🛡️

Windows Security Overview

Jun 16, 2025

Overview

This lecture covers Windows user accounts, authentication methods, permissions management, user account control, and encryption options to protect user data and secure access.

Windows User Accounts & Logins

  • The login screen provides access to your desktop and all resources associated with your account.
  • Local accounts are user accounts defined on the individual computer, often used at home.
  • Microsoft accounts allow synchronization of settings and use the same credentials across multiple devices.
  • Domain accounts are managed by a business's Windows domain, using Active Directory credentials.
  • Default local accounts include Administrator (full system access), Guest (limited access), and standard user accounts.

Groups and Permissions

  • Windows includes default groups like Administrators, Backup Operators, Guests, and Power Users.
  • Groups can be viewed and managed via Computer Management > Local Users and Groups.
  • Power Users group exists for backward compatibility but is rarely used now.

Authentication Methods

  • Common credentials are username and password; alternatives include PIN, biometrics (fingerprint, facial recognition), and single sign-on.
  • Passwordless authentication enhances security and convenience, reducing reliance on passwords (e.g., Windows Hello).
  • Windows Hello supports facial recognition, fingerprint, PIN, security key, and picture password.

File and Share Permissions

  • NTFS permissions control local access to files and folders and are inherited by subfolders and files.
  • Share permissions control network access to shared folders and may differ from NTFS permissions.
  • The most restrictive permission between NTFS and share permissions applies.
  • Explicit permissions are set for a specific resource, overriding inherited permissions.

Running Applications with Elevated Rights

  • Some actions require administrator rights, such as installing software or editing system files.
  • Right-clicking an application and selecting "Run as administrator" grants elevated permissions.
  • Users generally operate with standard privileges to prevent malware abuse of administrator access.

User Account Control (UAC)

  • UAC prompts users when administrator privileges are needed, preventing unauthorized system changes.
  • UAC settings can be adjusted for more or fewer notifications.

Data Encryption in Windows

  • Full Disk Encryption (FDE) with BitLocker protects all data on the drive, preventing unauthorized access if the device is lost or stolen.
  • BitLocker To Go provides encryption for USB flash drives.
  • Encrypting File System (EFS) allows selective file or folder encryption on NTFS volumes, but is unavailable on Windows Home editions.

Key Terms & Definitions

  • Local Account — User account stored on the individual computer.
  • Microsoft Account — Online user account managed by Microsoft, allowing sync across devices.
  • Domain Account — User account controlled by organizational Windows domain/Active Directory.
  • NTFS Permissions — Access rights for files/folders on local drives using NTFS file system.
  • Share Permissions — Network access rights for shared folders.
  • Explicit Permissions — Directly assigned permissions for a specific resource.
  • Inherited Permissions — Permissions passed down from a parent folder to its subfolders/files.
  • User Account Control (UAC) — Feature that prompts when elevated rights are required.
  • Full Disk Encryption (FDE) — Encrypts all contents of a drive.
  • BitLocker/BitLocker To Go — Windows tools for full disk and USB drive encryption.
  • Encrypting File System (EFS) — File- or folder-level encryption using NTFS.

Action Items / Next Steps

  • Explore user and group settings in Computer Management.
  • Review your NTFS and share permissions for key folders.
  • Enable or review BitLocker and EFS settings if supported on your device.
  • Adjust UAC settings as appropriate for your needs.

Full transcript