Network security

• Network security is the prevention of network

assets from unauthorized access, use, alteration,
degradation, destruction, and other threats.

• It involves the authorization of access to data in a

network which is controlled by the network
administrator and the organizational policies.

• Users choose or an ID and password or

authenticating information that allows them
access to information and program within
authority.
• It also covers a variety of computer networks,
both public and privet, that are used in everyday
jobs conducting transactions and
communications among businesses, government
agencies and individuals.

• Network security involves in organizations,

enterprises, and other types of institutions.
 Creating and Managing User And
Computer Account
• User and Computer accounts
• Active Directory User account and computer
accounts represent a physical entity such as a
computer or person.

• They are (User accounts and computer

accounts as well as Groups) are referred to as
security principles.
• They used to Authenticate the Identity of a
User or computer.
 Defining Group Types and Scope
• A group can be defined as a collection of
accounts that are grouped together so that
Administrators can assign permission and
rights to the group as a single entity.

• There are Two types of Groups in Active

directory .
A security Group and

A distribution Group
• A security Group is one that is created for security
purposes

• This types of group is a collection of users who have

the same permissions to resources and the same
rights to perform certain tasks

• This types of group reduce the load of the

Administrator to assign a permission for individual
User or Computer accounts.

• Each User that is a member of the group (Security

Type) have the same Permissions.
• A distribution group is one created to share
information with a group of users through E-mail
messages.

• It enables the same message to be

simultaneously sent to its group members.

• Messages do not need to be send to individual

user or computer accounts.
 Group Scopes
• The different group scopes make it possible for
groups to be used differently to assign permissions
for accessing resources.
• A Group’s scope defines the place in the network
where the group will be used or is valid. This is the
degree to which the group will be able to reach
across a domain, domain tree, or forest. The group
scope also determines what users can be included
as a group members.
• There are three different types of Group scope’s in
Active directory.

• Global Groups:- A global groups are containers for

user and computer accounts in the domain.

• They assign permissions to objects that reside in

any domain in a tree or forest. Users cane include
a global group in the Access Control List (ACL) of
objects in any domain in the tree/forest.
• Domain Local groups:- it cane have Users accounts,
Computer accounts, Global Groups, and Universal
groups from any domain as a group members.

• However, only domain local group cane assign

permission to local resources or to resources thet
reside in the domain in which the domain local group
was created.

• The domain functional level set for the domain

determines which members can be included in the
domain local group.
• Universal groups:- it can have Users accounts,
Computer accounts, global groups, and other
universal groups from any domain in the tree or forest
as a members.

• This basically means that users cane add members

from any domain in the forest to a universal group.

• Users can use universal groups to assign permissions

to access resources that are located in any domain in
the forest.
 Group Policy
• Group Policy is a set of rules that control the working
environment of user accounts and computer accounts.

• It provide the central management and configuration of

operating systems, application, and users settings in an
Active Directory environment.

• In other word Group policy in part controls what users can

and can’t do on a computer system.

• It also often used to restrict certain actions that may pose

potential security risks, for example; to block access to Task
manager, restrict access to certain folders, disable the
downloading of executable files, and so on.
• Local policy:- refers to the policy that configures the
local computers or servers, and is not inherited from
the domain.

• We can set the local policy by running Gpedit.msc

from Run command.

• GPO (Group Policy Object):- Refers to as the policy

that is configured at the Active Directory level and
inherited by the domain members computers.

• We can configure a GPO at the Domain level or OU

(Organizational Unit) level.
 To set a GPO
• Go to Start > Administrative tools > Group Policy
Management.
• Select the domain, after that, right click > Creat a
GPO in this domain, and Link it hear
• Give an appropriated name to this object .
• After creating the object, right click > Edit…
• Navigate to user Configuration > Policies >
Administrative Templates > Control Panel >
Personalization
• Select Prevent changing Background with a
double click, enable it. Apply these changes
• In order to implement we should update group
policy by running gpupdate from the Run
command, on both computers (server and client)
• Finally, we can test by trying change the
background on server and client computer.

• As an exercise tray to configure GPO for Enabling

screen saver by your self.