understanding local groups

a local group is a collection of user accounts on a computer. use local groups to assign permissions to resources residing on the computer on which the local group is created. windows xp professional creates local groups in the local security database.

preparing to use local groups

guidelines for using local groups include the following

• use local groups on computers that do not belong to a domain

you can use local groups only on the computer on which you create them. although local groups are available on member servers and domain computers running windows 2000 server, do not use local groups on computers that are part of a domain. using local groups on domain computers prevents you from centralizing group administration. local groups do not appear in the active directory service, and you must administer them separately for each computers.

• you can assign permissions to local groups to access only the resources on the computer on which you create the local groups.

note - you cannot create local groups on domain controllers because domain controllers cannot have a security database that is independent of the database in active directory.

membership rules for local groups include following

• local groups can contain local user accounts from the computer on which you create the local groups.
• local groups cannot belong to any other group.
  

understanding groups

a group is a collection of user accounts. groups simplify administration by allowing you to assign permissions and rights to a group of users rather than to each user account individually.

• groups are collection of user accounts
• members receive permissions given to groups
• users can be members of multiple groups
• groups can be members of other groups

permissions control what users can do with a resource such as a folder, file or printer. when you assign permissions, you allow users to gain access to a resource and you define the type of access that they have. fro example, if several users need to read the same file, you can add their user accounts to a group and then give the group permission to read file. rights allow users to perform system tasks, such as changing the time on a computer and backing up or restoring files.

password requirenments

to protect access to the computer, every user account should have a password. consider the following guidelines for passwords.

• always assign a password to the administrator account to prevent unauthorized access to the account.
• determine whether the administrator or the users will control passwords. you can assign unique passwords to user accounts and prevent users from changing them, or you can allow users to enter their own passwords the first time they log on. in most cases users should control their passwords.
• use passwords that are hard to guess. for example avoid using passwords with an obvious association, such as a family members name.
• passwords can contain up to 128 characters, a minimum length of 8 characters is recommend.
• include both uppercase and lowercase letters (unlike user names, user passwords are case sensitive) numerals and the valid non-alphanumeric characters.
  

naming conventions

a naming convention is an organizations established standard for identified users in the domain. following a consistent naming convention helps administrators and users remember logon names. it also makes it easier for administrators to locate specific user accounts to add them to groups or perform account administration.

naming convention guidelines

• create unique user logon names - local user account names must be unique on the computer on which you create the local account. user logon names for domain user accounts must be unique to the directory.

• use a maximum of 20 characters -user account names can contain up to 20 uppercase or lowercase characters. the field accepts more than 20 characters, but windows xp professional recognizes only the first 20

• remember that user logon names are not case sensitive - you can use combination of special and alphanumeric characters to establish unique user accounts. user logon names are not case sensitive, but windows xp professional preserves the case for display purposes.

• avoid characters that are not valid -the following characters are not valid: " / \ [ ] : ; | - , + * ? < >

• accommodate employees with duplicate names - if two users have the same name, you could create a user logon name consisting of the first name, the last initial and additional letters from the last name to differentiate the users. for example if two user are named john evans, you could create one user account logon as johne and the other as johnev. you could also number each user logon name-for example, johne 1 and johne 2.

• identify the type of employee - some organizations prefer to identify temporary employees in their user accounts. you could add a T and a dash front of the users logon name (T-johne) or use parenthecs at the end- for example, johne(temp)

• rename the administrator and guest built-in user accounts - you should rename the administrator and guest accounts to provide greater security.
  

domain user accounts

domain user accounts allow you to log on to the domain and access resources anywhere on the network. when you log on, you provide your logon information-your user name and password. microsoft windows 2000 server uses this logon information to authenticate your identity and build and access token that contains your user information and security settings. the access token identifies you to the computers in the domain on which you try to access resources. the access token is valid throughtout the logon session.

characteristics of domain user accounts

• provide access to network resources
• provide access token for authentication
• created in active directory of domain controller
  

local user accounts

local user accounts allow users to log on only to the computer on which the local user account has been created and to access resources on only that computer. when you create a local user account, windows xp professional creates the account only in that computers security database, called the local security database. windows xp professional uses the local security database to authenticate the local user account, which allows the user to log on to that computer. windows xp professional does not replicate local user account information to any other computer.

characteristics of local user accounts

• provide access to resources on the local computer
• created in local security database (LSD)
• created in computers which are in workgroups
  

overview of internet explorer 8

Microsoft Windows Internet Explorer 8 is the next version of the world’s most popular browser that has been built from the ground up to be the best browser for the way people really use the Web. Faster, easier and safer than ever before, Internet Explorer 8 optimizes developer and end-user experiences to provide a window to the Web of online services.

note - now here comes the genuine story again, you cant use this in a non genuine windows, in order to install IE 8 you must verify that you using genuine products.

Following are brief descriptions of the new Internet Explorer 8.

Smart Address Bar

The Smart Address Bar makes it easier for people to locate the sites they want to visit. It does this by efficiently matching what a consumer types into the Address Bar with titles in their History and Favorites, without duplicates.

Tab Groups

Tab Groups allow consumers to quickly discern which tabs have related content. When clicking on a link within one tab spawns another, the new tab is placed next to the originating tab, and both tabs are marked with a color.

Redesigned “New Tab” Page

The “New Tab” Page in Internet Explorer 8 has been redesigned to allow people to perform common tasks by clicking on links on the page.

Reopen Last Browsing Session

For those who accidentally close the browser or experience a crash, Internet Explorer 8 enables people to reopen their last browsing session from the most recently closed instance of Internet Explorer 8.

Enhanced Find On Page

Find On Page functionality has been enhanced to improve how consumers search for text on Web pages.

