{ Creating Directories, ACLs, and using the icacls command}



Section 0. Background Information
Section 1. Login to your W2K8 server.
  1. Start your Windows 2008 Server
    • Instructions
      1. Click on W2K8 Server
      2. Click on Play virtual machine

     

  2. CRTL + ALT + DELETE
    • Instructions
      1. Virtual Machine
      2. Send Ctrl+Alt+Del

     

  3. Login as Administrator
    • Click on the Administrator icon.

     

  4. Login
    • Command: Provide the password for the Administrator account.

 

Section 2. Creating the TOPSECRET directory and assign the ACL
  1. Bring Up Computer (a.k.a., Windows Explorer)
    • Instructions:
      1. Start –> Computer

     

  2. Select the C: Drive
    • Instructions:
      1. Double Click on “Local Disk (C:)”

     

  3. Create a New Folder
    • Instructions:
      1. File –> New –> Folder

     

  4. Create a folder named “TOPSECRET”
    • Instructions:
      1. Type TOPSECRET

     

  5. Go to the properties of the “TOPSECRET” folder
    • Instructions:
      1. Right Click on the TOPSECRET folder
      2. Select Properties

     

  6. Select the Security Tab.
    • Instructions:
      1. Click on the Security Tab.
      2. Select the Edit… Button.

     

  7. Adding Users
    • Instructions:
      1. Click the Add… Button

     

  8. Add Users Directory
    • Instructions:
      1. In the Text Box type “Boss” and Click the Check Names Button.
      2. In the Text Box type “Team” and Click the Check Names Button.
      3. In the Text Box type “Worker” and Click the Check Names Button.
      4. Click OK

     

  9. Remove the Team Lead’s permissions
    • Instructions:
      1. Click on Team Leader (teamlead@security.student)
      2. Under the Deny Column, Click on Full Control
      3. Click Apply

     

  10. Confirm Windows Security Warning
    • Instructions:
      1. Click Yes Button

     

  11. Remove the Team Lead’s permissions
    • Instructions:
      1. Click on Worker Bee (workerbee@security.student)
      2. Under the Deny Column, Click on Full Control
      3. Click Apply
      4. Click OK

     

  12. Remove the Team Lead’s permissions
    • Instructions:
      1. Click OK

     

  13. Remove the Team Lead’s permissions
    • Instructions:
      1. Start –> Command Prompt
      2. icacls C:\TOPSECRET
      3. date
      4. echo “Your Name”
        • Replace “Your Name” with your actual name.
        • e.g., echo “John Gray”
    • Proof of Lab Instructions:
      1. Do a PrtScn
      2. Paste into a word document
      3. Upload to Moodle.
    • Note:
      • Users teamlead and worker both have lines that end with (N), which mean no permissions.
      • User manager’s line end with “(RX)” which mean Read, Execute and list folder content Permissions.

 

Section 3. Testing out the ACL
  1. Switch User
    • Instructions:
      1. Start –> Switch User

     

  2. Log On
    • Instructions:
      1. Virtual Machine –> Send Ctrl+Alt+Del

     

  3. Select Other User
    • Instructions:
      1. Click on the Other User icon.

     

  4. Select Other User
    • Instructions:
      1. Login as teamlead
      2. The Password is the standard classroom password.
      3. Click the Blue Arrow next to the password box.

     

  5. Bring up Computer (a.k.a., Windows Explorer)
    • Instructions:
      1. Start –> Computer

     

  6. Select the C: Drive
    • Instructions:
      1. Double Click on “Local Disk (C:)”

     

  7. Select the C: Drive
    • Instructions:
      1. Double Click on the TOPSECRET folder
    • Note:
      • You should see a message saying you do not have permission to access this folder.

     

  8. Select the C: Drive
    • Instructions:
      1. Start –> Command Prompt
      2. cd C:\TOPSECRET
      3. icacls C:\TOPSECRET
    • Note:
      • This is the DOS view of access being denied to both the change directory and icacls commands.

     

Section 6. Proof of Lab
  1. Complete Section 2, Step 13.Start Up the Command Prompt
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: