Implement,
configure, and manage, local user
authentication.
Authentication
Successful user authentication in a Windows
2000 computing environment consists of two
separate processes: interactive logon, which
confirms the user's identification to either
a domain account or a local computer, and
network authentication, which confirms the
user's identification to any network service
that the user attempts to access.
Some types of authentication that Windows
2000 supports are:
-
Kerberos V5 is used with either a
password or a smart card for interactive
logon. It is also the default method of
network authentication for services.The
Kerberos V5 protocol verifies both the
identity of the user and network
services.
-
Secure Socket Layer/Transport Layer
Security (SSL/TLS)
authentication, is used when a user
attempts to access a secure Web server.
Implement,
configure, and manage, a security
configuration.
Security settings
include Security Policies (account and local
policies), access control (services, files,
registry), event log, group membership
(restricted groups), Internet Protocol
security Security policies, and Public Key
policies.
Security templates
are a physical representation of a security
configuration: a file where a group of
security settings may be stored. Windows
2000 includes a set of security templates,
each based on the role of a computer: from
security settings for low security domain
clients to highly secure domain controllers.
These templates can be used as provided,
modified, or serve as a basis for creating
custom security templates.
Security configuration tools
To define and use security templates,
administrators use the Security Templates
snap-in. To configure and analyze security
locally, administrators use the Security
Configuration and Analysis snap-in. To
configure security centrally in Active
Directory, administrators use the Group
Policy snap-in. |