Server Admin I Unit 8.6 Security Options

Question 1

Security Options

Answer 1

Subset of Group Policy that governs rules for security on computer.

Question 2

Security Options Settings Categories (4)

Answer 2

1. Accounts
2. Devices
3. Interactive Logon
4. Network Security

Question 3

Best Practices: Security Options: Accounts (3)

Answer 3

1. Disable Administrator & Guest account.
2. Rename accounts if unable to disable using the “Rename Administrator Account” or “Rename Guest Account” policies.
3. Enable “Limit local account use of blank passwords to console logon only” policy.

Question 4

Best Practices: Security Options: Interactive Logon (6)

Answer 4

1. Disable: Display user information when session is locked.
2. Enable: Do not display last user name.
3. Disable: Do not require CTRL-ALT-DEL.
4. Use: Message text for users attempting to log on.
5. Enable: Prompt user to change password before expiration.
6. Enable: Require Smart Card.

Question 5

Best Practices: Security Options: Network Security (2)

Answer 5

1. Enable: Force log off when logon hours expire.

2. Disable: Allow system to be shut down without having to log on.

Question 6

User Account Control

Answer 6

UAC; System that insures that actions which affect the system configuration are approved by users with the necessary rights to perform those actions.

Question 7

How to enable User Account Control

Answer 7

Enable “Run all adminstrators in Admin Approval Mode”

Question 8

How many access tokens do Administrators get?

Answer 8

2; One Standard and One Administrator

Question 9

User Account Control Settings in Control Panel (4)

Answer 9

1. Always Notify
2. Notify me only when programs try to make changes to my computer.
3. Notify me when programs try to make changes to my computer ( do not dim the desktop).
4. Never Notify

Question 10

Secure Desktop

Answer 10

System that pauses all programs and darkens screen while displaying prompt for credentials or prompt for consent.

Question 11

How long will Secure Desktop display on screen?

Answer 11

150 seconds, after 150 seconds the prompt for consent/credentials is automatically denied.

Question 12

Never Notify UAC Setting Rules(2)

Answer 12

1. If logged on as Admin, all actions are executed without UAC prompts or Secure Desktop.
2. If logged on as a standard user, all actions requiring priviledge elevation are automatically denied.

Question 13

Group Policy Equivalant for : Always Notify

Answer 13

1. Behavior of the elevation prompt for administrators in Admin Approval Mode is set to : Prompt for consent on the secure desktop.
2. User Account Control: Switch to the secure desktop when prompting for elevation is : Enabled.

Question 14

Group Policy Equivalent for : Notify me only when programs try to make changes to my computer.

Answer 14

1. Behavior of the elevation prompt for administrators in Admin Approval Mode is set to: Prompt for consent from non-Windows binaries.
2. User Account Control: Switch to secure desktop when prompting for elevation is : Enabled.

Question 15

Group Policy Equivalent for: Notify me only when programs try to make changes to my computer.(do not dim desktop)

Answer 15

1. Behavior of the elevation prompt for administrators in Admin Approval Mode is set to: Prompt for consent from non-Windows binaries.
2. User Account Control: Switch to secure desktop when prompting for elevation is : Disabled.
3. Behavior of the elevation prompt for standard users is set to: Prompt for credentials.

Question 16

Group Policy Equivalent for: Never Notify

Answer 16

1. Behavior of the elevation prompt for administrators in Admin Approval Mode is set to: Elevate without prompting.
2. User Account Control: Switch to secure desktop when prompting for elevation is : Disabled.
3. User Account Control: Run all administrators in Admin Approval Mode is set to : Disabled.

Question 17

What must be done after turning off UAC via Group Policies?

Answer 17

The system must be rebooted.