DACL is a list of Access control entries; it defines access control for users and groups. 2) Why would you add permissions to a group instead of the individual? What policy definition do you think is required to support this type of access control implementation? When adding permissions to a group it makes it easier for a large organization and just set up the access for the departments, or job roles. Creating GPO is best use for this job. 3) List the 5 different access control permissions that can be enabled on user folders and data within a Microsoft Windows Server.
Full Control, Modify, Read & Execute, Read, Write, Special permissions. 4) What is the lowest level of permission you can enable for a user who must view the contents of a folder and its files? Why is this type of permission necessary? Read permission, this permission is necessary to allow the user of a group to get information of another department in the business.
5) What are other available Password Policy options that could be enforced within a Microsoft Windows Server to improve security?
Under account options you can have the user either change and make their own password upon next logon, make it so they cannot change the password unless allowed to by admin, make the password expire or not, and enable reversible encryption. 6) Is using the option to Store passwords using reversible encryption a good security practice? Why or why not? When should you enable the option to Store passwords using reversible encryption? It is known as not a normal practice, it is used for applications or programs to read the users password for permission to use.
It stores the password as plain text, and used in last resort situations where there is no need to protect the password or other options are outweighed for risk. 7) What’s the difference between a Local Group Policy and a Domain Group Policy? Local Group Policy; each computer has exactly one Group Policy object that is stored locally. This processes for both computer and user Group Policy processing. Domain Group Policy is a global setting for all groups in the domain. 8) In what order are all available Group Policies applied? There is the default applied, and new policies are applied after by linking to active directory. 9) What is an Administrative Template as it refers to Windows Group Policy Objects? Administrative templates can be used to have settings for users and what they can access on windows, programs etc. and can have folders redirected. By default some are enabled and have windows default settings. Templates can be useful for managing groups. 10) What is the GPMC? How can GPMC help ensure proper access controls are implemented correctly? The Group Policy Management Console unifies policies across a forest or enterprise in one console, and can easily create policies for groups and set their access.