CompTIA A+ 1202 Objective 2.2: Configure and Apply Basic Microsoft Windows OS Security Settings

Activation Methods:

• Windows Security App: Settings → Update & Security → Windows Security
• Group Policy: Computer Configuration → Administrative Templates → Windows Components → Microsoft Defender Antivirus
• Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
• PowerShell: Set-MpPreference cmdlets
• Command Line: sc config WinDefend start= auto

Update Methods:

• Automatic Updates: Default behavior - updates daily via Windows Update
• Manual Update: Windows Security → Virus & threat protection → Check for updates
• Windows Update: Updates delivered through Windows Update service
• Microsoft Update Catalog: Manual download of definition updates
• WSUS: Windows Server Update Services for enterprise environments

Activation Methods:

• Windows Security: Windows Security → Firewall & network protection
• Control Panel: Control Panel → System and Security → Windows Defender Firewall
• Command Line: netsh advfirewall set allprofiles state on
• PowerShell: Set-NetFirewallProfile -Enabled True
• Group Policy: Computer Configuration → Windows Settings → Security Settings → Windows Defender Firewall

Port Configuration:

• Inbound Rules: Control incoming connections to specific ports
• Outbound Rules: Control outgoing connections from specific ports
• Port Ranges: Configure rules for port ranges
• Protocol Support: TCP, UDP, and other protocols
• Source/Destination: Specify source and destination addresses

Application Rules:

• Program Rules: Allow or block specific applications
• Path-based Rules: Rules based on application file paths
• Service Rules: Rules for Windows services
• Predefined Rules: Built-in rules for common applications
• Custom Rules: User-defined application rules

Local Account:

• Offline Access: Works without internet connection
• Local Storage: Credentials stored locally on device
• Limited Integration: No integration with Microsoft services
• Administrative Control: Full control by local administrators
• Security: Relies on local password policies

Microsoft Account:

• Cloud Integration: Syncs across multiple devices
• Microsoft Services: Access to OneDrive, Office 365, etc.
• Two-Factor Authentication: Enhanced security options
• Password Recovery: Online password reset capabilities
• Single Sign-On: Access to multiple Microsoft services

Capabilities:

• Limited Privileges: Cannot install system-wide software
• User Data Access: Access to own files and folders
• Application Usage: Can run most applications
• Settings Modification: Can modify personal settings
• UAC Prompts: Requires elevation for administrative tasks

Capabilities:

• Full System Access: Complete control over system
• Software Installation: Can install and uninstall software
• System Configuration: Can modify system settings
• User Management: Can create and manage user accounts
• Security Risk: High privilege level increases security risk

Characteristics:

• Limited Access: Very restricted access to system
• Temporary Use: Designed for temporary access
• No Password: Typically no password required
• Profile Deletion: Profile deleted on logout
• Network Access: Limited network access

Legacy Account Type:

• Windows XP Era: Primarily used in Windows XP
• Limited Admin Rights: Some administrative privileges
• Deprecated: No longer available in modern Windows
• Replaced by: Standard user with UAC elevation

Traditional Authentication:

• Most Common: Standard authentication method
• Password Policies: Enforce complexity and expiration
• Account Lockout: Lock account after failed attempts
• Password History: Prevent password reuse
• Brute Force Protection: Rate limiting for login attempts

PIN Authentication:

• Device-Specific: PIN tied to specific device
• Quick Access: Faster than password entry
• Numeric Only: Typically 4-8 digits
• Local Storage: Stored securely on device
• Windows Hello: Part of Windows Hello authentication

Biometric Authentication:

• Windows Hello: Integrated with Windows Hello
• Hardware Required: Fingerprint reader hardware needed
• Multiple Fingers: Can register multiple fingerprints
• Secure Storage: Biometric data stored securely
• Fallback Options: PIN or password as backup

Windows Hello Face:

• Infrared Camera: Uses IR camera for depth mapping
• Liveness Detection: Prevents spoofing with photos
• 3D Mapping: Creates 3D facial map
• Lighting Independent: Works in various lighting conditions
• Privacy Focused: Data stays on device

SSO Implementation:

• Domain Authentication: Authenticate once to domain
• Kerberos Protocol: Uses Kerberos for authentication
• Token-based: Uses authentication tokens
• Seamless Access: Access multiple resources without re-authentication
• Centralized Management: Managed through Active Directory

Windows Hello Features:

