Home‎ > ‎CIS 194‎ > ‎

Lesson 09: Workgroups and Domains

Presentation slides are here.

  • Work with local users and groups.
  • Understand user profiles.
  • Configure UAC.

Active Directory A directory service included in Microsoft Windows operating systems that functions as a storehouse for information about network hardware, software, and users.

Admin Approval Mode In User Account Control, a state invoked by Windows when an administrator attempts to perform a task that requires administrative access, and the system switches the account from the standard user token to the administrative token.

authentication The process by which Windows 7 verifies that the identity of the person operating the computer to be the same as the user account the person is employing to gain access.

authorization The process by which an authenticated user is granted a specific degree of access to specific computer or data resources.

credential prompt In User Account Control, a screen that appears when a standard user attempts to perform a task that requires administrative privileges, and the user must supply the name and password for an account with administrative privileges.

directory service A collection of logical objects that represent various types of network resources, including computers, applications, users, and groups. Each object consists of attributes that contain information about the object.

domain A set of network resources for the use of a group of users who can authenticate to the network to gain access to those resources.

domain controller A Windows server with the Active Directory service installed. Each workstation computer joins the domain and is represented by a computer object. Administrators create user objects that represent human users. The main difference between a domain and a workgroup is that users log on to the domain once, rather than each computer individually. 

elevation prompt In User Access Control, a message box that prevents unauthorized processes, such as those initiated by malware, from accessing the system using administrative privileges.

group A Windows entity that represents a collection of users. System administrators can create groups for any reason and with any name, and then use them just as they would a user account. Any permissions or user rights that an administrator assigns to a group are automatically inherited by all of the members of the group.

mandatory user profile A read-only roaming user profile.

roaming user profile A copy of a local user profile that is stored on a network share, so that the user can access it from any computer on the network.

secure desktop In User Account Control, a system state in which all desktop controls are suppressed except for an elevation or credential prompt. The object of this is to prevent malware from automating a response to the elevation or credential prompt and bypassing the human reply.

special identity A placeholder for a collection of users with a similar characteristic.

User Account Control (UAC) A Windows 7 security feature that prevents user accounts from exercising administrative privileges unless they are specifically invoked by the user. 

user profile A collection of folders, associated with a specific user account, that contain personal documents, user-specific registry settings, Internet favorites, and other personalized information—everything that provides a user’s familiar working environment.

user rights A collection of specific operating system tasks, such as Shut Down the System or Allow Log on Through Terminal Services, which can only be performed by certain users designated by a system administrator.

workgroup A collection of computers that are all peers. A peer network is one in which every computer can function as both a server, by sharing its resources with other computers, and a client, by accessing the shared resources on other computers.