MCTS 70-680: Authentication and Authorization

1,501

Sign in or sign up now!

There is no Interactive Transcript.

Published on Oct 27, 2011 by itfreetraining

This video looks at Authentication and Authorization in Windows 7. Authentication is the process of identifying the user or computer. Authorization is determining what they can and can't have access to after Authentication has occurred.

Kerberos version 5
This is the default system that Windows will use when it is available. It is a ticket based system. A ticket based system is when a ticket is generated when the user first logs in. This ticket contains all the groups the user is a member of and thus determines what they have access to. This ticket can be used with other computers on the network to grant access. If the users access changes after they login they will need to log off and back on again in order for the changes to take effect.

Windows will use Kerberos when it can, however there are times when Kerberos can't be used. These include the following
1) Authentication using an IP address
2) Either computer is not in a domain
3) The computers are in different forest with no forest trust connecting them
4) A firewall is blocking the Kerberos ports

NTLMv2
NT Lan Manager is a challenge response authentication system. A challenge response authentication system works by asking the other side a mathematical question. In order to answer this question correctly the password must be used to generate the response. This means the password is never transferred over the network in order for authentication to occur.

Certificates and Smartcards
Windows 7 supports the use of certificates and smartcards. Certificates can be generated either from a Microsoft Certificate Authority or from a 3rd party Certificate Authority. A smartcard contains the keys that are required by encryption. In order to prevent the smartcard from being used by the wrong party if lost or stolen they often support multifactor authentication. Multifactor authentication is when multiple methods are used to authentication the user. A common method is to add a pin number to the smart card.

Biometrics
Biometrics are devices that check something physical about the user. Examples of these include finger print scanner and eye scanners.

Authorization
Once you have been authenticated Windows need to decide what you can and can't access. This is configured through permissions, polices and rights. Permissions are assigned to files and folders. Polices are group policy which determine what you can access and what you can't like the control panel. Rights determine what you can do, for example if you can access take ownership of files.

Groups
To make administration easier Windows has a number of default groups. These default groups have permissions, polices and rights assigned to them to make it easier to configure Windows. Some of these groups are.
Administrators\Have access to everything
Backup operators\Can read and restore files
Event log readers\Can read the event logs
Network configuration operators\Can make changes to network adapters
Remote Desktop Users\Allows a user to access the computer using remote desktop
Power Users\Legacy group for backwards compatibly to Windows XP
Users\General users group.
Guests\Basic user that when logs off, changes are lost

See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for are always free training videos. This is only one video from the many free courses available on YouTube.

Category:

Education

License:

Standard YouTube License

5 likes, 0 dislikes

Uploader Comments (itfreetraining)

The identity of the remote computer cannot be verified. do you want to connect anyway.

The rmote pc could not be authenticated due to problem with its security certificate, it may be unsafe to proceed.

certificate errors the following errors were encounted while validation the remote pc certificate the, the certificate is not from a trusted certifying authentication. Isnt this up your alley?? because its way out of my league.

farstarfilm 3 months ago
@farstarfilm What this means is that you don't appear to have a certificate infrastructure set up so Windows can't verify the other party. This is normal. We have plenty of videos on certificates is you want more information on this. It is safe to ignore this message in most cases. Without certificates setup, Windows is basically saying a hacker could be on the other end rather then the computer you are trying to connect to. Windows can't verify the other party is who they say they are.

itfreetraining 3 months ago
@farstarfilm Have a look at are video MCTS 70-680: Certifcates in Windows 7. This explains how certificates works.

itfreetraining 3 months ago
I did wht u told me with user user@domain or domain\user but no luck. its driving me crazy!! can I default setting to put things back. I know its got to be something I am doing wrong.

farstarfilm 3 months ago
@farstarfilm Not sure what the problem is. I would suggest open the event viewer on the computer that you are trying to connect and have a look in the security log. There should be an event generated with more error information in it. The credential manager is only if you want to save credentials for later use. I would suggest clearing it in this case. I assume you are using remote desktop. Check the system properties and check the user has access.

itfreetraining 3 months ago
great vid but each time I remote connect I get wrong pass word message which is driving me crazy it appears to connect but cant get pass password I give same one all the time.

farstarfilm 3 months ago
@farstarfilm I would check to make sure that the right domain is selected. Try the format user@domain or domain\user. Also attempt to login on the remote computer locally. This will ensure that the username has not expired or something like that. If you are using a local account on the computer you can use the format computername\user. Lastly check that remote access has been enabled on the remote computer. You can configure this from the system properties.

itfreetraining 3 months ago

see all

All Comments (15)

Thanks for info but I am giving up I going to buy another laptop its a shame because I just bought this one.

farstarfilm 3 months ago
I GOT HERE FROM MINECRAFT D:

coolfunkDJ 3 months ago
Re: remote desktop connectionso, still getting user or password still incorrect please anyone can help me i would gladly reward you!!

farstarfilm 3 months ago
In overview, the inbound connection that do not matcha rule are blocked:

Domain profile, Private profile is active, publica profile. So in windows firewall with advance security on local computer domain, private, public was all checked block, this should be allow right?

farstarfilm 3 months ago
ok i am in, event viewer what should I be looking for?

farstarfilm 3 months ago
not sure where to find event viewer, and what if I restore internet settings, at internet properties advance? internet properties, privacy should I turn off pop up blocker?

farstarfilm 3 months ago

MCTS 70-680: Authentication and Authorization

Category:

Tags:

License:

Link to this comment:

Uploader Comments (itfreetraining)

All Comments (15)