Presentation is loading. Please wait.

Presentation is loading. Please wait.

Permissions and User Rights

Published byShauna Warner Modified over 8 years ago

Similar presentations

Presentation on theme: "Permissions and User Rights"— Presentation transcript:

1 Permissions and User Rights
FORESEC Academy Security Essentials (V) Permissions and User Rights

2 FORESEC Academy Security Essentials (V)
Permissions And User Rights

3 NTFS Overview - CDFS - FAT - FAT32 - NTFS Always use NTFS!
Windows Filesystems: - CDFS - FAT - FAT32 - NTFS Always use NTFS! - Dual-booting issues NTFS Features: - Permissions - Auditing - Encryption - Compression - Transactional - Max volume size = 16TB

4 NTFS DACLs NTFS DACLs are always enforced: - Local Users - IIS
- Terminal Services - Shared Folders - Telnet XCACLS.EXE

5  Deny Overrides Allow Permissions Can Be Inherited

6 NTFS Owners Every NTFS folder and file has an “owner”. Take Ownership
user right. CREATOR OWNER group.

7 Principle of Least Privilege
Default DACL = Full Control for Everyone - Not configurable. - What NTFS permissions should I use? - Depends on your “needs analysis”. A good DACL to start, then apply PoLP: - System: Full Control - Administrators: Full Control - Power Users: Full Control - CREATOR OWNER: Full Control - Authenticated Users: Read & Execute (or Modify)

8 AGULP!

9 AD Users and Computers Active Directory Users and Computers.
Global, Universal and Local groups. Security vs. Distribution groups: - Security groups can have rights and permissions, distribution groups cannot. - Universal security groups can only be created in native mode.

10 Shared Folder Permissions
Server Service and SMB/CIFS. Share DACLs ignored for local access: - Full Control - Change - Read No inheritance of share permissions. Multiple share names. Net.exe Share

11 Hidden & Administrative Shares
\\Server\Share$ They do not appear in My Network Places. C$, D$, E$, etc. IPC$ for inter-process communications. Audit your hidden shares!

12 Combining NTFS & Share DACLs
NTFS Permissions: - Users: Read - Sales: Deny All - Amy: Change Share Permissions: - Everyone: Change - Administrators: Read - Amy: Read Of which groups is Amy a member? What are Amy's final permissions then?

13 Encrypting File System
Threats: - Linux boot floppies - Stolen backups EFS is built into the NTFS driver, not a separate application. Transparent to user. CIPHER.EXE

Download ppt "Permissions and User Rights"

Similar presentations

1 Module 6 Securing Network Resources with NTFS Permissions.

1 Module 6 Securing Network Resources with NTFS Permissions.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.

1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.

MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.
Tasks Necessary for Setting Up a Hard Disk Initializing the disk with basic or dynamic storage type Creating partitions on basic disks or volumes on dynamic.

Tasks Necessary for Setting Up a Hard Disk Initializing the disk with basic or dynamic storage type Creating partitions on basic disks or volumes on dynamic.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Similar presentations

Ads by Google