'Examinable' Stuff Flashcards
(225 cards)
1
Q
What is Authentication?
A
Verifying the identity of someone or something
2
Q
What is Authorization?
A
Determining whether someone or something has permission to access a resource
3
Q
What does Access refer to in the Authorization process?
A
Determining what actions
something or someone can perform on
the resource based on permission levels
4
Q
List 3 Windows Authentication methods.
A
- Kerberos version 5 protocol
- NT LAN Manager
- Certificate mapping
5
Q
KDC
A
Key Distribution Center - Kerberos uses this trusted intermediary to manage the use of encrypted keys passed between the clients and server for authentication
6
Q
List some new authentication features in Windows 7?
A
- Smartcards
- Windows Biometric Framework (for Biometrics)
- Managing file access in Win 7 through NTFS permissions
- online identity integration
7
Q
What are NTFS permissions?
A
Define the type of access granted to a user, group or computer for a file or folder
8
Q
What are the 2 levels of permission?
A
- Shared folders permissions
2. NTFS file system permissions
9
Q
What are Shared Folder permissions?
A
Allow security principals such as users to access shared resources from across the network. Shared folder permissions are only in effect when users access some resource from across the network.
10
Q
What are NTFS file system permissions?
A
Always in effect, whether connected across the network or logged on to the local machine where the resource is located. You grant NTFS permissions to a user of group for a file or folder.
11
Q
What are explicit permissions?
A
User creates a file or folder and assign permissions
12
Q
Inherited permissions
A
File or folder permissions for a child object default from its parent
13
Q
Effective permissions
A
A file or folder’s final, combined permission set that is determined by Windows 7 when a file or folder contains both user and group permissions.
14
Q
What happens when determining effective permissions?
A
- User and group permissions are combined
2. Deny overrides allos
15
Q
What are shared folders?
A
Shared folders are folders that allow network access to their content.
You can share folders but you cannot share individual files.
The default shared folder’s permission is full control for the user that shared the folder
16
Q
What methods can be used to share folders?
A
- MMC console using share’s snap-in
- In Windows Explorer
- Command line using ‘net share’ command
- Through computer management
17
Q
Network and Sharing Center
A
Provides services to view, configure and troubleshoot your network access and sharing capabilities
18
Q
What else does NSC do?
A
Provides centralized control of network features:
- network map
- network location - private, public, domain
- network discovery
Controls sharing capabilities related to various network resources:
- file sharing
- public folder sharing
- printer sharing
- media sharing
19
Q
Network discovery
A
After you enable Network Discovery, components on the computer allow it to map the network and respond to map requests
20
Q
NTFS File Compression
A
The method used by the NTFS file system to compress files and folders and volumes
We use compression to save disk space
21
Q
How do you determine version of Windows (32 or 64bit)
A
Start -> Right-click Computer -> Properties OR
use msinfo command
22
Q
What is an upgrade path?
A
Set of options for upgrading from one Windows OS to another
23
Q
Upgrade installation
A
Retains files, settings, and programs
24
Q
Custom installation
A
Otherwise known as clean installation. Overwrites files, settings, and programs
25
Windows Upgrade Advisor
Scans PC for potential hardware devices and programs which may cause problems
Helps determine if:
- your computer can run Windows 7
- which editions and features will work
- whether your computer has any compatibility issues
26
Windows 7 Compatibility Center
Provides Win7 programs,updates, drivers, and more that are compatible with Window 7
- Can be used to search software issues whilst upgrading
27
List common installation methods
1. High Touch Installation (HTI)
2. Lite Touch Installation (LTI)
3. Zero Touch Installation (ZTI)
28
High Touch Installation
Requires manual configuration of each system
May include retail media or standard ISO file
Uses installation DVD or USB and manual installation of OS on every computer
29
LTI
Requires human intervention in early phases, but is automated or unattended from that point on
Works well in environments of 150+ computers
You need WAIK, Windows Deployment services, and microsoft deployment toolkit
30
ZTI
Fully automated, "touchless" installation of Windows
Requires System Center Configuration Manager (SCCM) - deploys and updates servers, client computers, and all kinds of devices on a network
- Geared for environments of more than 500+ computers
- Steep learning curve
- Considerable budget compared to HTI
31
Windows Intune
Allows you to manage installations and upgrades from the cloud
32
Windows Easy Transfer
Helps you move files and settings from one computer running Windows to another. Cannot transfer programs
Generates .MIG file
33
What is a User Account?
