SPSCC_CNA121_Chpt_5_User_Management
users
A Standard user account derives its privileges from being a member of the local ____ group.
Guest account
A built-in Windows 10 account with minimal privileges intended to give very limited access to Windows 10. This account is disabled by default.
trusted platform module (TPM)
A chip on the motherboard of a computer that is designed to securely store encryption keys and certificates.
user profile
A collection of desktop and environment configurations for a specific user or group of users. By default, each user has a separate profile stored in C:\Users.
folder redirection
A feature that redirects profile folders from the local computer to a network location.
User Accounts applet
A legacy interface for user management in Control Panel.
Microsoft Passport
A multifactor authentication system in Windows 10 that enhances security by avoiding the use of a user name and password. Biometric authentication on the client allows access to the remote system.
peer-to-peer network
A network where all computers store their own security information and share data.
domain-based network
A network where security information is stored centrally in Active Directory.
smart card
A physical card containing a certificate that can be used as an authentication method.
mandatory profile
A profile that cannot be changed by users. Users can make changes to their desktop settings while they are signed in, but the changes are not saved. Ntuser.dat is renamed to Ntuser.man.
public profile
A profile that is merged with all other user profiles. The public profile does not contain an Ntuser.dat file.
secure sign-in
A sign-in method that adds the requirement to press Ctrl+Alt+Delete before signing in.
fast user switching
A sign-in method that allows multiple users to have applications running at the same time. However, only one user can be using the console at a time.
assigned access
A sign-in option that you can configure for a single local user account that restricts the user to using only an assigned Windows Store app; often used to configure Windows 10 as a kiosk.
naming convention
A standard process for creating names on a network or stand-alone computer. Corporate environments establish these for user accounts, computers, folders, network shares, printers, and servers. Names should be descriptive enough that anyone can figure out what the resource is.
standard user account
A type of user account that does not have privileges to modify settings for other users. This type of account is a member of the Users local group.
local user account
A user account that is defined in the SAM database of a Windows 10 computer. They are valid only for the local computer.
roaming profile
A user profile that is stored in a network location and is accessible from multiple computers. These profiles move with users from computer to computer.
security identifier (SID)
A user- or group-specific number that is added to the access control list of a resource when a user or group is assigned access.
peer-to-peer
A(n) ____ network (or workgroup) consists of multiple Windows computers that share information.
Roaming
A(n) ____ profile is typically configured for users who work on various computers on a network.
Local Users and Groups MMC snap-in
An MMC snap-in that is used to manage users and groups.
Microsoft account
An account that is stored online by Microsoft. You can use it to authenticate to multiple Microsoft cloud services and Windows 10.
virtual smart card
An authentication method similar to a smart card, but the certificate is stored in a TPM on the motherboard rather than on a physical card.
PIN authentication
An authentication method where you enter a device-specific PIN rather than a user name and password.
picture password authentication
An authentication method where you trace gestures on a picture.
biometric authentication
Authentication that is based on physical characteristics of the user, such as a fingerprint or facial recognition.
pass-through authentication
Automatic authentication to a remote resource when the local computer passes the local credentials to the remote computer.
Windows Hello
Biometric authentication functionality in Windows 10. At release, this feature supported fingerprints, facial recognition, and iris scanning.
cached credentials
Credentials that are stored in Windows 10 after a user has signed in to a domain or Microsoft account. They can be used to sign in when a domain controller cannot be contacted or when there is no network connectivity.
SID
Each user account is assigned a(n) _______________ to ensure that security is kept intact if the account is renamed.
Windows sign-in screen
For computers that are not joined to a domain, this way of signing in displays a list of local user accounts that you can select from for authentication. For domain-joined computers, only the most recently used account is listed.
built-in local groups
Groups that are automatically created for each Windows 10 computer and stored in the SAM database.
The user needs to reset the password on the Microsoft website for Microsoft accounts.
How do you reset the password for a Microsoft account? a. A local administrator can reset the password in the User Accounts applet in Control Panel b. The user needs to reset the password on the Microsoft website for Microsoft accounts. c. Use a password reset disk. d. A local administrator can reset the password in ACCOUNTS settings. e. A local administrator can reset the password by using the Local Users and Groups MMC snap-in.
user account
Required account used for authentication to prove the identity of a person signing in to Windows 10.
Users
Standard users are members of which built-in local group? a. Administrators b. Guests c. Remote Desktop Users d. Users
Administrator
The User Accounts applet in Control Panel is a simplified interface for user management; however, in Win 10 certain modifications such as changing account name or account type requires a(n) _________ account.
Local Users and Groups
The ____ MMC snap-in allows you to create and manage both user accounts and groups.
Domain Admins
The _____________ group becomes a member of the Administrators local group when a Windows 10 computer joins a domain.
initial account
The account with administrative privileges created during the installation of Windows 10.
The Administrator account
The built-in Windows 10 account that is created during installation and has full rights to the system. This account cannot be deleted or removed by the Administrators group.
Security Accounts Manager (SAM) database
The database used by Windows 10 to store local user and group information.
