Chapter 14: Users, Groups, and Permissions
Take Ownership
- Administrators can use the ____________ permission to seize any file or folder on a computer, even those you don't actively share.
The 4 situations of Permission Propagation
- 1. Copying data within one NTFS-based volume. - 2. Moving data within one NTFS-based volume. - 3. Copying data between two NTFS-based volumes. - 4. Moving data between two NTFS-baed partitions.
Examples of common actions that require administrator privileges
- 1. Installing and uninstalling applications - 2. Installing a driver for a device - 3. Installing Windows Updates - 4. Adjusting Windows Firewall settings - 5. Changing a user's account type - 6. Browsing to another user's directory
The three groups of rwx stand for what?
- 1. Owner - Permissions for the owner of this file or folder. - 2. Group - Permissions for members of the group for this file or folder. - 3. Everyone - Permissions for anyone for this file or folder.
The 2 issues with permission propagation
- 1. Whether the data is being copied or moved. 2. Whether the data is coming from the same volume or a different one.
Home Groups
- A Home network that can share files and printers.
UAC Classification: Verified
- A digitally signed, third-party program or non-core OS program. - Are not part of the core of Vista and usually written by third parties. - Programs do have valid, verified certificates. - Dialog box is a gray-blue banner.
UAC Classification: Published by Vista
- A program that is a core part of the OS. - Written as part of the core of Vista and show up with a teal-bannered dialog box.
Multiple Groups
- A single account can be a member of:
Partitions
- Early version of Windows refer to grouping of cylinders or transistors on an HDD or SSD as:
Encrypting File System & BitLocker
- Advanced editions of Windows add a system that can encrypt files and folders called _______ and the most advanced editions feature drive encryption through _________.
Security Policies
- Are just rules we apply to users and groups to do everything but NTFS permissions. - Examples: Forcing anyone who logs on to your system to use a password that's at least 8 characters long.
Trusted Platform Module (TPM)
- BitLocker requires a special chip on the motherboard to function and it is called: - This chip validates on boot that the computer has not changed, that you still have the same OS installed and that the computer wasn't hacked by some malevolent program. - Also works in cases where you move the BitLocker drive from one system to another.
chmod command
- Command used to change permissions that uses a nonintuitive (means feels untrue) numbering system.
User Account Control (UAC) / VISTA
- Common in Vista and it manifested as a pop-up dialog box that seemed to appear every time you tried to do anything on a Windows Vista system.
Volumes
- Current version of Windows refer to groupings of cylinders or transistors on an HDD or SSD as:
Third-from-top level
- Displays a consent form and this consent form just pops up like a normal dialog box.
To enable BitLocker
- Double-click the BitLocker Drive Encryption icon in the classic Control Panel, or select security in the Control Panel Home view and then click Turn on BitLocker.
Chown command chown <new owner> filename
- Enables us to change the owner and the group with which a file or folder is associated. - Uses the following syntax.
User Account Control
- Enables users to know when they are about to do something that has serious consequences.
BitLocker to Go
- Enables you to apply BitLocker Encryption to removable drives, like USB-based flash drives. - Applies encryption and password protection, but doesn't require a TPM chip.
BitLocker Drive Encryption (BDE)
- Encrypts the whole drive, including every user's files and is not dependent on any noe account. - If your hard drive is stolen, all of the data on the hard drive is safe.
Administrative Shares
- Every version of Windows comes with several default shares, notably all hard drives. - They give local administrators administrative access to these resources, whether they log on locally or remotely. - You cannot change the default permissions on them. - You can delete them but Windows will re-create them automatically overtime you reboot. - They are hidden and they have been exploited by malware programs because users who setup their computers don't give the administrator account a password.
Characteristics of Local Security Policy
- Has a number of containers that help organize the many types of policies on a typical system. - Under each container are subcontainers or preset polices.
Windows Home Edition
- Have basically no security features?
Step 2: Add/Edit Users and/or Groups
- Head over to the Security tab. - You will notice two sections: the top section is a list of users and groups that currently have NTFS permissions to that folder, and the bottom section is a list of NTFS permissions for the currently selected users and groups.
Dialog
- If a Standard User attempts to do something that requires administrator privileges, he or she sees a __________ box that prompts for the administrator password.
Simpler UAC dialog box
- If a User with administrator privileges attempts to do something that requires administrator privileges, a _______________ appears.