A collection of information that defines:
- actions that can be taken on a computer
- files and folders that can be accessed (rights, policies, permissions)
Keeps track of user preferences such as the desktop background, window color, and screensaver
34
User Account Control
A feature in Windows Vista and Windows 7 that requires administrative-level permission to make changes to your computer that affects security or affects settings for other user accounts - 4 levels
35
Control Panel
```
A utility that allows you to
> configure OS features
> set up hardware
> install/uninstall software
> create and modify users
> perform system maintenance
```
36
Administrative Tools
A set of utilities for managing advanced Windows features and diagnosing system problems
37
Windows Desktop Settings
A broad term that refers to many different configurable settings for personalizing Windows such as the Windows theme, desktop background, mouse clicks, pointer speeds, gadgets, shortcuts, and more
38
Aero Interface
Aero Shake
Aero Snap
Aero Peek
Show Desktop button (far right end of Desktop)
39
Shortcuts
Icons or links that give you quick access to an original source
40
Gadget
A small, single-purpose application that can be installed on the Windows 7 desktop
41
User Profile
Contains all of a user's personal preferences - from theme choice to screensavers to shortcuts
User profile != User account
42
Local profile
Available only on computer on which it was created
43
Roaming profile
Enables a user to use any computer to connect to a Windows domain and access his/her profile
44
Briefly describe virtualization
A technology that creates an abstract version of a complete OS environment (incl. a processor, memory, storage, network links, a display, and so forth) entirely in software
Software produces a virtual computer or a virtual machine (VM)
Has a guest OS
45
Microsoft Virtualization
```
Windows Virtual PC
Windows XP mode
Microsoft Enterprise Desktop Virtualization (Med-V)
Virtual Desktop Infrastructure
Application virtualization (App-V)
```
46
Ease of Access Center
1. Magnifier
2. Narrator
3. On-screen keyboard
4. High contrast
47
App-V
Permits users to launch and run applications on their desktops without installing or rebooting machine
48
VDI
Runs a desktop OS within a vm run on a server
49
MED-V
A way to deliver legacy applications to end users on centrally configured and managed VMs
50
Windows XP mode
An extension to Windows Virtual PC
When installed on Windows 7, enables users to run applications inside the VM that won't work on Windows 7
51
What is an application?
A program that runs on top of the OS or from a server
Helps a user perform a specific task such as word processing, appointment scheduling or accounting
52
Local installation of an application
software files running directly from a computer
53
Network installation of an application
software files are made available from an application server on a network
54
msconfig
System configuration utility
- Enable or disable startup services
- set boot options such as boot into Safe Mode
- Access tools like Action Center and Event Viewer
55
Windows 7 Library
A virtual folder that can display content from different locations (folders, for example) on your computer or external hard drive
56
Encryption
Encrypted data is 'scrambled' but still readable and usable by the user who encrypted the file
the user and other authorized users can still open and change the file as necessary
Encryption uses:
- encryption keys
- certs
57
How to encrypt files and folders in Windows 7
Advanced Attributes dialog box
58
What is compression?