• Biometric Authentication: Face, fingerprint, or iris recognition
• PIN Backup: PIN as fallback authentication
• Device Security: Tied to specific device hardware
• Enterprise Ready: Supports enterprise authentication
• Privacy Protection: Biometric data never leaves device

Permission Types:

• Full Control: Complete access including permission changes
• Modify: Read, write, execute, and delete
• Read & Execute: Read and execute files
• List Folder Contents: View folder contents
• Read: View files and folders
• Write: Create and modify files

Permission Levels:

• Full Control: Complete access over network
• Change: Read, write, and delete over network
• Read: View files over network
• Network Only: Apply only when accessing over network

Common Attributes:

• Read-only: Prevents modification of files
• Hidden: Hides files from normal view
• System: Marks files as system files
• Archive: Indicates file needs backup
• Compressed: File is compressed to save space
• Encrypted: File is encrypted using EFS

Permission Inheritance:

• Inherited Permissions: Permissions inherited from parent folders
• Explicit Permissions: Directly assigned permissions
• Effective Permissions: Final permissions after inheritance
• Block Inheritance: Prevent inheritance from parent
• Force Inheritance: Force inheritance to child objects

Administrator Mode:

• Elevated Privileges: Full system access
• System Changes: Can modify system settings
• Software Installation: Can install system-wide software
• Security Risk: Higher risk of malware infection
• UAC Bypass: Bypasses User Account Control

Standard User Mode:

• Limited Privileges: Restricted system access
• UAC Prompts: Requires elevation for admin tasks
• User Data Only: Access limited to user data
• Security Benefit: Reduced security risk
• Best Practice: Recommended for daily use

UAC Levels:

• Always Notify: Notify for all changes
• Notify Only When Apps Try to Make Changes: Default setting
• Notify Only When Apps Try to Make Changes (Do Not Dim): No desktop dimming
• Never Notify: Disable UAC (not recommended)

BitLocker Features:

• Full Disk Encryption: Encrypts entire system drive
• TPM Integration: Uses Trusted Platform Module
• Recovery Keys: Recovery options for forgotten passwords
• Pre-boot Authentication: Authentication before OS loads
• Enterprise Management: Centralized management via Group Policy

Portable Drive Encryption:

• USB Drive Encryption: Encrypts portable storage devices
• Password Protection: Password-based authentication
• Cross-platform: Works on Windows and other systems
• Automatic Unlock: Can auto-unlock on trusted computers
• Recovery Options: Recovery key for forgotten passwords

EFS Features:

• File-level Encryption: Encrypts individual files and folders
• Transparent Operation: Automatic encryption/decryption
• User Certificates: Uses digital certificates for encryption
• Recovery Agents: Designated recovery agents for data recovery
• NTFS Integration: Integrated with NTFS file system

Domain Join Process:

1. System Properties: Access System Properties → Computer Name tab
2. Change Settings: Click "Change" to modify computer name
3. Domain Selection: Select "Domain" and enter domain name
4. Authentication: Provide domain administrator credentials
5. Restart: Restart computer to complete domain join

Script Assignment:

• User Properties: Active Directory Users and Computers
• Profile Tab: Configure logon script path
• Group Policy: Assign scripts via Group Policy
• Script Types: Batch files, PowerShell, VBScript
• Execution Order: Scripts run in specific order

OU Management:

• Drag and Drop: Move objects between OUs
• Cut and Paste: Alternative method for moving objects
• PowerShell: Move-ADObject cmdlet for automation
• Group Policy Inheritance: OUs inherit policies from parent OUs
• Delegation: Delegate management of specific OUs

Home Folder Configuration:

• User Properties: Configure in user account properties
• Profile Tab: Set home folder path
• Drive Mapping: Map to specific drive letter
• Network Path: Use UNC path for network storage
• Permissions: Set appropriate permissions on home folder

Group Policy Management:

• Group Policy Management Console: Central management tool
• Policy Linking: Link policies to OUs, domains, or sites
• Policy Inheritance: Policies inherit from parent containers
• Policy Precedence: Local, Site, Domain, OU order
• Policy Enforcement: Force policy application

Group Types:

• Security Groups: Used for permissions and access control
• Distribution Groups: Used for email distribution
• Universal Groups: Can contain users from any domain
• Global Groups: Can contain users from same domain
• Domain Local Groups: Used for local domain resources

Redirection Options:

• Desktop: Redirect desktop to network location
• Documents: Redirect My Documents folder
• Pictures: Redirect Pictures folder
• Music: Redirect Music folder
• Videos: Redirect Videos folder