Windows File System and Permissions Explained -File system keeps data organized -Logical drives (local disk C), Folders, files -C drive files and folders: Perflogs: stores the system issues and other reports regarding performance Program Files and Program Files (x86): location where programs install Users: stored user information and data Windows: contains the code to run the OS and some utility tools -File Permissions: can be set by admin or privileged account applied to users and groups -Types of permissions Full Control: allows user/users/group/groups to set ownership of the folder, set permission for others, modify, read, write and execute files Modify: modify, read, write and execute files Read & execute: read and execute files List folder contents: list the contents (files, subfolders) of a folder Read: only read Write: write data to the specified folder.
Set permissions: right click on file folder > properties > security > edit > permission for user > Apply CMD - use tool “icalcs” Designations: I - inherited from parent container F - Full access M - Modify OI - object inherit IO - inherit only CI - contaier inherit RX - read and execute AD - Append data (add subdirectories) WD - write data and add files
Authentication -Process of verifying the identity of a person (object or service) -Local Auth: done using LSA LSA: Local Security Authority - keeps track of the security policies and the accounts that are on a computer system -Types of Active Directory: controls user access once logged on to a network
- On-premise: -has record of all users, PCs and Servers -protocols: NTLM, LDAP/LDAPS, KERBEROS NTLM: uses a challenge-response sequence of messages between client and server system. -NTLM provides authentication based on a challenge-response authentication scheme -NTLM does not provide data integrity or data confidentiality protection LDAP/LDAPS: supports encryption, credentials are not sent in plain text -Domain Controller can be considered a database of users, groups, computers and so on -user’s workstation using an API to the domain controller to validate and log in Kerberos: uses symmetric-key cryptography -requires a trusted 3d party
- Azure: -secure online authentication store -contains users and groups -supports SAML, OAUTH 2.0, OpenID Connect SAML: Security Assertion Markup Language -single sign-on standard -defines a set of rules/protocols that allow users to access web apps with single login -Service providers: systems and applications that user accesses throughout the day -Identity providers: system that performs user auth OAUTH 2.0: Standard that apps use to provide client applications with access -authorization server: issues access token -resouce owner grants permission to access the resource server with an access token -client passes it to the resouce server -resource server accepts the access token and must verify that it is valid OpenID Connect: auth standard built on top of OAUTH 2.0 -adds an additional token called an ID token -uses JSON Web Tokens (JWT) -user authentication