The process of decreasing the size of files/folders without affecting their content
Compressing files replaces repeated data with pointers to the data
59
BitLocker Drive Encryption
Encrypts an entire fixed disk to prevent access by unauthorized users
Windows Ultimate, Enterprise
60
BitLocker To Go
Encrypts removable drives such as USBs
61
Basic disk
- Contains only simple volumes
- Uses partitions and logical drives
- Partition styles: MBR, GUID
62
Dynamic disk
Divided into volumes instead of partitions
| Contains simple,spanned, striped, mirrored
63
Disk Management
Part of Computer MMC snap-in
- Add a new disk
- Modify the configuration of an installed disk
- Convert a disk
64
Simple volume
Uses free space available on a single disk
65
Spanned volume
Extends a simple volume across multiple disks to a maximum of 32
66
Mirrored volume
Duplicates data from one disk to a second disk for redundancy and fault tolerance
67
Striped volume
Stores data across two or more physical disks; Raid-0 or RAID-5
68
Other types of storage
eSATA
USB and USB 2.0
Firewire
iSCSI
69
Device manager
Displays a list of all devices currently installed on the computer and their status
Must be admin to use Device Manager
70
Cloud storage for Windows users
Windows Live Mesh
Windows Live Skydrive
OneNote to Skydrive
71
When to use HomeGroups or Public Folders?
Small office/home office, all using Windows 7
72
When to use Workgroup?
Peer-to-peer network that includes a mix of computers running Windows 7 and Windows Vista or Windows XP, and you want to share files between the computers
73
When to use domains and AD?
Large business environments
74
What are the caveats of Homegroup?
1. Can only join and not create Homegroups in Windows Start and Basic editions
2. Can only join one homegroup at a time
3. Can't limit access to shared items to individual users
4. Non-Windows 7 users require additional setup steps to access shared items in a homegroup
5. Must already have a network set up (either wired or wireless)
6. To create or join a homegroup, computer's network location must be set to 'Home Network' in the network and sharing center
75
Permissions
Rules applied to users and groups to limit actions they can take on shared resources
76
Share permissions
Applies to users who connect to a shared folder over a network
77
NTFS
Apply to users who log on locally or from across a network
78
What are effective permissions?
Granted to a user or group based on the permissions granted through group membership and any permissions inherited from the parent object
79
Name some Windows built-in utilities
Disk Defragmenter, Disk cleanup, task scheduler, and the maintenance section of the Action Center
80
Disk defrag
A utility that helps improve the computer's performance by moving sectors of data on the hard disk, so that files are stored sequentially.
Minimizes the movement of a hard disk's arm must make to read all of the sectors that make up a program
Set up to automatically run once a week
Can take between several minutes an hour depending on the size and level of fragmentation on the disk
81
How to run disk defrag from the command line
'defrag/?'
82
Solid State Drives and disk defrag
SSDs differ from hard disks. They use SS memory to store data, as opposed to writing data to sectors of a hard disk. Therefore, they do not require disk defrag.
83
Disk Cleanup
Helps user remove unnecessary files from their computers
- downloaded program files
- temporary internet files
- offline webpages
- files left after running software
84
Task scheduler
Enables a user to schedule and automate a variety of actions such as starting programs, displaying messages, and even sending e-mails
Tasks are scheduled by specifying a trigger, which is an event that causes a task to run, and action, which is the action taken when a task is run
85
Action Center
Action Center provides a single interface in which you can view the status of security and maintenance features and it alerts you to problems you need to correct and usually provides a way to fix it
86
System information
Displays a wealth of information about the computer's hardware, drivers and system software
Check system info for possible clues about the source of system-related issues
87
Windows Registry
A database of configuration settings for your computer
Self-sufficient, and rarely requires maintenance
Can you a registry cleaner to remove settings no longer used
Made up of keys, subkeys and values
Subkeys have values that make up the preferences, configuration settings and so on of the OS
88
Types of Windows Updates
1. Important updates: security and critical updates, hotfixes, service packs, and reliability improvement
2. Recommended updates: These include software updates, and new or improved features to help keep software running optimally
3. Optional updates: Optional device drivers for components on your computer, or new or trial Microsoft software
89
Action Center tracks 7 security features. What are they?
1. Network firewall
2. Windows update
3. Virus protection
4. Spyware and unwanted software protection
5. Internet security settings
6. UAC
7. Network Access Protection -
90
Windows Defender
A free software program that provides antispyware detection for a Windows computer
91
Spyware
A type of program that installs itself on your computer without your permission, monitors your computing activities and reports the activities back to the spyware writer or third party.
