Summary

You should be able to manage and troubleshoot Windows network settings, configure users and share permissions in workgroup environments, and summarize Active Directory/domain concepts.

Guidelines for Managing Windows Networking

Follow these guidelines to manage Windows networks:

  • Document the Internet Protocol (IP) addressing scheme to identify appropriate subnet mask, gateway, and DNS settings. Identify hosts that- would benefit from static addressing, but plan to use dynamic configuration for most hosts.
  • Document wired and wireless connection support and any special considerations, such as proxy settings for Internet access, metered connection- configuration for WWAN, and VPN type and server address.
  • Use setup and monitoring checklists and tools to ensure proper configuration of local OS firewall settings, including public versus private- network types and application restrictions and exceptions.
  • Use the principle of least privilege to configure user accounts within security groups with the minimum required permissions. Ensure that UAC- is enabled to mitigate risks from misuse of administrator privileges.
  • Consider replacing password-based local login and SSO authentication with MFA and/or passwordless authentication and sign-in verification,- using email, hard token, soft token, SMS, voice call, and authenticator applications.
  • Design ACL permissions on folders to support policy goals, taking account of share versus NTFS permissions and inheritance.
  • Make training and education resources available to users to help them use File Explorer navigation and select appropriate network paths for- accessing file shares, printers, mapped drives, and home folders.
  • Develop a knowledge base to document use of command-line tools to resolve common issues (ipconfig, ping, hostname, netstat, nslookup, tracert,- pathping, net user, net use, gpupdate, and gpresult).
  • Consider that a large or growing network might be better supported by implementing an Active Directory domain with support for network-wide- security groups, OUs, group policy, login scripts, and roaming profiles/folder redirection.