W IDGET S ALES C OMPANY

Secure Internal Network

Brendan Timmons, ID: 040313472 12/1/2007

Widget Sales Company: Secure Internal Network

12/1/2007

WIDGET SALES COMPANY
Secure Internal Network

Table of Contents
User Accounts ................................................................................................................................. 2 User Accounts Table ...................................................................................................................... 2 NTFS File and Folder Permissions ............................................................................................... 3 NTFS Permissions for Files & Folders: ........................................................................................ 4 User Profiles ................................................................................................................................... 5 Local User profile ....................................................................................................................... 5 Roaming profile........................................................................................................................... 5 Mandatory Profile ....................................................................................................................... 5 Auditing Procedures ...................................................................................................................... 5 Printing Requirements .................................................................................................................. 6 Backups........................................................................................................................................... 6

Brendan Timmons

1

Widget Sales Company: Secure Internal Network

12/1/2007

USER ACCOUNTS
A user account defines the actions a user can perform in Windows. On a stand-alone computer or a computer that is a member of a workgroup, a user account establishes the privileges assigned to each user. On a computer that is part of a network domain, a user must be a member of at least one group, by default all users are part of the ‘users’ group and cannot be removed from the group. Permissions and user rights are typically assigned to groups instead of individual users. By adding a user to a group, you give the user all the permissions and user rights assigned to that group. The User Accounts applet allows you to add users to your computer/domain and to add those users to a group, it also allows you to define the users password, if it has to be changed upon their first login and a whole other number of variables to do with that account

USER ACCOUNTS TABLE
User Name JJones PSmith01 JJones01 AHall01 SHoward AHall GNG01 SGill PSmith FMoney GNg JWeb First Name Jill Phillipa Jim Alex Sally Allen Gerry Sue Phillip Fred Gary Jim Last Name Jones Smith Jones Hall Howard Hall NG Gill Smith Money NG Web Group CEO Accounting Manager Sales Manager HR Manager IT Manager Accounting Accounting Sales Sales HR IT IT

Brendan Timmons

2

Widget Sales Company: Secure Internal Network

12/1/2007

NTFS FILE AND FOLDER PERMISSIONS
Use NTFS permissions to specify which users and groups can gain access to files and folders, and what they can do with the contents of the file or folder. The permissions you assign for folders are different from the permissions you assign for files. You assign folder permissions to control the access that users have to folders and to the files and subfolders that are contained within the folder. The table below lists the standard NTFS folder and file permissions that you can assign and the type of access that each provides.

NTFS Folder Permission Full Control Modify

Read & Execute List Folder Contents Read Write

Allows the User To Change permissions, take ownership, and delete subfolders and files, plus perform actions permitted by all other NTFS folder permissions Delete the folder plus perform actions permitted by the Write permission and the Read & Execute permission Move through folders to reach other files and folders, even if the users do not have permission for those folders, and perform actions permitted by the Read permission and the List Folder Contents permission See the names of files and subfolders in the folder See files and subfolders in the folder and view folder ownership, permissions, and attributes (such as Read-only, Hidden, Archive, and System) Create new files and subfolders within the folder, change folder attributes, and view folder ownership and permissions

NTFS File Permission Full Control Modify Read & Execute Read Write

Allows the User To Change permissions and take ownership, plus perform the actions permitted by all other NTFS file permissions Modify and delete the file plus perform the actions permitted by the Write permission and the Read & Execute permission Run applications plus perform the actions permitted by the Read permission Read the file, and view file attributes, ownership, and permissions Overwrite the file, change file attributes, and view file ownership and permissions

Brendan Timmons

3

Widget Sales Company: Secure Internal Network

12/1/2007

NTFS PERMISSIONS FOR FILES & FOLDERS:
Path User Account or Group NTFS Permissions Block Inheritance Shared? Shared F older Permissions

Apps Apps\WordDocs Apps\Spreadsheets Apps\Database DepartmentData DepartmentData\Accounting DepartmentData\HR DepartmentData\IT DepartmentData\Sales Public Public\Manuals Public\Policy Profiles Profiles\Accountants Accountants\AHall Accountants\GNg Profiles\Managers Managers\AHall01 Managers\JJones Managers\JJones01 Managers\PSmith Managers\SHoward Users Users\AHall01 Users\AHall Users\FMoney Users\GNG01 Users\GNG Users\JJones Users\JJones01 Users\JWeb Users\PSmith Users\PSmith01 Users\SHoward Users\SGill

Administrators Users Acc, Man, CEO Acc, Man, CEO Users Accountants CEO HRStaff CEO SallyHoward ITStaff SalesStaff CEO Users CEO Users Users Administrators AllenHall GerryNg Administrators AlexHall JillJones JimJones PhillipaSmith SallyHoward Users AlexHall AllenHall FredMoney GaryNg GerryNg JillJones JimJones JimWeb PhillipaSmith PhillipSmith SallyHoward SueGill

R/W R R R R/W R/W R R/W R R/W R R/W R R/W R/W R R/W FC FC FC FC FC FC FC FC FC R/W FC FC FC FC FC FC FC FC FC FC FC FC

Y N N N Y Y Y Y Y N Y Y N Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Y Y Y

Y

RC

Y

RC

Y

RC

Y

RC

Y

RC

Brendan Timmons

4

Widget Sales Company: Secure Internal Network

12/1/2007

USER PROFILES
A user profile defines customized desktop environments, such as individual display, and network and printer connections settings. You can define your desktop environment for user profiles. Types of user profiles include:

Local User profile
A local user profile is created the first time you log on to a computer and is stored on the computer's Hard Drive. Any changes made to the local user profile are specific to the computer on which the changes are made.

Roaming profile
Roaming profiles are created by your system administrator and are stored on the Server or Domain. Having Roaming Profiles allow your profile is available every time you log on to any computer on the network. Any changes made to your roaming user profile will be updated on the server.

Mandatory Profile
Mandatory user profiles, are just a roaming profile that has been modified so that it can be used to specify particular settings for individuals or an entire group of users. Only system administrators can make changes to mandatory user profiles.

AUDITING PROCEDURES
The auditing procedures implemented on the windows 2003 server are as follows. Name Account logon events Account management Directory service access Logon events Object Access Policy Change Privilege use Process Tracking System Events Success N/A X N/A X X N/A N/A N/A X Failure X X N/A X X N/A X N/A X Reason for choice For security purposes to track unauthorized account access attempts. For security purposes to track unauthorized account changes. To track account activity. Track what object users are attempting to use. For security purposes to track unauthorized access attempts to files on the domain. To track any changes to the security

Brendan Timmons

5

Widget Sales Company: Secure Internal Network

12/1/2007 log and user actions such as shutting down or starting up a computer.

PRINTING REQUIREMENTS
Widget Sales Co. has two printers: a HP DeskJet 500 and a HP laser jet 4m. The Manager and the CEO require use of the HP Laser Jet 4m. All other staff must use the HP DeskJet 500 printer. The CEO has requested that her work be given priority over all other jobs to ensure priorities are given, the CEO has been assigned the printer priority of 99.

BACKUPS
Two types of backup procedures have been implemented into Widget Sales Co.’s Server. A Normal and Incremental. The Normal backup will backup all selected files and folders and clears the archive attribute on these files and folders. And will run every Monday at 19:00 The Incremental backup will backup only those files that have changed since the last normal backup or Incremental backup. And will take place from Tuesday – Friday at 19:00.

Brendan Timmons

6