92
MSE
Microsoft's Security Essentials is a program that helps protect your computer from viruses and other malware
93
What is a back-up?
A properly secured copy of files and folders - and sometimes settings - usually saved in a compressed file format
94
Why do we create back-ups?
So you can restore files and settings in the event of data loss from a hard disk failure, accidental erasure or disk formatting, or natural events
95
Windows Backup
Designed to back up application data and settings. Does not back up:
- program files unless part of system image
- Files stored in a FAT formatted volume
- Files in the Recycle Bin
- Temp files stored in drives < 1Gb
- Files stored on Mapped network drives, on the Internet, on the drive you are saving the backup to; only local files are in included in the back-up
- Can store backups to CD/DVDs, an external drive, another internal drive, or on a network drive (Only Windows 7 Ultimate, Enterprise and Professional editions allow storing backups to network drive)
96
System Image
An image of an entire hard drive that includes all files necessary to restore OS
By default, includes the Windows folder, all system settings, programs and files
97
How to store a System Image
CD/DVD
USB
Hard drive
Network location
98
Two methods for creating system image
1. Create system image as part of the automatic Windows Backup process
2. Creating a system image manually, which involves running the backup and selecting the drives you want to include in the image
99
Advanced Recovery options
1. Use a system image you created earlier to recover your computer
2. Reinstall Windows (requires installation disc)
100
Microsoft Assessment and Planning toolkit
Provides:
- Hardware inventory
- Compatibility analysis
- Readiness reporting
101
What is a Server Role?
Describe a server's primary function
```
Examples:
AD DS
DNS server
DHCP server
Application server
Fax server
File services
Hyper-V
Print and document services
Remote Desktop services
Web server (IIS)
AD Lightweight Directory services
```
102
What is a server role?
A role is a collection of software that collectively enables the server to provide some service to the network. Generally, a role is what you bought the server for. Ex. 'Domain Controller' or 'Application server'
103
What is a Server Feature?
A feature typically does not describe the server's primary function. Rather, it describes a server's auxilliary or supporting function.
104
Tools for managing roles and features
1. Initial Configuration Task wizard
2. Server Manager
3. Deployment Image Servicing and Management tool (DISM)
105
What is a File Server?
1. Provides storage for user's files
2. Shares the folders that contain user's files
3. Ensures appropriate levels of access to user's files through security settings
4. Provides backup and restore mechanisms
106
What is a Domain Controller?
1. Holds a copy of AD DS
2. Responds to requests for AD information
3. Authenticates users to the network
4. is located by querying DNS
107
What is an Application Server?
An application server is a computer that is dedicated to running network-aware application software (traditional applications, web-based applications)
108
What is a Web Server?
A server computer attached to the Internet or the corporate intranet providing content:
1. static content
2. web-based applications
3. streaming content
109
What is a directory service?
A directory service allows businesses to define, manage, access and secure network resources, including files, printers, people and applications.
110
What is AD?
AD provides a central, single point of management for network resources
Active Directory provides a single sign-on to allow access to all resources (when permitted) from a single log-on
It is a directory service created by Microsoft for Windows domain networks
111
AD DS
A fully-fledged directory service also referred to as directory services
112
AD LDS
Active Directory Lightweight Domain Services
113
AD LDS
A lightweight, flexible platform without the weight
Provides flexible support for directory-enabled applications, without the dependencies that are required for AD DS
Provides much of the same functionality as AD DS but does not require the deployment of domains or domain controllers
Suited to developers who want to use APIs but don't want the complexity of the full AD DS
114
What is an AD structure?
A hierarchical arrangement of information about objects
115
What are objects in AD terms?
1. resources (eg. printers)
| 2. security principals (users or computer accounts and groups) - assigned unique security identifiers (SIDs)
116
Domain controller
A windows server computer that has been configured with AD DS
A server that stores the AD database and authenticates users with the network durin logon
117
Functions of DCs
1. Provides authentication
2. Hosts operations master roles
3. Hosts the global catalog
4. Supports group policies and SYSVOL
5. Provides for replication
118
dcpromo
used to install AD DS
used to make a member server into a domain controller
119
Directory Database
Each DC participates in storing, modifying and maintaining the AD database information that is stored on each controller
ntds.dit
Multimaster database - admin can update it from any DC
120
DS Fault Tolerance
Microsoft directory services builds in fault tolerance through its multimaster domain controller design
- all share the same database (ntds.dit)
121
Read-only domain controller
Cannot be modified; replicates other dcs.
