1 / 29

CN1260 Client Operating System

CN1260 Client Operating System. Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS , MCDST, MCP, A+. Agenda. Chapter 3: Understanding Workgroups and Active Directory Quiz Exercise. Workgroup. A group of computer form into a peer-to-peer network.

jovianne-armando
Download Presentation

CN1260 Client Operating System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

  2. Agenda • Chapter 3: Understanding Workgroups and Active Directory • Quiz • Exercise

  3. Workgroup • A group of computer form into a peer-to-peer network. • User accounts are decentralized and stored on each individual computer

  4. Authentication and Logins • Authentication • The process of identifying an individual • Username and password • Authorization • The process of giving individuals access to system objects based on their identity • Auditing • The process of keeping track of a user’s activity while accessing the network resources

  5. Authentication Methods • A user can authenticate using one or more of the following methods: • What they know • A password or Personal Identity Number (PIN). • What they own or possess • Such as a passport, smart card, or ID card • What a user is • Biometric factors based on fingerprints, retinal scans, voice input, or other forms

  6. Password • The most common method of authentication • A secret series of characters that enables a user to access a file, computer, or program • A complex or strong password • 6 or more characters long • Cannot contain the user’s account name or parts of the user’s full name • A mix of characters, upper and lower case, number, and non-alphanumeric characters

  7. User Account • Enables a user to log on to a computer and domain • Can be used for auditing • There are two types of user accounts: • The local user account • The domain user account

  8. Local User Account • A local user account allows a user to log on and gain access to the computer where the account was created. • Security Account Manager (SAM) database • Located on the local computer • Stores the local user account

  9. User Accounts (Cont.) • Three groups of local user accounts: • Administrator • Standard • Guest • Creating and managing local user accounts: • User Accounts in the Control Panel • See Figure 3-1 on Page 57 • Local Users and Groups MMC snap-in • See Figure 3-2 on Page 59

  10. User Profile • A collection of folders and data that store the user’s current desktop environment and application settings, is associated with each user account • C:\Users folder • See Figure 3-3 on Page 60

  11. Credential Manager • Store credentials, such as usernames and passwords that you use to log on to websites or other computers, on a network • Credentials are saved in special folders on your computer called vaults.

  12. Active Directory • A directory service stores, organizes, and provides access to information in a directory • It is used for locating, managing, administering, and organizing common items and network resources, such as volumes, folders, files, printers, users, groups, devices, telephone numbers, and other objects

  13. Active Directory • A technology created by Microsoft that provides a variety of network services, including: • Lightweight Directory Access Protocol (LDAP) • Kerberos-based and single sign-on (SSO) authentication • DNS-based naming and other network information • Central location for network administration and delegation of authority

  14. Domain • A logical unit of computers and network resources that defines a security boundary

  15. Domain Controller • A Windows server that stores a replica of the account and security information of the domain and defines the domain boundaries • A server that is not running as a domain controller is known as a member server

  16. Active Directory Consoles • Several MMC snap-in consoles to manage Active Directory: • Active Directory Users and Computers • Active Directory Domains and Trusts • Active Directory Sites and Services • Active Directory Administrative Center • Group Policy Management Console (GPMC)

  17. Organizational Units • To help organize objects within a domain and minimize the number of domains, you can use organizational units, commonly seen as OU • OUs can be used to hold users, groups, computers, and other organizational units • An organizational unit can only contain objects that are located in a domain

  18. Delegating Administration • You can assign a range of administrative tasks to the appropriate users and groups

  19. Active Directory Objects • A distinct, named set of attributes or characteristics that represents a network resource • Computers, users, groups, and printers • A 128-bit unique number called a globally unique identifier (GUID) or security identifier (SID) • If a user changes his or her name, GUID remains the same

  20. Domain User • A domain user account is stored on the domain controller and allows you to gain access to resources within the domain • See Figure 3-4 and 3-5 on Page 65 • Domain user properties sheet • See Figure 3-6 on Page 66 • Specify logon hours

  21. Computer Account • For authenticating and auditing the computer’s access to a Windows network and its access to domain resources

  22. Groups • A collection or list of user accounts or computer accounts • Group Types • Security group • Distribution group • Group scopes • Domain Local group • Global group • Universal group

  23. Group Policies • Controls the working environment for user accounts and computer accounts • Provides the centralized management and configuration of operating systems, applications, and users’ settings in an Active Directory environment • Group policies can be set • Locally on the workstation • Domain Level • Group policies are applied in the following order: • Local -> Site -> Domain -> OU

  24. Rights and Permissions • A user right authorizes a user to perform certain actions on a computer such as logging on to a system interactively or backing up files and directories on a system • See Figure 3-8 on Page 71 for list of user’s rights • Permission defines the type of access that is granted to an object • Assigned permissions are NTFS files and folders, printers and Active Directory objects. • Access control list (ACL) which lists all users and groups that have access to the object.

  25. Account Lockout Policy • Specifies the number of unsuccessful logon attempts • To lock the account • Specifies the duration that the account remains locked • See Figure 3-9 on Page 72

  26. Password Control • Group policies can be used to control • How often a user changes a password • How long the password is • A complex password • See Figure 3-10 on Page 74 • To help manage passwords • Computer Configuration\Windows Settings\ Security Settings\ Account Policies\Password Policy

  27. Auditing • Auditing is not enabled by default • To enable auditing, you specify what types of system events to audit using group policies or the local security policy • Security Settings\Local Policies\Audit Policy • See Figure 3-11 on Page 75 • To audit NTFS files, NTFS folders, and printers is a two-step process • Enable Object Access using group policies • Specify which objects you want to audit

  28. Troubleshooting Authentication Issues • The users forgot their password • Caps lock or num lock key on • Language defined and that the keyboard is operating fine • If the time is off, authentication can fail • If computer is not part of the domain or is not trusted, you will not be able to log in to the domain

  29. Assignment • Submit these before class over on Thursday • Fill in the blank • Multiple Choice • True / False • Submit these before class start on Monday • Lab 3

More Related