- #THE USER DOES NOT HAVE RSOP DATA MICROSOFT PASSWORD#
- #THE USER DOES NOT HAVE RSOP DATA MICROSOFT WINDOWS#
#THE USER DOES NOT HAVE RSOP DATA MICROSOFT WINDOWS#
There are three graphical tools that can be used with Windows 2000 Server or Windows Server 2003:Īctive Directory Users and Computers, Active Directory Domains and Trusts, and Active Directory Sites and Services are tools that are installed with AD.
When AD is installed, a number of features and tools become available. Once AD is installed on Windows 2000 Server or Windows Server 2003, the server becomes a domain controller that can be used for authentication and management of user accounts and other objects in AD. Because AD was not available when Windows NT 4 was released, it cannot be installed on a Windows NT server. A service ticket is used to authenticate to individual services by providing a ticket when a particular service is needed.Īs mentioned earlier in this chapter, AD is a directory service that was first introduced in Windows 2000 Server. The TGT is generally good for as long as the user is logged on and is used to access a ticket-granting service that provides another type of ticket: service tickets. Because the KDC is part of AD, the user also authenticates to the KDC and is issued a session key called a ticket granting ticket (TGT).
#THE USER DOES NOT HAVE RSOP DATA MICROSOFT PASSWORD#
When a user logs on, the user authenticates to AD using a password or smart card. Tickets are issued by a Key Distribution Center (KDC), which is a service that runs on every domain controller. A Kerberos ticket is encrypted data that is issued for authentication. With Kerberos, each party to a transaction proves that they are who they claim to be through the use of tickets. In Windows 2000 Server and later, Kerberos is the default authentication service. Kerberos version 5 is an industry-standard security protocol that uses mutual authentication to verify the identity of a user or computer, as well as the network service that is being accessed. With smart cards, the security of a network can be greatly enhanced because it is necessary to physically possess the card to log on.Ī major advance that first appeared in Windows 2000 was Kerberos authentication. When a smart card is inserted into a smart card device, it provides information that can be used for authentication and other purposes. Smart cards are generally the size of a credit card and have the ability to store data. Windows 2000 was also the first version to provide built-in support for smart cards. Encryption ensures that unauthorized parties are unable to view the data if they gain access to it. EFS uses a public key system to encrypt data on hard disks. IPSec allows encryption of data across the network. Windows 2000 Server was the first version to provide encryption of data over the network and in the file system. In addition, new features have been added that make Windows Server 2003 the most secure Windows server product Microsoft has ever marketed. Many of the features we’ll discuss next were implemented in Windows 2000 and have been updated in Windows Server 2003. Windows 2000 offers a number of new security features that were not previously available in Windows NT.
Shinder, in MCSE (Exam 70-293) Study Guide, 2003 Security Features
0 kommentar(er)
