Chapter 13: Users, Groups, and Permissions (A+ Study Notes)
A+
Study Notebook
You can find my complete study notes in Google Docs format below: https://docs.google.com/document/d/1zcKLWfsns1tqzmXtVRJbcd9NqfaEcjifgIo-oJIbEgc/edit?usp=sharing
References:
M. MEYERS, 2019. CompTIA A+ All-in-One Exam Guide. 10th ed.
CHAPTER 13: Users, Groups, and Permissions
- Security begins with user account:
- Username
- Password
- User account security: authentication, authorization.
- Authentication = gives user access to a system
- Authorization = determines what user can do to a system
- For the latest password recommendations, check out the National Institute of Technology and Standards (NIST) Special Publication 800-63B, Digital Identity Guidelines.
- Groups: ‘container’ of user accounts
- Configuring Users and Groups in Windows
- lusrmgr.msc (allows to create, modify, and delete users)
- Control
Panel > Accounts
- Authorization Through NTFS: Every file and folder on an NTFS partition has a list that contains two sets of data. First, the list details every user and group that has access to that file or folder. Second, the list specifies the level of access that each user or group has to that file or folder. The level of access is defined by a set of restrictions called NTFS permissions. NTFS permissions are rulesets, connected to every folder and file in your system, that define exactly what any account or group can or cannot do to the file or folder.
- Setting File /Folder permission: Properties>Security
- Inheritance: Any new file/folder placed into a folder automatically gets all the NTFS permissions of the parent folder
- Permission propagation: Inheritance doesn’t occur if file/folder is moved on the same volume
- Three classes of users:
User (u) - the person who created it, also the owner.
Group (g) - several users combined into a user group.
Other (o) - all other users of the system.
·
Three
types of permissions:
Read (r) - allowed to read the file.
Write (w) - allowed to change the contents of the file.
Execute (x) - allowed to use the file as a command.
·
Permissions
on directories:
r-- see the list of files in directory
(eg: ls command)
-w- create and
delete files in directory
--x access files in directory
- `ls -l`
E.g `-rw-r--r--`
- it's a file, not
a directory
r readable by owner
(cs98t2)
w writable, can be
edited, by owner
- not executable by
owner, cannot be used as a command
r readable by
anyone in group (Computing First Year)
- not writable by
anyone in group
- not executable by
anyone in group
r readable by
anyone who can log in
- not writable by
all
- not executable by
all
·
`chown` (allows
to change owner or the group)
E.g. chown newowner filename
·
`chmod` (allows
to change permissions) it uses addition system:
r: 4
w: 2
x: 1
E. g.: -rw-rw-r--
• Owner’s permissions are 6: 4+2 (rw-)
• Group’s permissions are 6: 4+2 (rw-)
• Everyone’s permissions are 4: 4 (r--)
`chmod permissions
filename`
chmod 664 filename
For e.g.: to not allow anyone to be able to change it, we change 4
to a 0
chmod 660 filename
To give full control:
4+2+1 =7 = chmod 777 filename
- Locating Shared Folders
- Computer Management console > System Tools > Shared Folders
- Encrypting File System (EFS)
- Right Click File/Folder > Properties > General > Advanced > “Encrypt contents to secure data”
- BitLocker Drive Encryption (full drive encryption for every user)
- Requires TPM (Trusted Platform Module) chip, which validates boot for any changes
- Event Viewer
- Local Security Policy - Sets up policy for the system
E.g. password must consist of 10 characters, or you can login only
between 9am - 5pm etc.
`secpol.msc`
- Local Policies > Audit Policy
- UAC (User Account Control)
Comments
Post a Comment