Security Domains and the Domain Account Manager (Windows)

Concepts

A domain is a repository of user and group accounts and defines account policies. You should manage domains carefully. Ensure that the administrator password is kept secret. Protect access to the host machine because all domain account data on the hosting machine are not yet encrypted. Anyone with access to the host machine can easily damage or alter domain account data, gain unauthorized access, or take over the domain.

You can use the Domain Manager to create and destroy domains, enforce domain policies, and manage user and group accounts within domains locally or remotely. The Domain Manager is especially useful when managing remote domains without being physically present at the remote machine that hosts the domain. The authentication protocol is secured with built-in data encryption and data integration.

In LabVIEW DSC, any user-level or group-level access control security, such as VI Server access control, needs users or groups. You must use the Domain Manager to create and manage those accounts.

How-To

Launching the Domain Manager

1. Select Tools»Security»Domain Account Manager to launch the Domain Manager.
2. The Domain Manager uses the National Instruments PSP Server Locator service to detect all remote domains.

Creating a Local Domain

1. Select Tools»Security»Domain Account Manager to launch the Domain Manager. If a local domain exists on the machine, the Domain Manager automatically loads the local domain. Otherwise, you can create a local domain if the domain service is running.
2. In the Domain Manager, select File»New»Local Domain to display the Domain Properties dialog box.
3. Click the General tab and enter a name for the domain in the Domain text box.
4. Click the Account Access tab and enter minimum and maximum password lengths and the password expiration date.

Note  Password length and expiration apply as the default setting for all user accounts in the domain.

5. Click the Access Control tab and add machines or IP addresses to the Grant List or Deny List. Active List specifies which list is currently in use.
6. Click the OK button. The Domain Manager then displays the NI Security Change Password dialog box.
7. Enter a password for the Administrator account.
8. Click the OK button.

Note  When the Domain Manager creates a local domain, a list of built-in users and groups also are created by default. The built-in users includes Administrator and Guests, and the built-in groups includes Administrators, Guests, and Operators.

Importing a Lookout.sec Account

1. In the Domain Manager, select File»New»Import Lookout 4.x Security File.

Note  If a local domain already exists, the Import Lookout 4.x Security File item is disabled.

2. Click the General tab and enter a name for the domain in the Domain text box.
3. Click the Account Access tab and enter minimum and maximum password lengths and the password expiration date.

Note  Password length and expiration apply as the default setting for all user accounts in the domain.

4. Click the Access Control tab and add machines or IP addresses to the Grant List or Deny List. Active List specifies which list is currently in use.
5. Click the OK button. The Domain Manager displays the NI Security Change Password dialog box.
6. Enter a password for the Administrator account.
7. Click the OK button.
8. Enter the default password for all users.
9. Click the OK button.

Logging In to a Domain

The Domain Manager can detect an existing local domain or add remote domain. However you must login as administrator to manage accounts on those domains. Otherwise the Domain Manager displays only user and group accounts on the domain and disables modifications to those accounts.

1. Select a domain in the domain list and select Domain»Login or right-click the domain in the domain list and select Login from the shortcut menu to display the NI Security Login dialog box.
2. Enter the username and password.

Note  This login user must be an administrator or a member of the Administrators group.

3. Click the OK button.

Logging Out of a Domain

If you have already logged into a domain, you can logout of the domain. Select a domain in the domain list and select Domain»Logout or right-click the domain in the domain list and select Logout from the shortcut menu to logout of the domain.

Destroying a Local Domain

In the domain list, select the local domain previously logged into and select Domain»Destroy Local Domain or right-click the local domain and select Destroy Local Domain from the shortcut menu.

Adding a Remote Domain

1. In the Domain Manager, select Domain»Browse for Domains or right-click the domain list and select Browse for Domains from the shortcut menu.
2. Select the remote domain you want to manage.
3. Click the Refresh button to update the remote domain list.
4. Click the OK button.

Removing a Remote Domain from View

Select a domain in Network Domains and select Edit»Remove From View or right-click the domain and select Remove From View from the shortcut menu.

Note  Removing a domain from view does not destroy the domain.

Creating Domain Users

1. In the Domain Manager, select the domain in which you want to create new users.
2. Select File»New»User or right-click the users list and select New from the shortcut menu to display the User Properties dialog box.
3. Click the General tab and enter the user name in the User name text box.
4. Enter the user's full name in the Full name text box.
5. Enter a description in the Description text box.
6. Place a checkmark in the Account is locked checkbox if you want to lock a user account without removing the user from the domain.
7. Click the Change Password button to enter a password for the user. The Domain Manager displays the NI Security Change Password dialog box.
8. Enter a new password in the New password text box and re-enter that password in the Confirm password text box. Click the OK button.
9. Click the Memberships tab. Add this user to a group by selecting the group in the Domain groups list and clicking the left arrow button. To remove the user from membership in a group, select a group in User groups list and click the right arrow button.
10. Click the OK button.

Viewing Domain User Properties

1. In the Domain Manager, select the domain in the domain list and the user account whose properties.
2. Select Edit»Properties or right-click the users list and select Properties to display the Users Properties dialog box. You cannot change the user name, but you can configure other settings.

Creating Domain Groups

1. In the Domain Manager, select the domain in the domain list in which you want to create new groups.
2. Select File»New»Group or right-click the Groups list and select New from the shortcut menu to display the Group Properties dialog box.
3. Enter the group name in the Group name text box.
4. Enter a description in the Description text box.
5. To add users to the group, select the user in the Domain users list and click the left arrow button. To remove a user from the group, select a user in Group users list and click the right arrow button.
6. Click the OK button.

Viewing Domain Group Properties

1. In the Domain Manager, select the domain in the domain list and the group account from the group list.
2. Select Edit»Properties or right-click a group in the group list and select Properties from the shortcut menu to display the Group Properties dialog box. You cannot change the group name, but you can configure other settings.

Destroying a User or Group

Destroying a user or group invalidates all previous users. Even if you recreate a user or group with the same name, the internal ID is different. Because the access control list keeps track of user and group ID, entries in the access control list might become invalid.

Resources

• Enhanced System Security with the LabVIEW Datalogging and Supervisory Control Module - NI Developer Zone
• Enhanced System Security with the LabVIEW Datalogging and Supervisory Control Module - NI Developer Zone
• New HTML Manuals and Help Systems - NI Developer Zone

转载于:https://www.cnblogs.com/Qia_sky/archive/2006/01/09/314076.html