Introduction

Knowing how to create users and groups and the procedures for moving and managing them is only half the battle when it comes to effectively using these security objects on the network. The network administrator must also be able to develop strategies for authenticating the identity of anyone who uses network resources, and plan for how to use groups most effectively to provide the security and access needed.

In today s connected world, proof of your identity is often required to ensure that someone else is not trying to use your identity. It used to be that a username and password were sufficient to authenticate someone to a network. However, password authentication is only the first step in true authentication of a user s identity in today s environment. You must have a well-defined password policy, which includes account lockout, password rotation, and other options to ensure limited access to your network. In this chapter, we develop a password policy for your Windows Server 2003 network. However, sometimes passwords and password policies are not enough, and we have to take authentication to the next plateau.

Tools such as biometric devices, token devices, voice identification, and smart cards are becoming much more mainstream for user authentication as the price continues to drop and acceptance continues to rise. If you have ever seen a large data center, you have probably seen biometric tools such as thumbprint or palm scanners at entryways. Other sites use smart card readers for access to public computer kiosks. For...