Prior to Active Directory (AD) there was not a single mechanism to differentiate between Administrator and the user. Now, the AD has become a full-fledged mechanism for network management, computer accounts management, security management, group management, user management, etc. operations. The user management process of AD is actually the management of user accounts, computer accounts, security principals and group policies. It includes the following points:
User Accounts: By allocating the user accounts a User Manager authorizes users to enter a domain. Then, an identity is provided to the users for accessing the network resources. These user accounts are necessary for accessing the applications and resources.
Computer Accounts: The computer accounts are actually permissions to computers for accessing the network and domain resources. For using the network each computer must have a computer account.
Security Principals: The aggregate of AD users, computers and domains are called as security principals. The AD elements with security principles alone can access the network. These principles help in creating trust relationships and granting authorizations.
Group Policies: The group policies can be assigned with the help of OUs organizational units (OUs), domains and sites. These policies help in framing security options, maneuvering applications, managing desktop appearances, delegating scripts, and transferring folders. The group policies also help in defining password policies, implementing logon and logoff scripts and specifying applications for different users.
The User Manager can use the following concepts for defining the IT policies:
User Rights: The rights provided to users and groups are called as the user rights. The user rights can be further subdivided into privileges and logon rights
Access Control Permissions: The Access control permissions can be differently provided to every element and object.
Access Token: A user gets the access token every time he logs on the system. It contains the elements like Individual SID, Group SIDs and User Rights.
Security Identifier (SID): The security identifier is a unique code that distinguishes particular system, user and group on a network from others. The SID and Access token together assure the security of entire network.
Access Control List (ACL): Every AD element haves two types of ACLs, the DACL (Discretionary Access Control List) and SACL (The System Access Control List). The DACL is the list of user groups and accounts which have been permitted on the network. Whereas, SACL is the list of every event related to the accounts and groups.
Access Control Entry (ACE): In simple terms, the ACEs are authentication reports (on authentication provided & denied) listed in DACL or SACL. The different authentications can be read access, write access, no access, etc.
In a big organization, the User Manager can find huge roadblocks before him in performing the user, group, computer and security and Network Management operations. He can simplify his difficult tasks with the Lepide Active Directory Management and Reporting. It is a single platform from where the user, group and computer management operations can be executed.
The Author is a Chief Technical Officer with nearly 2 decades of experience. He has discussed about the role of User Manager in this article which includes the operations like user account management, computer accounts management, group policy management and Network Management.
No comments:
Post a Comment