Users and groups in Microsoft Windows OS refer to the different accounts that can be created for accessing the system. Here are the different types of accounts:
1. Local vs. Microsoft account: A local account is created on a specific computer, while a Microsoft account is created through Microsoft's website and can be used to sign in to multiple devices.
2. Standard account: This is a basic user account that can perform most common tasks on the system but cannot make significant changes to the system settings.
3. Administrator: This is a user account with full control over the system and its settings. It can install and uninstall software, create and manage user accounts, and change system settings.
4. Guest user: This is a limited account that provides temporary access to the system.
5. Power user: This is a user account with some administrative privileges, such as the ability to install and remove software and drivers, but with some restrictions on other system settings.
These accounts and groups can be managed through the User Accounts Control Panel or the Local Users and Groups management console. The settings for these accounts can be configured to control access and permissions to various resources on the system.
Login OS options
Additionally, here are some more login OS options:
Smart card: The user inserts a smart card into a card reader attached to the computer and then enters a PIN to authenticate.
Security token: Similar to a smart card, a security token is a small device that generates a unique code every few seconds that the user enters along with their password to authenticate.
One-time password: The user receives a unique, time-limited password via SMS or email that they enter along with their regular password to authenticate.
Certificate-based authentication: The user presents a digital certificate issued by a trusted authority to authenticate.
Windows Hello: This is a more advanced form of biometric authentication that can recognize faces, fingerprints, and even iris patterns to log in.
NTFS vs. share permissions
NTFS (New Technology File System) permissions are applied to local or remote users, whereas share permissions are applied only to network users who access shared resources.
NTFS permissions provide more granular control over access to files and folders, whereas share permissions provide basic access control for shared resources.
NTFS permissions can be set for specific files and folders, whereas share permissions apply to the entire shared resource.
NTFS permissions are cumulative, which means that a user's effective permissions are a combination of their own permissions and the permissions granted to the groups they belong to. Share permissions are not cumulative.
Run as administrator vs. standard user:
Standard user accounts are more restricted in terms of system access than administrator accounts.
Running as an administrator allows a user to perform tasks that require elevated privileges, such as installing software or making changes to system settings.
User Account Control (UAC) is a security feature in Windows that prompts users for permission before allowing certain actions to be performed. It helps prevent unauthorized changes to the system by limiting the privileges of standard user accounts.
BitLocker and BitLocker To Go:
BitLocker is a full disk encryption feature in Windows that encrypts the entire system drive, protecting the operating system and user data from unauthorized access.
BitLocker To Go is a feature in Windows that allows removable storage devices (such as USB drives) to be encrypted using BitLocker, providing an additional layer of security for sensitive data.
Encrypting File System (EFS):
EFS is a feature in Windows that allows individual files and folders to be encrypted using a user's public key. Encrypted files and folders can only be accessed by the user who encrypted them, providing an additional layer of security for sensitive data.
