Presentation is loading. Please wait.

Presentation is loading. Please wait.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Published byAlicia Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+"— Presentation transcript:

1 CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

2 Agenda Chapter 3: Understanding Workgroups and Active Directory Quiz Exercise

3 Workgroup A group of computer form into a peer-to-peer network. ▫User accounts are decentralized and stored on each individual computer

4 Authentication and Logins Authentication ▫The process of identifying an individual ▫Username and password Authorization ▫The process of giving individuals access to system objects based on their identity Auditing ▫The process of keeping track of a user’s activity while accessing the network resources

5 Authentication Methods A user can authenticate using one or more of the following methods: ▫What they know  A password or Personal Identity Number (PIN). ▫What they own or possess  Such as a passport, smart card, or ID card ▫What a user is  Biometric factors based on fingerprints, retinal scans, voice input, or other forms

6 Password The most common method of authentication A secret series of characters that enables a user to access a file, computer, or program A complex or strong password ▫6 or more characters long ▫Cannot contain the user’s account name or parts of the user’s full name ▫A mix of characters, upper and lower case, number, and non-alphanumeric characters

7 User Account Enables a user to log on to a computer and domain Can be used for auditing There are two types of user accounts: ▫The local user account ▫The domain user account

8 Local User Account A local user account allows a user to log on and gain access to the computer where the account was created. Security Account Manager (SAM) database ▫Located on the local computer ▫Stores the local user account

9 User Accounts (Cont.) Three groups of local user accounts: ▫Administrator ▫Standard ▫Guest Creating and managing local user accounts: ▫User Accounts in the Control Panel  See Figure 3-1 on Page 57 ▫Local Users and Groups MMC snap-in  See Figure 3-2 on Page 59

10 User Profile A collection of folders and data that store the user’s current desktop environment and application settings, is associated with each user account ▫C:\Users folder ▫See Figure 3-3 on Page 60

11 Credential Manager Store credentials, such as usernames and passwords that you use to log on to websites or other computers, on a network Credentials are saved in special folders on your computer called vaults.

12 Active Directory A directory service stores, organizes, and provides access to information in a directory It is used for locating, managing, administering, and organizing common items and network resources, such as volumes, folders, files, printers, users, groups, devices, telephone numbers, and other objects

13 Active Directory A technology created by Microsoft that provides a variety of network services, including: ▫Lightweight Directory Access Protocol (LDAP) ▫Kerberos-based and single sign-on (SSO) authentication ▫DNS-based naming and other network information ▫Central location for network administration and delegation of authority

14 Domain A logical unit of computers and network resources that defines a security boundary

15 Domain Controller A Windows server that stores a replica of the account and security information of the domain and defines the domain boundaries A server that is not running as a domain controller is known as a member server

16 Active Directory Consoles Several MMC snap-in consoles to manage Active Directory: ▫Active Directory Users and Computers ▫Active Directory Domains and Trusts ▫Active Directory Sites and Services ▫Active Directory Administrative Center ▫Group Policy Management Console (GPMC)

17 Organizational Units To help organize objects within a domain and minimize the number of domains, you can use organizational units, commonly seen as OU OUs can be used to hold users, groups, computers, and other organizational units An organizational unit can only contain objects that are located in a domain

18 Delegating Administration You can assign a range of administrative tasks to the appropriate users and groups

19 Active Directory Objects A distinct, named set of attributes or characteristics that represents a network resource ▫Computers, users, groups, and printers A 128-bit unique number called a globally unique identifier (GUID) or security identifier (SID) ▫If a user changes his or her name, GUID remains the same

20 Domain User A domain user account is stored on the domain controller and allows you to gain access to resources within the domain See Figure 3-4 and 3-5 on Page 65 ▫Domain user properties sheet See Figure 3-6 on Page 66 ▫Specify logon hours

21 Computer Account For authenticating and auditing the computer’s access to a Windows network and its access to domain resources

22 Groups A collection or list of user accounts or computer accounts Group Types ▫Security group ▫Distribution group Group scopes ▫Domain Local group ▫Global group ▫Universal group

23 Group Policies Controls the working environment for user accounts and computer accounts ▫Provides the centralized management and configuration of operating systems, applications, and users’ settings in an Active Directory environment Group policies can be set ▫Locally on the workstation ▫Domain Level Group policies are applied in the following order: ▫Local -> Site -> Domain -> OU

24 Rights and Permissions A user right authorizes a user to perform certain actions on a computer such as logging on to a system interactively or backing up files and directories on a system ▫See Figure 3-8 on Page 71 for list of user’s rights Permission defines the type of access that is granted to an object ▫Assigned permissions are NTFS files and folders, printers and Active Directory objects. ▫Access control list (ACL) which lists all users and groups that have access to the object.

25 Account Lockout Policy Specifies the number of unsuccessful logon attempts ▫To lock the account ▫Specifies the duration that the account remains locked ▫See Figure 3-9 on Page 72

26 Password Control Group policies can be used to control ▫How often a user changes a password ▫How long the password is ▫A complex password ▫See Figure 3-10 on Page 74 To help manage passwords ▫Computer Configuration\Windows Settings\ Security Settings\ Account Policies\Password Policy

27 Auditing Auditing is not enabled by default To enable auditing, you specify what types of system events to audit using group policies or the local security policy ▫Security Settings\Local Policies\Audit Policy ▫See Figure 3-11 on Page 75 To audit NTFS files, NTFS folders, and printers is a two-step process ▫Enable Object Access using group policies ▫Specify which objects you want to audit

28 Troubleshooting Authentication Issues The users forgot their password Caps lock or num lock key on Language defined and that the keyboard is operating fine If the time is off, authentication can fail If computer is not part of the domain or is not trusted, you will not be able to log in to the domain

29 Assignment Submit these before class over on Thursday ▫Fill in the blank ▫Multiple Choice ▫True / False Submit these before class start on Monday ▫Lab 3

Download ppt "CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+"

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Authentication, Authorization and Accounting

Authentication, Authorization and Accounting
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Similar presentations

Ads by Google