Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Chapter 8: Active Directory Domain Services Security 321 the number of objects that any security principal can own. To set quotas, use the Dsmod Quota command. Summary This chapter provided a brief overview of the basic concepts of Windows Server 2008 AD DS security, including the security principals, access control lists, authentication, and authoriza- tion. The first part of this chapter focused on the primary means of providing authentication and authorization in AD DS through the Kerberos protocol. Kerberos provides a secure mechanism for users to authenticate to AD DS and to gain access to network resources. The second component to providing AD DS security is to secure domain controllers and implement secure administrative practices. The second part of this chapter provided details on how to implement this type of security. Best Practices If possible, upgrade all servers and workstations to at least Windows Server 2000 with the latest service packs. By doing this, you can ensure that Kerberos is used for all authentication requests, and you can configure security features like SMB signing on