Last Articles


Most popular password

Network Information Security: Myths and Realities Omnipotence hackers

Hackers and crackers, or what is good and what is bad?

Chronology of the ARPANET - INTERNET

Protection system in Windows - Fact or Fiction

The basic principles of security

Manager SAM and Active Directory

Administrative boundaries: the forest or domain?

Can you trust a domain that is connected to the Internet?

Идентификаторы защиты (SID)

Why can not I log in as an administrator from any location?

Network security model and resource sharing

Remote attacks on distributed computing systems

Characteristics and mechanisms of implementation of standard remote attacks

Fake ARP-server on the Internet

False DNS-server on the Internet

Substitution of one of the subjects TCP-connections on the Internet

Malfunction host on the network

Mythical remote attacks on the Internet

Dedicated channel communication between objects distributed CS

Administrative boundaries: the forest or domain?

   We often ask this question: what actually is a boundary for a security system in tear Windows Service T2003 - the domain or forest? Responding briefly to say that even if the domain is the primary administrative boundary, it does not create a continuous border protection, as it was in the systems of Windows NT.  And there are several reasons.

  One reason - the existence of universal groups that may gain the privileges of any domain in the forest, since the transitive two-way trust relationships are established automatically between all domains in the forest. For example, members of the Enterprise Admins group and the Schema Admins by default have access to some of the elements generated by the forest (child forest). To the members of the groups mentioned above could not perform within a given domain, these permissions must be manually removed. It is also necessary to pay attention to the Domain Admins group of all other domains in the forest. In forests in Active Directory network is one little-known property. That being said about him in the leadership of the Windows 2000 Server Resource Kit Deployment Planning Guide: "Administrators of any of the domains in the forest have the potential to become owners and edit the information from the container configuration (Configuration container) to Active Directory. These changes can be duplicated on all domain controllers in the forest . Thus, we can assume that the administrator of any acceding to the forest domain has a trust relationship which equate it possible for any other domain administrator (from the group Domain Admins).

Top 5 most read

The basic rules of safe behavior on the Internet

Manager SAM and Active Directory

You forget your password. What should I do? Part 3

Social engineering as a way of committing crimes in the sphere of computer information

Идентификаторы защиты (SID)

Copyright © 2010 BRV ISTCOM S.R.L.- раскрутка сайта