Chapter 8 Flashcards
What is Active Directory?
Active Directory is a centralized database used to store information about users, groups, workstations, and security information for a network.
What are the benefits of Active Directory?
Benefits include centralized administration of resources and security, single sign-on for users, and easy resource location like files and printers.
What is the basic unit of administration in Active Directory?
The basic unit of administration in Active Directory is the domain.
What is a domain?
A domain is a collection of network resources managed as a unit, sharing a common directory database and security policies.
How are domains identified?
Domains are identified using DNS names, which can be either a common name or a distinguished name that includes the top-level domain.
What is an organizational unit (OU)?
An OU is a container object used to subdivide and organize network resources within a domain.
What are built-in containers?
Built-in containers are similar to OUs but are created by default and have limited editable properties.
What types of objects are represented in Active Directory?
Common objects include users, groups, and computers.
What are attributes in Active Directory?
Attributes provide information about objects, such as a user’s name and email address.
How does Active Directory use DNS?
Active Directory uses DNS to locate and name objects.
What is a domain controller?
A domain controller is a Windows server that holds a copy of the Active Directory database.
What is replication in Active Directory?
Replication ensures changes to the database are copied to all domain controllers in the domain.
What are Group Policies?
Group policies enable administrators to apply sets of configuration settings to users or computers within a domain.
What are Group Policy Objects (GPOs)?
GPOs are collections of policy settings that can be applied to OUs or domains.
How do GPOs affect OUs and domains?
GPOs applied to an OU affect objects in that OU and its sub-OUs; GPOs applied to a domain affect all objects within the domain.
Where are local GPOs stored?
Local GPOs are stored on individual machines, primarily those not part of a domain.
What is the order in which GPOs are applied?
- Local Group Policy on the computer
- GPOs linked to the domain
- GPOs linked to OUs (from highest to lowest level)
What are the possible settings within a GPO?
- Not Configured: GPO doesn’t define a value, leaving the current setting unchanged.
- Enabled: GPO sets a value to be enforced.
How are settings combined when multiple GPOs apply to an object?
Their settings are combined to form the effective Group Policy.
What happens when GPOs configure a setting?
The setting in the last applied GPO is used.
What are the two main categories of GPO settings?
- Computer Configuration
- User Configuration
What are Account Policies in GPOs?
Controls settings like password complexity and account lockout, only applicable when configured in a domain-linked GPO.
What does Local Policies/Audit Policy configure?
Configures auditing for events like logons and account management, enabling tracking of security-related activities.
What is defined by Local Policies/User Rights Assignment?
Defines who can perform system maintenance tasks like accessing the computer remotely.
What do Local Policies/Security Options enable or disable?
Security rights for all users the policy applies to, like requiring Ctrl+Alt+Delete for logon.
What does the Registry setting in GPOs configure?
Configures registry keys and values.
What does the File System setting in GPOs do?
Sets file and folder permissions.
What are Software Restriction Policies?
Dictates which software can run on a computer.
What do Administrative Templates offer?
Registry-based settings to manage the computer and user experience.
What is the Group Policy Editor?
An MMC snap-in used to manage local computer and user configuration settings.
How can you launch the Group Policy Editor?
- Search menu
- Run command
- Settings app
- File Explorer
What does the command ‘gpedit.msc’ do?
Opens the Local Group Policy Editor.
What does the command ‘gpupdate’ do?
Forces the computer to update its group policy settings from the domain controller.
What does the command ‘gpresult’ display?
Displays the group policy objects applied to the computer and user.
What is the purpose of a user account?
Determines if and how a user can use a computer.
How does the logon process verify a user’s identity?
Using a username and password.
What do rights control in a user account?
Actions a user can perform, such as changing system settings.
What do permissions control in a user account?
Access to specific resources like files and folders.
What types of user accounts does Windows offer?
Windows offers different types of user accounts: built-in administrator account, user account with administrative privileges, standard account, guest account, and Microsoft account.
What is the built-in administrator account?
The built-in administrator account has full control over the computer but is hidden for security reasons.
What is a user account with administrative privileges?
A user account with administrative privileges is a regular account granted administrative rights.
What is a standard account?
A standard account is a basic account with limited rights.
What is a guest account?
A guest account has limited capabilities and is often disabled for security.
What is a Microsoft account?
A Microsoft account is an online account linked to Microsoft services.
How do groups simplify management in Windows?
