Chapter 3 -- Windows 2000 Security Overview

Microsoft Windows 2000 was designed as an extremely secure operating system and includes numerous security tools and technologies to aid in the development and deployment of secure solutions. It's important to understand these core security features so that you'll know how and why security solutions work and why they sometimes don't work. Each product that runs on the operating system can take advantage of these features.

In the following sections, as listed below, we'll give an overview of the security technologies implemented in Windows 2000 and explain the terminology related to each technology:

• Authenticated logon
• Authentication
• Privileges
• User accounts and groups
• Domains and workgroups
• DOMAIN/Account names and user principal names
• Managing accounts
• Security identifiers (SIDs)
• Tokens
• Access control lists (ACLs)
• Impersonation
• Delegation
• Miscellaneous Windows 2000 security features

However, before we get started, it's important to discuss the security implications of a significant technology included with Windows 2000: the Active Directory service. (For non-security-related information about the Active Directory, see this book's bibliography.)

What Is a Service?

Services are processes that start up when Windows 2000 starts up or on demand and that do not require any user interaction. Examples include Microsoft SQL Server, Internet Information Services (IIS), and the print spooler. You can look at the currently available services on your system by opening the Services tool.

One of the important new capabilities in Windows 2000 is the ability to perform a task in the event that a service fails:

1. Right-click the service in question (for example, the IIS Admin Service).
2. Choose Properties from the context menu.
3. Click the Recovery tab.
4. Look at the First Failure, Second Failure, and Subsequent Failures options.