Initial Core 2 study project

2026-06-11 20:17:44 -05:00 · 2026-06-11 20:17:44 -05:00 · 10de90430c
commit 10de90430c
120 changed files with 12696 additions and 0 deletions
--- a/notes/SEC-2-windows-security-settings.md
+++ b/notes/SEC-2-windows-security-settings.md
@ -0,0 +1,321 @@
+# SEC-2: Windows Security Settings
+
+Status: not started
+
+Domain:
+- 2.0 Security
+
+Objective alignment:
+- 2.2 Windows security settings
+
+## What You Need To Know
+
+Windows security questions often ask where to configure or verify a protection.
+
+Core areas:
+- Microsoft Defender Antivirus
+- Windows Defender Firewall
+- Windows Security app
+- Local, Microsoft, and domain accounts
+- Users and groups
+- Login options and Windows Hello
+- UAC and Run as administrator
+- NTFS vs. share permissions
+- BitLocker and BitLocker To Go
+- EFS
+- Active Directory basics
+- Group Policy basics
+
+## Memory Trick
+
+Use **A-F-U-P-E-D-G**:
+
+- **A**ntivirus: Defender
+- **F**irewall: network profiles and exceptions
+- **U**sers: local/Microsoft/domain accounts
+- **P**ermissions: NTFS/share
+- **E**ncryption: BitLocker/EFS
+- **D**irectory: Active Directory
+- **G**roup Policy: centralized settings
+
+Encryption shortcut:
+- **BitLocker = whole volume**
+- **BitLocker To Go = removable drive**
+- **EFS = individual files/folders on NTFS**
+
+## Defender Antivirus
+
+Microsoft Defender Antivirus:
+- Built into Windows.
+- Managed from Windows Security > Virus & threat protection.
+- Uses real-time protection.
+- Needs updated definitions/signatures.
+
+Exam clue:
+- If the task is scan/update/check Windows antivirus, go to Windows Security or Defender.
+
+## Windows Defender Firewall
+
+Windows Defender Firewall:
+- Should normally remain enabled.
+- Has separate profiles such as Public and Private.
+- Can allow an app, allow/block a port, use predefined rules, or create custom rules.
+
+Exam clue:
+- If an app cannot receive network traffic, check firewall exception/rule.
+- Public profile should be stricter than Private.
+
+## Windows Accounts
+
+Local account:
+- Exists only on one Windows computer.
+
+Microsoft account:
+- Cloud-linked personal/work account.
+- Can sync settings and integrate with Microsoft services.
+
+Domain account:
+- Centrally managed by Active Directory.
+- Used in business environments.
+
+User types/groups:
+- Administrator: elevated control.
+- Standard user: normal daily use.
+- Guest: limited access.
+- Groups simplify permissions.
+
+## Login Options
+
+Common options:
+- Password
+- PIN
+- Fingerprint
+- Facial recognition
+- Security key
+- Windows Hello
+- Domain/SSO login
+
+Passwordless authentication:
+- Uses methods such as biometrics, PIN, or security key instead of a traditional password.
+
+## UAC and Run As Administrator
+
+UAC:
+- User Account Control.
+- Limits automatic administrative access.
+- Prompts before elevated actions.
+
+Run as administrator:
+- Starts an app with elevated permissions.
+- Needed for tasks like installing services, changing system files, or editing protected settings.
+
+Memory trick:
+- **Admin account is not always elevated. UAC asks before elevation.**
+
+## NTFS vs. Share Permissions
+
+NTFS permissions:
+- Apply locally and over the network.
+- Stored on NTFS volumes.
+
+Share permissions:
+- Apply only when accessing through a network share.
+
+Rule:
+- The most restrictive effective permission wins.
+- Deny usually overrides allow.
+
+Inheritance:
+- Permissions can flow from parent folder to child files/folders.
+
+Explicit permissions:
+- Set directly on the object.
+
+## BitLocker vs. EFS
+
+BitLocker:
+- Encrypts an entire volume.
