iSelfSchooling.com  Since 1999     References  |  Search more  | Oracle Syntax  | Free Online Oracle Training

    Home      .Services     Login       Start Learning     Certification      .                 .Share your BELIEF(s)...

 

. Online Accounting        .Copyright & User Agreement   |
    .Vision      .Biography     .Acknowledgement

.Contact Us      .Comments/Suggestions       Email2aFriend    |

 

Windows 2000 Security 

Introduction to security 

Key Topics 

NTFS Security 

NTFS Security Permissions 

Domains and Workgroups 

Windows For Workgroup 

Workgroup SAM 

Domains Centralized Database 

SAM and Active Directory 

Computer Account 

User Accounts 

Kerberos Protocol 

Users In Database 

What Is A Group 

Combined Permission 

Types Of Groups 

Sharing Permissions 

Hidden Folders 

Automatically Hidden Folder 

Sharing Permissions 

Networking Permission 

NTFS And Sharing 

Level of Restriction 

Local Users And Groups 

Local Security Policy 

Questions 

Windows 2000  Security

Introduction to security

  • Windows 2000  security is built around its NTFS  filing system that secures access to the storage device.

  • Within windows 2000 we can add individual users and groups and assign them with the associated permissions  to access the system both locally and through the network .

  • The system also has a local security policy controlling security rules within the system, which applies to all the users within the system

Key Topics

  • NTFS  Security

  • Domains and Workgroups

  • Windows for Workgroup

  • Workgroup  SAM

  • SAM  and Active Directory

  • Computer Account

 

  • Users in Database

  • Groups and User Accounts

  • Types Of Groups

  • Sharing  Permission

  • NTFS  and Sharing

  • User Manager

 

NTFS  Security

  • NTFS  has security built in as part of the filing system. When you format  your hard drive  with NTFS, its permissions  can be utilized which are list , read , write , read and execute , modify , full control

NTFS  Security  Permissions

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Domains and Workgroups

  • Windows 2000  Professional supports joining a workgroup  or a domain environment.

  • If you are installing windows professional and you are unsure if you can join a domain, you must first either create a workgroup  or join an existing workgroup and join a domain later after the installation  has been completed.

Windows For Workgroup  

  • A Windows 2000  Workgroup  is a logical grouping of computers within a peer-to-peer network  that share files  and resources  within a small networking environment.

Workgroup  SAM

  • All the computers within the workgroup  must have their individual security permissions  configured in the SAM .

Domains Centralized Database

  • Within a domain there exists a centralized  user and resource accounts database that is accessed by all the computers on the domain.

  • This database has the global catalog of all network  resources  within the domain, which is updated automatically within the active directory .

SAM  and Active Directory

  • This database is referred to as the active directory  within a windows 2000 environment and the Security  Accounts Manager (SAM ) in windows NT4.

 

Computer Account

  • The computer account must be created for all the computers joining the domain prior to them attempting to join by the domain administrator

  • Computers can join the domain during their installation  without having a prior account on the domain only if the domain administrator  is installing that particular computer.

User Accounts

  • A user account  defines the current user with the user name and password  ,the groups they belong to, and finally their permissions  in accessing folders  and resources  within the users database.

Exercise (Creating a user account )

  1. Click on startàsettingsàControl Panel

  2. Double click on the Administrative tools icon

  3. From the Administrative tools windows double click on the computer management icon

  4. On the computer management window expand the local users and groups icon

  5. Double click in the users folder

  6. Right click on any empty region on the right of the screen and choose the new users option.

  7. On the new users window type the name of the new user, their password , and their description.

  8. Uncheck the box user must change password  on next login

  9. Check the boxes user cannot change password  and password never expires.

  10. Finally click on the create button.

 

Kerberos  Protocol

  • Windows 2000  implements the Kerberos  protocol  for challenge response authentication , which has several advantages over traditional challenge response protocols, used by other operating system .

  • These advantages include:

  • A universal open standard based on RFC  reports which allows logins from UNIX  client platforms.

  • A faster authentication  using internal tickets

  • It has higher security because it authenticates both servers and clients.

  • It can authenticate users for other servers on the domain offering traditional authentication

  • If a user is authenticated on one server, they can use the resources  throughout the entire domain using the transitive trust relationship.

Users In Database

  • Users defined on local professional systems exist with in the local SAM

  • Users and groups defined in a centralized  domain structure exist within the active directory .

What Is A Group

  • A collection of users, computers, contacts and other groups can be defined as a group

  • When users are added to a group , all of the permissions  assigned to the group are then assigned to the user added.

Combined Permission

  • If a user has been previously assigned certain permissions  or belongs to several groups then the users effective rights are the least restrictive  combination of all the permissions assigned accept the no access permission that takes the highest priority

Types Of Groups

  • There exist two types of groups: distribution groups  (which are used only for sending email) and security groups  (used for granting access to folders  and resources  and as distribution groups).

Exercise (Adding a Group)

  1. Click on startàsettingsàControl Panel

  2. Double click on the Administrative tools icon

  3. From the Administrative tools windows double click on the computer management icon

  4. On the computer management window expand the local users and groups icon

  5. Double click in the group  folder

  6. Right click on any empty region on the right of the screen and choose the new group  option.

  7. On the new group  window type the name of the new group, and the group description.

  8. Click on the add button

  9. Choose the uses or groups you want to add to this new group  from the select users or groups window click on add and the click on OK at the bottom of the screen.

  10. Finally close the new group  window.

 

Sharing  Permissions

  • Folders need to be shared if they are to be accessed from the network . Sharing  permissions  include Read , Change  and Full control

Hidden Folders

  • You can administratively share a folder by placing a $ sign in front of the share which means that the particular share is hidden  and cannot be seen in your search of the network  shared resources  in the browser

Automatically Hidden Folder

  • All Windows NT  and windows 2000 systems have the root of all the volumes and the printer driver ’s folder automatically administratively hidden  by default.

Sharing  Permissions

 

 

Networking Permission

  • For users accessing data from the network  the user must by-pass both sharing  and NTFS  permissions  since NTFS provides security locally and sharing provides security on the network.

NTFS  And Sharing

  • When setting the security permissions  for the folder to be accessed from the network  you must combine both sharing  and NTFS  permissions.

Level of Restriction

  • It is recommended that you implement the most restrictive permission  for NTFS  and least restrictive  permission for sharing

Local Users And Groups

  • You can use the local users and groups icon within the computer management screen to add individual users or groups and assign their permissions  on the system.

Local Security  Policy

  • All the security settings within the local system is setup in the local security policy which includes password  policy, account lockout policy, Audit policy , IP  security policy etc.

  • If the computer is a member of a domain then these local policy setting can be overridden by the domain policies .

 

 

 

 

 

 

 

 

 

 

 


Questions

 

  1. Where is the SAM  stored in a domain? (Choose all that apply)

    1. On the PDC

    2. On the BDC

    3. On the active directory

    4. On a domain controller

    5. On a member server

  2. What is the authentication  protocol  employed by windows 2000

    1. Quantum protocol

    2. Authentic protocol

    3. Kerberos  protocol

    4. User account protocol

    5. Quotas protocol

  3. What are the features of Kerberos  protocol? (Choose all that apply)

    1. It is a very secure protocol

    2. It is a faster authentication  protocol

    3. An internal ticket is given to authenticated users

    4. An authenticated user can only use the resources  of that machine

    5. An authenticated user can only use the resources  of that domain

 

Answers

1.      C,D

2.      C

3.      A,C,E

 

Google
 
Web web site