Operating System Security - CompTIA Security+ SY0-701 - 4.5

Understanding Active Directory and Group Policy

Overview of Active Directory

• Active Directory (AD) is a central database that contains all components of a network, including computers, devices, user accounts, file shares, printers, and security groups.

• AD allows for centralized management of authentication; users log in using credentials stored within the AD database.

Access Permissions Management

• Permissions can be assigned individually to users or collectively to groups within Active Directory.

• Functions such as adding accounts, managing access rights, modifying passwords, and removing accounts are typically performed through AD.

Group Policy Integration

• Group Policy overlays security policies on the list of computers and users in AD, allowing configuration settings or permissions to be set for individual users or devices.

• The Group Policy Management Editor is used to configure login scripts and network configurations like quality of service and security parameters.

Discretionary vs. Mandatory Access Control

Linux Operating System Security Models

• By default, Linux operates under discretionary access control (DAC), where users assign their own rights and permissions.

• In secure environments where DAC is insufficient, mandatory access control (MAC) can be implemented via Security-Enhanced Linux (SELinux), allowing central administration of rights and permissions.

Principle of Least Privilege