Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Active Directory for Authorizations

Published byしなつ ひめい Modified over 5 years ago

Similar presentations

Presentation on theme: "Using Active Directory for Authorizations"— Presentation transcript:

1 Using Active Directory for Authorizations
CSG, September 2002

2 MIT uses of AD Domain Services for Windows users
Management of Windows 2000 machines Group Policies Software Distribution

3 Software Distribution
Assignment vs. Advertising Users Machines

4 Identity Management Users Machines
Computer class is a sub class of user

5 Implications of Identity Management of Machines
What determines the identity of a machine? IP address? MAC address? Hostname? Possession of a token? (keytab, certificate, …) How does an administrator manage the identity?

6 An AD Limitation How do you grant access to an SMB share to all of the objects within an OU? No AD triggers to create a security group that represents the membership as it changes over time. Moira incremental used to do this Used to deploy MS Office to licensed machines

7 Authorization by SID vs. Name
ACLs made directly in AD will contain the SIDs of the objects. ACLs defined in Moira and propagated to AD will make references by name. Reinstallation of machines does not force a re-ACL

8 Other AD auth issues Privacy and data hiding
AD supports ACLs on almost everything ACL processing can have a high overhead Almost undocumented dsHeuristics attribute List Object permission type

Download ppt "Using Active Directory for Authorizations"

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.

Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.
Kerberos Part 1 CNS 4650 Fall 2004 Rev. 2. The Name Greek Mythology Cerberus Gatekeeper of Hates Only allowed in dead Prevented dead from leaving Spelling.

Kerberos Part 1 CNS 4650 Fall 2004 Rev. 2. The Name Greek Mythology Cerberus Gatekeeper of Hates Only allowed in dead Prevented dead from leaving Spelling.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
Administering Active Directory

Administering Active Directory
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.

Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
Understanding Active Directory

Understanding Active Directory
© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Authentication, Authorization and Accounting

Authentication, Authorization and Accounting
Group Policy in Microsoft Windows Active Directory.

Group Policy in Microsoft Windows Active Directory.
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.

Similar presentations

Ads by Google