CompTIA Operating Systems Chapter 12 & 13 PDF
Document Details
Uploaded by SeasonedJoy1900
Kennesaw State University
Tags
Summary
This document explains the Windows Registry, how to access and edit it, various registry components like keys, subkeys, and values. It also covers manual registry edits, command-line tools, indexing options, Ease of Access features, and file extensions.
Full Transcript
Working with Operating Systems12 **Registry** The Windows Registry is a critical database storing details like hardware, network information, user preferences, and more. It\'s essential for configuration, and the system won\'t boot without it being correctly set. Registry files, called **hives**,...
Working with Operating Systems12 **Registry** The Windows Registry is a critical database storing details like hardware, network information, user preferences, and more. It\'s essential for configuration, and the system won\'t boot without it being correctly set. Registry files, called **hives**, are found in the **%SystemRoot%\\System32\\config** folder and each user account folder. While direct access is rare, technicians should know how to access and manually edit the Registry. **Accessing the Registry** When you use Windows Settings, Control Panel, or other utilities, you are indirectly editing the Registry. However, there are situations where a technician might need to access the Registry directly. This can be done using the Registry Editor, also known by its executable name, **regedit.** To open the Registry Editor, type **regedit** in the Start menu search bar or run **regedit** from the command line. **Registry Components** The Windows Registry is a hierarchical database that stores system-wide settings for the Windows operating system, users, and applications. It contains several key components organized in a tree-like structure: - **Keys:** These are containers similar to folders in a file system. They can contain subkeys and values. Key names are not case-sensitive and cannot include the backslash character. Examples include **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows**. - **Subkeys:** Keys nested within other keys, forming the hierarchical structure. - **Values:** These are named data entries associated with keys. Each value consists of a name and its associated data. Values can store various data types, including string, integer, boolean, and binary. Examples within a key might include entries like InstallPath or Version. - **Hives:** These are the top-level keys in the Registry. They represent major sections of system configuration and user settings. Common hives include: - **HKEY\_CLASSES\_ROOT (HKCR):** This hive is used to manage file associations and COM object registration. It integrates information from the **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Classes** and **HKEY\_CURRENT\_USER\\SOFTWARE\\Classes** keys. It determines how applications are launched and which programs handle specific file types. - **HKEY\_CURRENT\_USER (HKCU):** This hive holds the configuration information for the user currently logged on to the computer. It contains user-specific settings such as Control Panel configuration, desktop settings, and network connections. - **HKEY\_LOCAL\_MACHINE (HKLM):** This contains system-wide information, including hardware configurations, operating system settings, and software installations. This information applies to all users on the computer. Within **HKLM**, you'll find subkeys like **HARDWARE, SAM, SECURITY, SOFTWARE**, and **SYSTEM**, which organize this data further. - **HKEY\_USERS (HKU):** This hive includes all the actively loaded user profiles on the system. It contains the settings that are loaded for all user account settings. Each user\'s settings are stored under a subkey named with the security identifier (SID) for that user. - **HKEY\_CURRENT\_CONFIG (HKCC):** This hive contains information about the hardware profile that is used by the local computer at system startup. It is updated with information from the The structure of the Registry allows for organized storage and retrieval of configuration settings. Applications and the operating system use the Registry to customize behavior and maintain settings. For instance, startup programs are listed under a specific key, allowing Windows to launch these applications automatically on login. Registry settings can be modified using the Registry Editor (regedit), a built-in tool in Windows. **SIM** Check out the excellent trio of sims on "Registry Files Location" in the Chapter 12 section of the online TotalSims here: https://www.totalsem.com/training-simulations/.The combination of Type!, Show!, and Click! sim will prepare you for any scenario-based question on the Windows Registry. **Values must have a defined type of data they store:** - String value These are the most flexible type of value and are very common. You can put any form of data in these. - Binary value These values store nothing more than long strings of ones and zeros. - DWORD value These values are like Binary values but are limited to exactly 32 bits. - QWORD value These values are like Binary values but are limited to exactly 64 bits. There are other types of values, but these four are used for most Registry entries. **Manual Registry Edits** Accessing the Windows Registry is often necessary when advised by tech support resources or technicians. However, direct modifications carry risks such as causing applications to fail, utilities to malfunction, or even preventing the system from booting. To mitigate these risks, always back up the Registry before making changes. Store the backup securely, for example, on a thumb drive. After making changes, reboot the system to verify if they work. If not, use the backup to restore the previous settings. A common Registry edit is to manage programs that auto-start. For example, to prevent a program installed by a Logitech GamePanel keyboard and mouse from autostarting, you can modify entries found at: **HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run** Here, you can delete or modify keys to control which programs start automatically. Opening the Registry Editor and going to this subkey. Before deleting keys in the Registry, it\'s wise to save a backup. You can use the Registry Editor\'s Export feature to save the entire Registry, or just a specific root key or subkey with all its subkeys and values. **To back up a key:** 1\. Navigate to the desired key, such as \`**Run\`.** 2\. Click **File**\> **Export**. 3\. Save the key as a \`.reg\` file, ensuring you store it somewhere memorable. To restore that key later, use the **File** \> **Import** option or **right-click the.reg\`** file and select **Merge**. This process helps safeguard against any unintended changes. **Command-Line Registry Editing Tools** Command-line registry editing tools provide a way to interact with the Windows Registry using text-based commands, which can be especially useful for automation, scripting, or remote management. Here are some of the primary command-line tools used for editing the Windows Registry: 1. **reg.exe** - **Description:** This is the primary command-line utility for managing the Windows Registry. It allows you to add, delete, display, and export registry keys and values. - **Common Commands:** - **Add a Value:** **reg add HKEY\_CURRENT\_USER\\Software\\MyApp /v MyValue /t REG\_SZ /d \"MyData\"** - **Delete a Value:** **reg delete HKEY\_CURRENT\_USER\\Software\\MyApp /v MyValue** - **Query a Key:** **reg query HKEY\_CURRENT\_USER\\Software\\MyApp** - **Export a Registry Key:** **reg export HKEY\_CURRENT\_USER\\Software\\MyApp C:\\Backup\\MyApp.reg** **2. regedit.exe** - **Description:** While primarily a graphical interface for the Registry, it can be run with command-line arguments to import or export registry keys. - **Common Commands:** - **Import a Registry File:** **regedit /s C:\\Backup\\MyApp.reg** - **Export a Registry Key:** **regedit /e C:\\Backup\\MyApp.reg HKEY\_CURRENT\_USER\\Software\\MyApp** 3. **WMIC (Windows Management Instrumentation Command-line)** - **Description:** WMIC provides a command-line interface to Windows Management Instrumentation (WMI), which can be used to query some registry settings indirectly. - **Example:** **wmic PATH SoftwareLicensingService GET OA3xOriginalProductKey** **4. PowerShell** - **Description:** PowerShell offers