Basics of Windows Security

This video looks at all the basic parts that form the security model in Windows. Check out http://itfreetraining.com for more of our always free training videos. Understanding this will give you a better understanding of how security works in Windows allowing you to better configure and secure Windows.

Download the PDF handout http://ITFreeTraining.com/handouts/se...

What's in this video
This video will look at the core parts of Windows security which are as follows: "Security Principal", "Security Identifier", "Access Control Entry/Access Control List" and "Access Tokens". This will give you a better understanding of how security in Windows works which will assist you later on when you work on configuring security.

What is a Security Principal
A security principal is essentially the name given to an entity. For example a user, computer or process. This security principal is generally a friendly name to make it easier to identify the entity. For example, it is easier to identify a user by a name rather than a long number. A security principal will always map to one entity, but it is possible to have to entities with the same name. For example two users with the same name. Perhaps one has been deleted and replaced by the other. In order for an entity to always be able to be uniquely identified, it needs a unique value assigned to it.

Security Identifier (SID)
Every object in Windows has a SID assigned to it. A SID is a unique number like a serial number. They always start with S. The short SID's are local SID's and are only used on the local computer. The longer SID's are domain SID's and are issued by a Domain Controller.
The list of profiles currently in use can be found in Regedit at the following location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
The containers in this location are called after the SID of that user. This means that if the username of that user were to change, this would not affect Windows being able to find the profile for that user as the SID for that user has not changed.

SID Example
Whenever a user is created, a unique SID is assigned to them. This SID is then used with objects to give the user access. Since a unique SID is assigned to every user that is created, it is possible to have multiple users with the same SID at different times or in different domains. It should be remembered that once a user is deleted the SID associated with that user is lost. For this reason, many administrators will disable a user rather than deleting them and thus keeping the SID. If later on the access that was given to that user is required, the user can be re-enabled and the access reused.

ACE/ACL
In order to determine who can access an entity, ACE's and ACL's are used. An ACL or Access Control List is a list of permissions. For example who can read the entity, those that can write to the entity. An ACE or Access Control Entry is simply an entry in that list. For example, if you had a document on the file system, this document would have an Access Control List associated with it. This Access Control List would contain Access Control Entries which determine who has access. For example, it is common for files to be allowed access by administrators and the system user. If additional access is required, it is just a matter of adding an ACE to the ACL with the required permissions and the entity that requires access. The access is determined by using the entities SID. Thus to determine if someone is allowed access, the SID of that user is looked at and then checked against the ACL to see if there is a match. If there is a match the user is allowed access.

Description to long for YouTube. Please see the following link for the rest of the description.
http://itfreetraining.com/server/#bas...

See    / itfreetraining   or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube.

References
"Installing and Configuring Windows Server 2012 Exam Ref 70-410" pg 83
"Principal (computer security)" http://en.wikipedia.org/wiki/Principa...)
"Security Identifier" http://en.wikipedia.org/wiki/Security...
"Access Control Entries" http://msdn.microsoft.com/en-us/libra...
"Access Tokens" http://msdn.microsoft.com/en-us/libra...