Windows Server 2003 Security Infrastructures
This nuts and bolts guide is a must-read for anyone wants to know about Windows Server 2003 security and leverage the operating systems' security infrastructure.
TABLE OF CONTENTS Windows Server 2003 Security Infrastructures
Chapter 2: Windows Security Authorities and Principals
This chapter focuses on two building blocks of Windows Server 2003 operating system security: security authorities and security principals. Among the concepts discussed are security principal, domain, security identifier, domain controller, logon name, LSA, and LSA policy.
2.1 Security authorities
To illustrate the fundamental role of trust in the Windows Server 2003 operating system and to make the link with Chapter 1 on trusted security infrastructures (TSIs), we will first discuss the concept of Windows OS security authorities. In Windows OSs we have to deal with two types of security authorities: the local security authority (LSA) and the domain security authority. A security authority reigns over a kingdom of resources (represented by the ellipse in Figure 2.1) and has its proper database to store security-related information. We will reuse these representations as other Windows security concepts are introduced throughout this chapter.
Figure 2.1: Security authority.
2.1.1 The local security authority
The LSA is a Windows machine s local security authority. The LSA is available on all kinds of Windows machines: both stand-alone machines and machines that are a member of a Windows domain.
Physically the LSA is a protected OS subsystem (visible in the task manager as the lsass.exe process) that is running in OS user mode. The lsass process hosts a set of other important security processes [implemented as dynamic link libraries (dlls)] that are illustrated in Figure 2.2: the LSA authority process (lsasrv.dll), the SAM process (samsrv.dll), the AD process (ntdsa.dll), the Netlogon process (netlogon.dll), and a set...
Copyright Hewlett-Packard Development Co., L.P. 2004 under license agreement with Books24x7
