managing and supporting xp
DESCRIPTION
Managing and Supporting XP. Security Using Windows NT/2000/XP. Two goals of security Secure system resources, including hardware and software, from improper use Secure users’ data from improper access Concept of user accounts is key to understanding Windows XP. User Accounts and Profiles. - PowerPoint PPT PresentationTRANSCRIPT
Managing and Managing and Supporting XPSupporting XP
2
Security Using Windows Security Using Windows NT/2000/XPNT/2000/XP
Two goals of securityTwo goals of security
1.1. Secure system resources, including Secure system resources, including hardware and software, from improper hardware and software, from improper useuse
2.2. Secure users’ data from improper accessSecure users’ data from improper access
Concept of user accounts is key to Concept of user accounts is key to understanding Windows XPunderstanding Windows XP
3
User Accounts and ProfilesUser Accounts and Profiles Defines a user to WindowsDefines a user to Windows Records information about the user Records information about the user
(e.g., user name, account password, (e.g., user name, account password, group memberships, rights and group memberships, rights and permissions assigned to the account)permissions assigned to the account)
Three typesThree types Global (domain) user accountsGlobal (domain) user accounts Local user accountsLocal user accounts Built-in user accountsBuilt-in user accounts
4
User ProfilesUser Profiles
Created by the system after user Created by the system after user logs on for first timelogs on for first time
TypesTypes
Roaming user profileRoaming user profile
Mandatory user profileMandatory user profile
Group profileGroup profile
5
Viewing ProfilesViewing Profiles
6
Administering Local User AccountsAdministering Local User Accounts
Password guidelines for users and administrators:
Usernames can consist of up to 15 Usernames can consist of up to 15 characterscharacters
Passwords can be up to 127 charactersPasswords can be up to 127 characters
Do not use a password that is easy to Do not use a password that is easy to guessguess
7
Administering Local User Administering Local User Accounts Accounts (continued)(continued)
Use combination of letters, numbers, Use combination of letters, numbers, and non-alphanumeric characters for and non-alphanumeric characters for greatest securitygreatest security
Always set a password for the Always set a password for the Administrator accountAdministrator account
Passwords can be controlled by Passwords can be controlled by administrator, but generally, users administrator, but generally, users should be allowed to change their ownshould be allowed to change their own
8
Creating a User AccountCreating a User Account
1.1. Log on as the AdministratorLog on as the Administrator
2.2. Open Computer ManagementOpen Computer Management
3.3. Expand Expand Local Users and GroupsLocal Users and Groups, , right-click right-click UsersUsers, select , select New UserNew User, , enter user data, click enter user data, click CreateCreate
9
To Change User Account TypeTo Change User Account Type
1.1. Click Click Change an accountChange an account, click the , click the account to be changedaccount to be changed
2.2. Select account data to be changed Select account data to be changed and click and click Change the account Change the account typetype
3.3. Select account type, click Select account type, click Change Change Account TypeAccount Type, click , click BackBack twice twice
10
Creating a User AccountCreating a User Account (continued)(continued)
11
User GroupsUser Groups Efficient way for administrator to Efficient way for administrator to
manage multiple user accounts that manage multiple user accounts that require same privileges and similar require same privileges and similar profilesprofiles
Groups installed by Windows XPGroups installed by Windows XP AdministratorsAdministrators Backup OperatorsBackup Operators Power UsersPower Users Limited UsersLimited Users GuestsGuests
12
Creating a New User GroupCreating a New User Group
1.1. Click Click StartStart, right-click , right-click My My ComputerComputer, select , select ManageManage
2.2. Expand Expand Local Users and GroupsLocal Users and Groups
3.3. Right-click Right-click GroupsGroups folder, select folder, select New GroupNew Group
4.4. Enter group name, description, click Enter group name, description, click Add Add to add users, click to add users, click CreateCreate
13
Creating a New User GroupCreating a New User Group (continued)(continued)
14
Disk QuotasDisk Quotas
Limit how much disk space user has Limit how much disk space user has access to access to
Does not specify location of files, just Does not specify location of files, just total space allowed on a volumetotal space allowed on a volume
Can be set only if you are using NTFSCan be set only if you are using NTFS
15
Setting Disk QuotasSetting Disk Quotas
1. Log on as Administrator, open My Computer
2. Right-click disk, select Properties
3. Click Quota tab, check Enable quota management
16
Setting Disk QuotasSetting Disk Quotas (continued)(continued)
4. Click Limit disk space to, enter limit
