kenpat/comptia-a-plus-core2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
comptia-a-plus-core2/notes/SEC-2-windows-security-settings.md

6.6 KiB
Raw Blame History

SEC-2: Windows Security Settings

Status: not started

Domain:

  • 2.0 Security

Objective alignment:

  • 2.2 Windows security settings

What You Need To Know

Windows security questions often ask where to configure or verify a protection.

Core areas:

  • Microsoft Defender Antivirus
  • Windows Defender Firewall
  • Windows Security app
  • Local, Microsoft, and domain accounts
  • Users and groups
  • Login options and Windows Hello
  • UAC and Run as administrator
  • NTFS vs. share permissions
  • BitLocker and BitLocker To Go
  • EFS
  • Active Directory basics
  • Group Policy basics

Memory Trick

Use A-F-U-P-E-D-G:

  • Antivirus: Defender
  • Firewall: network profiles and exceptions
  • Users: local/Microsoft/domain accounts
  • Permissions: NTFS/share
  • Encryption: BitLocker/EFS
  • Directory: Active Directory
  • Group Policy: centralized settings

Encryption shortcut:

  • BitLocker = whole volume
  • BitLocker To Go = removable drive
  • EFS = individual files/folders on NTFS

Defender Antivirus

Microsoft Defender Antivirus:

  • Built into Windows.
  • Managed from Windows Security > Virus & threat protection.
  • Uses real-time protection.
  • Needs updated definitions/signatures.

Exam clue:

  • If the task is scan/update/check Windows antivirus, go to Windows Security or Defender.

Windows Defender Firewall

Windows Defender Firewall:

  • Should normally remain enabled.
  • Has separate profiles such as Public and Private.
  • Can allow an app, allow/block a port, use predefined rules, or create custom rules.

Exam clue:

  • If an app cannot receive network traffic, check firewall exception/rule.
  • Public profile should be stricter than Private.

Windows Accounts

Local account:

  • Exists only on one Windows computer.

Microsoft account:

  • Cloud-linked personal/work account.
  • Can sync settings and integrate with Microsoft services.

Domain account:

  • Centrally managed by Active Directory.
  • Used in business environments.

User types/groups:

  • Administrator: elevated control.
  • Standard user: normal daily use.
  • Guest: limited access.
  • Groups simplify permissions.

Login Options

Common options:

  • Password
  • PIN
  • Fingerprint
  • Facial recognition
  • Security key
  • Windows Hello
  • Domain/SSO login

Passwordless authentication:

  • Uses methods such as biometrics, PIN, or security key instead of a traditional password.

UAC and Run As Administrator

UAC:

  • User Account Control.
  • Limits automatic administrative access.
  • Prompts before elevated actions.

Run as administrator:

  • Starts an app with elevated permissions.
  • Needed for tasks like installing services, changing system files, or editing protected settings.

Memory trick:

  • Admin account is not always elevated. UAC asks before elevation.

NTFS vs. Share Permissions

NTFS permissions:

  • Apply locally and over the network.
  • Stored on NTFS volumes.

Share permissions:

  • Apply only when accessing through a network share.

Rule:

  • The most restrictive effective permission wins.
  • Deny usually overrides allow.

Inheritance:

  • Permissions can flow from parent folder to child files/folders.

Explicit permissions:

  • Set directly on the object.

BitLocker vs. EFS

BitLocker:

  • Encrypts an entire volume.
  • Protects data if a device or drive is stolen.

BitLocker To Go:

  • Encrypts removable drives such as USB flash drives.

EFS:

  • Encrypting File System.
  • Encrypts individual files/folders on NTFS.
  • Tied to user credentials/certificates.
  • Password reset problems can make EFS files inaccessible if recovery is not planned.

Active Directory and Group Policy

Active Directory:

  • Central database of users, computers, groups, printers, shares, and other objects.
  • Domain controllers store/manage the domain database.

Domain:

  • Group of managed users, computers, and resources.

OU:

  • Organizational Unit.
  • Container used to organize AD objects and apply policies.

Group Policy:

  • Centralized settings for users/computers.
  • Can configure security settings, login scripts, folder redirection, and more.

Security groups:

  • Assign permissions to a group, then add users to the group.

Folder redirection:

  • Redirects folders such as Desktop/Documents to a network location.

Commands To Enter

Windows:

windowsdefender:

What it does:

  • Opens Windows Security.
firewall.cpl

What it does:

  • Opens Windows Defender Firewall.
wf.msc

What it does:

  • Opens Windows Defender Firewall with Advanced Security.
whoami

What it does:

  • Shows current user.
whoami /groups

What it does:

  • Shows group membership for the current user.
net user

What it does:

  • Lists local users.
net localgroup administrators

What it does:

  • Lists local Administrators group members.
gpupdate /force

What it does:

  • Forces Group Policy refresh.
  • Most useful on domain-joined systems.
gpresult /r

What it does:

  • Shows applied Group Policy summary.
manage-bde -status

What it does:

  • Shows BitLocker status.
cipher /?

What it does:

  • Shows help for the cipher command used with EFS and encryption-related tasks.

Linux comparison:

whoami
id
groups

What it does:

  • Shows current user and group identity.

macOS comparison, if available:

fdesetup status

What it does:

  • Shows FileVault disk encryption status on macOS.

Mini Lab

Goal:

  • Identify Windows security status and account privilege context.

Windows:

  1. Run windowsdefender:.
  2. Open Virus & threat protection and find protection update status.
  3. Run firewall.cpl.
  4. Identify active firewall profiles.
  5. Run wf.msc.
  6. Locate inbound and outbound rules.
  7. Run whoami.
  8. Run whoami /groups.
  9. Run net localgroup administrators.
  10. Run manage-bde -status.
  11. Run gpresult /r.

Record:

  • Defender protection status:
  • Defender update status:
  • Firewall profile active:
  • Current user:
  • Admin group membership:
  • BitLocker status:
  • Group Policy result available:

Permissions scenario:

  1. Create a test folder.
  2. Right-click > Properties > Security.
  3. View permissions only.
  4. Do not remove permissions.

Record:

  • One user/group listed:
  • One permission listed:
  • Whether permissions are inherited:

Quick Check Before Quiz

You are ready for the SEC-2 quiz when you can answer these without looking:

  • What is the difference between NTFS and share permissions?
  • Which encryption protects an entire Windows volume?
  • Which encryption protects individual NTFS files/folders?
  • What does UAC do?
  • What does gpupdate /force do?
  • Where do you check Defender status?