Enabling Windows Active Directory and User Access Controls
Course Name and Number: _____________________________________________________
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
Lab Due Date: ________________________________________________________________
Overview
In this lab, you followed the Microsoft approach to securing the CIA triad. You created new user accounts and security groups, and applied the new user accounts to the security groups, just as you would in a real world domain. You created nested folders on the remote server and assigned unique file permissions using the new user accounts and security groups. You modified the
Windows Group Policy enabling each new user account to use remote desktop services to remotely access the TargetWindows01 server. Finally, you tested the security layers you placed in the previous parts of the lab by using each new user account to access and modify the nested folders on the remote server.
Lab Assessment Questions & Answers
1. What are the three fundamental elements of an effective security program for information systems? Identification, Authentication, and Authorization.
2. Of these three fundamental controls, which two are used by the Domain User Admin to create users and assign rights to resources?
Authentication and Authorization
2 | Lab #3: Enabling Windows Active Directory and User Access Controls
3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what types of access controls and permissions are probably configured?
Read only file type, not Read/Rewritable permissions set by an Adminstrative level atleast
4. What is the mechanism on a Windows server that lets you administer granular policies and permissions on a Windows network using role based access?
Group Policies
5. What is two-factor authentication, and why is it an effective access control technique?
"It is a two different type of identification process. Like an ID card and a pin code."
6. Relate how Windows Server 2012 Active Directory and the configuration of access controls achieve C-I-A for departmental LANs, departmental folders, and data.
"security details are created in the directory domain"
7. Is it a good practice to include the account or username in the password? Why or why not?
" this is a common starting place for hackers to start when attempting to log in to someonefis account or when trying to use another personfis access."
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
Student Lab Manual
3 | Lab #3: Enabling Windows Active Directory and User Access Controls
8. Can a user who is defined in Active Directory access a shared drive on a computer if the server with the shared drive is not part of the domain?
If the user is not granted specific access to the dir by an Admin they will not be able to access it.
9. When granting access to LAN systems for guests (i.e., auditors, consultants, third-party individuals, etc.), what security controls do you recommend be implemented to maximize confidentiality, integrity, and availability of production systems and data?
"Establish a limited account for access to only what they need, make them sign user and non-disclosure agreements." Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
Student Lab Manual
You May Also Find These Documents Helpful
-
7. In case the file is opened another application in the future for modifying the file, such as adding more content either text, pictures, etc.…
- 402 Words
- 2 Pages
Satisfactory Essays -
• Manager – user/users group with access rights to change all database information, including database ACL, replication and local encryption settings;…
- 767 Words
- 4 Pages
Good Essays -
Baldeo Persaud NT 1330 Unit 9 Assignment 1 During the design phase: Define the scope of application of Group Policy. Determine the policy settings that are applicable to all corporate users. Classify users and computers based on their roles and locations. Plan desktop configurations based on the user and computer requirements.…
- 113 Words
- 1 Page
Satisfactory Essays -
Since to Marketing Staff have dedicated work stations, they will be added to whatever type of user permissions needed per staff.…
- 308 Words
- 2 Pages
Good Essays -
This lab walks the student through the steps required to define Active Directory Group Policy Objects (GPO) as well as to deploy GPOs to domain computers. It also demonstrates how to use MBSA to profile a Windows system. Group…
- 952 Words
- 4 Pages
Satisfactory Essays -
Orange Creek, Inc., a Fortune 500 company, has moved into Lexington and is requesting bids for…
- 2372 Words
- 13 Pages
Powerful Essays -
The domain local group scope can contain users or groups from any domain in the forest, but can only be used to secure resources in the same domain as the group. The global group scope…
- 2578 Words
- 13 Pages
Satisfactory Essays -
1. You are the network administrator for a new company that has 10 users and that plans to add 5 more users within a year. The files need to be accessed by all 10 users, and each user must have different security rights.…
- 565 Words
- 3 Pages
Satisfactory Essays -
Q2. Which administrative user accounts can create a user account? The Schema Admin and the Ent Admin accounts can create user accounts.…
- 230 Words
- 2 Pages
Satisfactory Essays -
Issue four. You must research and formulate a plan to implement monitoring and analysis based on the premise that all employees have Internet access to browse the Web, there is no policy on the use of removable media, and several of the branch offices have encountered issues with malware recently. You must determine system implementation and access in accordance with defined IT criteria as well as how to collect information for identification of and response to security breaches or events.…
- 2096 Words
- 9 Pages
Powerful Essays -
(TCO 1) The _____ role is central to implementing Active Directory and creating one or more domains.…
- 278 Words
- 2 Pages
Satisfactory Essays -
The Active Directory domain structure is handy to have whether your client’s network is big or small. As you may recall, in Windows NT, each domain had its own Administrator account and its own Domain Admin group that was responsible for managing that domain. In Windows 2000 and 2003 Server, the domain Administrator account and the Domain Admin group still exist and can be used the same way that you were used to using them in Windows NT. There is also an Enterprise Admin group. Members of this group can manage any object within the entire Active Directory, regardless of what domain it exists within.…
- 1088 Words
- 3 Pages
Powerful Essays -
Question 1: What URL would you use in your computer's browser to test the functionality of the intranet Web site you just created?…
- 560 Words
- 3 Pages
Satisfactory Essays -
User-based and groups or role-based controls are two types of access controls for Windows Server 2003 for folders and authentication.…
- 251 Words
- 2 Pages
Good Essays -
Break down admin responsabilities and only give them the access for what duties they need to perform. PAM command is a great idea in this scenereo.…
- 304 Words
- 2 Pages
Satisfactory Essays