Ntuser.dat
The file containing user-specific registry entries in a user profile.
default profile
The profile that is copied when new user profiles are created.
an administrator account
The type of user account that is made a member of the Administrators local group and has full rights to the system.
The logon script box
This section of the Users Properties - Profile tab allows you to define a script that is run each time during sign-in. This script can be located on the local computer or another workgroup member. It is typically a batch (.bat) file or VBScript (.vbs) file that is used to configure the computer with mapped drive letters for accessing network shares.
True
True or False: A roaming profile is located on a network server.
True
True or False: After you set a PIN for a domain account on your laptop, that PIN can be used only on your laptop.
False
True or False: Because the initial user account created during installation is a member of the Administrators group, it has all of the characteristics of the Administrator account.
False
True or False: Because user names are case sensitive, you can use capitalization to ensure that they are unique.
False: If the computer is part of an Active Directory domain, and the user signs in using a domain user account, the SAM database is not used.
True or False: If the computer is part of an Active Directory domain, and the user signs in using a domain user account, the user account in the SAM database are verified with Microsoft over the Internet.
False
True or False: In a domain-based network, each server authenticates users by using the SAM database.
True
True or False: Local user accounts are stored in the SAM database.
False
True or False: Microsoft account credentials can be used only when a computer has active internet connectivity.
False: The "Power Users" group is a legacy group left over from previous versions prior to Windows 7 and has no built in added privileges.
True or False: The "Power Users" group in Windows 10 has elevated privileges by default.
False: User names are not case sensitive
True or False: User names are case sensitive and allow you to create unique user sign-in name.
• Access Control Assistance Operators • Administrators • Backup Operators • Cryptographic Operators • Distributed COM Users • Event Log Readers • Guests • Hyper-V Administrators • IIS_IUSRS • Network Configuration Operators • Performance Log Users • Performance Monitor Users • Power Users • Remote Desktop Users • Remote Management Users • Replicator • System Managed Accounts Group • Users
What are the Windows 10 built-in groups?
Administrator, Guest, Initial Account, & Default Account
What are the default user accounts included with Windows 10?
• Windows sign-in screen • Secure sign-in • Fast user switching • Automatic sign-in • Assigned access
What are the five ways you can sign into Windows 10?
lusrmgr.msc
What do you type under "Run" to open the Local Users and Groups MMC snap-in?
Using an SID for security ensures that accounts can be renamed without losing security information. The SID for each user account is unique.
What is the benefit to having the SID written to the Access Control List (ACL) instead of the user account name?
C:\Users\%USERNAME%, where %USERNAME% is a variable representing the name of the user account.
What is the default location of user profiles?
Slow sign-in and sign-out times if the user stores large files in their user profiles. Redirecting folders avoids the slow sign-in and sign-out process that can occur with large files. Profile corruption is also minimized because the sign-out process is faster and access to the registry is more likely to be terminated properly during sign-out.
What's the primary disadvantage of roaming profiles and what's the best way to resolve it's shortcomings?
Windows Hello
Which authentication method can use a fingerprint scanner to authenticate users? a. Microsoft account b. Domain account c. Windows Hello d. Microsoft Passport e. Smart card
It has a blank password by default and it cannot be deleted.
Which characteristics apply to the Administrator account? Choose all that apply. a. It has a blank password by default. b. It cannot be deleted. c. It cannot be renamed. d. It is visible on the sign-in screen. e. It can be locked out.
It has a blank password by default. It cannot be deleted. It is disabled by default. It can be locked out.
Which characteristics apply to the Guest account? Choose all that apply. a. It has a blank password by default. b. It cannot be deleted. c. It cannot be renamed. d. It is disabled by default. e. It can be locked out.
\ and *
Which characters are not allowed in user account names? Select all that apply. a. \ b. 1 c. $ d. * e. !
NTUSER.DAT
Which file in a profile contains user-specific registry settings? a. AppData b. NTUSER.DAT c. NTUSER.MAN d. SYSTEM.DAT e. Local Settings
Default
Which profile is copied to create a profile for new user accounts? a. Default User b. Public c. Blank d. Default e. New
Public
Which profile is merged into each user profile when the user is signed in? a. Default User b. Public c. Blank d. Default e. New
Fast user switching
Which sign-in method allows multiple users to have applications running on the computer at the same time? a. Assigned access b. Secure sign-in c. Fast user switching d. Automatic sign-in
Secure sign-in
Which sign-in method requires users to press Ctrl+Alt+Delete before signing in? a. Assigned access b. Secure sign-in c. Fast user switching d. Automatic sign-in
Local Users and Groups MMC snap-in
Which user management tool is required to assign a logon script to a user? a. User Accounts in Control Panel b. Local Users and Groups MMC snap-in c. Advanced User Accounts applet d. Advanced Users and Groups MMC snap-in
Fast user switching
____ allows multiple users to have applications running in the background on a Windows 10 computer at the same time.
Multifactor / Two-factor
____ authentication consists of at least two pieces of evidence presented to the authentication mechanism.
