Securing Accounts
Each user, computer, or group account is a security principal on systems running Windows Server 2003, Windows 2000, and Windows XP. Security principals receive permissions to access resources such as files and folders. User rights, such as interactive logons, are granted or denied to accounts directly or by membership in a group. The accumulation of these permissions and rights define what security principals can and cannot do when working on the network.
User accounts are either domain or local in scope. In Windows Server 2003 and Windows 2000, domain accounts are stored in the Active Directory directory database (Ntds.dit) on domain controllers, whereas local accounts are stored in individual Security Accounts Manager (SAM) ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.