Using Active Directory for Authorizations

Slides:



Advertisements
Similar presentations
Managing User, Computer and Group Accounts
Advertisements

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
Access Control Chapter 3 Part 3 Pages 209 to 227.
Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.
Kerberos Part 1 CNS 4650 Fall 2004 Rev. 2. The Name Greek Mythology Cerberus Gatekeeper of Hates Only allowed in dead Prevented dead from leaving Spelling.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Module 4: Implementing User, Group, and Computer Accounts
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
Administering Active Directory
Introduction To Windows NT ® Server And Internet Information Server.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
Understanding Active Directory
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Authentication, Authorization and Accounting
Group Policy in Microsoft Windows Active Directory.
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Chapter 7 WORKING WITH GROUPS.
Introduction to Active Directory December 10th, pm Daniels 407.
Using Active Directory for Authorizations CSG, September 2002.
Update to TIMGroup January Outline Introduction Where are we now? Where are we going? What can be done to prepare? What are the options?
Managing Active Directory Domain Services Objects
Chapter 7: WORKING WITH GROUPS
Section 0 and Section 1 Intro, Access Control, and more Namuo – CIS 160.
Designing Group Security Designing security groups Designing user rights.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Session 7 Windows Platform Eng. Dina Alkhoudari. Learning Objectives Active Directory review Managing users and groups Single Master Operations Delegation.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Active Directory Travis Favors Ryan Manuel Robert Rayer.
Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4.
Security Windows 2000 Richard Goldman © December 4, 2001.
Chapter 10: Rights, User, and Group Administration.
Microsoft’s Roles Based Authorization Manager CSG, May 2004.
Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
Module 3 Creating Groups and Organizational Units.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
CSCI 530 Lab Authorization. Review Authentication: proving the identity of someone Passwords Smart Cards DNA, fingerprint, retina, etc. Authorization:
Privilege Management Chapter 22.
Microsoft Active Directory Presented by Sherese Harrell, Rebecca Meinhold, and Brenden Tourelle
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Module 8: Implementing Group Policy. Overview Multimedia: Introduction to Group Policy Implementing Group Policy Objects Implementing GPOs on a Domain.
WIN.MIT.EDU Update Where are we today Related services
Implementing Active Directory Domain Services
Module 7: Managing Access to Objects in Organizational Units
ACTIVE DIRECTORY ADMINISTRATION
Active Directory Administration
Active Directory Administration
CIS 332 Competitive Success-- snaptutorial.com
NTC 324 RANK Education Your Life - ntc324rank.com.
CIS 332 Education for Service-- snaptutorial.com
NTC 324 RANK Perfect Education/ ntc324rank.com.
CIS 332 Teaching Effectively-- snaptutorial.com
CIS 332 Inspiring Innovation-- snaptutorial.com
NTC 324 RANK Education for Service-- ntc324rank.com.
Dave light – systems administrator – Lancaster-Lebanon IU13
NTC 328 Great Wisdom/tutorialrank.com. NTC 328 All Assignments For more course tutorials visit NTC 328 Assignment Week 1 Practice.
Windows Server 2003 使用者群組管理
Windows Active Directory Environment
Delegation of Control Manage Active Directory Objects 3.7
ACTIVE DIRECTORY An Overview.. By Karan Oberoi.
WIN.MIT.EDU Update Where are we today Related services
Module 8: Implementing Group Policy
Presentation transcript:

Using Active Directory for Authorizations CSG, September 2002

MIT uses of AD Domain Services for Windows users Management of Windows 2000 machines Group Policies Software Distribution

Software Distribution Assignment vs. Advertising Users Machines

Identity Management Users Machines Computer class is a sub class of user

Implications of Identity Management of Machines What determines the identity of a machine? IP address? MAC address? Hostname? Possession of a token? (keytab, certificate, …) How does an administrator manage the identity?

An AD Limitation How do you grant access to an SMB share to all of the objects within an OU? No AD triggers to create a security group that represents the membership as it changes over time. Moira incremental used to do this Used to deploy MS Office to licensed machines

Authorization by SID vs. Name ACLs made directly in AD will contain the SIDs of the objects. ACLs defined in Moira and propagated to AD will make references by name. Reinstallation of machines does not force a re-ACL

Other AD auth issues Privacy and data hiding AD supports ACLs on almost everything ACL processing can have a high overhead Almost undocumented dsHeuristics attribute List Object permission type

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.