SlideShare a Scribd company logo

Network Implementation and Support Lesson 03 User Accounts - Eric Vanderburg

Download as PPT, PDF
Eric Vanderburg
Eric Vanderburg

Network Implementation and Support Lesson 03 User Accounts - Eric Vanderburg

Technology
1 of 19
Network Implementation & Support Chapter 3 User Accounts Eric Vanderburg © 2006
User Accounts • • • • • • • Used for assigning permissions Customizing environment & settings Tracking usage Should adhere to naming conventions Strong passwords One for each person Two for administrators Eric Vanderburg © 2006
Adding & Changing accounts • Active Directory Users & Computers – Create users & groups – Disable accounts – Change account properties – Change group membership Eric Vanderburg © 2006
Property Tabs • General – personal info • Address – more personal info • Account – logon name, domain, expiration date, hours, computer to login from • Profile – scripts, shared home folders • Telephones • Organization – Title, dept, company, manager Eric Vanderburg © 2006
Property Tabs • Member Of – groups • Dial-in – VPN & Dialup permissions • Environment – terminal services programs to run at startup • Sessions – terminal services drop times, reconnection times • Remote Control – view options for terminal services sessions • Terminal Services Profile • COM+ - allows app filtering by setting a COM+ partition for the user. Eric Vanderburg © 2006
Authentication • Verify identity • Submit credentials – Username/Password – SmartCard – Biometrics • Interactive Authentication – Use the logon screen • Network Authentication – Takes place when network resources are accessed. Eric Vanderburg © 2006
Kerberos • Authentication Method (Win2k &2k3 default) • Based on RFC 1510 • Uses Kerberos version 5 Eric Vanderburg © 2006
Kerberos Components • KDC (Key Distribution Center) – AS (Authentication Service) • Verifies identity through AD • Gives TGT (Ticket Granting Ticket) which gives access to certain resources – TGS (Ticket-Granting Service) • Verifies TGT • Creates a service ticket & session key for a resource based on TGT. Client can present the service ticket to another server to access it’s content. NOTE: Servers have tickets too. • Only services it’s own domain. Must refer to another TGS for interdomain resource access (gives referral ticket) • Server with the desired resource • Client Eric Vanderburg © 2006
Kerberos • Delegation with Forwarding and Proxy - For a server such as a database server to access resources on your behalf. (given proxy or forwarding ticket) • NTP (Network Time Protocol) is used to synchronize time between machines. Keys are based on system time so all must be the same. • Replaces NTLM (NT LAN Manager) & NTLMv2 – still used with pre 2k clients – Challenge – 16 bit random number (seeds the hash) – Hashes password – Hashes are compared Eric Vanderburg © 2006
Profiles • Local Profiles • Roaming Profiles • Mandatory Profiles – Change ntuser.dat to ntuser.man • Default Profile – for new accounts • All Users Profile – for existing accounts • Profile properties – System Properties  User Profiles  Settings Eric Vanderburg © 2006
Profile Folder • • • • • • • • • • • Application Data Cookies Desktop Favorites Local Settings – app data, history, temp My Recent Documents NetHood – My Network Places PrintHood – Printers Folder SendTo – program shell registrations Start Menu – shortcuts Templates Eric Vanderburg © 2006
User Template • Configure with common settings • Copy when new users are added • Disable the template! Eric Vanderburg © 2006
Command Line • Dsadd – create users – Dsadd user “cn=Eric Vanderburg, ou=faculty, dc=RemingtonCollege, dc=edu” –pwd password – memberof administrators –email evanderburg@gmail.com –disabled no • Dsmod – change properties & settings – Dsmod user “cn=Eric Vanderburg, ou=faculty, dc=RemingtonCollege, dc=edu” –phone “440-3762398” • Dsquery – Search – Dsquery user “dc=RemingtonCollege, dc=edu” Eric Vanderburg © 2006
Command Line • Dsmove – change location – Dsmove “current ldap location” –newparent “new ldap location” • Dsrm – delete users, groups – Dsrm “ldap location” –noprompt – Dsrm –subtree -c “ldap location” –noprompt • Dsget user “ldap” -memberof – Find groups user belongs to Eric Vanderburg © 2006
Command Line • CSVDE – export AD info to CSV file • LDIFDE – export AD info to LDIF (LDAP Interchange Format) file • Redirection – Send data out > – append >> – Bring data in < – Make output input cmd1 | cmd2 (ex: | more) Eric Vanderburg © 2006
Account Policies • • • • Right click on an object (SDOU) Select Properties  Group Policy You will see the object link, click edit Under Computer  Windows  Security  Account Policies Eric Vanderburg © 2006
Account Policies • Password Policies (History, Age, Length, Complexity, Encryption) • Account Lockout – Duration – length of lockout – Threshold – how many bad passwords locks out – Reset Counter - grace period • Kerberos Policy – – – – Enforce Logon Restrictions – check logon every time Service ticket max lifetime User ticket max lifetime – TGT life Tolerance of computer clock sync Eric Vanderburg © 2006
Auditing • Audit account logon events • Computer  Windows  Security  Local Policies  Audit Policy  Audit Account Logon events Eric Vanderburg © 2006
Acronyms • • • • KDC, Key Distribution Center NTLM, NT LAN Manager TGT, Ticket Granting Ticket TGS, Ticket Granting Service Eric Vanderburg © 2006

