Account Attributes and Access Policies
- A user account is defined by:
- a unique security identifier (SID)
- value assigned to an account by Windows and that is used by the operating system to identify that account
- a name
- and a credential
- Each account is associated with a profile
- profile can be defined with custom identity attributes describing the user
- full name
- email address
- contact number
- department
- profile picture
- etc.
- will usually provide a location for storing user-generated data files
- can store per-account settings for software applications
- Each account can be assigned
- permissions over files and other network resources
- assigned directly or inherited through security group or role
- and access policies or privileges over the use and configuration of network hosts
- determine rights such as:
- log on to a computer locally or via a remote desktop
- install software
- change the network configuration
- etc.