Configuring And Troubleshooting Windows Server 2008 Active Directory Domain Services
Páginas: 8 (1883 palabras)
Publicado: 4 de febrero de 2013
Overview of Active Directory, Identity, and Access
AD DS provides the functionality of an identity and access (IDA) solution for enterprise networks. The
lesson reviews key concepts of IDA and Active Directory.
Objectives
After completing this lesson, you will be able to:
• Explain authentication and authorization concepts, terminologies processes, and technologies.
• Position the strategicrole of a directory service in an enterprise in relation to identity and access.
MCT USE ONLY. STUDENT USE PROHIBITED
1-4 Configuring and Troubleshooting Windows Server® 2008 Active Directory® Domain Services
Information Protection
If you boil it all down, the job of an information technology professional (IT pro) is to connect users with
the information they require to get their jobs done.That would be pretty easy, if we didn't have to worry
about a little thing called "security." Because users require different levels of access to different classes of
information, we need to associate the correct users with the correct levels of access—information
protection.
The industry defines several approaches to achieving information protection. Each of these "alphabet
soup" frameworksis simply a different perspective on the same problem:
• Identity and Access (IDA).Users and other security principals, which may include computers, services,
and groups, are named as identities (also called "accounts") that are given access (permissions) to
information, resources, or systems.
• Authentication, Authorization, and Accounting (AAA). Users provide user name and password that areauthenticated when their credentials are validated. Users are given permissions to resources (access
control) that are used to authorize access requests. Access is monitored, providing accounting and
auditing. In some documentation, auditing is split out as a separate "A" from accounting, leading to
the acronym, "AAAA."
• Confidentiality, Integrity, and Availability (CIA). Information isprotected to ensure that it is not
disclosed to unauthorized individuals (confidentiality), is not modified incorrectly (integrity)
intentionally or accidentally, and is available when needed (availability).
MCT USE ONLY. STUDENT USE PROHIBITED
Introducing Active Directory® Domain Services 1-5
Identity and Access
At the core of information protection are two critical concepts: identity andaccess.
Let's spend a few minutes reviewing the fundamentals, components, processes, and technologies involved
with identity and access on Windows systems. Although most of this information should be familiar to
you, it is important to set the stage for the role of Active Directory and to clarify the terminology,
components, and processes associated with IDA.
In a secured system, each user isrepresented by an identity. In Windows systems, the identity is the user
account. The accounts for one or more users are maintained in an identity store, which is also known as a
directory database. An identity is called a security principal in Windows systems. Security principals are
uniquely identified by an attribute called the security identifier (SID).
On the other end of the system is theresource to which the user requires access. The resource is secured
with permissions, and each permission specifies a pairing of a specific level of access with an identity.
Many Windows resources, including significant files and folders on NTFS volumes, are secured by a
security descriptor that contains a discretionary access control list (DACL) in which each permission takes
the form of anaccess control entry (ACE).
MCT USE ONLY. STUDENT USE PROHIBITED
1-6 Configuring and Troubleshooting Windows Server® 2008 Active Directory® Domain Services
Authentication and Authorization
There are a few concepts and processes that you must understand about users and resource access. When
a user tries to access a resource on a local or a remote system, several procedures are initiated. As...
AD DS provides the functionality of an identity and access (IDA) solution for enterprise networks. The
lesson reviews key concepts of IDA and Active Directory.
Objectives
After completing this lesson, you will be able to:
• Explain authentication and authorization concepts, terminologies processes, and technologies.
• Position the strategicrole of a directory service in an enterprise in relation to identity and access.
MCT USE ONLY. STUDENT USE PROHIBITED
1-4 Configuring and Troubleshooting Windows Server® 2008 Active Directory® Domain Services
Information Protection
If you boil it all down, the job of an information technology professional (IT pro) is to connect users with
the information they require to get their jobs done.That would be pretty easy, if we didn't have to worry
about a little thing called "security." Because users require different levels of access to different classes of
information, we need to associate the correct users with the correct levels of access—information
protection.
The industry defines several approaches to achieving information protection. Each of these "alphabet
soup" frameworksis simply a different perspective on the same problem:
• Identity and Access (IDA).Users and other security principals, which may include computers, services,
and groups, are named as identities (also called "accounts") that are given access (permissions) to
information, resources, or systems.
• Authentication, Authorization, and Accounting (AAA). Users provide user name and password that areauthenticated when their credentials are validated. Users are given permissions to resources (access
control) that are used to authorize access requests. Access is monitored, providing accounting and
auditing. In some documentation, auditing is split out as a separate "A" from accounting, leading to
the acronym, "AAAA."
• Confidentiality, Integrity, and Availability (CIA). Information isprotected to ensure that it is not
disclosed to unauthorized individuals (confidentiality), is not modified incorrectly (integrity)
intentionally or accidentally, and is available when needed (availability).
MCT USE ONLY. STUDENT USE PROHIBITED
Introducing Active Directory® Domain Services 1-5
Identity and Access
At the core of information protection are two critical concepts: identity andaccess.
Let's spend a few minutes reviewing the fundamentals, components, processes, and technologies involved
with identity and access on Windows systems. Although most of this information should be familiar to
you, it is important to set the stage for the role of Active Directory and to clarify the terminology,
components, and processes associated with IDA.
In a secured system, each user isrepresented by an identity. In Windows systems, the identity is the user
account. The accounts for one or more users are maintained in an identity store, which is also known as a
directory database. An identity is called a security principal in Windows systems. Security principals are
uniquely identified by an attribute called the security identifier (SID).
On the other end of the system is theresource to which the user requires access. The resource is secured
with permissions, and each permission specifies a pairing of a specific level of access with an identity.
Many Windows resources, including significant files and folders on NTFS volumes, are secured by a
security descriptor that contains a discretionary access control list (DACL) in which each permission takes
the form of anaccess control entry (ACE).
MCT USE ONLY. STUDENT USE PROHIBITED
1-6 Configuring and Troubleshooting Windows Server® 2008 Active Directory® Domain Services
Authentication and Authorization
There are a few concepts and processes that you must understand about users and resource access. When
a user tries to access a resource on a local or a remote system, several procedures are initiated. As...
Leer documento completo
Regístrate para leer el documento completo.