SlideShare una empresa de Scribd logo

Controlling Delegation of Windows Servers and Active Directory

Descargar como PPTX, PDF
Zoho Corporation
Zoho Corporation

Derek Melber, Technical Evangelist for the AD Solutions team at ManageEngine and one of only 12 Microsoft Group Policy MVPs in the world, from his extensive knowledge in the Windows Active Directory security domain shares the various ways in Windows Servers to manage task delegations by Group / User / Permissions… And know the limitations too!

Tecnología
1 de 23
Click to edit Master title style Controlling Delegation of Windows Servers and Active Directory
2 • Derek Melber, MCSE & MVP (Group Policy and AD) • derek@manageengine.com • Online Resources • ManageEngine “Active Directory” Blog • Group Policy Resource Kit – MSPress • Windows Security Audit Package Consulting • Active Directory/Windows Audit Program • Training for efficient auditing • Administration Consultant • Active Directory and Server Design/Security • Active Directory and Group Policy Design About Your Speaker
3 • Delegation Defined • Delegation by Group Membership • Delegation by User Rights • Delegation by Permissions • Verifying Group Membership • Verifying User Rights • Verifying Permissions • Breaking Down Delegation Capabilities Agenda
4 • Delegation is granting the ability to manage or control some or all of an object or computer • Install and manage software on a server • Control services on a server • Add a group • Change membership of a group • Add or remove a user • Reset the password for a user Delegation Defined
5 • Default local groups • Administrators • Backup Operators • Power Users Delegation by Group Membership
6 • Default domain groups • Domain Admins • Administrators • Cert Publishers • DHCP Administrators • DNSAdmins • Group Policy Creator Owners • Account Operators • Backup Operators Delegation by Group Membership
7 • Default forest groups • Enterprise Admins • Schema Admins Delegation by Group Membership
8 • Application-/Service-based Groups • Exchange • SQL • Sharepoint • VMWare • Etc. Delegation by Group Membership
9 • Custom Admin Groups • These are groups that are created by administrators in Active Directory • These groups are granted elevated privileges • Group membership • User Rights • Permissions Delegation by Group Membership
10 • Computer-wide configurations that control what users can do to/on that computer • User rights are unique from computer to computer • User rights are configured centrally using Group Policy • If not centrally, then local policy configures computer user rights • User rights override security permissions • i.e., if user has denial permission to a folder, can still back it up with Backup and Restore user right Delegation by User Rights
11 • User Rights are granted using Group Policy • Domain Controllers • User Rights are specially configured by default • Default Domain Controller Policy contains default user right settings • Servers and Workstations • No user rights are applied using Group Policy • No user rights are applied additionally by joining domain • Local or domain-based Group Policy can alter/increase user right security Delegation by User Rights
12 • High Privileged User Rights • Shut down the system • Force shutdown of remote system • Log on as a batch job • Log on as a service • Log on locally • Act as part of the OS • Backup and Restore files and directories • Generate security audits • Manage auditing and security log • Replace process-level token • Synchronize directory service data • Take ownership of files and other objects Delegation by User Rights
13 • Permissions control what a user can do to an object • Objects include… • Files • Folders • Registry Keys • Printers • Services • AD Objects Delegation by Permissions
14 • Permissions are also known as • Access control list • ACL • NTFS permissions • None of these are the same as Share permissions! Delegation by Permissions
15 • Permissions differ by object being configured • Three levels of permissions can be configured for each object Delegation by Permissions
16 • Incorrect group membership can give too much access • Verification options • Active Directory Users and Computers • Local SAM • DumpSec • PowerShell/PowerGUI (groups recursive) • ADAudit Plus (groups recursive) Verifying Group Membership
17 • Incorrect user rights can give too much power • Verification options • Secpol.msc • DumpSec • ADAudit Plus Verifying User Rights
18 • Incorrect permissions can give too much access • Verification options • Screen captures (painful, time consuming, and too large) • Dumpsec (files and folders) • Xcacls, icacls (files and folders) • Dsacls (AD objects) Verifying Permissions
19 • Servers • Manage Files and Folders • Manage Security Logs • Install applications • Install services • Manage services • Start and Shut down server • Manage local users and groups • Manage entire server Breaking Down Delegation Capabilities
20 • Servers • Manage Files and Folders • Manage Security Logs • Install applications • Install services • Manage services • Start and Shut down server • Manage local users and groups • Manage entire server Breaking Down Delegation Capabilities
21 • Active Directory • Managing Users • Managing Groups • Managing Computers • Managing Group Policy • Managing Schema • Managing Forest-level functions Breaking Down Delegation Capabilities
22 • Delegation Defined • Delegation by Group Membership • Delegation by User Rights • Delegation by Permissions • Verifying Group Membership • Verifying User Rights • Verifying Permissions • Breaking Down Delegation Capabilities Summary
Click to edit Master title style Questions? Our gift to you… the link to download the tools! http://www.manageengine.com/products/active-directory-audit/ Thank you!

