321 lines
6.6 KiB
Markdown
321 lines
6.6 KiB
Markdown
# SEC-2: Windows Security Settings
|
|
|
|
Status: not started
|
|
|
|
Domain:
|
|
- 2.0 Security
|
|
|
|
Objective alignment:
|
|
- 2.2 Windows security settings
|
|
|
|
## What You Need To Know
|
|
|
|
Windows security questions often ask where to configure or verify a protection.
|
|
|
|
Core areas:
|
|
- Microsoft Defender Antivirus
|
|
- Windows Defender Firewall
|
|
- Windows Security app
|
|
- Local, Microsoft, and domain accounts
|
|
- Users and groups
|
|
- Login options and Windows Hello
|
|
- UAC and Run as administrator
|
|
- NTFS vs. share permissions
|
|
- BitLocker and BitLocker To Go
|
|
- EFS
|
|
- Active Directory basics
|
|
- Group Policy basics
|
|
|
|
## Memory Trick
|
|
|
|
Use **A-F-U-P-E-D-G**:
|
|
|
|
- **A**ntivirus: Defender
|
|
- **F**irewall: network profiles and exceptions
|
|
- **U**sers: local/Microsoft/domain accounts
|
|
- **P**ermissions: NTFS/share
|
|
- **E**ncryption: BitLocker/EFS
|
|
- **D**irectory: Active Directory
|
|
- **G**roup Policy: centralized settings
|
|
|
|
Encryption shortcut:
|
|
- **BitLocker = whole volume**
|
|
- **BitLocker To Go = removable drive**
|
|
- **EFS = individual files/folders on NTFS**
|
|
|
|
## Defender Antivirus
|
|
|
|
Microsoft Defender Antivirus:
|
|
- Built into Windows.
|
|
- Managed from Windows Security > Virus & threat protection.
|
|
- Uses real-time protection.
|
|
- Needs updated definitions/signatures.
|
|
|
|
Exam clue:
|
|
- If the task is scan/update/check Windows antivirus, go to Windows Security or Defender.
|
|
|
|
## Windows Defender Firewall
|
|
|
|
Windows Defender Firewall:
|
|
- Should normally remain enabled.
|
|
- Has separate profiles such as Public and Private.
|
|
- Can allow an app, allow/block a port, use predefined rules, or create custom rules.
|
|
|
|
Exam clue:
|
|
- If an app cannot receive network traffic, check firewall exception/rule.
|
|
- Public profile should be stricter than Private.
|
|
|
|
## Windows Accounts
|
|
|
|
Local account:
|
|
- Exists only on one Windows computer.
|
|
|
|
Microsoft account:
|
|
- Cloud-linked personal/work account.
|
|
- Can sync settings and integrate with Microsoft services.
|
|
|
|
Domain account:
|
|
- Centrally managed by Active Directory.
|
|
- Used in business environments.
|
|
|
|
User types/groups:
|
|
- Administrator: elevated control.
|
|
- Standard user: normal daily use.
|
|
- Guest: limited access.
|
|
- Groups simplify permissions.
|
|
|
|
## Login Options
|
|
|
|
Common options:
|
|
- Password
|
|
- PIN
|
|
- Fingerprint
|
|
- Facial recognition
|
|
- Security key
|
|
- Windows Hello
|
|
- Domain/SSO login
|
|
|
|
Passwordless authentication:
|
|
- Uses methods such as biometrics, PIN, or security key instead of a traditional password.
|
|
|
|
## UAC and Run As Administrator
|
|
|
|
UAC:
|
|
- User Account Control.
|
|
- Limits automatic administrative access.
|
|
- Prompts before elevated actions.
|
|
|
|
Run as administrator:
|
|
- Starts an app with elevated permissions.
|
|
- Needed for tasks like installing services, changing system files, or editing protected settings.
|
|
|
|
Memory trick:
|
|
- **Admin account is not always elevated. UAC asks before elevation.**
|
|
|
|
## NTFS vs. Share Permissions
|
|
|
|
NTFS permissions:
|
|
- Apply locally and over the network.
|
|
- Stored on NTFS volumes.
|
|
|
|
Share permissions:
|
|
- Apply only when accessing through a network share.
|
|
|
|
Rule:
|
|
- The most restrictive effective permission wins.
|
|
- Deny usually overrides allow.
|
|
|
|
Inheritance:
|
|
- Permissions can flow from parent folder to child files/folders.
|
|
|
|
Explicit permissions:
|
|
- Set directly on the object.
|
|
|
|
## BitLocker vs. EFS
|
|
|
|
BitLocker:
|
|
- Encrypts an entire volume.
|
|
- Protects data if a device or drive is stolen.
|
|
|
|
BitLocker To Go:
|
|
- Encrypts removable drives such as USB flash drives.
|
|
|
|
EFS:
|
|
- Encrypting File System.
|
|
- Encrypts individual files/folders on NTFS.
