Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Active Directory for Authorizations CSG, September 2002.

Published byCameron Merritt Modified over 8 years ago

Similar presentations

Presentation on theme: "Using Active Directory for Authorizations CSG, September 2002."— Presentation transcript:

1 Using Active Directory for Authorizations CSG, September 2002

2 MIT uses of AD Domain Services for Windows users Management of Windows 2000 machines –Group Policies –Software Distribution

3 Software Distribution Assignment vs. Advertising –Users –Machines

4 Identity Management Users Machines –Computer class is a sub class of user

5 Implications of Identity Management of Machines What determines the identity of a machine? –IP address? –MAC address? –Hostname? –Possession of a token? (keytab, certificate, …) How does an administrator manage the identity?

6 An AD Limitation How do you grant access to an SMB share to all of the objects within an OU? –No AD triggers to create a security group that represents the membership as it changes over time. –Moira incremental used to do this Used to deploy MS Office to licensed machines

7 Authorization by SID vs. Name ACLs made directly in AD will contain the SIDs of the objects. ACLs defined in Moira and propagated to AD will make references by name. –Reinstallation of machines does not force a re- ACL

8 Other AD auth issues Privacy and data hiding –AD supports ACLs on almost everything –ACL processing can have a high overhead Almost undocumented dsHeuristics attribute –List Object permission type

Download ppt "Using Active Directory for Authorizations CSG, September 2002."

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
WIN.MIT.EDU  Where are we today  Related services  Current enhancements  Some future enhancements  SharePoint  Panel Discussion.

WIN.MIT.EDU  Where are we today  Related services  Current enhancements  Some future enhancements  SharePoint  Panel Discussion.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
Administering Active Directory

Administering Active Directory
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.

Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
Understanding Active Directory

Understanding Active Directory
© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Authentication, Authorization and Accounting

Authentication, Authorization and Accounting
Group Policy in Microsoft Windows Active Directory.

Group Policy in Microsoft Windows Active Directory.
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.

Similar presentations

Ads by Google