Previous Page | Next Page

  1. Introduction
  2. Installation
  3. Hardware Issues
  4. Filesystems
  5. Networking
  6. Security
  7. Servers
  8. Services
  9. Utilities
  10. Control Panel
  11. Printing
  12. Performance Monitor
  13. Network Monitor
  14. Event Viewer
  15. Other Issues
  16. User Accounts
  17. Groups
  18. Policies
  19. User Rights
  20. Auditing
  21. System Policies
  22. Sharing
  23. Profiles
  24. Roaming Profiles
  25. Domains
  26. Server Management
  27. Directory Replication
  28. License Management
  29. Client Administrator
  30. Netware Tools
  31. Macintosh Support
  32. RAS Server
  33. SNMP
  34. DHCP
  35. DNS
  36. WINS
  37. Mail Service
  38. Internet
  39. Internet Information Server
  40. Routing and Firewalls
  41. Items to Remember
  42. Terms
  43. Credits

Windows NT Security

NT Domains let the server allow or deny resource access to all networked shared resources.

Administration

The "User Manager for Domains" program is used on NT server to administer domain user accounts. The NT workstation User Manager program is still used to manage local users and groups on each machine.

The network control panel is used to change the computer name and the domain name.

Passwords

The password may be up to 14 characters long and is case sensitive. User names may be 20 characters long and are not case sensitive. User names may not contain:

" \ / [ ] ; : = | . + ? * < >

NetBIOS names are 15 characters long with one invisible character.

Logons

When a user logs on, authentication may be done using the local or domain database. The user will be able to make this selection at logon time, but if the logon is done using the local database, only local resources will be available. Domain authentication is done by the nearest BDC or PDC.

Access tokens, and Access Determination

NT uses the following objects to control access security:

  • Security identifier - The user's group membership (security IDs) and user (security ID) information.
  • Access token - Passed to the user's machine when they log on. Even processes have access tokens. The access token contains:
    • The security ID for the user.
    • The security IDs for the user's groups.
    • Permissions

ACEs (Access control entries) are entries in an access control list (ACL). Every object contains an access control list. Each ACE contain security IDs for users and groups along with the associated permissions for that user or group ID.

Access Security Types

  • File system security - Local access to files, more secure than share security.
  • Share Security - Access over the network.

Share security can be set for a given directory and access to directories under the original shared directory will use file system security.

Directory Permissions

  • No Access
  • List
  • Read
  • Add
  • Change
  • Full Control