Study Of Secure The Active Directory Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Active directory is a repository for information about objects residing in a network. The objects may be in form of users, computers, printers and files. When Active Directory is in default, it supports numerous attributes for each object class that is used to store information. In addition, Access Control Lists are stored with each object thus allowing or denying permission to user’s access to manage the object. Windows Server 2003 was created so that improvements could be added on security, manageability and scalability which did not exist in the previous Windows 2000 Server.

Introduction:

The Active Directory can be used by users to get information about any object such as a printer. In a large organization with large amounts of data, this task may seem tedious when one is supposed to import data in to Active Directory and manage it. This however has been by Application Programming Interfaces that facilitate programmatic data management. In an Active Directory, data is stored in a hierarchical order that is similar to a file system. Each entry in ii is referred to as an object with objects being subdivided in to either container or non-containers also known as nodes. In order to uniquely identify these objects, a Globally Unique Identifier (GUID) is assigned to the whole system. GUID is hard to remember and hence an alternate method of identification called Distinguished Name is used. Distinguished Names are represented using syntax and rules.

Active Directory has a logical structure that is built around the concept of forest, tree and domains. A domain is composed of a name that serves as a unique identifier (DNS) and an X.500 based hierarchical structure of objects. A tree is a collection of one or more domains that are linked in a trust hierarchy. A forest is a collection of trees sharing global catalog, logical structure, directory schema and configuration. The forest dictates the security boundary by which objects, groups, computers and users can be accessed.

Active Directory accomplishes security by using built-in logon authentication and user authorization. Authentication is the process of requiring confirmation of the identity of a user before allowing access to a network. Under this setting, users provide a single log in to the domain which upon confirmation allows access to the network. Active Directory supports various protocols and mechanisms that are used to proved identity of a user. These protocols are Internet based and include Kerberos V5, smart cards, X.509 v3 and public key infrastructure. For an authentication to occur trust is paramount and it helps a relationship to exist between the domain and the domain controller on either end. It is not enough for an authentic user to access all information and this is limited by the user rights which the Active Directory further imposes. This is the authorization process and it entails granting or denying access to users or groups of user according to levels. Securing the Active Directory begins with ensuring physical security is in place. This means that measures be put in place to know who and who not to share physical administrative passwords with. Servers also should be places that are not accessible to everybody.

Active Directory uses trusts to allow users in one domain to access resources in another domain. When domains are created, trusts are created automatically in a forest. In Windows Server 2003, establishing trusts is easy between forests. It is these trusts that an administrator can grant access to resources whether they are local or foreign. The single forest environment is easy to manage unlike a multiple one although there is added security in multiple forest environments. In either case, it is important to be careful when creating trusts between forests in Windows Server 2003. This is achieved by allowing inter-forest trust to be created at the root level only and not allowing transitive relations. Another way to accomplish more security is to create external trusts which are non-transitive since they apply to only the domains they are restricted to (Desmond, et al. 2008).

After installing Windows Server 2003, running the Active Directory wizard will help in setting up security features and this is when the first forest or domain is created. The CD ROM or DVD ROM that comes with Windows Server 2003 is inserted and by clicking the Start button and then Run, dcpromo is typed. The wizard starts to run and one is prompted whether to create a Domain controller for a new domain after clicking Next.

The next procedure is to assign a DNS name for the new domain and set the database and sysvol file locations to default. Click Install and configure the DNS Server and continue by allowing Permissions compatible with Windows 2000 or Windows 2003. A secure password is then set and confirmed after which the installation proceeds. After installation is complete, restart the computer for the settings to apply and confirm if really a domain has been set using the DNS Administrative Console.

In order to add users to the Active Directory, user accounts must be created by clicking Start, Administrative Tools, Active Directory and then Users and Computers. Click on the domain name previously created and then expand up to Users. By right clicking, choose New and click on User. Type the names of the user and click Next to assign passwords. Under the password, there are various options but the recommended one allows the user to customize his password later. Click Next and then Finish. Once the new user has been created successfully, authorization takes place in the form of assigning membership and this is achieved by right clicking on the properties of the new user. Click Add on the Members Of tab and specify the group under Select groups. This is repeated for each user and clicking Ok at the end.

The final step is to add a member server to the domain. To achieve this log on to the computer you wish to add to the domain and right click on My Computer. Click on Properties, Computer Name tab and then Change. In the Computer Name Changes dialog box, click Domain under Member Of and type the domain name. Click Ok and if prompted supply the user name and password created earlier. Finish by clicking Ok and the domain is created and if prompted to restart the computer, do so.

In conclusion, these steps can be performed many times over by the Administrator to ensure security is not compromised by users sharing passwords or trust is not effective amongst relating domains (Microsoft Support, web).

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.