Controlling User Accounts, Spam, and Destructive Software: A Comprehensive Guide - Prof. W, Cheat Sheet of Information and Communications Technology (ICT)

A detailed guide on managing user accounts, detecting and removing destructive software, and identifying and stopping spam. It covers topics such as user account types and privileges, managing user accounts, modifying default security policies, monitoring emails, accessing information services, identifying security gaps, and configuring anti-virus software. It also includes practical exercises and a lap test.

Typology: Cheat Sheet

2023/2024

Uploaded on 03/14/2024

abu-9
abu-9 🇪🇹

3 documents

1 / 55

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
HARDWARE AND NETWORKING
SERVICE LEVEL – I
Based on March 2022, Curriculum Version 1
Module Title: Protection Application or System
Software
Module code: EIS HNS1 M06 0322
Nominal duration: 50 Hour
August, 2022
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37

Partial preview of the text

Download Controlling User Accounts, Spam, and Destructive Software: A Comprehensive Guide - Prof. W and more Cheat Sheet Information and Communications Technology (ICT) in PDF only on Docsity!

HARDWARE AND NETWORKING

SERVICE LEVEL – I

Based on March 2022, Curriculum Version 1

Module Title: Protection Application or System

Software

Module code: EIS HNS1 M06 0322

Nominal duration: 50 Hour

August, 2022

Prepared by: Ministry of Labor and Skill Addis Ababa, Ethiopia Page 2 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

Acknowledgment

Ministry of Labor and Skills wish to extend thanks and appreciation to the many representatives of TVET instructors and respective industry experts who donated their time and expertise to the development of this Teaching, Training and Learning Materials (TTLM). Page 4 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

Acronym Pc - Personal Computer GPO – Group policy Organization E-Mai l- Electronic Mail EOP - Exchange online protection MSA - Managed service account Page 5 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

Unit one: user accounts are controlled

This unit is developed to provide you the necessary information regarding the following content coverage and topics:  User account type/privileges  Managing user accounts  Modifying default security policy  displaying appropriate logon legal notices  Monitoring emails  Accessing information service

  • Identifying security gaps
  • Taking appropriate actions This unit will also assist you to attain the learning outcomes stated in the cover page. Specifically, upon completion of this learning guide, you will be able to:  Identify User account type/privileges  Manage user accounts  Modify default security policy  display appropriate logon legal notices  Monitor emails  Access information service
  • Identify security gaps
  • Take appropriate actions Page 7 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

1.1. User Account Type/Privileges What is user Account A user account allows you to sign in to your computer. By default, your computer already has one user account, which you were required to create when you set up your computer. If you plan to share your computer with others, you can create a separate user account for each person. Using separate user accounts At this point, you may be wondering why you would even need to use separate user accounts. But if you're sharing a computer with multiple people for example, with your family or at the office user accounts allow everyone to save their own files, preferences, and settings without affecting other computer users. When you start your computer, you'll be able to choose which account you want to use.  Following are different Types of user accounts with their privilegesAdministrator, Standard, and Managed accounts Before you create new user accounts, it's important to understand the different types.  Administrator :

  • Administrator accounts are special accounts that are used for making changes to system settings or managing other people's accounts.
  • They have full Control and access to every setting on the computer. Every computer will have at least one Administrator account, and if you're the owner you should already have a password to this account.  If you have administrator credentials,
  • You can change the properties of any user account.
  • You can also change the account type from Administrator to Standard User (provided that at least one Administrator account remains on the computer) or vice versa.
  • You create computer accounts and designate permission levels from the Family & Other Users pane of the Accounts category page of the Settings window.  Standard :
  • It have limited or restricted access privilege
  • Standard accounts are the basic accounts you use for normal everyday tasks. As a Standard user, you can do just about anything you would need to do, such as running software or personalizing your desktop.  Standard with Family Safety : Page 8 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

Guest Account:

