply ignored to the Power Users group. MS needed a better method to prevent people from running problems that they should not run.. But those who have the rights to do what they want, it should be as simple as possible.

Windows Ultimate and Enterprise editions and Wind8 offer full drive encryption through BITLOCKER DRIVE ENCRYPTION. Encrypts the whole drive, including every user's files so it's not dependent on any one account. If your hard drive is stolen, all the data on the hard drive is safe.

Bitlocker requires a special Trusted Platform Module (TPM) chip on the motherboard to function.

MS needed to make the following changes: the idea of using an admin account for daily use needed to go away. any level account should be able to do anything as easily as possible If a regular account wants to do something that requires administrator privileges, the user of the regular account will need to enter the admin password If a user with admin privileges wants to run something that requires admin privileges, the user will not have to reenter his or her password. If a user with admin privleges wants to run something that requires admin privileges, the user will not have to reenter his or her password, but the user will have to respond to "Are you Sure" dialog box - the famous UAC dialog box.

Both Linux and MAC OS have been using a UAC function for a long time, it's called SUDO.

With the ____________ permission for an NTFS partition, you can give or take away permissions for other accounts.

Change

FOLDER: Read

Enables you to view a folder's contents and open any file in the folder

What techniques provide the only true way to protect your data from access by any other user?

Encryption

Security begins with USER ACCOUNT, a unique combo of a user name and an associated password, stored in some database on your computer, that grants the user access to the system

Every Windows system has a SYSTEM account that Windows uses when it runs programs. Two mechanisms enable user account security: AUTHENTICATION and AUTHORIZATION

Windows administration allows a certain level of access for a file or folder to be assigned to a(n) _____________ rather than just a single user account.

Group

To log onto a standalone Windows PC, you need a(n) ________________

Local user account

Just right click on the file or folder you want to encrypt, select Properties. In the Properties dialog box for that object, select the General tab and click the Advanced Button to open the Advanced Attributes dialog box.

Encryption is just one possible attribute of a file. You can make files, hidden, read-only and more from a file or folder's Properties dialog box.

For groups, Windows Admin is easy: first, you can assign a certain level of access for a file or folder to a group instead of just a single user account. You can make a group called Accounting and put all user accounts for the accounting department in that group. Second, Windows provides numerous built-in groups with various access levels already pre-determined.

EXAM TIP: Be familiar with these groups for the exam: Administrators, Power Users, Users, Guests

From a tech's standpoint, you need to be aware of how permissions can change when you move or copy files, and if you are still in doubt about a sensitive file, check it before you sign off to a client

EXAM TIP: Current versions of windows refer to a grouping of cylinders or transistors on an HDD or SSD as volumes. Earlier versions refer to such groupings as PARTITIONS. Be ready for either term.

Consider four situations in this situation:

Copying data within one NTFS-based volume Moving data within one NTFS-based volume Copying data between two NTFS-based volumes Moving data between two NTFS-based partitions

Folder Permissions

Defines what a user can do to a folder or sub-folder: view, modify, etc.

Add/Edit Users and/or Groups

Head over to Security tab. There are two sections: the top section is a list of users and groups that currently have NTFS permissions to that folder and the bottom section is a list of NTFS permissions for the currently selected users and groups. to add a new user or group, click the edit button. In Permission dialog box that opens, you cannot only add new users and groups but also remove them and edit existing NTFS permissions.

If you use EFS, you simply must have a valid password reset disk in the event of a horrible event.

If you copy an encrypted file to a drive formatted as anything but NTFS, you will get a prompt saying that the copied file will not be encrypted. If you copy to a drive with NTFS, the encryption stays. The encrypted file, even on a removable disk, will only be readable on your system with your login

NTFS Permissions

In Windows, every folder and file on an NTFS partition has a list that contains two sets of data. First, the list details every user and group with access to that file or folder. Second, the list specifies the level of access each user or group has to that file or folder. The level of access if defined by a set of restrictions called NTFS permissions.

Administrative shares are odd ducks: you cannot change the default permissions on them. You can delete them, but Windows will recreate them automatically ever time you reboot. They're hidden so they don't appear when you browse a machine over the network, though you can map them by name.

Keep admin passwords safe, and these default shares won't affect the overall security of the computer.

chmod

Linux/MAC OS X used to change permissions uses numbering system (r4, w2, x1) and uses binary math to combine permissions

Chown

Linux/MAC OSX enables changing a file/folder's owner or group. Syntax: chown<new owner> filename

Which NTFS permission for a colder is defined as enabling you to read, write and delete both files and subfolders?