Techs and permissions
- If an administrator does give you administrative permission for a PC and something goes wrong with that system while working on it, you can become the primary suspect. - Have the administrator create a new account for you that's a member of the Administrators group and then when you fix the problem, make sure the administrator deletes the account you used. - You can even ask the administrator to sit behind you while you finish.
NTFS
- If you copy an encrypted file to a drive formatted as anything but _____, you'll get a prompt saying that the copied file will not be encrypted. - If you copy to a drive with _______, the encryption stays. - The encrypted file, even if on a removable disk, will only be readable on your system with your login.
Key or password
- If you have a BitLocker failure because of tampering or moving the drive to another system, you need to have a properly created and accessible recovery _____ or recovery ________.
-rw-rw-r-- 1 mi6 299 Oct 2 18:36 launch_codes
- If you retype the 1s -1 command, you would see the following output.
1st common way to Turn Off UAC
- In the User Accounts Control Panel applet, you'll see an option to Turn User Account Control on or off. - Select this option and uncheck the checkbox to turn UAC off.
Second-from-top
- The default behavior for UAC in Windows 7 is the _______________ option.
Top Level (Always notify)
- Means you want UAC to work exactly as it does in Vista, displaying the aggressive consent form every time you do anything that typically requires administrator access.
1. Administrators 2. Power Users 3. Users 4. Guests
- Most common built-in groups in Windows.
Advanced Sharing
- Next, click on the permissions button. By default, all new Windows shares only have Read permission. - Here is where you set your share to Full Control.
Secondary method cont'd
- Once you select a user account, you can then choose what permission level to give to that user. - You have 2 choices: 1. Read and Read/Write. * Read simply means the user has read-only permissions. * Read/Write gives the user read and write permissions and the permission to delete any file the user contributed to the folder.
UAC Classification: Blocked program
- One of the 4 different Vista UAC prompts: - A program that has been blocked by a security policy. - Generates a scary-looking, red-banned dialog box.
UAC Classification: Unverified
- One of the 4 different Vista UAC prompts: - An unknown third-party program. - Lack any form of certificate to validate. - You get a yellow-banned dialog box warning you the application is unsigned and giving you two options: Allow the program to run (Yes) or not (No).
access
- Only the user who created those documents can _______ those documents. - Members of the Administrators group can override this behavior. - Members of the Users group (standard users) cannot.
Sharing in Windows Vista and & 7 in Public libraries
- Open Windows Explorer and click the down arrow next to one of the libraries folders; click the down arrow next to Music to see My Music and Public Music. - Every user can access anything saved in the Public Music folder.
You can interpret the permissions: - rw-rw-r-- 1 mi6 299 Oct 2 18:36 launch_codes
- Owner's permissions are 6: 4+2 (rw-) - Group's permissions are 6: 4+2 (rw-) - Everyone's permissions are 4: 4 (r--)
Sharing in Windows 8/8.1
- Right-click on some white space in File Explorer and select Show libraries. - Libraries is not visibly by default in Windows 8/8.1. - The Libraries folders show up just fine.
Sharing Resources Securely
- Scenario: Snyder family has a computer in the media room that acts as a media server. It has accounts for each family member. They have Windows Media Player and each user needs access to the shared collection of MP3 files. - Windows Vista and 7 make sharing simple through Public libraries for Documents, Music, Pictures, and Videos.
Advanced Sharing a Folder
- Select the folder you wish to share, right-click on it, and select Properties | Sharing tab. - From here, select Advanced Sharing. - Click on the Share this folder checkbox and give the folder a network share name.
Example of setting a Local Security Policy
- Set a local security policy that causes user passwords to expire every 30 days known as account password expiration or password age - To do this, open up the Account Policies container and then open the Password Policy subcontainer. - You can change it to 30 daisy double-clicking on Maximum password age and adjusting the setting in the Properties dialog box. - You can set value to 0 for it to never expire.
1. Shares (Select this one to reveal all of the shared folders) 2. Sessions 3. Open Files
- Shared Folders has 3 options that are called: - You can double-click on any share to open the Properties dialog box for that folder and then you can make changes to the share such as users and permissions just as you would any other sharing dialog box.
local shares
- Shares added manually are called:
chown m:mi6 launch_codes
- Syntax to change the group to mi6, type:
chown <owner> : <group> filename
- Syntax to change the group.
