In this lab, you configured Windows Active Directory to create Department and User accounts, and setunique read/write folder and file access privileges. You used the Windows Configuration Applet and Group Policy Management console to crezate and test configurations and read/write of several files with specificaccess controls. You also used group policy objects to restrict access to certain users and groups at thedirectory, folder, and file level.
Lab Assessment Answers
1. They ensure that unauthorized access to information is prevented. They also allow data safe sharing amongst authorized parties.
2. Is it a good practice to include the account or user name in the password? Why or why not?
It is not a good practice. Unauthorized users wanting to gain access to your account may easily work out one’s password and access the legal user’s documents. They may also use software that cracks passwords, which may only encounter minimal difficulties in allowing access to one’s account.
3. Strength of user passwords could be achieved by ensuring that:
- The password should entail: numerals, lowercase letters, uppercase letters and special characters.
- It should not involve previously used names like username.
- Should not have few characters.
- One could also intersperse a word with other special keyboard characters.
4. Only users with domain user accounts are allowed access to the entire resources all through the domain, otherwise they will be allowed access to the local computer only. If the drive has been shared to the public folder, they may access it if they had initially logged into the system.
5. If they were initially logged in locally when they started their session, they may access files which have been copied to the Public folder. The folder may contain some preset sub-folders but one may manipulate the subfolders to their best interest.
6. Users have fewer privileges assigned to them. This is because computers have by far much more tasks and need more protection from malicious acts.
7. Ensuring that they are only granted access only to the data they need and all the rest is protected. One could also create a public folder and have all the data the guests may require in it. The guests could also be granted access to some files and folders but what they are not supposed to view is kept protected.
8. Create a new user. Go to sharing properties and enter ShopFloor, then click add. Members of the ShopFloor group are hence allowed access since they have been added to the group ShopFloor.
9. Allow the HR Manager to read and write files in HRfiles folder.
10. Enable a request for user ID and passwords at the certain levels. Information could also be encrypted to ensure that it does not come to exposure into the wrong people. Introducing some criteria to gaining access to the data thus ensuring information is not altered by unauthorized personnel. All hardware should be kept in good condition to ensure that it is performing at all times to prevent letdowns at usage.
Biometric access control.