Download presentation
Presentation is loading. Please wait.
Published byBryan Morgan Modified over 9 years ago
2
Security Windows 2000 Richard Goldman © December 4, 2001
3
Local or Domain Logon Before a user can access any resource the user must successfully logon to either the local computer or to a domain. To logon locally, the user must have a user account set up on the specific computer that is to be accessed. –Windows 2000 Professional uses the registry and internal security systems to authenticate a local logon. To logon to the domain, the user must have a user account set on the domain that is to be accessed. –Windows 2000 servers uses Active Directory to authenticate a domain logon.
4
Logon To logon locally, the user must enter: 1.Identification (I.D. or User Name) 2.Authentication (Password) – Case Sensitive To logon to the domain, the user must enter: 1.Identification (I.D. or User Name) 2.Authentication (Password) – Case Sensitive 3.Domain Name
5
Access Token When the logon is successfully completed, an Access Token is created that identifies: –The user (user’s SID) –The groups that the user belongs to (group SIDs) –The user’s rights and privileges The access token is attached to all process run by the user and accompanies all requests for access to computer or network resources.
6
Access Control List (ACL) All computer and network objects have an ACL. The ACL defines: –Who has access to the resource. –What type of access is provided for each user.
7
Accessing an Object When a user (or process) requests access to a resource – the request is accompanied by the user’s Access Token. The Access Token and the type of request is compared with the ACL. If the Access Token and the type of request is allowed then the request is granted.
8
MyDocument.DOC Read request for access to MyDocument.DOC by a user in the student group. ACL Staff Group Y Read Y Write N Delete Student Group: Y Read N Write N Delete Read Request Access Token User: John Smith Groups: Student Request: Read Match X
9
MyDocument.DOC Read request for access to MyDocument.DOC by a user in the student group. ACL Staff Group Y Read Y Write N Delete Student Group: Y Read N Write N Delete Read Request Access Token User: John Smith Groups: Student Request: Read Read Access Granted
10
Customizing Windows 2000 Professional Logon Select: –Control Panel –Administrative Tools –Local Security Policy
11
Customizing Windows 2000 Professional Logon
13
To Disable the display of the last username: –From Within Local Security Policy 1.Expand Local Security Settings 2.Expand Local Policies 3.Select Security Options 4.Double-click Do not display last user name in logon screen 5.Set the value to Enable.
14
Customizing Windows 2000 Professional Logon Disabling the display of the last username
16
Customizing Windows 2000 Professional Logon Adding a Security Message The two elements of the Security Warning Message are: –Legal Notice Caption – 30 characters on the title bar of the Security Warning Message window. –Legal Notice Text – up to 65K of text to go inside the Security Warning Message window.
17
Customizing Windows 2000 Professional Logon To use the Local Computer Policy you must add the Group Policy (not “Global Policy”) snap-in to an MMC. –Click the Start button –Select Run –Enter MMC –Select Add/Remove Snap-in –Click on Add button –Select Group Policy –Click on the Add button –Click on the Finish button –The “Local Computer Policy” is then added to the MMC. –Click on the Close button –Click on the OK button –Save the MMC as Local Computer Policy –The MMC called Local Computer Policy will now appear in the Administrative Tools group.
18
Customizing Windows 2000 Professional Logon Adding a Security Message
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.