CYBER SECURITY (20CS54I) SUCHITRA/HARSHITHA

Chapter -04
WINDOWS SECURITY
Windows security is your home to manage the tools that protects your device and your data.
Virus and threat protection monitor threats to your device run scans and gets updates to help detect the
latest threats.
Components of windows security:

 System security
 Encryption and data protection
 Windows security baselines
 Virtual private network guide
 Windows defender firewall
 Virus and threat protection

Important security information

 Windows security is built into windows and includes an antivirus program called Microsoft
Defender Antivirus.
 If you have another antivirus application installed and turned on, Microsoft defender antivirus
will turn off automatically.
 If you uninstall the other app Microsoft defender antivirus will turn on automatically.
 If you are having problems receiving windows security updates see, fix windows update errors.
 To change your user account to an admin account.
Understand and customize Windows Security Features
Windows security is your home to manage the tools that protects your device and your data.
Virus and threat protection: Monitors threats to your device run scans and gets updates to help detect
the latest threats.
Account protection: Access sign in option and account settings including windows allow and dynamic
lock.
Firewall and network protection: Manage firewall setting and monitor what’s happening with your
network and internet connection.
App and browser control: Update settings for Microsoft defender smart screen to help protect your
device against potentially dangerous apps, files, sites and downloads.
You will have exploit protection and you can customize protection settings for your devices.
Device security: Review built in security options to help protect your device from attack by
Malicious software.
Device performance and help: View status information about your devices performance health and
keep your devices clean and up to date with the latest version of windows.
Family option: Keep tracks of your Kid online activity and the device in your household.
Customize how your device is protected with these Windows security features select start > settings
> update and security > windows security.

Dept. of Computer Science HEA Polytechnic 1

CYBER SECURITY (20CS54I) SUCHITRA/HARSHITHA

Status icons indicates your level of safety

 Green means there are not any recommended action right now.
 Yellow means there is a safety recommendation for you.
 Red is a warning that something needs your immediate attention.
Windows security infrastructure:
The windows infrastructure is set of capabilities available to enable Microsoft windows
technologies. In many cases the capabilities meet business needs regardless of the client platform or
technology they are not necessarily limited to Microsoft service options availability to include the
following:

 Active directory.
 Azura active directory for cloud-based identity service.
 Authentication integration via UWNETID and the group service.
 Windows domain via trust.
 Azura AD authentication.
 Name resolution service (DNS).
 Microsoft license activation.
Windows workgroups and accounts:

Workgroup is a peer-to-peer network setup using Microsoft window operating system. It is a

group of computers on a LAN that shares Common resource and responsibilities. You can easily createa
workgroup by connecting two or more PCs without going through a separate server Computer
In a workgroup each computer on the network is physic | ally connected to a router or switch. Each
computer that's a member of a work group can access shared resource in the network like files or printers
or share their own resource Withe the group.
While group is a group of computers that are connected into a network is not the same as a network. You
can Connect a computer to your network Without making it a member of a specific workgroup
You can even have multiple workgroups in the same network
How to setup a Windows10 workgroup
you can follow the steps to connect all your devices to a single windows Workgroup
Step1: Navigate to control panel > All control panel items > system. You will get to view basic
information about your computer
Step 2: Clicks on change setting under computer name domain and workgroup settings to arrive at the
system properties pop up.
Step 3: Click on change to rename this computer.

Step 4: Under the computer name or domain change popup you will have the option to join the
workgroup of your choice.
Step5: Ensure that the devices that you want in a particular workgroup are join to that workgroup in the
case the workgroup is name my work group

Dept. of Computer Science HEA Polytechnic 2

CYBER SECURITY (20CS54I) SUCHITRA/HARSHITHA

Active directory and group policy

Active directory is a database and setup services that connect users with the network resourcethen
need to get their work done. The database or directory contains critical information about your
environment including what users and Computers there are ad who’s allowed to do I what
for ex - The database might list 100 users account with details
Like each person’s job a title phone numbers and password It will also record their permissions
Managing active directory local users & Groups

