This week’s lesson focused on how Windows grants and manages system access to individual users.
They talked about the difference between authentication and authorization, authentication is the process of ensuring the user is who they say they are, and authorization is the process of granting them rights to access network resources. Users can be created and managed in the Users applet in Control Panel in Windows 7 and 8, and the PC Charms applet in Windows 8.1; user can also be managed through the Computer Management applet.
Windows contains a credential manager to contain different types of credentials held on the user’s system. It’s possible to run applications using a different user’s credentials suing the Run As command, or by using shift-right click on an application icon. Windows 8 requires a local Group Policy setting change to allow this behavior.
In Windows 8, you can use alternative methods of authentication, including a Pactire Password as well as a 4 digit PIN. You can also use a Microsoft Account to authenticate.
The material then talked about resource sharing. Windows 7 and 8 now have right-click sharing from the file explorer shell, as well as the more familiar advanced sharing available in prior versions.
Windows also allows network resources such as printers to be shared and managed by remote users as well. Windows 7 and 8 also have a built in sharing feature, called HomeGroup in Windows 7 and PrivateGroup in Windows 8. Windows 7 also provides for libraries, which allow files from different folders to be grouped in one place. The library can then be accessed with the same rights management available for standard folders.
The lesson continued by discussing auditing actions that are available to the system administrator. There are many different actions that can be audited for either success or failure. The great deal of content this week concluded with a look at Windows Encrypting System (EFS), which allows files and folders to be stored in an encrypted manner on the file system. This is allowed by issuing a user certificate that uses a public and private key pair to encrypt and decrypt the file.
The final lesson was on BranchCache, which is a method whereby content can be made available for a location with unreliable internet access. It can be used to improve speed on low bandwidth connections. Cached data is encrypted using IPSec and transmitted by HTTPS.
Another interesting if slightly overwhelming lesson, lots more good stuff anticipated next week!
No comments:
Post a Comment