a robust scripting environment for interacting with the registry through cmdlets. - **Common Cmdlets:** - **Get a Registry Key:** **Get-Item \'HKCU:\\Software\\MyApp\'** - **Set a Registry Value:** **Set-ItemProperty -Path \'HKCU:\\Software\\MyApp\' -Name \'MyValue\' -Value \'MyData\'** - Remove a Registry Key: **Remove-Item -Path \'HKCU:\\Software\\MyApp\' -Recurse** **Use Cases** - **Automation:** These tools are ideal for automating the deployment of settings or configurations in enterprise environments. - **Scripting:** Can be integrated into scripts for batch processing, allowing for efficient registry management without access to the GUI. - **Remote Management:** Command-line tools can be executed over remote connections, enabling registry edits on remote machines. **Important Considerations** - **Backup:** Always back up the registry before making changes, as incorrect modifications can lead to system instability. - **Permissions:** Ensure you have the necessary administrative privileges to edit the registry keys you intend to modify. To access System Configuration, type \`msconfig\` in the Start menu search bar, run it, and provide credentials if prompted by User Account Control (UAC). no auto fill keep as much of the original information  **Indexing Options** Indexing is a process where a computer collects information about files and stores it in a database-like format, significantly speeding up file searches. Rather than manually opening each folder to find a file, indexing creates a directory that references and accesses files quickly. Not all folders are indexed by default, as many are rarely accessed. To optimize performance, these less frequently used folders are excluded. However, if you need certain files or folders indexed for frequent access, you can modify this using the **Indexing Options** tool. **How to Index Files or Folders:** 1\. Open the **Control Panel.** 2\. Click on **Indexing Options.** 3\. You\'ll see a list of currently indexed folders. 4\. Add or remove folders as desired to customize what is indexed. By managing the Indexing Options, you can ensure that the search process is efficient and tailored to your needs. **Ease of Access** Microsoft\'s Ease of Access Center in the Control Panel is designed to make Windows more accessible for people with physical limitations. It provides various tools and features to help adapt the OS to individual needs. Key features include: **Magnifier**: Enlarges portions of the screen for users with sight impairments. **Narrator:** Reads the screen aloud to assist those with visual challenges. **On-Screen Keyboard:** Provides a virtual keyboard for users who have difficulty with a physical keyboard. **Sticky Keys:** Allows key combinations to be entered one key at a time instead of simultaneously. **Filter Keys:** Ignores short or repeated keystrokes to aid users with unsteady hands.  **Show or Hide Extensions** Computer filenames have two parts: a title and a file extension. For example, in \"**mydog.jpg\":** \- **Title:** \"**mydog\"** is the name given to the file. \- **File Extension:** \".**jpg\"** indicates the file type, in this case, an image. **Microsoft hides these extensions by default. To view them in File Explorer:** 1\. Go to the **View** tab. 2\. Uncheck **Hide extensions for known file types**. **View Options** There are many other options on the View tab. Take a few minutes to explore them. You will see options such as Always show icons, never thumbnails, Hide empty drives, Always show availability status, and so forth. These are all options that administrators commonly tinker with, and ones you will likely learn on the job. **General Options** File Explorer has a variety of default settings that can be customized for privacy or personal preference. In File Explorer Options, under the General tab, you can adjust the following: \- **Open File Explorer to**: Choose to open File Explorer either in **Quick access** or **This PC**. \- **Privacy Section**: Decide whether to show recently used files and frequently used folders in Quick access. These options are checked by default but can be unchecked. **Other customizable options include:** \- **Browse folders**: Choose whether folders open in the same window or a new window. \- **Click items as follows:** Adjust the click behavior to either point to select and click once to open, or click once to select and double-click to open. These settings allow you to tailor File Explorer to better suit your preferences. **Processes, Applications, and Services Tools** A program is machine code, manifesting as a file, that the CPU can read from RAM. When the program is sitting on your hard drive, nothing is happening. When you click on the file, a copy of the program is loaded from the hard drive onto RAM. At this point the program is running and is called a process. As the CPU runs the program, it grabs a few lines of code from RAM and processes them. **Task Manager** Microsoft offers the Windows Task Manager as the one-stop-shop for anything you need to do with applications, processes, and services. By default, the Task Manager starts in a simplified mode that makes it easy for new users to kill problem apps. Opening Task Manager: 1. **Keyboard Shortcut: Press** **Ctrl + Shift + Esc** for the quickest access. 2. **Search Method:** Go to **Star**t, type **taskmg**r in the **search bar**, and **press Enter**. 3. **Ctrl + Alt + Delete: Press Ctrl + Alt + Delete** and **select Task Manager** from the options. For some users, the simplified mode is all they'll ever need---but the real power of the Task Manager is in its detailed mode, which you can access by clicking the More details button. Once you have switched into detailed mode you can see that the Task Manager has several tab. **Processes Tab** This is the one place that enables you to see and control every process running on your computer. Most processes also provide a description to help you understand what the process is doing, although you'll probably need to scroll right to see this information. - A process is named after its executable file, which usually ends in.exe but can also end with other extensions. - A single process may spawn many instances of the same process. - All processes have a username to identify who started the process. A process started by Windows has the username System. - All processes have a process identifier (PID). To identify a process, you use the PID, not the process name. You can see all PIDs in the Details tab. The **Performance tab** is a great resource to get an overview of resource usage on your system. On this one page you get a graphical view of how much your system is taxing your CPU, RAM, storage, and network connections and even how hard your GPU is working. When you run into scenarios where your system or the Internet seems to run too slowly or stop, this is a great first place to check. **Startup Tab** Startup tab shows you all the autostarting programs. You can disable autostarting programs to see how the system runs without them, but you cannot permanently remove them from autostarting There is no single utility to answer the question "What's autostarting on my system?" To find this answer, download Microsoft's free Autoruns utility at https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns. **TIP** Microsoft's Sysinternals offers many more great tools in addition to Autoruns. Want to lose six hours of your life filled with nerdy joy? Go to https://docs.microsoft.com/en-us/sysinternals/ and start playing with the hundreds of powerful tools. **Users Tab** Windows is designed to support multiple users. The Users tab shows the applications running on a per-user basis. You can also right-click on a username and sign them out.  