Pace IT - Basic OS Security Settings (Part 1)

Basic operating
system security
settings I.

Instructor, PACE-IT Program – Edmonds Community College
Areas of expertise Industry Certifications
 PC Hardware
 Network Administration
 IT Project Management
 Network Design
 User Training
 IT Troubleshooting
Qualifications Summary
Education
 M.B.A., IT Management, Western Governor’s University
 B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.

PACE-IT.
– Users and groups.
– NTFS vs. share permissions.

Basic operating system security settings I.

Microsoft uses Users and
Groups as the primary
means of establishing
authentication and
authorization.
The user account is authorized to perform tasks and
functions based on the permissions granted to the
user and/or the group it belongs to. Individual users
can be granted permissions; however, it is more
common to place users into groups and then grant
permissions to the group.

Administrator accounts
have complete control of the
local machine.
The Administrator account has all rights and
permissions on a PC. It is recommended that the
administrator account not be used for daily use.

Power user.
Near administrator like
powers.
The power user can add printers
and some drivers. However, the
power user may not install
applications.
Standard user.
Not quite the same level
as the power user.
The standard user can run most
applications and can modify some
system settings.
Guest.
Most restricted
permissions.
Guest users should only be created
for temporary use. The user can run
basic applications, including a
browser.

– NTFS (New Technology File System)
permissions.
» Only available on NTFS drives.
» Permissions can be based on user or group accounts.
» Permissions either allow an action or deny it (deny will override
allow every time).
• Read: the file can be viewed but not modified.
• Write: the file can be viewed and changes may be made and
saved.
• Read and Execute: programs require this permission to run.
• Modify: the file can be read, written to, and deleted.
• Full Control: the user can take ownership of the file or
program.

– Share permissions.
» Shared files and folders over the network.
» Read: the default that every share receives.
» Change: the user can read and modify the file.
» Full Control: same as NTFS.
– NTFS vs. share permissions.
» Permissions are cumulative (they stack).
» NTFS and share permissions are combined.
» The least restrictive permission from NTFS is compared to the
least restrictive permission from share and the most restrictive
of the two permissions is the active permission.

– Moving vs. copying and the effect on
permissions.
» Moving: changing the location of a file or folder on the local
volume has no effect on the permissions.
» Copying: changing the volume location of a file or folder
means that the target systems (or volume) permissions are in
effect.
– File attributes.
» Low level basic characteristics of the file or folder.
» Work with permissions, but are also separate from them.
» Take precedence over permissions and apply to all users.
» Read only: the operating system prevents anyone from making
changes to the file or folder. The attribute would need to be
changed before modification is possible.

The administrator account is all powerful, the power user account is slightly
less so, and the standard user account should be for day-to-day use. Guest
accounts should only be temporary in nature. Permissions can be granted
to users or groups or both. Common practice is to create a user and then
place the user in a group.
Topic
Users and groups.
Summary
NTFS permissions involve NTFS drives. Share permissions are placed on
network shares and permissions stack, with the most restrictive being
active. When moving a file or folder in a volume, permissions will remain
the same; however, when copying a file or folder to a new volume,
permissions may change. File attributes take precedence over permissions.
NTFS vs. share permissions.

This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.

Pace IT - Basic OS Security Settings (Part 1)

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Pace IT - Basic OS Security Settings (Part 1)

Ähnlich wie Pace IT - Basic OS Security Settings (Part 1) (20)

Mehr von Pace IT at Edmonds Community College

Mehr von Pace IT at Edmonds Community College (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Pace IT - Basic OS Security Settings (Part 1)