What does UAC stand for?
User Account Control
How do you disable UAC for a specific user account?
What is the differance between a Workgroup and a Domain.
Workgroups are decentralized, Domains are centralized.
What is the Computer Management Console?
One of the primary tools used to manage windows 7 that includes the most commonly used MMC snap-ins.
What are the built in accounts in windows that services start under?
Local System, NT authority/LocalService, NT authority/Network service
What level of access does the Local System account have (related to services)?
Highly privledged account that can access most resources on local computer.
What level of access does NT Authority/Local Service have?
The same as a user account, when accessing network services it has no credentials and a null session
What level of access does NT authority/NetworkService have?
The same level of access as the Users Group on the local computer, and it accesses network resources under the context of a Local Computer Account
What does the Server Service do?
Supports file, print, and named-pipe sharing over the network.
What does the Workstation service do?
Creates and maintains client network connections to remote servers using the SMB protocol (allows you to share folders via samba)
What is Authentication?
The process of indentifying an individual (E.G. via a password)
What is Authorization?
The process of giving individuals access to system objets based on their indentity
What is Auditing
The process of keeping track of a users activity while accessing the network resources.
What does a user account allow the system to do?
It allows the system to determine what a user can access and how they can access it (Authorization) and to audit a user by recording what was done on each individual user account.
What are the three ways to authenticate a user?
Based off What they know (password) What they own/possess (ID card) What they are (biometrics.
What are the two types of user accounts.
Local and Domain.
What is an object?
An object is a distinct named set of attributes or characteristics that represent a network resource.
What is the security table created on the local user account called?
Security Accounts Manager
What is a GUID?
It is called a globally unique identifier sometimes referred to as security identifier. It is to uniquely identify an object.
Where can you create and edit a user account?
User accounts in the control panel AND The Local Users and Groups MMC snap-in
What are windows computer accounts for?
It provides a mean for authenticating and auditing the computers access to a windows network and its access to domain resources.
What is a user profile?
A collection of folders and data that store the users current desktop environment and application settings.
What is a group?
A group is a collection or list of user accounts or computer accounts.
what are the Roles of a Domain admin?
Can perform administrative tasks on any computer within the domain. By default, the Admin account is a member.
What is a user profile?
A collection of folders and data that store the users current desktop environment and application settings, and records all network connections.
What can Account operators do?
They can create, delete, and modify user accounts and groups.
What can Backup operators do?
They can backup and restore all files using Windows Backup
What does Credential Manger do?
It allows you to store credentials I.E. Usernames and passwords that you use to logon to websites or other computers on a network. This allows windows to automatically log you into websites/computers. Credentials are saved in special folders called vaults.
What does the Authenticated users group include?
It includes all users with a valid user account on the computer or in Active Directory.
What is the built in group Everyone
All users who access the computer even if the user does not have a valid account.
What does a Directory Service do?
It stores, organizes, and provides access to information in a directory. It's used for locating, managing, administering, and organizing common items and network resources such as volumes, folders, files, printers, users, groups, devices, telephone numbers, and other objects. AD is an example of a Directory Service.
What is the definition of Group Policy?
It is one of the most powerful features of Active Directory that controls the working environment for user accounts and computer accounts. It provides the centralized management and configuration of operating systems and applications.
Active Directory provides what network services?
LDAP Kerberos-based and SSO authentication DNS-based naming and other network information Central location for network administration and delegation of authority.
What is LDAP?
Lightweight Directory Access Protocol
Single sign-on authentication
What does the GPO system settings control?
Application settings, desktop appearance, and behavior of system services.
What does the GPO security settings control?
Local computer, domain, and network security settings
What does The GPO software installation settings control?
Management of software installation, updates and removal.
What is LDAP?
It's an application profile used for querying and modifying data using directory services over TCP/IP. It users TCP port 389
What does the GPO scripts settings control?
Scripts for when a computer starts or shuts down and when a user logs on and off.
What is SSO?
It allows you to login once, but access multiple related but independant software systems without having to login again. With AD, you are assigneda token which can be used to login to other systems automatically.
What does the GPO folder redirection settings control?
Storage for users folders on the network.
What does GPO stand for?
Group policy Objects are collections of user and computer settings.
What is Kerberos?
It's a computer network authentication protocol which allows hosts to prove their indentity over a non-secure network in a secure manner. It can also provide mutual authentication so that both the user and server verify each other's indentity.
What does Active Directory do?
It allows you to organize all your network resources E.G. users, groups, printers, computers, and other objects so you can assign passwords, permissions, rights, and so on to the intendity that needs it. You can also assign who can manage a group of objects.
What is a domain?
A logical unit of computers and network resources that defines a security boundry, that uses a single AD database to share its common security and user account information.
What is the Account lockout duration?
It ranges from 1 to 99,999
What is a tree?
Domains linked in a transistive trust Heirarchy
what is the Account lockout threshold?
How many failed log-ons it will take until the account becomes locked. Ranges from 1 to 999
What is a forest?
A collection of Domain Trees
What is a Domain Controller?
A promoted windows server that stores a replica of the account and security information of a domain and defines the domain boundries.
What is the Reset account lock out counter after?
How long does it take after a failed logon attempt before the counter tracking failed logons is reset to zero. Range is 1 to 99,999
What MMC snap-ins are added to a domain controller?
AD Users and Computers AD Domains and Trusts AD Sites and Services AD Administrative center GPMC
User Principal Name
Active directory Domain Services
What is the definition of Minimum password length?
Determines the minimum number of characters that a users password must contain you can set a value between 1 to 14.
Group Policy Management Console
What is a server that is not running as a domain controller?
A member Server
What happens when a user logs on?
AD clients locate an AD server (Using DNS SRV resource records) known as a domain controller in the same site as the computer.