2.2 - CompTIA A+ Core 2

Windows Defender

Built-in anti-malware/anti-virus for Windows, found via the Windows Security app.

Real-time protection

A feature of Windows Defender Antivirus that operates continuously to protect against malware.

Update definitions

Refers to updating AV signatures to allow Windows Defender to identify new malicious software.

Windows Firewall

A security feature that monitors ingress/egress network traffic on a Windows machine for malicious activity.

Port security

Windows Firewall rules that allow or deny traffic on a specific port.

Application security

Refers to Windows Firewall rules that allow/deny traffic related to a specific application

Local account

A user account associated with a specific Windows device.

Microsoft account

A user account that allows settings to be synced between devices and integrates with Microsoft applications.

Domain account

Windows account centrally managed via Active Directory, commonly used in business environments.

Administrator

The Windows super-user account with full access and privileges on the system.

Standard account

A typical user account within Windows

User Account Control (UAC)

Windows utility that notifies the user when a program attempts to make changes that require administrative privileges.

Power user

A standard account with elevated privileges that allows slightly more control over the system settings than a typical user account. Permissions are removed for Windows Vista and later.

Username/password login

Common method to authenticate or log-in to a Windows OS. Includes a name, and a unique character string associated with an account.

Personal identification number (PIN)

Authentication/log-in method that involves the use of a 4-digit number.

Fingerprint

A biometric authentication method that scans and compares the ridges on someone’s fingers to a stored template.

Facial recognition

A biometric authentication method that scans a person’s face.

Single-sign on (SSO)

A user authentication process that allows a user to access multiple applications (or in this case, the OS), with one set of login credentials - typically Windows Domain/AD credentials.

Passwordless authentication

A secure method that allows users to log in without traditional passwords, often using biometrics such as facial recognition or PIN codes, exemplified by Windows Hello.

NTFS permissions

File system permissions that provide fine-grained control over access to files and folders - apply from both local and network connections. NTFS permissions also exhibit inheritance for files regulated by their parent folder.

Share permissions

Permissions that are applied when a user accesses a shared folder over a network - only applies for network connections.

NTFS vs. network share perms contrast

If there is a contrast between access settings (e.g, Deny for Shares and allow for NTFS - or vice versa), the most restrictive setting wins.

Explicit permission

Default permissions for a file/folder.

Inherited permissions

Permissions taken from the parent object (e.g., a folder) to the child object (sub-files, sub-folders). A permission is set once, and it applies to everything underneath

Explicit vs. inherited permissions conflict

Explicit permissions take precedence over inherited permissions.

Run as administrator vs. standard user

Standard users face limitations in accessing system files and settings that administrators do not. To bypass this, they must select "Run as administrator" for certain applications, even if they are in the Administrators group.

BitLocker

A feature that helps protect data through full disk encryption, requiring authentication for access.

BitLocker-To-Go

A feature that extends BitLocker encryption to removable drives for securing data on USBs.

Encrypting File System (EFS)

Allows for encryption of data with filesystems, requiring NTFS to operate.

Active Directory (AD)

A centralized database of everything on a network provided by Windows, allowing authentication and access control.

Domain

Logical group of users, computers, and resources - every domain has a name.

Domain controller (DC)

Centralized server that stores all information related to the AD domain database.

Joining a domain (process)

Navigate to your computer’s information in Windows Settings: (System → About). Click on “Domain or workgroup”: Enter the domain name you wish to join, then click OK to proceed with the authentication process and follow any on-screen prompts

Organizational units (OU)

Logical sections for organizing objects/devices in Active Directory.

Log-in script

A script that automates a series of tasks at login. Can be assigned to a specific user, group, or OU.

Assigning a log-in script (process)

Access the Domain Controller for the relevant domain, and select “Group Policy Management Editor” from the “Tools” drop-down. Right-click the relevant OU, and then select the “Create a GPO in this domain” option.

Moving objects within organizational units

Requires the Active Directory Users and Computers (ADUC) tool. Within ADUC, right-click on the object, click the “Move” option, and select the OU to which the object will be relocated.

Home folders

Networked folders designed to be alternative storage for users’ local drives.

Assigning home folders (process)

In ADUC, right-click the relevant OU, select all users, then click “Properties.” Go to the “Profile” tab, under “Home folder,” choose “Connect,” select a drive letter (e.g., “H:”), and specify the share location (e.g., \\SERVER\home\%username%).

Group Policy

A tool managed within Windows that provides a central console for login scripts, network configs, and security parameters.

Applying Group Policy (process)

Access the Domain Controller, select “Group Policy Management Editor” from the “Tools” menu. Right-click the relevant OU, choose “Create a GPO in this domain,” and enable the desired policy by double-clicking it. Finally, run gpupdate /force to update the Group Policy settings.

Security group

Groups used to assign permissions to shared resources.

Selecting security groups (process)

Go to Active Directory Users and Computers, find the user, right-click, select “Properties,” then the “Member Of” tab. Click “Add…,” type the group name, and select the security group.

Folder redirection

Redirects user folders to a networked share, allowing interaction as if they were local.

Configuring folder redirection

Go to Group Policy Management Editor → User Configuration → Folder Redirection. Select folders, set “Setting:” to Basic, and enter the redirected path (e.g., \\SERVER\home\%username%\Documents).