 Local user management deals with managing users with group account that has stored locally
on windows
 Local user accounts are specific to a computer
 local user & groups is a part of the collection of tools that an administrator can use to manage
single computer as well
 Administrator can set permissions and write on a local user accounts or group accounts
 On the computer there by controlling access to files & folders
Local user Accounts
The user folder in the local user and group MMC snap-in display all the default user accounts
and the one's creating the administrator privileges the default accounts in the local user and group Utility
or the administrator tor account and the guest account.
The administrator account has the full control of the computer and can assign users rights &
access permission to user has needed it is only used for tasks that require administrative Credentials and
security.
The account is disabled by default the quest account is used by ppl who do not have any on that
computer. the administrator & quest accounts for disable by default.
Local groups
The group folders in the local user and groups MMC snap-in display on the local default groups
and the once created by administrator users with administrative privileges local groups can holds
administrator account, local user account Domain user. admin, guest account, Remote desktop user
accounts, computer account.
Management of local users and groups
Users & groups create in a create active directory around internet website local user account
and group operator on a single window client & cannot be moved b/w the computers

A local user can be used for the following on I windows client

 Authentication & Control

 Assignment of Rights
 Management of Resource Access
A local group is a set of one or more accounts managed on a single client consisting of local and
are active directory users’ local groups can also be used to manage access rights or assigns permissions to
several users at once depending on business need user requirements

Dept. of Computer Science HEA Polytechnic 3

CYBER SECURITY (20CS54I) SUCHITRA/HARSHITHA

A local group can have many members and a I user accounts can be a member of many groups
Opening local user
The following are some ways to open local users and group managers
Method 1: To run command
Go to start run type LUSRmgr.msc and hit enter
Method 2: Through the computer manager
Go to start type computer manager and hit enter. In the left pane of the computer management
window click local user and groups.

Creating a local user account:

The steps illustrate how to create a local user account

Step 1: Open local user and groups.

Step 2: Right click users and click new user.
Step 3: Type in the user name, full name and the description check or uncheck the password
requirement.
Step 4: Click create and close.

Resetting a password for a local user account

The following steps illustrate how to reset a local user account
step 1: Open local users and groups
step 2: Right click the required user accounts and click set password and click proceed.
Step 3: Type the new password in the new password fields and confirm password and click ok.
Deleting a local user account
The following steps illustrate how to delete a focal user account
Step 1: Open local users and group.
Step 2: In the left pane click system tool local user and groups right click the required user
account and click delete.
Creating a local group
The following steps illustrate how to create a Local user accounts group
Step 1: Open local user and groups.
Step 2: Right click groups and click new group.
Step 3: Type in the new group name & the description.
Step 4: click add to add members to the group. Specify the name of the group or the computer to be
Added.

Dept. of Computer Science HEA Polytechnic 4

CYBER SECURITY (20CS54I) SUCHITRA/HARSHITHA

Step 5: Click create & Close.

Deleting a local group
The following steps illustrate how to delete a local user account
Step 1: open local user and groups.
Step 2: Under groups click on the required group and click delete.

Windows as a service
End of support
There will be no new security updates non security updates free or paid assisted support options
or online technical content updates. Microsoft will continue to support at least one windows10 release
until 14 October 2025.
If you continue to use on unsupported version of windows your pc will still work but it will
become more vulnerable to security risk and viruses. your pc will continue to start and run but you will
no longer receive software updates including security updates from Microsoft.
Servicing channels:
There are three servicing channels in the windows

 Windows insider program

 General availability channel
 Long term servicing channel
The windows insider program provides organizations with the opportunity to test and provide
feedback on features that will be shipped in the next feature updates.
The general availability channel provides new functionality with feature update releases.
Organization can choose when to deploy updates from the general availability channel.
The long- term servicing channel which is designed to be used only for specialized devices such
as those that control media equipment’s or ATM machines receives new feature releases for every two
or three years.
Windows update
windows Update is a servicing tool.
Windows Update (Standalone): Provides limited control over feature updates with IT pas
manually configuring the device to be in the general a variability Channel organization can target which
devices differ updates by selecting the differ upgrades check box in start settings / Updates andSecurity
Advance option on a windows client device
Windows Update for Business; Includes control over update deferment and provides centralized
management using group policies. Windows Updates for Business can be used to differ updates by up
to 365 days depending on the version. These development options are available to client in the general
availability channel in addition to being able to use group policies to manage windows updates for
business either options can be configured without requiring any one premises infrastructures by using
Microsoft Intune.

