Lab – Permissions (Answer Version)

Answer Note: Red font color or gray highlights indicate text that appears in the Answer copy only.

Objectives

In this lab, you will explore the difference between running as administrator and standard user. You will also review the inherited permission of files and folders and encrypt files and folders.

Part 1: User Account Control (UAC)

Part 2: Permission Inheritance

Part 3: Encrypting File System (EFS)

Recommended Equipment
A Windows device
Instructions
Part 1:User Account Control (UAC)

User Account Control (UAC) is a Windows security feature that helps prevent malware from causing damage to your PC by exploiting the privileges of the Administrators group. UAC also allows standard users to perform tasks that require elevated privileges within their session.

Step 1:Create a regular user account.
a.Log in to Windows using an account with administrative privileges. To verify that the account has administrative privileges, click Start > Settings > Accounts > Your info. Under your username, you should see Administrator to indicate that this account is part of the Administrators group.
b.Click Family & other users to add another user account.
c.Click Add someone else to this PC (or Add account in Windows 11) if there is not a standard user account on this PC. Provide the information necessary to create a new user account.
Step 2:Run as administrator vs. standard user
a.Still logged as the user with administrative rights, run Windows Powershell as an administrator. Click Start > expand the Windows Powershell folder > right-click Window Powershell > select Run as Administrator.

Question:

Did you need to provide your password to allow this app to make changes? Explain your answer.

Type your answers here.

No password is needed because the loggedin user has administrative privileges.

b.Click No to exit the UAC prompt.
c.Now log in as a standard user and run Windows Powershell as an administrator.

Question:

Did you need to provide your password to allow this app to make changes? Explain your answer.

Type your answers here.

An administrator’s password is needed because the loggedin user does not have administrative privileges.

d.Click No to exit the UAC prompt.
Part 2:Permission Inheritance
Step 1:Review folder permissions
a.Log in to an administrative account. Navigate to C:\ with File Explorer and create a folder with a name of your choice.
b.Right-click the newly created folder and select Properties.
c.Navigate to the Security tab.

Questions:

Which group or usernames have full control of the folder?

Type your answers here.

SYSTEM and Administrators.

d.Click Advanced to review permissions in detail.
e.Click Effective Access. Click Select a user.
f.Enter the username of current account in the Enter the object name to select (example). Click Check Names to verify the object name is correct. Click OK to continue.
g.Click View effective access to view the current permission. Note this user has full control of this folder. Click OK when done.
h.Click Select a user and enter the username of newly created user in this activity. Click Check Names to verify and click OK. Click View effective access to view the current permissions. Note this user does not have the same permissions. Click OK.
i.Click OK to exit the Properties window.
Step 2:Inherited permission
a.Within your newly created folder, create a new text file. Right-click the blank space and select New > Text Document. Name the file.
b.Right-click the newly created file and select Properties. In the Security tab, click Advanced > Effective Access > Select a user. Review the permissions of both users.

Question:

How do the file permissions compare to the folder permissions? Where did the file get the permission?

Type your answers here.

The file inherited its permission from the folder permission.

c.Click the Permission tab.

Question:

What else can you do in this tab?

Type your answers here.

You can change the owner, add, remove, or view the permission entry, and disable inheritance.

d.Click OK to exit Advanced Security Settings.
e.Login as the other user.

Question:

Does the permission align with the effective permission? What did you try to do?

Type your answers here.

The permission is the same as the effective permission.

Part 3:Encrypting File System (EFS)

You can encrypt individual files and folders.

Note: EFS is not available in Home edition.

a.Create a new folder in C:\ and add a file to the new folder.
b.Right-click the new file. Navigate to the General tab in the Properties window. Click Advanced.
c.In the Advanced Attributes window, select Encrypted contents to secure data and click OK.
d.Click OK to close the Properties window. Select Encrypt the file and its parent folder (recommended) and click OK when prompted by the Encrypted Warning. The folder and its contents are now encrypted.
e.Log in to another user’s account.
f.Attempt to make edits to the newly encrypted file with the other user.

Question:

What happened when you attempted to make edits to the file?

Type your answers here.

You do not have permission to open the file. You need to get permission from the owner or administrator.

Part 4:Cleanup

Remove any files, folders or user accounts that were created during this activity.

a.Log in with the accounts and navigate to C:\ and remove any files or folders during this activity.
b.Delete the new local user account. Click Start > Settings > Accounts > Family & other users. Select and remove the local user account that was created for this activity.

End of document