Network account Management (document) Essay

1.   Introduction
Network security is an important issue in modern organisation/Companies. Network security consists of computer infrastructure and policies adopted by network administrator to protect the network resources from intruders and unauthorised access. A good Account management policy can prevent that from happening keeping the organization safe and secure

Windows by default has the following local security groups; each security group has its own privileges based on rights and responsibilities of the network users and their role in the company.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

1.1    Local Security Groups
• Administrators –After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admin group is added to the administrators group. The Administrators group has built-in capabilities that give its members full control over the system. The group is the default owner of any object that is created by a member of the group. Global Groups that are members of the Administrators group and have full control over the computer.

• Backup Operators – A type of local or global group contains the user rights you need to back up and restore files and folders. Members of the Backup Operators group can back up and restore files and folders regardless of ownership, permissions, encryption, or auditing settings.

• Guests – A built-in group  has only one member, the server’s built-in Guest account. The Group is used to allow members to log on to a computer running Windows 2000 when the user does not have an account on the computer or domain, or in any of the domains trusted by the computer’s domain. This group is not utilized by Lilly.

• Power Users – A built-in group has no members. This group does not exist on domain controllers. Power Users can create local users and groups; modify and delete accounts that they have created; and remove users from the Power Users, Users, and Guests groups. Power Users also can install most applications; create, manage, and delete local printers; and create and delete file shares.

1.2    User Accounts and Groups
The basic units of Network Security and Access Control are the User Accounts and Groups within Windows. A user account enables users to log on and gain access to local or domain resources. A Group is a collection of user accounts. Groups are used to simplify the management process of user and computer access to shared resources. Groups allow you to grant access permissions to multiple users at one time. There are two different types of User accounts and Groups in Windows:

Local and Global. The table below shows the basic types of users and their account structure;

TYPE
DESCRIPTION

Local User

Account

Created on individual servers where server resources and applications are located. These accounts are only capable of access to resources on the server where they reside.

Local

Group

Created on individual servers where server resources and applications are located. These groups only capable of access to resources on the server where they reside.

Global User

Account

Global user accounts are created in the Windows Active Directory structure. There are two uses for global user accounts:

• To allow an individual user access to server resources and applications.

• For applications or server management when the same application resides on multiple platforms

2.        RULES FOR ACCESS ING THE SERVER
After the discussion of the account types; it is essential to formulate rules for network users. To allow access to resources on Windows servers, the local and global users and groups must be granted privileges to those resources. The typical model is explained below;

• Global users are placed in global groups to allow for similar users to have access to the same resources.

• Global groups are placed in local groups on the server containing the resource. This allows multiple global groups to access the same resource.

• Local users can also be placed into local groups on the server containing the resource.

• Local groups are then assigned the appropriate privileges to the resource on the server. Each local group is used to manage a single resource on a server.

3.       PROCESS FOR GRANTING ACCESS
3.1     Local User Account
Platform level  access gives increased access to Windows platform resources. Privileges are rights, which are assigned to a user or group and specify allowable actions on the platform(s). To grant increased Platform level access, system administrators assign privileges by placing user accounts or global groups into local security groups on the local platform, or into global security groups Located on the domain controllers.

3.1.1    Changing Local Administrator Passwords
There will be a special Server Team responsible for the maintenance of the server Administrator passwords of all zones managed servers. The System Administrator of the team will change the local Administrator password every 60 days.

3.1.2     Global User Account
Each employee and contractor will have a uniquely identified Windows Global User Account. Any request for creation, modification and deletion of these accounts will be handled by IT Security team.

3.1.3     Changing the default domain Administrator Account Password
The Windows Server Team will be responsible for the Default Domain Administrator Account Password. The System Administrator of the team will change the Domain Administrator password every 60 days when password age expires.  When the Default Domain password is changed, it will be enclosed in a sealed envelope and placed in a secure location.

3.2    Non-Standard Account Request
The Non-Standard accounts include Application/Service accounts (an account intended for use by an application), Shared Accounts, and Privileged Accounts (an account created with elevated privileges, for administration purposes).

3.2.1      Creating New Non-Standard Accounts
1. The Creation process for Non-Standard Accounts will begins with a request submitted to IT Admin with the following information:

• The account name / Logon ID that is being requested.

• The requested location of the account (Local platform or domain level).

The IT Admin will type in the initial password for the user; which the user will change after logging in. If the password is to be sent by email; it will be in encrypted format.

3.2.2     Disabling existing Non-Standard Accounts
The workers who have left the company or the accounts that in no longer use would be disabled by IT Admin. The Manger will send a request to disable a specific account with the right reason/justification to disable the account. Once the account has been disabled; the respective manager will be notified via email or phone about the change request.

3.3     Local Groups
Local Groups are created on the servers to allow global groups to access the server. If  a local group does not have a corresponding Global Group, a data steward is assigned to oversee the membership of the local group.

3.4.1      Creating new Local Groups
In order to create a new Local Group, there must be a change request by respective dept IT Head; which should contain the following information:

• Server where local group resides

• Local group name

• Primary data steward name

• Primary data steward ID

• Backup data steward name

• Backup data steward ID

• Global groups that need to be added to group membership

• Local/Global users that need to be added to group membership

Once the request is received; the admin will analyse the request to take the following action to grant access;

• Create new local group

• Add accounts to a local group

• Add global groups to a local group

• Add permission to a local group

Thus a new local group will be created.

3.3.1     Deleting Local Groups
As the local groups are placeholders for the global groups, deletion of the local group may or may not coincide with the deletion of a global group. The process for deleting a local group is as following once the request for group deletion is received containing the following information.

• Server where group resides

• Local group name

• Reason for deleting the local group (server retired/ Group no longer needed)

After the deletion process the requestor is notified via email/phone.

REFERENCE:

Robert J. Thierauf, (1999). Knowledge Management Systems for Business . Quorum Books.

Jason Zandri, (2004). MCSE Windows Server 2003 Network Infrastructure . Que Publishing

Eric Maiwald, (2003). Fundamentals of Network Security. McGraw-Hill Professional.

;

x

Hi!
I'm Larry!

Would you like to get a custom essay? How about receiving a customized one?

Check it out