The Experts below are selected from a list of 3363 Experts worldwide ranked by ideXlab platform

Jeffery Hicks - One of the best experts on this subject based on the ideXlab platform.

  • Managing Active Directory with Windows PowerShell: TFM
    2008
    Co-Authors: Jeffery Hicks
    Abstract:

    So you're got Active Directory and PowerShell. how do you make them work together? Find out in Managing Active Directory with Windows PowerShell: TFM. You'll not only learn about managing Active Directory users and groups with PowerShell, but also computer Accounts, group policy, Active Directory infrastructure and more. Coverage includes how to use "out of the box" PowerShell features like the [ADSI] type adapter, as well as 3rd party solutions such as the Quest Software Active Roles Management Shell for Active Directory. Inside you'll find plenty of real-world and practical examples, including complete scripts you can use right now to get your job done faster and more efficiently! This book is not only the definitive guide to Managing Active Directory, but also local directory services. Need to manage the local Administrator Account on 1000 servers? Need to find out who belongs to the local Administrators group on those 1000 servers? You can easily accomplish these tasks and more with PowerShell right from your desktop. If you are just getting started with PowerShell or need a quick refresher, jump in with the PowerShell Crash Course in Chapter 1 and hit the ground running. Managing Active Directory with Windows PowerShell: TFM can be used as a reference guide or read cover to cover as a thorough tutorial led by a Windows PowerShell MVP. PowerShell will be The Windows management tool, so why wait?

  • Managing Active Directory with Windows Powershell: Tfm, 2nd Edition
    2008
    Co-Authors: Jeffery Hicks
    Abstract:

    So you've got Active Directory and PowerShell... how do you make them work together? How do you add 500 new user Accounts complete with group membership using only a few commands? How do you find all your obsolete computer Accounts and move them to another OU? How do you create a report of all your empty groups? Find out in Managing Active Directory with Windows PowerShell: TFM 2 nd Ed. You'll not only learn about managing Active Directory users and groups with PowerShell, but also computer Accounts, group policy, Active Directory infrastructure and more. Revised and expanded with over 85% new material, coverage includes PowerShell solutions from Microsoft, Quest Software, and SDM Software as well as "out of the box" PowerShell features like the [ADSI] type adapter. Inside you'll find plenty of real-world and practical examples, including complete scripts you can use right now to get your job done faster and more efficiently! This book is not only the definitive guide to managing Active Directory, but also local directory services. Need to manage the local Administrator Account on 1000 servers? Need to find out who belongs to the local Administrators group on those 1000 servers? You can easily accomplish these tasks and more with PowerShell right from your desktop. Managing Active Directory with Windows PowerShell: TFM 2 nd Edition can be used as a reference "cookbook" or read cover to cover as a thorough tutorial led by a Windows PowerShell MVP and Active Directory expert. PowerShell IS the Microsoft Windows management tool of today, so what are you waiting for?

Heshun Wang - One of the best experts on this subject based on the ideXlab platform.

  • A Device Management System Based on JAVAEE WEB
    2009 International Conference on Management and Service Science, 2009
    Co-Authors: Heshun Wang
    Abstract:

    For raising the market competition ability and management level of business enterprise, through analyzing the difference between C/S (Client/Server) based system and JAVAEE Web based system, a Device Management System (DMS) Based on JAVAEE Web is proposed. Mainly adopts these JAVAEE framework technologies: struts, spring, and hibernate constructs the systematic architecture together. And MD5 encryption algorithm is used to ensure the safety of Administrator Account. The system covers basic information edition, depreciation calculation, maintenance management, lends/return management, file management and report print. With the flexibility features of JAVAEE technology, it creates higher safety, efficiency and transplant.

Guido Grillenmeier - One of the best experts on this subject based on the ideXlab platform.

