Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understand Permissions LESSON 2.2 98-367 Security Fundamentals.

Published byJunior Ball Modified over 8 years ago

Similar presentations

Presentation on theme: "Understand Permissions LESSON 2.2 98-367 Security Fundamentals."— Presentation transcript:

1 Understand Permissions LESSON 2.2 98-367 Security Fundamentals

2 LESSON 2.2 Lesson Overview Managing Permissions In this lesson, you will learn about:  Access control information known as a security descriptor  Permissions defined within an object's security descriptor  Permissions associated with, or assigned to, specific users and groups

3 98-367 Security Fundamentals LESSON 2.2 Anticipatory Set List the common types of permissions associated with Windows ® XP or Windows 7 (local) users or groups.

4 98-367 Security Fundamentals LESSON 2.2 Permissions The permissions attached to an object depend on the type of object. o For example, the permissions that can be attached to a file are different from those that can be attached to a registry key. Some permissions, however, are common to most types of objects. When you set permissions, you specify the level of access for groups and users. o For example, you can let one user read the contents of a file, let another user make changes to the file, and prevent all other users from accessing the file. You can set similar permissions on printers so that certain users can configure the printer and other users can only print.

5 98-367 Security Fundamentals LESSON 2.2 Permissions (continued)  In a networked or multiuser computer environment, the ability of a particular user to access a particular resource by means of his or her user account.  Granted by the system administrator or other authorized person. Several levels of access can be given: read only, read and write (view and change), or read, write, and delete. o File o Share o Active Directory ®

6 98-367 Security Fundamentals LESSON 2.2 File Permissions  Permissions are granted by the system administrator or other authorized person. Several levels of access can be given: read only, read and write (view and change), or read, write, and delete.  Each type of object is controlled by an object manager. o There is a different object manager for each type of object. Access the object types, their object managers, and the tools you use to manage these objects as follows: To allow or deny a permission, in the Permissions for User or Group box, select the Allow or Deny check box. o To remove the group or user from the Group or user names box, click Remove.

7 98-367 Security Fundamentals LESSON 2.2 Share Permissions  In a networked or multiuser computer environment, the ability of a particular user to access a particular resource is controlled by means of his or her user account.  Permissions are granted by the system administrator or other authorized person. Several levels of access can be given: read only, read and write (view and change), or read, write, and delete.  For a user or group to be able to access shared files, they must have sufficient share and NTFS permissions.  If FAT(32) permissions are shared, the only way to limit access is using share permissions. In reality most organizations set the share permissions to full control or even better modify and use NTFS permissions for access control.

8 98-367 Security Fundamentals LESSON 2.2 Registry Permissions  Windows stores much of its state information in the Windows Registry. o Registry data stores are known as Hives, where data is stored in keys and subkeys, which are both viewed as containers (subkeys are not viewed as objects).  The situation to avoid is a user modifying trusted parameters (such as turning the antivirus or anti-malware service off) or tampering with a tool that users or administrators use. o In a networked or multiuser computer environment, the ability of a particular user to access a particular resource is controlled by means of his or her user account.

9 98-367 Security Fundamentals LESSON 2.2 Explicit Permissions and Inherited Permissions  Explicit permissions are those that are set by default on nonchild objects when the object is created, or by user action on nonchild, parent, or child objects.  Inherited permissions are those that are propagated to an object from a parent object. o Inherited permissions ease the task of managing permissions and ensure consistency of permissions among all objects within a given container.

10 98-367 Security Fundamentals LESSON 2.2 Guiding Questions 1. Compare and contrast NTFS vs. FAT, or 2. What are the advantages/disadvantages of NTFS vs FAT?

11 98-367 Security Fundamentals LESSON 2.2 Class Activity – User Access Controls  User Account Control (UAC) is a feature in Windows that can help prevent unauthorized changes to your computer. UAC does this by asking you for permission or an administrator‌ password before performing actions that could potentially affect your computer's operation or change settings that affect other users.  When you see a UAC message, read it carefully, and then make sure the name of the action or program that's about to start is one that you intended to start. By verifying these actions before they start, UAC can help prevent malicious software (malware) from installing itself or making changes to your computer without permission.

12 98-367 Security Fundamentals LESSON 2.2 Class Activity – User Access Controls UAC alerts:  Windows needs your permission to continue. A Windows function or program that can affect other users of this computer needs your permission to start. Check the name of the action to ensure that it's a function or program you want to run.  A program needs your permission to continue. A program that's not part of Windows needs your permission to start. It has a valid digital signature indicating its name and its publisher, which ensure that the program is what it claims to be. Make sure that this is a program that you intended to run.  An unidentified program wants access to your computer. An unidentified program is one that doesn't have a valid digital signature from its publisher to ensure that the program is what it claims to be. This doesn't necessarily indicate malicious software, as many older, legitimate programs lack signatures. However, you should use extra caution and only allow this program to run if you obtained it from a trusted source, such as the original CD or a publisher's website.  This program has been blocked. This is a program that your administrator has specifically blocked from running on your computer. To run this program, you must contact your administrator and ask to have the program unblocked.  Create a report about User Access Controls, identifying when the various messages are seen and why permissions are either denied or granted.

13 98-367 Security Fundamentals LESSON 2.2 Advanced Security Settings Properties Page – Permissions Tab  Type: Either Allow or Deny this group or user this permission for this object  Name: Resource, user, or group  Permission: Restrictions currently applied to this object for this resource, user, or group  Inherited from: Identifies the parent object  Apply to: Identifies any descendant objects to which the permissions are also applied Summarize the Advanced Security Settings Properties Page – Permissions Tab on your computer.

Download ppt "Understand Permissions LESSON 2.2 98-367 Security Fundamentals."

Similar presentations

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Similar presentations

Ads by Google