User Administration in Windows 2008

Questions and Answers

What can standard users not do?

Change how users interact with the product.

Create new monitor groups.

Turn off the firewall. (correct)

Reset user passwords.

What does Active Directory authentication module facilitate?

Logging in users without any accounts.

Configuring user interaction preferences.

Creating new user accounts directly.

Importing users from Active Directory. (correct)

What distinguishes standard users from system administrators?

Standard users have read-only access to all components.

Standard users can configure security policies.

Administrators have higher access to core system areas. (correct)

Administrators can install software for individual users.

What is the role of User Account Control (UAC)?

To enable non-administrators to perform common tasks.

Who can run most applications as a standard user?

Members of the Administrators group.

What is not a function of system administrators?

Editing protected system documents.

What type of software can standard users install?

Per-user software.

How does UAC help users?

By guiding users toward using standard user rights by default.

What is the default maximum password age setting?

42 days

What is the recommended enforce password history value?

2

What does the enforce password history feature prevent?

Creating a new password that is the same as the current password

What happens if the maximum password age is set to zero?

Passwords will never expire

What can maximum password age help enhance in terms of security?

Limits the time a compromised password can be used

What should the minimum password age be set to in order to prevent quick back-and-forth changes?

3 to 7 days

How does setting the minimum password age contribute to security?

By preventing immediate re-use of old passwords

Which of the following values is NOT recommended for maximum password age according to security concerns?

150 days

What is required for a user to access a Windows 2008 network?

A user account

What is one of the factors determined by a user account?

What privilege level a user is assigned

Which statement is true regarding local user accounts?

They have their own username and encrypted password stored locally.

Where is a local account maintained?

On the local system

What must be present to set up a domain account?

A domain controller

What is the primary purpose of a domain account?

To control access and actions on a network

Which of the following can local user accounts NOT do?

Access resources on other computers

Which type of account allows for local machine access only?

Local account

What happens to changes made to a roaming profile when a user logs off?

Changes are replicated back to the network share.

What is a cached copy of a roaming profile?

A local copy created at logon.

Where is a roaming user profile typically stored?

On a network server.

Which function is used to load a roaming user profile programmatically?

LoadUserProfile

What advantage does a roaming profile provide regarding computer replacement?

The user’s profile information is independent of individual computers.

What is one of the two locations from which a roaming profile can be created?

NETLOGON share.

What happens if a user is logged on using the Logon User function?

The user's roaming profile is not loaded automatically.

How does a user access their roaming profile on different computers within a network?

By using their account credentials to log in.

What is the purpose of a domain user in a network?

To provide centralized user administration

What is the first step in the security mechanism?

Authentication

How do domain users obtain permissions during the logon session?

By obtaining an access token from the domain controller

What does the authorization step in security mechanisms ensure?

An identified user has access only to certain resources

What role do domain controllers play in managing user privileges?

They authenticate users and provide access tokens

Why did domain users evolve in network environments?

To simplify the administration of large user populations

What is the main advantage of having a centralized user information system?

It reduces redundant data across multiple computers

What is the relationship between authentication and authorization?

Authentication identifies a user, while authorization grants access

Study Notes

User Administration Concepts and Mechanisms

• Most users are granted read-only access, unable to edit or configure documents.
• System administrators can perform comprehensive administrative tasks, such as creating groups, adding/removing users, and modifying user permissions.
• Primary distinction between standard users and administrators lies in access levels to protected system areas.
• Administrators can modify system settings, install software, and manage security policies; standard users have limited installation abilities.
• User Account Control (UAC) allows tasks to be performed as standard users and administrators without user switching.
• UAC promotes the use of standard user rights by default while still enabling administrator functionalities.

User Accounts

• A user account is necessary to access Windows 2008 networks, determining login times, locations, and privilege levels.
• Access to resources requires authentication through a user account.

Types of User Accounts

• Local Accounts:

  • Set up on individual machines; some default accounts exist.
  • Local accounts authenticate access solely on the machine, with no distributed access to others.
  • Windows maintains local accounts for access permissions and restrictions.

• Domain Accounts:

  • Require a domain controller for network login, allowing for centralized user administration.
  • Created within an Active Directory (AD) container and recognized across all domain controllers.
  • Domain users are authenticated via a central domain controller, gaining access permissions based on their accounts.
  • Streamline user management in large networks by centralizing user information, reducing administrative burden.

Security Mechanisms

• Security safeguards against unauthorized access, involving two key steps: authentication and authorization.
  • Authentication: Identifying users attempting to log in.
  • Authorization: Granting access only to resources users are permitted to use.

Roaming Profiles

• Roaming profiles follow users across different computers within a network, ensuring consistent access to user settings.
• User profiles are stored on a network share, copied when logging in and updated upon log off.
• Advantages include automatic availability of user profiles, ease of computer replacement, and backup independent of individual machines.

Password Policies

• Password History: Prevents users from reusing their current password or recent passwords based on set values. Recommended values greater than one (1) enhance security.
• Maximum Password Age: Defines how long passwords remain valid before they require a change. Default is 42 days; can range from 0 to 999 days.
• Regularly changing passwords is crucial for security; suggested periodicity is between 30-180 days based on necessary security levels.
• Minimum Password Age: Establishes the duration a password must be maintained before changing it, deterring users from rapidly switching back to previous passwords. Reasonable settings are from three to seven days to strike a balance between security and user convenience.

Description

Explore the essential concepts and mechanisms of user administration in Windows 2008. This quiz covers the differences between standard users and administrators, user accounts, and the User Account Control (UAC) system. Understand how these elements contribute to the security and functionality of the network.