Upload File

hndts

prev
next
out of 3
Download Hndts

Upload: mysticguy

Post on 04-Jun-2018

218 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/13/2019 Hndts

    1/3

    Day 2 Active Directory

    Objectives

    After completing this module, you will be able to: Describe the functionality of AD DS in an enterprise in relation to identity and

    Access. Describe the major components of AD DS. Install AD DS and configure it as a domain controller.

    Key points

    At the core of information protection are two critical concepts: identity & Access. In a securedsystem, each user is represented by an identity. In widows, this is User Account. Identity is calledsecurity principle, which is represented in system by an SID (Security Identifier)

    Many Windows resources, including significant files and folders on NTFS volumes, are secured by asecurity descriptor that contains a discretionary access control list (DACL) in which each permissiontakes the form of an access control entry (ACE).

    Authentication is process of verifying Users identity.

    In a workgroup model, all users & computers are stored in SAM (security accounts manager)registrydatabase. Each machine has its own SAM.

    Active directory domain provides centralized identity store trusted by all domain members allcomputers that have an account in domain.

    AD LDS

    AD LDS is essentially a stand-alone version of Active Directory that applications access by usingLightweight Directory Access Protocol (LDAP). AD LDS is the replacement for Active DirectoryApplication Mode (ADAM). The name of the previous version of the tool indicates its purpose: ADLDS is designed to provide support for directory-enabled applications. It can be used for applicationsthat require a directory store, but do not require the type of infrastructure provided by an ActiveDirectory domain.

    Each instance of AD LDS can have its own schema, configuration, and application partitions. Thisallows you to create a highly customized directory store without affecting your production IDAinfrastructure, based on AD DS. Although AD LDS is not dependent on AD DS, in a domainenvironment, AD LDS can use AD DS authentication of Windows security principals, such as users,computers, and groups.

    AD LDS can be configured in a domain or non-domain environment, and it is even possible to runmultiple instances on a single system, each with its own unique LDAP and Secure Sockets Layer (SSL)ports to ensure secure connection with each instance.

    AD CS

    AD CS extends the concept of trust so that a user, computer, organization, or service can prove itsidentity outside or inside the border of your Active Directory forest. Certificates are issued from a

    certificate authority (CA). When a user, computer, or service uses a certificate to prove its identity,

  • 8/13/2019 Hndts

    2/3

    the client in the transaction must trust the issuing CA. A list of trusted root CAs, which includesVeriSign and Thawte, is maintained by Windows and updated as part of Windows Update.

    The certificates can be used for numerous purposes in an enterprise network, including the creationof secure channels such as the SSL example mentioned in the AD LDS section. Additionally, the

    certificates can be used for virtual private networks (VPNs), wireless security, and authentication,such as smart card logon. AD CS provides technologies and tools that help create and manage apublic key infrastructure (PKI). Although AD CS can be run on a stand-alone server, it is much morecommon and much more powerful to run AD CS integrated with AD DS, which can act as a certificatestore and provide a framework to manage the lifetime of certificates how they are obtained,renewed, and revoked.

    AD RMS

    AD RMS creates a framework with which you can ensure the integrity of information, both withinand outside your organization. In a traditional model of information protection, ACLs are used todefine how information can be accessed. For example, a user may be given the Read permission to adocument. However, there is nothing to prevent that user from performing any number of actionsafter that document is opened. The user can make changes to the document and save it in anylocation, print the document, or forward the document by email to a user who otherwise does nothave Read permission to the document. AD RMS addresses these and other such scenarios byenforcing information use policies. AD RMS accomplishes this by using licenses and encryption toprotect information and by having rights management enabled applications that can consume thelicenses, create usage policies, open protected content, and enforce usage policies.

    AD FS

    AD FS allows an organization to extend the authority of the directory service for authenticating usersacross multiple organizations, platforms, and network environments. The traditional Windowsdomains-trust relationship creates a trust in which the trusting domain allows the trusted domain toauthenticate users, but the result is that all users in the trusted domain are trusted. Moreover, tomaintain a trust, several firewall exceptions must be made that are not agreeable to manyorganizations and certainly not suitable for supporting Web-facing applications. To overcome thisproblem, AD FS can be configured to maintain trusts by using common ports such as 80 and 443. ADFS is extremely useful for extending a directory's authority in business-to business and partnershipscenarios, as well as for supporting single sign-on web applications.

    Organizational units

    A particularly useful type of directory object contained within domains is the organizational unit.Organizational units are Active Directory containers into which you can place users, groups,computers, and other organizational units. An organizational unit cannot contain objects from otherdomains.

    An organizational unit is the smallest scope or unit to which you can assign Group Policy settings ordelegate administrative authority. Using organizational units, you can create containers within adomain that represent the hierarchical, logical structures within your organization. You can thenmanage the configuration and use of accounts and resources based on your organizational model.

    Group Policy

  • 8/13/2019 Hndts

    3/3


xCDC14a

Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Heidegger Kritik

Chapter-01

Disclaimer

Plato - Symposium

Do you admire Leonardo da Vinci?

The Best American Humorous Short Stories

Explore The Levels of Creation

Rubik's cube solution

Daniel Zanella and Alexander Weygers

Acetone Peroxide

Jan Van Eyck and the Man In A Red Turban

Steve Jobs' Commencement Speech at Stanford

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Improve the Color Quality Of Your Monitor

Barclays1

Oedipus The King: The Ideal Tragic Play

(Tesla) - The Tesla Magnetic Car Engine

Personality Development

The Dutch Republic In International Trade

How Computer Monitors Work

Chapter 23

Algorithms

One Flew Over the Cuckoo's Nest

Star Wars Trivia!

How Computer Keyboards Work

Aesops Fables

Compressing And Decompressing Folders

Fortran

I Am a Holocaust Denier and I Am Unafraid

Cakes Recipes

European Colinization of Latin America

Keyboard Shortcuts for the Opera Browser for Mac OS X

Chapter 24