The Users tab is the place to go if you want to see who's logged in and which programs each logged-in user is running. But, if you want to see a list of everything that's running along with which user is running it, the **Details tab** is where you want to go. The main Processes tab is a great overview of your running processes, but to see the PID and User name columns, switch to the Details tab. The Details tab also enables you to pull a neat trick for dealing with stubborn, hard-to-kill programs with more than one process; right-click on a process and select End process tree to kill the process and child processes it launched. The **Details tab,** even though not on the exam, has many features such as usernames and PIDs. Usernames and PIDs are on the exam, so let's just use the details as a tool to understand the CompTIA A+ objectives even better. **Services Tab** Services are essential components of Windows, running numerous background tasks necessary for the system\'s operation. Services can be started manually, triggered by another process, or set to autostart. When services become erratic or too many services affect system performance, the Services tab in the Task Manager is useful for managing them. **Services Tab in Task Manager:** \- Allows you to **start**, **stop**, or **restart** services. However, the Services tab in Task Manager does not allow you to set services to autostart or pause them temporarily. For these functions, you need to open the **Services utility**: \- At the bottom of the Services tab, there is an option called **Open Services**. Clicking this opens the more comprehensive Services utility, which provides additional control over service configurations, including setting services to autostart and more. This utility offers a more in-depth interface for managing all aspects of Windows services.  **Resource Monitor** The Task Manager is great for quick system checks, but for more detailed information and control, you can use Resource Monitor. Think of it as a more advanced version of Task Manager with additional features. **Accessing Resource Monitor:** 1\. **Task Manager**: Go to the **Performance** tab and click on **Open Resource Monitor**. 2\. **Control Panel:** Navigate to **Administrative Tools**. 3\. **Search Bar:** Type \`resource monitor\` or \`resmon\` in the Start Search bar. Resource Monitor starts on the Overview tab. Resource Monitor organizes everything by PID (process ID) number. Using PIDs can facilitate diagnosis of problems, because tracking a four-digit number is much easier than remembering a text string. Beyond that, each tab brings subtle but interesting features you don't see in the Task Manager: CPU Enables you to start or suspend any process without killing it. Memory Breaks down memory into specific types. Disk Breaks down disk activity by PID. Network Shows network activity by PID, open connections, and much more. Resource Monitor enables you to close running applications and all associated programs with the End process and End process tree context menu options. It makes sense to put the options here, so you can look specifically at programs jamming CPU usage, for example, or network utilization. If you want a quick overview of what's happening with your system's processes, use the Task Manager. When you need to get down to the details of what process is using what resource and then close a buggy process, go to Resource Monitor. **The Microsoft Management Console (MMC)** serves as a framework for launching specialized programs called **snap-ins**. These snap-ins, with the file extension.msc, offer various administrative functionalities. You can execute MMC through the mmc.exe file. **Key Points about MMC:** - **Snap-ins:** Components loaded into MMC to access administrative tools. Over 25 snap-ins are typically preinstalled on a Windows system. - **Opening MMC:** - Type mmc into the Start Search bar. - Confirm any User Account Control (UAC) prompts, which initially opens an empty console. - **Configuring MMC:** - Navigate to **File \> Add/Remove Snap-in** to **view available snap-ins**. - **Select a snap-in** from the Available snap-**ins list** and **click Add** to move it to the Selected snap-ins list. - After adding the desired snap-ins, **click OK** to finalize your console setup. **TIP** Many snap-ins will run either on a local system or on a network computer. You don't have to run MMC to start a snap-in. If you know the filename of the snapin you want to run, just type the filename in the Start \| Search bar, press enter, and that snap-in starts without your needing to first open MMC. CompTIA wants you to know the names of eight specific snap-ins. Event Viewer eventvwr.msc Disk Management diskmgmt.msc Task Scheduler taskschd.msc Device Manager devmgmt.msc Certificate Manager certmgr.msc Local Users and Groups lusrmgr.msc Performance Monitor perfmon.msc Group Policy Editor gpedit.msc I'll give you a tour of the three snap-ins. **Performance Monitor (perfmon.msc)** Windows includes the **Performance Monitor** tool to log resource usage and track metrics like CPU and RAM over time. It\'s a vital utility for techs aiming to monitor system performance effectively. **Accessing Performance Monitor:** \- **Control Panel**: Find it in **Administrative Tools**. \- **Search**: Type \`perfmon.msc\` in the Start Search bar and press Enter. **Using Performance Monitor:** \- On opening, you\'ll see a system summary and some information about the tool. \- Click on **Performance Monitor** in the left pane to view the default tracker, which monitors the **% Processor Time** counter. **Detailed Tracking:** \- For specific tracking needs, you\'ll need to be familiar with objects and counters: \- **Objects**: These are system components, like CPUs or disks. \- C**ounters**: These are metrics related to the objects, such as CPU usage. **Objects and Counters** Two tool types define the usefulness of Performance Monitor: - Object is a system component that is given a set of characteristics and can be managed by the operating system as a single entity. - counter tracks specific information about an object. The processor object counter %Processor Time. Many counters can be associated with an object. **Working with the Tools** Performance Monitor in Windows is a tool that collects real-time data from various system objects, such as memory, physical disk, processor, and network, and displays this data in different formats like line graphs, histograms, or simple reports. By default, it shows data in a graph form based on the set of counters listed below the chart. **How to Add Counters in Performance Monitor:** 1\. **Add Counters**: **Click the** **Add** button (resembles a plus sign) to include more counters. 2\. **Select Objects**: Choose from a variety of objects you want to monitor, such as CPU or memory. 3\. **Learn About Counters**: In the Add Counters dialog box, you can select a counter and check the **Show description** checkbox to understand what the counter measures. \- **Network Issues**: If the Internet is slower than usual, consider counters that track network bandwidth usage. \- **Memory Concerns**: If you suspect low RAM, use counters that show total memory usage. **Data Collector Sets** Data Collector Sets are groups of counters you can use to make reports. You can make your own Data Collector Sets (User Defined), or you can just grab one of the predefined system sets. Once you start a Data Collector Set, you can use the Reports option to see the results. Data Collector Sets not only help you choose counter objects to track, but also enable you to schedule when you want them to run. **Event Viewer (eventvwr.msc)** Your system monitors various logs by default, and you have the option to add more or adjust their settings. Event Viewer is the tool used to read and interpret these logs. While you can quickly grasp the basics of Event Viewer, fully mastering it is a long-term endeavor. To open Event Viewer, access it through **Control Panel \| Administrative Tools, type \`eventvwr.msc\` and press Enter**, or start typing \"Event Viewer\" in the Start menu search bar and select it from the results. Once inside Event Viewer, expand the \"Windows Logs\" option on the left to delve into the logs. **TIP** A log file is a record of events. Windows logs are binary files. You must read them through tools like Event Viewer. **Windows Logs** There are four important Windows Logs: **Application, Security, Setup, and System**. Collectively and by default these four logs are all that most techs need to diagnose what's happening on a system. Make sure you know what type of events each of these four logs stores: - Application Records anything that has to do with applications or programs outside of the Windows system files themselves. - Security Records security events such as failed logons. - Setup Tracks setup and update events for your Windows system. - System Tracks anything having to do with your Windows operating system. Your system may have more logs than just these