CHAPTER FOURTEEN: MANGING WINDOWS NETWORKING Flashcards

Question

Implicit Deny

Answer 1

If you’re not explicitly allowed, you’re automatically denied. No rule = no access.

Answer 2

Least Privilege – Only give someone the bare minimum access they need to do their job. No extras. It’s safer that way.

Answer 3

A User Account is your digital identity. It controls what you can access. A Local Account (only works on that one computer) A Microsoft Account (online account linked with email, can sync settings across devices) Security Groups are collections of user accounts. It’s easier to give permissions to a group than to each person one-by-one. - Administrators – Have full power. Only trusted users should be in this group. - Users – Standard access. Can use apps and printers but not change important settings. - Guests & Power Users – Mostly outdated. Shouldn’t be used much anymore.

Answer 4

User Account Control (UAC) is a feature that stops apps from making big changes without permission. - If you try to install something or change system settings, you get a pop-up asking if you’re sure. - Even if you’re an admin, you still have to click "Yes" to approve it. - You can adjust how often this pops up, but turning it down makes your system less safe. UAC supports least privilege by making sure that even admins don’t accidentally mess things up or let malware take control.

Answer 5

When you log in, you use authentication factors to prove who you are. These come in three types: Something You Know – Like a password or PIN. Something You Have – Like a phone, smart card, or USB key. Something You Are – Like your fingerprint or face.

Answer 6

Think of authentication like proving who you are to a computer. Normally, you do this by entering a password. But a password alone isn’t very safe. Someone could guess it, steal it, or trick you into giving it up. So, Multifactor Authentication (MFA) makes you prove your identity in two or more different ways, called factors.

Answer 7

This is a type of MFA, often used by apps and websites. It works like this: You enter your password (that's the first step). Then the system sends you a code (called a soft token) to something you own, like your phone or email. You enter that code to finish logging in.

Answer 8

An authenticator app (like Microsoft Authenticator or Google Authenticator) makes things more secure and sometimes even lets you log in without a password. How it works: You install the app on your phone. You connect (or register) it to the account you want to protect by scanning a QR code. When you try to log in, the app shows a code or asks you to approve the login. You use your phone's fingerprint, PIN, or face to approve it.

Answer 9

A hard token is a physical device, like a USB stick or smart card, that you plug in when logging in. It stores secure information, like a digital key. When you log in, you plug in the token and enter a PIN or use your fingerprint. The system checks the token to make sure it's really you.

Answer 10

There are 3 main ways to log in on a Windows system: Local Sign-In: Your computer checks your password against what’s stored on that computer only (inside something called SAM, part of the Windows registry). Network Sign-In: Your computer checks your login with the help of the Kerberos system, which is a secure way for systems on the same network to trust each other. Remote Sign-In: If you're not on the local network (like you're at home), your company might use a VPN or web portal to let you sign in remotely.

Answer 11

Windows Hello lets you log in without typing your password. You can use: PIN – Like a password, but it's tied to just that one computer and is stored in a secure part of the computer’s chip called the TPM. Fingerprint – Your unique finger scan. Facial Recognition – Uses a special infrared camera to make sure it's your actual face and not a photo. Security Key – A special USB or smart card that acts like a key to unlock your account.

Answer 12

Single Sign-On means you log in once, and then you’re automatically signed into other related services. For example: You log into Windows. You’re now also signed into Outlook, OneDrive, and Teams — no need to log in again. Windows Hello for Business tries to make SSO safer by removing passwords. It uses: A secure key (like a digital fingerprint of your device) stored in your computer’s TPM. When you log in with your face or PIN, your computer proves who you are by sending an encrypted secret to the server. The server checks it and lets you in.

Answer 13

In big companies or schools, computers are part of a domain (a network with shared rules and accounts). This makes managing users easier. Local accounts only work on one computer. Domain accounts work across all computers in the domain.

Answer 14

A Domain Controller is a special server that stores all the login info and settings for a domain. It uses something called Active Directory (AD) — a giant list of users, computers, and permissions. The DC: Checks logins. Tells computers whether to trust someone. Is managed by Domain Admins (high-level IT staff).

Answer 15

A member server is a regular server that's part of the domain but doesn’t store the Active Directory info itself. It just helps provide services like: Email (Exchange) Databases (SQL Server) Shared files and printers

Answer 16

A security group is a way to group users together to manage their permissions. Instead of giving one person access to something, you give access to the group. Everyone in that group gets the same rights. Example: The Domain Admins group can log in to any computer. The Domain Users group can only use their regular workstations.

Answer 17

What it is: Think of an Organizational Unit (OU) as a folder inside your company’s digital filing cabinet (called a domain). Why it matters: You can divide employees into groups (like departments: Sales, HR, IT) to give different permissions or controls. Example: You could let the Sales Manager manage user accounts in their own folder (OU), like adding/removing people or assigning them to a “Sales” team, but they wouldn’t be allowed to change big security settings like password rules.

