Overview

Introduction

Welcome to the Microsoft Windows OS Security Settings Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Shared Folders and NTFS Permissions
  • Exercise 2 - Effective Permissions
  • Exercise 3 - Using Run As Feature
  • Exercise 4 - User Account Control

After completing this lab, you will be able to:

  • Create a Sample Folder
  • View Default Share Permissions on the New Folder
  • Configure Share Permissions
  • Configure Advanced Share Permissions
  • Assign Remote Access Permissions
  • Determine Effective Permissions
  • Exploring a Shared folder and its Permissions
  • Disable Auto Login
  • Assign Remote Access Permissions
  • Invoke Run As a feature
  • Invoke Run As using the shortcut menu
  • Create a Program Shortcut to use with Run as Feature
  • Examine the Workings of UAC
  • Change UAC Setting via Local Security Policy
  • Test User Account Control Prompt

Exam Objectives

The following exam objectives is covered in this lab:

  • 220-1002: 2.4 Compare and contrast the differences of basic Microsoft Windows OS security settings

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1 - Shared Folders and NTFS Permissions

A file server is a computer designated for the purpose of providing a location to store, retrieve and process data files. These files can include text documents, pictures, sound, videos, or other multi-media. File servers are set up for shared disk configuration where the storage media is pooled for optimized access to network users.

File servers do not perform any computational tasks, like messaging servers that manage emails or database servers that process database queries. File server administrators ensure security to proprietary data by setting permissions to folders and files to ensure that only authorized users can access them.

In this exercise, you will manage the file server’s security using Shared permissions that are assigned to a folder and then verify the permissions.

Learning Outcomes

After completing this exercise, you will be able to:

  • Create a Sample Folder
  • View Default Share Permissions on the New Folder
  • Configure Share Permissions
  • Configure Advanced Share Permissions
  • Assign Remote Access Permissions
  • Determine Effective Permissions
  • Exploring a Shared folder and its Permissions

Exercise 2 - Effective Permissions

In corporate environments, a user will be accessing files and folders found in network servers. Network administrators apply security on the server’s file system to prevent unauthorized access to proprietary data. What the user can do with the folders and files is determined by the set of rules or permissions assigned to them.

Learning Outcomes

After completing this exercise, you will be able to:

  • Exploring a Shared folder and its Permissions

Exercise 3 - Using Run As Feature

The Windows operating system has different types of users. When a user is created, it can be created as a standard user or an administrator of the local system. The standard user does not have any system configuration capabilities, such as accessing the disks on the local system or installing a program. The administrator has complete control of the local system. The administrator can make various configuration changes, such as access the disks.

Individual users can be added to different groups. Some of the key groups are:

  • Administrators: Users in this group have complete control of the system.
  • Power Users: In the recent versions of Windows, Power Users are more like the Users. They are included for backward combability purposes.
  • Users: By default, all users created on the system are added to this group. They do not have the capability to make any system configuration changes but can run applications. These are also known as standard users.
  • Guests: Users in this group have the same capability, but the Guest account has restricted capability than a normal user.
  • Remote Desktop Users: Users in this group can access the system from a remote system. By default, the administrator has remote access to the system.

Like other operating systems, Windows will require an administrator account to perform system setting modifications on a computer such as installing a new program, managing disk volumes, creating users or groups and other tasks that will have an impact on the performance of your computer.

To avoid unintended changes on the system and ensure security while working on corporate assets, it is recommended that you use a regular user account that is paired with an administrator account. By having this approach, the user will invoke the privileged account only when performing system-related tasks and revert as an ordinary user after the task has been completed.

In this exercise, you will use the Windows Run As feature by signing on as a common user and invoke administrative rights by using an Administrator account.

Learning Outcomes

After completing this exercise, you will be able to:

  • Assign Remote Access Permissions
  • Disable Auto Login
  • Invoke Run As a feature
  • Invoke Run As using the shortcut menu
  • Create a Program Shortcut to use with Run as Feature

Exercise 4 - User Account Control

User Account Control (UAC) is a security feature in Windows that appears as a screen prompt that will ask the user for confirmation or at times an administrator account and password before launching an application set aside for privileged access. The UAC prompt will likewise manifest itself if you are about to replace system-protected files on the computer.

UAC was introduced in Windows Vista and has been carried over to succeeding versions of Windows with minor changes. UAC setting can be changed on a per-computer basis via Control Panel or changed globally via Group Policy Objects or GPO.

In this exercise, you will explore the basic features of UAC and find out how this security feature works.

Learning Outcomes

After completing this exercise, you will be able to:

  • Examine the Workings of UAC
  • Change UAC Setting via Local Security Policy
  • Test User Account Control Prompt

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.