Accounts

We begin by summarizing the cornerstone of Windows NT security – user authentication. You must understand its basics before you can make some central decisions about domain structure, the most fundamental determinant of who does what on your network and where they can do it. A networked operating system like Windows NT imposes security by granting specific services and fulfilling specific requests to some people and not others. Basic to this decision is "who is the person." Like most operating systems, Windows NT casts the user identity in a user account, a collection of information about what the user or users of that account can and cannot do on the system. Also like most operating systems, users can only gain services under an account if they can demonstrate they know its password. The most basic tenet of Windows NT security is that it provides no significant services and fulfills no specific request until it associates a properly authenticated account with the request. When you physically log on, you specify an account and its password. This represents your identity on behalf of all the programs you run during your logon session. In the mainline Windows NT metaphor, there is no way to request local actions under another account. When you request one of Windows NT’s remote operations, including file and print sharing, and a host of other services that use named pipes, like remote administration, the server first associates you, the client, with an account that’s visible on the server. In some cases, it’s the same account in use on the client (specifically, when it’s a domain account in a domain that both client and server share, but more on this later). In other cases, it’s a different account that in some way or another you have demonstrated that you know its password. All requests to the remote, "secondary" session from your client-side, "primary" logon session are represented on the server by this second account. The only deviation from this scheme is that if the built-in Guest account is enabled, Windows NT server-side authentication uses Guest to match a remote request when it can find no match among its visible accounts. This allows unauthenticated, remote use of the computer. Even though that use may be tightly restricted by Windows NT’s access controls, it’s a dangerous practice. Windows NT Security 101 begins with "disable the Guest account."