Presentation is loading. Please wait.

Presentation is loading. Please wait.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Similar presentations


Presentation on theme: "This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to."— Presentation transcript:

1 This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to accompany the courseware may be copied, photocopied, reproduced, or re-used in any form or by any means without permission in writing from a director of gtslearning International Limited. Violation of these laws will lead to prosecution. All trademarks, service marks, products, or services are trademarks or registered trademarks of their respective holders and are acknowledged by the publisher. All gtslearning products are supplied on the basis of a single copy of a course per student. Additional resources that may be made available from gtslearning may only be used in conjunction with courses sold by gtslearning. No material changes to these resources are permitted without express written permission by a director of gtslearning. These resources may not be used in conjunction with content from any other supplier. If you suspect that this course has been copied or distributed illegally, please telephone or email gtslearning. 3.4 Directory Services CompTIA Server+ Certification (Exam SK0-004)

2 Objectives Understand the structure of an X.500 directory and the use of LDAP and Active Directory Manage user and group accounts on Windows and Linux servers 3.4 Directory Services 220

3 Owner-based access control model (discretionary) User accounts protected by credentials Resources protected by Access Control Lists (ACL) Owner / system administrator grants privileges / permissions to accounts Configuring Directory Services 3.4 Directory Services 220

4 Lightweight Directory Access Protocol (LDAP) Objects and attributes X.500 directory standard LDAP is a standard means of querying and updating objects and attributes Port 389 (TCP and UDP) / port 363 (LDAP- Secure) Port 3268 for Windows Active Directory Global Catalog queries LDAP 3.4 Directory Services 220

5 Distinguished Names 3.4 Directory Services 221

6 Directory Information Tree 3.4 Directory Services 222

7 Active Directory Domain Controller (DC) Domains Trees and Forests Organizational Units (OU) Sites Member Server Joining a domain 3.4 Directory Services 222

8 User name Credentials Profile Logon script Security ID (SID) Managing Users 3.4 Directory Services 225

9 Administrative Accounts Administrator / root account Generic account prohibition User Access Control (UAC) Assigning system privileges 3.4 Directory Services 225

10 Windows Account Management Domain Admins and Account Operators Active Directory Users and Computers Local Users and Groups 3.4 Directory Services 227

11 Linux Account Management Configuration files o /etc/passwd o /etc/group o /etc/shadow useradd, usermod, userdel su sudo passwd 3.4 Directory Services 228

12 Allocate permissions to a group account then add users to group accounts as needed Easier to manage than allocating permissions directly to user accounts Active Directory group types o Domain Local o Global o Universal Groups o AGDLP (Accounts go into Global groups, which go into Domain Local groups, which get Permissions) (Computer) local groups Security versus distribution groups Managing Group Accounts 3.4 Directory Services 229

13 Users, Administrators, Domain Admins, Account Operators, Backup Operators... Everyone group Guests group System groups o Interactive – any local user of the computer o Network – any user connected over the network o System – the Windows operating system o Creator/owner – the user who created the directory or print job Built-in Groups 3.4 Directory Services 231

14 Creating Group Accounts AD versus local Member Of tab in User properties Naming conventions Linux group accounts o groupadd, groupmod, groupdel o Effective group ID o newgrp 3.4 Directory Services 231

15 Group Policy 3.4 Directory Services 233

16 Logon Scripts 3.4 Directory Services 234

17 Role-based Access Control (RBAC) Differs from owner-based Discretionary Access Control (DAC) Assignment of role / permissions is system- determined rather than owner-determined Difficult to implement properly in most commercial OS o AGDLP is role-based approached but can be overridden by an administrator taking ownership and changing permissions Role-based Access Control 3.4 Directory Services 235

18 Review Understand the structure of an X.500 directory and the use of LDAP and Active Directory Manage user and group accounts on Windows and Linux servers 3.4 Directory Services 236

19 Labs Lab 7 / Configuring Directory Services 3.4 Directory Services


Download ppt "This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to."

Similar presentations


Ads by Google