5. Enter size for Set warning level to
6. Click Deny disk space to users exceeding quota, click OK
17
EFS (Encrypted File System)EFS (Encrypted File System)
EncryptionEncryption is the process of putting is the process of putting readable data into code that must be readable data into code that must be translated before it can be accessed translated before it can be accessed
Protects data even when someone not Protects data even when someone not authorized to view files or folders has authorized to view files or folders has full access to computer’s data storagefull access to computer’s data storage
Applies only to Windows 2000/XP Applies only to Windows 2000/XP NTFS file systemNTFS file system
18
How to Use EncryptionHow to Use Encryption
Can be implemented at either the Can be implemented at either the folder or file levelfolder or file level
Folder level is encouraged and Folder level is encouraged and considered a “best practice” considered a “best practice” strategystrategy
19
Encrypting Folder ContentsEncrypting Folder Contents
1.1. Locate the folder to be encryptedLocate the folder to be encrypted
2.2. Right-click the folder, choose Right-click the folder, choose Properties Properties
3.3. On the On the GeneralGeneral tab, click tab, click AdvancedAdvanced
4.4. Check Check Encrypt contents to secure Encrypt contents to secure datadata and click and click OKOK
20
Encrypting Folder Contents Encrypting Folder Contents (continued)(continued)
21
Encrypting Folder Contents Encrypting Folder Contents (continued)(continued)
5.5. Click Click ApplyApply
6.6. If necessary, click If necessary, click Apply changes Apply changes to this folder, subfolders, and to this folder, subfolders, and filesfiles, click , click OKOK
7.7. A file saved in this folder is A file saved in this folder is automatically encryptedautomatically encrypted
22
The Cipher CommandThe Cipher Command For use when encrypting a large number For use when encrypting a large number
of files or folders from a command of files or folders from a command prompt or using a batch fileprompt or using a batch file
CIPHER [/E, /D] [/S:dir] [pathname[…]]CIPHER [/E, /D] [/S:dir] [pathname[…]] /E encrypts specified files or folders/E encrypts specified files or folders /D decrypts specified files or folders/D decrypts specified files or folders /S:dir applies the action to the specified /S:dir applies the action to the specified
folder (directory) and all its subfoldersfolder (directory) and all its subfolders Pathname is the name of the file/folder and Pathname is the name of the file/folder and
its path that is to be encrypted/decryptedits path that is to be encrypted/decrypted
23
The Windows NT/2000/XP RegistryThe Windows NT/2000/XP Registry Hierarchical database containing Hierarchical database containing
information about all hardware, information about all hardware, software, device drivers, network software, device drivers, network protocols, and user configuration protocols, and user configuration needed by the OS and applicationsneeded by the OS and applications
Organization Organization Viewing contents Viewing contents Back up and recoveryBack up and recovery Making changesMaking changes
24
How the Registry Is OrganizedHow the Registry Is Organized
Logical organizationLogical organization
Upside-down tree structure of keys, Upside-down tree structure of keys, subkeys, and valuessubkeys, and values
Physical organizationPhysical organization
Stored in five files called Stored in five files called hiveshives
25
Logical Organization of the Logical Organization of the RegistryRegistry
26
Windows Registry EditorWindows Registry Editor
27
Five Subtrees of the RegistryFive Subtrees of the Registry
28
Physical Organization of the Physical Organization of the RegistryRegistry
Registry is stored in five files called hives
29
Editing the RegistryEditing the Registry
Modified automatically when you make Modified automatically when you make a change (e.g., in Control Panel or a change (e.g., in Control Panel or Device Manager)Device Manager)
Rare occasions when you might need to Rare occasions when you might need to edit manuallyedit manually
Changes take effect immediately and Changes take effect immediately and are permanentare permanent
30
Registry EditorsRegistry Editors
Two versions under Windows NT/2000Two versions under Windows NT/2000 Regedt32.exeRegedt32.exe
Security menu allows you to apply Security menu allows you to apply permissions to keys and subkeyspermissions to keys and subkeys
Option to work in read-only modeOption to work in read-only mode
Regedit.exeRegedit.exe Used to search and view the registryUsed to search and view the registry
Under Windows XP, typing Regedit or Under Windows XP, typing Regedit or Regedt32 starts RegeditRegedt32 starts Regedit
31
Editing a Registry Subkey ValueEditing a Registry Subkey Value
32
Other Maintenance and Other Maintenance and Troubleshooting ToolsTroubleshooting Tools
Executed from a command line (.exe Executed from a command line (.exe file extension)file extension)
Microsoft Management Console snap-Microsoft Management Console snap-ins (.msc file extension)ins (.msc file extension)
