If there was ever a true statement, it is that in the modern day it is far too easy for a user to gain access to a large amount of extremely important, extremely sensitive data and potentially do massive damage to a legitimate company. Consider that less than ?ve years ago the average jump drive was about 128MB. Today, users are commonly seen with multiple-gigabyte jump drives and MP3 players that can mcsa range to nearly a terabyte in space. When you think about it, that?s a lot of data. And what's scary is that although computers and devices can contain more data, the fact is that what you can actually manage to do with a small amount of data has never changed. A corporate report, mail list, account ?le, or other sensitive piece of data might be only a few kilobytes or perhaps even less than that. Thus, a major concern you have to worry about with an enterprise is driver signing in order to ensure the authen- tication of authorized devices. As enterprise administrators, you Don't want users to be able to use any device except the ones you want them to use. Using Group Policy, you can achieve this. Furthermore, using Group Policy with Windows Server 2008 you can specifically control the type of device a user can install, the time periods they can use it, and hundreds of other options without the costly need for an administrator to be present for even the most minor administrative changes (such as allowing someone to install a jump drive). One of the ways you can accomplish this with Server 2008 is by implementing a driver store. A driver store is an area either on the local computer or on the network that is com-pletely dedicated to the installation of a device that is recognized and trusted by the enterprise or system administrator and that will not affect the rest of the computer. Therefore, any regu- lar user can have access to this area with the permission of a higher-level authority, such as yourself. You can also use your corporate structure?s certi?cate layout and use digitally signed certi?cates to make the device available to computers outside your network. But I'm getting a little ahead of myself. For now, you can concentrate on the fact that drivers in a secure mcitp enterprise administrator environment use digital certi?cates to sign the driver as an authoritative driver that won?t compromise the integrity of the environment. What this means is that the driver is authen- tic and intact. Otherwise?if the driver isn?t from a trusted source or is incomplete?this process will fail. In general, you can think of the process of driver signing in Windows Server as a linear process that loops back to the beginning toward the end, as shown in Figure 6.12.
Related Articles -
microsoft mcse, mcse 2008, mcitp enterprise administrator, MCSE Certifications,
|