Windows 2000 includes several security features. This section explains the basics of Windows 2000 authentication and then examines users, groups, and security policies. This section also describes Windows 2000’s printing and auditing features.
The first element of Windows 2000 security that a user encounters is the logon dialog. To provide security, Windows 2000 does not send passwords across the network during the logon process. The authentication process works as follows:
The user enters a username and password. The password is used to encrypt a string of numbers (the current time), and the resulting encrypted data is sent with the username to the domain controller or to the local computer’s security subsystem when a domain is not in use.
The domain controller or security subsystem looks up the username and reads the encrypted token stored in the security database; if this matches the result sent with the logon request, access is granted.
An access token is sent to the client and used in subsequent network requests to continually verify the user’s identity. The server uses this token to determine whether access is granted for files, folders, or other resources.
Each person who accesses a Windows 2000 computer or network requires a user account that uniquely identifies the user. The user account and password are used at the logon dialog, and the user account’s properties control the user’s abilities on the network. ...