Recommended

IBM Spectrum scale object deep dive training
IBM Spectrum scale object deep dive trainingIBM Spectrum scale object deep dive training
IBM Spectrum scale object deep dive training
Smita Raut
 
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive
Smita Raut
 
DC
DCDC
DC
swapnil dakhore
 
MCSA 70-412 Chapter 07
MCSA 70-412 Chapter 07 MCSA 70-412 Chapter 07
MCSA 70-412 Chapter 07
Computer Networking
 
Failover cluster
Failover clusterFailover cluster
Failover cluster
Chinmoy Jena
 
200308 Active Directory Security
200308 Active Directory Security200308 Active Directory Security
200308 Active Directory Security
Armando Leon
 
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
LDAPCon
 
Network Implementation and Support Lesson 04 Group and Computer Accounts - ...
Network Implementation and Support Lesson 04 Group and Computer Accounts - ...Network Implementation and Support Lesson 04 Group and Computer Accounts - ...
Network Implementation and Support Lesson 04 Group and Computer Accounts - ...
Eric Vanderburg
 

Recommended

IBM Spectrum scale object deep dive training
IBM Spectrum scale object deep dive trainingIBM Spectrum scale object deep dive training
IBM Spectrum scale object deep dive training
Smita Raut
 
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive
Smita Raut
 
DC
DCDC
DC
swapnil dakhore
 
MCSA 70-412 Chapter 07
MCSA 70-412 Chapter 07 MCSA 70-412 Chapter 07
MCSA 70-412 Chapter 07
Computer Networking
 
Failover cluster
Failover clusterFailover cluster
Failover cluster
Chinmoy Jena
 
200308 Active Directory Security
200308 Active Directory Security200308 Active Directory Security
200308 Active Directory Security
Armando Leon
 
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
LDAPCon
 
Network Implementation and Support Lesson 04 Group and Computer Accounts - ...
Network Implementation and Support Lesson 04 Group and Computer Accounts - ...Network Implementation and Support Lesson 04 Group and Computer Accounts - ...
Network Implementation and Support Lesson 04 Group and Computer Accounts - ...
Eric Vanderburg
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScale
MariaDB plc
 
Windows Azure Storage – Architecture View
Windows Azure Storage – Architecture ViewWindows Azure Storage – Architecture View
Windows Azure Storage – Architecture View
Chaowlert Chaisrichalermpol
 
The Microsoft Cloud Partner
The Microsoft Cloud PartnerThe Microsoft Cloud Partner
The Microsoft Cloud Partner
Neethu Kuruvilla
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
MariaDB plc
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloud
LDAPCon
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPA
LDAPCon
 
Monitoring active-directory
Monitoring active-directoryMonitoring active-directory
Monitoring active-directory
Prince JabaKumar
 
