SBR - Technical Education Training Center Inc.

COMMON COMPETENCY
Unit of Competency No. 2: PERFORM COMPUTER OPERATIONS
LO3. Access Information Using Computer

Information access is the freedom or ability to identify, obtain and make use
of database or information effectively.
There are various research efforts in information access for which the objective is
to simplify and make it more effective for human users to access and further
process large and unwieldy amounts of data and information.
Several technologies applicable to the general area are Information
Retrieval, Text Mining, Machine Translation, and Text Categorization.
During discussions on free access to information as well as on information policy,
information access is understood as concerning the insurance of free and closed
access to information. Information access covers many issues
including copyright, open source, privacy, and security.

Some Applications and APIs Require Access to Authorization

Information on Account Objects
Some applications have features that read the token-groups-global-and-universal
(TGGAU) attribute on user account objects or on computer account objects in the
Microsoft Active Directory service. Some Win32 functions make it easier to read

1 Contact Center Services NC II

 SBR - Technical Education Training Center Inc. 2

the TGGAU attribute. Applications that read this attribute or that call an API
(referred to as a function in the rest of this article) that reads this attribute do not
succeed if the calling security context does not have access to the attribute.

By default, access to the TGGAU attribute is determined by the Permission

Compatibility decision (made when the domain was created during the
DCPromo.exe process). The default permission compatibility for new Windows
Server 2003 domains does not grant broad access to the TGGAU attribute. Access
to read the TGGAU attribute can be granted as required to the new Windows
Authorization Access (WAA) group in Windows Server 2003.

The token-groups-global-and-universal (TGGAU) attribute is a dynamically

computed value on computer account objects and on user account objects in
Active Directory. This attribute enumerates the global group memberships and
the universal group memberships for the corresponding user account or
computer account. Applications can use the group information that is provided
by the TGGAU attribute to make various decisions about a specific user when the
user is not logged on.

For example, an application can use this information to determine whether a user
has been granted access to a resource that the application controls access for.
Applications that require this information can read the TGGAU attribute directly
by using either Lightweight Directory Access Protocol interfaces or Active
Directory Services Interfaces. However, Microsoft Windows Server 2003
introduced several functions (including
the AuthzInitializeContextFromSid function and the LsaLogonUser function)
that simplify reading and interpretation of the TGGAU attribute. Therefore,
applications that use these functions may unknowingly be reading the TGGAU
attribute.

For applications to be able to directly read this attribute or indirectly read this
attribute (through the use of an API), the security context that the application
runs in must have been granted read access to the TGGAU object on the user
objects and on the computer objects. You do not expect applications to assume
that they have access to TGGAU. Therefore, you can expect applications to be
unsuccessful when access is denied. In this situation, you (the user) may receive
an error message or a log entry that explains that access was denied while trying

2 Contact Center Services NC II

 SBR - Technical Education Training Center Inc. 3

to read this information, and that provides instructions about how to obtain
access (as described later in this article).

If you let someone use your computer, they could gain access to your saved
passwords, read your email, access all your files, and more. Instead of looking
over their shoulder, just use your operating system’s guest account feature.

Guest accounts are found on all desktop operating systems—from Windows and
Mac to Ubuntu, Chrome OS, and other Linux distributions. The Guest account
isn’t enabled by default on Windows, so you have to go out of your way to use it.

Why You Should Use Guest Accounts

There’s no need to create a dedicated user account for temporary guest users. The
built-in guest account gives your friend limited access, allowing you to leave them
alone with your computer and let them browse the web without giving them
access to all your passwords, private documents, email, social media accounts,
browser history, and everything else you do on your computer.

Guest accounts aren’t able to install software, configure hardware devices, change
system settings, or even create a password that applies to the guest account.
Guest accounts can shut down your computer—that’s about as much harm as
they can do.

The guest account allows users to browse the web and use typical applications, so
it’s a great way to give someone else access to your computer without feeling
compelled to look over their shoulder. Even someone you trust may not access
your personal data maliciously—they may open your browser, head to Gmail to
check their email, and see your inbox if you’re already logged in. They’d then have
to log out and log into their account, and you’d have to log back into your
accounts when they’re done. Avoid this headache by using the guest account
instead.

Enabling the Guest Account in Windows

Enabling the guest account is different for Windows 7 and 8 than it is for
Windows 10. In Windows 7 and 8, you can enable the guest account pretty

3 Contact Center Services NC II

 SBR - Technical Education Training Center Inc. 4

easily. From the desktop, click the Start menu and start typing “user accounts.”
Click on “User Accounts” in the search results. From this menu window, click
“Manage another account.”

How to Create a Guest Account in Windows 10

Windows 10, unfortunately, hides this feature a bit…partly because Microsoft

would like you to exercise a bit of data security, and partly because they’d like
everyone to use official Microsoft user accounts. Enabling the guest (or “Visitor”
account) requires Administrator access and a bit of command-line legwork,
but it’s all explained in this guide.

Once you’ve enabled the guest account, it will be appear as a separate user
account in the bottom left corner of your login screen. Anyone can log in as the
guest account after booting your computer or accessing it when it’s locked.

You can log out of your current user account or use the Switch User feature to
stay logged in, keeping your programs open and your account locked while
allowing the guest to use your PC

Once they’re done, they can log out of the guest account. Note that their browsing
history, logged-in websites, and any other files or data they left lying around will
remain accessible to future users of your guest account. Guest users should log
out of any websites they accessed or just use a browser’s private browsing
feature inside the guest account.

If you’re worried about what files the guest user can access, feel free to log in as
the guest user and poke around. By default, files shouldn’t be accessible as long as
they’re stored in folders under your user folder at C:\Users\NAME, but files
stored in other locations like a D:\ partition may be accessible. You can lock
down any folders you don’t want guests to have access to with the security
properties dialog.

Sources:
https://www.bing.com/search?q=Access+Information+using+computer&cvid=7e93181b9faf47d6972398c1dcd601f
8&PC= ACTS&first= 21&FORM= PERE1
https://www.howtogeek.com/170269/how-to-let-someone-else-use-your-computer-without-giving-them-access-
to-all-your-stuff/

4 Contact Center Services NC II