Dept. of Computer Science HEA Polytechnic 5

CYBER SECURITY (20CS54I) SUCHITRA/HARSHITHA

Windows Server Update Service (WSUS):

Provides extensive control over updates and is natively available in the windows server
operating system. In addition to the ability to differ updated Organization can add an approval layer for
updates and choose to deploy them to specific computer or groups l of computer whenever ready
Microsoft configuration Manager: It provides the greatest | control over the servicing windows
as a service Is pros can differ updates approve them and have multiple options for targetingdeployments
and managing bandwidth usage and deployment times,
Windows Auto Pilot
Windows Auto Pilot is a collection of technologies used to setup and pre configure new devices
getting them ready for productive use. windows Auto Pilot can be lese used to deploy windowPC'S. You
can also use Windows Auto pilot to repurpose and recover Devices This solution enables an IT
department to achieve the above with the little to know infrastructure to manage the process easy &
Simple.
Windows auto pilot simplifies the windows devices for both IT and users from initial development
tool end of life using Cloud based services
1. Reduce the time IT spends & deploying manage.
2. Reduce the infrastructure required to maintain the devices. 3
Maximize ease of use for all types of end users.

Dept. of Computer Science HEA Polytechnic 6

CYBER SECURITY (20CS54I) SUCHITRA/HARSHITHA

Process overview of Windows Auto Pilot When initially deploying new windows devices, Windows
Autopilot use the DEM ( Original Equipment Manufacturer optimized versions of windows client the
version is pre-installed on the device so you don’t have to maintain custom images and private for every
device model instead of reimaging the devices your exciting windows installation can be transformed
into a business ready state that can

 Apply settings and policies

 Install Apps
 change the edition of windows being used to support advance features for ex- from windows
pro's to windows enterprises.

Once deployed you can manage windows devices with

1. Microsoft Intune.

2. Windows Update for Business

3. Microsoft End point configuration manager and other similar tools.
windows Virtual Desktop
Microsoft virtual Desktop infrastructure service is intended for enterprises service. It is often
used for specialized Workloads security and regulation heavy sector and elastic and remote work
demands. The Windows Virtual Desktop client can be accessed from variety of device types and
operating system Currently the client is accessible via the windows MAC via's Android. Web browser
to add a virtual desktop, open up the new task view pane by to clicking the task view button on the task
bar or pressing the window key plus tab.
If you don't see the task view button in your task bar right click on the task bar and click taskbar setting.
Third-party Patch Management
It is the process of installing patches to third party applications that are installed on your
companies end points to address bugs & vulnerabilities in the software Third-party patch is critical for
the security of your organization or computer that prevents data breaches A third-party application as a
software created by an independent vendor example of third party apps are Adobe Acrobat reader, Team
viewer, Evernote, Antivirus applications Google Chrome and etc.,
for ex: 7zip is a popular third-party app used for tele compression Google chrome is a
commonly used browser m Adobe acrobat Vieta reader is wild to open print & Sign pdf file.
Still not sure that you have to implement patch management.

 About 75% Cyber-attacks happens due to Vulnerabilities in Third-party applications.

 60% of cyber-attacks are caused because applications are not up to date.
 62% of the companies were unaware that they were vulnerable prior to the data breach.
 52% Of respondents set their organizations are at a disadvantage in responding to
vulnerabilities because they use manual process.

Dept. of Computer Science HEA Polytechnic 7

CYBER SECURITY (20CS54I) SUCHITRA/HARSHITHA

Process Observation & Analysis with the process Hacker

Windows Access control
Access control refers to security features that control who can access resource in the operating
system Application call access control functions to set who can access specific resource or control
access to resource provided by the application.
The security model for controlling access to windows objects such as files and for controlling
access to administrative functions such as setting the system time and auditing user action.

Privileges
A privilege is the right of an account such as user or group account to perform various system
related operations on the local computer such as shutting down the slm loading the device drives or
changing the system time privileges differ from access rights into two ways.

 privileges Control access to system resource and system related tasks whereas access rights
control access to securable objects.
 A system administrator assigns privileges to user and group accounts whereas the system grants
or denies access to a securable object based on the access right granted in the ACE is in the
objects DACL.
NTFS permissions
New Technology File System
NT file system NIES) is a process that the windows NT operating system uses for storing,
organizing, and finding files on la Hard disk effectively.
NTFS was first introduced in 1993.
Other similar file system like file allocation table (FAT) & high-performance file system
(HPFS).
File permissions of NTFS
NTFS permissions provide access control for files and folders containers and objects on shared
systems. Typically, Network attached Storage (NAS) there are five basic NIES permissions.

