assets from unauthorized access, use, alteration, degradation, destruction, and other threats.
• It involves the authorization of access to data in a
network which is controlled by the network administrator and the organizational policies.
• Users choose or an ID and password or
authenticating information that allows them access to information and program within authority. • It also covers a variety of computer networks, both public and privet, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals.
• Network security involves in organizations,
enterprises, and other types of institutions. Creating and Managing User And Computer Account • User and Computer accounts • Active Directory User account and computer accounts represent a physical entity such as a computer or person.
• They are (User accounts and computer
accounts as well as Groups) are referred to as security principles. • They used to Authenticate the Identity of a User or computer. Defining Group Types and Scope • A group can be defined as a collection of accounts that are grouped together so that Administrators can assign permission and rights to the group as a single entity.
• There are Two types of Groups in Active
directory . A security Group and
A distribution Group • A security Group is one that is created for security purposes
• This types of group is a collection of users who have
the same permissions to resources and the same rights to perform certain tasks
• This types of group reduce the load of the
Administrator to assign a permission for individual User or Computer accounts.
• Each User that is a member of the group (Security
Type) have the same Permissions. • A distribution group is one created to share information with a group of users through E-mail messages.
• It enables the same message to be
simultaneously sent to its group members.
• Messages do not need to be send to individual
user or computer accounts. Group Scopes • The different group scopes make it possible for groups to be used differently to assign permissions for accessing resources. • A Group’s scope defines the place in the network where the group will be used or is valid. This is the degree to which the group will be able to reach across a domain, domain tree, or forest. The group scope also determines what users can be included as a group members. • There are three different types of Group scope’s in Active directory.
• Global Groups:- A global groups are containers for
user and computer accounts in the domain.
• They assign permissions to objects that reside in
any domain in a tree or forest. Users cane include a global group in the Access Control List (ACL) of objects in any domain in the tree/forest. • Domain Local groups:- it cane have Users accounts, Computer accounts, Global Groups, and Universal groups from any domain as a group members.
• However, only domain local group cane assign
permission to local resources or to resources thet reside in the domain in which the domain local group was created.
• The domain functional level set for the domain
determines which members can be included in the domain local group. • Universal groups:- it can have Users accounts, Computer accounts, global groups, and other universal groups from any domain in the tree or forest as a members.
• This basically means that users cane add members
from any domain in the forest to a universal group.
• Users can use universal groups to assign permissions
to access resources that are located in any domain in the forest. Group Policy • Group Policy is a set of rules that control the working environment of user accounts and computer accounts.
• It provide the central management and configuration of
operating systems, application, and users settings in an Active Directory environment.
• In other word Group policy in part controls what users can
and can’t do on a computer system.
• It also often used to restrict certain actions that may pose
potential security risks, for example; to block access to Task manager, restrict access to certain folders, disable the downloading of executable files, and so on. • Local policy:- refers to the policy that configures the local computers or servers, and is not inherited from the domain.
• We can set the local policy by running Gpedit.msc
from Run command.
• GPO (Group Policy Object):- Refers to as the policy
that is configured at the Active Directory level and inherited by the domain members computers.
• We can configure a GPO at the Domain level or OU
(Organizational Unit) level. To set a GPO • Go to Start > Administrative tools > Group Policy Management. • Select the domain, after that, right click > Creat a GPO in this domain, and Link it hear • Give an appropriated name to this object . • After creating the object, right click > Edit… • Navigate to user Configuration > Policies > Administrative Templates > Control Panel > Personalization • Select Prevent changing Background with a double click, enable it. Apply these changes • In order to implement we should update group policy by running gpupdate from the Run command, on both computers (server and client) • Finally, we can test by trying change the background on server and client computer.
• As an exercise tray to configure GPO for Enabling