MCSA/MCSE Exam 70-290: Managing and Maintaining a Windows Server 2003 Environment Study Guide
This study system gives readers 100 percent coverage of the official Microsoft 70-290 exam objectives necessary to master the exam on your first try.
TABLE OF CONTENTS MCSA/MCSE Exam 70-290: Managing and Maintaining a Windows Server 2003 Environment Study Guide
Understanding Security Objects
Exam 70-290: Objective 2.1
A security object is an object in Active Directory that can be assigned permissions to other objects. When security objects are created, they are given a security identifier (SID). This number identifies the objects to Windows. Objects have friendly names to make it easier for us to remember them. Humans use names to reference accounts, but Windows uses SIDs. This section will focus on user, group, and machine security objects.
Understanding the Role of User Accounts
User Accounts represent people and are used by people to log on to a Windows machine. Windows NT, Windows 2000, Windows XP, and Windows Server 2003 require mandatory logon. By default, unless you press CTL+ALT+DEL and log on to the machine you cannot interact with the desktop. User accounts are also used as service accounts for applications. This enables programs to utilize the permissions assigned to its service account.
User accounts are used for the following:
-
Authentication This is the process of proving your identity. User accounts and passwords are used to authenticate users to a domain.
-
Authorization This is the process of being granted permissions to a resource. Authorization is different from authentication.
-
Auditing By requiring all your users to use a unique user account, you can easily audit access to resources.
Active Directory contains three user accounts by default. These accounts are created when you create the domain (creating domains is discussed at the end of this chapter). The default user accounts are as...
Copyright Syngress Publishing, Inc. 2003 under license agreement with Books24x7
