System Administration and Maintenance (Module 3) PDF
Document Details
Uploaded by Deleted User
Bohol Island State University
Tags
Summary
This document is a module on system administration and maintenance, specifically focusing on user and group management. It covers topics such as learning outcomes, overview of user accounts, components of user accounts, groups, and importance of secure user management.
Full Transcript
Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance MODULE 3: User and Group...
Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance MODULE 3: User and Group Management I. Learning Outcomes By the end of this session, students should be able to: 1. Learn how to create, modify, and delete users and groups. 2. Understand the importance of user management in system security. 3. Be able to implement basic access control measures. II. Overview of User Accounts A user account is a collection of information that enables a user to access computer system resources and perform operations. Each account is uniquely identified by credentials, which includes essential details like username, password, and user- specific settings, allowing users to perform tasks within their assigned permissions. Components of User Accounts 1. Username is a unique identifier assigned to each user. It's how the system recognizes and differentiates users. 2. Password is a secret key that, when paired with the username, grants access to the user's account. Passwords should be strong to prevent unauthorized access. 3. User ID (UID) is a unique numerical identifier assigned to each user. This is used internally by the system to reference the user account. 4. Group ID (GID) is a unique numerical identifier assigned to the user's primary group. We can use this to determine the default group permissions for the user account. 5. Home Directory is the directory where a user's personal files and settings are stored. This provides a dedicated space for storing user-specific data. 6. User-specific Settings are preferences and configurations unique to each user. It customizes the user experience, including desktop settings, application preferences, and more. 7. Account Expiry is the date after which the user account becomes inactive. It is useful for temporary accounts or managing access over time. 8. Comments/Description are additional information about the user, such as full name or role. This provides context and details about the user account, aiding in identification and management. Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance Types of User Accounts Administrator Accounts have full access to the system, allowing users to install software, manage settings, and perform administrative tasks. Standard User Accounts have limited access, primarily intended for personal use and basic operations. Guest Accounts are designed for temporary access, these accounts are used by individuals who do not have a permanent account. Purpose of User Accounts The purpose of user accounts is twofold: 1. Personalization Allows users to customize their environment. Preferences and settings are saved and restored every time the user logs in, making the experience consistent across sessions. 2. Security: Each user is isolated with their permissions, preventing unauthorized access to sensitive resources. Segregates users and their permissions. Protects sensitive data and resources by restricting access based on user roles and privileges. III. Groups A group is a collection of user accounts managed as a single unit. Groups simplify permission management by assigning permissions to all users within the group rather than individually. Common Groups Administrators o Users with administrative privileges. o Capable of managing system-wide settings, install software, configure network settings, manage user permissions. o Typically reserved for IT personnel or trusted users. Users o Regular accounts with basic permissions for day-to-day activities. o Capable of running applications, access personal files, modify personal settings. o However, they cannot alter system-wide settings, install software affecting all users. Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance Guests o Users with restricted permissions, designed for temporary access. o Capable of basic access to applications and files. o Cannot install software, change settings, or access sensitive data. Other Important Groups Power Users o Users who need more privileges than standard users but not full administrative rights. o Capable to install and run software, change time and date settings. o Cannot modify system files or settings. Remote Desktop Users o Users who need access to the system via remote desktop. o Capable of remote access to the system, perform tasks as allowed by their permissions. o Typically used by employees working remotely or IT staff for maintenance Purpose and Benefits of Using Groups 1. Efficiency in Management Simplifies the process of assigning and revoking permissions. Reduces the risk of human error when managing permissions individually. 2. Security Ensures users have only the permissions necessary for their role. Minimizes the risk of unauthorized access or accidental changes to syste m settings. 3. Scalability Easily accommodate new users by adding them to existing groups. Streamlines the onboarding process for new employees. 4. Consistency Ensures uniform application of permissions across all users in a group. Maintains a standard security posture within the organization. IV. Permissions and Access Control Permissions dictate the actions that users or groups can perform on system resources like files or directories. They form the backbone of system security, ensuring specific types of users have the appropriate level of access to perform their tasks without compromising the system's integrity. Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance Types of Permissions 1. Read (R) Grants users the ability to view the contents of a file or directory. Example: Viewing a text document, listing the files in a directory. 2. Write (W) Allows users to modify, add to, or delete a file or directory. Example: Editing a document, adding new files to a directory, deleting a file. 3. Execute (X) Permits users to run a file as a program or script. Example: Executing a script to perform automated tasks, launching a soft ware application. Levels of Access Control 1. Owner/Creator Full Control: Often has all permissions (read, write, execute) on the files they create. Responsibilities: Can change permissions for other users. 2. Group Shared Access: Permissions granted to a group of users. Example: A team working on a project might have read and write permissions on the project directory. 3. Others/World General Access: Permissions granted to all other users on the system. Example: Publicly accessible files might have read permissions for all users. Applying Permissions 1. Access Control Lists (ACLs) Detailed lists specifying the permissions of individual users or groups. Example: An ACL might specify that User A can read a file, User B can write to it, and User C can execute it. 2. Role-Based Access Control (RBAC) Permissions are assigned based on user roles within the organization. Example: An admin role might have full access to all systems, while a guest role has minimal access. Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance 3. Mandatory Access Control (MAC) Enforces strict policies set by the system administrator, often used in high ly secure environments. Example: Military or government systems where access is based on security clearance levels. V. User Profiles A user profile encompasses personalized settings and data for an individual user, including desktop settings, application preferences, and personal files. User profiles are essential for maintaining a seamless, secure, and efficient user experie nce across different sessions and devices. They ensure that users can personalize their environment, access their data securely, and work productively. Components of a User Profile 1. Desktop Settings Includes wallpaper, screen resolution, icon arrangement, and themes. Purpose: Customizes the visual interface to suit user preferences, enhancing usability and comfort. 