Choosing The Best Type Of Trust Relationship
Author : Amandda Smith
Submitted : 2010-09-24 07:32:15 Word Count : 434 Popularity: 29
Tags: Windows XP Professional, microsoft exams, free Cisco practice tests
What is the best type of trust relationship between Tailspin Toys and Humongous Insurance Windows XP Professional(http://www.mcsa-70-270.com) to allow Tailspin Toys employees to work with Humongous Insurance
resources?
A one-way external trust.
Why is this the best type of trust relationship?
Using a one-way external trust is the best answer because it will provide the access that is required without providing access that is not required. A two-way external trust would provide Humongous Insurance potential access to the Tailspin Toys forest. A forest trust would provide too much access.
What technique will you use to restrict user access to the resources in the finance
department forest?
Selective authentication.
Why is this the best technique for this situation?
Selective authentication is best used when access to only a few domains in the forest is required. Lesson 2 Exercise 1: Hardening Authentication
How can you strengthen the authentication processes in Tailspin Toys?
There are two issues to consider. First, because the UNIX workstations are not centrally man-aged, the accounts might have weak controls. Providing accounts to UNIX users that can access both Windows and UNIX resources will strengthen these controls. Configuring Kerberos on the UNIX workstations for use as the authentication protocol will provide secure authentica?tion between the UNIX computers and Active Directory.
Second, while Windows 2000 and Windows XP Professional computers will use Kerberos in a Windows Server 2003 domain, Windows 98 by default will use LM. Windows NT 4.0 Worksta-tion will use NTLM. Client computers, by default, use LM and NTLM. In addition,>microsoft exams(http://www.mcsa-70-270.com) and Windows XP Professional computers might use LM, NTLM, or both if required. Authentica?tion processing can be made more secure if all the Windows clients are configured to use NTLMv2 when LM or NTLM is indicated.
You can only create a forest trust between two forests if both forests are set at the Windows Server 2003 forest functional level.
You can obtain SSO and some interoperability between UNIX and Windows sys?tems, and you can standardize the account policy for UNIX systems on the Win?dows-implemented policy by providing Active Directory accounts for UNIX workstation users, creating keys for the encryption of Kerberos messages between UNIX and the KDC, and configuring Kerberos on the UNIX workstations.
A strong password policy takes into account the authentication protocols used in the domain. For example, if the LM password hash is both refused at the domain controller and not stored in the Active Directory password database, a password length of more than seven characters does make a stronger password. If the LM hash is stored and used, a password from eight to free Cisco practice tests(http://www.examshots.com/vendor/Cisco-3.html) fourteen characters long is really no stronger than one that is seven characters.
Author's Resource Box
The CompTIA has been designed for professionals who analyze the business requirements. The autor devote herself to research the problems and knowledge of MCSE Certification.If you have any questions about MCSE,you can comments on the article the autor publiced.
Article Source:
www.1ArticleWorld.com