Recomendados

Change Monitoring of Active Directory
Change Monitoring of Active DirectoryChange Monitoring of Active Directory
Change Monitoring of Active DirectoryZoho Corporation
 
Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Zoho Corporation
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksZoho Corporation
 
7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​Zoho Corporation
 
Geek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessGeek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessIDERA Software
 
SHARE 2015 SeattleShare cics ts 52 technical overview
SHARE 2015 SeattleShare cics ts 52 technical overviewSHARE 2015 SeattleShare cics ts 52 technical overview
SHARE 2015 SeattleShare cics ts 52 technical overviewnick_garrod
 
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and SolutionsWSO2
 
IBM Impact session CICS V52 overview
IBM Impact session CICS V52 overview IBM Impact session CICS V52 overview
IBM Impact session CICS V52 overview nick_garrod
 

Recomendados

Change Monitoring of Active Directory
Change Monitoring of Active DirectoryChange Monitoring of Active Directory
Change Monitoring of Active DirectoryZoho Corporation
 
Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Zoho Corporation
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksZoho Corporation
 
7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​Zoho Corporation
 
Geek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessGeek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessIDERA Software
 
SHARE 2015 SeattleShare cics ts 52 technical overview
SHARE 2015 SeattleShare cics ts 52 technical overviewSHARE 2015 SeattleShare cics ts 52 technical overview
SHARE 2015 SeattleShare cics ts 52 technical overviewnick_garrod
 
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and SolutionsWSO2
 
IBM Impact session CICS V52 overview
IBM Impact session CICS V52 overview IBM Impact session CICS V52 overview
IBM Impact session CICS V52 overview nick_garrod
 
Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Zoho Corporation
 
Site24x7 Server Monitoring from the Cloud
Site24x7 Server Monitoring from the CloudSite24x7 Server Monitoring from the Cloud
Site24x7 Server Monitoring from the CloudSite24x7
 
CICS TS V5 Technical Overview
CICS TS V5 Technical OverviewCICS TS V5 Technical Overview
CICS TS V5 Technical OverviewSAFowlkes
 
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics PlatformWSO2
 
10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from Orchestrator10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from OrchestratorFredrik Knalstad
 
Monitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and SecurityMonitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and SecurityPrecisely
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveITProceed
 
What’s New in Assure MIMIX 10
What’s New in Assure MIMIX 10What’s New in Assure MIMIX 10
What’s New in Assure MIMIX 10Precisely
 
MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08Computer Networking
 
6421 b Module-14
6421 b Module-146421 b Module-14
6421 b Module-14Bibekananada Jena
 
Microsoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringMicrosoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringSite24x7
 
Architecture Concepts
Architecture ConceptsArchitecture Concepts
Architecture ConceptsPratip Mallik
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustKanio Dimitrov
 
SHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalabilitySHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalabilitynick_garrod
 
Log insight 3.3 customer presentation
Log insight 3.3 customer presentationLog insight 3.3 customer presentation
Log insight 3.3 customer presentationDavid Pasek
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Rundeck
 
Best of Icinga Modules - Icinga Camp Milan 2019
Best of Icinga Modules - Icinga Camp Milan 2019Best of Icinga Modules - Icinga Camp Milan 2019
Best of Icinga Modules - Icinga Camp Milan 2019Icinga
 