Mini training - Introduction to Microsoft Azure Storage
Mini training - Introduction to Microsoft Azure StorageMini training - Introduction to Microsoft Azure Storage
Mini training - Introduction to Microsoft Azure Storage
Betclic Everest Group Tech Team
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
Nishad Sukumaran
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People
SPC Adriatics
 
Network Implementation and Support Lesson 10 Server Administration - Eric V...
Network Implementation and Support Lesson 10 Server Administration - Eric V...Network Implementation and Support Lesson 10 Server Administration - Eric V...
Network Implementation and Support Lesson 10 Server Administration - Eric V...
Eric Vanderburg
 
Null talk
Null talkNull talk
Null talk
Agam Jain
 
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric VanderburgNetworking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Eric Vanderburg
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
achutachut
 
Network servers
Network serversNetwork servers
Network servers
Online
 
Apache zookeeper seminar_trinh_viet_dung_03_2016
Apache zookeeper seminar_trinh_viet_dung_03_2016Apache zookeeper seminar_trinh_viet_dung_03_2016
Apache zookeeper seminar_trinh_viet_dung_03_2016
Viet-Dung TRINH
 
Apache Zookeeper
Apache ZookeeperApache Zookeeper
Apache Zookeeper
Nguyen Quang
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
Chiradeep Vittal
 
LDAP Integration
LDAP IntegrationLDAP Integration
LDAP Integration
Dell World
 
Make your first CloudStack Cloud successful
Make your first CloudStack Cloud successfulMake your first CloudStack Cloud successful
Make your first CloudStack Cloud successful
Tim Mackey
 
CREATING AND MANAGING USER ACCOUNTS.pdf
CREATING AND MANAGING USER ACCOUNTS.pdfCREATING AND MANAGING USER ACCOUNTS.pdf
CREATING AND MANAGING USER ACCOUNTS.pdf
SolomonAnab1
 
Opal: Simple Web Services Wrappers for Scientific Applications
Opal: Simple Web Services Wrappers for Scientific ApplicationsOpal: Simple Web Services Wrappers for Scientific Applications
Opal: Simple Web Services Wrappers for Scientific Applications
Sriram Krishnan
 

More Related Content

What's hot

How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloud
LDAPCon
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPA
LDAPCon
 

What's hot (9)

How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScale
 
Windows Azure Storage – Architecture View
Windows Azure Storage – Architecture ViewWindows Azure Storage – Architecture View
Windows Azure Storage – Architecture View
 
The Microsoft Cloud Partner
The Microsoft Cloud PartnerThe Microsoft Cloud Partner
The Microsoft Cloud Partner
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloud
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPA
 
Monitoring active-directory
Monitoring active-directoryMonitoring active-directory
Monitoring active-directory
 
Mini training - Introduction to Microsoft Azure Storage
Mini training - Introduction to Microsoft Azure StorageMini training - Introduction to Microsoft Azure Storage
Mini training - Introduction to Microsoft Azure Storage
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
 

Similar to Network Implementation and Support Lesson 03 User Accounts - Eric Vanderburg

CREATING AND MANAGING USER ACCOUNTS.pdf
CREATING AND MANAGING USER ACCOUNTS.pdfCREATING AND MANAGING USER ACCOUNTS.pdf
CREATING AND MANAGING USER ACCOUNTS.pdf
SolomonAnab1
 
Opal: Simple Web Services Wrappers for Scientific Applications
Opal: Simple Web Services Wrappers for Scientific ApplicationsOpal: Simple Web Services Wrappers for Scientific Applications
Opal: Simple Web Services Wrappers for Scientific Applications
Sriram Krishnan
 
eMagic- Complete Data Center Management
eMagic- Complete Data Center ManagementeMagic- Complete Data Center Management
eMagic- Complete Data Center Management
Manisha Daulatani
 
Chapter08 -- network operating systems and windows server 2003-based networking
Chapter08 -- network operating systems and windows server 2003-based networkingChapter08 -- network operating systems and windows server 2003-based networking
Chapter08 -- network operating systems and windows server 2003-based networking
Raja Waseem Akhtar
 

Similar to Network Implementation and Support Lesson 03 User Accounts - Eric Vanderburg (20)

Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People
 
Network Implementation and Support Lesson 10 Server Administration - Eric V...
Network Implementation and Support Lesson 10 Server Administration - Eric V...Network Implementation and Support Lesson 10 Server Administration - Eric V...
Network Implementation and Support Lesson 10 Server Administration - Eric V...
 
