MCSA/MCSE Self-Paced Training Kit (Exam 70-214): Implementing and Administering Security in a Microsoft Windows 2000 Network (Pro-Certification)
Chapter 4
Account-Based Security
About This Chapter
When a user logs on, the operating system knows the user's account credentials and provides access to resources based on the user's identity. The access control mechanism in Microsoft Windows 2000 that secures various types of resources is referred to as permissions. Windows 2000 can apply permissions to the following types of resources:
-
Files and folders on NTFS file system volumes through the NTFS driver
-
Shared folders and shared printers through the server service
-
Registry keys through the security reference monitor
-
Active Directory objects through the Active Directory service
Security for each type of resource is managed by a separate process, and these processes vary slightly in their capabilities and effects, but the concept of permissions is uniformly applied throughout Windows 2000.
Before You Begin
To complete this chapter, you must have
-
The dc01.domain.Fabrikam.com test computer configured with Microsoft Windows 2000 Server and with Active Directory installed with the Domain Security Policy defined in Chapter 1
-
The example network configuration created in Chapter 2, "User Accounts and Security Groups"
-
Access to a client computer running Microsoft Windows 2000 Professional or Windows XP Professional