Machine passwords, 60
automatic changing, 60
update registry hacks, 61
Machine startup, 112–14
authentication in, 112–14
illustrated, 112
SNTP operation, 194
Maintaining PKIs, 632–40
CA auditing, 637–40
CA backup/restore, 632–35
CA rollover, 635–37
See also Public key infrastructure
Malicious mobile code (MMC) protection, 393–416
architecture, 393–94
architecture illustration, 394
software protection policies, 394–400
Malicious mobile code (MMC) threats, 393, 394
Mandatory access control (MAC) model, 418
Many-to-one certificate mapping, 230
Master keys
defined, 144
limiting use of, 147–50
mapping, to PKINIT, 189
use of, 147
See also Kerberos; Session keys
Maximum Transmission Unit (MTU), 192
MaxTokenSize parameter, 182–83
Meshed trust model, 500–501
defined, 500
illustrated, 501
See also Networked trust model
Metabase-based mapping, 230
Metaverse, 23
Microsoft Audit Collection System (MACS), 719–20
Microsoft Baseline Security Analyzer (MBSA), 53–54, 702–3
command-line, 705
defined, 702
illustrated, 703
running, 702
with SMS SUS Feature Pack, 706
SUS integration, 705
Microsoft Identity Integration Server 2003 (MIIS), 22–23
architecture, 23
reduced functionality version, 23
Microsoft Management Console (MMC), 406
Microsoft Metadirectory Services (MMS), 22
Microsoft Operations Manager (MOM), 24, 720
Microsoft Provisioning System (MPS), 25–26
architecture, 26
defined, 25
Microsoft Rights Management (RMS), 428
certificates, 434
client-side component, 432–33
components, 432–34
customer server-side component, 432
enrollment, 439–40
exclusion lists, 435
information flow, 435–39
information flow illustration, 437
licenses, 435
lockboxes, 434
Microsoft server-side component, 432
objects, 434–35
objects list, 436
revocation lists, 435
RMS client SDK, 434
RMS-enabled applications, 433
server setup, 439
server software, 428
setup, 439–40
XrML and, 430–32
Microsoft Systems Management Server (SMS), 24–25
architecture, 25
defined, 24–25
Multifactor authentication, 103–4
Multiple CAs, 496–97
Multiple domain logon, 156–63
behind the scenes, 161–63
local process, 156–57
network process, 158–59
revisited, 162
shortcut trusts and, 159–60
See also Kerberos
Multiple forest logon, 163–64
authentication requests, 163–64
defined, 163
flow, 164
See also Kerberos
Mutual authentication, 135
Mytoken.exe, 199