Table 6-14 Recommended Preventive Maintenance Tasks in Windows

Task	Benefit	How to Perform
Scheduled disk	Find and correct drive	Use Check Now on the Tools tab for
check	problems before they cor-	drive properties; select option to schedule
	rupt data.	on next startup or use Task Scheduler.
Scheduled	Fragmented files take lon-	Use Defragment Now on Tools tab
defragmentation	ger to load and slow down	of drive properties; click Configure
	the system.	Schedule.
Windows	Updates to Windows and	Run Windows Update from the Control
update	Microsoft applications	Panel and select Change Settings to con-
	solve problems and might	figure.
	add new features.

 

Patch manage- Roll out new updates only ment after testing on a variety of supported systems in your

 

organization.

Use the Windows Server Update Service (WSUS) on Windows Server 2003 SP2 or later to manage rollout of patch updates.

 

Driver/firmware	Updates fix bugs and might	Driver updates can come through Windows
updates	improve performance;	Update or by manual download; firmware
	firmware updates can also	updates can be downloaded manually or
	add support for new tech-	installed through Windows System Center
	nologies.	Configuration Manager 2007 or later.
Antivirus	Updates improve virus	Updates for Microsoft antivirus programs
updates	detection and removal.	can be installed via Windows Update; for
		third-party programs, use the programs’
		own update routes.
File backup	Guard against loss of	In Windows XP, use NTBackup or
	important files.	the Backup Wizard for file backup; in
		Windows Vista, use File Backup; in
		Windows 7, use Backup and Restore.

 

Image backup Guard against loss of a

 

bootable system.

In Windows XP, use a third-party utility; Windows Vista Business and Ultimate can use Complete PC Backup; Windows 7 uses Backup and Restore.

 

System restore Revert to a previous (and

 

hopefully more stable)

 

environment if the current

 

environment is unstable.

 

Run from Control Panel; in Windows Vista and 7, can also be run from Windows Recovery Environment (Windows RE) bootable CD or disk partition.

128 CompTIA A+ Quick Reference

 

Operating System Security Settings

 

Windows includes several types of security settings, including users and groups, NTFS permis-sions, share (networking) permissions, system files and folders, and user authentication methods. To review the essentials, see the following sections.

 

Users and Groups

 

Windows XP, Vista, and 7 enable you to assign access rights to users by placing each user into one of the following groups:

 

Administrator —The most powerful group, administrators have complete access to allsystem functions and access to any user’s data on an NTFS volume. In Windows Vista and 7, administrators can bypass User Account Control (UAC) prompts by clicking through the prompts.

 

Power Users —Power Users can modify computerwide settings, run legacy apps, installprograms that don’t change OS files or install system services, customize systemwide resources, create and manage local users and accounts, and stop and start system services not started by default. Windows Vista and 7 do not include this group, and are treated as standard users unless you create a custom security template for their use.

 

Standard Users —For security, it is recommended to have all users who don’t need admin-istrator-level access in this group (known as Users in Windows XP). These users are not allowed to make systemwide changes to the computer’s configuration (but they can modify their own account settings). In Windows Vista and 7, standard users can provide the pass-word of the computer’s administrator to bypass UAC and make changes needed.

 

Guest Account —The guest account is designed to permit guests (temporary users) accessto the system, but they can’t install software or hardware, change settings, or create a pass-word.

 

 

NTFS Permissions

 

Windows XP, Vista, and 7 support two types of access control to files and folders: NTFS permis-sions (enabled through the Security tab on a folder or file’s properties sheet) and Share permis-sions for networking. NTFS permissions are available only on drives formatted with NTFS, and (on Windows XP) only if Simple File Sharing has been disabled.

 

The Security tab (Figure 6-13) enables you to control access to the selected file or folder by allow-ing or denying permissions shown to selected users or groups:

 

Full Control —Enables any and all changes to a file, including deletion. Modify —File can be modified.

 

Read & Execute —File can be read and executed. Read —File can be read.

Chapter 6: Operating Systems 129

 

Write —File can be overwritten.

 

List Folder Contents —When viewing the permissions of a folder, this additional permis-sion is listed. It allows the user to view what is inside the folder.

 

Figure 6-13 The Security tab for a folder.

 

 

The Security tab has two sections. The top section shows the users and groups that have access to the selected file or folder. You can add or remove groups or users. The bottom section lets you specify the permissions available for the selected user or group.

 

To be able to copy a file or folder from one NTFS folder to another, you must have read permis-sion for the source folder and write permission for the destination folder. The copy inherits the permissions of the destination file or folder.

 

To be able to move a file or folder from one NTFS folder to another, you must have write and modify permissions for both source and destination folders. The moved item inherits the permis-sions of the source file or folder.

 

File attributes also control file access, and work with both drives formatted with either NTFS or FAT. Table 6-15 outlines the four file attributes, which can be seen on the General tab for a file or folder’s properties or by using the command prompt command dir /a followed by the letter listed below in Table 6-15 (dir /ar and so forth).

130 CompTIA A+ Quick Reference

 

Table 6-15 File Attributes

Attribute	Description	Mnemonic
Read-only	Allows anyone to read the file, but no one	r
	can change the content.
Archive	Flags the file to be backed up during sys-	a
	temwide backups.
System	Marks the file as a system (important) file.	s
	They should not be moved or modified.
Hidden	Hides sensitive files from the end users.	h

 

 

Share Permissions

 

You can specify share permissions for networking via the Sharing tab on the file or folder’s prop-erties sheet. Click Share to specify users and permission levels:

 

Owner is the creator of the file.

 

Read/write permission allows file read, change, delete. Read allows file read and copying.

 

Share permissions supersede NTFS permissions.

 

System Files and Folders

 

System files and folders are those essential to Windows startup. By default, Windows XP and later editions do not display system files and folders in Windows Explorer or from the command line. You can change the default file-viewing options for Windows Explorer to display system files and folders.

 

User Authentication

 

Windows supports single sign on network user authentication using Kerberos user authentication, but it is not enabled by default. It must be enabled through security policies by running gpedit.msc. Many different encryption options are available for Kerberos user authentication, and the server and client must be configured to use the same options.

Chapter 6: Operating Systems 131

 

Client-Side Virtualization

 

Virtual machines enable computers to run more than one operating system at the same time. For example, you can run Windows XP inside a window from a host computer running Windows 7 Professional or Ultimate editions. Benefits of virtualization include the following:

 

The ability to run older programs inside their intended operating system

 

Running different tasks at the same time on a computer to accomplish more in a given time-frame

 

Using more computing power in the same space

 

Reducing costs by replacing separate computers with virtual machines, eliminating duplica-tion of peripheral devices (mice, keyboards, displays) VMs do not need, and reducing cool-ing requirements (fewer PCs put out less heat)

 

Creating a safe “sandbox” for testing applications and procedures