CIS bench marks for public clouds
CIS bench marks for public cloudsCIS bench marks for public clouds
CIS bench marks for public cloudsNagesh Ramamoorthy
 
Current State of Icinga - Icinga Camp Milan 2019
Current State of Icinga - Icinga Camp Milan 2019Current State of Icinga - Icinga Camp Milan 2019
Current State of Icinga - Icinga Camp Milan 2019Icinga
 
Implementing Auditing in SQL Server
Implementing Auditing in SQL ServerImplementing Auditing in SQL Server
Implementing Auditing in SQL ServerDavid Dye
 
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...Zoho Corporation
 
Case study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreisCase study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreisZoho Corporation
 

Más contenido relacionado

La actualidad más candente

Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Zoho Corporation
 
Site24x7 Server Monitoring from the Cloud
Site24x7 Server Monitoring from the CloudSite24x7 Server Monitoring from the Cloud
Site24x7 Server Monitoring from the CloudSite24x7
 
CICS TS V5 Technical Overview
CICS TS V5 Technical OverviewCICS TS V5 Technical Overview
CICS TS V5 Technical OverviewSAFowlkes
 
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics PlatformWSO2
 
10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from Orchestrator10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from OrchestratorFredrik Knalstad
 
Monitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and SecurityMonitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and SecurityPrecisely
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveITProceed
 
What’s New in Assure MIMIX 10
What’s New in Assure MIMIX 10What’s New in Assure MIMIX 10
What’s New in Assure MIMIX 10Precisely
 
Microsoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringMicrosoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringSite24x7
 
Architecture Concepts
Architecture ConceptsArchitecture Concepts
Architecture ConceptsPratip Mallik
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustKanio Dimitrov
 
SHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalabilitySHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalabilitynick_garrod
 
Log insight 3.3 customer presentation
Log insight 3.3 customer presentationLog insight 3.3 customer presentation
Log insight 3.3 customer presentationDavid Pasek
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Rundeck
 
Best of Icinga Modules - Icinga Camp Milan 2019
Best of Icinga Modules - Icinga Camp Milan 2019Best of Icinga Modules - Icinga Camp Milan 2019
Best of Icinga Modules - Icinga Camp Milan 2019Icinga
 
CIS bench marks for public clouds
CIS bench marks for public cloudsCIS bench marks for public clouds
CIS bench marks for public cloudsNagesh Ramamoorthy
 
Current State of Icinga - Icinga Camp Milan 2019
Current State of Icinga - Icinga Camp Milan 2019Current State of Icinga - Icinga Camp Milan 2019
Current State of Icinga - Icinga Camp Milan 2019Icinga
 
Implementing Auditing in SQL Server
Implementing Auditing in SQL ServerImplementing Auditing in SQL Server
Implementing Auditing in SQL ServerDavid Dye
 

La actualidad más candente (20)

Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...
 
Site24x7 Server Monitoring from the Cloud
Site24x7 Server Monitoring from the CloudSite24x7 Server Monitoring from the Cloud
Site24x7 Server Monitoring from the Cloud
 
CICS TS V5 Technical Overview
CICS TS V5 Technical OverviewCICS TS V5 Technical Overview
CICS TS V5 Technical Overview
 
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
 
10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from Orchestrator10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from Orchestrator
 
Monitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and SecurityMonitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and Security
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter Vanhove
 
What’s New in Assure MIMIX 10
What’s New in Assure MIMIX 10What’s New in Assure MIMIX 10
What’s New in Assure MIMIX 10
 
MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08
 
6421 b Module-14
6421 b Module-146421 b Module-14
6421 b Module-14
 
Microsoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringMicrosoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoring
 
Architecture Concepts
Architecture ConceptsArchitecture Concepts
Architecture Concepts
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, August
 
SHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalabilitySHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalability
 
Log insight 3.3 customer presentation
Log insight 3.3 customer presentationLog insight 3.3 customer presentation
Log insight 3.3 customer presentation
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration
 
Best of Icinga Modules - Icinga Camp Milan 2019
Best of Icinga Modules - Icinga Camp Milan 2019Best of Icinga Modules - Icinga Camp Milan 2019
Best of Icinga Modules - Icinga Camp Milan 2019
 
