Premium Essay

Lab 3 Enable Windows Active Directory and User Access Control

In: Computers and Technology

Submitted By SCMLH
Words 385
Pages 2
Enable Windows Active Directory and User Access Control

1. What are the three fundamental elements of an effective access control solution for information systems?
Identification, Authentication and Authorization

2. What two access controls can be set up for Windows Server 2003 folder and authentication?
Authentication and Access Control

3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? What type of access control would best describe this access control situation?
Folder Contents. The access control best fitting would be security policy.

4. What is the mechanism on a Windows server where you can administer granular policies and permissions on a Windows network using role-based access?
This would fall under Group Policies.

5. What is two-factor authentication and why is it an effective access control technique?
It is a two different type of identification process. Like an ID card and a pin code.

6. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve CIA for departmental LANs departmental folders, and data.
The security details are created in the directory domain

7. It is a good practice to include the account or user name in the password? Why or why not?
This is definitely not a good or suggested practice because this is a common starting place for hackers to start when attempting to log in to someone’s account or when trying to use another person’s access.

8. Can a user who is defined in the Active Directory access a shared drive if that user is not part of the domain?
No, if a user is not granted specific access to a directory then they are not able to access it.

9. Does Windows Server 2003 require a user’s logon/password credentials prior to accessing shared drives?…...

Similar Documents

Premium Essay

Active Directory

...Riordan Active Directory Migration Tyler Dresslar POS 421 September 3, 2012 R.Chung Riordan Active Directory Migration Introduction With regards to Riordan Manufacturing acquiring new severs with Active Directory Technology, the company must look at migrating to Windows Server 2008 R2 in order facilitate the streamlining of work for the Information Technology Department. Moving to Active Directory will save Riordan TIME and MONEY, the benefits of such a move and implementation will be explained in the following paragraphs. Microsoft Active Directory Domain Services are the foundation for distributed networks built on Windows 2000 Server, Windows Server 2003 and Microsoft Windows Server 2008 operating systems that use domain controllers. Active Directory Domain Services provide secure, structured, hierarchical data storage for objects in a network such as users, computers, printers, and services. Active Directory Domain Services provide support for locating and working with these objects. Windows 2000 Server and later operating systems provide a user interface for users and administrators to work with the objects and data in Active Directory Domain Services. Network administrators write scripts and applications that access Active Directory Domain Services to automate common administrative tasks, such as adding users and groups, managing printers, and setting permissions for network resources. Independent software vendors and end-user developers can use......

Words: 603 - Pages: 3

Premium Essay

Enable Windows Active Directory and User Access Controls

...50 LAB #3 | Enable Windows Active Directory and User Access Controls LAB #3 – ASSESSMENT WORKSHEET Enable Windows Active Directory and User Access Controls Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview This lab provided students with the hands-on skills needed to create a new Active Directory domain in Windows Server 2003 and demonstrated how to configure a centralized authentication and policy definition for access controls. The Active Directory users and workstation plug-ins were used to create users, groups, and configure role-based access permissions and controls on objects and folders in a Windows Server 2003 Active Directory system. Lab Assessment Questions & Answers 1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication, and Authorization. 2. What two access controls can be set up for Windows Server 2003 folders and authentication? Authentication and Access control. 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? What type of access control would best describe this access control situation? Assessment Worksheet 4. What is the mechanism on a Windows server where you can administer granular policies and 51 permissions on a Windows network using role-based access? 5. What is two-factor......

Words: 478 - Pages: 2

Free Essay

Active Directory

...Based on the Active Directory implementation plan that I provided in the week two discussions, I wanted to create a plan that created strategies that would separate or let you know who users in which groups using Windows material are. I want to show that nesting a plan like this will be easier on the user, administrator, and company. Groups these days are used to keep users, connected parts, and everyone that is part of the domain. The administrator or Point of Contact can make things a lot easier when they use groups or grouping. Everything that is stored in the computer’s system from employee start date to age to termination, etc. is stored in the groups. (Microsoft TechNet, 2007) All the groups and users will have the same setting for security and permissions. There are a few groups that can be used. The types of groups we will use here are distribution groups and Security groups. The distribution groups will be used with all email applications for emails to be sent/received to all other users in that email list. Each group will be allowed to access the network. They can also give rights to users in the Active Directory and set different security issues on the network. Distribution and groups are made by the scope with a domain. The groups for Riordan will be local. It gives access to domains and security. (Cooper, 2011) An example of this would be any user or member using the domain. Usually members of this group do not change. The other groups usually......

