Referring again to figure 12.2, the security model consists of the following components:

•  Logon process. A process that does three types of logons. If a user has been logged off and is logging back on, this process takes the user’s credentials (user name and password) and verifies them with the Security Account Manager. If a user is already logged on and attempting to access resources on another system, this process verifies the user to that system. It can also provide inter-domain logon. The logon process is covered later under “Windows NT Logon and Authentication.”

•  Local Security Authority (LSA). This component is the central component of the security system that manages and coordinates logons, object access, and other security events. The LSA coordinates with the Security Accounts Manager (SAM) and the Security Reference Monitor (SRM). It is also linked into a security policy database and an audit log.

•  Security Account Manager (SAM). This component manages the user account database. The LSA contacts the SAM when it needs to verify that a user has permission to access an object.

•  Security Reference Monitor (SRM). The SRM is a kernel mode software component that checks whether a user has permission to access an object or has rights to perform some action (such as back up files).

These components are referred to later in discussions about logon processes, authentication, user rights, and user permissions.

The Windows NT Operating Environment

Like most secure network operating systems, Windows NT is based on user accounts, user access rights, permissions, and secure logons. All of which are controlled by the security system described previously. The primary features are outlined below:

•  Users that require extended access to resources should have their own user account. A guest account is available, but it should only be used for limited access, such as read-only access to files in a public directory. The guest account is like an anonymous logon account.

•  Users must supply a valid user name and password to log on to their account. This logon system can be extended through third-party options. For example, a token-based security system can be added that requires users to enter a user name, a password, and a value generated by an electronic smartcard.

•  User groups are an important management feature. Users can be added to custom groups or special management groups that give them rights to manage parts of the system.

•  Users can “own” resources such as directories and files and strictly control access to them, providing a high level of personal security for users.

•  System management is performed by a system administrator who can designate sub-administrators to manage parts of the system or network.

Before discussing user accounts, rights, and permissions, you’ll need to familiarize yourself with Windows NT domains, domain controllers, trust relationships, and other management features as discussed next.

Domains

Domains are the central unit of management for a Windows NT network. A domain is a collection of computers and user accounts that is managed by a central authority. Depending on how administrators set it up, a domain can include all the computers and users for an entire organization or it can be used to provide a division of management, users, and resources within an organization. For example, a company can create a domain for its Eastern division and a domain for its Western division. A more likely example is a company that creates domains for its sales division, its marketing division, its research division, and any other necessary division.

Normally, each domain has its own administrator account. While each domain may have its own administrator, a single person can be the top-level administrator for all domains. Each domain also has its own set of user accounts. Users in one domain, however, can be allowed to access resources in another domain if a trust relationship is established between those domains. A trust relationship provides a way to make resources in one domain available to users in another domain as discussed in a moment. A single domain is appropriate for many organizations, but large national and international companies will probably benefit from using multiple domains.

Domains are administrative and security entities. When a user logs into an account, they log into a domain and have access to resources in that domain for which their accounts have been given permission. Users can browse for resources within the domain and access those resources without having to log in again.

Users may also have accounts in other domains on the network and can log into another account from the same workstation by specifying the name of the domain to log into. Alternatively, a user can have a single account with access to multiple domains if the domain administrators prefer to set it up that way. Often a group of users in one domain is allowed to access specific resources in another domain.

Each domain has its own security policies and lets you control the status of default accounts such as the guest account. Here are some of the policy settings you can set in domains:

•  You can set password restrictions, such as the expiration date of a password and minimum password length.

•  You can set options for account lockout, such as how many times a user can attempt to log on before the account is locked.

•  You can enable or disable the Guest account in each domain.

•  You can set audit policies that control the type of events that will be logged in the domain. Each domain can have its own audit policies.

•  You can create custom groups for the domain that have specific rights, such as the right to back up files or manage parts of the domain.

A domain can be as small as a single server. For example, a server connected to the Internet should be in a separate domain in which the Guest account is disabled for security reasons. You can then use the Guest account in other domains.