Get a glimpse inside Paul Cooke's e-book "The definitive guide to Windows 2000 security" with this series of book excerpts, courtesy of Realtimepublishers.com. This excerpt is from Chapter 5, "Configuring access control." Click for the book excerpt series or get the full e-book.
Chapter introduction: Configuring access control
Access control provides the logical, or physical, controls that prevent unauthorized access to information resources. I want to emphasize unauthorized because access control has no real function without the concept of authorization. Remember from Chapter 1 that authorization gives a security principal the capability or privilege to perform an action or access an information resource. Thus, Windows 2000 uses authorizations to make access control decisions. The word unauthorized also implies that if you haven't explicitly been granted access to some resource, you'll be denied access.
But is that all there is to the concept of access control? Not entirely. Obviously, a third piece in this equation is missing: the concept of authentication. In addition to authorization, Windows 2000 uses authentication to make access control decisions. I discussed authentication in Chapter 4, and although this chapter is about access control, I'll spend a bit of time discussing authorization in Windows 2000. I'll discuss authorization and access control together to create a complete description of how these two concepts collectively work within Windows 2000.
Click for the next excerpt in this series: The Windows 2000 access control model