Enable Windows Active Directory and User Access Controls

50

Lab #3 | Enable Windows Active Directory and User Access Controls

Lab #3 – Assessment Worksheet

Enable Windows Active Directory and User Access Controls
Course Name and Number:

Student Name:

Instructor Name:

Lab Due Date:

Overview
This lab provides students with the hands-on skills needed to create a new Active Directory domain in
Windows Server 2003 and demonstrates how to configure a centralized authentication and policy definition for access controls. The Active Directory users and workstation plug-ins will be used to create users, groups, and configure role-based access permissions and controls on objects and folders in a Windows Server 2003
Active Directory system.

Lab Assessment Questions & Answers 1. What two access controls can be set up for Windows Server 2003 folders and authentication?
The two access controls that can be set up for Windows Server 2003 folders and authentication User or Group

access to the folder and the ability to modify contents of the folder.

2. you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of
If

access controls and permissions are probably configured?
The type of access controls and permissions that are probably configured are Modify , Read or Full control.

3.
What is the Windows tool that allows you to administer granular policies and permissions on a Windows
­

network using role-based access?
The Windows tool that allows you to administer granular policies and permissions on a Windows network using role-based access is the Group Policy Object Editor

38351_LB03_Pass2.indd 50

26/02/13 11:54 PM

Assessment Worksheet

51

4.
Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve

CIA for departmental LANs, departmental folders, and data.

Windows Server 2008 R2 Active Directory and the configuration of access controls achieve CIA for departmental LANs and departmental folders and data

by using user authentication (logon/password) to access the network. It also give users or groups permissions or deny them access to files or

folders.

5.
Would it be a good practice to include the account or user name in the password? Why or why not?

No because then hackers will have an easier time hacking the password

6.
Can a user who is defined in the Active Directory access a shared drive if that user is not part of

the domain?

No a user cannot access a shared drive if that user is not part of that domain.

Windows Server 2003 require a user's logon/password credentials prior to

accessing shared drives

38351_LB03_Pass2.indd 51

Enable Windows Active Directory and User Access Controls

7.
Does Windows Server 2003 require a user’s logon/password credentials prior to accessing shared drives?

3

26/02/13 11:54 PM

52

Lab #3 | Enable Windows Active Directory and User Access Controls 8.
Using what you know about access controls, what security controls would you recommend when

granting access to LAN systems for guests (i.e., auditors, consultants, third-party individuals, etc.) that will maintain CIA of production systems and data?

38351_LB03_Pass2.indd 52

26/02/13 11:54 PM