You are on page 1of 7

W IDGET S ALES C OMPANY

Secure Internal Network

Brendan Timmons, ID: 040313472


12/1/2007
Widget Sales Company: Secure Internal Network 12/1/2007

WIDGET SALES COMPANY


Secure Internal Network

Table of Contents
User Accounts ................................................................................................................................. 2
User Accounts Table ...................................................................................................................... 2
NTFS File and Folder Permissions ............................................................................................... 3
NTFS Permissions for Files & Folders: ........................................................................................ 4
User Profiles ................................................................................................................................... 5
Local User profile ....................................................................................................................... 5
Roaming profile........................................................................................................................... 5
Mandatory Profile ....................................................................................................................... 5
Auditing Procedures ...................................................................................................................... 5
Printing Requirements .................................................................................................................. 6
Backups........................................................................................................................................... 6

Brendan Timmons 1
Widget Sales Company: Secure Internal Network 12/1/2007

USER ACCOUNTS

A user account defines the actions a user can perform in Windows. On a stand-alone
computer or a computer that is a member of a workgroup, a user account establishes the
privileges assigned to each user. On a computer that is part of a network domain, a user
must be a member of at least one group, by default all users are part of the ‘users’ group and
cannot be removed from the group. Permissions and user rights are typically assigned to
groups instead of individual users. By adding a user to a group, you give the user all the
permissions and user rights assigned to that group.

The User Accounts applet allows you to add users to your computer/domain and to add those
users to a group, it also allows you to define the users password, if it has to be changed upon
their first login and a whole other number of variables to do with that account

USER ACCOUNTS TABLE

User Name First Name Last Name Group

JJones Jill Jones CEO


PSmith01 Phillipa Smith Accounting
Manager
JJones01 Jim Jones Sales Manager
AHall01 Alex Hall HR Manager
SHoward Sally Howard IT Manager
AHall Allen Hall Accounting
GNG01 Gerry NG Accounting
SGill Sue Gill Sales
PSmith Phillip Smith Sales
FMoney Fred Money HR
GNg Gary NG IT
JWeb Jim Web IT

Brendan Timmons 2
Widget Sales Company: Secure Internal Network 12/1/2007

NTFS FILE AND FOLDER PERMISSIONS

Use NTFS permissions to specify which users and groups can gain access to files and folders,
and what they can do with the contents of the file or folder. The permissions you assign for
folders are different from the permissions you assign for files. You assign folder permissions
to control the access that users have to folders and to the files and subfolders that are
contained within the folder. The table below lists the standard NTFS folder and file
permissions that you can assign and the type of access that each provides.

NTFS Folder Permission Allows the User To


Change permissions, take ownership, and delete subfolders and files,
Full Control
plus perform actions permitted by all other NTFS folder permissions
Delete the folder plus perform actions permitted by the Write
Modify
permission and the Read & Execute permission
Move through folders to reach other files and folders, even if the users
do not have permission for those folders, and perform actions
Read & Execute
permitted by the Read permission and the List Folder Contents
permission
List Folder Contents See the names of files and subfolders in the folder
See files and subfolders in the folder and view folder ownership,
Read permissions, and attributes (such as Read-only, Hidden, Archive, and
System)
Create new files and subfolders within the folder, change folder
Write
attributes, and view folder ownership and permissions

NTFS File Permission Allows the User To


Change permissions and take ownership, plus perform the actions
Full Control
permitted by all other NTFS file permissions
Modify and delete the file plus perform the actions permitted by the
Modify
Write permission and the Read & Execute permission
Run applications plus perform the actions permitted by the Read
Read & Execute
permission
Read Read the file, and view file attributes, ownership, and permissions
Overwrite the file, change file attributes, and view file ownership and
Write
permissions

Brendan Timmons 3
Widget Sales Company: Secure Internal Network 12/1/2007

NTFS PERMISSIONS FOR FILES & FOLDERS:

Path User Account NTFS Block Shared? Shared F older


or Group Permissions Inheritance Permissions
Apps Administrators R/W Y Y RC
Apps\WordDocs Users R N
Apps\Spreadsheets Acc, Man, CEO R N
Apps\Database Acc, Man, CEO R N
DepartmentData Users R/W Y Y RC
DepartmentData\Accounting Accountants R/W Y
CEO R
DepartmentData\HR HRStaff R/W Y
CEO R
DepartmentData\IT SallyHoward R/W Y
ITStaff R
DepartmentData\Sales SalesStaff R/W Y
CEO R
Public Users R/W N Y RC
Public\Manuals CEO R/W Y
Public\Policy Users R Y
Profiles Users R/W N Y RC
Profiles\Accountants Administrators FC Y
Accountants\AHall AllenHall FC Y
Accountants\GNg GerryNg FC Y
Profiles\Managers Administrators FC Y
Managers\AHall01 AlexHall FC Y
Managers\JJones JillJones FC Y
Managers\JJones01 JimJones FC Y
Managers\PSmith PhillipaSmith FC Y
Managers\SHoward SallyHoward FC Y
Users Users R/W N Y RC
Users\AHall01 AlexHall FC Y
Users\AHall AllenHall FC Y
Users\FMoney FredMoney FC Y
Users\GNG01 GaryNg FC Y
Users\GNG GerryNg FC Y
Users\JJones JillJones FC Y
Users\JJones01 JimJones FC Y
Users\JWeb JimWeb FC Y
Users\PSmith PhillipaSmith FC Y
Users\PSmith01 PhillipSmith FC Y
Users\SHoward SallyHoward FC Y
Users\SGill SueGill FC Y

Brendan Timmons 4
Widget Sales Company: Secure Internal Network 12/1/2007

USER PROFILES

A user profile defines customized desktop environments, such as individual display, and
network and printer connections settings. You can define your desktop environment for user
profiles. Types of user profiles include:

Local User profile


A local user profile is created the first time you log on to a computer and is stored on the
computer's Hard Drive. Any changes made to the local user profile are specific to the
computer on which the changes are made.

Roaming profile
Roaming profiles are created by your system administrator and are stored on the Server or
Domain. Having Roaming Profiles allow your profile is available every time you log on to any
computer on the network. Any changes made to your roaming user profile will be updated on
the server.

Mandatory Profile
Mandatory user profiles, are just a roaming profile that has been modified so that it can be
used to specify particular settings for individuals or an entire group of users. Only system
administrators can make changes to mandatory user profiles.

AUDITING PROCEDURES
The auditing procedures implemented on the windows 2003 server are as follows.

Name Success Failure Reason for choice


Account logon events N/A X For security purposes to track
unauthorized account access
attempts.
Account management X X For security purposes to track
unauthorized account changes.
Directory service access N/A N/A
Logon events X X To track account activity.
Object Access X X Track what object users are
attempting to use.
Policy Change N/A N/A
Privilege use N/A X For security purposes to track
unauthorized access attempts to files
on the domain.
Process Tracking N/A N/A
System Events X X To track any changes to the security

Brendan Timmons 5
Widget Sales Company: Secure Internal Network 12/1/2007

log and user actions such as shutting


down or starting up a computer.

PRINTING REQUIREMENTS

Widget Sales Co. has two printers: a HP DeskJet 500 and a HP laser jet 4m. The Manager
and the CEO require use of the HP Laser Jet 4m. All other staff must use the HP DeskJet
500 printer. The CEO has requested that her work be given priority over all other jobs to
ensure priorities are given, the CEO has been assigned the printer priority of 99.

BACKUPS

Two types of backup procedures have been implemented into Widget Sales Co.’s Server. A
Normal and Incremental.

The Normal backup will backup all selected files and folders and clears the archive attribute
on these files and folders. And will run every Monday at 19:00

The Incremental backup will backup only those files that have changed since the last normal
backup or Incremental backup. And will take place from Tuesday – Friday at 19:00.

Brendan Timmons 6