|
Implement,
configure, and manage, local user
authentication.
Authentication
Successful user authentication in a Windows 2000
computing environment consists of two separate
processes: interactive logon, which confirms the
user's identification to either a domain account
or a local computer, and network authentication,
which confirms the user's identification to any
network service that the user attempts to
access.
Some types of authentication that Windows 2000
supports are:
-
Kerberos V5 is used with either a password
or a smart card for interactive logon. It is
also the default method of network
authentication for services.The Kerberos V5
protocol verifies both the identity of the
user and network services.
-
Secure Socket Layer/Transport Layer Security
(SSL/TLS)
authentication, is used when a user attempts
to access a secure Web server.
Implement,
configure, and manage, a security configuration.
Security settings
include Security Policies (account and local
policies), access control (services, files,
registry), event log, group membership
(restricted groups), Internet Protocol security
Security policies, and Public Key policies.
Security templates
are a physical representation of a security
configuration: a file where a group of security
settings may be stored. Windows 2000 includes a
set of security templates, each based on the
role of a computer: from security settings for
low security domain clients to highly secure
domain controllers. These templates can be used
as provided, modified, or serve as a basis for
creating custom security templates.
Security configuration tools
To define and use security templates,
administrators use the Security Templates
snap-in. To configure and analyze security
locally, administrators use the Security
Configuration and Analysis snap-in. To configure
security centrally in Active Directory,
administrators use the Group Policy snap-in. |
