cn1260 client operating system n.
Skip this Video
Loading SlideShow in 5 Seconds..
CN1260 Client Operating System PowerPoint Presentation
Download Presentation
CN1260 Client Operating System

Loading in 2 Seconds...

play fullscreen
1 / 29

CN1260 Client Operating System - PowerPoint PPT Presentation

  • Uploaded on

CN1260 Client Operating System. Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS , MCDST, MCP, A+. Agenda. Chapter 3: Understanding Workgroups and Active Directory Quiz Exercise. Workgroup. A group of computer form into a peer-to-peer network.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

CN1260 Client Operating System

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cn1260 client operating system

CN1260 Client Operating System

Kemtis Kunanuraksapong

MSIS with Distinction


  • Chapter 3: Understanding Workgroups and Active Directory
  • Quiz
  • Exercise
  • A group of computer form into a peer-to-peer network.
    • User accounts are decentralized and stored on each individual computer
authentication and logins
Authentication and Logins
  • Authentication
    • The process of identifying an individual
    • Username and password
  • Authorization
    • The process of giving individuals access to system objects based on their identity
  • Auditing
    • The process of keeping track of a user’s activity while accessing the network resources
authentication methods
Authentication Methods
  • A user can authenticate using one or more of the following methods:
    • What they know
      • A password or Personal Identity Number (PIN).
    • What they own or possess
      • Such as a passport, smart card, or ID card
    • What a user is
      • Biometric factors based on fingerprints, retinal scans, voice input, or other forms
  • The most common method of authentication
  • A secret series of characters that enables a user to access a file, computer, or program
  • A complex or strong password
    • 6 or more characters long
    • Cannot contain the user’s account name or parts of the user’s full name
    • A mix of characters, upper and lower case, number, and non-alphanumeric characters
user account
User Account
  • Enables a user to log on to a computer and domain
  • Can be used for auditing
  • There are two types of user accounts:
    • The local user account
    • The domain user account
local user account
Local User Account
  • A local user account allows a user to log on and gain access to the computer where the account was created.
  • Security Account Manager (SAM) database
    • Located on the local computer
    • Stores the local user account
user accounts cont
User Accounts (Cont.)
  • Three groups of local user accounts:
    • Administrator
    • Standard
    • Guest
  • Creating and managing local user accounts:
    • User Accounts in the Control Panel
      • See Figure 3-1 on Page 57
    • Local Users and Groups MMC snap-in
      • See Figure 3-2 on Page 59
user profile
User Profile
  • A collection of folders and data that store the user’s current desktop environment and application settings, is associated with each user account
    • C:\Users folder
    • See Figure 3-3 on Page 60
credential manager
Credential Manager
  • Store credentials, such as usernames and passwords that you use to log on to websites or other computers, on a network
  • Credentials are saved in special folders on your computer called vaults.
active directory
Active Directory
  • A directory service stores, organizes, and provides access to information in a directory
  • It is used for locating, managing, administering, and organizing common items and network resources, such as volumes, folders, files, printers, users, groups, devices, telephone numbers, and other objects
active directory1
Active Directory
  • A technology created by Microsoft that provides a variety of network services, including:
    • Lightweight Directory Access Protocol (LDAP)
    • Kerberos-based and single sign-on (SSO) authentication
    • DNS-based naming and other network information
    • Central location for network administration and delegation of authority
  • A logical unit of computers and network resources that defines a security boundary
domain controller
Domain Controller
  • A Windows server that stores a replica of the account and security information of the domain and defines the domain boundaries
  • A server that is not running as a domain controller is known as a member server
active directory consoles
Active Directory Consoles
  • Several MMC snap-in consoles to manage Active Directory:
    • Active Directory Users and Computers
    • Active Directory Domains and Trusts
    • Active Directory Sites and Services
    • Active Directory Administrative Center
    • Group Policy Management Console (GPMC)
organizational units
Organizational Units
  • To help organize objects within a domain and minimize the number of domains, you can use organizational units, commonly seen as OU
  • OUs can be used to hold users, groups, computers, and other organizational units
  • An organizational unit can only contain objects that are located in a domain
delegating administration
Delegating Administration
  • You can assign a range of administrative tasks to the appropriate users and groups
active directory objects
Active Directory Objects
  • A distinct, named set of attributes or characteristics that represents a network resource
    • Computers, users, groups, and printers
  • A 128-bit unique number called a globally unique identifier (GUID) or security identifier (SID)
    • If a user changes his or her name, GUID remains the same
domain user
Domain User
  • A domain user account is stored on the domain controller and allows you to gain access to resources within the domain
  • See Figure 3-4 and 3-5 on Page 65
    • Domain user properties sheet
  • See Figure 3-6 on Page 66
    • Specify logon hours
computer account
Computer Account
  • For authenticating and auditing the computer’s access to a Windows network and its access to domain resources
  • A collection or list of user accounts or computer accounts
  • Group Types
    • Security group
    • Distribution group
  • Group scopes
    • Domain Local group
    • Global group
    • Universal group
group policies
Group Policies
  • Controls the working environment for user accounts and computer accounts
    • Provides the centralized management and configuration of operating systems, applications, and users’ settings in an Active Directory environment
  • Group policies can be set
    • Locally on the workstation
    • Domain Level
  • Group policies are applied in the following order:
    • Local -> Site -> Domain -> OU
rights and permissions
Rights and Permissions
  • A user right authorizes a user to perform certain actions on a computer such as logging on to a system interactively or backing up files and directories on a system
    • See Figure 3-8 on Page 71 for list of user’s rights
  • Permission defines the type of access that is granted to an object
    • Assigned permissions are NTFS files and folders, printers and Active Directory objects.
    • Access control list (ACL) which lists all users and groups that have access to the object.
account lockout policy
Account Lockout Policy
  • Specifies the number of unsuccessful logon attempts
    • To lock the account
    • Specifies the duration that the account remains locked
    • See Figure 3-9 on Page 72
password control
Password Control
  • Group policies can be used to control
    • How often a user changes a password
    • How long the password is
    • A complex password
    • See Figure 3-10 on Page 74
  • To help manage passwords
    • Computer Configuration\Windows Settings\ Security Settings\ Account Policies\Password Policy
  • Auditing is not enabled by default
  • To enable auditing, you specify what types of system events to audit using group policies or the local security policy
    • Security Settings\Local Policies\Audit Policy
    • See Figure 3-11 on Page 75
  • To audit NTFS files, NTFS folders, and printers is a two-step process
    • Enable Object Access using group policies
    • Specify which objects you want to audit
troubleshooting authentication issues
Troubleshooting Authentication Issues
  • The users forgot their password
  • Caps lock or num lock key on
  • Language defined and that the keyboard is operating fine
  • If the time is off, authentication can fail
  • If computer is not part of the domain or is not trusted, you will not be able to log in to the domain
  • Submit these before class over on Thursday
    • Fill in the blank
    • Multiple Choice
    • True / False
  • Submit these before class start on Monday
    • Lab 3