Words: 499 - Pages: 2

Free Essay

Active Directory Replication Strategy

...Active Directory Replication Strategy Active Directory Replication Strategy Explain how replication should be configured, implemented, maintained, and monitored in an Active Directory infrastructure. Active Directory implements a replication topology that takes advantage of the network speeds within sites, which are ideally configured to be equivalent to local area network (LAN) connectivity. The replication topology also minimizes the use of potentially slow or expensive wide area network (WAN) links between sites. When you create a site object in Active Directory, you associate one or more Internet Protocol (IP) subnets with the site. Each domain controller in a forest is associated with an Active Directory site. A client workstation is associated with a site according to its IP address; that is, each IP address maps to one subnet, which in turn maps to one site. Active Directory uses sites to: 1. Optimize replication for speed and bandwidth consumption between domain controllers. 2. Locate the closest domain controller for client logon, services, and directory searches. 3. Direct a Distributed File System (DFS) client to the server that is hosting the requested data within the site. 4. Replicate the system volume (SYSVOL), a collection of folders in the file system that exists on each domain controller in a domain and is required for implementation of Group Policy. And when it comes to monitoring my replication in active directory I would use the......

Words: 2403 - Pages: 10

Premium Essay

Active Directory

...1: 1. Which of the following items is a valid leaf object in Active Directory? a. Domain b. User c. Application partition d. OU 2. Which of the following domain controllers can be joined to a forest that is currently set at the Windows Server 2008 forest functional level? a. Windows 2000 b. Windows Server 2003 c. Windows Server 2008 d. Windows NT 4.0 3. You are planning an Active Directory implementation for a company that currently has sales, accounting, and marketing departments. All department heads want to manage their own users and resources in Active Directory. What feature will permit you to set up Active Directory to allow each manager to manage his or her own container but not any other containers? a. Delegation of control b. Read-only domain controller c. Multimaster replication d. SRV records 4. The process of keeping each domain controller in synch with changes that have been made elsewhere on the network is called __________. a. Copying b. Osmosis c. Transferring d. Replication 5. The __________ Domain Controller contains a copy of the ntds.dit file that cannot be modified and does not replicate its changes to other domain controllers within Active Directory. a. Secondary b. Primary c. Read-Only d. Mandatory 6. What type of trust is new to Windows Server 2008 and is only available when the forest functionality is set to Windows Server 2008? a. Parent-child trust b. Two-way......

Words: 591 - Pages: 3

Free Essay

Active Directory

...function of the following Windows Server 2008 services: i. Active Directory Federation Services ii. Active Directory Lightweight Directory Services iii. Active Directory Certificate Services iv. Active Directory Rights Management Services i. Active Directory Federation Services is a standards-based service that allows the secure sharing of identity information between business partners (know as federations) across the extranet. When a user needs to access a Web application from one of its federation partners, the users own organization is responsible for authenticating the user and providing identity information in the form of "claims" to the partner that hosts the Web application. The hosting partner uses its trust policy to map the incoming claims to claims that are understood by its Web application, which uses the claims to make authorization decisions. ii. Active Directory Lightweight Directory Services is a Lightweight Directory Access Protocol (LDAP) directory service designed for use with directory-enabled applications. A directory-enabled application is one that uses a directory, as opposed to a database or flat file, for its data store. iii. Active Directory Certificate Services is an Identity and Access Control security technology that provides customizable services for creating and managing public key certificates used in software security systems that employ public key technologies. iv. Active Directory Rights Management......

Words: 563 - Pages: 3

Premium Essay

1. Relate How Windows Server 2008 R2 Active Directory and the Configuration of Access Controls Achieve C-I-a- for Departmental Lans, Departmental Folders, and Data.

...Active Directory provides many benefits to administrators including group management, organizational management, trust relationships, and node/application replication. Group management is made simple with Active Directory. There are two types of groups in Active Directory, distribution and security. Distribution groups are used solely for email purposes, and all members of a certain department or team are get grouped together. For example, the finance department of a company typically only communicates with other members of that same group. An Active Directory distribution group allows all members of the finance department to email without having to type every individual name in the email. Security groups are used to provide or deny access to users or devices to shares, files, or even other devices, these are called security permissions. Security permissions can be added to any distribution or security group, however email cannot be sent to a distribution group. Active Directory allows administrators to designate network users as owners or delegates of other security or distribution groups, to be updated as needed. Organizational management is made possible through the use of Organizational Units aka OU’s. Basically, OU’s allow users, computers, or devices on the same network to be grouped together to best fit the Companies needs. This makes searching for or accessing a device, user, or group far less complex than if all domain items were listed together. For example,......

