IT Essentials: PC Hardware and Software v4.

Chapter 16 Lab/Instructor

16.5.3 Optional Lab: Troubleshooting Access Security with Windows 7

Recommended Equipment
The following equipment is required for this exercise: One computer running Windows 7 on an NTFS partition

Scenario
Company XYZ has hired Devon to manage the training department. Shawna was also hired as a temporary employee to replace Brooks, who is no longer working for the company. You must solve access security problems for the training department. You might need to access the computers as each user and the administrator. Make sure you document and solve the problems, and then document the solutions. There are several possible errors. Solve one problem at a time until there are no security breaches and access problems. Use the following tables when solving problems. The user account information is listed in Table 1. Use only the groups shown in Table 2, they are set up with the proper permissions. The instructor will provide the administrators account information. Table 1: Accounts User Name Brooks Shawna Devon Administrator user name: ___Answers will vary____ Table 2: Groups Groups Academy Student Guests Administrators Group Permissions Read & Execute, List Folder Contents, Read, Write Read & Execute, List Folder Contents, Read Full Control Password Cisco2001 Cisco2010 Cisco2100 Administrator password: ___Answers will vary____ Group for User Guests Guests Academy Student Administrators

Note: There is a file, with a message, in the C:\CiscoCCNA\ Exploration folder.

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 1

IT Essentials: PC Hardware and Software v4.1

Chapter 16 Lab/Instructor

Instructor: Set up the computers with all problems from the list below. Important: Table 3 and Table 4 show the groups, user accounts, and folder and file permissions. Follow the 3 steps to set up initial permissions settings. Test the initial permissions settings to make sure they function properly. Make the indicated changes to create a security breach or access problems. Step 1. Create the Users and place them in the Groups shown in Table 3. Create the three user accounts: 1. Start > Control Panel > System and Security >Administrative Tools > Computer Management. 2. Expand Local Users and Groups > select Users. 3. Right-click in the right panel > New User. Brooks 1. User name type Brooks. Enter the password twice: Cisco2001. 2. Make sure only the following checkboxes are selected: User cannot change password, and Account is disabled. 3. Click Create. Shawna 1. User name type Shawna. Enter the password twice: Cisco2010. 2. Make sure only the following checkbox is selected: User cannot change password. 3. Click Create. Devon 1. User name type Devon. Enter the password twice: Cisco2100. 2. Make sure only the following checkbox is selected: User cannot change password. 3. Click Create > Close. Create Academy Student group: 1. Select Groups in the left panel. 2. Right-click in the right panel > New Group. 3. Type Academy Student for the group name > Create > Close. Place Devon in group Academy Student: 1. Double-click the group Academy Student. 2. Click Add. 3. In the Enter the object names to select field, type Devon > click OK > OK. Place Shawna and Brooks in the Guests group: 1. Double-click the Guests group. 2. Click Add. 3. In the Enter the object names to select field, type Brooks; Shawna > click OK > OK.

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 2

IT Essentials: PC Hardware and Software v4.1

Chapter 16 Lab/Instructor

Table 3: Correct Required Groups and User Accounts Groups Group Permissions Academy Student Guests Administrators Read & Execute, List Folder Contents, Read, Write Read & Execute, List Folder Contents, Read Full Control Devon Shawna Brooks

Users

Use local admin account set.

Step 2. Create the folders and text file displayed in Table 4. Create folders: 1. Start > Computer > C:. 2. Right-click in right panel > New > Folder. 3. Name the folder CiscoCCNA. 4. Open the folder CiscoCCNA. 5. Create a new folder Exploration. Add the file Curriculum.txt to the Exploration folder: Open the Exploration folder. Right-click in the right panel > New > Text Document > name the file Curriculum.txt. Double-click Curriculum.txt > type Can you add text to this file and save the changes? File > Save > File > Exit.

Step 3. Set up the folder and file permissions shown in Table 4. 1. Start > Computer > C: > right-click CiscoCCNA > Properties > select the Security tab > Edit. 2. Click Add. 3. In the Enter the object names to select field, type Academy Student; Guests > click OK. Set the group folder permissions: 1. In Group or user names, select Academy Student. 2. Make sure only the following checkboxes are selected: Read & Execute, List Folder Contents, Read, and Write. 3. In Group or user names, select Guests. 4. Make sure only the following checkboxes are selected: Read & Execute, List Folder Contents, and Read. 5. Click OK > OK. Note: Permission inheritance should propagate permissions to all subfolders and files. Check the permissions of the Exploration folder. The permissions should match the permissions of the CiscoCCNA folder. If the permissions do not match, change the permissions to match the permissions of the CiscoCCNA folder. Check the permissions of the Curriculum.txt file. For the Academy Student group, make sure that only the following checkboxes are selected: Read & Execute, Read, and Write.

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 3

IT Essentials: PC Hardware and Software v4.1

Chapter 16 Lab/Instructor

For the Guests group, make sure that only the following checkboxes are selected: Read & Execute and Read.

