Windows Hardening

Question 1

What is a server?

Answer 1

A server is a computer that provides shared resources.

Question 2

What is a client?

Answer 2

A client performs tasks for an end user.

Question 3

What is an operating system?

Answer 3

Operating systems control the allocation and usage of hardware resources.

Question 4

What components do servers consist of?

Answer 4

Processor
Disk
RAM Memory
Network cards

Question 5

What installation types are there for Windows Server?

Answer 5

New install, no old files
Upgrade, keep old files
Migration, move old files to another server and do a fresh install on the original server.

Question 6

What are the benefits of Server Core?

Answer 6

Reduced Servicing Overhead
Reduced Administrative Overhead
Reduced Resource Overhead
Reduced Attack Surface

Question 7

Post-installation tasks after installing a Server?

Answer 7

Activate Windows
Set Time Zone
Configure network, computer name and domain
Configure automatic updates
Add server roles and features
Enable Remote Desktop
Configure Windows Firewall

Question 8

Automated deployment

Answer 8

Build image files
Build unattended answer files
Create deployment transmission
Initiate installation from client

Question 9

What is a Service?

Answer 9

A long running executable that performs a specific function without user intervention.

Question 10

What service startup options are there?

Answer 10

Automatic (delayed)
Automatic
Disabled
Manual

Question 11

Common causes of service failure?

Answer 11

Account restrictions
Dependencies
Corrupt or missing files

Solutions:
Reboot in Safe mode
Reboot in Last Known Good Configuration
Microsoft System Configuration Utility

Question 12

What is a device?

Answer 12

A hardware component that serves a specific function and is installed in or attached to a computer.

Question 13

What is a device driver?

Answer 13

A device driver is a small software program that allows the computer to communicate with a specific device.

Question 14

What is driver signing?

Answer 14

A digital signature that shows the driver is from the publisher of the driver and whether or not it has been modified since signing.

Question 15

What are the logical components of Active Directory Domain Services?

Answer 15

Partitions
Schema
Domains
Domain Trees
Forests
Sites
Organisational units
Containers

Question 16

What are the physical components of Active Directory Domain Services?

Answer 16

Domain Controllers
Data Stores
Global catalog servers
Read only domain controllers

Question 17

What do Active Directory Domain Services do?

Answer 17

Hold a database of users and computers
Replicate the database across multiple domain controllers
Administrate user and computer permissions and settings
Authenticate user sign ins within the domain

Question 18

What are organisational units?

Answer 18

Units from which administrative permissions and policies can be applied to groups of users and computers.

Question 19

What are domain controllers?

Answer 19

Servers that host the Active Directory Domain System database and System volume.
Authentication via Kerberos and Key Distribution Center.

Question 20

What does the global catalog do?

Answer 20

Holds partial sets of attributes from domains across the forest.
For example schema information

Question 21

What are the steps in the Active Directory Domain Services sign in process?

Answer 21

1. User account is authenticated by the domain controller.
2. Domain controller returns a Ticket Granting Ticket to the client
3. The client uses the ticket to apply for access to a work station
4. Domain controller grants access
5. Client applies with TGT for access to the server
6. Domain controller returns access to the server

Question 22

What is the command to install AD DS in Core?

Answer 22

Add-windowsfeature AD-Domain Services

Question 23

What happens when an object is moved between Organizational units?

Answer 23

Directly assigned permissions remain in place.
Inherited permissions change.

Question 24

What settings are copied from a template to a new user?

Answer 24

Group memberships
Home directory path
Profile path
Logon path
Password settings
Department
Manager

Question 25

Distribution groups

Answer 25

Used with email applications
Cannot be given permissions due to missing security id.

Question 26

Security groups

Answer 26

Security with security id.
can be given permissions

Question 27

What ways can you plan Organizational units?

Answer 27

Location based (Stockholm, London, Malmö, etc)
Resource Based (Servers/Computers sorted by version)
Organisation based (Sales, Research, Marketing, Managers, etc)
Multenancy based (Company 1, Company 2, Company 3, etc)

Question 28

What is IGDLA?

