| |
Windows 2000 Security
Introduction to security
Key Topics
NTFS Security
NTFS Security Permissions
Domains and Workgroups
Windows For Workgroup
Workgroup SAM
Domains Centralized Database
SAM and Active Directory
Computer Account
User Accounts
Kerberos Protocol
Users In Database
What Is A Group
Combined Permission
Types Of Groups
Sharing Permissions
Hidden Folders
Automatically Hidden Folder
Sharing Permissions
Networking Permission
NTFS And Sharing
Level of Restriction
Local Users And Groups
Local Security Policy
Questions
|
-
Windows
2000
security
is built around its NTFS
filing
system that secures access to the storage device.
-
Within windows 2000 we can add
individual users and groups and assign them with the associated
permissions
to access the system both
locally and through the network
.
-
The system also has a local
security policy controlling security rules within the system, which
applies to all the users within the system
-
NTFS
Security
-
Domains and Workgroups
-
Windows for Workgroup
-
Workgroup
SAM
-
SAM
and Active Directory
-
Computer Account
|
-
Users
in Database
-
Groups and User Accounts
-
Types Of Groups
-
Sharing
Permission
-
NTFS
and Sharing
-
User
Manager
|
NTFS
Security
-
NTFS
has
security built in as part of the filing system. When you format
your
hard drive
with
NTFS, its permissions
can
be utilized which are list
, read
, write
, read and execute
, modify
, full control
NTFS
Security
Permissions
-
Windows
2000
Professional
supports joining a workgroup
or
a domain environment.
-
If you are installing windows
professional and you are unsure if you can join a domain, you must first
either create a workgroup
or join an existing workgroup
and join a domain later after the installation
has been completed.
-
Within
a domain there exists a centralized
user
and resource accounts database that is accessed by all the computers on
the domain.
-
This database has the global
catalog of all network
resources
within the domain, which is
updated automatically within the active directory
.
SAM
and
Active Directory
-
The
computer account must be created for all the computers joining the domain
prior to them attempting to join by the domain administrator
-
Computers can join the domain
during their installation
without having a prior account
on the domain only if the domain administrator
is installing that particular
computer.
Exercise
(Creating a user account
)
-
Click on startàsettingsàControl
Panel
-
Double click on the
Administrative tools icon
-
From the Administrative
tools windows double click on the computer management icon
-
On the computer
management window expand the local users and groups icon
-
Double click in the users
folder
-
Right click on any empty
region on the right of the screen and choose the new users option.
-
On the new users window
type the name of the new user, their password
, and their description.
-
Uncheck the box user must
change password
on next login
-
Check the boxes user
cannot change password
and password never
expires.
-
Finally click on the
create button.
|
-
Windows 2000
implements the Kerberos
protocol
for challenge response
authentication
, which has several advantages over traditional challenge response
protocols, used by other operating system
.
-
These advantages include:
-
A
universal open standard based on RFC
reports
which allows logins from UNIX
client
platforms.
-
A
faster authentication
using
internal tickets
-
It
has higher security because it authenticates both servers and clients.
-
It
can authenticate users for other servers on the domain offering
traditional authentication
-
If
a user is authenticated on one server, they can use the resources
throughout
the entire domain using the transitive trust relationship.
-
A
collection of users, computers, contacts and other groups can be defined
as a group
-
When users are added to a group
, all of the permissions
assigned to the group are then
assigned to the user added.
Exercise (Adding
a Group)
-
Click on startàsettingsàControl
Panel
-
Double click on the
Administrative tools icon
-
From the Administrative
tools windows double click on the computer management icon
-
On the computer
management window expand the local users and groups icon
-
Double click in the group
folder
-
Right click on any empty
region on the right of the screen and choose the new group
option.
-
On the new group
window type the name of
the new group, and the group description.
-
Click on the add button
-
Choose the uses or groups
you want to add to this new group
from the select users or
groups window click on add and the click on OK at the bottom of the
screen.
-
Finally close the new
group
window.
|
NTFS
And
Sharing
-
All the security settings
within the local system is setup in the local security policy which
includes password
policy, account lockout
policy, Audit policy
, IP
security policy etc.
-
If the computer is a member of
a domain then these local policy setting can be overridden by the domain
policies
.
-
Where is the SAM
stored in a domain? (Choose
all that apply)
-
On the PDC
-
On the BDC
-
On the active directory
-
On a domain controller
-
On a member server
-
What is the authentication
protocol
employed by windows 2000
-
Quantum protocol
-
Authentic protocol
-
Kerberos
protocol
-
User account protocol
-
Quotas protocol
-
What are the features of
Kerberos
protocol? (Choose all that
apply)
-
It is a very secure protocol
-
It is a faster authentication
protocol
-
An internal ticket is given
to authenticated users
-
An authenticated user can
only use the resources
of that machine
-
An authenticated user can
only use the resources
of that domain
Answers
1.
C,D
2.
C
3.
A,C,E
|
| |
|