G->TechLink: G->Pointer's Technology Link

"While most consumers are likely using Chrome, Firefox, or Edge, a number of businesses still rely on Internet Explorer for older web apps that haven’t been modernized." "“Internet Explorer is a compatibility solution,” [..], rather than a browser that businesses should be using day to day for all web browsing activity. “We’re not supporting new web standards for it" Sources: Microsoft really doesn’t want you to use Internet Explorer anymore, The Verge The perils of using Internet Explorer as your default browser, Chris Jackson, Microsoft

Bottom line of the linked article is that the permissions should be managed at the NTFS level, while the share should be set to Everyone - Full Control. Sources: Best Practices for Share Permissions in Windows Server 2016

If you try gpedit.msc or secpol.msc > Security Settings > Account Policies > Password Policy > Maximum password age on a modern Windows Server domain system you will fail: The value (and all the others) are grayed out. The proper way to set the values for Password Policy as a Password Settings Object (PSO): adsiedit.msc Right-click and "Connect to..." and accept defaults ... Note for parameters of type "duration" you may use the so called I8 values or the more easy to read d:hh:mm:ss format. Sources: Configuring Granular Password Settings in Windows Server 2008 Creating a PSO using ADSI Edit Apply or modify password policy

Managing accounts with a security-first approach will help to avoid costly incursions. Sources: 10 Tips for Securing Active Directory Environments

By default a domain controller is a read/write domain controller. So, it can be used to authenticate against it, but also to e.g. set a new password. That password will then be replicated out to other domain controllers on your network. Why would you need a read-only domain controller now? In short: for security reasons (not performance, availability, ...). The assumption is that remote offices will be less secured than the company headquarters for many reasons (e.g. reducing IT costs on security). As such it is handy to have a local domain controller that clients can use to authenticate on-site. Yet, those should not be allowed to replicate data back to the central system, as they are assumed to be more vulnerable to attacks and breaches than the (hopefully) fortified HQ. Sources: Introduction to Active Directory Infrastructure in Windows Server 2012 @ ~20:00

Share permissions add up (you have permissions from multiple groups, so you get more permissions each). Folder/NTFS permissions add up (you have permissions from multiple groups, so you get more permissions each). BUT share and NTFS permissions added up together, actually limit down to the file permissions. E.g. you have read-write for the share, but only read from NTFS; subsequently you will only be able to read a file or folder, but not write to it. Sources: Security Fundamentals: Part 2 at about 40 min. Keywords: Security, Windows Server 2012 R2

C onfidentiality deals with keeping information, networks and systems secure from unauthorized access. can be achieved by using encryption, authentication, and access control. S ecurity is defined as the consistency, accuracy, and validity of data or information. can be achieved by hashing. A vailability describes a resource being accessible to a user, application, or computer system when required. It should be well understood that those do actually contradict - especially confidentiality and availability. Confidentiality (keep data from people) VS Availability (get people to data). The key is that you want to be able to give access at the appropriate data at the appropriate time. This then directly connects to the next slide: Least Privilege Users, applications and systems should have no more privilege than necessary to perform their function or job. Attack Surface Set of methods and avenues an attacker can use to enter a system and potentia...

Networking - allowing your users access to resources Security - keeping people away from resources Sources: Security Fundamentals: Part 1 at about 6 min. Keywords: Security, Windows Server 2012 R2, Microsoft