🔐

Security Principals in Windows Server 2003

Jun 20, 2025

Overview

This lecture explains the concept of security principals in Windows Server 2003, their types, roles in authentication and authorization, and related technologies.

What Are Security Principals?

  • Security principals are entities that can be authenticated by the system, such as users, computers, or processes.
  • Every security principal is assigned a unique security identifier (SID) upon creation.
  • Security principals are core to controlling access to resources in Windows Server 2003.

Accounts and Security Groups

  • Accounts and security groups in an Active Directory domain are objects used to manage access to domain resources.
  • Local user accounts and local groups are created on individual computers and managed by the Security Accounts Manager (SAM).
  • User accounts identify and authenticate users, allowing the system to enforce access authorization and audit user activities.

User Accounts

  • User accounts allow users to log on with unique identities that can be authenticated.
  • They enable authorization (grant/deny access) to resources based on assigned permissions.

Security Groups

  • Security groups are collections of user accounts, computer accounts, and other groups managed as a single unit.
  • Groups simplify administration by allowing permissions to be managed for multiple users at once.
  • Groups can be based in Active Directory or local to a specific computer.
  • Built-in groups come with default rights; custom groups can be created for organizational needs.
  • Groups help implement role-based access control and keep access control lists (ACLs) manageable.

Technologies Related to Security Principals

  • Each security principal receives a SID used in access control.
  • Access tokens created after authentication contain the user SID and all group SIDs, determining resource access.
  • Security descriptors and access control lists (ACLs) define which SIDs can or cannot access objects.
  • Permissions are assigned to security principals to control access to files, directories, and other securable objects.

Key Terms & Definitions

  • Security Principal — An entity (user, group, computer, or process) that can be authenticated by the system.
  • SID (Security Identifier) — A unique identifier assigned to each security principal.
  • User Account — Identifies and authenticates users, enabling authorization and auditing.
  • Security Group — A collection of accounts/groups used to simplify permission management.
  • SAM (Security Accounts Manager) — The database managing local accounts and groups.
  • Access Token — Contains SIDs for a user and all their groups; used for resource access decisions.
  • Security Descriptor — Data structure that includes ACLs controlling access to resources.
  • ACL (Access Control List) — List of permissions associated with a resource.

Action Items / Next Steps

  • Review related technical references on SIDs, access tokens, security descriptors, permissions, and authentication technologies.

View note sourcehttps://technet.microsoft.com/en-us/library/cc780957%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396