Answer 28

User and Computer Identity is placed into Global groups based on their roles and the global role groups get placed into domain local groups that gets assigned resources.

Question 29

What are special Identities?

Answer 29

Groups which membership depends on the authentication or connection method.
Examples:
Anonymous Logon
Authenticated Users
Everyone
Interactive
Network
Creator Owner

Question 30

When can computers lose their SID?

Answer 30

Security identities will be lost when reinstalling the computer
Restoring a computer to an old backup/snapshot
Computer and domain disagrees about the password

Question 31

How can you reset the computer SID?

Answer 31

Windows Powershell with the command
“Test-ComputerSecureChannel”

By right clicking the computer in AD U&C and selecting reset account, you will have to reconnect the client to the domain afterwards.

Question 32

How do you create a new user in Windows Powershell?

Answer 32

New-ADUser “Name” –AccountPassword (Read-Host
–AsSecureString “Enter password”) -Department IT

Question 33

How do you change properties of a user in Windows Powershell?

Answer 33

Set-ADUser “Username” -property “value”

Question 34

How do you delete a user in Windows Powershell?

Answer 34

Remove-ADUser “Username”

Question 35

How do you reset the password of an user account?

Answer 35

Set-ADAccountPassword “Username”

Question 36

How do you modify the expiration date of a user account?

Answer 36

Set-ADAccountExpiration “Username”

Question 37

How do you unlock an User Account?

Answer 37

Unlock-ADAccount “username”

Question 38

How do you enable an User account?

Answer 38

Enable-ADAccount “username”

Question 39

How do you disable an User account?

Answer 39

Disable-ADAccount “username”

Question 40

What is a Group policy setting?

Answer 40

Defines a specific configuration
Applied to a computer or user

Question 41

What is a Group Policy Object?

Answer 41

A set of group policy settings
Applied to a computer or user

Question 42

What can GPOs be linked to?

Answer 42

Sites
Domains
Organizational Units

Question 43

What can’t GPOs be linked to?

Answer 43

Users
Groups
Computers
System Containers

Question 44

When are GPOs applied?

Answer 44

Computer settings are applied on start up
User settings are applied as sign in

Question 45

In what order are GPOs applied?

Answer 45

Those that apply later overwrite the earlier ones if they clash.

Local
Site
Domain
Organization Unit
OU Child

Question 46

What are the default GPOs?

Answer 46

Default Domain Policy
Used to define account policies for the domain

Default Domain Controllers Policy
Used to define auditing
Defines user rights on the domain controllers

Question 47

What settings can you control with a password policy?

Answer 47

How old the password can be before it must be changed.
Minimum password age:
Minimum password length:
Complex password requirement: Enabled
Store passwords using reversible encryption: disabled

Question 48

What settings can you control with an account lockout policy?

Answer 48

How many incorrect login attempts can be made before user being locked
How long the User is locked
Lockout Threshold
Reset account lockout

Question 49

Kerberos Policy does what?

Answer 49

Enforce user logon restrictions
Maximum Lifetime for service ticket
Maximum Lifetime for user ticket
Maximum Lifetime for user ticket renewal
Maximum tolerance for computer clock synchronization

Applied on domain level

Question 50

What does the SSL process look like?

Answer 50

1. The user types an HTTPS URL
2. The web server sends its SSL certificate
3. The client performs a check of the server certificate
4. The client generates a symmetric encryption key
5. The client encrypts this key with the server’s public key
6. The server uses its private key to decrypt the encrypted
   symmetric key

Question 51

What does a digital signature ensure?

Answer 51

Content is not modified during transport
The identity of the author is verifiable

Question 52

Digital Signatures work in what way?

Answer 52

Authors computer creates a hash/digest
Authors hash/digest is encrypted with their private key
Recipient uses Author’s public key to decrypt and can then compare the hash/digest created on the recipients machine with the hash/digest that was sent. These should be identical.