Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)

2017-07-07 02:10:07

D

Data decryption field (DDF), 645, 647, 648

Data Protection API (DPAPI), 487–89

data encryption key, 487

defined, 487

key protection architecture, 489

master key backup, 488

Data recovery, 579

EFS, 650–52

EFS policy, defining, 661

Data recovery field (DRF), 645, 647, 648

Dcdiag, 97

Dcgpofix.exe, 693

Dedicated hardware device storage, 481–87

Chrysalis HSM, 486–87

evaluating, 483

goals, 482

list of, 482

nCipher HSM, 483–86

tamper protection, 483

Default certificate templates, 466–68

Default security descriptor

changes, 361–63

contents, retrieving, 362

modifying, 362

setting, 361

Delegation, authentication, 164–74

behind the scenes, 165–66

configuring, 169

constrained, configuring, 168–70

defined, 164–65

flags, 165, 166

obstacles, 166

support, 135–36

ticketing and, 165

use example, 165

what’s missing in, 166–67

See also Kerberos

Delegation guidelines, 386

Delegation wizard, 383

defined, 383

predefined tasks, customizing, 385

Delegwiz.inf, 386

Delta CRLs, 596–98

defined, 598

layout, 599

lifetime and publication interval, 619

operation, 598

See also Certificate revocation lists (CRLs)

Digest authentication, 218–21

advanced support, recognizing, 221

architectural changes, 220

defined, 218

dialog box, 219, 220

disadvantage, 218

exchange illustration, 219

warning, 218

WFetch exchange, 221

See also HTTP authentication

Digital rights management (DRM), 428–40

access rights granularity, 430

content ownership/possession differentiation, 430

digital media application, 429

integrity protection, 429

persistent protection, 429

software, 428

Digital signatures check, 231

Directories

enterprise, 14

role of, 13–14

solutions, 15

synchronization utilities, 14

Discretionary access control (DAC) model, 418

defined, 419

RBAC model comparison, 419–21

Discretionary ACLs, 333

Distributed Computing Environment (DCE), 306

Distributed File System (DFS), 113–14

Distribution lists (DLs), 379

DNS namespaces

collisions, avoiding, 86

disabling, 84, 85

TLN restrictions excluding, 87

Domain Admins group, 375–76

Domain controllers (DCs), 35–37

authenticating, 115

backup (BDCs), 37

defined, 32, 35–37

FSMO roles, 37, 38

Domains

concept, 32–35

defined, 32

functionality levels, 33–35

as security boundary, 32

validating secure channels between, 94–95

Windows Server 2003 AD, 33

Dssec.dat, 348, 349

Dumpel, 719

Dynamic groups, 424

Dynamic Host Configuration Protocol (DHCP), 112

Dynamic link libraries (DLLs), 397

Dynamic service-port mappings, 100

Dynamic Web Pages, 241

Категории

Search