CIS bench marks for public clouds
CIS bench marks for public cloudsCIS bench marks for public clouds
CIS bench marks for public clouds
 
Current State of Icinga - Icinga Camp Milan 2019
Current State of Icinga - Icinga Camp Milan 2019Current State of Icinga - Icinga Camp Milan 2019
Current State of Icinga - Icinga Camp Milan 2019
 
Implementing Auditing in SQL Server
Implementing Auditing in SQL ServerImplementing Auditing in SQL Server
Implementing Auditing in SQL Server
 

Destacado

Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...Zoho Corporation
 
Case study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreisCase study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreisZoho Corporation
 
Unisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case studyUnisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case studyZoho Corporation
 
ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...Zoho Corporation
 
Case study-self-password-management-camh
Case study-self-password-management-camhCase study-self-password-management-camh
Case study-self-password-management-camhZoho Corporation
 
Ad manager plus Presentation
Ad manager plus PresentationAd manager plus Presentation
Ad manager plus PresentationFanky Christian
 
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...Zoho Corporation
 
Effective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active DirectoryEffective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active DirectoryZoho Corporation
 
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...Zoho Corporation
 
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...Zoho Corporation
 

Destacado (10)

Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
 
Case study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreisCase study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreis
 
Unisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case studyUnisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case study
 
ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...
 
Case study-self-password-management-camh
Case study-self-password-management-camhCase study-self-password-management-camh
Case study-self-password-management-camh
 
Ad manager plus Presentation
Ad manager plus PresentationAd manager plus Presentation
Ad manager plus Presentation
 
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
 
Effective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active DirectoryEffective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active Directory
 
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
 
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
 

Similar a Controlling Delegation of Windows Servers and Active Directory

Microsoft Offical Course 20410C_10
Microsoft Offical Course 20410C_10Microsoft Offical Course 20410C_10
Microsoft Offical Course 20410C_10gameaxt
 
Applications of Distributed Systems
Applications of Distributed SystemsApplications of Distributed Systems
Applications of Distributed Systemssandra sukarieh
 
Creating a fortress in your active directory environment
Creating a fortress in your active directory environmentCreating a fortress in your active directory environment
Creating a fortress in your active directory environmentDavid Rowe
 
Hive contributors meetup apache sentry
Hive contributors meetup apache sentryHive contributors meetup apache sentry
Hive contributors meetup apache sentryBrock Noland
 
Database Administration, Management & Security.pptx
Database Administration, Management & Security.pptxDatabase Administration, Management & Security.pptx
Database Administration, Management & Security.pptxSaqibKhan60365
 
Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03gameaxt
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaRandy Goering
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaRandy Goering
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.pptRahafKhalid14
 
The basics of remote data replication
The basics of remote data replicationThe basics of remote data replication
The basics of remote data replicationFileCatalyst
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesMongoDB
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in SalesforceSaurabh Kulkarni
 
IPAM Security Considerations
IPAM Security ConsiderationsIPAM Security Considerations
IPAM Security ConsiderationsAndreas Taudte
 
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...CloudIDSummit
 
Hadoop and Data Access Security
Hadoop and Data Access SecurityHadoop and Data Access Security
Hadoop and Data Access SecurityCloudera, Inc.
 

Similar a Controlling Delegation of Windows Servers and Active Directory (20)

MCSA 70-412 Chapter 03
MCSA 70-412 Chapter 03MCSA 70-412 Chapter 03
MCSA 70-412 Chapter 03
 
Mcts chapter 4
Mcts chapter 4Mcts chapter 4
Mcts chapter 4
 
Microsoft Offical Course 20410C_10
Microsoft Offical Course 20410C_10Microsoft Offical Course 20410C_10
Microsoft Offical Course 20410C_10
 
Applications of Distributed Systems
Applications of Distributed SystemsApplications of Distributed Systems
Applications of Distributed Systems
 
Creating a fortress in your active directory environment
Creating a fortress in your active directory environmentCreating a fortress in your active directory environment
Creating a fortress in your active directory environment
 