Groups simplify management by allowing administrators to assign rights and permissions to multiple users simultaneously. All members of a group inherit the group’s permissions.
Where are users and groups stored in Windows?
Users and groups are stored in three main locations: local accounts, domain accounts, and online accounts.
What are local accounts?
Local accounts are stored on individual computers.
What are domain accounts?
Domain accounts are stored in Active Directory.
What are online accounts?
Online accounts are managed by online services like Microsoft.
What are default Windows groups?
Windows creates default groups with pre-assigned rights and permissions, which should not be modified without understanding their function.
What is the Administrators group?
The Administrators group has full access to the computer.
What is the Power Users group?
The Power Users group has limited administrative abilities and is no longer used in modern Windows versions.
What is the Users group?
The Users group consists of standard users with limited permissions.
What is the Guests group?
The Guests group has very limited rights.
What sign-in options does Windows provide?
Windows provides various sign-in options: facial recognition, fingerprint recognition, PIN, security key, password, and picture password.
What is Windows Hello?
Windows Hello is the biometric logon system in Windows 11, capable of storing and matching biometric scans for authentication.
What sign-in settings are available in Windows 11?
Windows 11 offers settings to customize the sign-in experience, including allowing only Windows Hello sign-in, requiring sign-in after being away, dynamic lock, automatically saving and restarting apps, showing account details on the sign-in screen, and using sign-in info to finish setup after an update.
What is Single Sign-On (SSO) in Active Directory?
SSO simplifies user access to systems and applications by allowing users to log in once and not re-enter credentials for every resource.
How does Microsoft Account Authentication work?
Users can authenticate to Windows using their online Microsoft accounts, syncing profile information across multiple devices.
What is a Local Account?
A Local Account is stored locally on the computer, and its profile information is not synced across devices.
What can users manage in their Microsoft Account?
Users can manage devices, privacy, payment options, order history, security, personal information, and language settings.
What parental control features do Microsoft accounts provide?
Microsoft accounts provide parental control features like screen time limits and content filtering.
What is User Account Control (UAC)?
UAC is a security feature that notifies users when a task requires administrative privileges.
How does UAC operate?
UAC operates by creating access tokens for each user and triggers Admin Approval Mode if a task requires elevation.
What are the UAC sensitivity options available in Control Panel?
- Always notify me: Most secure.
- Notify me only for application changes: Prompts for application changes.
- Notify me only for application changes (no dim desktop): Less secure.
- Never notify me: Disables UAC prompts.
What is Remote Access?
Remote access allows connecting to a computer from a different location using a network.
What is Remote Desktop (RDP)?
Accesses the graphical desktop of a Windows system, offering full control.
What is Microsoft Remote Assistance (MSRA)?
Allows a remote user to take control of a user’s system with the user’s permission. Primarily for technical support.
What is Screen Sharing?
Built into macOS, allows sharing and controlling the screen.
What is Secure Shell (SSH)?
Establishes a secure connection to a system’s command-line interface, primarily used for remote server management.
What are third-party remote access tools?
Includes video conferencing software, remote monitoring and management (RMM), desktop management software, and file transfer software.
What does video conferencing software do?
Enables audio and video communication, screen sharing, and file sharing.
What is Remote Desktop Client?
Allows you to connect to a Windows Pro or Enterprise computer from a variety of devices, including Windows, iOS, macOS, and Android.
How do you enable Remote Desktop?
- Right-click the Start menu.
- Select System.
- Select Remote Desktop.
- Toggle the Remote Desktop option to On.
- Click Confirm.
How do you connect to a remote computer using Remote Desktop?
- Open Remote Desktop Connection.
- Enter the remote computer’s name or IP address.
- Click Show Options to configure settings.
- Click Connect.
- Enter the password for the remote system.
- Click OK.
What are the remote connection settings in Remote Desktop?
General: Specify the remote computer name and username.
Display: Set the size and color depth of the remote desktop.
Local resources: Configure audio settings, Windows key combinations.
Experience: Adjust performance settings for slow connections.
Advanced: Set up server authentication and configure Remote Desktop Gateway.
What are the considerations for using Remote Desktop?
Uses Remote Desktop Protocol (RDP) for communication. The remote computer must be turned on and allow remote connections. A network or internet connection to the remote computer is necessary. Firewalls must be configured to allow RDP connections. You can use the Remote Desktop Users group to control who can connect. Only one user can be logged on at a time.
