Enabling windows energetic directory and user gain

Overview

With this lab, you followed the Microsoft method to securing the CIA triad. You developed new consumer accounts and security organizations, and applied the new user accounts for the security organizations, just as you would probably in a real life domain. You created nested folders on the remote hardware and assigned unique file permissions making use of the new customer accounts and security organizations. You altered the Glass windows Group Policy enabling every single new customer account to use remote computer’s desktop services to remotely gain access to the TargetWindows01 server.

Finally, you examined the security layers you put into the previous regions of the lab through the use of each new user account to access and modify the nested folders on the remote server.

Lab Assessment Queries & Answers

1 . What are the three critical elements of an efficient security program for information devices?

Recognition, Authentication, Consent

2 . Of the three primary controls, the pair are used by Domain Consumer Admin to create users and assign legal rights to assets?

Authentication and Gain access to Control

two

several. If you can search a file on a Windows network share, tend to be not able to backup it or modify this, what type of get controls and permissions are probably configured? List Folder Contents ” Reliability Policy primarily based control

4. What is the mechanism over a Windows hardware where you can administer granular procedures and permissions on a Glass windows network applying role-based access? Group Policy Editor

your five. What is two-factor authentication, and why is it an efficient access control technique? Two Factor uses two of the three authentication types; knowledge, control, characteristic.

6th. Relate just how Windows Storage space 2012 Effective Directory and the configuration of access handles achieve CIA for departmental LANs, departmental folders, and data. Produce security principals in the Energetic Director website partition

six. Is it a fantastic practice to feature the account or customer name in the password? Why or perhaps you should?

A bad idea as it creates convenient keywords to hack or decode your account.

3 | Lab a few: Enabling Windows Active Index and User Access Regulates 8. Can easily a user that is defined in Active Index access a shared travel on a computer system if the hardware with the distributed drive is not section of the domain?

Low domain equipment cannot get shared folders

9. When granting usage of LAN systems for guests (i. elizabeth., auditors, consultants, third-party people, etc . ), what reliability controls do you really recommend always be implemented to optimize CIA of production systems and data?

Establish a limited account for entry to only what they need, make them sign customer and non-disclosure agreements..

you

Tweet