Hive contributors meetup apache sentry
Hive contributors meetup apache sentryHive contributors meetup apache sentry
Hive contributors meetup apache sentry
 
Database Administration, Management & Security.pptx
Database Administration, Management & Security.pptxDatabase Administration, Management & Security.pptx
Database Administration, Management & Security.pptx
 
Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt
 
The basics of remote data replication
The basics of remote data replicationThe basics of remote data replication
The basics of remote data replication
 
Rh413
Rh413Rh413
Rh413
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security Features
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
 
IPAM Security Considerations
IPAM Security ConsiderationsIPAM Security Considerations
IPAM Security Considerations
 
Cache Security- The Basics
Cache Security- The BasicsCache Security- The Basics
Cache Security- The Basics
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
 
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...
 
Hadoop and Data Access Security
Hadoop and Data Access SecurityHadoop and Data Access Security
Hadoop and Data Access Security
 

Más de Zoho Corporation

The Future of integrated Identity and Access Management
The Future of integrated Identity and Access ManagementThe Future of integrated Identity and Access Management
The Future of integrated Identity and Access ManagementZoho Corporation
 
One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.Zoho Corporation
 
Using indicators to deal with security attacks
Using indicators to deal with security attacksUsing indicators to deal with security attacks
Using indicators to deal with security attacksZoho Corporation
 
Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...Zoho Corporation
 
Empowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory managementEmpowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory managementZoho Corporation
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Zoho Corporation
 
Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​Zoho Corporation
 
Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Zoho Corporation
 
Indispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset IssuesIndispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset IssuesZoho Corporation
 
ADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College MontmorencyADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College MontmorencyZoho Corporation
 
How ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its ADHow ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its ADZoho Corporation
 
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...Zoho Corporation
 
Password Reset Issues Effectively Solved
Password Reset Issues Effectively SolvedPassword Reset Issues Effectively Solved
Password Reset Issues Effectively SolvedZoho Corporation
 
ADManager Plus helps City of Warsaw with comprehensive management of active d...
ADManager Plus helps City of Warsaw with comprehensive management of active d...ADManager Plus helps City of Warsaw with comprehensive management of active d...
ADManager Plus helps City of Warsaw with comprehensive management of active d...Zoho Corporation
 

Más de Zoho Corporation (16)

The Future of integrated Identity and Access Management
The Future of integrated Identity and Access ManagementThe Future of integrated Identity and Access Management
The Future of integrated Identity and Access Management
 
One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.
 
Using indicators to deal with security attacks
Using indicators to deal with security attacksUsing indicators to deal with security attacks
Using indicators to deal with security attacks
 
Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...
 
Empowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory managementEmpowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory management
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​
 
Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​
 
Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​
 
Indispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset IssuesIndispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset Issues
 
ADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College MontmorencyADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College Montmorency
 
Helpdesk delegation
Helpdesk delegationHelpdesk delegation
Helpdesk delegation
 
How ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its ADHow ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its AD
 
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...
 
Password Reset Issues Effectively Solved
Password Reset Issues Effectively SolvedPassword Reset Issues Effectively Solved
Password Reset Issues Effectively Solved
 
ADManager Plus helps City of Warsaw with comprehensive management of active d...
ADManager Plus helps City of Warsaw with comprehensive management of active d...ADManager Plus helps City of Warsaw with comprehensive management of active d...
ADManager Plus helps City of Warsaw with comprehensive management of active d...
 

Último

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 

Último (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Controlling Delegation of Windows Servers and Active Directory

