Windows NT Security
NT Domains let the server allow or deny resource access to all networked shared resources.
The "User Manager for Domains" program is used on NT server to administer domain user accounts. The NT workstation User Manager program is still used to manage local users and groups on each machine.
The network control panel is used to change the computer name and the domain name.
The password may be up to 14 characters long and is case sensitive. User names may be 20 characters long and are not case sensitive. User names may not contain:
" \ / [ ] ; : = | . + ? * < >
NetBIOS names are 15 characters long with one invisible character.
When a user logs on, authentication may be done using the local or domain database. The user will be able to make this selection at logon time, but if the logon is done using the local database, only local resources will be available. Domain authentication is done by the nearest BDC or PDC.
Access tokens, and Access Determination
NT uses the following objects to control access security:
- Security identifier - The user's group membership (security IDs) and user (security ID) information.
- Access token - Passed to the user's machine when they log on. Even processes have access tokens. The access token contains:
- The security ID for the user.
- The security IDs for the user's groups.
ACEs (Access control entries) are entries in an access control list (ACL). Every object contains an access control list. Each ACE contain security IDs for users and groups along with the associated permissions for that user or group ID.