  • Windows' guest account lets other people use your computer without being able to change PC settings, install apps or access your private files. That comes in handy when you have to share your computer temporarily.  Generally, it's safer to be signed in to a Standard account than an Administrator account. If you're logged in as an Administrator, it may actually make it easier for an unauthorized user to make changes to your computer. Therefore, you may want to create a Standard account for yourself, even if you're not sharing the computer with anyone. You'll still be able to make Administrator-level changes ; you'll just need to provide your Administrator password when making these changes. 1.2. User accounts Management An administrator can give other people access to the computer in one of three ways:  Create a user account that is linked to an existing Microsoft account.  Create a user account that is linked to an email address, and register that account as a Microsoft account.  Create a local account that isn’t linked to a Microsoft account.  Every user account has an associated user account name and can have a user account picture and a password. Any user can change the following details for his or her account:  Account name You can change the display name that appears on the Welcome screen and Start menu.  Account picture You can change the picture that identifies you on the Welcome screen and Start menu.  Password You can create or change the password. Page 10 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

All types of user accounts are visible in the Family & Other Users pane. However, the processes for managing family accounts and non-family accounts differ, so we cover them separately in the following sections to avoid confusion. Fig. 1.2.1. User account management You manage other user accounts from this pane, so the lists don’t include your account

  • Only administrators can create user accounts if you’re signed in with a standard user account, you don’t have the option to do so. When you create a user account, you must designate whether the user is part of your family group.
  • When you first add a user account, it is identified in lists by its email address or by the name you give it. You can change the user account name (and delete user accounts) from the Users node of the Computer Management console.
  • If a person is not going to sign in to a specific computer again, it’s a good idea to delete his or her user account. This will clean up the user account lists and recover the hard-drive space that is used by that user’s data.
  • If you don’t want to delete the user account data, you can disable the account instead of deleting it. Page 11 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

1. 3. Default security policy Modification Applying Security policy settings on Windows 10 and Windows 11 Security policy settings are rules that administrators configure on a computer or multiple devices for protecting resources on a device or network. The Security Settings extension of the Local Group Policy Editor snap-in allows you to define security configurations as part of a Group Policy Object (GPO). The GPOs are linked to Active Directory containers such as sites, domains, or organizational units, and they enable you to manage security settings for multiple devices from any device joined to the domain. Security settings policies are used as part of your overall security implementation to help secure domain controllers, servers, clients, and other resources in your organization. Security settings can control:  User authentication to a network or device.  The resources that users are permitted to access.  Whether to record a user's or group's actions in the event log.  Membership in a group. To manage security configurations for multiple devices, you can use one of the following options:  Edit specific security settings in a GPO.  Use the Security Templates snap-in to create a security template that contains the security policies you want to apply, and then import the security template into a Group Policy Object. A security template is a file that represents a security configuration, and it can be imported to a GPO, applied to a local device, or used to analyze security. For more info about managing security configurations, see Administer security policy settings. Page 13 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

The Security Settings extension of the Local Group Policy Editor includes the following types of security policies:  Account Policies. These policies are defined on devices; they affect how user accounts can interact with the computer or domain. Account policies include the following types of policies: o Password Policy. These policies determine settings for passwords, such as enforcement and lifetimes. Password policies are used for domain accounts. o Account Lockout Policy. These policies determine the conditions and length of time that an account will be locked out of the system. Account lockout policies are used for domain or local user accounts. o Kerberos Policy. These policies are used for domain user accounts; they determine Kerberos-related settings, such as ticket lifetimes and enforcement.  Local Policies. These policies apply to a computer and include the following types of policy settings: o Audit Policy. Specify security settings that control the logging of security events into the Security log on the computer, and specifies what types of security events to log (success, failure, or both).  For devices running Windows 7 and later, we recommend to use the settings under Advanced Audit Policy Configuration rather than the Audit Policy settings under Local Policies. o User Rights Assignment. Specify the users or groups that have sign-in rights or privileges on a device o Security Options. Specify security settings for the computer, such as Administrator and Guest Account names; access to floppy disk drives and CD-ROM drives;  Software Restriction Policies. Specify settings to identify software and to control its ability to run on your local device, organizational unit, domain, or site.  Application Control Policies. Specify settings to control which users or groups can run particular applications in your organization based on unique identities of files.  Advanced Audit Policy Configuration. Specify settings that control the logging of security events into the security log on the device. The settings under Advanced Audit Policy Configuration provide finer control over which activities to monitor as opposed to the Audit Policy settings under Local Policies. Page 14 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

