Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)

M

Machine passwords, 60

automatic changing, 60

update registry hacks, 61

Machine startup, 112–14

authentication in, 112–14

illustrated, 112

SNTP operation, 194

Maintaining PKIs, 632–40

CA auditing, 637–40

CA backup/restore, 632–35

CA rollover, 635–37

See also Public key infrastructure

Malicious mobile code (MMC) protection, 393–416

architecture, 393–94

architecture illustration, 394

software protection policies, 394–400

Malicious mobile code (MMC) threats, 393, 394

Mandatory access control (MAC) model, 418

Many-to-one certificate mapping, 230

Master keys

defined, 144

limiting use of, 147–50

mapping, to PKINIT, 189

use of, 147

See also Kerberos; Session keys

Maximum Transmission Unit (MTU), 192

MaxTokenSize parameter, 182–83

Meshed trust model, 500–501

defined, 500

illustrated, 501

See also Networked trust model

Metabase-based mapping, 230

Metaverse, 23

Microsoft Audit Collection System (MACS), 719–20

Microsoft Baseline Security Analyzer (MBSA), 53–54, 702–3

command-line, 705

defined, 702

illustrated, 703

running, 702

with SMS SUS Feature Pack, 706

SUS integration, 705

Microsoft Identity Integration Server 2003 (MIIS), 22–23

architecture, 23

reduced functionality version, 23

Microsoft Management Console (MMC), 406

Microsoft Metadirectory Services (MMS), 22

Microsoft Operations Manager (MOM), 24, 720

Microsoft Provisioning System (MPS), 25–26

architecture, 26

defined, 25

Microsoft Rights Management (RMS), 428

certificates, 434

client-side component, 432–33

components, 432–34

customer server-side component, 432

enrollment, 439–40

exclusion lists, 435

information flow, 435–39

information flow illustration, 437

licenses, 435

lockboxes, 434

Microsoft server-side component, 432

objects, 434–35

objects list, 436

revocation lists, 435

RMS client SDK, 434

RMS-enabled applications, 433

server setup, 439

server software, 428

setup, 439–40

XrML and, 430–32

Microsoft Systems Management Server (SMS), 24–25

architecture, 25

defined, 24–25

Multifactor authentication, 103–4

Multiple CAs, 496–97

Multiple domain logon, 156–63

behind the scenes, 161–63

local process, 156–57

network process, 158–59

revisited, 162

shortcut trusts and, 159–60

See also Kerberos

Multiple forest logon, 163–64

authentication requests, 163–64

defined, 163

flow, 164

See also Kerberos

Mutual authentication, 135

Mytoken.exe, 199