LOCAL SECURITY AND PERMISSIONS - Sevecek
[Pages:98]Ondej Sevecek | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@ | |
LOCAL SECURITY AND PERMISSIONS
Outline
Generic Terminology NTFS Permissions Registry Permissions LDAP Permissions File Sharing Disk Quotas Windows Management Instrumentation Other Permission Settings Windows Firewall Service Accounts and Impersonation Physical Security BitLocker Dynamic Access Control
Advanced Windows Security
GENERIC TERMINOLOGY
Security Descriptor
Objects are protected with permissions
files, folders, registry keys, LDAP objects, printers, windows, desktops, ...
ACE ? Access Control Entry
one item in the permissions list Deny, Allow
ACL ? Access Control List
permission list
SACL ? System Access Control List
auditing ACL
Owner
Object Owner
Members of Administrators group
owner is Administrators group instead of the user
Can always change permissions
even if explicitly denied
Take Ownership
user right that allows taking ownership
CREATOR OWNER identity
used as a placeholder to express the current owner of the file
ACL Processing vs. ACE Order
ACEs are ordered
Note: it is contrary to a common statement that Deny ACEs are always stronger
the correct order must be maintained by applications when they modify ACL
ACEs are evaluated in the order present
like with firewall rules
Lab: Investigate Incorrect ACE Order
Log on to GPS-WKS as Kamil Start REGEDIT Right-click on
SYSTEM/CurrentControlSet/Services/{anyGUID}/ Parametes/Tcpip and select Permissions Note the text:
The permissions on the object are incorrectly ordered, which may cause some entries to be ineffective
Click Cancel to see the incorrect order, click Advanced
note that the Full Control permissions are lower than expected
Auditing
Object Access auditing category
general switch to turn auditing on/off
ACEs in SACL of objects
be carefull to audit only preciselly required ACEs applications generate extreme number of access
attempts
Advanced Windows Security
NTFS PERMISSIONS
NTFS Permissions
Common Permissions
Common permission Read Modify
Real permissions
Read data Read attributes Read extended attributes Read permissions (Read control) List folder
Read + Write Delete (not Delete subfolders)
Full Control
Modify Change permissions (Write DAC) Take ownership
NTFS Permissions
Dynamic Access Control (DAC)
NTFS Inheritance
Newly created folders and files inherit from parent by default
Explicit permissions can be granted in addition
Inheritance can be blocked
NTFS Copying vs. Moving
Move Copy
Single Volume
keeps keeps inherited! inherits new
Between Volumes inherits new
inherits new
note: moving of a file/folder keeps inherited permissions although they may not be inherited from the new parent (displayed also in gray)
Lab: Common Documents
Log on to server GPS-DATA Create F:\FS folder
permissions inheritance: disable (remove all) Allow, Administrators, Full Control, All objects
Create F:\FS\Doc
permissions inheritance: inheriting from parent
Allow, Employees, Read&Ex+CreateFolders, This folder only Allow, Employees, Modify, Subfolders and files only Allow, BIKES\Bikers, Read&Execute, All objects
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- robocopy daniel l benway
- vendor comptia exam code 220 902 exam name comptia a
- command prompt commands webs
- local security and permissions sevecek
- robust file copy utility version 1 dreamland
- architectural virtual desktop service
- change data layer netapp
- gscopypro v 8
- enterprise vault whitepaper veritas
- gs richcopy 360 standard v7 1 and enterprise v8
Related searches
- local buying and selling sites
- local buy and sell website
- local banks and credit unions
- social security and working after age 66
- social security and working after 62
- local craft and vendor shows
- office 365 security and compliance roles
- local daycares and preschools
- local min and max calculator multivariable
- security and exchange commission filings
- look up company security and exchange commission
- local maxima and minima calculator