IT 541 Unit 1 Assignment

Unit 1 Assignment 1

Kaplan University

Abstract

This assignment deals with hands on lab activities that will help understand what happens in real world environments. The lab assignment will show how to implement an active directory system administrative configuration for groups, implement global domain departmental groups and user accounts, and implement departmental groups and user folders with unique access rights per defined requirements. In addition, the lab assignment will show how to access the server as a user and test errors when attempting to create and save files, implement a new list of access controls, and answer questions related to the lab exercise.

Unit 1 Assignment 1

Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve CIA for departmental LANs, departmental folders, and data.

Domains have security principles such as users, groups, and computers. Each of these can be granted access to different resources on the network (“Best practice active directory design for managing windows network,” 2013, para. 61). The Active Directory and configuration of access controls can achieve CIA for departmental LANs, departmental folders, and data by creating security principles in the Active Directory domain partition.

It is a good practice to include the account or user name in the password? Why or why not?

It is not a good practice to include the account or user name in a password. A password should be something that is creative and that no one can guess. It should not contain anything that is personal to you that someone can easily figure out. Things such as your name, address, phone number, account number, and user name are definitely not good passwords. This will leave you vulnerable for someone to hack or decode your password.

To enhance the strength of user passwords, what are some of the best practices to implement for user password definitions to maximize confidentiality?

Best practices to enhance the strength of user passwords include: making sure that the password is at least eight characters long, no common words from the dictionary because crackers usually try those common dictionary words first, and two numbers should be included within the first eight characters of the password. Also, when selecting a password, the user should select a familiar phrase that is easy to remember and select the

first letter out of each word as a password. This is a way of selecting a password that no one else will ever think of. In addition, special characters should also be included if allowed (“Password best practices,” 2013, para. 1).

Can a user defined in Active Directory access a shared drive if that user is not part of the domain?

Users cannot access shared folders if they are not part of the domain. The user would need to be set up on the computer as an authorized user. A user has to be granted a certain access to a directory to be able to access it. The interactive logon process has to be authenticated and the user’s identity has to be confirmed in order to log on to the computer and grant access to the Active Directory.

Does Windows Server 2008 R2 require a user’s logon/password credentials prior to accessing shared drives?

Logon or password credentials are required before accessing shared drives in Windows Server 2008 R2. Credentials have to be confirmed before access can be given to shared drives.

When looking at the Active Directory structure for Users and Computers, which group has the least amount of implied privileges?

The user has the least amount of implied privileges.

When granting access to LAN systems for guests (i.e., auditors, consultants, third-part individuals, etc.), what security controls do you recommend implementing to maximize CIA of production systems and data?

When granting guest access to LAN systems the security controls would be to only allow limited access. This can be done by giving access to only the required files that are needed and also require the guest to sign a non-disclosure agreement.

When granting access for the ShopFloor group to the SFfiles within the SFfiles folder, what must be configured within the Active Directory?

The first thing required to grant access for the ShopFloor group to the SFfiles and folders is to configure the Group Policies.

When granting access for the HumanResources group to the HRfiles within the HRfiles folder, what must be configured within the Active Directory?

The first thing required to grant access for the HumanResources group to the HRfiles and folders is to configure the Group Policies.

Explain how CIA can be achieved down to the folder and data file access level for departments and users using Active Directory and Windows Server 2008 R2 access control configuration. Configuring unique access controls for different user types is an example of what kind of access controls?

User rights are managed through Group Policy. Users have different user rights on different computers therefore; configuring unique access controls for different user types is called Group policy through Active Directory.

References

Active directory users, computers, and groups. (2013). Retrieved from http://technet.microsoft.com/en-us/library/bb727067.aspx

Best practice active directory design for managing windows network. (2013). Retrieved from http://technet.microsoft.com/en-us/library/bb727085.aspx

Password best practices. (2013). Retrieved from http://its.psu.edu/be-safe/password-best-practices

Understanding user and group accounts. (2013). Retrieved from http://technet.microsoft.com/en-us/library/bb726978.aspx