Security and Windows Server 2003

Microsoft Windows Server 2003 provides many security features to protect data on your network. We looked at share and NTFS permissions in this chapter. Using user groups to provide different access levels to network shares is discussed as part of the security overview that is provided in Chapter 20, "A Network Security Primer".

Windows Server 2003 provides a tool named the Group Policy snap-in that allows you to control a number of security features, including strong password protection and Kerberos Authentication. The Kerberos protocol (which supplies Kerberos Authentication) uses a system of tickets to authenticate users logging on and requesting services on the .NET network. Each domain controller in the Windows Server 2003 domain acts as a key distribution center. When the user logs on they are provided a ticket-granting ticket by the domain controller that authenticates their client account.

Note

graphics/nman.gif

The Kerberos protocol is named after the threeheaded dog (Kerberos) that guards the entrance to Hades.


When the client wishes to access a particular resource on the network, such as a file server, the client presents its ticket-granting ticket to a key distribution center (any of the domain controllers) and requests that it be provided a ticket-granting service ticket to access a particular resource.

Once the ticket-granting service ticket has been provided to the client by the key distribution center, the client supplies the ticket-granting service ticket to the resource server it wishes to access. The resource server then grants access to the resource. All of this ticket action, of course, is at the machine level and is not something that users or administrators will actually see taking place.

Group Policy is definitely an advanced feature of Windows Server 2003 and teaching you all the ins and outs of Group Policy is beyond the purpose of this book; however, I mention it to let you know that all the network operating systems that you work with (including Windows Server 2003) have been strengthened over the years to provide protection against network hackers and attacks.

The Group Policy feature secures a particular property using a policy. For example, if the strong password policy is enabled, passwords must meet the following minimum requirements:

  • Cannot contain the login name or a part of the login name .

  • Must be at least six characters .

  • Must contain characters from at least three character groups: English uppercase, English lowercase, numeric (09), and nonalphanumeric characters (such as %, $, and so on)

All the Group Policy settings for a domain can be viewed using Group Policy Management, which is shown in Figure 9.12. Individual policy objects such as the password policy have been discussed in this section.

Figure 9.12. Group Policy Management allows you to view the policies affecting domain security and other features.

graphics/09fig12.jpg

To actually edit the policies for the domain (such as the strong password policy), you right-click on the Domain policy in Group Policy Management and then select edit.

Figure 9.13 shows the Group Policy Object Editor. It would be used to enable the password policy. This would affect all the computers in the domain since it is a domain policy.

Figure 9.13. The Group Policy Object Editor allows you to enable policies that affect network computers.

graphics/09fig13.gif

Administering a network operating system such as Windows Server 2003 requires an understanding of all the tools and features provided by the NOS. Being able to configure group policies is as important as being able to add users and configure file and print servers. A good way to learn a particular NOS is to set up a test network that allows you to configure servers so that the mistakes and changes that you make while learning don't actually affect a production network. Another good way to learn about a particular network operating system is to pursue a certification for that NOS.

The Absolute Minimum

In this chapter we took a look at some of the basics related to installing Windows Server 2003 on a network server. We also looked at sharing folders and printers on the network. Advanced security settings controlled by Group Policy were also discussed.

  • Microsoft Windows server embraces a hierarchy with the domain as the basic networking unit.

  • A collection of Windows domains is referred to as a tree. All the domains in the tree have transitive trusts with the other domains in the tree.

  • A group of domain trees is referred to as a forest.

  • To install Windows Server 2003 on a computer, the computer must have the basic hardware configuration suitable for the NOS and must also have hardware that is compatible with the NOS.

  • Windows Server 2003 can be installed on a computer that does not currently have an operating system and it can also be used to upgrade previous versions of the Windows server NOS.

  • A Windows server can be configured for a number of different roles, such as a domain controller, file server, and print server.

  • The Manage Your Server window provides easy access to the Configure Your Server Wizard, which can be used to configure different roles on a Windows server.

  • Active Directory is installed on a server to make it a domain controller. A number of Active Directory tools are used to manage Active Directory objects. The Active Directory Users and Computers snap-in is used to add users to the domain.

  • Windows servers can act as file servers. You create shares on the network and then can determine the share permissions related to that share and user access.

  • NTFS permissions can be used to secure shares and files on NTFS drives .

  • Print servers provide users on the network with access to printers on the network. A print server can be configured using the Configure Your Server Wizard.

  • Windows Server 2003 offers advanced security features through Group Policy. The Group Policy Management tool provides access to the Group Policy for a Windows domain.



Absolute Beginner's Guide to Networking
Absolute Beginners Guide to Networking (4th Edition)
ISBN: 0789729113
EAN: 2147483647
Year: 2002
Pages: 188
Authors: Joe Habraken

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net