Windows security database
- The __________ stores the password, but that means access to your encrypted files is based on that specific installation of Windows. - If you lose your password, or an Administrator resets your password, you're locked out of your encrypted files permanently. NO RECOVERY. - Even if your computer dies and try to retrieve your data by installing the hard drive in another system your out of luck. - Even if you have an identical user name on the new system, the security ID that defines the user account will differ from what you had on the old system.
chmod <permissions> <filename>
- The chmod command uses the following syntax to make permission changes:
superuser
- The chown command needs ________ privileges (sudo or su).
Encrypting File System (EFS)
- The professional editions of Windows offer a feature called the ______ , which is an encryption scheme that any user can use to encrypt individual files or folders on a computer. - You can encrypt a file or folder by right-clicking on the file or folder you want to encrypt and select Properties. - In the properties dialog box for that object, select the General tab and click the Advanced button to open the Advanced Attributes dialog box. - Click the checkbox next to Encrypt contents to secure data. - Click OK to close the advanced attributes dialog box and then click OK again on the Properties dialog box, and you've locked that file or folder from any user account aside from your own.
encryption
- The scrambling of data through _________ techniques provides the only true way to secure your data from access by any other user.
-rw-rw-r-- 1 mikemyers users 299 Oct 2 18:36 launch_codes (rw-) owner (rw-) group (r--) everyone
- This file is called launch codes. The owner of the file is Mike Meyers. This file is in the users group. - The owner, mikemyers, has read and write privileges (rw-). - The group users has read and write privileges (rw-). - Everyone can read the launch codes (r--). - REMEMBER THEY ARE IN 3 GROUPS.
Secondary method or sharing resources securely in Windows 8/8.1
- This method is less powerful but easier to use. - Select anything you want to share (even a single file) in Windows Explorer/File Explorer and then simply right-click on it and select share (or Share with) | Specific people. - This opens the File Sharing dialog box where you can select specific user accounts from a drop-down list.
Step 2 cont'd
- To add a new user or group, click the Edit button. - In the permissions dialog box that opens, you can not only add new users and groups but also remove them and edit existing NTFS permissions.
chown m launch_codes
- To change the owner of launch_codes to m, type:
Four
- To make UAC less aggressive in newer versions of Windows, Microsoft introduced _____________ UAC levels. - To see these levels, go to the User Accounts applet and select Change User Account Control settings.
-1
- Typing this command in Linux terminal shows a detailed list of all the files and folders in a particular location.
UAC on Mac OS X
- UAC is an important security update for Mac OS X.
Shield
- UAC uses small _______ icons to warn you ahead of time that it will prompt you before certain tasks. - Clicking the feature next to a _________ will require administrator privileges.
Standard User (or Users group) & Administrator
- UAC works for both ____ and _____ accounts
chmod 660 launch_codes
- We can make any permission we want using only 3 numbers. - Current permissions can be represented by 664. - If you want to keep the launch codes out of the wrong hands, we just change the 4 to a 0: 660. - To make the change, we use the chmod command as follows:
Security Policies & User Account Control
- What are the 2 areas where we use users and groups to go beyond logging on to a system or sharing folders and files:
Windows Ultimate, Windows Enterprise, & windows 8/8.1 Pro Editions
- What version of Windows offers BitLocker Drive Encryption?
Four levels of UAC
- When you select the Change User Account Control settings option, you get a dialog box. - You see a slider with 4 levels.
Second-from-top level
- Will display the typical consent form, but only when programs try to make changes. - Example: A program, Adobe Download Manager is attempting to install a feature into Internet Explorer. - Because this is a program trying to make changes, the UAC consent form appears and darkens the desktop.
Shared Folders option
- Windows comes with a handy tool for locating all of the shared folders on a computer in the Computer Management console in Administrative Tools called _____________ option under System Tools.
Local Security Policy / INCLUDED IN ALL VERSIONS OF WINDOWS
- Windows provides thousands of preset security policies that you may use simply by turning them on in a utility called: - ALL VERSIONS OF WINDOWS HAVE THIS POLICY.
Private
- Windows uses NTFS to make the folders and files in a specific user's personal folders:
NT File System (NTFS)
- Windows uses the powerful _________ as the primary tool for providing AUTHORIZATION.