Null talk
Null talkNull talk
Null talk
 
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric VanderburgNetworking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
 
Network servers
Network serversNetwork servers
Network servers
 
Apache zookeeper seminar_trinh_viet_dung_03_2016
Apache zookeeper seminar_trinh_viet_dung_03_2016Apache zookeeper seminar_trinh_viet_dung_03_2016
Apache zookeeper seminar_trinh_viet_dung_03_2016
 
Apache Zookeeper
Apache ZookeeperApache Zookeeper
Apache Zookeeper
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
 
LDAP Integration
LDAP IntegrationLDAP Integration
LDAP Integration
 
Make your first CloudStack Cloud successful
Make your first CloudStack Cloud successfulMake your first CloudStack Cloud successful
Make your first CloudStack Cloud successful
 
CREATING AND MANAGING USER ACCOUNTS.pdf
CREATING AND MANAGING USER ACCOUNTS.pdfCREATING AND MANAGING USER ACCOUNTS.pdf
CREATING AND MANAGING USER ACCOUNTS.pdf
 
Opal: Simple Web Services Wrappers for Scientific Applications
Opal: Simple Web Services Wrappers for Scientific ApplicationsOpal: Simple Web Services Wrappers for Scientific Applications
Opal: Simple Web Services Wrappers for Scientific Applications
 
Security tools
Security toolsSecurity tools
Security tools
 
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
 
Active directoryfinal
Active directoryfinalActive directoryfinal
Active directoryfinal
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
 
eMagic- Complete Data Center Management
eMagic- Complete Data Center ManagementeMagic- Complete Data Center Management
eMagic- Complete Data Center Management
 
Chapter08 -- network operating systems and windows server 2003-based networking
Chapter08 -- network operating systems and windows server 2003-based networkingChapter08 -- network operating systems and windows server 2003-based networking
Chapter08 -- network operating systems and windows server 2003-based networking
 
SafeDNS filtering solutions for ISPs & Telecom
SafeDNS filtering solutions for ISPs & TelecomSafeDNS filtering solutions for ISPs & Telecom
SafeDNS filtering solutions for ISPs & Telecom
 

More from Eric Vanderburg

Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 

More from Eric Vanderburg (20)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Network Implementation and Support Lesson 03 User Accounts - Eric Vanderburg

