How to differentiate between basic OS security settings
Installing the operating system and just using it is not the only thing that one should know about. In fact, one should also know that how can one protect himself from various threats. One of them is the security which is built up by setting some passwords so one should know about the users and the groups on the computer. Also, one should know about the user authentications, the folder sharing's and the NTFS sharing etc. If one knows about these techniques, he can better protect himself from many of the data stealing problems. Here are some techniques which one should know to protect himself;
User and groups
When one gets logged in to the computer, it may happen that he gets logged in normally or they might ask him the password. Also, when some certain software is opened, they normally ask for the administrator's permission. That happens since there are some users and the groups which have been created in the computer's OS. Here they are;
Administrator: When one starts the windows, then one can see that if he doesn't have that auto login capability and it is enabled, then one would be shown the view which would actually ask him to put his username and the password there. One will also find the list of the accessing users which have been defined by the operating system. The most amazing thing Is, that the groups are given too, in the form of the list, of which these users can become the members of. One would hence be able to access all of the administrative files and some resources, directories, etc. Also; one can take advantage of the whole group at single time by having the advantage off this functionality. In the windows, if one goes to the computer management, one would find that there are some lists of the groups and the users which are local to the computer. There one would be finding some users which get added to the OS automatically. One of them is known as the administrator. This is someone who do all of the things and anything in the OS. Hence he is like some super user.
Power user: These are the groups that one can create for himself. They normally sound pretty good. But they might not have that much access to the OS as a normal user can have. If someone wants to have the access to one's own operating system and want to create access for them too to the local printer then this one is useful... Hence it is a good way for that process especially when the number of people there is too large.
Guest: This kind of user is configured all automatically. Normally, this user is disabled by the default. But one should be there assignment so that anyone who isn't the user of computer can log into it. Normally, this type of account isn't used so much. But if someone needs some of the generic login for the users, then it can be a good way.
Standard user: This user group is very simple. This is the group for the normal people who either don't want to be the administrator, the power users or the guests. They can have access to many of the features but of course not to the hidden files which belong to the administrator account only. One might find so many of the files with the $ sign on them, it means they ant open it up. Also, if someone opens up folder options then he would find some of the hidden files too. They are only visible to the administrator and if one try to open them, one would be asked for the administration's permission.
NTFS vs. Share permissions:
The permissions of the NTFS are the parts of the file systems of the computer. This means that if one is sitting at the computer, then those NTFS files sharing permissions would apply to him. If one is going to get some access to the files across the network, then these NTFS permissions would be applied to one. Anyone who wants to have access to the files would have to go to the file system and there the NTFS permissions would be applied. If someone is coming in across the network, then these share permissions would be applied as well. So, one would be combining two of the things all together. Now one would not only have to be thinking about the NTFS permissions, but about the share permissions as well.
The permission type which is more restricted would always win the battle so if someone is setting up an account and getting some access to the directory of some completely open access to write and need in the NTFS, and someone sets up the same share across the network and then the share permission has been set only to be read, then for everything, then default permission would be read only. One would know that the share permission is very restrictive. So it is the one which would be applied.
Allow vs. deny: One should know that the NTFS files are pretty useful and it has allowed one to use too much flexibility forth allowing and not allowing the access to some certain files and the file system. If one takes a look at the NTFS and sees the file system there, one would find so many permissions which are available there. One hence can set some good controls, red, modify the settings and can execute the folder contents. Also he can read and write them down. Also, there are some of the other permissions as well. This system is very flexible and it is built in the system itself. So if someone wants to have some try and tries to sit by and tries to log into one's system. They then would have the access to the files which are configured into the NTFS files system. But someone can't sit by one's computer to access the files. One is now connecting to the networks and building the shares out.
Moving vs. copying folders and files: Moving the folders and files is different from coping them. There are some certain advantages which have been associated to both of them. Like, while moving, one can ensure that data is centralized and there is only one place where it is located, that is the specific folder where it has been moved. This way, the folder gets a new path and one cannot find the file using the old path of the folder. The coping of the files and the folders is something having bigger scope than moving. Like if someone copies a file from place A to B, and then there would be two places the files would be stored. This thing doesn't follow the centralization but, it can be very useful since the data can be accessed now from two of the points. Also, now the file would be having two paths and same happens in the case of folder or any other object. One thing here is that when someone is moving any file or the folder, one might be asked for the permission. Normally it is asked for those files which are under restriction of movement like the administrative files. If someone logs into using the standard account or the guest account, one might be even be able to see and if he does, he might be asked to do that as the administrator. The common example of that is when we log in using the same group; they ask one for the permission as well. So copying them resets the permission for the copied folder.
File attributes: When it comes to sharing, there are many attributes which are sown by the files and the folders. The files normally inherit the permissions of the other files. Also, when they are copies, the copies file would get the permission reset.
Shared files and folders
Administrative shares vs. local shares: The thing about sharing is that the administrator sharing has more power than the local shares. If one enables the printer sharing and the file sharing in the windows, the one can access them all through some remote machine. Using the windows sharing administration folders which can be any folder with the $ sign can be an easy task. One would have to enable the access to the folders if someone is going to get them opened through some local account.
Permission propagation: Permission propagation means that when permission is set for one thing, it spread for the other things as well. Like if some folder has some permission set up, then if someone makes a folder within it, the new folder would have sane permission settings.
Inheritance: When one would be busy in organizing the folders, he would surely move some folders and would put some folders into other folders as well. In these cases, there is some permission which is going to get inherited from the top of the object, all the way from the other folders. If someone defines some permission ate the top of them, then one would observe that they will come down all the way using that specific tree. Their properties would be based on parent's objects. If someone takes the files and then copies then to the
System files and folders:
There are some of the files and folders which are necessary for the running of the operating system. They are the part of it and hence they cannot be deleted and one might make some changes in them. They are the system files and the folders one should be extremely careful when trying to modify them since if interrupted in bad way; they can surely damage the system's performance. These files cannot be accessed through anyone and normally, only an administrator has the dole authority to access those files and the folders.
The NTFS and the sharing permissions would not be useful if there is no way through which one can authenticate the people in the operating system. One would want to make sure that the people who are using those resources are real. So, one would like to set some passwords so that the risk can be handled. One might have some of the other authentications as well. One can use bio metrics which means adding a finger print scanner in the computer or maybe installing some smart card into the system.
Single sign-on: There are several capabilities that windows OS have to enable people use the single sign on ability. That is normally on the windows domain. When one logs into the windows domain, then it recognizes one no matter which resources is used. So if someone decides to go to the printer, if one share any file on the server, of someone shares the file of some other server etc., one would not be forced to type in the passwords again and again. This domain, in which one logs into, is called as the single sign on. When one logs into it once, then it would never be prompted again. This is the exact expedience that one can want from his user end. They would have to get authenticated only once so they can have access to all the resources which are appropriate for one.
The security of the operating system is one of the basic things that one would need since one can have much precious data stored over there. So there is some permission which has been set for many of the folders and also for accessing those files and the folders, one might be asked to have some unique identification. One might be asked to have some passwords and the username to access the system if the sharing is done for the entire network. This can allow one to know that the one who is accessing the permission is human. Also, there can be some several groups which one can create which limit to the power of that specific user. Hence, one can apply all these practices to make the computer and the data as secured as possible.