Introduction

Let's kick-off this chapter with an introduction to some Windows concepts.

We'll cover the following

Windows is common

Odds are most of the computers where you work run Windows. So let’s take a look at some security advice that’s specific to Windows. Most of the advice in this chapter echoes more general advice from previous chapters, but we’ll see a couple of Windows-specific applications of that advice. We’ll also take a look at Mimikatz, a widely used tool for stealing Windows passwords, as well as some defenses against it.

Reporter: “Why do you rob banks?”
Willie Sutton, bank robber: “Because that’s where the money is.”

➤ Willie Sutton (apocryphal)

Windows users

We’re going to start out with some foundational Windows concepts before we move into best practices. Let’s start with users. There are two main types of interactive user accounts in Windows—administrators and standard users. Administrators are able to install software and make significant changes to the system. Standard users don’t have these permissions but are able to run installed software.

There is one other kind of user, but it’s not an interactive user. It’s called SYSTEM and it’s the user that does work on behalf of Windows itself. Because it works on behalf of the operating system, it has complete permissions to everything on that computer. We’ll come back to this a little later in the chapter.

When you have more than a handful of computers on your network, you’ll want some things to be centrally controlled and managed. These would be things like user definition and user credentials (hashed passwords, not plaintext passwords as we saw in Password Storage). In a Windows network, this grouping of computers along with its centralized control systems is called a domain. Users can be defined either on a domain, which means they can log in on computers throughout the domain, or they can be defined locally, which means they can only log in on the one computer they’re defined on.

                                                 Q U I Z  

Get hands-on with 1400+ tech skills courses.