2nd common way to Turn Off UAC
- You can also configure UAC from the Tools tab in the System Configuration utility (msconfig).
msconfig
- You go to System config by typing in Windows start:
How to access Local Security Policy
- You may access this tool through Control Panel | Administrative Tools | Local Security Policy. - The command to open it on the command prompt is secpol.msc
What permissions do the letters r, w, and x represent?
- r stands for read the contents of a file. - w stands for write or modify a file or folder. - x stands for execute a file or list the folder contents.
How nonintuitive numbering system works as follows:
- r: 4 - w: 2 - x: 1
Permission
- rwxrwxrwx / Each of those letters represent a _________ for this file. - The dash is used to tell us if this listing is a file, directory, or shortcut.
Bottom option (Never notify)
- turns off UAC.
User Accounts
- A Windows Control Panel applet called: - A tool in Windows for configuring Users and Groups.
Local Users and Groups
- A more advanced utility in Windows edition for configuring Users and Groups: - You can find this utility in the Computer Management console in Administrative Tools. - It is an Microsoft Management Console (MMC) snap-in that is available in only some versions of Windows. (Pg. 233 of 30ird).
Full control (File NTFS permission)
- A standard NTFS permission for a file that enables you to do anything you want.
Read & Execute (File NTFS permission)
- A standard NTFS permission for a file that enables you to open and run the file.
Write (File NTFS permission)
- A standard NTFS permission for a file that enables you to open and write to the file.
Read (File NTFS permission)
- A standard NTFS permission for a file that enables you to open the file.
Modify (File NTFS permission)
- A standard NTFS permission for a file that enables you to read, write, and delete the file.
Full Control (Folder NTFS permission)
- A standard NTFS permission for a folder that enables you to do anything you want.
Modify (Folder NTFS permission)
- A standard NTFS permission for a folder that enables you to read, write, and delete both files and subfolders.
Read & Execute (Folder NTFS permission)
- A standard NTFS permission for a folder that enables you to see the contents of the folder and any subfolders as well as run any executable programs or associations in that folder.
List Folders Contents (Folder NTFS permission)
- A standard NTFS permission for a folder that enables you to see the contents of the folder and any subfolders. - Without this permission, you can get to the file but can't open the folder and see what's inside.
Read (Folder NTFS permission)
- A standard NTFS permission for a folder that enables you to view a folder's contents and open any file in the folder.
Write (Folder NTFS permission)
- A standard NTFS permission for a folder that enables you to write to files and create new files and folders.
Passwords / Part of securing User accounts
- A way to secure user account is by:
Important point 5 about NTFS permissions
- Administrators do not automatically have complete control over every folder and file. - If an administrator wants to access a folder or file they do not have permission to access, they may go through a process called Take Control.
Connecting to a Microsoft account
- Allows great benefits like data synchronization like logging you into Skype if you have Skype and iCloud services.
Power Users / Power Users group
- Almost as powerful as members of the Administrators group, but they cannot install new devices or access other users' files or folders unless the files or folders specifically provide them access. - Standard user that can install apps and make some configurations. A legacy type of user.
Change permission
- An account with this permission can give or take away permissions for other accounts.
Parental Controls (1)
- An administrator account can monitor and limit the activities of any standard user in Windows, a feature that gives parents and managers an excellent level of control over the content their children and employees can access.
Take Ownership permission
- Anyone with the permission can seize control of a file or folder. - Administrator accounts have Take Ownership permission for everything. - If you own a file, you can prevent anyone from accessing that file. - An Administrator whom you have blocked can take ownership away from you and then access that file.
password
- Associated with every user name is a: - A unique key known only by the system and the person using that user name.
Requirements for a strong password / Part of securing User accounts
- At least 8 characters in length that include letters, numbers, and punctuation symbols.
NTFS
- Authorization for Windows' files and folders is controlled by the _________ file system, which assigns permissions to users and groups. - In simple terms, it is how you want the user and groups to have access to files and folders. - All versions of Windows has the capability to configure NTFS.
administrator-level account
- Because limited users can't do common tasks, most users create an ______________ account and log on. - Such accounts have full control over the computer, so any malware or any simple user mistake that slips in through the account can do a lot of harm.
Third thing tech should know to see what happens when you copy or move an object, such as a file or folder
- Copying from one NTFS volume to another creates 2 copies of the object. - The copy of the object in the new location INHERITS the permissions from that new location. - The new copy can have different permissions than the original.
First thing tech should know to see what happens when you copy or move an object, such as a file or folder
- Copying within a volume creates two copies of the object. - The copy of the object in the new location INHERITS the permissions from that new location. - The new copy can have different permissions than the original.
