ALL >> System-Network-Administration >> View Article
Administering Active Directory Objects
Controlling Access to Active Directory Objects
Windows MCITP Exam uses an object-based security model to implement access control for all Active Directory objects. This security model is similar to the one used to imple?ment NTFS file system security. Every Active Directory object has a security descriptor that defines who has permission to gain access to the object and what type of access is allowed. Windows Server 2003 uses these security descriptors to control access to objects. This lesson explains how to set permissions for Active Directory objects.
After this lesson, you will be able to
View and assign standard permissions for an object
View, assign, and edit special permissions for an object
View effective permissions for an object
Set inheritance for a standard or a special permission
Remove a security principal and its permission
Remove special permissions for an object
Transfer ownership of an object
Understanding Access Control
To control access to Active Directory objects, you grant or deny permissions to ...
... security principals. A permission is the authority to perform an operation or a set of operations on an object and is granted or denied by the certification provider. A security principal is a user, group, computer, or service that is assigned a unique security identifier (SID). A SID uniquely identifies the user, group, computer, or service in the enterprise and is used to manage security principals. As an administrator, it is your responsibility to man?age permissions for security principals. Recall from the discussion in Chapter 8 that OUs are not security principals; therefore, you cannot assign access permissions to OUs. You can set access permissions only on drives formatted to use NTFS.
Off the Record Whoami is a command line utility that displays information about the cur?rently logged on user. You can use this utility to learn about a specific user account before you begin to troubleshoot a resource access problem. The Whoami /all command can be used to the view the SID, group memberships, and specific permissions of a user account. Whoami is included in Windows Server 2003. Although the utility is not available in the default installations of Windows 2000 or Microsoft Windows XF? you can install it from the free certification exam questions for each of those products.
Add Comment
System/Network Administration Articles
1. The Fiber Jumper Production Line: Streamlining The Manufacturing Of High-quality Fiber Optic CablesAuthor: Ryan
2. The Fiber Coupler Production Line: Enabling Efficient Signal Distribution In Fiber Optic Networks
Author: Ryan
3. Top 10 Cyber Threats Of 2026 And How To Prepare For Them
Author: securium Academy
4. Cloud Technology Solutions For Businesses: Improve Efficiency & Growth
Author: Venttech
5. Ethical Hacking Training Institute Building Future Ready Cybersecurity Experts
Author: Hanna Vahab
6. How Oscp Certification Opens Doors To Global Cybersecurity Roles?
Author: securium Academy
7. Fiber Optic Cable Production Line: The Backbone Of Modern Connectivity
Author: Ryan
8. Fiber Cable Production Line: Revolutionizing Connectivity
Author: Ryan
9. The Role Of Optical Waveguide Alignment Systems In Precision Optics And Telecommunications
Author: Ryan
10. When Every Access Decision Matters, How Smart Identity Can Make Hipaa Compliance A Reality
Author: Tushar Pansare
11. Fibre Optic Pigtail Cables: Designs, Connectors, And Use Cases
Author: Ryan
12. Exploring Optical Circulators: Categories, Functionality, And Benefits
Author: Ryan
13. Precision In Fiber Optics: Polarization Maintaining Axis And Fiber Rotation Systems
Author: Ryan
14. Fiber Optic Polishing Machines: Types, Applications, And When They Are Needed
Author: Ryan
15. Fiber Optic Pigtails: Types, Specifications, And Applications Explained
Author: Ryan