Basic Microsoft Windows OS Security Settings

by Antonio Marin-Barron, Bryan Nguyen, and Julianne Noone

NTFS     

        New Technology File System, also known as NTFS, is the method in the Window NT System that attributes to organizing, storing, and finding files on a hard disk easily. To use NTFS a hard disk must be formatted and portioned. Each file stored in the partition and is tracked by the operating system by specific operating systems. Each file is then stored into one or multiple disk spaces, or clusters, with a uniform disk on the hard disk that is predefined. Typical sizes range from 512 bytes to 640 kilobytes.

BitLocker

        BitLocker is the Drive Encryption that protects data on your operating system by integrating and

addressing threats of data theft, lost or stolen devices, and wrongly deactivated systems. BitLocker has a wide array of options such as suspended protection, back up your recovery key, change and remove passwords, and lastly turn off BitLocker. 

BitLocker To-Go

        BitLocker To-Go in essence is the same idea as BitLocker Drive Encryption, but for a removable data device with restrictive access needing a password. The following are encrypt-able components; USB flash drives, SD cards, External hard disk drives, and other drives that are formatted using the NTFS, FAT16, FAT32, or exFAT file system. For the devices drive to be able to use BitLocker To-Go it must meet the drive partitioning requirements.

EFS

        EFS stands for Encrypting File System. It is a layer of security that can be added on top of any file or folder in a Windows system. EFS makes use of an encryption scheme called public-key cryptography. Also known as asymmetric cryptography, public-key cryptography creates two different keys, a public key used for encryption and a private key used for decryption.

To encrypt a file or folder in Windows 10, right-click on it and select [Properties] from the menu. In the Properties menu, locate the General tab and select [Advanced]. In the Advanced Attributes menu, check the option that says “Encrypt contents to secure data” and select [OK] and finish off by selecting [Apply]. Your encrypted item will now display a yellow padlock in its icon to show that it is encrypted.

System Files & Folders

Any file or directory that is required by Windows in order to operate properly is called a System File or a System Folder. The majority of these files can be found within C:\Windows. However, tampering with these files and folders can cause many problems with your system. With this being the case, Windows hides these files by default. If you need to view or alter these files, simply navigate to the View tab in File Explorer and select [Options] on the far right.

        In the Folder Options menu, uncheck the “Hide protected operating system files (Recommended)” option and select [Yes] in the warning that pops up. It is advised that you hide these files when you’re finished.

Shared Files & Folders

Files and folders can be shared using several different methods. In order to share with other users on the same computer, simply store the file in one of the public folders found in C:\Users\Public. 

You can also share files and folders with other users on your network via MultiPoint Services. MultiPoint Services is a server role that was added in Windows Server 2016. It allows multiple users to access one computer from multiple computing stations. Each station will consist of the usual peripherals, such as a monitor and a keyboard, but rather than connecting them to a computer, they will instead connect to a hub that connects to the main computer. This removes the need for each user to have a computer. 

To share files to multiple computers in a MultiPoint network, simply store the file in a new folder, right-click the folder, select [Give access to], then select [Specific people]. From there, you can select who you want to share it with, or simply share it with everyone on the network.

Users and Groups

To manage who has access to data or settings on a local machine like a home desktop/laptop or on a network at a business, Windows uses a feature called Users and Groups. To understand a group, it's easiest to start by understanding what a user is and the different kinds of users. A user, simply can be explained as a collection of settings used by Windows to save your preferences, and also has permissions associated to the kind of user. The different kinds of users are as follows:

• Administrator: A User that has complete control of the system and/or network. Can also be referred to as an Admin
• Power User: Almost has complete control, however, cannot access to data of other users unless granted permissions by those users. Also, a Power User cannot add themselves as an admin.
• Standard User: Basic access, can run software and personalize some settings, but can’t have access to some data or changing some more advanced settings.
• Guest: Limited access, can do most things a standard user can do but without saving any changes. Cannot install applications.

A group is a collection of those users who all have the same level of permissions on the computer and/or network. Groups can be an easy way to set up permissions for multiple users. For example, if hypothetically you had a home computer, where multiple family members used this computer, you may want to have a family user group where everyone in the group had Standard User status. This way all the family users would still be able to use applications and use most of the resources on the machine but still not have access to your personal data or be able to change any major system settings.

