Login and Permissions

NT users must log in to the domain. Pressing Control-Alt-Delete together displays the login utility.

After a valid username and password pair are entered, the verification process starts by comparing the username/password pair with the data stored in the Security Accounts Manager (SAM), which is stored on the NT server in the form of a database.

This database also contains a list of privileges for each user. For example, the database might contain the following permissions:

• User_1 is permitted access to group Cisco_Icon.

• User_2 is permitted access to group APAC.

• Directory d:\data has read and write access to both groups Cisco_Icon and APAC.

• The Word documents stored in d:\data\word are owned by group APAC only.

• The Excel documents stored in d:\data\excel are owned by group APAC, and read access is granted to all other users.

When a user or client attempts to access objects shared by other users in the domain, permissions are used to authorize or deny services.

The Windows NT file system is called New Technology File System (NTFS). NTFS is a naming file system that allows extra security. Earlier versions of Windows, such as 95, did not support NTFS and do not support file permissions.

The following are six NTFS permissions:

• R—Read only. The data or object can only be viewed.

• X—Execute. The data can be executed. (For example, a directory can be viewed or a program can be executed.)

• P—Change Permissions. The data access permissions can be altered.

• O—Take Ownership. The ownership can be altered.

The NTFS permissions can also be combined for certain files and directories. For example, RX (read/execute) allows a client to view and execute the data.

NOTE Computers running DOS/Windows 3.X, 95, 98, or ME/Windows NT with FAT partition do not provide any file permissions. They can provide only share-level permission. (Remote users can be permitted or denied access.) File permissions for local users can be implemented only in an NTFS file system.

0 0

Post a comment