Lab 3: Enable Windows Active Directory and User Access Controls
1. What are the three fundamental elements of an effective access control solution for information systems?
Identification, Authentication and Authorization
2. What two access controls can be set up for Windows Server 2003 folder and authentication?
Authentication and Access Control
3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? What type of access control would best describe this access control situation?
Folder Contents. The access control best fitting would be security policy. 4. What is the mechanism on a Windows server where you can administer granular policies and permissions on a Windows network using role-based access?
5. What is two-factor authentication and why is it an effective access control technique?
It is a two different type of identification process. Like an ID card and a pin code. 6. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve CIA for departmental LANs departmental folders, and data.
The security details are created in the directory domain.
7. It is a good practice to include the account or user name in the password? Why or why not?
This is definitely not a good or suggested practice because this is a common starting place for hackers to start when attempting to log in to someone’s account or when trying to use another person’s access. 8. Can a user who is defined in the Active Directory access a shared drive if that user is not part of the domain?
No, if a user is not granted specific access to a directory then they are granted access. 9. Does Windows Server 2003 require a user’s logon/password credentials prior to accessing shared drives?
Yes, you have to be logged into the system to accessing a shared drive. 10. When granting access to LAN systems for guests (i.e., auditors, consultants, third-party individuals, etc.), what security controls do you recommend be implemented to maximize CIA of production systems and data?
The accounts should be set up with limited account access, with read only rights to the specific area’s they need to access.
Lab 3 Screenshots