Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > articles > Permissions/Authentication

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Randy Franklin Smith - Articles on Permissions/Authentication

most recent | by year | by subject

Granting Users the Authority to Unlock Other Users' Accounts
Do you want certain users to be able to unlock other users’ accounts without granting them the authority to reset users’ passwords? Find out how to use the Active Directory Users and Computers snap-in to do just that.
<more>

Distinguishing User Accounts from User Groups in an ACL
Learn how to tell whether the principal in the name column of an ACE is a user or a group.<more>

Granting Users Read Access to the Registry
Do you need to give users the authority to monitor the performance of your servers without giving them administrator authority? Find out how to grant users remote access to only certain areas of the registry. <more>

Assigning Administrators Ownership of Objects. To prevent users from modifying an object's permissions, you can change the ownership of the object and enable object access auditing. <more>

Requiring DC Authentication to Unlock Workstations. Find out how to require DC authentication to unlock user workstations and why you might not want to. <more>

Auditing Changes to Shared Folders. Learn how to enable auditing to identify when an administrator creates or deletes a shared folder. <more>

Disabling Logging of Anonymous Logon Events. Do you log anonymous logon events on your servers? Find out how dangerous these events are and whether you can disable or block them from your security logs. <more>

Preventing Users from Using the Remember password Feature. Learn how you can prevent users from using the Remember password feature for Web applications and shared folders. <more>

Kerberos Ticket Expirations. Find out whether it's normal to log a high number of expired tickets in a short period of time. <more>

Discovering the Cause of an Event ID 675. Here's how to figure out who or what is attempting to authenticate to your DC. <more>

Whether you should configure your servers to use NTLMv2 depends on your environment. Whether you should configure your servers to use NTLMv2 depends on your environment. <more>

Permissions for Renaming a File. Here's an explanation of the permissions required for renaming a file. <more>

When Share Permissions Come into Play. Share permissions are a factor only when you access a file through a share. <more>

Giving Department Members Appropriate File Access. Let a department's members modify each others' files, but limit them to read permission only for files created by members of other departments. <more>

What's the Password? Password resets can be the weak spot in any password-based authentication scheme. Find out how to buff up this type of security. <more>

Getting Password Expiration Dates. DumpSec is a free tool that can report on all of a server's user account password expiration dates. <more>

Assigning Different Permissions to Different Departments.You can allow one department to have read and modify access to a folder and give another department read access only. Here's how. <more>

Setting Permissions on a New Shared Folder. In newer Windows versions, you might need to change permissions on the share's Sharing tab in addition to setting them on the Security tab. <more>

Understanding Inherited Permissions. Learn when deny permissions override allow permissions and when allow permissions trump deny permissions. <more>

Caching Logons. Windows 2000 Server's cached logon feature doesn’t drop logons as they age, it simply securely caches the credentials of the most recent secure domain logons, up to the number you specify. <more>

Logging on to a Problem Machine. Here are some steps you can take when a Windows 2000 machine won't let the user log on and you don't know the administrator's password. <more>

Requiring a Password When Resuming from Hibernation or Stand by Mode. If users disable the password dialog box that's typically required to resume from hibernation or Stand by mode, they put your network at risk. Here's how you can prevent the problem. <more>

Get this valuable commentary each month as soon as Microsoft releases security updates!

Free log parser scripts, a clear explanation of Microsoft's latest security bulletin, helpful security tips, how-to's and more.

Email address:
 

Newsletter archive
Your e-mail address will be held strictly confidential and you can unsubscribe at any time.


Additional Links

A
D
V

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit

Sick of LimitLogin? Get UserLock for real logon control


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map