Built into Windows XP (e.g., Safe Built into Windows XP (e.g., Safe Mode)Mode)
33
System Information WindowSystem Information Window
34
Windows UpdateWindows Update
An automated way to update the OS, An automated way to update the OS, applications, and device driversapplications, and device drivers
If no user interaction required, any If no user interaction required, any user can perform an updateuser can perform an update
If decisions must be made, only a If decisions must be made, only a user with administrative rights can user with administrative rights can updateupdate
35
Windows UpdateWindows Update (continued)(continued)
36
Windows UpdateWindows Update (continued)(continued)
37
Troubleshooting the Boot ProcessTroubleshooting the Boot Process Last Known Good Configuration (and Last Known Good Configuration (and
sometimes Driver Rollback)sometimes Driver Rollback) Safe Mode from Advanced Options menuSafe Mode from Advanced Options menu System RestoreSystem Restore Windows XP/2000 Boot diskWindows XP/2000 Boot disk Recovery ConsoleRecovery Console Automated System RecoveryAutomated System Recovery Reinstall Windows XP using Windows CDReinstall Windows XP using Windows CD
38
Advanced Options: Safe Mode and Advanced Options: Safe Mode and Last Known Good ConfigurationLast Known Good Configuration
39
System RestoreSystem Restore Similar to ScanReg, but cannot be Similar to ScanReg, but cannot be
executed from command promptexecuted from command prompt Process does not affect user data Process does not affect user data
on hard drive but can affect:on hard drive but can affect: Installed software and hardwareInstalled software and hardware User settingsUser settings OS configuration settingsOS configuration settings
Restores system state using a Restores system state using a restore pointrestore point
40
System RestoreSystem Restore (continued)(continued)
1.1. Click Click StartStart, , All ProgramsAll Programs, , AccessoriesAccessories, , System ToolsSystem Tools, and , and System RestoreSystem Restore
2.2. Click Click Restore my computer to an Restore my computer to an earlier timeearlier time, then click , then click NextNext
3.3. Select a restore point, click Select a restore point, click NextNext twice twice
4.4. Windows XP reboots and restores the Windows XP reboots and restores the system statesystem state
To revert the system to a restore point
41
System RestoreSystem Restore (continued)(continued)
42
MS-DOS Startup DiskMS-DOS Startup Disk
Create using Windows ExplorerCreate using Windows Explorer
Can access the drive and recover data Can access the drive and recover data files (if the hard drive is not using NTFS)files (if the hard drive is not using NTFS)
Cannot launch Windows XP or be used Cannot launch Windows XP or be used to recover from a failed installationto recover from a failed installation
43
Creating a Startup DiskCreating a Startup Disk
44
Files on the Startup DiskFiles on the Startup Disk
45
Windows XP Boot DiskWindows XP Boot Disk
Boot sector Boot sector
Master boot recordMaster boot record
Partition tablePartition table
NtldrNtldr
Ntdetect.comNtdetect.com
Boot.iniBoot.ini
Ntbootdd.sysNtbootdd.sys
Can bypass missing or damaged:
46
Windows XP Boot DiskWindows XP Boot Disk (continued)(continued)
Format a floppy using Windows Format a floppy using Windows 2000/XP and copy the following files 2000/XP and copy the following files to itto it Ntldr and Ntdetect.comNtldr and Ntdetect.com
If the system boots from a SCSI hard If the system boots from a SCSI hard drive, copy the SCSI device driver to the drive, copy the SCSI device driver to the floppy and rename it Ntbootdd.sysfloppy and rename it Ntbootdd.sys
Boot.iniBoot.ini
Write-protect the floppy diskWrite-protect the floppy disk
47
Automated System RecoveryAutomated System Recovery
Restores system partition to its state Restores system partition to its state when the backup was madewhen the backup was made
Changes made since last backup are Changes made since last backup are lostlost
Periodically make fresh copies of ASR Periodically make fresh copies of ASR disk setdisk set
48
Using ASR to Restore SystemUsing ASR to Restore System
1.1. Boot the PC from the Windows XP Boot the PC from the Windows XP CDCD
2.2. Press any key to boot from CDPress any key to boot from CD
3.3. If necessary, Press F6 to load RAID If necessary, Press F6 to load RAID or SCSI driversor SCSI drivers
4.4. Press F2 to run Automated System Press F2 to run Automated System Recovery ProcessRecovery Process
5.5. Insert ASR floppy diskInsert ASR floppy disk
49
Using ASR to Restore SystemUsing ASR to Restore System (continued)(continued)
50
Using ASR to Restore SystemUsing ASR to Restore System (continued)(continued)
Loads files it needs to runLoads files it needs to run
Repartitions and reformats the driveRepartitions and reformats the drive
Installs Windows from Windows XP CDInstalls Windows from Windows XP CD
Launches the Automated System Launches the Automated System Recovery Wizard to restore the system Recovery Wizard to restore the system state, applications, and datastate, applications, and data
51
Using ASR to Restore SystemUsing ASR to Restore System (continued)(continued)