four. That's fine. Clicking System should list quite a few events. Even the tamest Windows machine generates lots of events, and that's OK. By default, the top (the most recent) event is selected and the bottom of Event Viewer shows details about that event. **Event Levels** Not all events are created equal. Some are extremely serious, requiring some form of action or at least your notification, while others are just letting you know something took place. **Windows defines five different event levels:** - Verbose Extra information that is probably only useful when debugging an application. - Information Something happened that went well, such as a successful backup. - Warning An event that isn't an error but may warn about one, like low disk space. - Error Something went wrong, such as a file not loading. - Critical Something a little more serious happened, like the system unexpectedly powering off instead of shutting down cleanly. The first time you investigate individual events, you're going to be intimidated. No worries, as most Windows events aren't very easy to understand. In most cases you just search for the error online and you'll find the explanation. Also remember that error details might give you a clue as to the problem. **Custom Views** When working with logs in Windows, navigating through thousands of events can be overwhelming. **Custom Views** in the Event Viewer help by providing a filtered view of specific logs. **Key Features:** \- **Administrative Events**: A built-in Custom View that effectively tracks warning and error events across various logs. \- **Create Custom Views**: You can create your own views tailored to specific needs: \- Click **New View** in the Event Viewer navigation pane. \- Customize the filters to focus on particular logs, such as critical errors in the System and Application logs.  **Certificate Manager (certmgr.msc)** A certificate is, in essence, a digital key that enables your programs to encrypt data that may only be read by a corresponding key on the receiver's side. Certificates are the cornerstone of pretty much every encrypted communication done between devices on the Internet. Your system is full of certificates, and the Certificate Manager gives you access to all of them. you can access Certificate Manager from Control Panel \| Administrative Tools, or by typing either certmgr.msc or Certificate Manager in the Start \| Search bar and pressing enter. Your Basic Windows Toolset includes a number of Microsoft Management Console snap-ins found in the Windows folder (e.g., Task Scheduler, Event Viewer). Your Processes, Applications, and Services tools either run in the background, execute programs using one or more threads, or are executable by the user when logged in. **macOS Preferences and Features** Windows and macOS are actually pretty similar. They both have places to go to configure the OS, set up file synchronization, search the device, and more. Let's look at a few things you'll need to understand for configuring and working with macOS. **System Preferences** In macOS, settings are organized more consistently than in Windows, which can sometimes seem chaotic. Most macOS settings are found in System Preferences, functioning similarly to the Windows Control Panel but with a more streamlined and user-friendly approach. Key Features of System Preferences in macOS: \- **Centralized Settings**: Collects settings in various preference panes for easy access. \- **Search Function**: A search box helps you quickly find specific options if you\'re unsure of their location.  **Privacy** In macOS, you can manage privacy settings through the **Security & Privacy** preferences pane: **Accessing Privacy Preferences**: 1\. Open **System Preferences** and select **Security & Privacy**. 2\. Navigate to the **Privacy** tab. **Key Features:** \- **Lock Icon**: Located in the lower-left corner, this indicates that certain changes require administrator privileges. To modify these settings, click the lock icon and authenticate using your fingerprint or password. \- **Privacy Permissions**: \- The list on the left shows different privacy permissions categories, such as location services, camera access, microphone, etc. \- The list on the right displays apps and processes that have requested or been granted these permissions. \- **Toggling Permissions:** If you unlock the settings, you can toggle permissions for specific apps or processes, allowing you control over what information they can access. This design helps users manage privacy settings efficiently, maintaining control over app permissions. **Time Machine** it's enough to know that the Time Machinepreferences pane enables you to turn on backups, specify where to store them, control which files are backed up, and configure whether Time Machine should take new backups if your device is running on battery power. **Antivirus Options for macOS and Linux:** **macOS**: Despite its strong security, third-party antivirus tools are becoming more popular to provide additional protection. **Linux**: While often used by more technically adept users, Linux also benefits from antivirus tools to combat growing threats. **Apple ID** An Apple ID functions similarly to a Microsoft account, allowing you to synchronize data and preferences across devices using iCloud. Unlike Microsoft accounts, you don't log into macOS with an Apple ID, but you can associate it with your local account after logging in. **Apple ID Management in macOS:** **Access via System Preferences**: The Apple ID preference pane is where you manage your Apple ID settings. \- **Key Functions**: \- Log in or out of your Apple ID. \- Update account information. \- Configure iCloud synchronization preferences. \- Manage associated devices. \- Enable and use **Find My Mac** for locating devices. **AirDrop** **To share a file using AirDrop on a Mac:** 1\. Select the file. 2\. Choose **Share** and then **AirDrop**. 3\. You'll see a list of nearby AirDrop-enabled devices. Drag the file to the desired device. **Troubleshooting AirDrop:** 1\. **Device Capability**: Ensure the other device supports AirDrop. 2\. **Discoverability**: - Go to **Finder**, select **Go** \> **AirDrop**, and ensure both devices are discoverable. 3\. **Firewall Settings**: Check each device's firewall settings to ensure \"Block All Incoming Connections\" is disabled. These steps help ensure smooth AirDrop functionality for transferring files. **Spotlight** Spotlight has long been the global system search tool on macOS---it can find files, preferences, Web pages, contacts, and events, and can even serve as a calculator. The Spotlight To access Spotlight, just press command-space and then start typing your query. **Keychain** On macOS, **Keychain** is a tool for managing sensitive information like passwords and certificates. It automatically stores various common passwords, such as Wi-Fi credentials, and provides them when needed. **Using Keychain Access:** 1\. **Automatic Fill**: Keychain will auto-fill passwords, like your aunt's Wi-Fi password, when joining networks. 2\. **Viewing Stored Passwords**: \- Open **Keychain Access**. \- Find the desired password item. \- Toggle **Show password**. \- Enter your user-account password or use a fingerprint scan to view the password.  **FileVault** FileVault is a disk encryption feature in macOS that secures the data on your Mac by encrypting the entire startup disk. This protects your sensitive information in case your Mac is lost or stolen. **Key Features of FileVault:** 1. **Full Disk Encryption:** FileVault encrypts the entire startup disk using XTS-AES-128 encryption with a 256-bit key, ensuring that all data on the disk is secured. 2. **User Authentication:** Only users with the correct password can access the disk, which helps prevent unauthorized access. 3. **Automatic Unlock:** If you enable iCloud Keychain, you can unlock your disk using your Apple ID and reset your password if necessary. 4. **Pre-encryption:** Once enabled, FileVault begins encrypting your files in the background while you use your Mac. This means you can continue your work without interruption. 5. **Security Tokens:** You can create a recovery key during setup, which can be used to unlock your disk if you forget your password. **Enabling FileVault:** 1. **Open System Preferences:** - Click on the Apple menu () in the top-left corner and select System Preferences. 