  • 1. Network Implementation & Support Chapter 3 User Accounts Eric Vanderburg © 2006
  • 2. User Accounts • • • • • • • Used for assigning permissions Customizing environment & settings Tracking usage Should adhere to naming conventions Strong passwords One for each person Two for administrators Eric Vanderburg © 2006
  • 3. Adding & Changing accounts • Active Directory Users & Computers – Create users & groups – Disable accounts – Change account properties – Change group membership Eric Vanderburg © 2006
  • 4. Property Tabs • General – personal info • Address – more personal info • Account – logon name, domain, expiration date, hours, computer to login from • Profile – scripts, shared home folders • Telephones • Organization – Title, dept, company, manager Eric Vanderburg © 2006
  • 5. Property Tabs • Member Of – groups • Dial-in – VPN & Dialup permissions • Environment – terminal services programs to run at startup • Sessions – terminal services drop times, reconnection times • Remote Control – view options for terminal services sessions • Terminal Services Profile • COM+ - allows app filtering by setting a COM+ partition for the user. Eric Vanderburg © 2006
  • 6. Authentication • Verify identity • Submit credentials – Username/Password – SmartCard – Biometrics • Interactive Authentication – Use the logon screen • Network Authentication – Takes place when network resources are accessed. Eric Vanderburg © 2006
  • 7. Kerberos • Authentication Method (Win2k &2k3 default) • Based on RFC 1510 • Uses Kerberos version 5 Eric Vanderburg © 2006
  • 8. Kerberos Components • KDC (Key Distribution Center) – AS (Authentication Service) • Verifies identity through AD • Gives TGT (Ticket Granting Ticket) which gives access to certain resources – TGS (Ticket-Granting Service) • Verifies TGT • Creates a service ticket & session key for a resource based on TGT. Client can present the service ticket to another server to access it’s content. NOTE: Servers have tickets too. • Only services it’s own domain. Must refer to another TGS for interdomain resource access (gives referral ticket) • Server with the desired resource • Client Eric Vanderburg © 2006
  • 9. Kerberos • Delegation with Forwarding and Proxy - For a server such as a database server to access resources on your behalf. (given proxy or forwarding ticket) • NTP (Network Time Protocol) is used to synchronize time between machines. Keys are based on system time so all must be the same. • Replaces NTLM (NT LAN Manager) & NTLMv2 – still used with pre 2k clients – Challenge – 16 bit random number (seeds the hash) – Hashes password – Hashes are compared Eric Vanderburg © 2006
  • 10. Profiles • Local Profiles • Roaming Profiles • Mandatory Profiles – Change ntuser.dat to ntuser.man • Default Profile – for new accounts • All Users Profile – for existing accounts • Profile properties – System Properties  User Profiles  Settings Eric Vanderburg © 2006
  • 11. Profile Folder • • • • • • • • • • • Application Data Cookies Desktop Favorites Local Settings – app data, history, temp My Recent Documents NetHood – My Network Places PrintHood – Printers Folder SendTo – program shell registrations Start Menu – shortcuts Templates Eric Vanderburg © 2006
  • 12. User Template • Configure with common settings • Copy when new users are added • Disable the template! Eric Vanderburg © 2006
  • 13. Command Line • Dsadd – create users – Dsadd user “cn=Eric Vanderburg, ou=faculty, dc=RemingtonCollege, dc=edu” –pwd password – memberof administrators –email evanderburg@gmail.com –disabled no • Dsmod – change properties & settings – Dsmod user “cn=Eric Vanderburg, ou=faculty, dc=RemingtonCollege, dc=edu” –phone “440-3762398” • Dsquery – Search – Dsquery user “dc=RemingtonCollege, dc=edu” Eric Vanderburg © 2006
  • 14. Command Line • Dsmove – change location – Dsmove “current ldap location” –newparent “new ldap location” • Dsrm – delete users, groups – Dsrm “ldap location” –noprompt – Dsrm –subtree -c “ldap location” –noprompt • Dsget user “ldap” -memberof – Find groups user belongs to Eric Vanderburg © 2006
  • 15. Command Line • CSVDE – export AD info to CSV file • LDIFDE – export AD info to LDIF (LDAP Interchange Format) file • Redirection – Send data out > – append >> – Bring data in < – Make output input cmd1 | cmd2 (ex: | more) Eric Vanderburg © 2006
  • 16. Account Policies • • • • Right click on an object (SDOU) Select Properties  Group Policy You will see the object link, click edit Under Computer  Windows  Security  Account Policies Eric Vanderburg © 2006
  • 17. Account Policies • Password Policies (History, Age, Length, Complexity, Encryption) • Account Lockout – Duration – length of lockout – Threshold – how many bad passwords locks out – Reset Counter - grace period • Kerberos Policy – – – – Enforce Logon Restrictions – check logon every time Service ticket max lifetime User ticket max lifetime – TGT life Tolerance of computer clock sync Eric Vanderburg © 2006
  • 18. Auditing • Audit account logon events • Computer  Windows  Security  Local Policies  Audit Policy  Audit Account Logon events Eric Vanderburg © 2006
  • 19. Acronyms • • • • KDC, Key Distribution Center NTLM, NT LAN Manager TGT, Ticket Granting Ticket TGS, Ticket Granting Service Eric Vanderburg © 2006