Can be used in less secure environments, but changes cannot be made directly to it.
Designed primarily to be deployed in a branch office
122
What is RODC?
RODCs host read-only partitions of the AD DS database, only accept replicated changes to the AD DS, and never initiate replication
123
RODCs provide
1. Additional security for branch office with limited physical security
2. Additional security if applications must run on a domain controller
124
RODCs..
Cannot hold operations master roles or be configured as replication brighthead servers
Can be deployed on servers running Windows 2008 R2 Server Core for additional security
125
Default domain policy
a preconfigured GPO that is added when a domain is created and linked at the domain level
Settings apply to all users and computer objects with the domain
126
Default domain controller policy
A preconfigured GPO that is added when a domain is created, and linked at the Domain Controller's OU level
Domain Controllers OU is created when a domain is created, and all domain controllers are automatically placed in this OU
127
Replication
The process of keeping each DC in sync with changes
128
Outbound replication
When a DC transmits replication information to other DCs
129
Inbound replication
When a DC receives updates to the the AD database
130
AD DS
A big database of objects (users, computers, groups) and is used to centrally organize, and manage all the objects within an organization
131
What is an object in AD?
Used to represent a real-world item. Common objects are user objects and computer objects which represent people and their computers
Objects can be managed and administered using AD DS
Every objects has a set of attributes
132
Schema
The definition of all the object types that AD can contain. Includes a list of properties that can be used to describe the objects
133
Two components of the schema
1. Classes
2. Attributes - some required (username), some optional (user's full name)
Schema is a set of blueprints for each of the objects
134
Class objects include
OUs
Users
Computers
135
Attributes include
Description
User name
Computer location
136
Site
A group of well-connected computers/subnets (SMEs)
137
Tree
A group of domains with a common namespace - the two part root domain name is common to other domains in the tree
138
Forest
A group of one or more domains that share a common AD
Forest container defines the fundamental security boundary within AD
139
Global catalog
Listing of all the objects in an entire forest
easily searchable
hosted on DCs that are designated as GC servers
140
Organizational units
Used to organize objects within AD
Container for the objects - easier to manage
141
OU structure
reflects the logical structure of the organization by modelling the organizational chart
142
Benefits of OU
1. Delegate permissions to an OU
| 2. Link GP to an OU
143
Organization unit
A container object within a domain that you can use to consolidate users, groups, computers and other objects
144
Reasons to create OUs
1. Delegate administrative control
| 2. Configure objects within the organizational unit
145
Group Policy
Allows you to configure a setting once, and have it apply to many users and/or computer objects
Can link GPOs to OUs, domains or sites
146
Benefits of single domain
1. Least expensive
2. Easier to manage
3. Simpler disaster recovery
147
Top level domain name
.com
| .net
148
SYSVOL shared folder
Used to share info such as scripts and elements of GPOs between DCs - must be on NTFS drive
Database and log files can be located on different drives for optimization
149
MMC-based tools to manage user accounts
1. Server Manager
| 2. Computer Management
150
Organizational Unit
Used to organize objects within AD
Any object (user, computer, group) can be placed within an OU to make them easier to administer
151
Reasons for creating OU
1. Administrative delegation
| 2. Management through group policy
152
LDAP
Lightweight Directory Access Protocol
AD uses LDAP for communication
Enables data exchange between directory services and applications
153
DN
Distinguished Name
LDAP uses a DN to uniquely identify each object in the directory
154
DSAdd
Creating a variety of AD objects at command line
155
Active Directory or domain-based groups
Use them to collectively treat a number of objects in an identical manner
Used to organize users
156
Distribution groups
Used for email
157
Security groups
Used to assign permissions
158
Group scopes
1. Global - used to organize users
2. Domain Local- domain-level groups can be used to set up permissions on resources in the domain in which they exist
3. Universal - used in multiple domain environments
159
Common domain maintenance tasks
- joining a domain
- decommissioning a DC
- troubleshooting ADI DNS
160
What do we mean by 'decommissioning' a server?
