CN1260 Client Operating System
-
Upload
jovianne-armando -
Category
Documents
-
view
41 -
download
0
description
Transcript of CN1260 Client Operating System
CN1260 Client Operating SystemKemtis KunanuraksapongMSIS with DistinctionMCT, MCITP, MCTS, MCDST, MCP, A+
Workgroup
•A group of computer form into a peer-to-peer network.▫User accounts are decentralized and stored
on each individual computer
Authentication and Logins
•Authentication▫The process of identifying an individual▫Username and password
•Authorization▫The process of giving individuals access to
system objects based on their identity•Auditing
▫The process of keeping track of a user’s activity while accessing the network resources
Authentication Methods
•A user can authenticate using one or more of the following methods:▫What they know
A password or Personal Identity Number (PIN).
▫What they own or possess Such as a passport, smart card, or ID card
▫What a user is Biometric factors based on fingerprints,
retinal scans, voice input, or other forms
Password
•The most common method of authentication
•A secret series of characters that enables a user to access a file, computer, or program
•A complex or strong password▫6 or more characters long▫Cannot contain the user’s account name or
parts of the user’s full name▫A mix of characters, upper and lower case,
number, and non-alphanumeric characters
User Account
•Enables a user to log on to a computer and domain
•Can be used for auditing•There are two types of user accounts:
▫The local user account▫The domain user account
Local User Account
•A local user account allows a user to log on and gain access to the computer where the account was created.
•Security Account Manager (SAM) database▫Located on the local computer▫Stores the local user account
User Accounts (Cont.)
•Three groups of local user accounts:▫Administrator▫Standard▫Guest
•Creating and managing local user accounts:▫User Accounts in the Control Panel
See Figure 3-1 on Page 57▫Local Users and Groups MMC snap-in
See Figure 3-2 on Page 59
User Profile• A collection of folders and data that store the
user’s current desktop environment and application settings, is associated with each user account▫C:\Users folder▫See Figure 3-3 on Page 60
Credential Manager
•Store credentials, such as usernames and passwords that you use to log on to websites or other computers, on a network
•Credentials are saved in special folders on your computer called vaults.
Active Directory
•A directory service stores, organizes, and provides access to information in a directory
•It is used for locating, managing, administering, and organizing common items and network resources, such as volumes, folders, files, printers, users, groups, devices, telephone numbers, and other objects
Active Directory• A technology created by Microsoft that
provides a variety of network services, including:▫Lightweight Directory Access Protocol
(LDAP) ▫Kerberos-based and single sign-on (SSO)
authentication ▫DNS-based naming and other network
information ▫Central location for network administration
and delegation of authority
Domain Controller
•A Windows server that stores a replica of the account and security information of the domain and defines the domain boundaries
•A server that is not running as a domain controller is known as a member server
Active Directory Consoles
•Several MMC snap-in consoles to manage Active Directory:▫Active Directory Users and Computers▫Active Directory Domains and Trusts▫Active Directory Sites and Services▫Active Directory Administrative Center▫Group Policy Management Console (GPMC)
Organizational Units
•To help organize objects within a domain and minimize the number of domains, you can use organizational units, commonly seen as OU
•OUs can be used to hold users, groups, computers, and other organizational units
•An organizational unit can only contain objects that are located in a domain
Delegating Administration• You can assign a range of administrative
tasks to the appropriate users and groups
Active Directory Objects
•A distinct, named set of attributes or characteristics that represents a network resource▫Computers, users, groups, and printers
•A 128-bit unique number called a globally unique identifier (GUID) or security identifier (SID)▫If a user changes his or her name, GUID
remains the same
Domain User
•A domain user account is stored on the domain controller and allows you to gain access to resources within the domain
•See Figure 3-4 and 3-5 on Page 65▫Domain user properties sheet
•See Figure 3-6 on Page 66▫Specify logon hours
Computer Account
•For authenticating and auditing the computer’s access to a Windows network and its access to domain resources
Groups
•A collection or list of user accounts or computer accounts
•Group Types▫Security group▫Distribution group
•Group scopes▫Domain Local group▫Global group▫Universal group
Group Policies• Controls the working environment for user
accounts and computer accounts▫Provides the centralized management and
configuration of operating systems, applications, and users’ settings in an Active Directory environment
• Group policies can be set▫Locally on the workstation▫Domain Level
• Group policies are applied in the following order:▫Local -> Site -> Domain -> OU
Rights and Permissions• A user right authorizes a user to perform
certain actions on a computer such as logging on to a system interactively or backing up files and directories on a system▫See Figure 3-8 on Page 71 for list of user’s rights
• Permission defines the type of access that is granted to an object▫Assigned permissions are NTFS files and folders,
printers and Active Directory objects. ▫Access control list (ACL) which lists all users
and groups that have access to the object.
Account Lockout Policy
•Specifies the number of unsuccessful logon attempts▫To lock the account▫Specifies the duration that the account
remains locked▫See Figure 3-9 on Page 72
Password Control
•Group policies can be used to control▫How often a user changes a password▫How long the password is▫A complex password▫See Figure 3-10 on Page 74
•To help manage passwords▫Computer Configuration\Windows Settings\
Security Settings\ Account Policies\Password Policy
Auditing
•Auditing is not enabled by default•To enable auditing, you specify what types
of system events to audit using group policies or the local security policy▫Security Settings\Local Policies\Audit Policy▫See Figure 3-11 on Page 75
•To audit NTFS files, NTFS folders, and printers is a two-step process▫Enable Object Access using group policies▫Specify which objects you want to audit
Troubleshooting Authentication Issues
•The users forgot their password•Caps lock or num lock key on•Language defined and that the
keyboard is operating fine •If the time is off, authentication can fail•If computer is not part of the domain
or is not trusted, you will not be able to log in to the domain