CHAPTER 3.1 Flashcards
The user account is
An entity which is created to identify a user to the system.
* Each account is assigned a unique Security Identifier (SID)
* Is used to control access and privilege to resources and systems
Local User Account
Created on each computer
* Reside in the Security Account
Manager (SAM)
* Provide access to resources on the
local computer
Domain User Account
- Stored in the Active Directory
Database on the domain controller - Provide access to resources on the
domain
Administrator
On a member server or standalone server:
– has full control of all files and management for the local computer.
* On a domain controller:
– created in Active Directory and has full control of the domain.
* The Administrator account cannot be deleted, but can be renamed.
Guest
For user with no account.
* Has no password
* Disabled by default.
Administrator Account Security Guidelines
Rename the Administrator account
* Set a strong password
* Limit knowledge of administrator passwords to only a few
people
* Do not use the Administrator account for daily non administrative tasks
Computers account
- have SAM Account Name and
password
Scenarios where a secure channel
can be broken
Computer and domain disagree
about what the password is.
Distribution Groups
Used only with e-mail applications
* Not security-enabled
Security Groups
Used to assign rights and permissions
* Security-enabled (with SID)
* Can be used with e-mail application
Special identities
Are groups for which membership is controlled by the operating
system