The Best Damn Windows Server 2003 Book Period

Knowing how to create users and groups and the procedures for moving and managing them is only half the battle when it comes to effectively using these security objects on the network. The network administrator must also be able to develop strategies for authenticating the identity of anyone who uses network resources, and plan how to use groups most effectively to provide the security and access needed.
In today's connected world, proof of your identity is often required to ensure that someone else is not trying to use your identity. It used to be that a username and password were sufficient to authenticate someone to a network. However, password authentication is only the first step in true authentication of a user's identity in today's environment. You must have a well-defined password policy, which includes account lockout, password rotation, and other options to ensure limited access to your network. In this chapter, we develop a password policy for your Windows Server 2003 network. However, sometimes passwords and password policies are not enough, and we have to take authentication to the next plateau.
Tools such as biometric devices, token devices, voice identification, and smart cards are becoming much more mainstream for user authentication as the price continues to drop and acceptance continues to rise. Smart cards are discussed in a later chapter "Planning, Implementing, Maintaining Public Key Infrastructure."
An effective authentication strategy works hand in hand with a security group strategy. A well-designed group strategy will ensure that users receive only...