+- Protects data if a device or drive is stolen.
+
+BitLocker To Go:
+- Encrypts removable drives such as USB flash drives.
+
+EFS:
+- Encrypting File System.
+- Encrypts individual files/folders on NTFS.
+- Tied to user credentials/certificates.
+- Password reset problems can make EFS files inaccessible if recovery is not planned.
+
+## Active Directory and Group Policy
+
+Active Directory:
+- Central database of users, computers, groups, printers, shares, and other objects.
+- Domain controllers store/manage the domain database.
+
+Domain:
+- Group of managed users, computers, and resources.
+
+OU:
+- Organizational Unit.
+- Container used to organize AD objects and apply policies.
+
+Group Policy:
+- Centralized settings for users/computers.
+- Can configure security settings, login scripts, folder redirection, and more.
+
+Security groups:
+- Assign permissions to a group, then add users to the group.
+
+Folder redirection:
+- Redirects folders such as Desktop/Documents to a network location.
+
+## Commands To Enter
+
+Windows:
+
+```powershell
+windowsdefender:
+```
+
+What it does:
+- Opens Windows Security.
+
+```powershell
+firewall.cpl
+```
+
+What it does:
+- Opens Windows Defender Firewall.
+
+```powershell
+wf.msc
+```
+
+What it does:
+- Opens Windows Defender Firewall with Advanced Security.
+
+```powershell
+whoami
+```
+
+What it does:
+- Shows current user.
+
+```powershell
+whoami /groups
+```
+
+What it does:
+- Shows group membership for the current user.
+
+```powershell
+net user
+```
+
+What it does:
+- Lists local users.
+
+```powershell
+net localgroup administrators
+```
+
+What it does:
+- Lists local Administrators group members.
+
+```powershell
+gpupdate /force
+```
+
+What it does:
+- Forces Group Policy refresh.
+- Most useful on domain-joined systems.
+
+```powershell
+gpresult /r
+```
+
+What it does:
+- Shows applied Group Policy summary.
+
+```powershell
+manage-bde -status
+```
+
+What it does:
+- Shows BitLocker status.
+
+```powershell
+cipher /?
+```
+
+What it does:
+- Shows help for the `cipher` command used with EFS and encryption-related tasks.
+
+Linux comparison:
+
+```bash
+whoami
+id
+groups
+```
+
+What it does:
+- Shows current user and group identity.
+
+macOS comparison, if available:
+
+```bash
+fdesetup status
+```
+
+What it does:
+- Shows FileVault disk encryption status on macOS.
+
+## Mini Lab
+
+Goal:
+- Identify Windows security status and account privilege context.
+
+Windows:
+1. Run `windowsdefender:`.
+2. Open Virus & threat protection and find protection update status.
+3. Run `firewall.cpl`.
+4. Identify active firewall profiles.
+5. Run `wf.msc`.
+6. Locate inbound and outbound rules.
+7. Run `whoami`.
+8. Run `whoami /groups`.
+9. Run `net localgroup administrators`.
+10. Run `manage-bde -status`.
+11. Run `gpresult /r`.
+
+Record:
+- Defender protection status:
+- Defender update status:
+- Firewall profile active:
+- Current user:
+- Admin group membership:
+- BitLocker status:
+- Group Policy result available:
+
+Permissions scenario:
+1. Create a test folder.
+2. Right-click > Properties > Security.
+3. View permissions only.
+4. Do not remove permissions.
+
+Record:
+- One user/group listed:
+- One permission listed:
+- Whether permissions are inherited:
+
+## Quick Check Before Quiz
+
+You are ready for the SEC-2 quiz when you can answer these without looking:
+- What is the difference between NTFS and share permissions?
+- Which encryption protects an entire Windows volume?
+- Which encryption protects individual NTFS files/folders?
+- What does UAC do?
+- What does `gpupdate /force` do?
+- Where do you check Defender status?
+