[ Pobierz całość w formacie PDF ]
.For example, you could auditeach failed user logon attempt.User rights assignments are of special interest since thispolicy affects the rights you can assign to a user (the access token).The securityoptions policy contains the elements that determine how the security system will reactgiven a particular set of circumstances.For example, one policy will log a user off whentheir usage hours expire.Event Log Defines how the event log stores data and for how long.These policiesalso determine maximum event log size and event log viewing rights.Restricted Groups Defines groups that can t access the workstation or server at all orrestricts the amount of access they can obtain.System Services Displays a list of the system services on the target machine.Double-clicking a service displays a dialog that allows you to set the policy for that service andto adjust the startup mode for the service.Normally, you ll leave the icons in this policyalone.However, you can safely change any system service DLLs you create.Registry Contains all of the major registry hives.Double-clicking a branch displays adialog you use to set the security for that branch.In addition, you can choose themethod of security inheritance by children of this branch.File System Contains protected file system entries.You can add new files to the list ormodify exiting entries.Double-clicking a file system entry displays a dialog you use toset the security level for that file system member.In addition, you can choose themethod of security inheritance by children of this file system entity (applies only tofolders).Active Directory Objects Allows you to edit the security settings for any ActiveDirectory objects, including users and groups.This entry is available only if you haveActive Directory enabled (which means you must have a domain controller set up).BrowserYou can learn more about the Security Configuration Tool Set atAlerthttp://www.microsoft.com/WINDOWS2000/techinfo/planning/security/secconfsteps.asp.This site provides step-by-step usage instructions and provides you with links torelated sites.You ll also learn about updates on this site an important consideration in aworld where security changes on a daily basis.Working with Windows LogonMost people take the logon dialog for granted.It becomes almost second nature to type aname and password when you first start the system.Familiarity with the Windows logondialog creates problems for network administrators.For one thing, passwords aren t exactlysecure.Just about every company has one or more users who record their password, thenleave the password where anyone can see it.At the same time that users are getting lax, crackers are getting more proficient at barrelingtheir way past firewalls and other forms of protection on the network.As a result, break-insare becoming more common common enough, in fact, that even the FBI experienced asecurity problem on its Web server.With this in mind, Microsoft provides four technologiesthat a developer can use to enhance both workstation and server security on a network.Thefollowing list provides an overview of all four technologies.Password Filters Allows password policy enforcement and password notification.Winlogon User Interface Provides interactive logon support.Network Provider API Allows communication between the Multiple Provider Router(MPR) and the network providers.Local Security Authority (LSA) Authentication Authenticates and logs the user intothe system.Password FiltersOne problem administrators have is getting users to create passwords that are difficult toguess, yet easy to remember.For example, many administrators will use a password policyof a word, followed by a number or special character, followed by another word.While thispolicy won t keep crackers at bay forever, it does slow them down.In addition, two wordswith a special symbol in-between are easy to remember compared to the arcane jumble ofdigits and numbers some administrators use.Unfortunately, Windows doesn t provide any way to implement such a policy throughconfiguration or other standard features.However, you can provide this feature by writing apassword filter.This is a DLL that Windows calls as part of the logon process or any othertime a user needs to enter a new password.Every time a user changes his or her password, the LSA calls each password filter twice.The first time the filter verifies the new password.Your filter gets a chance to see what theuser wants to use for logging into the system.If the password doesn t meet the corporatepolicy, you can request a password change.The second time the filter sees the finalpassword.The LSA calls each password filter to provide notification of the passwordchange.Microsoft provides a default password filter, PASSFILT.DLL or AUTHFILT.DLL.This filterensures that passwords are at least six characters long, contain a combination of uppercaseletters, lowercase letters, numbers, and punctuation marks (you only have to use three out ofthe four categories), and don t include the user s name.Fortunately, you can use this defaultfilter and a custom filter in combination.You ll need to install the filter in the SYSTEM32 folder and add a registry entry to theHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Notification Packageskey (this is the Windows 2000-specific location).If you don t see the Notification Packageskey, then add it.All this means is that there aren t any other notification packages installedon the client machine.Finally, add the name of the filter as a string value to the key.You canadd more than one password filter to the Notification Package key.Windows calls each filterin turn to verify the password added by the user.Creating a password filter is easy.Start by creating a standard DLL project.The DLL youcreate has to export three functions.The following list provides a description of eachfunction.InitializeChangeNotify() This function returns TRUE if the password filter DLL isloaded, FALSE if it isn t.PasswordChangeNotify() This function is called by the LSA after a password changeis made [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

wblaskucienia.xlx.pl