2. **Go to Security & Privacy:** - **Click** on **Security & Privacy**. 3. **Select the FileVault Tab:** - You will see the **FileVault tab** at the top. **Click on it**. 4. **Unlock Settings:** - **Click the lock icon** in the bottom-left **corner** and enter your administrator password to make changes. 5. **Turn On FileVault:** - **Click Turn On FileVault.** You will be prompted to choose how you want to **unlock your disk:** - With your iCloud account. - With a recovery key that you can write down and store in a safe place. 6. **Complete the Setup:** - Follow the prompts to enable FileVault. Your Mac will begin the encryption process, which may take some time depending on the size of your disk and the amount of data. **Managing FileVault:** - **Check Encryption Status:** You can check if FileVault is enabled by going to **System Preferences \> Security & Privacy \> FileVault.** - Disable FileVault: If you ever want to turn off FileVault, go to the same settings page and click Turn Off FileVault. This will decrypt your disk, which may again take some time. - Recovery Key: If you chose to create a recovery key, be sure to store it securely. You will need it if you forget your password. **Considerations:** - **Performance:** While FileVault encrypts and decrypts files on-the-fly, most users experience little to no noticeable performance impact. - **Backup:** Always use Time Machine or another backup solution while using FileVault. Encrypted backups maintain your data's security. - **Compatibility:** FileVault is compatible with Macs that have macOS 10.7 (Lion) and later. Users, Groups, and Permissions13 **Authentication with Users and Groups** Security relies on standard accounts, which are unique combinations of usernames and passwords stored on your computer. These accounts grant access to both human users and system processes, like the Windows SYSTEM account. Two key components of account security are authentication and authorization. **Authentication** identifies users trying to access a system, typically managed through password-protected user accounts. Logging in involves entering a username and password. Once a user authenticates, they need **authorization** to determine which resources they can access and what actions they can perform. In Windows, the **NTFS** file system controls authorization by assigning permissions to users and groups. These permissions define what users can do with system resources. Next, we\'ll discuss user accounts, passwords, groups, and configuring users and groups in Windows. **Standard Accounts** Every standard account has a username and a password Every Windows system stores user accounts as an encrypted database of usernames and passwords, called local user accounts. They are located in \`**C:\\Windows\\System32\\config\\SAM**\`. IChrome OS requires logging in with a Google account, while Linux still primarily uses local user accounts. macOS uses local accounts but can link them with an Apple ID for additional features. Windows supports local user accounts, linking them with a Microsoft account for synchronization, and allows direct login with a Microsoft account. **Groups in Windows** A **group** is a container that holds user accounts and defines the capabilities of its members. A single account can be a member of multiple groups. Groups are an efficient way of managing multiple users, especially when dealing with a network of accounts. Even standalone computers rely on groups, although Windows may obscure this for Home edition users. **Benefits of Using Groups** **Groups simplify Windows administration in two primary ways:** 1\. **Access Management:** You can assign access levels for files or folders to a group instead of to individual accounts. For example, you can create a group called \"Accounting\" and add all the user accounts for the accounting department to that group. If an employee quits and you create a new account for their replacement, you simply add the new account to the appropriate group, thus automatically assigning the necessary access levels. 2\. **Built-in Groups:** Windows provides numerous built-in groups with predetermined access levels, making administration easier. Although all Windows editions feature many of these built-in groups, the Home edition handles them differently compared to more advanced editions. **Key Groups to Know** \- **Administrators:** Any account that is a member of the Administrators group has complete administrator privileges, which grant full control over a machine. It\'s common for the primary user of a Windows system to have their account in the Administrators group. For example, if you create a user account for Jane and make her an administrator, you place the Jane account in the Administrators group. Consequently, Jane would have all the power over the system, as allotted to members of the Administrators group. **Standard Accounts (Users)** Members of a Standard Account group, also known as standard users, have restricted permissions. These users cannot edit the system Registry or access critical system files. Although they can create groups, they can only manage the groups they create. By default, all users are part of the Standard Users group. **Guests Group** The Guests group allows someone who does not have an account on the system to log on using a guest account. This feature can be useful in situations such as providing casual Internet access to guests at a party or a library terminal. However, the guest account is usually disabled by default. Guest users, including those using the typically disabled guest account, cannot make changes to the system. **Standard Account and Elevated Privileges** **Typical Scenario:** \- A single primary standard user account for everyday tasks. \- A local administrator account for important tasks like installing or uninstalling applications and updates. **Actions as a Standard User:** Options when needing administrative access: 1\. Log out and log back in as an administrator (inconvenient). 2\. Use \"Run as administrator\" for utilities via right-click for elevated privileges. **User Account Control (UAC):** \- Prompts users when actions requiring administrative privileges are attempted. \- Ensures standard users cannot make administrative changes without authorization. **Configuring Users and Groups in Windows** Windows comes with many tools to help you create, modify, and delete users. Groups are a different story, though, so let's focus on where you can go configure both users and groups: the Local Users and Groups (**lusrmgr.msc)** MMC snap-in. You can access Local Users and Groups several different ways, but I prefer to **right-click on Start, select Computer Management**, and **select Local Users** **and Groups** in the left pane. **You're not limited to the default Windows groups**. Here are the steps to create a group called Morning. Click the Groups folder, right-click on any whitespace on the right under the existing groups and select New Group, then fill out the name of the new group (and add an optional description). You can add members to this group. Accessing Local Users and Groups 1. **Right-click** on **Start** and **select Computer Management**. 2. In the left pane, select Local Users and Groups. **Exploring Local Users and Groups** - **Users Folder:** - By default, this is selected. - View existing user accounts such as Administrator, Michaelm, and Guest. - Disabled accounts have a down arrow. - **Groups Folder:** - View default groups like Users, Power Users, Guests, and Administrators. Creating a New User 1. **Right-click** on whitespace in the Users folder. 2. Select New User. 3. Provide necessary details to create a new standard account (e.g., JimT). 4. Note: New users are automatically added to the Users group by default. **Adding a User to a Group** 1. Double-click the desired group (e.g., Administrators). 2. Select Add. 3. Enter the username (e.g., JimT) in the Select Users dialog box and click OK. **Creating a New Group** 1. **Right-click** on **whitespace** in the **Groups folder**. 2. **Select New Group.** 3. Enter a name for the new group (e.g., Morning) and an optional description. 