  • 11 – Active Directory Delegation
    Microsoft Windows Security Fundamentals, 2007
    Co-Authors: Jan De Clercq, Guido Grillenmeier
    Abstract:

    Publisher Summary This chapter describes the challenges and best practices for planning an Active Directory AD delegation model. AD enables Administrators to assign permissions to all directory objects at a very granular level in order to delegate Windows AD infrastructure-related administrative tasks to a particular Administrator Account or group. When planning and designing an AD delegation model, Administrators need to leverage this capability carefully to differentiate who can see or do what in which part of a directory. Most companies that implement a Microsoft Active Directory-based network infrastructure today try to gain more central control over management of their users, computers, and related AD objects. Compliancy regulations have forced stricter control over changes in most parts of a company's IT infrastructure, which cannot be guaranteed by granting high administrative privileges such as Enterprise Admins, Domain Admins, or Account Operators to too many IT employees. Usually, decentralized IT operators in wide geographical locations require daily repetitive administrative tasks, such as adding computers to the domain, resetting a user's password, or managing group memberships. All this can be achieved by implementing an efficient AD delegation model, which can ensure increased overall security and the ability to audit changes of a company's IT infrastructure. The chapter also discusses general AD delegation guidelines that include controlling password management, honoring least privilege for AD administration, and designing roles for AD regulation. Microsoft provides a number of options to support setting up the permissions for administrative delegation in AD: the ACL editor, The AD delegation wizard, The DSACLs commandline tool, and APIs that can be used to fully script security settings. The other topics detailed are hiding objects in AD and third-party AD delegation tools.

Takuho Mitsunaga - One of the best experts on this subject based on the ideXlab platform.

  • Detecting Abuse of Domain Administrator Privilege Using Windows Event Log
    2018 IEEE Conference on Application Information and Network Security (AINS), 2018
    Co-Authors: Mariko Fujimoto, Wataru Matsuda, Takuho Mitsunaga
    Abstract:

    In an Advanced persistent threat(APT) attack, attackers that infiltrate into an organization network tend to stay inside the network until they are able to accomplish their final goal that may include exploiting sensitive information. When Active Directory is in place, attackers try to obtain a Domain Administrator Account which has a privilege to control all users and files in the AD environment. There are several methods for attackers to abuse a legitimate Domain Administrator Account. One is to exploit vulnerabilities on Active Directory such as CVE-2014-0317. The other is to steal credentials with password dump tools such as mimikatz. Moreover, attackers are likely to create a backdoor that disguises itself as a legitimate Domain Administrator Account called a “Golden Ticket”, in order to obtain long-term administrative privilege. If an attacker abuses a legitimate Domain Administrator Account, it is not easy to differentiate a legitimate access and an malicious access. In order to overcome this difficulty, several methods have already been proposed for detecting attacks against AD by analyzing Windows event logs. Each detection method is useful under specific conditions, however none of them cover the entire scope of multiple attacking methods. In this research, we clarify and evaluate the effectiveness of existing methods using a dataset, and propose a new detection algorithm with improved detection rate.

Bryan E. Snook - One of the best experts on this subject based on the ideXlab platform.

  • Automated Computer Access Request System
    2010
    Co-Authors: Bryan E. Snook
    Abstract:

    The Automated Computer Access Request (AutoCAR) system is a Web-based Account provisioning application that replaces the time-consuming paper-based computer-access request process at Johnson Space Center (JSC). Auto- CAR combines rules-based and role-based functionality in one application to provide a centralized system that is easily and widely accessible. The system features a work-flow engine that facilitates request routing, a user registration directory containing contact information and user metadata, an access request submission and tracking process, and a system Administrator Account management component. This provides full, end-to-end disposition approval chain Accountability from the moment a request is submitted. By blending both rules-based and rolebased functionality, AutoCAR has the flexibility to route requests based on a user s nationality, JSC affiliation status, and other export-control requirements, while ensuring a user s request is addressed by either a primary or backup approver. All user Accounts that are tracked in AutoCAR are recorded and mapped to the native operating system schema on the target platform where user Accounts reside. This allows for future extensibility for supporting creation, deletion, and Account management directly on the target platforms by way of AutoCAR. The system s directory-based lookup and day-today change analysis of directory information determines personnel moves, deletions, and additions, and automatically notifies a user via e-mail to revalidate his/her Account access as a result of such changes. AutoCAR is a Microsoft classic active server page (ASP) application hosted on a Microsoft Internet Information Server (IIS).