Term
| What are the components of an ACL on an object |
|
Definition
| permissions(ACEs),DACL,SACL |
|
|
Term
|
Definition
| Each entry in a DACL(found in the Advanced Tab) has more granular settings by selecting the entry and choosing Edit |
|
|
Term
| If the security tab of and object doesn't exist what might be the issue |
|
Definition
| The Advanced Features is not enabled in the View tab of ADAC |
|
|
Term
|
Definition
| Even though child objects inherit permission for their parent not all permissions are inheritable(such as a reset password permission for an OU, group objects in the OU have no password therefore they do not inherit that permission) |
|
|
Term
|
Definition
| Explict permissions on a child object will overide an inherited permission from a parent |
|
|
Term
| What is the command to reset the permissions on an object |
|
Definition
| dsacls "ou=OUName,dc=DomainName,dc=com" /s /t |
|
|
Term
| What does the /s in DSACLs do |
|
Definition
| resets the permissions to the schema-defined defaults |
|
|
Term
| What does the /t switch do in DSACLs |
|
Definition
| applys the changes of permissions to the entire tree(all the child objects) |
|
|
Term
| Which policy enables auditing of attempts to access AD objects |
|
Definition
| Audit Directory Service Access,Active Directory:Directory Service Changes(2008) |
|
|
Term
| What is the command-line syntax to enable auditing on an object |
|
Definition
| auditpol /set /subcategory:"directory service changes" /success:enable(NOT ENABLED BY DEFAULT) |
|
|
Term
|
Definition
| Windows 2008: the default is to audit Sucess events for Directory Serivce Access and audit ALL changes to the Domain Admins Group |
|
|
Term
| What is the main difference between auditing Directory Service Changes and Directory Service Access |
|
Definition
| Directory Service Changes allow you to view the previous and current attributes |
|
|
Term
|
Definition
| Directory Service Changes is not enabled by default on 2008 to mimic previous versions of Windows |
|
|
Term
| What operating systems does the Computer Config\Windows Settings\Security Settings\Advanced Audit Policy Configuration apply |
|
Definition
| Vista and up, 2008 and up |
|
|
Term
| What might you use the Global Access Object Auditing on the File System |
|
Definition
| The Computer Config\Windows Setting\Security Setting\Advanced Auditing Policy Configuration\Global Access Object Auditing\ File System setting can be set to audit a file system over an ENTIRE computer |
|
|
Term
| How can you track WHY somebody access a file/folder |
|
Definition
| the Reason for Access policy(only in 7 and 2008R2) |
|
|
Term
| Where are do you audit Account Logon Events |
|
Definition
| When a user logs onto a domain account and Account Logon event is create on the DC |
|
|
Term
| What are the new settings available for audit in 2008R2 for account logon events |
|
Definition
Credential Validation
Kerberos Service Ticket Operations
Other Account Logon Events
Kerberos Authentication Service. |
|
|
Term
|
Definition
| The default in 2008 is to audit Success events for BOTH account logon events and logon events |
|
|
Term
| If a user accesses a share what type of logon event will be generated and where can you find it. |
|
Definition
| the logon event is a network logon and it can be found on the computer hosting the share |
|
|