4. Add members to this newly created group as needed. The Accounts app in Windows is primarily for configuring personal accounts and is located within Settings. To manage other users, you can navigate to the Family & other users option and click Add someone else to this PC. However, creating a local user account can be challenging, as Microsoft encourages users to use or create a Microsoft account instead. The **User Accounts Control (UAC)** utility in Windows 10 is handy for making more technical changes to your account. Here you can change (but not create) your group memberships and make simple changes to your account and other accounts (like changing the account name of a local non-domain account). You need to be a member of the Administrators group to make these changes. If you\'re not using the Windows 10 Home edition, Local Users and Groups remains the best tool for managing users and groups, provided you are comfortable with its capabilities and avoid risky actions like deleting the administrator account. All this management of local user accounts and groups is ultimately aimed at enabling users to log on to a Windows system. Once logged in, the focus shifts to what users can do with the data. This is where NTFS authorization comes into play. **Fingerprints and Facial Recognition** When you decide to set up one of these options for the first time, your device will give you instructions on what it needs you to do with your fingers or face in order for it to collect sufficient information to authenticate you with later. A personal identification number (PIN) is typically a 4- or 6-digit numeric code that provides extra security. However, its role in logging into Windows is slightly different. **First**, a PIN is only an option when logging into Windows with a Microsoft account. **Second**, it doesn't have to be numeric; you can enable the "Include letters and symbols" option to create a more robust password. You need to set up a PIN if you plan to use biometric authentication options, as Windows requires a backup method in case of damage to your biometrics devices. If your PIN consists of numbers only, it cannot be a simple number pattern. **Lastly**, a PIN is specific to the device on which it is set up, meaning that a PIN established on one device cannot be used on another. **Authorization Through NTFS** User accounts and passwords provide the foundation for securing a Windows computer, enabling users to authenticate to log on to a PC. After you've created a user account, you need to determine what the user can do with the available resources (files, folders, applications, and so on). This authorization process uses the NT File System (NTFS) as the primary tool. **NTFS Permissions** **Every file and folder on an NTFS partition has a list containing two sets of data**: - detailing every user and group with access. - specifying the level of access for each. This is defined by NTFS permissions, which are rulesets that dictate what any account or group can or cannot do. NTFS permissions are powerful. For instance, you can allow a user to edit a file but not delete it, or enable group members to create subfolders while restricting others from seeing certain files. **Ownership:** When you create a new file or folder on an NTFS partition, you become the owner. Owners can do anything to their files or folders, including changing permissions to restrict access, even from administrators. **Take Ownership permission:** Allows anyone with this permission to seize control of a file or folder. Administrators have this permission for everything. If you own a file, you can block access, but an administrator can take ownership to access the file. **Change permission:** Allows an account to modify permissions for other accounts. **Folder permissions:** Define actions a user can take within a folder, such as "List folder contents," which allows seeing the folder\'s contents. **File permissions:** Define actions a user can take on an individual file, such as Read & Execute, which allows running an executable program. You remove an NTFS permission by deselecting the Allow checkbox next to the NTFS permission you want to remove. The Deny checkbox is not used very often and has a very different job. - **Full Control** Enables you to do anything you want to the folder. - **Modify** Enables you to read, write, and delete both files and subfolders. - **Read & Execute** Enables you to see the contents of the folder and any subfolders as well as run any executable programs or associations in that folder. - **List Folder Contents** Enables you to see the contents of the folder and any subfolders. - **Read** Enables you to view a folder's contents and open any file in the folder. - **Write** Enables you to write to files and create new files and folders. - **Full Control** Enables you to do anything you want to the file. - **Modify** Enables you to read, write, and delete the file. - **Read** & Execute Enables you to open and run the file - **Read** Enables you to open the file - **Write** Enables you to open and write to the file **Here are a few important points about NTFS permissions:** - To see the NTFS permissions on a folder or file, access the file's or folder's Properties dialog box and open the Security tab. - NTFS permissions are assigned both to user accounts and groups, although it's considered a best practice to assign permissions to groups and then add user accounts to groups instead of adding permissions directly to individual user accounts. - Permissions are cumulative. If you have Full Control on a folder and only Read permission on a file in the folder, you get Full Control permission on the file. - Whoever creates a folder or a file has complete control over that folder or file. This is ownership. - If an administrator wants to access a folder or file they do not have permission to access, they may go through the Take Ownership process. **Inheritance** determines the NTFS permissions that new files or subfolders receive in a folder. By default, any new files or folders automatically inherit the permissions of the parent folder. For example, if you have Read & Execute access to a folder, new files copied there will also grant you those permissions. Inheritance is enabled by default in Windows, and it\'s advisable to keep it on. In the Security tab of a folder's Properties, the Advanced button shows options to enable or disable inheritance. Grayed-out NTFS Allow permissions indicate inherited permissions that cannot be changed directly. To modify these, click the Edit button above the permissions list to access checkboxes for adjustments. **Permission Propagation** Permission propagation determines what NTFS permissions are applied to files that are moved or copied into a new folder. Be careful here! You might be tempted to think, given you've just learned about inheritance, that any new files/folders copied or moved into a folder would just inherit the folder's NTFS permissions, but this is not always true. It depends on two issues: whether the data is being copied or moved, and whether the data is coming from the same volume or a different one. So, we need to consider these situations: - Copying data within one NTFS-based volume creates two copies of the object. The copy of the object in the new location inherits\... - Moving data within one NTFS-based volume creates one copy of the object. That object retains its permissions, unchanged. - Copying data between two NTFS-based volumes creates two copies of the object. The copy of the object... - Moving data between two NTFS-based volumes creates one copy of the object. The object in the new location inherits... - Copying within a volume creates two copies of the object. The copy of the object in the new location inherits the permissions from that new location. The new copy can have different permissions than the original. - Moving within a volume creates one copy of the object. That object retains its permissions, unchanged. - Copying from one NTFS volume to another creates two copies of the object. The copy of the object in the new location inherits the permissions from that new location. The new copy can have different permissions than the original. - Moving from one NTFS volume to another creates one copy of the object. The object in the new location inherits the permissions from that new location. The newly moved file can have different permissions than the original. From a tech's standpoint, you need to be aware of how permissions can change when you move or copy files. If you're in doubt about a sensitive file, check it before you sign off to