Best Practice way to give NTFS permissions
- Create users and put the users into groups and give NTFS permissions to those groups. - Set NTFS permissions on a per folder basis for individual groups.
NTFS permissions
- Define exactly what any particular account can or cannot do to the file or folder and are quite detailed and powerful. - Example: You can set up ________ permissions allowing a user account to edit a file but not delete it. - Example: You could also configure _______ permissions to enable any member of a user group to create a subfolder for a particular folder.
Permissions
- Define exactly what users may do to a resource on the system.
Folder permissions
- Define what a user may do to a folder. - Example: "List folder contents," which gives the permission to see what's in the folder.
File permissions
- Define what a user may do to an individual file. - Example: "Read and Execute," which gives a user account the permission to run an excitable program.
The level of access
- Defined by a set of restrictions called NTFS permissions.
User account characteristics
- Each user account gets unique personal folders, such as Documents, Desktop, Pictures, Music, and more. - By default, only a person logged in as a specific user can access the personal folders for that user account. - For every different User account you have, you can set NTFS permissions for each of the gummy bears (USER ACCOUNT).
Guests / Guests group
- Enables someone who does not have an account on the system to log on by using a guest account. - Example: Might use this feature at a party, to provide casual Internet access to guests, or at a library terminal. - Limited Account - Makes no changes at all.
local user account
- Every Windows system stores the user accounts as an encrypted database of user names and passwords. - Windows calls each record in this database a:
How to add or remove NTFS permissions
- First select the user or group you wish to change and then clicking Edit to open a Permissions dialog box. - To add NTFS permission, select the allow checkbox next to the NTFS permission you want to add. - You remove an NTFS permission by deselecting the allow checkbox next to the NTFS permission you want to remove.
Administrators / Administrators group
- Grants complete control of the machine. - Any account that is a member of the Administrators group has complete _______ privileges. - Common for the primary user of a Windows system to have her account in the Administrators group. - Example: When you create the Jane user account and make Jane an administrator, your placing Jane in the Administrators group.
password expiration policy / Part of securing User accounts
- Having users change passwords at regular intervals and can be enforced by a: - Forces users to select a new password periodically. - Can cause some problems because users forget their password and then start writing them down.
log on
- If you don't have a local user account created on a particular Windows system, you won't be able to _________ to that computer.
How to turn inheritance on or off
- If you have access to a folder's Properties dialog box, click on the security tab, and then click the Advanced button, you'll see a little checkbox that says: Include inheritable permissions from this object's parent. - Uncheck the box if you want to turn off inheritance. - Inheritance is always expected.
Deny checkbox
- If you want to turn off inheritance for a specific folder or file without shutting down inheritance completely, use the _________ checkbox. - Clicking this textbook for a particular NTFS permission tells Windows to overrule inheritance and stop that particular NTFS permission.
The Settings Charm
- In Windows 8.1 enables you to create a new user account based on a global Microsoft account. - Accounts from _______ charm is the primary graphical place where Windows 8 wants you to create users.
A group (Container)
- Is a container that holds user accounts and defines the capabilities of its members. - Is an organization method. - An efficient way of managing multiple users, especially when you are dealing with a whole network of accounts. - Standalone computers like home users can rely on this too. - You can have a group called Movie watchers and another group called Movie Adders. - Makes it easier to assign permissions to these different groups and add users to appropriate group.
Activity Reporting
- Logs a user's successful and blocked attempts to run an application, visit a Web site, download a file, and more. - Enable you to limit the time that standard users can spend logged on.
non-alphanumeric characters / Part of securing User accounts
- Makes any password much more difficult to crack because of two reasons. 1. Forces the hacker to consider many more possible characters than just letters and numbers. 2. Most password crackers use a combination of common words and numbers to hack passwords.
Users / Users group (standard users)
- Members of the Users group cannot edit the Registry or access critical system files. - They can create groups but can manage only those they create.
Standard users
- Members of the users group are called: - They use apps, save files, browse the web & download. - Example: If you change the Jane account from administrator to standard user, you specifically take the Jane account out of the Administrators group and place it into the Users group. - Nothing happens with her personal files or folders, but what the Jane account can do on the computer changes rather dramatically.