  • 1. Click to edit Master title style Controlling Delegation of Windows Servers and Active Directory
  • 2. 2 • Derek Melber, MCSE & MVP (Group Policy and AD) • derek@manageengine.com • Online Resources • ManageEngine “Active Directory” Blog • Group Policy Resource Kit – MSPress • Windows Security Audit Package Consulting • Active Directory/Windows Audit Program • Training for efficient auditing • Administration Consultant • Active Directory and Server Design/Security • Active Directory and Group Policy Design About Your Speaker
  • 3. 3 • Delegation Defined • Delegation by Group Membership • Delegation by User Rights • Delegation by Permissions • Verifying Group Membership • Verifying User Rights • Verifying Permissions • Breaking Down Delegation Capabilities Agenda
  • 4. 4 • Delegation is granting the ability to manage or control some or all of an object or computer • Install and manage software on a server • Control services on a server • Add a group • Change membership of a group • Add or remove a user • Reset the password for a user Delegation Defined
  • 5. 5 • Default local groups • Administrators • Backup Operators • Power Users Delegation by Group Membership
  • 6. 6 • Default domain groups • Domain Admins • Administrators • Cert Publishers • DHCP Administrators • DNSAdmins • Group Policy Creator Owners • Account Operators • Backup Operators Delegation by Group Membership
  • 7. 7 • Default forest groups • Enterprise Admins • Schema Admins Delegation by Group Membership
  • 8. 8 • Application-/Service-based Groups • Exchange • SQL • Sharepoint • VMWare • Etc. Delegation by Group Membership
  • 9. 9 • Custom Admin Groups • These are groups that are created by administrators in Active Directory • These groups are granted elevated privileges • Group membership • User Rights • Permissions Delegation by Group Membership
  • 10. 10 • Computer-wide configurations that control what users can do to/on that computer • User rights are unique from computer to computer • User rights are configured centrally using Group Policy • If not centrally, then local policy configures computer user rights • User rights override security permissions • i.e., if user has denial permission to a folder, can still back it up with Backup and Restore user right Delegation by User Rights
  • 11. 11 • User Rights are granted using Group Policy • Domain Controllers • User Rights are specially configured by default • Default Domain Controller Policy contains default user right settings • Servers and Workstations • No user rights are applied using Group Policy • No user rights are applied additionally by joining domain • Local or domain-based Group Policy can alter/increase user right security Delegation by User Rights
  • 12. 12 • High Privileged User Rights • Shut down the system • Force shutdown of remote system • Log on as a batch job • Log on as a service • Log on locally • Act as part of the OS • Backup and Restore files and directories • Generate security audits • Manage auditing and security log • Replace process-level token • Synchronize directory service data • Take ownership of files and other objects Delegation by User Rights
  • 13. 13 • Permissions control what a user can do to an object • Objects include… • Files • Folders • Registry Keys • Printers • Services • AD Objects Delegation by Permissions
  • 14. 14 • Permissions are also known as • Access control list • ACL • NTFS permissions • None of these are the same as Share permissions! Delegation by Permissions
  • 15. 15 • Permissions differ by object being configured • Three levels of permissions can be configured for each object Delegation by Permissions
  • 16. 16 • Incorrect group membership can give too much access • Verification options • Active Directory Users and Computers • Local SAM • DumpSec • PowerShell/PowerGUI (groups recursive) • ADAudit Plus (groups recursive) Verifying Group Membership
  • 17. 17 • Incorrect user rights can give too much power • Verification options • Secpol.msc • DumpSec • ADAudit Plus Verifying User Rights
  • 18. 18 • Incorrect permissions can give too much access • Verification options • Screen captures (painful, time consuming, and too large) • Dumpsec (files and folders) • Xcacls, icacls (files and folders) • Dsacls (AD objects) Verifying Permissions
  • 19. 19 • Servers • Manage Files and Folders • Manage Security Logs • Install applications • Install services • Manage services • Start and Shut down server • Manage local users and groups • Manage entire server Breaking Down Delegation Capabilities
  • 20. 20 • Servers • Manage Files and Folders • Manage Security Logs • Install applications • Install services • Manage services • Start and Shut down server • Manage local users and groups • Manage entire server Breaking Down Delegation Capabilities
  • 21. 21 • Active Directory • Managing Users • Managing Groups • Managing Computers • Managing Group Policy • Managing Schema • Managing Forest-level functions Breaking Down Delegation Capabilities
  • 22. 22 • Delegation Defined • Delegation by Group Membership • Delegation by User Rights • Delegation by Permissions • Verifying Group Membership • Verifying User Rights • Verifying Permissions • Breaking Down Delegation Capabilities Summary
  • 23. Click to edit Master title style Questions? Our gift to you… the link to download the tools! http://www.manageengine.com/products/active-directory-audit/ Thank you!