What are the key differences between Remote Assistance and Remote Desktop?
Remote Assistance is for providing or receiving help, while Remote Desktop is for user productivity.
What is required for Remote Assistance?
The logged-in user’s permission is required. The user must create and send an invitation to the person providing assistance.
What are the invitation options for Remote Assistance?
- Save as a file
- Send in an email
- Use Easy Connect
What happens once a Remote Assistance session is closed?
Once a session is closed, it cannot be reconnected. A new invitation is required.
What security considerations should be taken when providing assistance?
- Only accept invitations from trusted sources.
- Be wary of invitations from outside your organization.
- Verify all invitations before opening, as they may contain malware.
What does Screen Sharing in macOS allow?
Screen Sharing allows sharing and controlling a computer’s screen.
What are the uses of Screen Sharing?
- Remote system access
- Troubleshooting
- Presentations and collaboration
How do you enable Screen Sharing in macOS?
- Select the Apple menu.
- Select System Preferences.
- Select Sharing.
- Select Screen Sharing.
What can you specify in Screen Sharing settings?
You can specify which users can connect.
What is the purpose of enabling VNC viewer in Screen Sharing?
To allow connections from non-Mac systems.
Where do systems with Screen Sharing enabled appear?
They appear in the Finder’s Shared category.
What are the modes of Screen Sharing?
- Control mode: Full control of the remote system.
- Observe mode: The remote user can only view the screen.
What is the Shared Clipboard feature in Screen Sharing?
It allows copying text between local and remote systems.
What is a Virtual Private Network (VPN)?
A VPN creates a secure connection over an untrusted network by encrypting IP traffic.
What are tunnel endpoints in a VPN?
Tunnel endpoints are devices responsible for encrypting and decrypting data.
What does a security association do in a VPN?
It establishes a secure channel between the VPNs.
What are the types of VPN implementation?
- Host-to-host VPN: Two devices establish a direct secure connection.
What is a common VPN protocol?
Point-to-Point Tunneling Protocol (PPTP): An early VPN protocol, supported by most operating systems. Uses TCP port 1723.
What is Layer Two Tunneling Protocol (L2TP)?
An open standard supporting various protocols, using IPsec for encryption. Uses TCP port 1701 and UDP port 500.
What does Internet Protocol Security (IPsec) provide?
Authentication and encryption, can be used with L2TP or independently. Includes protocols like AH, ESP, and IKE.
What is Generic Routing Encapsulation (GRE)?
A Cisco protocol for routing Layer 3 protocols, doesn’t provide encryption but can be paired with IPsec.
What are important considerations for VPNs?
Firewalls need to allow VPN traffic through specific ports. Some NAT solutions might not work well with VPNs.
Why are software updates crucial?
They maintain system stability, security, and functionality.
What are the types of software updates?
Operating system updates, driver updates, application updates, and firmware updates.
What do operating system updates do?
Fix bugs, address vulnerabilities, and introduce new features.
What do driver updates improve?
Hardware performance and compatibility. May be obtained directly from manufacturers if not provided through Windows Update.
What do application updates enhance?
Functionality, address issues, and patch security flaws.
What do firmware updates do?
Update software embedded in hardware devices, often available from manufacturers’ websites.
What is Windows Update?
Windows’ built-in system for managing updates, automatically downloads and installs updates for the operating system and registered drivers.
How do you check for Windows updates?
- Click Start. 2. Click Settings. 3. Click Windows Update. 4. Click Check for updates.
What options are available within Windows Update?
Pause updates, update history, and advanced options for configuring update behavior.
What is the Windows Insider Program?
A program for testing pre-release builds of Windows, offering three channels (Dev, Beta, Release Preview).
What are troubleshooting steps for Windows update issues?
Restart the computer, ensure sufficient disk space, disconnect unnecessary hardware, update third-party drivers, and check Device Manager for errors.
What is Windows as a Service?
A model for delivering Windows updates more frequently, ensuring systems are up-to-date.
How often are minor updates released in Windows as a Service?
Twice a year, around March and September.
What do feature updates bring?
New functionality.
What do quality updates address?
Bugs and security issues.
What are the Windows as a Service release channels?
General Availability Channel and Long Term Servicing Channels.
What does the General Availability Channel receive?
Feature updates upon public release.
What is the purpose of Long Term Servicing Channels?
For specialized devices that require long-term stability.
