For some users, problems begin before they even log on. Authentication, the process of identifying users and validating their credentials, can be very complex in a Windows 7 environment. Although home users might never run into problems typing their user names and passwords, in Active Directory Directory Services (AD DS) environments, users authenticate to domain controllers and other servers on the network. In addition, authentication can use smart cards or biometrics as well as passwords. User Account Control (UAC) adds another layer of complexity because a user might use multiple sets of credentials within a single session.

In recent years, more and more security compromises are initiated when users visit a Web site. For example, Web sites might trick the user into providing confidential information, or they might exploit a vulnerability in the browser to run code without the user's explicit permission. In Windows 7, Windows Internet Explorer 8.0 includes several features to reduce this risk.

Though network attacks are the most widespread, the increase in mobile users has led to an increase in physical data theft. If someone steals a computer, he or she can bypass all your security controls except encryption. Windows 7 provides two ways to encrypt the files on your computer: Encrypting File System (EFS), which encrypts individual files and folders on a per-user basis, and BitLocker, which encrypts entire volumes.

This chapter describes how to configure and troubleshoot authentication, Internet Explorer, EFS, and BitLocker.

Exam objectives in this chapter:

Lessons in this chapter: