|
Home > Archive > 70-210 > April 2002 > Tue W2K Professional Question of the Day
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Tue W2K Professional Question of the Day
|
|
| wbafrank 2002-04-23, 12:00 pm |
|  And today's poser is ....
Q82. You are the network administrator of a workgroup supporting computers running Windows 2000 Professional. You hire AlisonM to share folders, install and configure software, and install Plug and Play hardware. To which local group should you add her account?
A. The Administrators Group.
B. The Users Group.
C. The Backup Operators Group.
D. The Power Users Group.
Good Luck .... see you tomorrow for the answer!! | |
| cyrano duh 2002-04-23, 1:06 pm |
| I'll go for "A" this time as I don't believe that the power users group can install hardware. | |
|
| For Hardware : Admnistrator, so I
would go for " A"
 | |
| Johnny5Alive 2002-04-23, 2:43 pm |
| Definatly 'A'
Users group applies to every user, Backup Operators cannot do the tasks described and Power Users cannot either. SOME software can be installed and SOME PnP but not 100%. | |
| TxBear 2002-04-23, 3:35 pm |
| A it is  | |
| IT 1588 2002-04-23, 11:02 pm |
| Go for A. Since Power User can not install hardware. | |
| NetChild1985 2002-04-24, 5:06 am |
| agree with the"Admin Group"! | |
| mcdoud 2002-04-24, 8:24 am |
| ...I lost my head the last time I stuck my neck out, but...I choose D. I believe Power Users have no problem installing Plub & Play hardware. | |
| Yeti-GBR1 2002-04-24, 8:55 am |
| You may want to read this...: Dam link will not work you will have to copy & paste it and add in the "w" at the front.
ww.microsoft.com/windows2000/en/professional/help/ windows_security_default_setti
ngs.htm
Sod it:
Default security settings
The default security settings for Windows 2000 can be described by summarizing the permissions granted to four default groups (Administrators, Power Users, Users, and Backup Operators) and three special groups.
Administrators
Members of the Administrators group can perform all functions supported by the operating system. The default security settings do not restrict administrative access to any registry or file system object. Administrators can grant themselves any rights that they do not have by default.
Ideally, administrative access should only be used to:
Install the operating system and components (such as hardware drivers, system services, and so on).
Install Service Packs and Windows Packs.
Upgrade the operating system.
Repair the operating system.
Configure critical operating system parameters (such as password policy, access control, audit policy, kernel mode driver configuration, and so on).
Take ownership of files that have become inaccessible.
Manage the security and auditing logs.
Back up and restore the system.
In practice, Administrator accounts often must be used to install and run programs written for previous versions of Windows.
Users
The Users group provides the most secure environment in which to run programs. On a volume formatted with NTFS, the default security settings on a newly installed system (but not on an upgraded system) are designed to prevent members of this group from compromising the integrity of the operating system and installed programs. Users cannot modify system-wide registry settings, operating system files, or program files. Users can shut down workstations, but not servers. Users can create local groups, but can manage only the local groups that they created. They can run certified Windows 2000 programs that have been installed or deployed by administrators. Users have full control over all of their own data files (%userprofile%) and their own portion of the registry (HKEY_CURRENT_USER).
Users cannot install programs that can be run by other Users (this prevents Trojan horse programs). They also cannot access other Users' private data or desktop settings.
To secure a Windows 2000 system, an administrator should:
Make sure that end users are members of the Users group only.
Deploy programs, such as certified Windows 2000 programs, that members of the Users group can run successfully.
Users will not be able to run most programs written for previous versions of Windows because previous versions of Windows either did not support file system and registry security (Windows 95 and Windows 98) or shipped with lax default security settings (Windows NT). If Users have problems running legacy applications on newly installed NTFS systems, then do one of the following:
Install new versions of the applications that are certified for Windows 2000.
Move end users from the Users group into the Power Users group.
Decrease the default security permissions for the Users group. This can be accomplished by using the compatible security template. For more information, see "Predefined security templates" in Related Topics.
Power Users
Members of the Power Users group have more permissions than members of the Users group and fewer than members of the Administrators group. Power Users can perform any operating system task except tasks reserved for the Administrators group. The default Windows 2000 security settings for Power Users are very similar to the default security settings for Users in Windows NT 4.0. Any program that a User can run in Windows NT 4.0, a Power User can run in Windows 2000.
Power Users can:
Run legacy applications in addition to Windows 2000 certified applications.
Install programs that do not modify operating system files or install system services.
Customize system-wide resources including Printers, Date/Time, Power Options, and other Control Panel resources.
Create and manage local user accounts and groups.
Stop and start system services which are not started by default.
Power Users do not have permission to add themselves to the Administrators group. Power Users do not have access to the data of other users on an NTFS volume, unless those users grant them permission.
Warning
Running legacy programs on Windows 2000 often requires modify access to certain system settings. The same default permissions that allow Power Users to run legacy programs also make it possible for a Power User to gain additional privileges on the system, even complete administrative control. Therefore, it is important to deploy certified Windows 2000 programs in order to achieve maximal security without sacrificing program functionality. Programs that are certified for Windows 2000 can run successfully under the secure configuration provided by the Users group. For more information, see Securing Windows 2000 Installations at the Microsoft Security Advisor Web site.
Since Power Users can install or modify programs, running as a Power User when connected to the Internet could make the system vulnerable to Trojan horse programs and other security risks. For more information, see "Why you should not run your computer as an administrator" in Related Topics.
Backup Operators
Members of the Backup Operators group can back up and restore files on the computer, regardless of any permissions that protect those files. They can also log on to the computer and shut it down, but they cannot change security settings.
Warning
Backing up and restoring data files and system files requires permissions to read and write those files. The same default permissions granted to Backup Operators that allow them to back up and restore files also make it possible for them to use the group's permissions for other purposes, such as reading another user's files or installing Trojan horse programs. Group Policy settings can be used to create an environment in which Backup Operators only can run a backup program. For more information, see Securing Windows 2000 Installations at the Microsoft Security Advisor Web site.
Special Groups
Several additional groups are automatically created by Windows 2000.
Interactive. This group contains the user who is currently logged on to the computer. During an upgrade to Windows 2000, members of the Interactive group will also be added to the Power Users group, so that legacy applications will continue to function as they did before the upgrade.
Network. This group contains all users who are currently accessing the system over the network.
Terminal Server User. When Terminal Servers are installed in application serving mode, this group contains any users who are currently logged on to the system using Terminal Server. Any program that a user can run in Windows NT 4.0 will run for a Terminal Server User in Windows 2000. The default permissions assigned to the group were chosen to enable a Terminal Server User to run most legacy programs.
Warning
Running legacy programs in Windows 2000 requires permission to modify certain system settings. The same default permissions that allow a Terminal Server User to run legacy programs also make it possible for a Terminal Server User to gain additional privileges on the system, even complete administrative control. Applications that are certified for Windows 2000 can run successfully under the secure configuration provided by the Users group. For more information, see Securing Windows 2000 Installations at the Microsoft Security Advisor Web site.
Note
When Terminal Server is installed in remote administration mode, users logged on using Terminal Server will not be members of this group.
 | |
| Clangashe 2002-04-24, 3:11 pm |
| I'll go with A
Hardware reason | |
| cross36 2002-04-24, 3:13 pm |
| "A" is the reasonable answers | |
|
| A " Administrator Group" Due to makeing changes / modifications to the system which power users are limited to. | |
| wbafrank 2002-04-24, 7:36 pm |
| quote:
Originally posted by wbafrank
And today's poser is ....
Q82. You are the network administrator of a workgroup supporting computers running Windows 2000 Professional. You hire AlisonM to share folders, install and configure software, and install Plug and Play hardware. To which local group should you add her account?
A. The Administrators Group.
B. The Users Group.
C. The Backup Operators Group.
D. The Power Users Group.
Good Luck .... see you tomorrow for the answer!!
And the answer is ....
Correct Answers: D
A. Incorrect: The Administrators Group will allow AlisonM to complete the tasks listed in the question, but it also gives her additional privileges that are unnecessary to meet the requirements. Members of the Administrators Group are unlimited in their power to perform system administration tasks.
B. Incorrect: The Backup Operators Group will allow AlisonM to restore files on the computer, regardless of any permissions that protect those files. Members of the Backup Operators Group can logon to the computer and shut it down, but they cannot share folders, install and configure software, or install hardware, Plug and Play or otherwise.
C. Incorrect: The Users Group is too limited in its privileges for AlisonM to complete any of the tasks outlined in the question.
D. Correct: The Power Users Group will allow AlisonM to share folders and configure applications. She will also be able to install applications that do not modify operating system files or install system services. She will not be able to add or remove any Windows components. The question does not specifically outline which applications need to be installed, but limiting it to applications that are not Windows components and that do not modify operating system files or install system services is prudent. She will also be able to install Plug and Play hardware as long as the operating system detects the hardware. The operating system must detect the hardware because members of the Power Users Group are not allowed to run the Add/Remove Hardware Wizard. | |
| Johnny5Alive 2002-04-25, 3:33 am |
| The question specified installing and configuring software and installing PnP hardware. It did not mention anything about what type of software (i.e. ones that don't change registry settings etc) or PnP devices, so it is assumed ALL TYPES. I stick with Administrators Group. |
|
|
|
|