Introducing Windows 2000 Security

[Previous] [Next]

The security provided by Windows 2000 is designed to meet the following requirements:

  • Each user must identify himself or herself when logging on.
  • The system must insulate objects assigned to processes. For example, memory used by a program must be made inaccessible to other programs, and programs must not be able to read data from deleted files.
  • The owner of a resource must be able to control access to that resource.
  • System administrators must be able to audit system events and restrict access to the event log.
  • The system must protect itself from external tampering.

One of the ways Windows 2000 meets these requirements is by assigning each user a security ID (SID). Your SID, a gigantic number guaranteed to be unique, follows you around wherever you go in Windows 2000. When you log on, the operating system first validates your user name and password. Then it creates a security access token. You can think of this as the electronic equivalent of an ID badge. It includes your name and SID, plus information about any user groups to which your account belongs. (User groups are described later in this chapter). Any program you start gets a copy of your security access token.

Whenever you attempt to walk through a controlled "door" in Windows 2000 (for example, when you connect to a shared printer), or any time a program attempts to do that on your behalf, the operating system examines your security access token and decides whether to let you pass. If access is permitted, you notice nothing. If access is denied, you see an unavailable menu or dialog-box control, or, in some cases, you get to hear a beep and read a noxious message.

In determining whom to pass and whom to block, Windows 2000 consults the resource's access control list (ACL). This is simply a list showing which SIDs have which kinds of access privileges. Every resource subject to access control has an ACL.



Running Microsoft Windows 2000 Professional
Running Microsoft Windows 2000 Professional
ISBN: 1572318384
EAN: 2147483647
Year: 2000
Pages: 317

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net