Lab #3 – Assessment Worksheet
Enabling Windows Active Directory and User Access Controls
NT2580
Course Name and Number: _____________________________________________________
Mark Henry Salvador
Student Name: ________________________________________________________________
Brockman
Instructor Name: ______________________________________________________________
10/07/2014
Lab Due Date: ________________________________________________________________
Overview
In this lab, you followed the Microsoft approach to securing the CIA triad. You created new user accounts and security groups, and applied the new user accounts to the security groups, just as you would in a real world domain. You created nested folders on the remote server and assigned unique file permissions using the new user accounts and security groups. You modified the
Windows Group Policy enabling each new user account to use remote desktop services to remotely access the TargetWindows01 server. Finally, you tested the security layers you placed in the previous parts of the lab by using each new user account to access and modify the nested folders on the remote server.
Lab Assessment Questions & Answers
1. What are the three fundamental elements of an effective security program for information systems?
Identification, Authentication, Authorization
2. Of these three fundamental controls, which two are used by the Domain User Admin to create users and assign rights to resources?
Authentication and Access Control
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION
2
3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured?
List Folder Contents - Security Policy based control
4. What is the mechanism on a Windows server where you can administer granular policies and permissions on a Windows network using role-based access?
Group Policy Editor
5. What is two-factor authentication, and why is it an effective access control technique?
Two Factor uses two of the three authentication types; knowledge, ownership, characteristic.
6. Relate how Windows Server 2012 Active Directory and the configuration of access controls achieve CIA for departmental LANs, departmental folders, and data.
Create security principals in the Active Director domain partition
7. Is it a good practice to include the account or user name in the password? Why or why not? Not a good idea because it creates easy keywords to hack or decode your account.
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION
3 | Lab 3: Enabling Windows Active Directory and User Access Controls
8. Can a user who is defined in Active Directory access a shared drive on a computer if the server with the shared drive is not part of the domain?
Non domain machines cannot access shared folders
9. When granting access to LAN systems for guests (i.e., auditors, consultants, third-party individuals, etc.), what security controls do you recommend be implemented to maximize CIA of production systems and data?
Establish a limited account for access to only what they need, make them sign user and non-disclosure agreements. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
Student Lab Manual
You May Also Find These Documents Helpful
-
You must demonstrate the various methods for using the runas utility to allow administrators to reduce the exposure of administrative accounts.…
- 322 Words
- 2 Pages
Satisfactory Essays -
• Manager – user/users group with access rights to change all database information, including database ACL, replication and local encryption settings;…
- 767 Words
- 4 Pages
Good Essays -
Part of managing a Windows Server 2003 network environment requires an administrator to be familiar with both of the different security models that can be implemented along with the roles that a server can hold. The two different security models used in Windows network environments are the workgroup model and the domain model. Please discuss in 500-600 words both options and explain why you would choose one over the other for your implementation.…
- 825 Words
- 4 Pages
Good Essays -
Itt 255 IT255 Instructor Lab Manual LABORATORY Instructor Lab Manual IT255 Fundamentals of Information Systems Security Copyright © 2012 Jones & Bartlett Learning, LLC www.jblearning.com All Rights Reserved. Current Version Date: 12/06/2010 -1- IT255 Instructor Lab Manual LABORATORY ISS Curriculum Overview............................................................................................................................. 5 Ethics and Code of Conduct.......................................................................................................................... 6 ISS Mock IT Infrastructure ...........................................................................................................................…
- 33056 Words
- 133 Pages
Satisfactory Essays -
Since to Marketing Staff have dedicated work stations, they will be added to whatever type of user permissions needed per staff.…
- 308 Words
- 2 Pages
Good Essays -
Which one of the following Windows NET commands will allow other computers to access the C:\Data directory under the share name UserData?…
- 12553 Words
- 51 Pages
Powerful Essays -
There are many tools and suites designed to aid the security practitioner and the organization in…
- 295 Words
- 2 Pages
Satisfactory Essays -
Q2. Which administrative user accounts can create a user account? The Schema Admin and the Ent Admin accounts can create user accounts.…
- 230 Words
- 2 Pages
Satisfactory Essays -
Orange Creek, Inc., a Fortune 500 company, has moved into Lexington and is requesting bids for…
- 2372 Words
- 13 Pages
Powerful Essays -
The domain local group scope can contain users or groups from any domain in the forest, but can only be used to secure resources in the same domain as the group. The global group scope…
- 2578 Words
- 13 Pages
Satisfactory Essays -
A user has access to the information that they need to compete a task and nothing…
- 294 Words
- 2 Pages
Powerful Essays -
1. You are the network administrator for a new company that has 10 users and that plans to add 5 more users within a year. The files need to be accessed by all 10 users, and each user must have different security rights.…
- 565 Words
- 3 Pages
Satisfactory Essays -
8. Access control: Focuses on business requirement for access control, user access management, user responsibilities, network access control, operating system access control, application and information access control, and mobile computing and teleworking…
- 8349 Words
- 34 Pages
Powerful Essays -
The only operating system edition that you can upgrade in place to Windows 7 Professional is Windows 7 Ultimate.…
- 416 Words
- 2 Pages
Good Essays -
Share permissions are typically found on a Share Permissions tab, and NTFS permissions are located on a Security tab. All Windows permission systems use the same interface, although the permissions themselves differ.…
- 2971 Words
- 12 Pages
Satisfactory Essays