Modify

By default, who has complete control over a folder or file?

Owner

When you create a new file or folder on an NTS partition you become the _______ of that file folder

Owner

EXAM TIP: Exam only tests your understanding of only a few basic concepts of NTFS permissions:

Ownership, Take Owner permission, Change permission, folder permission, File permissions

Group

Permissions for members of the group for this file or folder

Local Users and Groups

Professional editions of Windows include the LOCAL USERS AND GROUPS tool, a more powerful tool for working with user accounts. You can create, modify and remove users and groups. Home editions of Windows do not have the Local Users and Groups utility. You must use the User Accounts applet or the Settings charm.

Selecting _________ while adding a new user in Windows 7 makes that user a member of the local Users group

Standard user

Administrative shares have been exploited by malware programs especially because many users who set up their computers never give the admins account a password.

Starting WinXP Home, MS changed the remote access permissions for such machines. If you log on to a computer remotely as an administrator with no password, you get guest access rather than admin access. That neatly nips potential exploits in the bud.

Techs and Permissions

Techs and Permissions

3. Copying from one NTFS volume to another creates two copies of the object.

The copy of the new object in the new location INHERITS the permission from that new location. The new copy can have different permissions than the original

1. Copying within a volume creates two copies of the object

The copy of the object in the new location INHERITS the permissions from that new location. The new copy can have different permissions than the original

UAC works for both standard user accounts and administrator accounts. If a standard user attempts to do something that requires administrator privileges, you will see a UAC dialog box that prompts for the admin password

The official name for the UAC dialog box is the "UAC consent prompt" VISTA has four consent prompts

What happens to a file or folder permission if it is copied within an NTFS partition?

The original retains permissions, and the copy inherits permissions from the new locations.

Protecting Data with Encryption

The scrambling of data through ENCRYPTION techniques provides the only true way to secure your data from access by any other user. Admin can use the Take Owernship Permission to seixe any file or folder on a computer, even those you don't actively share. Thus, you need to implement other security measures for that data that needs be ultra secure. Depending on the version of Windows, you have between zero and three encryption tools. Windows Home Editions have no security features. Advanced editions of Windows add a system that can encrypt files and folders called ENCRYPTION FILE SYSTEM. Finally, the most feature drive encryption through BIT LOCKER

What Windows Vista feature provides a dialog box when standard users and administration perform certain tasks that could potentially harm the computer?

User Account Control

What feature in Windows 7 opens a consent prompt for standard users to enter administrator credentials to accomplish various tasks reserved for the latter group?

User Account Control

If your Vista computer is on a workgroup what applet is used to manage user accounts?

User Accounts and Family Safety

If your Vista computer is on a workgroup, what applet is used to manage user accounts?

User Accounts and Family Safety

What two sets of data does every folder and file on an NTFS partition list?

User and group access and level of access

Authorization Through NTFS

Windows uses the powerful NT File System (NTFS) as the primary tool for providing authorization.

What permission enables an administrator to change the ownership of a file without knowing the user account password for that file?

take Ownership permission

Permission propagation

Same Volume Different volume MOVE keeps orig. perms Inherits new perms COPY inherits new perms inherits new perms

UAC (User Account Control)

____________ enables standard users to perform certain tasks and provides a permission dialog box when standard users and administrators do certain things that could potentially harm the computer

Sharing Resources Securely

Sharing Resources Securely

At least one account must be an administrator account.

UAC (User Account Control) gives admins greater control

Guests Group

this group enables someone who does not have an account on the system to log on by using a guest account.

The standard NTFS permissions for a FOLDER:

Full Control, Modify, Read and Execute, List Folder Contents, Read and Write

NTFS File Permissions:

Full control, modify, read & Execute, Read, Write

A _________ is a collection of user accounts that share the same access capabilities

Group

File Permissions

Defines what a user can do to a file . read, write, delete, etc.

Just like windows, every file and folder on a Linux and Mac OSX system has permissions. Go to Linux terminal and type this command: ls-l. This shows a detailed list of all the files and folders in a particular location.

-rwxrwxrwx We have three groups of rwx. The three groups, in order, stand for: OWNER, GROUP, EVERYONE.

Administrative share. Administrative shares are hidden network shares created by Windows NT family of operating systems that allow system administrators to have remote access to every disk volume on a network-connected system. These shares may not be permanently deleted but may be disabled.

A C-share is a class of mutual fund with a level load. Class C shares tend to not have front-end loads, but they often carry small back-end loads. These loads are typically around 1% and may vanish once the investor has held the shares of the mutual fund for a year.