a client. Table 13-1 summarizes the results of moving and copying between NTFS volumes. Any object that you put on a FAT partition loses any permissions because FAT doesn't support NTFS permissions. This applies in most current scenarios involving FAT32- or exFAT-partitioned mass storage devices, such as the ubiquitous thumb drives that all of us use for quick copying and moving of files from device to device. **Techs and Permissions** Having local administrative privileges is essential to perform tasks like installing updates, changing drivers, and installing applications on a Windows machine. However, administrators are often reluctant to give out administrative permissions due to security concerns. If you are granted these permissions and something goes wrong, you could be held responsible. **When working on a Windows system managed by someone else:** \- Ensure the administrator is aware of your actions and the estimated time required. \- Request the administrator to create a temporary account for you with administrative privileges. \- Do not ask for the password to a permanent administrator account. \- This approach ensures you are not blamed for any issues: \"Well, I told Janet the password when she installed the new hard drive\... maybe she did it!\" \- Once the task is complete, ensure the temporary account is deleted by the administrator. **Permissions in Linux and macOS** -rwxrwxrwx 1 mikemeyers mi6 7624 Oct 2 18:39 honeypot The 1 is about links (admins may need to care about these); mikemeyers is the owner and mi6 is the group. The file size is 7624; the date and time are next. The filename is honeypot. Now note the string -rwxrwxrwx. Each of those letters represents a permission for this file. Ignore the dash at the beginning. That is used to tell us if this listing is a file, directory, or shortcut. What we have left are three groups of rwx. The three groups, in order, stand for: Owner Permissions for the owner of this file or folder. Group Permissions for members of the group for this file or folder. Everyone Permissions for anyone for this file or folder. **The letters r, w, and x represent the following permissions:** r Read the contents of a file w Write or modify a file or folder x Execute a file or list the folder contents **chown Command** **The chown command enables you to change the owner and the group with which a file** **or folder is associated. The chown command uses the following syntax:** chown \ filename **To change the group, use the following syntax:** chown \:\ filename **So, to change the owner of launch\_codes to sally, type** chown sally launch\_codes **To c**hange the group to mi6, type chown sally:mi6 launch\_codes **If you retype the ls -l command, you would see the following output:** -rw-rw-r\-- 1 sally mi6 299 Oct 2 18:36 launch\_codes **chmod Command** The chmod command is used to change permissions. Sadly, it uses a somewhat nonintuitive addition system that works as follows: r: 4 w: 2 x: 1 For example, we can interpret the permissions on -rw-rw-r\-- 1 mikemeyers mi6 299 Oct 2 18:36 launch\_codes as follows: Owner's permissions are 6: 4 + 2 (rw-) Group's permissions are 6: 4 + 2 (rw-) Everyone's permissions are 4: 4 (r\--) The chmod command uses the following syntax to make permission changes: chmod \ \ Using this nomenclature, we can make any permission change desired using only three numbers. The current permissions can be represented by 664. To keep the launch codes out of the wrong hands, just change the 4 to a 0: 660. To make the change, use the chmod command as follows: chmod 660 launch\_codes To give everyone complete control, give everyone read + write + execute. 4 + 2 + 1 = 7. **Sharing Resources Securely** By using NTFS, Windows makes private the folders and files in a specific user's personal folder. the user who created those documents can access those documents. Members of the Administrators group can override this behavior, but members of the Users group (standard users) cannot. To make resources available to multiple users on a shared Windows machine requires you to take extra steps and actively share. **Sharing Folders and Files** The primary way to share resources on a single computer is to give users or groups NTFS permissions to specific folders and files. This process requires you to a right-click on a file or folder, select Properties, and click the Security tab. You'll notice the Security tab has two sections. The top section is a list of users and groups that currently have NTFS permissions to that folder, and the bottom section is a list of NTFS permissions for the currently selected users and groups. To add a new user or group, click the Edit button. In the Permissions dialog box that opens, you can add, remove, and edit existing NTFS permissions for users and groups. While this method works for all versions of Windows, it's a bit old-fashioned. Windows provides the Sharing Wizard, which is less powerful but easier to use. **To use this method:** Pick anything you want to share (even a single file) in **File Explorer**. **Right-click** on it and **choose \"Give access to \| Specific people**,\" which opens the Network access dialog box. In the Network access dialog box, select specific user accounts from a drop-down list. **Once you select a user account, choose what permission level to give to that user:** \- **Read**: The user has read-only permissions. \- **Read/Write**: The user has read and write permissions, including the permission to delete any file the user contributed to the folder. Locating shared folders on a Windows computer is an important security measure to ensure that no unnecessary or unknown folders are being shared. 1. **Using Computer Management to locate shared folders:** - Open the Computer Management console in Administrative Tools - **Navigate to System Tools \> Shared Folders** - Select \"Shares\" to see all shared folders 2. **Properties of shared folders:** - **Double-click** any share to open its Properties dialog box - You can modify users and permissions from this dialog 3. **Hidden shared folders:** - Some shared folders may be buried deep in the file system - **Example:** D:\\temp\\backup\\Simon\\secret\_share might not be obvious, especially if parent folders aren\'t shared 4. **Administrative Shares:** - Present in all Windows versions since Windows NT - Include shares for all hard drives (e.g., C\$) and the %systemroot% folder (e.g., C:\\Windows) - Give local administrators access both locally and remotely - Cannot change default permissions on these shares - Automatically recreated upon reboot if deleted - Hidden from network browsing but can be mapped by name 5. **Security considerations:** - Check for unnecessary or unknown shared folders before leaving a computer - Keeping the administrator password secure helps maintain overall computer security - Default administrative shares don\'t affect security if the admin password is kept safe **Protecting Data with Encryption**. The scrambling of data through encryption techniques provides the only true way to secure your data from access by any other user. Administrators can use the Take Ownership permission to seize any file or folder on a computer, even those you don't actively share. Thus, you need to implement other security measures for ultra-secure data. Depending on the Windows edition, you have between zero and three encryption tools: Windows Home edition has basically no security features. Advanced editions like Windows Pro, Windows Pro for Workstations, and Windows Enterprise include the **Encrypting File System (EFS)**. The most advanced editions feature drive encryption through BitLocker. Encrypting File System (EFS) The professional editions of Windows offer EFS, an encryption scheme for encrypting individual files or folders on a computer. **To encrypt a file or folder:** 1. Right-click on the file or folder and select Properties. 2. On the General tab, click the Advanced button. 3. In the Advanced Attributes dialog box, check the Encrypt contents to secure data checkbox. 4. Click OK to close the dialog boxes. **This encrypts the file or folder, making it accessible only to your user account.