Words: 705 - Pages: 3

Premium Essay

Lab Access Control

...Access controls can be applied in various forms, levels of restriction, and at different places within a computing system. A combination of access controls can provide a system with layered defense-in-depth protection. Instructions: For the scenarios that follow, identify the data that would need to be protected. Recommend how you would implement one or more of the access controls (listed after the scenarios) for the given scenario and justify your recommendation. Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet access. All employees communicate using smartphones. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000 computers with Internet access and 250,000 servers. All employees must have security clearances, and they communicate mainly using BlackBerry devices and e-mail. Access Controls * Administrative controls: Policies approved by management and passed down to staff, such as......

Words: 300 - Pages: 2

Premium Essay

Active Directory

...Project- Windows 2012 Management 12/5/14 Active Directory is a directory service that Microsoft developed for Windows domain networks and is included in most Windows Server operating systems as a set of processes and services. An Active Directory domain controller authenticates and allows all users and computers in a Windows domain type network- assigning and enforcing security policies for all computers and installing or updating software. When a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user. Active Directory makes use of Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Microsoft's version of Kerberos, and DNS. Active Directory, like many information-technology efforts, originated out of a democratization of design using Request for Comments or RFCs. The Internet Engineering Task Force (IETF), which oversees the RFC process, has accepted numerous RFCs initiated by widespread participants. Active Directory incorporates decades of communication technologies into the overarching Active Directory concept then makes improvements upon them. Microsoft previewed Active Directory in 1999, it was first released with Windows 2000 Server edition, and revised it to extend functionality and improve administration in Windows Server 2003. Additional improvements came with Windows Server 2003 R2, Windows Server 2008, and......

Words: 627 - Pages: 3

Premium Essay

Unit 3 Access Control

...Scenario 1: (DAC) Discretionary Access Control. Being that the business is small and not in need of higher security measures, it would be the easiest to maintain and monitor for a small business. Scenario 2: (MAC) Mandatory Access Control. The employees primarily communicate using smartphones; which proves as a possible security risk. MAC is stronger than DAC but, still easily monitored for a small business; which makes this the top choice for Top Ads. Scenario 3: (RBAC) Role Based Access Control. With the company being as large as it is and the employees traveling and/or working from home, the roles set by a Security Administrator would be the most secure and efficient way of providing different levels of clearance to individual users. It would take time to start from nothing but, once the security measures are in place it would be easy to monitor and to manage. Scenario 4: Content-Dependent Access Control. Since everything that the company does depends on the individual material being manufactured the above Access Control type should be apparent. Giving permissions by what is contained in each individual file is more costly but, a lot more secure. It also allows the company to monitor the data sent less as each document is given its own set of roles. Scenario 5: (RBAC) Role Based Access Control. With RBAC in place the security measures would be assigned to each user and monitored by the security administrator(s). Using this Access control method would allow for......

Words: 288 - Pages: 2

Free Essay

Active Directory

...object name BlockALibrary E) Create OU structure F) Create Active directory object G) Create and publishing printer H) Create and publishing shared folder 2. Find step by step how to assigning user privileges using Active Directory. 1. Go to Start} Programs} Administrative Tools} Active Directory Users and Computers. 2. Double-click the domain node in the console tree. 3. Click the Users folder. 4. Right-click on the GFI_ESEC_Floppy_ReadOnly folder and click Properties. 5. Click the Members tab and click Add. 6. Click Look in to display a list of domains from which users and computers can be added to the group. 7. Select your domain. 8. Click on your user name and then click OK. Testing Since the user groups created by GFI EndPointSecurity are already configured (and assigned privileges) in the default protection policies. You will be automatically assigned read privileges as soon as you add your name to the GFI_ESEC_Floppy_ReadOnly group, without having to bring up the GFI EndPointSecurity user console. To verify this: 1. Insert a formatted floppy disk in your floppy disk drive. 2. Open a text editor such as Notepad, type in some text and save the file on your desktop as Example2.txt. 3. Go to your desktop, right click on Example2.txt and select Send to } A:. An access denied message similar to the one shown above should be displayed, indicating that......

