Public Access Catalog workstation groups. The risk is that a user, who is Windows competent, will use escape sequences to exit to Task Manager, or Program Manager, and then access File Manager, or other facilities. Under NT security the administrator can effectively deny access to everything that would normally be available on the desktop. It is possible to completely eliminate from the desktop all icons, as well as program groups. Further, many other privilege and control features may be installed so that operators and other authorized personnel can maintain system needs.NT uses SIDs rather than names (which might not be unique) to identify entities that perform actions in a system. Users, local and domain groups, local computers, domains, and domain members have SIDs. A SID is a variable-length numeric value that consists of a SID revision number, a 48-bit identifier authority value, and a variable number of 32-bit subauthority or Relative Identifier (RID) values. The authority value identifies the agent that issued the SID, and this agent is typically an NT local system or a domain. Subauthority values identify trustees relative to the issuing authority, and RIDs are simply a way for NT to create unique SIDs from a base SID. Because SIDS are long and NT takes care to generate truly random values within each SID, it is virtually impossible for NT to issue duplicate SIDs on machines or domains anywhere in the world.NT implements a secure logon process that takes as input a username and password and returns as output to the OS SIDs that identify the user's account and the groups the account belongs to. In the first step of the secure logon process, NT recognizes the SAS and prompts the user for identification and a password. The winlogon.exe program is responsible for presenting NT's logon dialog boxes. Instead of containing a built-in user interface, Winlogon loads the interface dynamically. This strategy lets third-party vendors imp...