User Account Control (UAC)
- Microsoft addressed the problem of administrator-level account with a feature that enables standard users to do common tasks and provides a permission dialog box when standard users and administrators do certain things that could potentially harm the computer. - A security feature introduced in Windows Vista to prevent unauthorized changes to Windows.
Fourth thing tech should know to see what happens when you copy or move an object, such as a file or folder
- Moving from one NTFS volume to another creates one copy of the object. - The object in the new location INHERITS the permissions from that new location. - The newly moved file can have different permissions than the original.
Second thing tech should know to see what happens when you copy or move an object, such as a file or folder
- Moving within a volume creates one copy of the object. - That object RETAINS its permissions, unchanged.
grayed-out
- NTFS Allow permissions that are __________ tells you that the permissions here are inherited. - These checkboxes cannot be changed.
Important point 2 about NTFS permissions
- NTFS permissions are assigned both to user accounts and groups, although it's considered best practice to assign permissions to groups and then add user accounts to groups instead of adding permissions directly to individual user accounts.
User Security
- NTFS permissions are windows strongest attribute for:
Creating a new account in Windows 8/8.1/10 cont'd
- On how will this person sign in? screen, you'll see options to use a valid Microsoft account, get a Microsoft account, add a child's account, or create a local account only. - The Add a child's account option creates an account with parental controls enabled.
Authorization
- Once a user authenticates, he or she needs _________: The process that defines what resources an authenticated user may access and what he or she may do with those resources. - What we can do on a folder-to-folder basis.
Creating a new account in Windows 8/8.1/10 cont'd (1)
- Once you've opted to do either a global or local account, Windows creates that account on the local machine. - Process takes a while because Windows creates all the folder structures and updates the local profile.
Creating a User account in Windows 7
- Open the User Accounts applet and select: Manage another account. - Click on Create a new account to see your options for making a new account. - This applet only enables you to make administrator accounts (in the Administrators group) or standard users (in the Users group).
To add a User in Windows Vista
- Open the User Accounts applet. - You may need to open User Accounts and Family Safety first. - Click Manage another account and select Create a new account. - Give the account a user name and select a user account type. - Then click Create Account.
User name & Password
- Opens the computer and provides some access to resources in the computer.
Important point 3 about NTFS permissions
- Permissions are cumulative. - If you have full control on a folder and only read permission on a file in the folder, you get Full Control permission on the file.
Permission Propagation
- Process of determining what NTFS permissions are applied to files that are moved or copied into a new folder.
Local users and groups tool
- Professional editions of Windows include the ___________ tool, which is a more powerful tool for working with user accounts. - You can create, modify, and remove users and groups.
Adding a group in Windows Professional
- Right-click on a blank spot in the Groups folder and select New Group. - This opens the New Group dialog box, where you can type in a group name and description in their respective fields.
User account
- Security begins with a: - A unique combination of a user name and an associated password, stored in some database on your computer, that grants the user access to the system. - They are also assigned to everything that runs programs on your computer. Every ____ ______ has a user name and a password. - Example: Every Windows system has a SYSTEM account that Windows uses when it runs programs.
Managing Users in Windows 8/8.1/10
- Select Change PC settings from the initial charm screen to open PC settings and get access to the Accounts option. - The User accounts applet in Control Panel enables you to make changes to current accounts (local or global), and gives you access to the settings charm when you opt to add a new account.
How to add users via the group's properties
- Select the Groups folder. - Right-click on a group and select Properties. - Beneath the Members list, click the Add button to search for and add user accounts to the group.
How to add group membership to a user account
- Select the user's folder, right-click a user account you want to change, and select properties from the context menu. - Then select the Member Of tab on the user account's Properties dialog box. - Click Add to add group membership.
Microsoft Accounts
- Starting with Windows 8, Microsoft shifted the focus of user accounts from local accounts to Internet-wide:
Parental Controls
- The Tasks links on the left are similar between editions of Windows (with the edition of ________ in the Home Premium edition), but the main options differ.
Parent folder
- The base rule of Windows inheritance is that any new files or folders placed into a folder automatically get all the NTFS permissions of the ________ folder. - Example: If you have Read and Execute access to a folder and someone else copies a file to that folder, you will automatically get Read and Execute permissions.
If you connect to a domain / Managing User in Windows Vista
- The default Control Panel Home view offers the User Accounts applet.
Security Tab
- The primary way to set NTFS permissions is through the ___________ tab under the folder or files properties.