Answer 18

What it is: A Group Policy is like a master rulebook that says how computers and user accounts should behave. What it controls: It can change security settings, install software, or control what users can and can’t do. How it works: You create a Group Policy Object (GPO) and then link it to a domain or an OU. One OU can have more than one GPO. Inheritance: If two sets of rules apply to the same user or computer, the system decides which rules "win" using something called Resultant Set of Policies (RSoP) — basically, it figures out the final set of rules.

Answer 19

You can wait for policies to update automatically (about every 90 minutes), or use commands to apply them right away: gpupdate — Applies the new rules immediately. Use /force to reapply everything. gpresult — Shows what rules (Group Policies) are affecting a specific computer or user account. You can even check a different device by using switches like /s for system, /u for user, and /p for password.

Answer 20

What they are: Small scripts (mini programs) that run when a user signs in. What they do: They can set up things automatically like: Map folders from a server (network drives) Connect to a printer Set environment variables Security: You can make it so users can’t log in unless their devices are up-to-date, using login scripts.

Answer 21

What it is: Software that manages and secures phones and tablets (and sometimes laptops). What it does: Keeps track of devices used in the company Makes sure each device follows rules before connecting Can control apps, camera, or access to company data Why it matters: It protects the company from data leaks or unsafe devices — even with personal (BYOD) phones.

Answer 22

Workgroup: A simple setup where each computer manages its own settings. They talk to each other like equals (peer-to-peer). Domain: A more professional setup. One or more servers control the computers (clients) in the network. Everything is managed from a central place.

Answer 23

Public Folder: A special folder everyone on the computer can use. You can make this available on the network. Custom Folder: Right-click a folder → Give access to → Choose who can see it and what they can do (read or read/write). Share tab: Lets you fine-tune the name, how many people can connect at once (max 20 in Windows Home/Pro), and the permissions. Administrative Shares: Hidden shares like C$ (your C drive) and ADMIN$ (system folder) are only for admins.

Answer 24

Browsing the Network: Open File Explorer > Network — you’ll see other computers and devices like printers or routers. Each one shows up by its hostname. Mapped Drive: This is a shared folder that you make look like a regular drive (like the D: or E: drive). - Right-click a share > Map Network Drive - Pick a letter, check Reconnect at sign-in to make it stick. - Shows up in This PC like a normal drive. - To remove it: Right-click > Disconnect.

Answer 25

Connecting to Shared Folders and Drives on a Network. Think of your home or office network like a neighborhood, and each computer is a house. net and net use are tools you use in the Command Prompt to talk to other computers or access shared stuff (like folders or drives).

Answer 26

Permissions are rules that say who can read, edit, or delete files and folders. There are two types of permission systems: 1. Share Permissions: Only apply when someone accesses the folder over the network. Do nothing if you're using the computer locally. 2. NTFS Permissions: Work both locally and over the network. Can apply to folders and individual files. Can be set for users or security groups (groups of users, like “HR” or “Accounting”). These permissions are set in the Security tab of a file/folder’s properties. There’s a list called an ACL (Access Control List). Each item in that list is an ACE (Access Control Entry). It tells you what a user/group can or can’t do.

Answer 27

NTFS permissions are inherited — meaning subfolders and files get the same permissions as the parent folder. You can turn off inheritance if you want to customize access. If you combine Share and NTFS permissions, the most restrictive wins. Example: If "Everyone" has Read on Share Permissions And "Users" have Modify on NTFS, Then a user will still only get Read access when connecting over the network. Because this can get confusing, most admins give Full Control in share permissions and control access only through NTFS permissions.

Answer 28

A domain is like a company network with one central boss (called a domain controller). When your computer is joined to a domain, it becomes part of the team and follows the boss’s rules. To join a domain: Your computer needs an account in the domain. It must be connected to the domain network. You need to log in with a domain admin’s username/password. To log in as a domain user: Use Domain\Username on the login screen. Or click Other user if your computer is showing a local account.

Answer 29

In a domain, it's smarter to store your files on a file server, not just your local PC. A home folder is like a personal locker on the network. It’s mapped to a drive letter, like H:, and is private. It’s set up using this format: \\SERVER\HOME$\%USERNAME%

Answer 30

If you use multiple computers, your files won’t follow you... unless you use one of these: 1. Roaming Profiles: Stores your entire user profile on a server. When you log in, it downloads everything. When you log out, it uploads changes. Downside: can be slow if you have lots of data. 2. Folder Redirection: Just redirects important folders (like Documents or Pictures) to a server. Faster, and only works when you’re connected to the network. Set up using Group Policy (GPO).

CHAPTER FOURTEEN: MANGING WINDOWS NETWORKING Flashcards

(54 cards)