2.2 Given a scenario, configure and apply basic Microsoft Windows OS security settings.
📘CompTIA A+ Core 2 (220-1202)
What is Active Directory?
Active Directory (AD) is a centralized directory service used in Windows domain environments.
It is managed on a Windows Server and allows administrators to:
- Manage users, computers, and groups from one place
- Control logins, permissions, and security settings
- Apply rules (policies) automatically to many computers and users
AD is used in business and enterprise IT environments, not on standalone home PCs.
Domain vs Workgroup (Exam Reminder)
| Workgroup | Domain |
|---|---|
| Local users only | Centralized user accounts |
| Each PC managed separately | Managed from a server |
| No central policies | Uses Group Policy |
| Home / small setups | Business environments |
Active Directory works only in a domain.
1. Joining a Domain
What does “joining a domain” mean?
Joining a domain means connecting a Windows computer to an Active Directory domain so that:
- Users can log in using domain credentials
- The computer receives Group Policy settings
- IT admins can manage it centrally
Requirements to Join a Domain
- Windows Pro, Enterprise, or Education edition
(Windows Home cannot join a domain) - Network connection to the Domain Controller (DC)
- Domain name (example:
company.local) - Domain account with permission to join computers
What Happens After Joining?
- A computer account is created in Active Directory
- Domain users can log in on that computer
- Security policies are applied automatically
Exam Tips
- Domain join = centralized authentication
- Requires Active Directory Domain Services (AD DS)
- Computer becomes a domain member
2. Assigning Log-in Scripts
What is a Log-in Script?
A log-in script is a script that runs automatically when a user logs in to a domain.
It is commonly used to:
- Map network drives
- Connect network printers
- Set environment variables
Where Are Log-in Scripts Assigned?
Log-in scripts are assigned:
- To user accounts in Active Directory
- Or through Group Policy
They are stored on the domain controller (usually in the SYSVOL folder).
How It Works (Conceptually)
- User logs in with domain credentials
- Active Directory checks the user account
- Assigned script runs automatically
Exam Tips
- Runs at user log-in
- Used for automation
- Managed centrally
3. Moving Objects Within Organizational Units (OUs)
What is an Organizational Unit (OU)?
An Organizational Unit (OU) is a container in Active Directory used to organize:
- Users
- Computers
- Groups
OUs help administrators apply policies and permissions efficiently.
Why Move Objects Between OUs?
Objects are moved to:
- Apply different Group Policies
- Match department or role
- Improve administration and security
Example (IT environment):
- Moving a user from
Sales OUtoHR OU - The user now receives HR-specific policies
Important Exam Point
- Group Policy is applied based on OU location
- Moving an object changes what policies apply
4. Assigning Home Folders
What is a Home Folder?
A home folder is a personal network storage location assigned to a user.
It is typically stored on a file server, not on the local computer.
Purpose of Home Folders
- Central storage for user files
- Accessible from any domain computer
- Easier backup and data management
How Home Folders Work
- Each user gets a unique folder
- Permissions ensure only that user can access it
- Folder path is defined in the user account properties
Exam Tips
- Home folders are user-specific
- Stored on a network share
- Controlled by NTFS and share permissions
5. Applying Group Policy
What is Group Policy?
Group Policy is a tool that allows administrators to enforce settings automatically on users and computers.
It controls:
- Security settings
- Desktop restrictions
- Password policies
- Software settings
Group Policy Objects (GPOs)
A Group Policy Object (GPO) is a collection of rules.
GPOs can be linked to:
- Sites
- Domains
- Organizational Units (OUs)
User vs Computer Policies
| User Policy | Computer Policy |
|---|---|
| Applies to user account | Applies to device |
| Follows user | Applies regardless of who logs in |
| Example: desktop restrictions | Example: firewall settings |
Order of Application (LSDOU)
Policies apply in this order:
- Local
- Site
- Domain
- OU
Later policies can override earlier ones.
Exam Tips
- Group Policy = centralized control
- Applied automatically
- Depends on OU placement
6. Selecting Security Groups
What Are Security Groups?
Security groups are used to assign permissions to resources such as:
- Files and folders
- Printers
- Network shares
Instead of assigning permissions to users individually, permissions are given to groups.
Common Security Group Types
- Domain Users
- Domain Admins
- Custom departmental groups
Why Use Security Groups?
- Easier permission management
- Better security control
- Follows least privilege principle
Exam Tips
- Users are added to groups
- Permissions are assigned to groups
- Reduces administrative work
7. Configuring Folder Redirection
What is Folder Redirection?
Folder redirection moves common user folders (such as Documents or Desktop) from:
- Local computer
➡ to - Network location (server)
This is done using Group Policy.
Why Use Folder Redirection?
- User data is stored centrally
- Data is backed up easily
- Users can log in to different computers and access the same files
Key Exam Concept
- Folder redirection is not roaming profiles
- It redirects specific folders only
- Configured using Group Policy
Summary for Exam Review
| Topic | Key Exam Point |
|---|---|
| Active Directory | Centralized user and computer management |
| Joining domain | Connects PC to AD |
| Log-in scripts | Run at user log-in |
| Organizational Units | Control Group Policy application |
| Home folders | Network-based user storage |
| Group Policy | Enforces security and settings |
| Security groups | Assign permissions efficiently |
| Folder redirection | Stores user data on server |
Final Exam Notes
- Active Directory is server-based
- Most AD tasks are done through centralized management
- Group Policy and OUs are core exam topics
- Always think in terms of enterprise IT environments
