MCTS 70-680: Authentication and Authorization
43.3 هزار بار بازدید -
13 سال پیش
-
This video looks at Authentication
This video looks at Authentication and Authorization in Windows 7. Authentication is the process of identifying the user or computer. Authorization is determining what they can and can't have access to after Authentication has occurred.
Kerberos version 5
This is the default system that Windows will use when it is available. It is a ticket based system. A ticket based system is when a ticket is generated when the user first logs in. This ticket contains all the groups the user is a member of and thus determines what they have access to. This ticket can be used with other computers on the network to grant access. If the users access changes after they login they will need to log off and back on again in order for the changes to take effect.
Windows will use Kerberos when it can, however there are times when Kerberos can't be used. These include the following
1) Authentication using an IP address
2) Either computer is not in a domain
3) The computers are in different forest with no forest trust connecting them
4) A firewall is blocking the Kerberos ports
NTLMv2
NT Lan Manager is a challenge response authentication system. A challenge response authentication system works by asking the other side a mathematical question. In order to answer this question correctly the password must be used to generate the response. This means the password is never transferred over the network in order for authentication to occur.
Certificates and Smartcards
Windows 7 supports the use of certificates and smartcards. Certificates can be generated either from a Microsoft Certificate Authority or from a 3rd party Certificate Authority. A smartcard contains the keys that are required by encryption. In order to prevent the smartcard from being used by the wrong party if lost or stolen they often support multifactor authentication. Multifactor authentication is when multiple methods are used to authentication the user. A common method is to add a pin number to the smart card.
Biometrics
Biometrics are devices that check something physical about the user. Examples of these include finger print scanner and eye scanners.
Authorization
Once you have been authenticated Windows need to decide what you can and can't access. This is configured through permissions, polices and rights. Permissions are assigned to files and folders. Polices are group policy which determine what you can access and what you can't like the control panel. Rights determine what you can do, for example if you can access take ownership of files.
Groups
To make administration easier Windows has a number of default groups. These default groups have permissions, polices and rights assigned to them to make it easier to configure Windows. Some of these groups are.
Administrators\Have access to everything
Backup operators\Can read and restore files
Event log readers\Can read the event logs
Network configuration operators\Can make changes to network adapters
Remote Desktop Users\Allows a user to access the computer using remote desktop
Power Users\Legacy group for backwards compatibly to Windows XP
Users\General users group.
Guests\Basic user that when logs off, changes are lost
See itfreetraining or http://itfreetraining.com for are always free training videos. This is only one video from the many free courses available on YouTube.
Kerberos version 5
This is the default system that Windows will use when it is available. It is a ticket based system. A ticket based system is when a ticket is generated when the user first logs in. This ticket contains all the groups the user is a member of and thus determines what they have access to. This ticket can be used with other computers on the network to grant access. If the users access changes after they login they will need to log off and back on again in order for the changes to take effect.
Windows will use Kerberos when it can, however there are times when Kerberos can't be used. These include the following
1) Authentication using an IP address
2) Either computer is not in a domain
3) The computers are in different forest with no forest trust connecting them
4) A firewall is blocking the Kerberos ports
NTLMv2
NT Lan Manager is a challenge response authentication system. A challenge response authentication system works by asking the other side a mathematical question. In order to answer this question correctly the password must be used to generate the response. This means the password is never transferred over the network in order for authentication to occur.
Certificates and Smartcards
Windows 7 supports the use of certificates and smartcards. Certificates can be generated either from a Microsoft Certificate Authority or from a 3rd party Certificate Authority. A smartcard contains the keys that are required by encryption. In order to prevent the smartcard from being used by the wrong party if lost or stolen they often support multifactor authentication. Multifactor authentication is when multiple methods are used to authentication the user. A common method is to add a pin number to the smart card.
Biometrics
Biometrics are devices that check something physical about the user. Examples of these include finger print scanner and eye scanners.
Authorization
Once you have been authenticated Windows need to decide what you can and can't access. This is configured through permissions, polices and rights. Permissions are assigned to files and folders. Polices are group policy which determine what you can access and what you can't like the control panel. Rights determine what you can do, for example if you can access take ownership of files.
Groups
To make administration easier Windows has a number of default groups. These default groups have permissions, polices and rights assigned to them to make it easier to configure Windows. Some of these groups are.
Administrators\Have access to everything
Backup operators\Can read and restore files
Event log readers\Can read the event logs
Network configuration operators\Can make changes to network adapters
Remote Desktop Users\Allows a user to access the computer using remote desktop
Power Users\Legacy group for backwards compatibly to Windows XP
Users\General users group.
Guests\Basic user that when logs off, changes are lost
See itfreetraining or http://itfreetraining.com for are always free training videos. This is only one video from the many free courses available on YouTube.
13 سال پیش
در تاریخ 1390/08/05 منتشر شده
است.
43,308
بـار بازدید شده