User Authentication 

When you enter a Username and Password into a system or network, there is a behind the scenes process called User Authentication, which verifies the credentials you entered and determines if you have valid access to the account/user you are trying to sign in as. There are many forms of User Authentication, but the most common form is Password Authentication Protocol(PAP). PAP is the basic, enter your username and password, it doesn’t ask any more information from you. Another common form of User Authentication is Challenge-Handshake Authentication Protocol(CHAP). You may have experienced CHAP yourself if you’ve ever forgotten or lost your password, and needed to retrieve it by clicking the “Forgot Password” link. Typically CHAP will be a question or challenge that you have to complete and something that only you would be able to know. Usually when you set up an User account, you answer these security questions in case you do lose your password. Another form of User Authentication you are most likely familiar with (especially in this digital era) is Multi-Factor Authentication(MFA). MFA is when User Authentication is done through multiple forms. For example, it can enter a password, and then enter the code that was sent through text to your phone. It's just an added layer of Authentication for security, making it harder for people to hack your data, and is nearly impossible to brute force some kinds of MFA.

Run as Administrator vs. Standard User

As an admin user, you still navigate Windows as if you were a standard user unless you activate your admin functionality. So let’s say you’re having trouble with a program, and it tells you something along the lines of, “you can’t do that because you’re not an admin,” even though you know fully well that your user is in the administrator group? This is because even though you are technically an Admin, Windows does not automatically give you full access to the operating system. To turn on your Admin functionality, you would want to right-click the program you are trying to access, and in the drop down menu, click Run as Administrator. Another way to turn on your Admin functionality is to use the run command, this opens programs automatically as admin, provided that you have the access.

Citations:

1. Anand, P. (2021, April 9). How to encrypt files and folders in Windows 10. IT PRO. Retrieved October 11, 2021, from https://www.itpro.com/security/encryption/359167/how-to-encrypt-files-and-folders-in-windows-10.

2. Bitlocker (Windows 10). (Windows 10) - Windows security | Microsoft Docs. (2018, January 26). Retrieved October 11, 2021, from https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview.

3. Bitlocker to Go FAQ (Windows 10) - windows security. (Windows 10) - Windows security | Microsoft Docs. (2018, July 10). Retrieved October 11, 2021, from https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.

4. File encryption. Microsoft Docs. (2018, May 31). Retrieved October 11, 2021, from https://docs.microsoft.com/en-us/windows/win32/fileio/file-encryption.

5. Gavin, B. (2018, July 9). What is a windows system file? What Is A Windows System File? Retrieved October 11, 2021, from https://www.howtogeek.com/358101/what-is-a-windows-system-file/.

6. Huculak, M. (2021, May 14). Setting up Bitlocker Drive Encryption on Windows 10. Windows Central. Retrieved October 11, 2021, from https://www.windowscentral.com/how-use-bitlocker-encryption-windows-10.

7. Multipoint services. Microsoft Docs. (2018, May 31). Retrieved October 11, 2021, from https://docs.microsoft.com/en-us/previous-versions/windows/desktop/multipoint/windows-multipoint-server-portal.

8. Neagu, C. (2021, January 8). What is a windows user group, and what does it do? Digital Citizen. Retrieved October 11, 2021, from https://www.digitalcitizen.life/simple-questions-what-user-group-windows-what-does-it-do/.

9. Share files. Microsoft Docs. (2016, August 4). Retrieved October 11, 2021, from https://docs.microsoft.com/en-us/windows-server/remote/multipoint-services/share-files.

10. Shultz, G. (2012, May 14). Secure your USB drives with BitLocker to go for windows 7. TechRepublic. Retrieved October 11, 2021, from https://www.techrepublic.com/blog/windows-and-office/secure-your-usb-drives-with-bitlocker-to-go-for-windows-7/.

11. User authentication - comptia network+ N10-006 - 3.3. Professor Messer IT Certification Training Courses. (2020, November 19). Retrieved October 11, 2021, from https://www.professormesser.com/network-plus/n10-006/user-authentication-2/.

12. What is an administrator? What is an Administrator? (2019, September 7). Retrieved October 11, 2021, from https://www.computerhope.com/jargon/a/admin.htm.

13. What is NTFS and how does it work? Datto. (2019, November 4). Retrieved October 11, 2021, from https://www.datto.com/blog/what-is-ntfs-and-how-does-it-work.

14. What is public-key cryptography? GlobalSign GMO Internet, Inc. (2020, February 5). Retrieved October 11, 2021, from https://www.globalsign.com/en/ssl-information-center/what-is-public-key-cryptography.

15. Windows security settings - comptia A+ 220-1002 - 2.6. Professor Messer IT Certification Training Courses. (2020, November 13). Retrieved October 11, 2021, from https://www.professormesser.com/free-a-plus-training/220-1002/windows-security-settings-3/.