Implementing Access Controls with Windows Active Directory
Overview
In this lab, you used the Active Directory Domain Controller to secure the C-I-A triad, ensuring confidentiality and integrity of network data. You created users and global security groups and assigned the new users to security groups. You followed a given set of access control criteria to ensure authentication on the remote server by applying the new security groups to a set of nested folders. Finally, you verified that authentication by using the new user accounts to access the secured folders on the remote server.
Lab Assessment Questions & Answers
1. Relate how Windows Server 2012 Active Directory and the configuration of access controls achieve C-I-A for departmental LANs, departmental folders, and data.
2. Is it a good practice to include the account or user name in the password? Why or why not?
3. What are some of the best practices to enhance the strength of user passwords in order to maximize confidentiality?
4. Can a user who is defined in Active Directory access a shared drive on a computer if the server with the shared drive is not part of the domain?
5. Does Windows Server 2012 R2 require a user's logon/password credentials prior to accessing shared drives?
6. When granting access to network systems for guests (i.e., auditors, consultants, third-party individuals, etc.), what security controls do you recommend implementing to maximize CIA of production systems and data?
7. In the Access Controls Criteria table, what sharing changes were made to the MGRfiles folder on TargetWindows01-DC server?
8. In the Access Controls Criteria table, what sharing changes were made on the TargetWindows01-DC server to allow Shopfloor users to read/write files in the C:\LabDocuments\SFfiles folder?
9. In the Access Controls Criteria table, what sharing changes were made on the TargetWindows01-DC server to allow HumanResources users to read/write files in the C:\LabDocuments\HRfiles folder?
10. Explain how C-I-A can be achieved down to the folder and data file access level for departments and users using Active Directory and Windows Server 2012 R2 access control configurations. Configuring unique access controls for different user types is an example of which kind of access controls?