A+ Guide to Managing and Troubleshooting Software 2e
Download
Report
Transcript A+ Guide to Managing and Troubleshooting Software 2e
Managing and
Supporting XP
Security Using Windows
NT/2000/XP
Two goals of security
1.
2.
Secure system resources, including
hardware and software, from improper use
Secure users’ data from improper access
Concept of user accounts is key to
understanding Windows XP
2
User Accounts and Profiles
Defines a user to Windows
Records information about the user (e.g.,
user name, account password, group
memberships, rights and permissions
assigned to the account)
Three types
Global (domain) user accounts
Local user accounts
Built-in user accounts
3
User Profiles
Created by the system after user logs on
for first time
Types
Roaming user profile
Mandatory user profile
Group profile
4
Viewing Profiles
5
Administering Local User Accounts
Password guidelines for users and
administrators:
Usernames can consist of up to 15
characters
Passwords can be up to 127 characters
Do not use a password that is easy to
guess
6
Administering Local User
Accounts (continued)
Use combination of letters, numbers, and
non-alphanumeric characters for greatest
security
Always set a password for the
Administrator account
Passwords can be controlled by
administrator, but generally, users should
be allowed to change their own
7
Creating a User Account
1.
Log on as the Administrator
2.
Open Computer Management
3.
Expand Local Users and Groups,
right-click Users, select New User,
enter user data, click Create
8
To Change User Account Type
1.
2.
3.
Click Change an account, click the
account to be changed
Select account data to be changed and
click Change the account type
Select account type, click Change
Account Type, click Back twice
9
Creating a User Account (continued)
10
User Groups
Efficient way for administrator to
manage multiple user accounts that
require same privileges and similar
profiles
Groups installed by Windows XP
Administrators
Backup Operators
Power Users
Limited Users
Guests
11
Creating a New User Group
1.
2.
3.
4.
Click Start, right-click My Computer,
select Manage
Expand Local Users and Groups
Right-click Groups folder, select New
Group
Enter group name, description, click Add
to add users, click Create
12
Creating a New User Group
(continued)
13
Disk Quotas
Limit how much disk space user has
access to
Does not specify location of files, just total
space allowed on a volume
Can be set only if you are using NTFS
14
Setting Disk Quotas
1. Log on as
Administrator, open
My Computer
2. Right-click disk,
select Properties
3. Click Quota tab,
check Enable
quota
management
15
Setting Disk Quotas (continued)
4. Click Limit disk space to, enter limit
5. Enter size for Set warning level to
6. Click Deny disk space to users
exceeding quota, click OK
16
EFS (Encrypted File System)
Encryption is the process of putting
readable data into code that must be
translated before it can be accessed
Protects data even when someone not
authorized to view files or folders has full
access to computer’s data storage
Applies only to Windows 2000/XP NTFS
file system
17
How to Use Encryption
Can be implemented at either the folder
or file level
Folder level is encouraged and
considered a “best practice” strategy
18
Encrypting Folder Contents
1.
2.
3.
4.
Locate the folder to be encrypted
Right-click the folder, choose
Properties
On the General tab, click Advanced
Check Encrypt contents to secure
data and click OK
19
Encrypting Folder Contents
(continued)
20
Encrypting Folder Contents
(continued)
5.
6.
7.
Click Apply
If necessary, click Apply changes to
this folder, subfolders, and files,
click OK
A file saved in this folder is automatically
encrypted
21
The Cipher Command
For use when encrypting a large number of
files or folders from a command prompt or
using a batch file
CIPHER [/E, /D] [/S:dir] [pathname[…]]
/E encrypts specified files or folders
/D decrypts specified files or folders
/S:dir applies the action to the specified folder
(directory) and all its subfolders
Pathname is the name of the file/folder and its path
that is to be encrypted/decrypted
22
The Windows NT/2000/XP Registry
Hierarchical database containing
information about all hardware,
software, device drivers, network
protocols, and user configuration needed
by the OS and applications
Organization
Viewing contents
Back up and recovery
Making changes
23
How the Registry Is Organized
Logical organization
Upside-down tree structure of keys, subkeys,
and values
Physical organization
Stored in five files called hives
24
Logical Organization of the
Registry
25
Windows Registry Editor
26
Five Subtrees of the Registry
27
Physical Organization of the
Registry
Registry is
stored in five
files called
hives
28
Editing the Registry
Modified automatically when you make a
change (e.g., in Control Panel or Device
Manager)
Rare occasions when you might need to
edit manually
Changes take effect immediately and are
permanent
29
Registry Editors
Two versions under Windows NT/2000
Regedt32.exe
Option to work in read-only mode
Regedit.exe
Security menu allows you to apply permissions
to keys and subkeys
Used to search and view the registry
Under Windows XP, typing Regedit or
Regedt32 starts Regedit
30
Editing a Registry Subkey Value
31
Other Maintenance and
Troubleshooting Tools
Executed from a command line (.exe file
extension)
Microsoft Management Console snap-ins
(.msc file extension)
Built into Windows XP (e.g., Safe Mode)
32
System Information Window
33
Windows Update
An automated way to update the OS,
applications, and device drivers
If no user interaction required, any user
can perform an update
If decisions must be made, only a user
with administrative rights can update
34
Windows Update (continued)
35
Windows Update (continued)
36
Troubleshooting the Boot Process
Last Known Good Configuration (and
sometimes Driver Rollback)
Safe Mode from Advanced Options menu
System Restore
Windows XP/2000 Boot disk
Recovery Console
Automated System Recovery
Reinstall Windows XP using Windows CD
37
Advanced Options: Safe Mode and
Last Known Good Configuration
38
System Restore
Similar to ScanReg, but cannot be
executed from command prompt
Process does not affect user data on
hard drive but can affect:
Installed software and hardware
User settings
OS configuration settings
Restores system state using a restore
point
39
System Restore (continued)
To revert the system to a restore point
1.
2.
3.
4.
Click Start, All Programs, Accessories,
System Tools, and System Restore
Click Restore my computer to an earlier
time, then click Next
Select a restore point, click Next twice
Windows XP reboots and restores the system
state
40
System Restore (continued)
41
MS-DOS Startup Disk
Create using Windows Explorer
Can access the drive and recover data files
(if the hard drive is not using NTFS)
Cannot launch Windows XP or be used to
recover from a failed installation
42
Creating a Startup Disk
43
Files on the Startup Disk
44
Windows XP Boot Disk
Can bypass missing or damaged:
Boot sector
Ntldr
Master boot record
Ntdetect.com
Partition table
Boot.ini
Ntbootdd.sys
45
Windows XP Boot Disk (continued)
Format a floppy using Windows 2000/XP
and copy the following files to it
Ntldr and Ntdetect.com
If the system boots from a SCSI hard drive,
copy the SCSI device driver to the floppy
and rename it Ntbootdd.sys
Boot.ini
Write-protect the floppy disk
46
Automated System Recovery
Restores system partition to its state when
the backup was made
Changes made since last backup are lost
Periodically make fresh copies of ASR disk
set
47
Using ASR to Restore System
1.
Boot the PC from the Windows XP CD
2.
Press any key to boot from CD
3.
4.
5.
If necessary, Press F6 to load RAID or
SCSI drivers
Press F2 to run Automated System
Recovery Process
Insert ASR floppy disk
48
Using ASR to Restore System
(continued)
49
Using ASR to Restore System
(continued)
Loads files it needs to run
Repartitions and reformats the drive
Installs Windows from Windows XP CD
Launches the Automated System Recovery
Wizard to restore the system state,
applications, and data
50
Using ASR to Restore System
(continued)
51