Removing all the AD components, and return the DC to a member server role
161
Tool to raise the domain functional level
ADUC
162
Tool to raise the forest functional level
AD Domains and Trust
163
W32tm
Windows Time Service - check and synchronize the time
164
Regular password policies
1. Enforce password history
2. Maximum password age
3. Minimum password age
4. Minimum password length
5. Password must meet complexity requirements
6. Store passwords using reversible encryption
165
How are password policies implemented?
1. Creating a password settings object (PSO) and storing it in a password settings container (PSC)
2. Apply a PSO to a user or global security group
Create PSO by using ADSI Edit
166
PSO settings
```
msDS-PSOAppliesTo
msDS-MinimumPasswordLength
msDS-MinimumPasswordAge
msDS-MaximumPasswordAge
msDS-PasswordHistoryLength
msDS-PasswordComplexityEnabled
msDS-PasswordSettingPrecedence
msDS-PasswordReversibleEncryptionEnabled
msDS-LockoutThreshold
msDS-LockoutObservationWindow
msDS-LockoutDuration
```
167
GPO
Container for group of settings (policy settings) that can be applied to user and computer accounts throughout an AD network
168
Linking
the act of assigning GPOs to a site, domain or OU
169
Inherited and cumulative
GPO settings are cumulative and inherited from the parent AD containers
170
Policies are applied in the following order:
1. Local policy
2. Sites
3. Domains
4. OUs
5. Child OUs
171
Access Control Lists
Used to restrict who a GPO applies to
172
rsop.msc
Resultant Set of Policies tool
173
NTFS
Recoverable file system with many advantages over FAT
Uses database called Master File Table
174
Hard disk configurations in Windows
1. Basic
| 2. Dynamic
175
Basic disk
A basic disk uses primary partitions, extended partitions and logical drives to organize data.
176
Volume
A formatted partition
177
How many primary partitions can a basic disk have?
- 4 primary
| - 3 primary and 1 extended (extended can contain up to 128 logical drives)
178
Can partitions on a basic disk split or share data with other partitions?
No.
| Each partition on a basic disk is a separate entity on the disk.
179
Dynamic disk
Can contain a large number of dynamic volumes (around 2000) that function like the primary partitions on a basic disk
180
What is spanning?
Combining separate dynamic hard disks into a single dynamic volume
181
What is striping?
Splitting data among several hard disks for increased performance
182
What is mirroring?
Duplicate data among several hard disks for increased reliability
183
What operations can only be performed on dynamic disks?
1. Create and delete simple, spanned, striped, mirrored and RAID-5 volumes
2. Extend a simple or spanned volume
3. Remove a mirror from a mirrored volume, or break the mirrored volume into two volumes
4. Repair mirrored or RAID-5 volumes
5. Reactivate a missing or offline disk
184
Partition Types
1. Master Boot Record - original method (limitation - partitions 2TB)
2. GUID - larger partition sizes
185
Limitations of MBR
1. Potential for corruption of partition table, a region on the disk that maps sector to logical block numbers (only have 1 partition to keep track of all blocks in the partition)
2. Limitation of 3 primary partitions and 1 extended - reducing the number of partitions to organize or manage the data
186
NTFS Permissions
Apply to any file/folder on a disk that is formatted with NTFS
187
Types of NTFS Permissions
1. Read
2. Read and execute
3. List folder contents
4. Write (does not include deleting files)
5. Modify (can delete)
6. Full control
188
Share permissions
Apply only to shares when they are accessed over the network
189
Types of Share Permissions
1. Read
2. Change
3. Full Control
190
Deny takes precedence
If user is assigned allow and deny permissions, deny wins.
