Shared Flashcard Set

Details

Active Directory
Chapter 8 Configuring the User and Computer Environment Using Group Policy
26
Computer Networking
Undergraduate 1
08/04/2012

Additional Computer Networking Flashcards

 


 

Cards

Term
Account Lockout Policies
Definition
Subcategory in the Account Policies category that specifies the number of unsuccessful logon attempts that, if made within a contiguous timeframe, might constitute a potential security threat from an intruder. An Account Lockout Policy can be set to lock the account in question after a specified number of invalid attempts. Additionally, the policy specifies how long the account will remain locked.
Term
account logon events
Definition
Setting that logs events related to successful user logons to a domain.
Term
account management events
Definition
Setting that triggers an event that is written based on changes to account properties and group properties. Log entries written due to this policy setting reflect events related to user or group account creation, deletion, renaming, enabling, or disabling.
Term
Audit Policy
Definition
Section of GPO Local Policies that enables administrators to log successful and failed security events such as logon events, account access, and object access.
Term
auditing
Definition
Tracking events that take place on the local computer
Term
disk quotas
Definition
Setting that limits the amount of space available on the server for user data.
Term
Enforce Password History
Definition
Group Policy setting that indicates the number of passwords that Active Directory should retain in memory before allowing someone to reuse a previously used password.
Term
Fine-Grained Password Policies (FGPP)
Definition
Policy that can be applied to one or more users or groups of users, allowing the administrator to specify a more or less stringent password policy for a subset account than the password policy defined for the entire domain.
Term
gpupdate.exe
Definition
Command-line tool used to force a manual Group Policy refresh. This tool was introduced in Windows Server 2003, and it is used in Windows Server 2003 and Windows Server 2008 to replace the secedit/refreshpolicy command that was used in Windows 2000.
Term
Kerberos Policies
Definition
For domain accounts only, this policy enables administrators to configure settings that govern how Active Directory authentication functions.
Term
Key Distribution Center (KDC)
Definition
Used to issue Kerberos tickets to users for domain access.
Term
Local Policies
Definition
Policies that enable administrators to set user privileges on the local computer that govern what users can do on the computer and determine whether these actions are tracked within an event log.
Term
logon events
Definition
This setting logs events related to successful user logons on a computer.
Term
msDS-PasswordSettings
Definition
New object type in Windows Server 2008 that enables the use of Fine-Grained Password Policies. Also known as a Password Settings Object (PSO).
Term
Offline Files
Definition
Separate Group Policy category that allows files to be available to users, even when users are disconnected from the network.
Term
Password Policies
Definition
Subcategory in the Account Policies category that enforces password length, password history, and so on. Password Policies can be applied to domain and local user accounts.
Term
Password Settings Object (PSO)
Definition
New object type in Windows Server 2008 that enables the use of Fine-Grained Password Policies. Also known as msDS-PasswordSettings.
Term
policy change events
Definition
By default, this policy is set to audit successes in the Default Domain Controllers GPO. Policy change audit log entries are triggered by events such as user rights assignment changes, establishment or removal of trust relationships, IPSec policy agent changes, and grants or removals of system access privileges.
Term
precedence
Definition
Attribute of the Password Settings Object (PSO) used as a tie-breaker to determine which PSO should apply: a PSO with a precedence of 1 will be applied over a PSO with a precedence of 5.
Term
refresh interval
Definition
The available period that each background refresh process can be set to ranges from 0 to 64,800 minutes (45 days).
Term
Restricted Groups
Definition
Policy setting that enables an administrator to specify group membership lists.
Term
Security Options
Definition
Subcategory of the Local Policies setting area of a Group Policy Object that includes security settings related to interactive logon, digital signing of data, restrictions for access to floppy and CD-ROM drives, unsigned driver installation behavior, and logon dialog box behavior.
Term
system events
Definition
Events that trigger a log entry in this category include system startups and shutdowns; system time changes; system event resources exhaustion, such as when an event log is filled and can no longer append entries; security log cleaning; or any event that affects system security or the security log. In the Default Domain Controllers GPO, this setting is set to log successes by default.
Term
System Services
Definition
Category used to configure the startup and security settings for services running on a computer.
Term
tattooing
Definition
Administrative Template setting that continues to apply until it is reversed by using a policy that overwrites the setting.
Term
User Rights Assignment
Definition
Subcategory of the Local Policies setting area of a Group Policy Object that includes settings for items that pertain to rights needed by users to perform system-related tasks.
Supporting users have an ad free experience!