General Flashcards
Access Control Entry (ACE)
An entry within an access control list (ACL) that grants or denies permissions to users or group for a given resource.
Access Control List (ACL)
A set of access control entries that define an object’s permission settings. ACLs enable administrator to explicitly control access to resources
what is Active Directory?
Active Directory provides a central location for network administration and security. Server computers that run Active Directory are called domain controllers. An AD domain controller authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user
Active Directory Federation Services (AD FS)
A new set of technologies in Windows Server 2003 R2 and enhanced in Windows Server 2008 that enables partner companies to access Active Directory resources across the Internet in a trusted manner, without having to have user accounts in the resource domain
Active Directory - integrated zone
A DNS zone that is hosted on a domain controller and stored in one or more AD DS application directory partitions and replicated with AD DS.
Active Directory Lightweight Directory Services (AD LDS)
An update to ADAM that provides directory services for directory-enabled applications on Windows networks without the need for deploying additional domain or domain controllers
Active Directory Migration Tool (ADMT)
A utility that enables you to move objects such as users, groups, and computer from a Windows NT 4.0 domain to an Active Directory domain or to move objects between Active Directory domain in the same or different forests. This tools removes the manual work required to disjoin old domains and join the new domain.
Active Directory Rights Management Services (AD RMS)
A directory service that uses a certification base to confirm the identity of users of information on the network, thereby enabling you to create and work with rights-protected information and ensure that only authorized users have access to these items
Active Directory Users and Computers
primary systems administrator utility for managing users, groups, and computers in a Windows Server 2008 domain, implemented as a Microsoft Management Console (MMC) snap-in
Adprep
A utility that prepares a Windows 2000 or Windows Server 2003 forest or domain for receiving domain controllers running Windows Server 2008. it has several parameters, the most important of which are /forestprep, which prepares the forest, /domainprep, which prepares the domain, and /rodcprep, which prepares the domain for receiving red-only domain controllers (RODC).
AGDLP
An acronym that stands for Microsoft’s recommendation of placing Accounts into Global groups, placing these groups into Domain local groups, and granting Permissions to the domain local group
auditing
A security process that tracks the usage of selected network resources, typically storing the results in a log file. Splunk can be used
auditpol.exe
A command-line tool that enables you to configure audit policy settings and directory service auditing subcategories
authentication
The process by which a server validates a user’s logon credentials so that access to a network resource can be granted or denied
baseline
A term associated with performance monitoring, this is the initial result of monitoring typical network and server performance under a normal load. All future results are measure against the baseline readings. A baseline will typically have performance readings for the processor(s), memory, disk subsystem, and network subsystem.
Bridgehead Server
The contact point for the exchange of directory information between Active Directory sites. The bridgehead server receives information replicated from other sites and replicates it to its site’s other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them.
Certification Authority (CA)
A trusted authority either within a network or a third-party company that manages security credentials such that is guarantees the user object holding a certificate is who it claims to be.
Certificate Enrollment
The process by which users and computer can be given permission to make requests for certificates, retrieve existing certificates, and renew expired certificates. Each CA that is installed on a server has web pages that users can access to submit basic and advanced certificate requests.
Certificate Revocation List (CRL)
A document published by a CA that lists certificates that have been issued but no longer valid. By default, the CA publishes the CRL on a weekly basis.
Certificate Template
Provided by AD CS to simplify the process of requesting and issuing certificates for various purposes. Each template contains the rules and settings that must be in place to create a certificate of a certain type. Certificate templates are available only on enterprise root and subordinate CAs.
Computer Configuration
The portion of a Group Policy object that allows for computer policies to be configured and applied.
Conditional Forwarding
The relaying of a DNS request for zone information for specific domains from one server to another when the first server is unable to process the request.
Connection object
An Active Directory object stored on domain controllers that is used to represent inbound replication links. Domain controllers create their own connection objects for intrasite replication through the Knowledge Consistency Checker (KCC), whereas only a single domain controller in a site creates connection objects for interstice replication, through the Intersite Topology Generator.
Container
An object in Active Directory that is capable of holding other objects. An example of a container would be the Users folder in Active Directory Users and Computers