191
What is an implicit deny?
Aren't any permissions assigned to a user, so the user cannot access the object.
192
DACL
Discretionary Access Control List - a list of access control entries (ACE)
193
How to modify NTFS and Share permissions?
1. Server Manager
2. Computer management
3. Windows Explorer
194
Combining NTFS and Share permissions
1. Determine cumulative NTFS permissions
2. Determine cumulative Share permissions
3. Determine which of two provide least access (the 'most restrictive permissions')
195
Administrative Share
All drives, incld. CD-ROM, are given a hidden share to the root of the drive (C$, D$, etc). Cannot change the permissions or properties of these shares
196
ADMIN$
Admin share is another administrative share that maps to the location of the os
197
PRINT$
Whenever you create a shared printer, the system places the drivers in this share
198
named pipe
A piece of memory that handles a communication channel between two processes, whether local or remote
199
NETLOGON share
used when processing logon requests from users
200
SYSVOL
used to store Group Policy info and scripts that are accessed by clients on the network
201
Name two types of quota
1. Hard - enforces limit
| 2. Soft - sends notifications, does not enforce
202
BitLocker
A technology designed to provide protection for entire disk drives
203
BitLocker To Go
For encrypting USB flash drives
204
Domain account
Used to authenticate access to shared domain resources
205
Local account
Used to authenticate access to manage or use the local computer
206
djoin.exe
Allows computers to join a domain while offline (Windows 7 and Windows 2008 R2)
207
CIDR
Classless Interdomain Routing
208
IPv4
Uses 32-bit for its addresses
Depending on the class, X bits will represent the network portion, and Y bits will represent the host
209
IPv6
Uses 128-bit for addresses - provides more possible addresses to work with
210
Class A
0 - 127
128 networks
16,777, 218 nodes per network
211
Class B
128 - 191
16384 networks
65,536 nodes per network
212
Class C
192-223
2,097,152 networks
256 nodes per network
213
Class D
224-239
| Multicast
214
Class E
240-255
| Experimental
215
Subnet
A subnet is created from the host portion of an IP address to designate a 'sub' network
- reduces administration, security (!) and traffic performance
Network subnetting is not physical, it is logical
Allows large IP ranges to be divided into smaller, logical and more tangible network segments
216
Subnet mask
Defines a small network inside a larger network
217
Subnet beginning ID
Always even
Network ID
218
Subnet ending ID
Always odd
Broadcast ID
219
CIDR
Provides flexibility to increase or decrease the class size as necessary
CIDR is the method to specify more flexible IP classes
220
CIDR notation
A syntax for specifying IP addresses and their associated routing prefix
Appends a slash character to the address and the decimal number of leading bits of the routing prefix (identifies network portion of address - the larger rest of the address is the host)
221
/number in CIDR notation
Refers to mask length
222
Eight special numbers for subnet masks
255, 254, 252, 248, 240, 224, 192, 128
223
Share vs NTFS permissions
Share permissions control network access to a particular resource. Share permissions do not affect users who log on locally. You set share permissions in the Advanced Sharing dialog box, which you access from the Sharing tab of a folder’s properties dialog box.
NTFS permissions apply to folders and files on an NTFS-formatted drive. They provide extremely granular control over an object. For each user to whom you want to grant access, you can specify exactly what they’re allowed to do: run programs, view folder contents, create new files, change existing files, and so on. You set NTFS permissions on the Security tab of the properties dialog box for a folder or file.
224
Most restrictive permissions
It’s important to recognize that the two types of permissions are combined in the most restrictive way. If, for example, a user is granted Read permission on the network share, it doesn’t matter whether or not the account has Full Control NTFS permissions on the same folder; the user gets only Read access when connecting over the network.
225
Effective permission set
In determining the effective permission for a particular account, you must also consider the effect of group membership. Permissions are cumulative; an account that is a member of one or more groups is granted all of the permissions that are granted explicitly to the account as well as all of the permissions that are granted to each group of which it’s a member. The only exception to this rule is Deny permissions, which take precedence over any conflicting Allow permissions.
