# Lab SEC-1: Security Controls and Account Privileges

Domain:
- 2.0 Security

Works on:
- Windows
- Linux
- Optional macOS

## Goal

Practice identifying local account privileges and matching security controls to risks.

## Windows Steps

Run:

```powershell
whoami
whoami /groups
whoami /priv
net user
net localgroup
net localgroup administrators
```

Record:
- Current user:
- Is the user in Administrators?
- One group membership:
- One privilege listed:
- Any account/group that seems high risk:

## Linux Steps

Run:

```bash
whoami
id
groups
sudo -l
```

Record:
- Current user:
- UID:
- Groups:
- Sudo allowed:

## Optional macOS Steps

Run:

```bash
whoami
id
groups
```

Record:
- Current user:
- UID:
- Groups:

## Control Matching

Match the best control:
- Stop vehicles from reaching a building:
- Prevent one person from following another through a secure door:
- Store privileged passwords and grant temporary admin access:
- Stop confidential files from being emailed:
- Require phones to use PINs and allow remote wipe:
- Authenticate once and access multiple cloud apps:
- Give users only the access required for their work:

## What You Should Learn

- Local group membership affects privileges.
- Least privilege reduces risk.
- MFA proves identity using multiple factor types.
- DLP protects sensitive data from leakage.
- MDM centrally manages mobile devices and policies.
- PAM/JIT control privileged access.