Inheritance
- The process of determining the default NTFS permissions any newly introduced files or subfolders contained in a folder receive. - It's a good thing. - Anything you put into one folder automatically takes the NTFS permission of that particular folder. - Can be a big issue when we tend to make lots of folder and file changes on a system.
Authentication
- The process of identifying and granting access to some user, usually a person, who is trying to access a system. - In Windows, _________ is most commonly handled by a password-protected user account. - It is how we determine what an authenticated user can do to a system. - Opens the lid to our computer and gives us our own desktop.
The two main areas of the Security tab
- The top area shows the list of accounts that have permissions for that resource. - The lower area shows exactly what permissions have been assigned to the selected account.
authentication and authorization
- The two mechanisms that enable user account security:
Encrypted
- The user name and password are __________ on the system and only those with a user name and password are allowed access to the system via the login process.
Adding users in Windows 8.1 pro
- To add users to this group, click the Add button. - You can add more than just users to a group. - Windows uses multiple OBJECT types to define what you can add. - OBJECT types include user accounts, groups, and computers. - Each object type can be added to a group and assigned permissions. - The short version of how to add a user account is: Click the advanced button to expand the dialog box and then click the Find Now button.
Creating a new account in Windows 8/8.1/10
- To create a new account, click on the other accounts option. - This opens the manage other accounts page. - From this page you can modify the status or group of any current local user account. - Click the + symbol next to Add an account to get started.
Administrator priviledges
- To create and manage users, you must have:
User Accounts applet characteristics in Windows Vista Home Premium
- Uses Vista's version of the Welcome screen for logging on with a picture associated with it. - You can change the picture, name of the user account and alter the account type, demoting an account from administrator to standard user.
1. Ownership 2. Take Ownership permission 3. Change permission 4. Folder permissions 5. File permissions
- What are the basic concepts of NTFS permissions:
Ownership
- When you create a new file or folder on an NTFS partition, you become the OWNER of that file or folder. - Owners can do anything they want to the files or folders they own, including changing the permissions to prevent anybody, even administrators, from accessing them.
Managing Users in Windows 8/8.1/10 cont'd
- When you first set up a Windows 8/8.1/10 PC, you're prompted either to sign in to your Microsoft global account or create one at that time. - Any valid email address can serve as a Microsoft account. - You can opt to create a local user account instead and that will function like any local account on previous versions. - If you opt for a global Microsoft account, you'll synchronize photos, files, and Desktop settings. - Creating an account, local or not creates a local user account. - If you create an account tied to your global account, the local account gets created and then Windows applies the settings from you global profile. - Once valid user account is setup and have a functioning system, the Accounts area of the Settings app enables you to sign out, sign in, modify your profile picture, and etc.
Moving an object
- When you move an object within the same partition, it is the only time when NTFS permissions go along with the object.
Important point 4 about NTFS permissions
- Whoever creates a folder or a file has complete control over that folder or file. - This is called ownership.
Password hint / Part of securing User accounts
- Windows enables you to create a _________ for your accounts after your first logon attempt fails.
User's Group's
- You can either add Group membership to a _______ properties or add a user to a _______ properties. - You can use either method to remove users. - The level of flexibility makes the Local Users and Groups tool much more powerful and useful than the User Accounts Control Panel applets.
Managing Users in Windows Vista
- You create 3 accounts when you set up a computer: guest, administrator, and a local account that's a member of the Administrators group.
Important point 1 about NTFS permissions
- You may see the NTFS permissions on a folder or file by accessing the Properties dialog box for that file or folder and opening the Security tab.
If your machine is on a workgroup / Managing Users in Windows Vista
- You'll see the User Accounts and Family Safety applet.
user name
- is a text string that identifies the user account assigned to the system. - Example: "Mike1" or "John.smith" or "[email protected]."
The 2 sets of data that every folder and file on an NTFS partition has
1. The list details every user and group with access to that file or folder. 2. The list specifies the level of access each user or group has to that file or folder.
Groups make Windows administration much easier in two ways
1. You can assign a certain level of access for a file or folder to a group instead of to just a single user account. - Example: You can make a group called Accounting, and put all user accounts for the accounting department in that group. If a person quits, you don't need to worry about assigning all of the proper access levels when you create a new account for his or her replacement. - After you make the account for the new person, just add her account to the appropriate access group. 2. Windows provides numerous built-in groups with various access levels already predetermined.