HostedDB - Dedicated UNIX Servers
nt-part2_16 Analysis of the Security of  Windows NT 1 March 1999 16 3.6  Users and groups In NT, a person that needs access to objects on a computer must have a valid user account. In addition, to access a specific object, the user has to have access rights on it. Every user account contains information such as: username, password, full name, logon hours, logon workstations, expiration date, home directory, logon script, profile and account type. Some of these need to be further explained. Full name is the user’s full name, for example Hans’  full name is Hans Hedbom. The logon hours specify for how long a user is allowed to gain access to the system. The set of computers, from which a user can log on to the system is given by logon workstations. The expiration date field is the date when the account automatically becomes disabled. The profile is a file containing information about the user’s Desktop environment (i.e. program groups and colors), that follows the user from one workstation to another. Finally, the account type is in most cases user accounts. By default there are two accounts: Administrator and Guest. Within the Administrator account, new accounts can be created. To add new user accounts, the User Manager tool is used. This is a standard tool, distributed and installed together with the OS. NT supports the concept of groups, similar to those of UNIX. Microsoft [40] are of the opinion that NT groups are more powerful than groups in UNIX. With groups, permis- sions can be granted to a set of related users, which makes the procedure of granting TABLE 3. Executive objects Object type Description Process An instance of a running program, including the address space and resources. Thread An executable unit within a process. Section A region of shared memory. File An instance of a file or an I/O device. Port A destination for messages sent by one thread in a process to another thread in another process. Access token An identification containing information about a logged-on user. Event A notification that a system event has occurred. Event pair    A notification that a dedicated application thread has copied a message to the Win32 server. Semaphore A counter that regulates the number of threads that can simultaneously use a resource. Mutant A mechanism that gives mutual exclusion capabilities. Timer A counter that records the passage of time. Object direc- tory A memory-based repository for object names. Symbolic link A mechanism for indirect reference to an object (view also symbolic links in UNIX). Profile A mechanism used for performance tuning. Key An index for referring to records in the configuration database.