2.2 - Windows OS security settings | A+ Core 2 1202 complete course with practice questions

Get your Learning Guide here: https://www.journeytocyber.com/1202
_________________________________________________________________________
🔒 Windows Security Essentials
Learn about the foundational security features built into Windows:

Microsoft Defender Antivirus: Understanding its role as the in-built security program, its default activation status, and the rare circumstances where manual deactivation is warranted.

Antivirus Definitions: How Windows automatically updates its list of known threats (definitions) and the option for manual updates.

Windows Firewall: The firewall's role as a network security guard, controlling inbound and outbound traffic through traffic filtering.

Activation/Deactivation: Where to manage firewall settings for different network profiles.

Port Security: Using inbound and outbound rules (via Control Panel's Advanced Settings) to allow or block specific protocols by controlling their port numbers (e.g., blocking port 80 for non-secure HTTP).

Application Security: A more advanced method that inspects the data packets themselves, not just the port number, for threats.

👤 User Accounts, Groups, and Login Options
Master the different types of user accounts and secure login methods in Windows:

Account Types:

Local Account: Exists only on the individual computer.

Microsoft Account: Linked to online services (OneDrive, Microsoft Store) and syncs across devices.

Standard Account: Ideal for daily tasks; requires administrator permission for significant system changes (Principle of Least Privilege).

Administrator Account: Possesses full control over the system.

Guest User: Offers limited, temporary access.

Power User: A legacy account type that sits between standard and administrator privileges.

Login Options (Authentication Methods):

Username and Password / PIN: Traditional, knowledge-based authentication (something you know).

Fingerprint / Facial Recognition: Biometric authentication (something you are), offering higher security.

Single Sign-On (SSO): Using one set of credentials to access multiple services.

Windows Hello: Microsoft's secure, passwordless authentication framework that utilizes PINs, fingerprints, and facial recognition, often protected by a TPM (Trusted Platform Module) chip.

📂 File Permissions and Inheritance
Discover how Windows controls access to files and folders, both locally and across a network:

NTFS vs. Share Permissions:

NTFS Permissions:

Share Permissions:

File Attributes:

Permission Inheritance:

Run as Administrator vs. Standard User:

User Account Control (UAC):

🛡️ Data Encryption
Compare the different Windows encryption methods:

BitLocker: Full-disk encryption for a computer's main drive.

BitLocker To Go: Encryption for removable media (e.g., USB drives).

Encrypting File System (EFS): A Windows feature that allows you to encrypt individual files or folders (granular encryption). It relies on digital certificates for decryption.

🖥️ Active Directory Concepts
Explore the essential services of Active Directory (AD) for centralized network management:

Domain Joining: Connecting a computer to the AD domain for centralized management.

Login Script Assignment: Automating script execution upon user login (e.g., mapping network drives).

Organizational Unit (OU) Management: Hierarchical grouping of users, computers, and groups to streamline policy application.

Home Folder Assignment: Providing users with dedicated, private network storage accessible from any domain-joined computer.

Group Policy Application: Centralized configuration management for security and desktop environments across the domain.

Security Group Selection: Grouping users/computers to simplify access control to shared resources.

Folder Redirection: Redirecting local user profile folders (like Desktop or Documents) to network shares for data centralization and backup.

📝 Practice Questions
Test your knowledge with practice questions covering:

When to temporarily deactivate Defender Antivirus.

The firewall feature used to block protocols like insecure web traffic.

The account type best suited for the principle of least privilege in a work environment.

The outcome when conflicting NTFS and Share permissions are applied.

Make sure to pause the video before the answers are revealed! 🤓


___________________________________________________________________________
0:00 Introduction
0:15 Defender Antivirus
1:44 Firewall
5:20 User and groups
7:56 Log-in OS options
11:26 NTFS vs. Share permissions
16:36 Run as administrator vs. standard user
17:26 User Account Control
18:25 Bitlocker
18:44 Bitlocker-to-go
19:07 Encrypting File System
20:24 Active Directory
24:07 Practice Questions