2. Application Preferences Settings specific to software applications, such as browser bookmarks, email client configurations, and productivity tool settings. Purpose: Ensures applications work in a way that's most efficient and comfortable for the user, streamlining tasks and workflows. 3. Personal Files Documents, images, videos, and other personal data stored in user- specific directories. Purpose: Keeps user data organized and easily accessible, ensuring privacy and security by isolating personal files from other users on the system. 4. Profile Data Information about the user's activities, such as recent documents, browsing history, and application usage. Helps in restoring the user's session and preferences. 5. User-Specific Registry Settings Configuration settings stored in the Windows Registry, specific to the user Defines user-specific system and application behaviors. Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance 6. Account Information Usernames, user IDs (UIDs), and other account-specific information. Identifies and authenticates the user within the system. Importance of User Profiles 1. Consistency Across Sessions Maintains a consistent user experience by storing and applying user- specific settings and preferences each time the user logs in. Example: A user logs in and finds their desktop exactly as they left it, with all open applications and files restored. 2. Personalization Allows users to customize their digital workspace to their liking. Example: Custom toolbars, preferred color schemes, and application settings tailored to individual work habits. 3. Security Enhances security by isolating user environments. Example: Prevents unauthorized access to personal files and settings, protecting sensitive information. 4. Productivity Increases productivity by providing a familiar and optimized working environment. Example: Quick access to frequently used applications and files, reducing time spent on configuration and setup. User Profile Management 1. Creation and Initialization Profiles are created when a new user account is established. Initial settings may be based on default templates. Example: A new employee starts and logs in for the first time, triggering the creation of their user profile. 2. Customization and Preferences Users adjust settings and preferences to suit their needs. Example: A user changes their desktop background, sets up email filters, and saves bookmarks. 3. Backup and Recovery Profiles can be backed up and restored to prevent data loss. Example: A user profile is saved to a cloud service or external drive, Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance allowing it to be restored in case of system failure. 4. Profile Roaming In networked environments, profiles can be configured to follow users across different machines. Example: A user logs into any computer within a corporate network and accesses their personalized settings and files. VI. Importance of Secure User Management 1. Protecting Sensitive Data For data integrity, an effective user management ensures that only authorized users can access sensitive information. This helps in maintaining the accuracy and consistency of the data over its lifecycle. For data confidentiality, by limiting access to authorized personnel only, organizations can prevent sensitive information from being exposed to unauthorized users, thereby protecting confidentiality. 2. Preventing Unauthorized Access By effectively managing user accounts, groups, and permissions, organizations can set up robust access controls. This minimizes the risk of unauthorized access to systems and data. By effectively managing user accounts, groups, and permissions, organizations can set up robust access controls. This minimizes the risk of unauthorized access to systems and data. Adds an extra layer of security by requiring two forms of verification before granting access, further preventing unauthorized access. 3. Accountability Proper management includes keeping detailed logs of user activities. This is crucial for tracking user actions, identifying suspicious behavior, and in vestigating security incidents. Many industries are subject to regulatory requirements that mandate strict user management practices. Compliance ensures that the organization a dheres to legal standards, avoiding fines and legal issues. Knowing who accessed what and when is vital for incident response and r ecovery efforts. It allows organizations to quickly pinpoint the source of an issue and take corrective action. Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance Practical Steps for Secure User Management 1. Regular Audits Conduct regular audits to review user access rights and ensure they align with current job responsibilities. Revoke access for users who no longer need it, such as former employees or those who have changed roles. 2. User Training Educate users on the importance of strong passwords, recognizing phishing attempts, and following security policies. Regular training helps users understand their role in maintaining security. 3. Automated Tools Utilize automated tools for identity and access management (IAM) to streamline the process of managing user accounts and permissions. Automation reduces the risk of human error and ensures consistency in applying security policies. 4. Password Policies Implement strong password policies, such as requiring complex passwords and regular updates. Encourage the use of password managers to securely store and manage passwords. VII. User Management in Windows User and group management is a fundamental aspect of system administration, ensuring secure and organized access to system resources. In windows, users are managed through Command Prompt, PowerShell, or Graphical User Interface (GUI). User Identification User Accounts, identified by usernames. Groups are collections of user accounts for easier management of permissions. Using Administrator: Command Prompt 1. net user [username] [userpassword] /add This command is useful for adding a new user. Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance Common Options: /fullname:"Full Name" is an option that sets the full name of the user. /comment:"User Description" is useful when adding a description or comment about the user. /expires:MM/DD/YYYY sets the account expiry date (not directly available, handled via GUI). /passwordchg:yes/no determines if the user can change their password. /logonhours:times sets permitted logon hours. /homedir:directory specifies the user’s home directory. /profilepath:path specifies the user profile path. 2. net user [username] [newpassword] Modifying a User (e.g., Changing the Password) 3. net user [username] /delete This command is useful for deleting a specific user’s details. 4. net user Listing all users currently in the system. 5. net user [username] View the details of a specific user. Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance VIII. Group Management in Windows 1. net localgroup [groupname] /add For creating a new group. Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance 2. net localgroup [groupname] [username] /add For adding a user to a group. 3. net localgroup [groupname] [username] /delete To remove a user from a group. 4. net localgroup [groupname] /delete To delete a group. 5. net localgroup Viewing all groups. IX. Assessment Tasks Republic of the Philippines BOHOL ISLAND STATE UNIVERSITY Magsija, Balilihan, 6342, Bohol, Philippines Office of Instruction Balance I Integrity I Stewardship I Uprightness System Administration and Maintenance o Assignment o Activity o Quiz