Midterm Study Guide CSED 430 October 2006 This guide is declared more or less finished ===================================================== Next Wednesday's exam will be open-book Hardware (motherboards, etc) and wireless configuration will NOT be on the exam. ====================================================== Some topics with references: NTFS and file permissions chapter 13 of RK, ch 17 p 704ff (Local) User Rights RK appendix B Domains v standalone What Domain Controllers do for a living chapter 23 of RK has a lot on these two projects Also see the MS documents on my web page. How to prohibit new executables, and some ways that *don't* work chapter 17, p 722 Group Policy and GPOs Active Directory: users, groups, domains, OUs, GPOs For both: chapter 5 of RK; also check the index for other examples, and see the files on my web page ==================================== MS examples covered: 1. Shared Computer Toolkit Strategies for securing a "standalone" (ie NOT connected to a domain) XP workstation. Specific techniques: * MS Disk Protection (similar to DeepFreeze, CenturionGuard, etc) * Local Security Policy Software Restrictions * NTFS permissions 2. Common Scenarios Strategies for securing workstations that ARE part of a domain, using Group Policy Objects (GPOs) Lightly Managed Mobile Heavily Managed Multi-User Appstation TaskStation Kiosk ============================================================== Here are a few sample questions: 1. One way to change a site's password policy is to edit the Default Domain Policy GPO. What is the drawback to that approach, and what is an alternative approach? 2. What are some of the advantages and drawbacks to giving each user their own individual profile? 3. If all users share the same profile, you probably want to disallow saving icons on the desktop. How could you implement that restriction using file permissions? 4. What are some other system restrictions you might want to implement if all users share the same profile? 5. Discuss how to use multiple Organizational Units (OUs) to arrange for decreasing system restrictions for freshmen, sophomores, juniors, and seniors. 6. Suppose you want juniors to encounter more restrictions than seniors, but also to have special permissions (reduced restrictions) for students (either juniors or seniors) in the theater class. Explain why OUs may not be the easiest way to implement this, and suggest an alternative. 7. Suppose we have two GPOs, G1 and G2, linked (in that order) to an OU A. Any user or machine in A, then, is subject to both G1 and G2. Explain how we could achieve the same effect using two nested OUs, each associated with a single GPO. 8. Suppose we want to leave a certain software application, foo.exe, on the machine, but prevent its use by students. (a). Suppose we remove it from the student start menu. Can students still run the program? If so, how? (b). Suppose we make the software readable by everyone, but we DENY execute permission to the STUDENTS group. Can students still run the program? If so, how?