Whoever creates a folder or a file has complete control over that folder or file. This is called OWNERSHIP.

Administrators do not automatically have complete control over every folder and file. If an admin wants to access a folder or file they do not have permission to access, they may go through a process called TAKE CONTROL.

Viewing the Permissions You can view the permissions by checking the file or directory permissions in your favorite GUI File Manager (which I will not cover here) or by reviewing the output of the \"ls -l\" command while in the terminal and while working in the directory which contains the file or folder. The permission in the command line is displayed as: _rwxrwxrwx 1 owner:group User rights/Permissions The first character that I marked with an underscore is the special permission flag that can vary. The following set of three characters (rwx) is for the owner permissions. The second set of three characters (rwx) is for the Group permissions. The third set of three characters (rwx) is for the All Users permissions. Following that grouping since the integer/number displays the number of hardlinks to the file. The last piece is the Owner and Group assignment formatted as Owner:Group. Modifying the Permissions When in the command line, the permissions are edited by using the command chmod. You can assign the permissions explicitly or by using a binary reference as described below. Explicitly Defining Permissions To explicity define permissions you will need to reference the Permission Group and Permission Types. The Permission Groups used are: u - Owner g - Group o - Others a - All users The potential Assignment Operators are + (plus) and - (minus); these are used to tell the system whether to add or remove the specific permissions. The Permission Types that are used are: r - Read w - Write x - Execute So for an example, lets say I have a file named file1 that currently has the permissions set to _rw_rw_rw, which means that the owner, group and all users have read and write permission. Now we want to remove the read and write permissions from the all users group. To make this modification you would invoke the command: chmod a-rw file1 To add the permissions above you would invoke the command: chmod a+rw file1 As you can see, if you want to grant those permissions you would change the minus character to a plus to add those permissions. Using Binary References to Set permissions Now that you understand the permissions groups and types this one should feel natural. To set the permission using binary references you must first understand that the input is done by entering three integers/numbers. A sample permission string would be chmod 640 file1, which means that the owner has read and write permissions, the group has read permissions, and all other user have no rights to the file. The first number represents the Owner permission; the second represents the Group permissions; and the last number represents the permissions for all other users. The numbers are a binary representation of the rwx string. r = 4 w = 2 x = 1 You add the numbers to get the integer/number representing the permissions you wish to set. You will need to include the binary permissions for each of the three permission groups. So to set a file to permissions on file1 to read _rwxr_____, you would enter chmod 740 file1. Owners and Groups I have made several references to Owners and Groups above, but have not yet told you how to assign or change the Owner and Group assigned to a file or directory. You use the chown command to change owner and group assignments, the syntax is simplechown owner:group filename, so to change the owner of file1 to user1 and the group to family you would enter chown user1:family file1.

Advanced Permissions The special permissions flag can be marked with any of the following: _ - no special permissions d - directory l- The file or directory is a symbolic link s - This indicated the setuid/setgid permissions. This is not set displayed in the special permission part of the permissions display, but is represented as a s in the read portion of the owner or group permissions. t - This indicates the sticky bit permissions. This is not set displayed in the special permission part of the permissions display, but is represented as a t in the executable portion of the all users permissions Setuid/Setgid Special Permissions The setuid/setguid permissions are used to tell the system to run an executable as the owner with the owner\'s permissions. Be careful using setuid/setgid bits in permissions. If you incorrectly assign permissions to a file owned by root with the setuid/setgid bit set, then you can open your system to intrusion.

Basic rule of Windows Inheritance is that any new files or folders placed into an folder automatically get all the NTFS permissions of the parent folder. For example, you will automatically get Read and Execute permission.

All versions of Windows have inheritance turned on by default. if you access a Properties' dialog box, click on the Security tab, and then click the Advanced button, you will see a little cbeckbox that says INCLUDE INHERITABLE PERMISSIONS FROM THIS OBJECT'S PARENT.

Administrator groups

Any account that is a member of the Administrators group has complete administrator privileges. Administrator privileges grant complete control over a machine. It is common for the primary user of a Windows system to have her account to the Admin group.

Authentication gives user access to a system

Authorization is how we determine what an authenticated user can do with a system

FOLDER: Modify

Enables you to read, write, and delete both files and subfolders

FOLDER: List Folder Contents

Enables you to see the contents of the folder and any subfolders

FOLDER: Read & Execute

Enables you to see the contents of the folder and any subfolders as well as run any executable programs or associations in that folder

CONFIGURING USERS AND GROUPS

Every version of Windows includes one or two users and group management tools. Most editions of Windows include a Control panel applet called User Accounts. More advanced editions include a second, more advanced utility called LOCAL USERS AND GROUPS. You will find this in the Computer Management console in Administrative Tools.