** **Important Points:** - The security depends on maintaining your password\'s integrity. If you lose your password or an administrator resets it, you could be locked out of your encrypted files. - Access to encrypted files is limited to the specific Windows installation. Retrieving data from a dead computer by installing the hard drive in another system will not work. - Copying an encrypted file to a non-NTFS drive prompts a warning that the file will not be encrypted. On NTFS, the encryption remains, making the file readable only on your system with your login credentials. **BitLocker Drive Encryption** Windows Pro and better offer full drive encryption through BitLocker Drive Encryption. BitLocker encrypts the entire drive, including every user's files, making it independent of any single account. This ensures that if your hard drive is stolen, all data on it remains safe. The thief cannot access the data, even if it belongs to a user who failed to secure it through EFS. **Key Points about BitLocker:** **PM Chip Requiremen**t: BitLocker requires a **Trusted Platform Module (TPM**) chip on the motherboard to function. The TPM chip validates the integrity of the system on boot, ensuring that the operating system and hardware have not been tampered with. **Recovery Key**: In case of legitimate BitLocker failures, such as tampering or moving the drive to another system, you need a recovery key or recovery password. This key should be created when enabling BitLocker and kept secure, like in a printed copy in a safe or a network server file accessible only to administrators. **Enabling BitLocker:** 1\. **Double-click the BitLocker Drive Encryption icon** in the **Classic Control Panel**. 2\. Alternatively, select Security in Control Panel Home view and then click Turn on BitLocker. **BitLocker To Go** BitLocker To Go extends BitLocker encryption to removable drives, such as USB flash drives. Unlike BitLocker, BitLocker To Go does not require a TPM chip but still applies encryption and password protection, contributing to data security. BitLocker provides robust security for securing the entire drive against unauthorized access, ensuring that data remains protected even if the physical drive is compromised. **Beyond Sharing Resources** **Security Policies** Security policies are rules applied to users and groups, enabling configurations that NTFS permissions alone cannot provide. **Examples**: \- Restrict logon times: Configure the Accounting group to log on only between 9 a.m. and 5 p.m. \- Enforce password requirements: Require passwords to be at least eight characters long. Windows includes thousands of preset security policies that can be activated through the Local Security Policy utility (**secpol.msc**). **Accessing Local Security Policy:** \- Through Control Panel's Administrative Tools. \- Alternatively, open a command line and run **secpol.msc** (a faster method). This utility provides a comprehensive interface for managing various security policies. **Local Security Policy** Local Security Policy has several containers that organize the many types of policies on a system. Each container contains sub containers or preset policies. **Example: Setting Password Expiration** **To set a local security policy for account password expiration (password age) to 30 days:** 1\. Open the **Account Policies** container. 2\. Open the **Password Policy** sub container. 3\. Locate the **Maximum password age** setting. \- By default, local user account passwords expire after 42 days on most Windows versions. 4\. To change this to 30 days: \- Double-click **Maximum password age**. \- Adjust the setting in the Properties dialog box. \- You can also set the value to 0 to never have the password expire. **User Account Control (UAC)** User Account Control (UAC) was introduced in Windows Vista to stop unauthorized changes to Windows. These changes can come from installing applications, malicious software, and other sources. Despite its importance, UAC received negative feedback for being intrusive, with frequent pop-up dialog boxes appearing for various actions. **Why Did UAC Receive Criticism?** \- Many users found the frequent UAC prompts in Vista to be annoying. \- Windows users were generally accustomed to running with administrator privileges, unaware of the security risks. **Purpose of UAC:** - **Security**: UAC alerts users when they are about to make changes that require dministrator privileges. This helps prevent unauthorized changes and actions. - **Comparison**: Both macOS and Linux/UNIX have similar features to UAC, which enhance security by requiring user confirmation for important actions. **Common Actions Requiring Administrator Privileges:** \- Installing and uninstalling applications \- Installing device drivers \- Installing Windows Updates \- Adjusting Windows Firewall settings \- Changing a user's account type \- Browsing to another user's directory **Historical Context:** - **NTFS and User Accounts:** NTFS enables detailed control over file and folder access but can be complicated. Historically, many Windows systems, especially in small offices and home networks, had users with administrator privileges due to the complexity of managing users and groups. - **Power Users Group**: Before Vista, Windows had a Power Users group to give users almost all the power of an administrator account without full privileges. However, this required technical knowledge and was often ignored at smaller scale deployments. User Account Control (UAC) is a security feature introduced by Microsoft to enhance system security and protect against unauthorized changes. **Key Changes with UAC:** 1. Reducing Administrator Account Use: UAC aimed to minimize the daily use of administrator accounts. 2. **Privilege Escalation:** - Regular accounts require administrator password for actions needing elevated privileges. - Administrator accounts see an \"Are you sure?\" dialog box without re-entering passwords. **How UAC Works:** 1. Standard Accounts: A UAC dialog box prompts for administrator password when attempting privileged actions. 2. Administrator Accounts: A simpler UAC dialog box appears without requiring password entry. **UAC Dialog Box and Icons:** - Small shield icons warn users of tasks that will trigger a UAC dialog box. - The dialog box provides users a moment to consider their actions before proceeding. **Updates and User Experience:** - Microsoft refined UAC in post-Vista Windows versions to make it less intrusive. - Many users found UAC prompts annoying and sought ways to disable them. **Reducing UAC Impact:** - Complete disabling of UAC is nearly impossible. - Users can adjust UAC settings to reduce prompt frequency and intrusiveness. **A More Granular UAC** Microsoft did research to understand why UAC annoyed users and found that the issue was its aggressiveness---constantly prompting users or offering no help at all. To address this, Microsoft introduced four UAC levels to make it less intrusive. **Viewing and Changing UAC Levels**: 1\. **Start typing** \"user account control\" in the Search field and select the option to **Change User Account Control settings.** 2\. Alternatively, go to the **User Accounts** applet in Control Panel and select **Change User Account Control settings**. 3\. This opens the UAC Settings dialog box. UAC Levels: - **Top Level (Always notify):** - Displays the consent form aggressively every time administrative access is needed. - **Bottom Level (Never notify):** - UAC is turned off completely. - **Second-from-top level:** - Does not notify when you make changes to Windows settings. - Notifies only when apps/programs try to make changes. - Dims the desktop when showing the consent form, blocking other actions. - **Third-from-top level:** - Does not notify when you make changes to Windows settings. - Notifies only when apps/programs try to make changes. - Does not dim the desktop, allowing other actions while displaying the consent form. **Practical Uses:** - **Managing User Permissions:** - Use the net user command to downgrade accounts and restrict user access to prevent bypassing UAC prompts. - **Limitations:** - You cannot downgrade the last administrator account on a system. - **Hidden Administrator Account:** - Enable the hidden administrator account, assign it a secure password, and remove administrator privileges from other accounts. **Command to enable the hidden administrator account**: net user administrator SuperSecurePassword /active:yes This command activates the hidden administrator account and sets a password, allowing you to better manage user permissions.
