1
00:00:06,460 --> 00:00:15,530
Let's take a closer look at the sign in process when a user attempts to sign into a computer the computer

2
00:00:15,550 --> 00:00:22,300
first it searches for a domain controller to authenticate the user by using DNS.

3
00:00:22,300 --> 00:00:30,670
Look up the computer then send the user name and password to the Domain Controller for authentication.

4
00:00:30,670 --> 00:00:38,540
The local security authority on the domain controller handles the actual authentication process.

5
00:00:38,620 --> 00:00:47,950
If the signing succeeds their LSA builds an access token for the user that contains the security I.D.

6
00:00:48,190 --> 00:00:52,750
for the use around and groups in which the user is a member.

7
00:00:52,840 --> 00:00:59,470
The token provides the access credentials for any process that the user initiates.

8
00:00:59,470 --> 00:01:09,580
For example after assigning to 80 days if a user attempts to open a Microsoft Word file vault uses the

9
00:01:09,580 --> 00:01:17,740
credentials in the user's access token to verify the level of the user's permissions for that file.

10
00:01:17,740 --> 00:01:27,280
Please note that a seat is a unique strain in the form of letters and numbers for example as the swan

11
00:01:27,280 --> 00:01:37,750
does five there's 25 followed by set or sets of numbers where else indicates that the string is in seed

12
00:01:38,010 --> 00:01:41,660
one stands for r or revision level.

13
00:01:41,710 --> 00:01:50,160
And in this case it's the first revision 5 stands for X that is identifier authority while you.

14
00:01:50,290 --> 00:01:58,580
That is fifth and tier authority then follows the main identifier and the last set of numbers.

15
00:01:58,600 --> 00:02:01,160
In this example it's 500.

16
00:02:01,180 --> 00:02:05,620
It's a relative identifier a read which is five.

17
00:02:05,780 --> 00:02:13,440
In this case every user and computer account and every group that you create has a unique seed.

18
00:02:13,450 --> 00:02:20,430
This sets differ from each other only because of the unique read the setting.

19
00:02:20,440 --> 00:02:26,300
This example is a well known seed for a domain administrator account.

20
00:02:26,350 --> 00:02:34,780
The default accounts and groups use well known sets the domain administrator account seed always and

21
00:02:34,810 --> 00:02:36,300
with 500.

22
00:02:36,370 --> 00:02:41,560
Also the signing process appears to the user rather single account.

23
00:02:41,620 --> 00:02:44,830
It consists of two parts the first part.

24
00:02:44,920 --> 00:02:47,240
The user provides credentials.

25
00:02:47,320 --> 00:02:54,670
Usually a user account name and password which are checked against the HDD database.

26
00:02:54,670 --> 00:03:01,900
If the user account name and password match the information stored in the 80 days database the user

27
00:03:01,900 --> 00:03:11,480
becomes an authenticated user and the domain controller issues the user TGT or ticket Grant and ticket.

28
00:03:11,560 --> 00:03:17,290
At this point the user does not have access to any resources on the network.

29
00:03:17,290 --> 00:03:25,750
A secondary processing the background submits the TGT to the Domain Controller and requests access to

30
00:03:25,750 --> 00:03:33,640
the local computer the domain controller issues a service ticket to the user who then can interact with

31
00:03:33,640 --> 00:03:35,290
the local computer.

32
00:03:35,290 --> 00:03:44,770
At this point in the process the user has authenticated to edit yes and signed in to the local computer.

33
00:03:44,830 --> 00:03:51,760
When a user subsequently attempts to connect to another computer on the network the secondary process

34
00:03:51,760 --> 00:03:57,230
runs again and the TGT is submitted to the nearest domain controller.

35
00:03:57,310 --> 00:04:03,550
When the Domain Controller returns a service ticket the user can access the computer on the network

36
00:04:03,850 --> 00:04:08,030
which generates a log on a wound at the computer.

37
00:04:08,050 --> 00:04:15,790
Please remember that domain joint computer also signs into ADT s when it starts.

38
00:04:15,790 --> 00:04:23,050
You do not see the transaction when the computer uses its computer account name and password to sign

39
00:04:23,050 --> 00:04:26,340
into a tedious after authentication.

40
00:04:26,380 --> 00:04:31,390
The computer becomes a member of the authenticated user group.

41
00:04:31,540 --> 00:04:40,080
Although the computer log on a wound does not have visual confirmation in a gooey they went like records

42
00:04:40,080 --> 00:04:40,460
it.

43
00:04:40,570 --> 00:04:47,840
Also if you have enabled auditing the security lock off we went through your records Additionally once.