Note: Before adding changes to create a security breach or access problems to the initial permission settings, test to make sure the initial permissions work as shown in Table 4. Table 4: Correct Permissions Settings Folder Name File Name

Users Shawna

Folder Permissions Read & Execute, List Folder Contents, Read Account should be Disabled Read & Execute, List Folder Contents, Read, Write Full Control

File Permissions Read & Execute, Read Account should be Disabled Read & Execute, Read, Write Full Control

C:\CiscoCCNA \Exploration

Brooks Curriculum.txt Devon

Admin

Problems: 1. Brooks account is not disabled. 2. Incorrect spelling of the Shawnas account name. 3. Incorrect password for Devons account. 4. Incorrect group assignment for Shawna. 5. Incorrect permission set for the Exploration folder for the group Academy Student. Note: Students might not solve problems in the same order shown in the instructor document. Students might notice more than one problem at a time while troubleshooting. Remind students to correct and document one problem at a time.

Problem 1
Instructor Lab Setup: Brooks account is enabled. Click Start > Control Panel > System and Security > Administrative Tools > Computer Management. Open User account Brooks > unselect Account is disabled and select Password never expires > click OK.

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 4

IT Essentials: PC Hardware and Software v4.1

Chapter 16 Lab/Instructor

Problem 2
Instructor Lab Setup: Incorrect spelling of the Shawnas account name. Click Start > Control Panel > System and Security > Administrative Tools > Computer Management. Right-click User account Shawna > select Rename > type Shauna.

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 5

IT Essentials: PC Hardware and Software v4.1

Chapter 16 Lab/Instructor

Problem 3
Instructor Lab Setup: Incorrect password for Devons account. Click Start > Control Panel > System and Security > Administrative Tools > Computer Management. Right-click User account Devon > select Set Password > click Proceed. Type Cisco2222 > confirm the password > OK > OK.

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 6

IT Essentials: PC Hardware and Software v4.1

Chapter 16 Lab/Instructor

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 7

IT Essentials: PC Hardware and Software v4.1

Chapter 16 Lab/Instructor

Problem 4
Instructor Lab Setup: Incorrect group assignment for Shawna. First remove Shawna from group Guests. Click Start > System and Security > Control Panel > Administrative Tools > Computer Management. Open group Guests, select Shawna > click Remove > click OK.

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 8

IT Essentials: PC Hardware and Software v4.1

Chapter 16 Lab/Instructor

Next, add Shawna to group Academy Student. Open group Academy Student > click Add > type Shawna > click OK > click OK.

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 9

IT Essentials: PC Hardware and Software v4.1

Chapter 16 Lab/Instructor

Problem 5
Instructor Lab Setup: Incorrect permission set for the Exploration folder for the group Academy Student. Open folder CiscoCCNA. Right-click Exploration > select Properties > Security tab > Edit > select group Academy Student > add a check to Deny Full Control checkbox > click OK > Yes > OK.

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 10

IT Essentials: PC Hardware and Software v4.1

Chapter 16 Lab/Instructor

1. Log on to the computer as Brooks. What problems did you find? Brooks can log on to the computer. What steps did you take to determine the problem? Use the Administrators account to examine the profile for the user account Brooks. What is causing the problem? User account Brooks is enabled. List the steps taken to fix the problem. Disable Brooks account. Validate that security issue has been corrected. How did you validate the correction? Try to log on as the user Brooks. Brooks can no longer log on to the computer.

2. Log on to the computer as Shawna. What problems did you find? Shawna cannot log on to the computer. What steps did you take to determine the problem? Use the Administrators account to examine the permissions for user account Shawna. What is causing the problem? Shawnas user account name is misspelled. List the steps taken to fix the problem. Change user account name from Shauna to Shawna. Validate that security issue has been corrected. How did you validate the correction? Try to log on as the user Shawna. Shawna can now log on to the computer.

3. Log on to the computer as Devon. What problems did you find? Devon cannot log on to the computer. What steps did you take to determine the problem? Use the Administrators account to examine permissions for user account Devon. What is causing the problem? Incorrect password for Devons user account. List the steps taken to fix the problem. Change Devons account password from Cisco2222 to Cisco2100. Validate that security issue has been corrected. How did you validate the correction? Try to log on as the user Devon. Devon can now log on to the computer.

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 11

IT Essentials: PC Hardware and Software v4.1

Chapter 16 Lab/Instructor

4. Log on to the computer as Shawna and try saving text to the file C:\CiscoCCNA\ Exploration\Curriculum.txt.

What problems did you find? Shawna can save changes to files. What steps did you take to determine the problem? Use the Administrators account to examine users added to the groups Academy Student and Guests. What is causing the problem? User account Shawna is added to the wrong group. List the steps taken to fix the problem. Change Shawna from group Academy Student to group Guests. Validate that security issue has been corrected. How did you validate the correction? Log on as the user Shawna and try saving text to the file C:\CiscoCCNA\ Exploration\Curriculum.txt. Shawna should not be able to save the file. 5. Log on to the computer as Devon and try saving text to the file C:\CiscoCCNA\ Exploration\Curriculum.txt.

What problems did you find? Devon is a member of the group Academy Student. Users in group Academy Student cannot access the Exploration folder. What steps did you take to determine the problem? Use the Administrators account to examine the Exploration folder group permissions for the group Academy Student. What is causing the problem? The Academy Student group is denied access to the folder. List the steps taken to fix the problem. Remove all Deny permissions from the folder Exploration for the group Academy Student. Validate that security issue has been corrected. How did you validate the correction? Log on as the user Devon and try saving text to the file C:\CiscoCCNA\ Exploration\Curriculum.txt. Devon should now be able to save the file.

2007-2011, Cisco Systems, Inc. All rights reserved.

Page 12