Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.
For the best experience please use the latest Chrome, Safari or Firefox browser.
CIS 527
Lecture 3 - User Management
User Accounts
- Allows multiple people to share resources
- Each user can have different permissions
- Aids in auditing (who did what)
- Protects system from unauthorized use
Authentication vs. Authorization
- Authentication - Confirming a user is who he or she claims to be (logging in)
- Authorization - Allow an authenticated user access to specific resources
- Authentication DOES NOT IMPLY Authorization
Authentication Methods
One or more of the following factors
- Ownership factors - something user has
- Knowledge factors - something user knows
- Inheritance factors - something user is or does
Multi-factor Authentication
Image Source: Wikipedia
OS User Accounts
- Identifier: UID/SID
- Username
- Password
- Home Directory
- Scripts
- Groups
Identifier
- Windows: Security Identifier (SID)
- S-1-5-21-3623811015-3361044348-30300820-1013
- Duplicates possible (but rare)
- Linux: User Identifier (UID)
- Integer values, sequentially assigned
- Superuser is always 0
Home Directory
- Windows: C:\Users\<username>
- Location stored in registry
- Linux: /home/<username>
- Location stored in /etc/passwd
Home Directory in Registry
Logon Scripts
- Windows: Group Policy
- Can use exe, bat, vbscript, etc.
- Linux: ~/.config/autostart
- Can use any valid terminal command
Groups
- Used to simplify access control and management
- Users can belong to zero, one or many groups
- Can assign permissions to groups
Groups
- Windows: Stored in registry or domain
- Linux: /etc/group
- Groups usually stored as list of users in each group
Administrative User
- Windows: Administrator
- Disabled by default, no password
- Hidden except in safe mode
- Linux: root
- The 'sudo' command allows normal users to become root
sudo
- Short for "super user do"
- Allows regular users to run commands as root
- User and rights listed in /etc/sudoers
- Add users to the "sudo" or "admin" group to give them access
/etc/passwd
/etc/shadow
Windows 8 Pseudo Accounts
- LocalSystem - system-level tasks & services
- LocalService - fewer rights than LocalSystem
- NetworkService - fewer rights than LocalService, but allows network access
Windows 8 Default Groups
- Administrators - complete access
- Event Log Readers - read event logs
- Guests - access system only
- Power Users - not used
- Remote Desktop Users - log on remotely
- Users - normal users
Many others, refer to documentation
Linux Commands
- groupadd - add a group
- groupdel - remove a group
- groupmod - modify group
- gpasswd - change group administrator or password
- useradd - add a user
- userdel - remove a user
- usermod - modify a user
- adduser - easy new user
- passwd - change password
Windows 8 Accounts
Control Panel
Windows 8 Accounts
Computer Management
Ubuntu Accounts
System Settings
Assignments
- Lab 1 - Secure Workstations - Due Sunday, Feb 9th by 11:59 PM
- Build secure Windows & Linux using VMWare Workstation
- Turn in:
- CIS Transient Storage
- via Storage Media in class Monday Feb 10th