 Read: Allows the users or groups to read the file and view its attributes ownership and
permission set.
 Write: Allows the user or group to overwrite the file change its attributes view its ownership
and view the permission site.
 Read & Execute: Allows the users or group to run and execute the application and perform all
options allowed by the read permission.
 Modify: Allows the user or group to modify and delete a file and perform all of the actions
permitted by the Read and Write, Read & Execute permission.
 Full control: Allows the user or group to change the permission sit on a file ownership on the
file & perform actions permitted by all other permissions.
To provide or modify control access to the files and Holder that are stored in NTFS file system follow
these steps

Dept. of Computer Science HEA Polytechnic 8

CYBER SECURITY (20CS54I) SUCHITRA/HARSHITHA

Step 1: Right click on file or folder.

Step 2: Go to properties.
Step 3: Click on Security tab.
Step 4: you will navigate to Security window.
Step 5: Add or remove were or group members.
Step 6: Select a particular user set the permission by selecting the Check box.
Registry key permission:
Registry Key permission are specified by binary number separated by spaces. The windows
security model enables you to control access to registry keep you can specify security descriptor for a
registry key when you call the RegCreatekeyEx or RegSetKeySecurity function if you specify NULL
the key gets a default security descriptor. in a default security descriptor for a key or in w e from its
direct parent key.
The valid access for registry keys includes the Delete, Read-control, Write-DAC, WRITE-
OWNER standard access rights. Registry Keys do not support the synchronize standard access rights to
view current access rights for a key including the pre-defined keys, use the registry editor
(Regedt32.exe) after navigate to the desired key go to the edit menu select permissions.
Active Directory Permissions:
Active Directory Permissions is a set of rules that defines how much an object has the authority
to view or modify other objects and files in the directory. Active directory permissions are an important
functionality this is because not all object needs to access everything in the directory. Viewing object
permissions
Step 1: Go to start & click on administrative tools.
Step 2: click on active directory users and computers.
Step 3: Locate the object you want and right click on it.
Step 4: Click properties.
Step 5: Click the security tab and you will be able to see the object permission
By configuring group policy management control
Step1: Go to start & Click on administrative tool.
Step2: click on group policy management.

Step 3: In the console you can right click on group policy object and click newly create a new policy
object. You can then grant the required rights to set a user’s or groups through these group policy
Objects.
Using Security tab in ADUC (Active Directory Users & Computers)
Step 1: Go to start & click on administrative tools.
Step 2: Click on active directory user & computers.

Dept. of Computer Science HEA Polytechnic 9

CYBER SECURITY (20CS54I) SUCHITRA/HARSHITHA

Step 3: Locate the object you want right click on it.

Step 4: Click properties and select the security tab.
Step 5: you will be able to see the objects standard Permissions & you will be able to allow or deny
those permissions. Click advanced in the security then click edit to view & modify the permissions.
Two permissions are like read, write, read & execute, modify & Full control.
Bit Locker Drive Encryption
It is a data protection feature that integrated with the operating system and addresses the threats
of data theft or exposure from last stolen or in appropriately decommissioned computers. Bit Locker
provides the max. protection when used with a trusted platform modules (TPM) The TPM is a hardware
company went installed in many newer computers by the computer manufacturers. It works with bit
locker to help protect user data and to ensure that a tampered with wide the system was offline.
SECURE BOOT
Secure boot is an important security feature designed to prevent malicious Software from
loading when your pc starts up most modern PC's are capable of secure boot but in some instances there
may be setting that cause the PC to appear to not be capable of secure boot the These settings can be
changed in the PC's firmware( often called BIOS is the software that starts up before windows when you
first turn on your pc).

Dept. of ComputerScience HEA Polytechnic 10

CYBER SECURITY (20CS54I) SUCHITRA/HARSHITHA

Dept. of ComputerScience HEA Polytechnic 11