Result count

The enhanced Find On Page functionality shows how many places the search text appears on the page.

Result highlighting

The enhanced Find On Page functionality makes it so users can locate an item at a glance since it highlights all places on the page where the search text appears.

Simplified Internet Explorer Administration Kit

The Internet Explorer Administration Kit helps IT professionals easily configure deployment settings, and now has Favorites customization and the ability to import Accelerators.

Group Policy enhancements

Internet Explorer 8 allows IT administrators to control and configure browser features including Accelerators and Web Slices with more than 140 new Group Policy settings in Internet Explorer 8, bringing the total to nearly 1,500, to ease browser deployment, configuration and customization. There are multiple new Group Policy Objects in areas such as Connection limits, InPrivate, Compatibility View and SmartScreen actions.

Developer tools

Developer tools enable developers to quickly debug HTML, CSS and JScript in a visual environment. These tools have been built directly into Internet Explorer 8 with expanded functionality including a helpful menu option for choosing which application to use when viewing a Web page’s source. Developers can quickly identify and resolve issues because of the deep insight the tool provides into the DOM.

Accelerators

Accelerators give people easy access to the online services they care about most from any page they visit. Meanwhile, developers gain an easy way to extend the reach of their online services. Accelerators also allow users to browse faster by eliminating most of the clicks required to access desired content and services.

Web Slices

With Web Slices, people can see the information they want to see most often without going away from the page they are on, and developers can mark parts of Web pages as Web Slices and enable users to easily monitor the information they most frequently browse to, all while they move about the Web. Web Slices appear in the Favorites bar, where people can identify updated sites when in bold. From there, they can see a rich Web Slice visualization of their content with easy access back to the source Web page.

Instant Search Box

The enhanced Instant Search Box in Internet Explorer 8 is more helpful, making it easier for people to find content of interest and increasing the relevancy of search results. As users type a search term, they can see real-time search suggestions, including images and rich text, from their chosen search provider. There is a quick pick menu at the bottom of the Search box, enabling people to toggle back and forth between their favorite Web sites and search providers’ Search Suggestions with a simple mouse click. In addition, the enhanced Instant Search Box presents results from the user’s own Favorites and browsing History.

InPrivate

InPrivate helps to protect people’s data and privacy from being retained locally on the PC they are using. This protects against third parties who might be in a position to track a consumers’ online activities. Consumers have the ability to use either of the features (InPrivate Blocking or InPrivate Filtering) independently.

InPrivate Browsing

When activated, InPrivate Browsing helps ensure that History, temporary Internet files and cookies are not recorded on a PC after browsing. When in InPrivate Browsing, toolbars and extensions are automatically disabled, and browsing History is automatically deleted when the browser is closed.

InPrivate Filtering

InPrivate Filtering helps protect privacy by enabling the consumer to filter content coming from third parties that are in a position to track and aggregate their online behavior. Users are provided with notice, choice and control of which third parties to allow and which ones to filter.

Compatibility View

Internet Explorer 8 provides people with an easy way to fix display problems such as out-of-place menus, images and text with a Compatibility View button that displays those pages as they were designed to be viewed. Some Web sites that are designed for older browsers may not display correctly in Internet Explorer 8, which by default renders content in the most standards-compliant way possible.

Compatibility View list

Those using Internet Explorer 8 can choose to receive a list of major sites that are best viewed in Compatibility View. When navigating to a site on the list, Internet Explorer 8 will automatically display the site in Compatibility View without requiring the user to press the Compatibility View button.

Crash recovery

In Internet Explorer 8, if a tab does crash, it is automatically restored and reloaded, and any information the user may have already entered on the page (such as when writing an e-mail or filling out a form) is restored.

Delete Browsing History

Internet Explorer 8 enhances the Delete Browsing History feature by providing the ability to delete some cookies, History and other data while preserving cookies, History and other data for favorite sites.

SmartScreen Filter

Built upon the Microsoft Phishing Filter, the SmartScreen Filter helps protect customers against a broader set of phishing threats and helps protect from sites that attempt to download malicious software. The SmartScreen Filter is easy to use with enhanced user interface and warning messages to reduce users’ click-through to confirmed sites.

ClickJacking prevention

New in Internet Explorer 8 is a feature that allows Web site content owners to put a tag in a page header that will help prevent ClickJacking, a type of cross-site request forgery. ClickJacking encompasses multiple techniques that can be used to trick Web users into unwittingly clicking an obscured or hidden Web element, usually resulting in an unwanted transaction. Internet Explorer 8 will detect sites that insert the tag and give users a new error screen indicating that the content host has chosen not to allow their content to be framed, while giving users the option to open the content in a new window.

Cross-site scripting (XSS) filter

Internet Explorer 8 helps protect customers and systems from attacks that can lead to information disclosure, cookie stealing, account or identity theft, or other attempts to masquerade as the user without permission. XSS attacks have emerged as a leading exploit against Web servers and Web applications. Internet Explorer 8 has an XSS filter that is able to dynamically detect type-1 XSS (reflection) attacks.

Data Execution Prevention (DEP)

DEP, on by default in Internet Explorer 8 in Windows Vista Service Pack 1, is a security feature that can help prevent damage to computers from viruses and other security threats by preventing certain types of code from writing to executable memory space.

Per-site ActiveX

Per-site ActiveX reduces attack surface by providing an implicit SiteLock (a tool for restricting access to a specific domain) so that controls may only run from their point of installation by default. This enables users and administrators to manage where a given ActiveX Control is allowed to run.

Per-user ActiveX

Per-user ActiveX allows developers to write their ActiveX Controls so that when a user installs them, they are installed only for that user and not for all users on the system, providing a level of protection for other users against malicious or badly written controls.