1.5. Manage email and account settings on Windows 10 E- Mail

  • E- Mail (electronic mail) is the exchange of computer-stored messages by tele communication. Email messages are usually encoded in American Standard Code for Information Interchange (ASCII) text. However, you can also send non text files, such as graphic images and sound files as attachments sent in binary streams.
  • If you use more than one account to access your emails and apps, use this guide to add them to your Windows 10 primary account to allow apps easier and faster access. Page 16 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

1. 6. Accessing information service Managing and Secure Service Accounts Microsoft service accounts are a critical part of any Windows ecosystem because they are used to run essential services and applications, from web servers to mail transport agents to databases. But all too often, they are not used and managed properly which leaves the organization at unnecessary risk of business disruptions, security breaches and compliance failures. Indeed, problems with service accounts are one of the top four issues that we at Quest uncover during security assessments. About Microsoft service accounts - A Microsoft service account is an account used to run one or more services or applications in a Windows environment. For example, Exchange, SharePoint, SQL Server and Internet Information Services (IIS) all run under service accounts. - The service account provides the security context for the service, in other words, it determines which local and network resources the service can access and what it can do with those resources. - Service accounts can exist on workstations, member servers and domain controllers (DCs). There are several types of Microsoft service accounts, each with its own advantages and disadvantages:  Built-in service account : On a local computer, you can configure an application to run under one of the three built-in service accounts: LocalService, NetworkService or LocalSystem. These accounts do not have passwords.  Traditional service account : - A traditional Microsoft service account is just a standard user account. Ideally, it should be an account created and used exclusively to run a particular service, but all too often, business users and admins use their regular user accounts as service accounts in the name of expediency. Unlike the built-in service accounts, these accounts do have passwords. However, managing the passwords of hundreds or thousands of service accounts can get complicated very quickly, and changing a service account’s password introduces the risk of breaking the applications or services it is used to run. Therefore, many organizations set their service account passwords to never expire and never update them, which is not much better than having no password at all. - Traditional service accounts can be created like any other user account, such as with Active Directory Users and Computers (ADUC) or your identity management solution. Page 17 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

Self-check 1 Instruction I: Write True if the statement is correct and False if the statement is incorrect

  1. A user account allows you to sign in to your computer
  2. to share your computer with others, you can create a separate user account for each person
  3. Standard user account can change the properties of any user account
  4. It's safer to be signed in to a Standard account than an Administrator account
  5. User Rights Assignment, Specify the users or groups that have sign-in rights or privileges on a device
  6. Kerberos Policy are used for domain user accounts
  7. Password Policy determine settings for passwords Instruction II. Choosing
  8. Any user can his or her account A. Password D. All B. User Name E. None C. Picture
  9. _____ kind of user account have limited or restricted access privilege A. Standard D. All B. Administrator E. None C. Computer
  10. _______ kind of account let’s other people use your computer without being able to change PC settings, install apps or access your private files. A. Administrator D. All B. Guest E. None C. User Account
  11. Security settings can control: A. User authentication to a network or device. D. All B. The resources that users are permitted to access. E. None C. Membership in a group.
  12. To manage security configurations for multiple devices, you can use one of the following options: A. Edit specific security settings in a GPO C. A and B B. Use the Security Templates snap-in D. None Page 19 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022

Operation Sheet 1 Operation Title: Create local User AccountPurpose: To practice and demonstrate the knowledge and skill required in Creating User accountInstruction: you have given 20min and demonstrate to your trainer  Tools and requirement:

  1. Personal Computer
  2. Peripheral Devices  Precautions: take under consideration any required Safety measures during work  Procedures used to accomplishing the task
  3. Select Start > Settings > Accounts and then select Family & other users. (In some versions of Windows you'll see Other users .)
  4. Next to Add other user , select Add account.
  5. Select I don't have this person's sign-in information , and on the next page, select Add a user without a Microsoft account.
  6. Enter a user name, password, or password hint—or choose security questions—and then select Next.  Open Settings and create another account Change a local user account to an administrator account
  7. Select Start > Settings > Accounts.
  8. Under Family & other users , select the account owner name (you should see "Local account" below the name), then select Change account type.
  9. Under Account type , select Administrator , and then select OK.
  10. Sign in with the new administrator account Page 20 of 55 Ministry of Labor and Skills Protecting Application or System Software Version - August, 2022