View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
Smart cards are cards about the size of a credit card.
Login information can be stored on the smart card, making it difficult for anyone except the intended user to use or access it.
Security operations, such as cryptographic functions, are performed on the smart card itself rather than on the network server or local computer. This provides a higher level of security for sensitive transactions.
You should not use an account possessing administrative privileges for daily tasks, such as browsing the Web or monitoring email.
Administrative accounts should be reserved for tasks that require administrator privileges.
Using the Administrator account or an account that is a member of Domain Admins, Enterprise Admins, or Schema Admins for daily tasks offers an opportunity for hackers to attack your network and potentially cause severe and irreversible damage.
Limiting the use of the Administrator account for daily tasks, such as email, application use, and access to the Internet, reduces the potential for this type of damage.
The recommended solution for reducing the risks associated with the Administrator account is to use a standard user account and the Run as administrator option in the GUI or the runas command-line tool when it is necessary to perform an administrative task.
The Run as administrator or runas option allows you to maintain your primary logon as a standard user and creates a secondary session for access to an administrative tool.
During the use of a program or tool opened using Run as administrator or runas, your administrative credentials are valid only until you close that program or tool.
Run as administrator and runas require the Secondary Logon service to be running.
The runas command-line tool is not limited to administrator accounts. You can use runas to log on with separate credentials from any account. This can be a valuable tool in testing resource access permissions.
If you are using User Account Control, you may be prompted for administrative credentials when performing system tasks
You can access the Run as Administrator option if you by find the program you want to start from the Start button, and press and hold the Shift key, right-click the desired application, and select the Run as administrator option.
Windows Server 2008 allows you to restructure your Active Directory database by moving leaf objects such as users, computers, and printers between OUs, in addition to moving OUs into other OUs to create a nested structure.
When you move objects between OUs in a domain, permissions that are assigned directly to objects remain the same.
Objects inherit permissions from the new OU.
All permissions that were inherited previously from the old OU no longer affect the objects.
Moving objects between containers and OUs within a domain can be achieved by using the Move menu command, the drag-and-drop feature in Active Directory Users and Computers, or the dsmove utility from a command line.