Examples of common actions that require administrator privileges:

Installing and uninstalling applications Installing a driver for a device Installing Window Updates Adjusting Windows Firewall settings Changing a user's account type Browsing to another user's directory

So I will show you some documents and folders that you want to focus on and show you how the optimal permissions should be set. home directories- The users\' home directories are important because you do not want other users to be able to view and modify the files in another user\'s documents of desktop. To remedy this you will want the directory to have the drwx______ (700) permissions, so lets say we want to enforce the correct permissions on the user user1\'s home directory that can be done by issuing the command chmod 700 /home/user1. bootloader configuration files- If you decide to implement password to boot specific operating systems then you will want to remove read and write permissions from the configuration file from all users but root. To do you can change the permissions of the file to 700. system and daemon configuration files- It is very important to restrict rights to system and daemon configuration files to restrict users from editing the contents, it may not be advisable to restrict read permissions, but restricting write permissions is a must. In these cases it may be best to modify the rights to 644. firewall scripts - It may not always be necessary to block all users from reading the firewall file, but it is advisable to restrict the users from writing to the file. In this case the firewall script is run by the root user automatically on boot, so all other users need no rights, so you can assign the 700 permissions.

Linux/MAC OS X: Users: Group, Everyone, Owner

Managing Users in Windows 8-10

MS started to shift focus of user accounts from local accounts to internet-wide MS accounts. Windows 8 debuted the Settings charm. Select Change PC settings from the initial charm screen to open PC settings and gets access to the Accounts option. Note that the User Accounts applet in Control Panel enables you to make changes to the current accounts (local or global) and gives you access to the Settings Charm (or app in Windows 20) when you opt to add new account

Windows uses NTFS to make the folders and fiiles in a specific user's personal folders (Documents, Music, Pictures and so on) private. Only the user who created those documents can access those documents.

Members of the admin group canoverride this behavior, but members of the Users group (standard users) cannot. On a Shared windows machine, you will need to take extra steps and actively share resources to make them avialable for multiple users.

Power Users Group

Members of this group are almost as powerful as members of the Admin group, but they cannot install new devices or access other users' files or folders unless the files or folders specifically provide them access.

Sharing a folder. Select folder-right click on it - select Properties-Sharing tab. From here, select Advanced Sharing. Click on the share this folder checkbox and give the folder a network share name

Next, click on Permissions button. By default, all new windows shares only have Read permission. Here is where you set your share to Full Control.

LOCAL SECURITY POLICY has a number of containers that help organize the many types of policies on a typical system. Each container are subcontainers or preset policies. A local Security Policy can use user passwords to expire every 30 days. To do this, open up the Account Policies container and then open the Password Policy subcontainer.

On almost all Windows versions your local user account passwords expire after 42 days. You can change this to 30 by double-clicking on Max Password age and adjusting the setting in the Properties dialog box. If you set the value to 0 the password will never expire. This setting only works for your local user accounts.

Take Ownership Permission

Permission allows admin user to seize control (take ownership) of file or folder to access it.

NTFS permissions are assigned both to user accounts and groups though it is best practice to assign permissions to groups then add user accounts to groups instead of adding permissions directly to individual user accounts

Permissions are cumulative. If you have Full Control on a folder and only Read permission on a file in the folder, you get Full Control permission on the file.

Owner

Permissions for the owner of this file or folder

"protect yourself from passwords"

Permissions in Linux and Mac OSX: EXAM concentrates on Windows users, groups and permissions, remember the concepts for Linux and Mac OSX. Look at the chmod and chown commands as they are listed as exam objectives.

Techs need to know these four things

Techs need to know what happens when you copy or move an object, such as a file or folder

2. Moving within a volume creates one copy of the object.

That object retains its permissions, unchanged

4. Moving from one NTFS volume to another creates one copy of the object.

The object in the new location INHERITS the permissions from that new location. The newly moved file can have different permissions than the original

The TPM chip validates on boot that the computer has not changed, that you still have the same OS installed.

To enable Bitlocker, double-click the Bitlocker Drive Encryption icon in the Classic Control Panel, or select Security in Control Panel Home and then click Turn on Bitlocker.

What ________ enables you to manager user accounts in Windows

User account applet

User Account Control

Vista had the worst. UAC got a bad rap but it an important security update for all versions of Windows, it's also a common feature in both MAC and Linux. UAC enables users to know when they are about to do something that has serious consequences.