|
|
- Tied to user credentials/certificates.
|
|
- Password reset problems can make EFS files inaccessible if recovery is not planned.
|
|
|
|
## Active Directory and Group Policy
|
|
|
|
Active Directory:
|
|
- Central database of users, computers, groups, printers, shares, and other objects.
|
|
- Domain controllers store/manage the domain database.
|
|
|
|
Domain:
|
|
- Group of managed users, computers, and resources.
|
|
|
|
OU:
|
|
- Organizational Unit.
|
|
- Container used to organize AD objects and apply policies.
|
|
|
|
Group Policy:
|
|
- Centralized settings for users/computers.
|
|
- Can configure security settings, login scripts, folder redirection, and more.
|
|
|
|
Security groups:
|
|
- Assign permissions to a group, then add users to the group.
|
|
|
|
Folder redirection:
|
|
- Redirects folders such as Desktop/Documents to a network location.
|
|
|
|
## Commands To Enter
|
|
|
|
Windows:
|
|
|
|
```powershell
|
|
windowsdefender:
|
|
```
|
|
|
|
What it does:
|
|
- Opens Windows Security.
|
|
|
|
```powershell
|
|
firewall.cpl
|
|
```
|
|
|
|
What it does:
|
|
- Opens Windows Defender Firewall.
|
|
|
|
```powershell
|
|
wf.msc
|
|
```
|
|
|
|
What it does:
|
|
- Opens Windows Defender Firewall with Advanced Security.
|
|
|
|
```powershell
|
|
whoami
|
|
```
|
|
|
|
What it does:
|
|
- Shows current user.
|
|
|
|
```powershell
|
|
whoami /groups
|
|
```
|
|
|
|
What it does:
|
|
- Shows group membership for the current user.
|
|
|
|
```powershell
|
|
net user
|
|
```
|
|
|
|
What it does:
|
|
- Lists local users.
|
|
|
|
```powershell
|
|
net localgroup administrators
|
|
```
|
|
|
|
What it does:
|
|
- Lists local Administrators group members.
|
|
|
|
```powershell
|
|
gpupdate /force
|
|
```
|
|
|
|
What it does:
|
|
- Forces Group Policy refresh.
|
|
- Most useful on domain-joined systems.
|
|
|
|
```powershell
|
|
gpresult /r
|
|
```
|
|
|
|
What it does:
|
|
- Shows applied Group Policy summary.
|
|
|
|
```powershell
|
|
manage-bde -status
|
|
```
|
|
|
|
What it does:
|
|
- Shows BitLocker status.
|
|
|
|
```powershell
|
|
cipher /?
|
|
```
|
|
|
|
What it does:
|
|
- Shows help for the `cipher` command used with EFS and encryption-related tasks.
|
|
|
|
Linux comparison:
|
|
|
|
```bash
|
|
whoami
|
|
id
|
|
groups
|
|
```
|
|
|
|
What it does:
|
|
- Shows current user and group identity.
|
|
|
|
macOS comparison, if available:
|
|
|
|
```bash
|
|
fdesetup status
|
|
```
|
|
|
|
What it does:
|
|
- Shows FileVault disk encryption status on macOS.
|
|
|
|
## Mini Lab
|
|
|
|
Goal:
|
|
- Identify Windows security status and account privilege context.
|
|
|
|
Windows:
|
|
1. Run `windowsdefender:`.
|
|
2. Open Virus & threat protection and find protection update status.
|
|
3. Run `firewall.cpl`.
|
|
4. Identify active firewall profiles.
|
|
5. Run `wf.msc`.
|
|
6. Locate inbound and outbound rules.
|
|
7. Run `whoami`.
|
|
8. Run `whoami /groups`.
|
|
9. Run `net localgroup administrators`.
|
|
10. Run `manage-bde -status`.
|
|
11. Run `gpresult /r`.
|
|
|
|
Record:
|
|
- Defender protection status:
|
|
- Defender update status:
|
|
- Firewall profile active:
|
|
- Current user:
|
|
- Admin group membership:
|
|
- BitLocker status:
|
|
- Group Policy result available:
|
|
|
|
Permissions scenario:
|
|
1. Create a test folder.
|
|
2. Right-click > Properties > Security.
|
|
3. View permissions only.
|
|
4. Do not remove permissions.
|
|
|
|
Record:
|
|
- One user/group listed:
|
|
- One permission listed:
|
|
- Whether permissions are inherited:
|
|
|
|
## Quick Check Before Quiz
|
|
|
|
You are ready for the SEC-2 quiz when you can answer these without looking:
|
|
- What is the difference between NTFS and share permissions?
|
|
- Which encryption protects an entire Windows volume?
|
|
- Which encryption protects individual NTFS files/folders?
|
|
- What does UAC do?
|
|
- What does `gpupdate /force` do?
|
|
- Where do you check Defender status?
|
|
|