pace it - basic os security settings (part 1)

Basic operating system security settings I.

Instructor, PACE-IT Program – Edmonds Community College

Areas of expertise Industry Certifications

PC Hardware

Network Administration

IT Project Management

Network Design

User Training

IT Troubleshooting

Qualifications Summary

Education

M.B.A., IT Management, Western Governor’s University

B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger

with 10+ years of experience turning complex issues

into efficient and effective solutions.

Strengths include developing and mentoring diverse

workforces, improving processes, analyzing

business needs and creating the solutions

required— with a focus on technology.

PACE-IT.

– Users and groups.

– NTFS vs. share permissions.

Microsoft uses Users andGroups as the primary means of establishing authentication and authorization.

The user account is authorized to perform tasks and

functions based on the permissions granted to the

user and/or the group it belongs to. Individual users

can be granted permissions; however, it is more

common to place users into groups and then grant

permissions to the group.


Administrator accounts have complete control of the local machine.

The Administrator account has all rights and

permissions on a PC. It is recommended that the

administrator account not be used for daily use.



Power user.

Near administrator like

powers.

The power user can add printers

and some drivers. However, the

power user may not install

applications.

Standard user.

Not quite the same level

as the power user.

The standard user can run most

applications and can modify some

system settings.

Guest.

Most restricted

permissions.

Guest users should only be created

for temporary use. The user can run

basic applications, including a

browser.


– NTFS (New Technology File System)

permissions.» Only available on NTFS drives.

» Permissions can be based on user or group accounts.

» Permissions either allow an action or deny it (deny will override

allow every time).

• Read: the file can be viewed but not modified.

• Write: the file can be viewed and changes may be made and

saved.

• Read and Execute: programs require this permission to run.

• Modify: the file can be read, written to, and deleted.

• Full Control: the user can take ownership of the file or

program.


– Share permissions.» Shared files and folders over the network.

» Read: the default that every share receives.

» Change: the user can read and modify the file.

» Full Control: same as NTFS.

– NTFS vs. share permissions.» Permissions are cumulative (they stack).

» NTFS and share permissions are combined.

» The least restrictive permission from NTFS is compared to the

least restrictive permission from share and the most restrictive

of the two permissions is the active permission.


– Moving vs. copying and the effect on

permissions.» Moving: changing the location of a file or folder on the local

volume has no effect on the permissions.

» Copying: changing the volume location of a file or folder

means that the target systems (or volume) permissions are in

effect.

– File attributes.» Low level basic characteristics of the file or folder.

» Work with permissions, but are also separate from them.

» Take precedence over permissions and apply to all users.

» Read only: the operating system prevents anyone from making

changes to the file or folder. The attribute would need to be

changed before modification is possible.


The administrator account is all powerful, the power user account is slightly

less so, and the standard user account should be for day-to-day use. Guest

accounts should only be temporary in nature. Permissions can be granted

to users or groups or both. Common practice is to create a user and then

place the user in a group.

Topic

Users and groups.

Summary

NTFS permissions involve NTFS drives. Share permissions are placed on

network shares and permissions stack, with the most restrictive being

active. When moving a file or folder in a volume, permissions will remain

the same; however, when copying a file or folder to a new volume,

permissions may change. File attributes take precedence over permissions.

NTFS vs. share permissions.

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the

U.S. Department of Labor's Employment and Training Administration. The solution was

created by the grantee and does not necessarily reflect the official position of the U.S.

Department of Labor. The Department of Labor makes no guarantees, warranties, or

assurances of any kind, express or implied, with respect to such information, including

any information on linked sites and including, but not limited to, accuracy of the

information or its completeness, timeliness, usefulness, adequacy, continued availability

or ownership. Funded by the Department of Labor, Employment and Training

Administration, Grant #TC-23745-12-60-A-53.

PACE-IT is an equal opportunity employer/program and auxiliary aids and services are

available upon request to individuals with disabilities. For those that are hearing

impaired, a video phone is available at the Services for Students with Disabilities (SSD)

office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call

425.354.3113 on a video phone for more information about the PACE-IT program. For

any additional special accommodations needed, call the SSD office at 425.640.1814.

Edmonds Community College does not discriminate on the basis of race; color; religion;

national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran

status; or genetic information in its programs and activities.