Why This Chapter Matters | MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)

< Day Day Up >

In Chapter 1, you learned the importance of authentication: validating a user’s identity. In this chapter, you will learn about authorization. Authorization is the process of determining whether a user, after they have been validated, really should have access to do what they’ve requested. It’s authorization that distinguishes between guests, regular users, and administrators.

While Microsoft Windows Server 2003 makes it simple to assign rights to individual users, such an authorization strategy would become impossible to manage in a large enterprise. You must learn to use groups to simplify access management. Windows Server 2003 provides a flexible, but not obvious, group structure that must be studied to be used effectively.

One of the challenges of managing authorization is limiting users to the rights they need to complete their assignments, without granting them excessive privileges. The more tightly you control authorization to network resources, the more time you will spend troubleshooting user rights. For example, it is common for users to be denied access to a network resource they really should be able to use. As the administrator, you must be able to identify the cause of their access denial and determine the best way to resolve the problem.

This chapter introduces you to authorization as a concept. You will learn how Windows Server 2003 implements access control and how to effectively manage assigning rights to users and groups. When you have completed the chapter, you will know exactly how to isolate and resolve problems relating to overly restrictive privileges.

Before You Begin

This chapter presents the skills and concepts that are required to configure security templates, deploy them across your network, and troubleshoot problems related to Group Policy. If you fulfilled the requirements for previous chapters, then you already have the necessary hardware and software configured. You can use the computers in the state they were in after completing the previous chapter, or your can install the software from scratch. To do the practices, examples, and lab exercises in this chapter, you must have:

A private non-routed network.
One computer. On the computer, perform a Windows Server 2003 installation with default settings, and assign the computer name Computer1. Add the domain controller role to Computer1, using the default settings, and assign the domain name cohowinery.com. The computer should be configured to use itself as its own primary Domain Name System (DNS) server.

< Day Day Up >