Windows Hardening Flashcards
What is a server?
A server is a computer that provides shared resources.
What is a client?
A client performs tasks for an end user.
What is an operating system?
Operating systems control the allocation and usage of hardware resources.
What components do servers consist of?
Processor
Disk
RAM Memory
Network cards
What installation types are there for Windows Server?
New install, no old files
Upgrade, keep old files
Migration, move old files to another server and do a fresh install on the original server.
What are the benefits of Server Core?
Reduced Servicing Overhead
Reduced Administrative Overhead
Reduced Resource Overhead
Reduced Attack Surface
Post-installation tasks after installing a Server?
Activate Windows
Set Time Zone
Configure network, computer name and domain
Configure automatic updates
Add server roles and features
Enable Remote Desktop
Configure Windows Firewall
Automated deployment
Build image files
Build unattended answer files
Create deployment transmission
Initiate installation from client
What is a Service?
A long running executable that performs a specific function without user intervention.
What service startup options are there?
Automatic (delayed)
Automatic
Disabled
Manual
Common causes of service failure?
Account restrictions
Dependencies
Corrupt or missing files
Solutions:
Reboot in Safe mode
Reboot in Last Known Good Configuration
Microsoft System Configuration Utility
What is a device?
A hardware component that serves a specific function and is installed in or attached to a computer.
What is a device driver?
A device driver is a small software program that allows the computer to communicate with a specific device.
What is driver signing?
A digital signature that shows the driver is from the publisher of the driver and whether or not it has been modified since signing.
What are the logical components of Active Directory Domain Services?
Partitions
Schema
Domains
Domain Trees
Forests
Sites
Organisational units
Containers
What are the physical components of Active Directory Domain Services?
Domain Controllers
Data Stores
Global catalog servers
Read only domain controllers
What do Active Directory Domain Services do?
Hold a database of users and computers
Replicate the database across multiple domain controllers
Administrate user and computer permissions and settings
Authenticate user sign ins within the domain
What are organisational units?
Units from which administrative permissions and policies can be applied to groups of users and computers.
What are domain controllers?
Servers that host the Active Directory Domain System database and System volume.
Authentication via Kerberos and Key Distribution Center.
What does the global catalog do?
Holds partial sets of attributes from domains across the forest.
For example schema information
What are the steps in the Active Directory Domain Services sign in process?
- User account is authenticated by the domain controller.
- Domain controller returns a Ticket Granting Ticket to the client
- The client uses the ticket to apply for access to a work station
- Domain controller grants access
- Client applies with TGT for access to the server
- Domain controller returns access to the server
What is the command to install AD DS in Core?
Add-windowsfeature AD-Domain Services
What happens when an object is moved between Organizational units?
Directly assigned permissions remain in place.
Inherited permissions change.
What settings are copied from a template to a new user?
Group memberships
Home directory path
Profile path
Logon path
Password settings
Department
Manager
Distribution groups
Used with email applications
Cannot be given permissions due to missing security id.
Security groups
Security with security id.
can be given permissions
What ways can you plan Organizational units?
Location based (Stockholm, London, Malmö, etc)
Resource Based (Servers/Computers sorted by version)
Organisation based (Sales, Research, Marketing, Managers, etc)
Multenancy based (Company 1, Company 2, Company 3, etc)
What is IGDLA?
User and Computer Identity is placed into Global groups based on their roles and the global role groups get placed into domain local groups that gets assigned resources.
What are special Identities?
Groups which membership depends on the authentication or connection method.
Examples:
Anonymous Logon
Authenticated Users
Everyone
Interactive
Network
Creator Owner
When can computers lose their SID?
Security identities will be lost when reinstalling the computer
Restoring a computer to an old backup/snapshot
Computer and domain disagrees about the password
How can you reset the computer SID?
Windows Powershell with the command
“Test-ComputerSecureChannel”
By right clicking the computer in AD U&C and selecting reset account, you will have to reconnect the client to the domain afterwards.
How do you create a new user in Windows Powershell?
New-ADUser “Name” –AccountPassword (Read-Host
–AsSecureString “Enter password”) -Department IT
How do you change properties of a user in Windows Powershell?
Set-ADUser “Username” -property “value”
How do you delete a user in Windows Powershell?
Remove-ADUser “Username”
How do you reset the password of an user account?
Set-ADAccountPassword “Username”
How do you modify the expiration date of a user account?
Set-ADAccountExpiration “Username”
How do you unlock an User Account?
Unlock-ADAccount “username”
How do you enable an User account?
Enable-ADAccount “username”
How do you disable an User account?
Disable-ADAccount “username”
What is a Group policy setting?
Defines a specific configuration
Applied to a computer or user
What is a Group Policy Object?
A set of group policy settings
Applied to a computer or user
What can GPOs be linked to?
Sites
Domains
Organizational Units
What can’t GPOs be linked to?
Users
Groups
Computers
System Containers
When are GPOs applied?
Computer settings are applied on start up
User settings are applied as sign in
In what order are GPOs applied?
Those that apply later overwrite the earlier ones if they clash.
Local
Site
Domain
Organization Unit
OU Child
What are the default GPOs?
Default Domain Policy
Used to define account policies for the domain
Default Domain Controllers Policy
Used to define auditing
Defines user rights on the domain controllers
What settings can you control with a password policy?
How old the password can be before it must be changed.
Minimum password age:
Minimum password length:
Complex password requirement: Enabled
Store passwords using reversible encryption: disabled
What settings can you control with an account lockout policy?
How many incorrect login attempts can be made before user being locked
How long the User is locked
Lockout Threshold
Reset account lockout
Kerberos Policy does what?
Enforce user logon restrictions
Maximum Lifetime for service ticket
Maximum Lifetime for user ticket
Maximum Lifetime for user ticket renewal
Maximum tolerance for computer clock synchronization
Applied on domain level
What does the SSL process look like?
- The user types an HTTPS URL
- The web server sends its SSL certificate
- The client performs a check of the server certificate
- The client generates a symmetric encryption key
- The client encrypts this key with the server’s public key
- The server uses its private key to decrypt the encrypted
symmetric key
What does a digital signature ensure?
Content is not modified during transport
The identity of the author is verifiable
Digital Signatures work in what way?
Authors computer creates a hash/digest
Authors hash/digest is encrypted with their private key
Recipient uses Author’s public key to decrypt and can then compare the hash/digest created on the recipients machine with the hash/digest that was sent. These should be identical.