Last Articles

Most popular password

Fake ARP-server on the Internet

Why can not I log in as an administrator from any location?

Идентификаторы защиты (SID)

Can you trust a domain that is connected to the Internet?

Administrative boundaries: the forest or domain?

The basic principles of security

Protection system in Windows - Fact or Fiction

Chronology of the ARPANET - INTERNET

Network Information Security: Myths and Realities Omnipotence hackers

Network security model and resource sharing

Remote attacks on distributed computing systems

Characteristics and mechanisms of implementation of standard remote attacks

Administrative methods to protect against remote attacks on the Internet

Control of virtual connections in the distributed CS

Control over route messages to the distributed CS

Pros and cons of a distributed aircraft with dedicated channels

Mythical remote attacks on the Internet

Malfunction host on the network

Substitution of one of the subjects TCP-connections on the Internet

Administrative boundaries: the forest or domain?

   We often ask this question: what actually is a boundary for a security system in tear Windows Service T2003 - the domain or forest? Responding briefly to say that even if the domain is the primary administrative boundary, it does not create a continuous border protection, as it was in the systems of Windows NT.  And there are several reasons.

  One reason - the existence of universal groups that may gain the privileges of any domain in the forest, since the transitive two-way trust relationships are established automatically between all domains in the forest. For example, members of the Enterprise Admins group and the Schema Admins by default have access to some of the elements generated by the forest (child forest). To the members of the groups mentioned above could not perform within a given domain, these permissions must be manually removed. It is also necessary to pay attention to the Domain Admins group of all other domains in the forest. In forests in Active Directory network is one little-known property. That being said about him in the leadership of the Windows 2000 Server Resource Kit Deployment Planning Guide: "Administrators of any of the domains in the forest have the potential to become owners and edit the information from the container configuration (Configuration container) to Active Directory. These changes can be duplicated on all domain controllers in the forest . Thus, we can assume that the administrator of any acceding to the forest domain has a trust relationship which equate it possible for any other domain administrator (from the group Domain Admins).

Top 5 most read

The basic rules of safe behavior on the Internet

What to do if you forget the BIOS password

How to crack passwords?

Social engineering as a way of committing crimes in the sphere of computer information

You forget your password. What should I do? Part 3

Copyright © 2010 BRV ISTCOM S.R.L.- раскрутка сайта