This week’s lesson focused on how Windows grants and manages system access to individual users.
They talked about the difference between authentication and authorization, authentication is the process of ensuring the user is who they say they are, and authorization is the process of granting them rights to access network resources. Users can be created and managed in the Users applet in Control Panel in Windows 7 and 8, and the PC Charms applet in Windows 8.1; user can also be managed through the Computer Management applet.
Windows contains a credential manager to contain different types of credentials held on the user’s system. It’s possible to run applications using a different user’s credentials suing the Run As command, or by using shift-right click on an application icon. Windows 8 requires a local Group Policy setting change to allow this behavior.
In Windows 8, you can use alternative methods of authentication, including a Pactire Password as well as a 4 digit PIN. You can also use a Microsoft Account to authenticate.
The material then talked about resource sharing. Windows 7 and 8 now have right-click sharing from the file explorer shell, as well as the more familiar advanced sharing available in prior versions.
Windows also allows network resources such as printers to be shared and managed by remote users as well. Windows 7 and 8 also have a built in sharing feature, called HomeGroup in Windows 7 and PrivateGroup in Windows 8. Windows 7 also provides for libraries, which allow files from different folders to be grouped in one place. The library can then be accessed with the same rights management available for standard folders.
The lesson continued by discussing auditing actions that are available to the system administrator. There are many different actions that can be audited for either success or failure. The great deal of content this week concluded with a look at Windows Encrypting System (EFS), which allows files and folders to be stored in an encrypted manner on the file system. This is allowed by issuing a user certificate that uses a public and private key pair to encrypt and decrypt the file.
The final lesson was on BranchCache, which is a method whereby content can be made available for a location with unreliable internet access. It can be used to improve speed on low bandwidth connections. Cached data is encrypted using IPSec and transmitted by HTTPS.
Another interesting if slightly overwhelming lesson, lots more good stuff anticipated next week!
Sunday, September 28, 2014
Sunday, September 21, 2014
Lesson Four: Application Management
This week's lesson continued a trend of introducing new and interesting stuff that Microsoft has built into their modern client operating systems. In this lesson we concentrated on application management in Windows 7 and Windows 8. In these operating systems, the kernel has been entirely rebuilt in order to introduce security measures that didn't exist in earlier versions of Windows. In Windows XP and earlier, many application expect to run with administrative controls. Beginning with Windows Vista, Microsoft introduced the User Account Control (UAC), which intercepts and informs the user of application requests for elevated privilege. This can be managed in different ways through local security policy if needed.
If an organization needs to use an application that was written for older versions of Windows, one can use the Microsoft Application Compatibility Toolkit (ACT) to provide access with Windows 7 or 8, or edit compatibility setting manually for the current user or all users on a system. In Windows 7 Professional and above, there is also a Windows XP virtual machine that is available to run the application in a virtualized environment.
Another fascinating development is the App-V server, built into Windows Server 2012. This server role allows deployment of applications only to designated systems if and when needed. The organization can choose to stream the app from one or more servers as needed, or to cache the app on the user's machine. This allows organization to only purchase as many seat licenses as they might need, rather than the common practice of buying a copy of an app for each machine in the organization.
The lesson closed with a look at managing apps in the Windows Store. This effort to keep your application dollars flowing to Redmond can be managed in great detail or disabled completely by the system administrator.
This lesson was really eye-opening; looking forward to much more in the weeks to come!
Sunday, September 14, 2014
Lesson Three: Network Configuration
This week's lesson in Advanced Windows Workstation
concentrated on network configuration on Windows 7 and 8 machines. This included good material on IP4 and IP6
implementations, as well as wireless networking configuration and using the
built-in Internet Connection Sharing.
The lesson concluded with a look at the Windows Firewall, and how to
configure it properly.
An interesting thing that was highlighted is the use of
Window Power Shell commands to configure the firewall. This replaces the
familiar netsh command, which is deprecated and may no longer be available in
future Windows editions. The Windows
firewall can be now controlled and configured from the Power Shell applet in
Windows 7 and Windows 8 computers.
Another bunch of interesting information -- looking forward to more to come!
Sunday, September 7, 2014
Lesson Two: Hardware Management
This week’s lesson in Advanced Windows Workstation focused on hardware management. This included a great deal of information about configuring computers running the Windows 7, 8 and 8.1 operating system.
The first module contained data about installing devices and device drivers, managing installed devices and staging device drivers so that local users do not have to go to Windows Update to get a driver. This has the advantage of allowing the sysadmin to block access to Windows Update, thereby ensuring that any drivers used will have been provided by the system administrator.
Another module talked about working with displays and how to optimize the system display. This was followed by information about working with system storage devices and introduces Windows 8's Storage Spaces feature. This allows a local machine to contain logical hard drives consisting of more than one physical device. This can be used for increased storage or to provide failover tolerance.
The lesson this week also talked about disk optimization and treatment of removable storage. It ended with a primer on OneDrive, Microsoft's cloud storage solution. This is used with a separate installed app on Windows 7 and 8.0, but is built into the File Explorer shell in Windows 8.1.
Overall, this was an interesting lesson that built on the foundation we began last week. Looking forward to more experience that will help me learn appropriate materials for the Windows Client Pro certification.
The first module contained data about installing devices and device drivers, managing installed devices and staging device drivers so that local users do not have to go to Windows Update to get a driver. This has the advantage of allowing the sysadmin to block access to Windows Update, thereby ensuring that any drivers used will have been provided by the system administrator.
Another module talked about working with displays and how to optimize the system display. This was followed by information about working with system storage devices and introduces Windows 8's Storage Spaces feature. This allows a local machine to contain logical hard drives consisting of more than one physical device. This can be used for increased storage or to provide failover tolerance.
The lesson this week also talked about disk optimization and treatment of removable storage. It ended with a primer on OneDrive, Microsoft's cloud storage solution. This is used with a separate installed app on Windows 7 and 8.0, but is built into the File Explorer shell in Windows 8.1.
Overall, this was an interesting lesson that built on the foundation we began last week. Looking forward to more experience that will help me learn appropriate materials for the Windows Client Pro certification.
Subscribe to:
Posts (Atom)