99 lines
1.6 KiB
Markdown
99 lines
1.6 KiB
Markdown
# Lab SEC-2: Windows Security Settings
|
|
|
|
Domain:
|
|
- 2.0 Security
|
|
|
|
Works on:
|
|
- Windows
|
|
- Linux/macOS comparison where available
|
|
|
|
## Goal
|
|
|
|
Inspect Windows security settings without weakening protections.
|
|
|
|
## Windows Steps
|
|
|
|
Run:
|
|
|
|
```powershell
|
|
windowsdefender:
|
|
firewall.cpl
|
|
wf.msc
|
|
whoami
|
|
whoami /groups
|
|
net user
|
|
net localgroup administrators
|
|
manage-bde -status
|
|
gpresult /r
|
|
cipher /?
|
|
```
|
|
|
|
Record:
|
|
- Defender status:
|
|
- Defender definition/update status:
|
|
- Active firewall profile:
|
|
- Current user:
|
|
- Local users visible:
|
|
- Administrators group members:
|
|
- BitLocker status:
|
|
- Group Policy result available:
|
|
- What `cipher` is used for:
|
|
|
|
## Permissions Review
|
|
|
|
Create or choose a non-critical test folder.
|
|
|
|
1. Open folder Properties.
|
|
2. Open the Security tab.
|
|
3. View groups/users.
|
|
4. View Advanced permissions.
|
|
5. Check whether inheritance is enabled.
|
|
|
|
Do not remove permissions in this lab.
|
|
|
|
Record:
|
|
- One group/user:
|
|
- One allowed permission:
|
|
- Inheritance enabled:
|
|
- Owner:
|
|
|
|
## Linux Comparison
|
|
|
|
Run:
|
|
|
|
```bash
|
|
whoami
|
|
id
|
|
groups
|
|
```
|
|
|
|
Record:
|
|
- Current user:
|
|
- Groups:
|
|
- Sudo/admin indication:
|
|
|
|
## macOS Comparison
|
|
|
|
Run if you have Mac access:
|
|
|
|
```bash
|
|
whoami
|
|
id
|
|
groups
|
|
fdesetup status
|
|
```
|
|
|
|
Record:
|
|
- Current user:
|
|
- Groups:
|
|
- FileVault status:
|
|
|
|
## What You Should Learn
|
|
|
|
- Defender and Firewall are managed from Windows Security/Control Panel tools.
|
|
- NTFS permissions apply locally and over the network.
|
|
- Share permissions apply only over the network.
|
|
- BitLocker protects volumes.
|
|
- EFS protects individual NTFS files/folders.
|
|
- Group Policy is checked with `gpresult` and refreshed with `gpupdate`.
|
|
|