|
 |
Philadelphia Computer Tech Support
|
 |
|
01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 -
11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 -
It is possible to specify the use of DES encryption or no requirement for Kerberos preauthentication, along
with other security criteria for this user account, simply by clicking on a check box. The same is true of
trusting the account for delegation or prohibiting the account from being delegated. Other options that can be
selected here (not shown in the figure, but available by scrolling up the list) include:
• Requirement that the user change the password at next logon
• Prohibition on the user’s changing the password
• Specification that the password is never to expire
• Specification that the password is to be stored using reversible encryption
Some of the settings in the user account properties sheet (such as password expiration properties and logon
hours) could be set in NT through the User Manager for Domains. Others are new to Windows 2000.
Managing Security via Group Memberships
In most cases, in a Windows domain, access to resources is assigned to groups, and then user accounts are
placed into those groups. This makes access permissions much easier to handle, especially in a large and
constantly changing network.
Assigning and maintaining group memberships is another important aspect of user account management, and
Active Directory makes this easy as well. Group memberships are managed through another tab on the
property sheet, the Member of tab (see Figure 4.5).
Figure 4.5 Security can be managed through group membership assignments.
As the figure shows, you can add or remove the groups associated with this user’s account with the click of a
mouse.
01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 -
11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 -
|
|
|
|
|
|
|
|
 | |
 |
|
|