InterviewStack.io LogoInterviewStack.io

Windows User Account and Access Management Questions

Managing user identities, accounts, and access on Windows systems including both local and domain environments. Topics include creating and modifying local and domain user accounts, password resets and policy enforcement, enabling and disabling accounts, and account lockout handling. Group management practices such as creating security groups, nested groups, assigning users to groups, and managing membership for least privilege. File system permission management using New Technology File System file system permissions and share permissions, covering read, write, execute, modify, and full control, plus permission inheritance and effective permission evaluation. Working with built in privileged groups such as local administrators and domain administrators, and understanding User Account Control elevation and when administrative privileges are required. Common administrative tools and interfaces such as the Services console for related tasks, Computer Management, Active Directory Users and Computers, command line utilities, and PowerShell for interactive management and audit reporting.

HardTechnical
92 practiced
Describe the security trade-offs of granting helpdesk staff the ability to 'Join a computer to the domain' or granting them temporary local admin rights on workstations. Consider potential lateral movement vectors, persistence, and auditing controls you would apply if this capability is necessary.
HardTechnical
75 practiced
Explain how Fine-Grained Password Policies (FGPP/Password Settings Objects) work in Active Directory. Discuss limitations, how PSOs are applied to users/groups, conflicts with domain password policy, and replication considerations in multi-domain-controller environments.
MediumSystem Design
91 practiced
You need to implement an account lifecycle for contractors that automatically disables accounts after an access end date and re-enables after approval. Describe a design using AD attributes, scheduled tasks or automation (PowerShell), and integration points with HR or an identity provider. Include rollback and audit considerations.
MediumSystem Design
85 practiced
Design a Group Policy-based solution to enforce a company-wide account lockout policy that applies to all domain users but excludes a small set of service accounts that need higher thresholds. Describe steps, where to apply settings, and how to implement exceptions (do not assume FGPP is not available — discuss both options).
HardTechnical
87 practiced
You suspect a privileged domain account was used to access sensitive shares and exfiltrate data. Detail the incident response steps you would take specific to Windows account and access management: containment actions, forensic evidence collection (which logs and artifacts), account remediation (rotation/disable), and steps to determine scope of access.

Unlock Full Question Bank

Get access to hundreds of Windows User Account and Access Management interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.