Identity Management and Access Control
Updated: May 8, 2008
This page provides information for the IT professional about features and technologies that provide a central way of managing credentials and technologies to allow only legitimate users access to devices, applications, and data.
Access Control and Authorization
Security configuration guidance support
The "File system and registry access control list modifications" section of this Knowledge Base article provides guidance for your access control strategy when Windows Vista is deployed in an environment that includes other Windows operating systems.
Changes to the default NTFS Discretionary Access Control List (DACL) settings in Windows Vista
This Knowledge Base article describes discretionary access control list (DACL) settings in Windows Vista and includes steps for defining a protected drive DACL, defining a protected directory for a specific user, and disabling data drive migration when you build an image.
This command reference topic describes how to display or modify DACLs on specified files and how to apply stored DACLs to files in specified directories.
Security Identifiers (SIDs) New for Windows Vista
This reference article describes the new OwnerRights SID for Windows Vista. For information about other well-known SIDs, see How Security Identifiers Work.
Security: New ACLs Improve Security in Windows Vista
This TechNet Magazine article discusses the changes in access control lists (ACLs) for Windows Vista, how ACLs support User Account Control, administrator account changes, trusted installer permissions, and modified users and groups.
Security Watch: Tools for Managing ACLs
This TechNet Magazine article discusses tools to help automate and simplify tasks in regards to permissions and ACLs in Windows Vista.
Description of the Special Groups feature in Windows Vista and in Windows Server 2008
This article in the Microsoft Knowledge Base explains how an administrator can designate a group as special by adding the group SID to the registry. This enables an event to be logged in Event Viewer each time a member of that group logs on to the network.
Identity and Authentication
Winlogon Notification Packages Removed: Impact on Windows Vista Planning and Deployment
This reference article describes the impact of Winlogon not loading the Winlogon notification packages after upgrading to Windows Vista. It describes how to use the Service Control Manager (SCM) instead, which has notifications corresponding to most of the Winlogon notifications.
Windows Vista Authentication Features
These product evaluation articles describe the authentication changes in Windows Vista, including enhancements to Kerberos, improvements to smart card administration and authentication, and changes to previous logon information.
Authentication Protocols: Troubleshooting Events and Errors for Kerberos
These troubleshooting articles provide steps to resolve and verify solutions for two Kerberos managed entities: Kerberos client and Kerberos Key Distribution Center.
Windows Logon and Initialization: Troubleshooting Events and Errors
These troubleshooting articles provide steps to resolve and verify solutions for Windows logon and Windows initialization events and errors.
The MS-CHAP version 1 authentication protocol has been deprecated in Windows Vista
This Knowledge Base article describes the replacement of the MS-CHAP version 1 authentication protocol with version 2 in Windows Vista.
AC: Microsoft Graphical Identification and Authentication (GINA)
This MSDN application compatibility article describes changes to the logon user interface in Windows Vista with the replacement of the GINA module with credential providers. This change will cause logon failures to GINA-based applications.
Windows Vista: Enterprise Networking with Windows Vista
This TechNet Magazine article provides information about the Next Generation TCP/IP stack, user-focused networking tools, improving network security, and simplifying network management.