Windows Server 2008 R2 Active Directory

I keep getting asked :  Name 2 security principals?

I thought security principals in AD could be  objects:  Users, computers.

Can someone explain how to answer that question.

thanks
techgeniousAsked:
Who is Participating?
 
albeloConnect With a Mentor Commented:
The answer would be Active Directory Accounts(User and Computer) and Security Groups.  This is of course if they question is indeed regarding Active Directory.  These are also known as Security Principals:

Everyone             (S-1-1-0)      Included in the access token for all users, including the Guest account; included in the access token for anonymous users if the Network Access: Let Everyone permissions apply to anonymous users policy setting is enabled

Creator Owner            (S-1-3-0)      Placeholder used for permission inheritance between parent and child objects; for child objects, Creator Owner permissions are replaced by permissions for the object's actual owner

Creator Group             (S-1-3-1)      Placeholder used for permission inheritance between parent and child objects; for child objects, Creator Group permissions are replaced by permissions for the primary group of the object's actual owner

Dialup                  (S-1-5-1)            Included in the access token for all users logged on through a dial-up or VPN connection

Network             (S-1-5-2)      Included in the access token for all users logged on through a network connection

Batch                   (S-1-5-3)            Included in the access token for all users logged on through a batch scheduler connection

Interactive             (S-1-5-4)      Included in the access token for all users logged on interactively

Service                  (S-1-5-6)      Included in the access token for all principals logged on as a service

Anonymous            (S-1-5-7)      Included in the access token for all users logged on anonymously

Self                   (S-1-5-10)      Placeholder for the object itself; can be useful for permission inheritance between parent and child objects

Authenticated Users      (S-1-5-11)      Included in the access token for all users authenticated to the OS; included in the access token for the Guest account in XP and Win2K; doesn't include the Guest account in Windows 2003 and XP SP2

Terminal Server User      (S-1-5-13)      Included in the access token for all users logged on using Terminal Services 4.0 application compatibility mode

System                  (S-1-5-18)      Represents the local system

Restricted Code            (S-1-5-12)      Added to the user's access token when using RunAs with the Run this program with restricted access option in Windows 2003 or the Protect my computer and data from unauthorized program activity option in XP

Remote Interactive Logon(S-1-5-14)      Added to the user's access token when the user is logged on using Terminal Services or RDP; lets you assign permissions to users logged on via Terminal Services or RDP

This Organization      (S-1-5-15)      Used for forest trust and external trust selective authentication; selective authentication lets administrators distinguish users from the trusted forest/domain and users from the trusting forest/domain when dealing with access control settings; added to the access tokens in the trusting forest/domain of users who are defined in the trusting forest/domain (see Other Organization)

Local Service             (S-1-5-19)      Least privilege service account for services that need access only to local data, not to other computers on the network

Network Service       (S-1-5-20)      Least privilege service account for services that need access to other computers on the network

NTLM Authentication      (S-1-5-64-10)      Lets you set special permissions for down-level clients authenticating by the less-secure NTLM protocol; added to the user's access token when the user logs on to a DC using NTLM; can be used in a deny access control entry (ACE) to restrict access to resources

SChannel Authentication      (S-1-5-64-14)      Lets you set special permissions for clients authenticating via a secure channel (e.g., HTTP Secure—HTTPS—authentication to a Microsoft IIS server, LDAP authentication to a Windows DC)

Digest Authentication      (S-1-5-64-21)      Authentication packet that enables HTTP digest authentication on an IIS server; lets you specify who can log on using digest authentication

Other Organization       (S-1-5-1000)      Used for forest trust and external trust selective authentication; lets youdistinguish users from the trusted forest/domain and users from the trusting forest/domain when dealing with access control settings; added to the access tokens in the trusting forest/domain of users who are defined in the trusted forest/domain (see This Organization)

Enterprise Domain Controllers (S-1-5-9)      Included in the access token for all DCs in a Windows AD forest
0
 
Charlie2012Commented:
I think this is what you are looking for:

http://support.microsoft.com/kb/243330
0
 
techgeniousAuthor Commented:
This is not what I am looking for, all I want to know what is give me 2 examples of a security principal.
0
 
albeloCommented:
Security principals include the following:

Any entity that can be authenticated by the system, such as a user account, a computer account, or a thread or process that runs in the security context of a user or computer account.

Security groups of these accounts.

http://technet.microsoft.com/en-us/library/cc780957(v=ws.10).aspx
0
 
techgeniousAuthor Commented:
Good answer what for i am looking for
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.