1. Users, Groups, and Permissions
   1. User accounts can be added to individual computers or to networks.
   2. In a Microsoft domain, users are added in Active Directory Users and Computers (ADUC)
      1. Users can be added in one of two places:
         1. In the Users folder
         2. In an OU (Organizational Unit)
   3. Users cannot log on to a network after their account has expired. The Account Expiration date in Windows controls this.
   4. Users can log on to the network only during their configured logon hours.
   5. Permissions:
      1. Also known as access modes
      2. Actions that may be taken by entities (users and/or groups).
      3. In Windows, there are two types of permissions:
         1. Sharing Permissions:
            1. Full Control
            2. Change
            3. Read
         2. NTFS (Security) Permissions:
            1. Full Control
            2. Modify
            3. Read and Execute
            4. List Folder Contents
            5. Read
            6. Write
         3. NTFS Permissions are usually chosen over Sharing Permissions.
      4. The Administrators group has full control of the folder.
      5. You can allow particular permissions, or specifically deny those permissions. If a permission is not set to Allow, it will be implicitly denied.
2. Permission Inheritance and Propagation
   1. If you create a folder, the default action it takes is to inherit permissions from the parent folder, which ultimately come from the root folder.
   2. Any permissions set in the parent are inherited by the subfolder.
   3. You can also propagate permission changes to subfolders not inheriting from the current folder. To do so, select the Replace All Child Object Permission Entries… checkbox.
3. Usernames and Passwords Policies
   1. Provide guidelines for properly configuring user accounts, passwords, and logons:
      1. Rename and password protect the Administrator account
      2. Verify that the Guest account (and other unnecessary accounts) is disabled
      3. Use Ctrl+Alt+Del to manage logons.
      4. Use policies to manage UAC
         1. List the four configurable policies that may be written or defined for users within your domain:
            1. Enforce password history
            2. Maximum and minimum password age
            3. Minimum password length
            4. Password must meet complexity requirements
   2. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA):
      1. A type of challenge-response mechanism used primarily in websites to tell whether or not the user is human.
4. User Account Control (UAC)
   1. User Account Controls (UAC):
      1. A security component of Windows that keeps every user (besides the actual Administrator account) in standard user mode instead of as an administrator with full administrative rights—even if they are a member of the administrators group.
   2. UAC was created with two goals in mind:
      1. To eliminate unnecessary requests for excessive administrative-level access to Windows resources
      2. To reduce the risk of malicious software using the administrator's access control to infect operating system files