Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Name: Hatem elbuhaisi  Name no: 120100071  University of Palestine  Miss : yasmen elboboo  Chairing Information Technology Hands-On Microsoft Windows.

Published byNeil Blankenship Modified over 9 years ago

Similar presentations

Presentation on theme: " Name: Hatem elbuhaisi  Name no: 120100071  University of Palestine  Miss : yasmen elboboo  Chairing Information Technology Hands-On Microsoft Windows."— Presentation transcript:

1  Name: Hatem elbuhaisi  Name no: 120100071  University of Palestine  Miss : yasmen elboboo  Chairing Information Technology Hands-On Microsoft Windows Server 2003 Active Directory 1

2  Explain basic security concepts in an Active Directory computer network, including discretionary access control lists (DACLs), system access control lists (SACLs), and security principals  Demonstrate the use of DACLs to control access to objects in Active Directory  Demonstrate the use of DACLs to control access to network resources  Describe the user authentication process in an Active Directory domain Hands-On Microsoft Windows Server 2003 Active Directory 2

3  Security principals can be given permissions to access a resource  Groups can also be granted permissions  A security principal can be a user, an InetOrgPerson object, a computer, or a security group  A contact is not a security principal Hands-On Microsoft Windows Server 2003 Active Directory 3

4  Unique binary value  Often expressed in Security Descriptor Definition Language (SDDL) format  S-1-identifier authority-subauthority identifier- domain identifier-relative identifier Hands-On Microsoft Windows Server 2003 Active Directory 4

5  Same structure as a DACL  Determines if the access is audited  Can track changes and log ons Hands-On Microsoft Windows Server 2003 Active Directory 5

6  “Implicit deny” occurs when no ACE is found  ACEs are normally used to grant access  Deny is used to override an allow as a member of a group  Owners always have access Hands-On Microsoft Windows Server 2003 Active Directory 6

7  Permissions can be inherited from parent objects such as OUs  Each ACE is marked to indicate whether it was directly applied or inherited Hands-On Microsoft Windows Server 2003 Active Directory 7

8  There is no good reason to grant permissions explicitly to individual users  In a single-domain forest, use global groups Hands-On Microsoft Windows Server 2003 Active Directory 8

9  If using machine local accounts, use machine local groups Hands-On Microsoft Windows Server 2003 Active Directory 9

10  If using a small number of domains and one site  Assign users to global groups  Assign global groups to domain local groups  Grant permissions to the domain local groups Hands-On Microsoft Windows Server 2003 Active Directory 10

11  Using only universal groups works well in single-domain environments, but not in a large forest  Using domain local, global, and universal groups is the best approach for the same group to access resources in different domains Hands-On Microsoft Windows Server 2003 Active Directory 11

12  Control can be delegated with precision using Active Directory Hands-On Microsoft Windows Server 2003 Active Directory 12

13  Used for every tasks Hands-On Microsoft Windows Server 2003 Active Directory 13

14  The exact and granular permissions available Hands-On Microsoft Windows Server 2003 Active Directory 14

15  Protecting objects is essential  Most protected resources use a DACL similar in format to Active Directory objects Hands-On Microsoft Windows Server 2003 Active Directory 15

16 Hands-On Microsoft Windows Server 2003 Active Directory 16

17 Hands-On Microsoft Windows Server 2003 Active Directory 17

18  Three possible identification factors for authentication  Something you know  Something you have  Something you are  Two-factor authentication uses a password and an additional factor to increase security, such as  SecurID  Biometric devices  Smart cards Hands-On Microsoft Windows Server 2003 Active Directory 18

Download ppt " Name: Hatem elbuhaisi  Name no: 120100071  University of Palestine  Miss : yasmen elboboo  Chairing Information Technology Hands-On Microsoft Windows."

Similar presentations

Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Module 3: Configuring Active Directory Objects and Trusts.

Module 3: Configuring Active Directory Objects and Trusts.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Chapter 7 Managing OUs and Active Directory Accounts

Chapter 7 Managing OUs and Active Directory Accounts
Chapter 4: Active Directory Design and Security Concepts

Chapter 4: Active Directory Design and Security Concepts
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Windows Security Mechanisms Al Bento - University of Baltimore.

Windows Security Mechanisms Al Bento - University of Baltimore.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Chapter 5 File and Printer Services

Chapter 5 File and Printer Services
Access Control Lists and NTFS Permissions INFO333 – Lecture 4 2010 Mariusz Nowostawski Noria Foukia.

Access Control Lists and NTFS Permissions INFO333 – Lecture Mariusz Nowostawski Noria Foukia.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Similar presentations

Ads by Google