Basics of Windows Security - - vimore.org

Basics of Windows Security

Basics of Windows Security

YouTube

This video looks at all the basic parts that form the security model in Windows. Check out http://itfreetraining.com for more of our always free training videos. Understanding this will give you a better understanding of how security works in Windows allowing you to better configure and secure Windows. Download the PDF handout http://ITFreeTraining.com/handouts/server/basics-security.pdf What's in this video This video will look at the core parts of Windows security which are as follows: "Security Principal", "Security Identifier", "Access Control Entry/Access Control List" and "Access Tokens". This will give you a better understanding of how security in Windows works which will assist you later on when you work on configuring security. What is a Security Principal A security principal is essentially the name given to an entity. For example a user, computer or process. This security principal is generally a friendly name to make it easier to identify the entity. For example, it is easier to identify a user by a name rather than a long number. A security principal will always map to one entity, but it is possible to have to entities with the same name. For example two users with the same name. Perhaps one has been deleted and replaced by the other. In order for an entity to always be able to be uniquely identified, it needs a unique value assigned to it. Security Identifier (SID) Every object in Windows has a SID assigned to it. A SID is a unique number like a serial number. They always start with S. The short SID's are local SID's and are only used on the local computer. The longer SID's are domain SID's and are issued by a Domain Controller. The list of profiles currently in use can be found in Regedit at the following location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList The containers in this location are called after the SID of that user. This means that if the username of that user were to change, this would not affect Windows being able to find the profile for that user as the SID for that user has not changed. SID Example Whenever a user is created, a unique SID is assigned to them. This SID is then used with objects to give the user access. Since a unique SID is assigned to every user that is created, it is possible to have multiple users with the same SID at different times or in different domains. It should be remembered that once a user is deleted the SID associated with that user is lost. For this reason, many administrators will disable a user rather than deleting them and thus keeping the SID. If later on the access that was given to that user is required, the user can be re-enabled and the access reused. ACE/ACL In order to determine who can access an entity, ACE's and ACL's are used. An ACL or Access Control List is a list of permissions. For example who can read the entity, those that can write to the entity. An ACE or Access Control Entry is simply an entry in that list. For example, if you had a document on the file system, this document would have an Access Control List associated with it. This Access Control List would contain Access Control Entries which determine who has access. For example, it is common for files to be allowed access by administrators and the system user. If additional access is required, it is just a matter of adding an ACE to the ACL with the required permissions and the entity that requires access. The access is determined by using the entities SID. Thus to determine if someone is allowed access, the SID of that user is looked at and then checked against the ACL to see if there is a match. If there is a match the user is allowed access. Description to long for YouTube. Please see the following link for the rest of the description. http://itfreetraining.com/server/#basics-security See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "Installing and Configuring Windows Server 2012 Exam Ref 70-410" pg 83 "Principal (computer security)" http://en.wikipedia.org/wiki/Principa...) "Security Identifier" http://en.wikipedia.org/wiki/Security... "Access Control Entries" http://msdn.microsoft.com/en-us/libra... "Access Tokens" http://msdn.microsoft.com/en-us/libra...



Special Identities

This video will look at special identities which work like regular groups in Windows, however membership is configured automatically. Check out http://itfreetra

YouTube

What are certificates?

Certificates are used to prove identity and used for creating secure communication. Check out http://itfreetraining.com for more of our always free training vid

YouTube

MCITP 70-640: Operation Master Roles

Active Directory has five operations master roles otherwise known as FSMO roles. Check out http://itfreetraining.com for more of our always free training videos

YouTube

MBR and GPT Partition Tables

The partition table on a drive determines the structure of the data and this video will look at the MBR and GPT partition tables. Check out http://YouTube.com/I

YouTube

Standard Access List (ACL) for the Cisco CCNA - Part 1

A beginner's tutorial on writing a standard access list (standard ACL) for the Cisco CCNA and CCNA Security. You can follow along in Packet Tracer by downloadin

YouTube

RAID and Storage Solutions

This video will look at a number of different storage solutions. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always

YouTube

Windows Security Settings - CompTIA A+ 220-902 - 3.3

** Click SHOW MORE for important links! ** A+ Training Course Index: http://professormesser.link/220900 Professor Messer’s Course Notes: http://professormesser

YouTube

MCITP 70-640: Active Directory Forest Functional Levels

Like domain functional levels the forest functional level determines which additional features in Active Directory will be available. In order to raise your for

YouTube

NTFS Basic Permissions

This video will look at the basic NTFS permissions that are available in Windows. Having an understanding of these permissions will give the administrator the f

YouTube

Learn SQL in 1 Hour - SQL Basics for Beginners

A crash course in SQL. How to write SQL from scratch in 1 hour. In this video I show you how to write SQL using SQL Server and SQL Server Management Studio.

YouTube

Windows 10 Settings You Should Change Right Now!

These are the settings for Windows 10 that you should change right now! Windows 10 is the most versatile and feature packed operating system that Microsoft has

YouTube

Windows File Systems

This video looks at the four file systems supported by Windows. These are ReFS, NTFS, FAT and exFAT. The video looks at what each file system is capable of and

YouTube

ACL Introduction - Video By Sikandar Shaik || Dual CCIE (RS/SP) # 35012

An access control list (ACL) is a list of access control entries (ACE). Each ACE in an ACL identifies a trustee and specifies the access rights allowed, denied,

YouTube

AMAZING LATEST TECHNOLOGY YOU MUST SEE IN 2018

BRAIN TIME ► https://goo.gl/tTWgH2 1. Neova https://www.kickstarter.com/projects/152538038/astro-the-first-smart-foldable-ukulele 2. GENII https://vimeo.com/1

YouTube

AD FS Components

This video will look at the different components that can be installed with Active Directory Federation Services. Check out http://itfreetraining.com for more o

YouTube

WSUS

WSUS or Windows Server Update Services allows you to manage Microsoft updates on your network. Check out http://YouTube.com/ITFreeTraining or http://itfreetrain

YouTube

MCITP 70-640: Active Directory Replication

This video looks at how Domain Controllers in Active Directory replicate data between each other. Check out http://YouTube.com/ITFreeTraining or http://itfreetr

YouTube

NTFS Deny Permission

The deny permission prevents user access. This video will look at how to use the deny permission and the potential pitfalls of the deny permission the administr

YouTube

NIC Teaming

This video looks at how multiple network cards can be combined together to form one virtual network card. The examples used in this video are for Windows Server

YouTube

New Features in Windows Storage Spaces 2012 R2

This video will look at the new features added to Windows Server 2012 R2 with Windows Storage Spaces. Window storage Spaces is a system introduced in Windows 8

YouTube