Microsoft Windows Server 2003 Inside (Web design portfolio) Out Inside Out
Microsoft Windows Server 2003 Inside Out Inside Out Secondary logons can help safeguard the network Once implemented, secondary logons and the associated security precautions can help reduce the number of security incidents your organization experiences. We all know about administrators that fail to use screen savers or set their screen savers to such a long wait time that they are ineffective in protecting the system from passing users who might want to perform administration tasks. We all know how irregularly most people, including administrators, change passwords, even when password policies are enforced. But did you also know about fake logons (Trojan horses) that can be used to collect your logon information and relay it to those who want to break into your systems? Basically, if you browse the Web, a page containing the Trojan horse code could be downloaded to your computer. Once it s there, the Trojan horse could collect your logon and password and use them to wreak havoc on the computer and the network. If you are using an ordinary user account rather than an Administrator account, the intruder will have at best limited access instead of free run of the network and it is the free run of the network offered by an Administrator account that can jeopardize the security of the entire organization. Secondary logons are enabled by using the Secondary Logon service, which is installed and enabled by default in Windows Server 2003 (as well as in Windows 2000). When this service is running, administrators can log on to the network using an ordinary user account and then switch to the secondary logon to run programs as an administrator. Keep in mind that, by default, ordinary users cannot log on to servers, so administrators must log on locally with their Administrator accounts, which should have the Log On Locally privilege. Note Not all tasks can be handled by using the secondary logon. Some administration tasks, such as setting system runtime parameters, require an interactive logon and do not support the secondary logon. This means that you must log on to the computer using the Administrator account to manage these tasks. Running Programs Using the Secondary Logon You can use one of two techniques to run programs using a different user account: . To run administrative tools and most other programs using the secondary logon, right-click the desired program, and select Run As. . To run Control Panel tools using the secondary logon, hold down the Shift key while right-clicking the desired tool, then select Run As. Chapter 12 370 Part 4: Managing Windows Server 2003 Systems
Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.