Chapter 12: Active Directory Security


Overview

  • Working with the ADSI Viewer Utility

  • Storing Information in Active Directory instead of the Registry

  • Using Domain Trust Relationships

  • Developing Active Directory Aware Applications

At one time, many companies avoided using Active Directory. The problem wasn’t one of security; rather, it was one of administration. Microsoft simply didn’t provide enough information about Active Directory to make it an attractive tool for network administrators or developers. However, as companies have learned more about Active Directory, the merits of storing information in it, rather than in the registry or other locations, have become apparent. Generally, Active Directory provides a more secure environment for data storage than any other location on your network. In addition, the centralized location means users can float between machines as needed to perform work without having to have duplicate settings on each machine.

Working with Active Directory is still a complex undertaking—as is working with any of the directory services. The hierarchical storage technique that Active Directory uses means you can’t rely on the orderly fields, rows, and tables of a relational database—you have to spend a little more time looking for what you need. In addition, there’s no guarantee that a specific item will appear in Active Directory, so you have to consider the null dataset. Active Directory is expandable—you can add new data elements as required, so it’s a perfect solution for many hardware, software, and user configuration setting needs.

Note

This chapter assumes that you already know how to manage and access Active Directory. You can learn more about working with Active Directory from Mastering Active Directory for Windows Server 2003 (Sybex, 2003) by Robert R. King.

This chapter discusses Active Directory from a security perspective. However, the chapter does include a few nontypical security topics. For example, many developers don’t really know how to use the ADSI Viewer—an essential tool for learning what your Active Directory setup actually includes. Knowing that you have specific resources is an important part of safeguarding them, so the chapter does discuss this utility. Once you get past access and discovery concerns, the chapter discusses .NET Framework–specific classes you can use to secure your installation. For example, you can deny access to Active Directory using the DirectoryServicesPermissionAttribute.




.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net