Ownership

When specific user creates file or folder they become the owner of that object giving them full permissions to set and modify all user permissions of that object

you need local admin privileges to change almost on a Windows machine, such as small updates, change drivers, and install applications.

When you have fixed a system and changed the password to get there, have admin changed the password you used when you are finished.

You may see the NTFS permissions on a folder or file by accessing the Properties dialog box for that file or folder and opening the Security tab.

Windows editions for home use have a limited set of permissions you can assign. As far as folder permission go, you can only assign only one: Make this Folder Private.

Managing Users in Windows Vista:

You create three accounts when you set up a computer: guest, administrator, and a local account that's a member of the Administrators group. To add or modify a user account, you have many options depending on which Control Panel view you select and which edition and update of Vista you have installed. Most techs changed the Control View to Classic.

Groups

a container that holds user accounts and defines the capabilities of its members. A single account can be a member of multiple groups. Groups are an efficient way of managing multiple users, especially when you are dealing with a whole network of accounts. Standalone computers rely on groups, too, though Windows obscures this a little, especially with home users.

Parental Controls

an administrator account can monitor and limit the activities of any standard user in Windows, a feature that gives parents and managers an excellent level of control over the content their children and employees can access. Activity Reporting logs a user's successful and blocked attempts

https://www.howtoforge.com/linux-chown-command/

chown command enables us to change the owner and the group with which a file or folder is associated.

BitLocker To Go

enables you to apply Bitlocker encryption to removable drives, like USB-based flash drives. Although it shares a name, Bitlocker to Go applies encryption and password protection but doesn't require a TPM chip.

FILES: Full Control

enables you to do anything you want

FOLDER: Full Control:

enables you to do anything you want

FILES: Read & Execute

enables you to open and run the file

FILES: Write

enables you to open and write to the file

FILES: Read

enables you to open the file

https://www.lifewire.com/finding-shared-windows-folders-816533

https://www.wikihow.com/Access-Shared-Folders-in-Windows-7

Inheritance

is the process of determining the default NTFS permissions any newly introduced files or subfolders contained in a folder receive. Inheritance is a huge issue as we tend to make lots of folder and file changes on a system. We need to let NTFS know that we want to do when new files and folders suddenly appear.

Permission Propagation

is the process of determining what NTFS permissions are applied to files that are moved or copied into a new folder. Be careful! You might be tempted to think, given you've just learned about inheritance, that any new files/folders copied or true, and COMPTIA wants to make sure you know the it. It really depends on two issues: whether the data is being copied or moved, and whether the data is coming from the same volume or a different one.

The letters r, w. and x represent the following permissions:

r = read the contents of a file

Security Policies

rules we apply to users and groups do work with NTFS permissions. Would you like to configure your computer so that the Accounting Group can only log on between 9 a.m. to 5 p.m.? There's a security policy for that. You can force new users to create an 8 character password. Windows provides thousands of preset security policies that you may use simply by turning on in a utility called LOCAL SECURITY POLICY.

Authentication:

the process of identifying and granting access to some user, usually a person, who is trying to access a system. In Windows, this is most commonly handled by a password-protected account. The process of logging into a system is where the user types in an active user name and password.

Authorization:

the process that defines that resources an authenticated user may access and what he or she may do with those resources. Authorization for Windows files and folders is controlled by the NTFS file system, which assigns permissions to users and groups. These permissions define exactly what users may do to a resource on the system.

Encryption File System

the professional editions of Windows offer a feature the ENCRYPTING FILE SYSTEM (EFS), an encryption scheme that any user can use to encrypt individual files or folders on a computer

his example uses symbolic permissions notation. The letters u, g, and o stand for "user", "group", and "other". The equals sign ("=") means "set the permissions exactly like this," and the letters "r", "w", and "x" stand for "read", "write", and "execute", respectively. The commas separate the different classes of permissions, and there are no spaces in between them. Here is the equivalent command using octal permissions notation: chmod 754 myfile Here the digits 7, 5, and 4 each individually represent the permissions for the user, group, and others, in that order. Each digit is a combination of the numbers 4, 2, 1, and 0: 4 stands for "read", 2 stands for "write", 1 stands for "execute", and 0 stands for "no permission." So 7 is the combination of permissions 4+2+1 (read, write, and execute), 5 is 4+0+1 (read, no write, and execute), and 4 is 4+0+0 (read, no write, and no execute).

to make the change, we use the chmod command as follows: chmod 660 launch_codes

w = write or modify a file or folder

x = execute a file or list the folder contents


Set pelajaran terkait

Psych 101 final study guide Quiz 1-2

View Set

Real Deal Anatomy Test Study Set

View Set