Day 1

Question 1

Server OS’s

Answer 1

optimized for applications services and shared resources.
support more robust hardware
allow an unlimited number of concurrent connections to file shares and other services

Question 2

workstation OS’s

Answer 2

support less robust hardware.
optimized for the user environment (interactive desktop response time).
limited to 10 connections (WINXP) or 20 (Win7)

Question 3

workgroup

Answer 3

each system is standalone in regards to authentication.

authenticates through the local SAM.

Question 4

domain

Answer 4

each system shares common configurations, resources, and security principles.
that info is maintained in an ACTIVE DIRECTORY. (active directory’s are only on server OS’s).
a server with an active directory is called a DOMAIN CONTROLLER.

Question 5

MEMBER SERVERS

Answer 5

a domain system running server OS’s.
member servers and other domain systems that are not domain controllers maintain local accounts in their SAM making it possible to authenticate with a local account or a domain account.

Question 6

more on domains

Answer 6

workstations (users) ---uses SAM database
member servers (no active directory) --- has a SAM db.
domain controller (AD)-- no SAM

Question 7

windows accounts

Answer 7

accessing a windows system requires credentials to authenticated

Question 8

user accounts

Answer 8

collection of information used by the system for determining accesses and privileges.
accounts exist either in the local machine’s SAM or in the domain controller’s active directory.
used for authentication and authorization.

Question 9

service accounts

Answer 9

controlled by the OS

windows services are used to enable and/or configure different system capabilities.

Question 10

security identifier (SID)

Answer 10

every windows account has a unique SID.
generated during account creation.
never reissued or reused if the original account is deleted.
SID remains with account, even if the name is changed.

Question 11

SID breakout

Answer 11

S-1-5-21-776561741-1625316112-682003330-500
S= indicates the string is a SID
1= revision level
5=authority value
the rest is called the sub-authority value
the segment starting with 21 to the one that ends in 330 is called the system or domain identifier.
the last part (500) is the relative identifier. this distinguishes one group from all others

Question 12

well known SID’s

Answer 12

SID Account Account Type
S-1-5-18 Local System Service Account*
S-1-5-19 Local Service Service account*
S-1-5-20 Network Service Service Account*
S-1-5-[4a]-500 Administrator User account
S-1-5-[4a]-501 Guest User account
*=only on local system and do not need a relative ID
FYI= RID’s >=1000 are user created accounts

Question 13

access tokens

Answer 13

identify the user and the user’s group memberships associated with a process.
access tokens are made up of the account SID, groups, and privileges.

the whoami command will show what is in your access token

Question 14

security context

Answer 14

the access token plus the objects permissions

Question 15

privileges

Answer 15

the ability of an account to perform a particular system related operation, such as shutting down the system, backing up/restoring files, changing system time, and taking ownership of files.

Question 16

security policy

Answer 16

used to set what privileges and account rights users have:
who access the system
what resources they can use
whether the actions are logged

Question 17

security policy privileges

Answer 17

account privileges, accesses, and special quotas

security auditing requirements

Question 18

account rights

Answer 18

contain information that deals with logon abilities
allow/deny logon locally
allow/deny logon over the network
allow/deny logon as a service

Question 19

local policy

Answer 19

a combination of settings used by Windows systems to control security on a computer.
policy settings are commonly used to edit account and password policies.