Words: 735 - Pages: 3

Free Essay

Active Directory

...Implementing Windows Server 2003 Active Directory Judith Che Strayer University of Maryland Author Note Judith Che, Strayer University of Maryland. Any questions regarding this article should be address to Judith Che. Strayer University Maryland, White Marsh, MD 21085. Company’s today relay on good networking in order for their business to grow and succeed. A system engineer requires the ability, knowledge, and skill to plan and manage today’s networking which faces an ever-increasing variety of applications. We need to be skilled and informed to manage a network running Windows Server 2003 Active Directory. Present day networking administrators have difficulties ensuring that network resources are available to users when access is needed and securing the network in such a way that available resources are accessible to the proper user with the proper permission. We will have to solve networking problems including troubleshooting, configuration, installation, administration, and managing element. Starting from choosing the best Windows Server 2003 Edition that will meet the company’s needs in terms of price, performance and features; work group woes, name resolution nightmares and DNS name conflicts to server security. These problems can be solved with proper planning, managing, and designing a day-to-day administration of an Active Directory domain within their Windows Server 2003 network environment. We predict that implementing a Windows Server 2003 Active......

Words: 5782 - Pages: 24

Free Essay

Active Directory Users Group Design

... you can simply go into Group Policies of Active Directory. From there, set each electronic device (in this case the printers) you desire to have shared across the company’s network. Each department will be grouped within Active Directory under Organization Units that could be linked to the particular printers in order for each group with in the OU to print the desired material. I advise labeling each printer, then set it as a default to the groups that are linked to it through own OU and AD. In doing so you, whomever is printing the newsletter should have the ability of selecting the correct printer group resources and distributing them to each department. Please be sure Marketing is placed in a OU that has all other department printers installed within. As to your second request, you can simply take all users that are within the forest in question and add them to a global group, form there the universal group. At this point you will need to add the universal group and add it to the domain local group that is within their domain. Said users will at this point have access to everything in that universal group. Be sure and assign the printer as well in order for them to print off the vacation requests to the Human Resources dept. For the question on your R&D, I would advise setting up a limited domain administrator. Create a group for the users of that department in the domain, then you will delegate control to the Organizational Units that they......

Words: 350 - Pages: 2

Free Essay

Active Directory Benfits for Smaller Enterprises

...[pic] Active Directory Benefits for Smaller Enterprises Microsoft Corporation Published: September 2004 Abstract Microsoft® Active Directory® (AD) has been available since early 2000, and while most organizations have completed their AD deployment and are realizing the many business benefits of having deployed Active Directory, there are still organizations that have either not completed their deployment or have yet to take advantage of some of the important features of Active Directory that yield the greatest business benefits. This whitepaper is designed to help small and medium-sized organizations understand the business advantages that can be realized quickly and easily through the use of Windows Server 2003 and Active Directory. This paper was written based on feedback from hundreds of business executives on the reasons they chose to migrate to Active Directory, and the ongoing benefits they have realized. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. ......

Words: 7075 - Pages: 29

Premium Essay

Research Assignment for Active Directory

...Research Assignment 1. Explain the function of the following Windows Server 2008 Services: A. Active Directory Federation Services B. Active Directory Lightweight Directory Services C. Active Directory Certificate Services D. Active Directory Rights Management Services AD FS is composed of three different server components: Federation Server, Federation Proxy server, and ADFS Web Agents. A federation server is the main AD FS component, which holds the Federation Service role. These servers route authentication requests between connected directories. A federation proxy server acts as a reverse proxy for AD FS authentication requests. This type of server normally resides in the demilitarized zone (DMZ) of a firewall, and is used to protect the back-end AD FS server from direct exposure to the untrusted Internet. The Web Agents component of AD FS hosts the claims-aware agent and the Windows token-based agent components that manage authentication cookies sent to web server applications. The Active Directory Lightweight Directory Services server role is a Lightweight Directory Access Protocol directory service. It provides data storage and retrieval for directory-enabled applications, without the dependencies that are required for Active Directory Domain Services. Active Directory Certificate Services provides customizable services for issuing and managing public key infrastructure (PKI) certificates used in software security systems that employ public key......

Words: 1307 - Pages: 6