[超级求助]十万火急!谁能解决这个问题?我服了他
时间:2010-08-19
来源:互联网
远程的2003server系统上出现了一个怪问题,情况是:比如新建了一个用户,对某一个文件夹的权限中添加此用户是弹出这么一个提示(图1);给某一个用户分配组的时候出现了图2的错误,谷歌百度查了好久没有结果,不知道哪位大侠可以解决这个问题?
(图1)
(图2)
(图1)
(图2)
作者: zhwnotcry 发布时间: 2010-08-19
BLP model & security properties
BLP AspectJ for Multilevel Security
BLP 正式的安全模型和SharePoint
A security model is an abstract layer to security that provides multiple levels of security in which a user cannot read or manipulate data through the user of tiers.安全模式是一個抽象層的安全,提供了多種級別的安全中,用戶不能讀取或操作數據通過用戶的層次。 Security models are based on principles of creating multiple levels of objects and subjects, by which there can be a conceptual approach made to securing SharePoint.安全模型是基於原則建立多層次的對象和主題,其中可以有一個概念方法作出保證共享點。
Bell-LaPadula (BLP) Security Model 貝爾拉帕杜拉(的BLP)安全模型
BLP is a security model that relies on the overlying concept of state machine concepts, and focuses mostly on the C on the CIA triad.的BLP安全模型是一個依賴於覆蓋其上的概念,狀態機的概念,主要注重於對美國中央情報局的C黑社會。
By leveraging the concept of state machines is that a machine change can only occur at discrete points in time and that when the state of a machine can only be altered by a state transaction.通過利用國家機器的概念是,一台機器發生的變化只能在離散的時間點,當一台機器的狀態只能改變一國的事務。
This allows the environment to capture itself in its initial state where it is considered healthy and secure, and repeatedly capture the snapshots of the machine which are its states.這使得本身的環境,以捕捉在其初始狀態,它被認為是健康和安全,並多次捕捉到快照的機器,是其狀態。 This allows analysis of machine as to whether a state transaction has placed the machine in a insecure state, and ensures that the machines starts securely, commit actions securely, and allow objects to be manipulated in a secure state.這使得分析機,以一國是否交易已放置在一個不安全的國家機器,並確保安全的機器啟動,承諾行動安全,並允許對象被操縱在一個安全的狀態。
The way that the model works is:該工程的方法,該模型是:
No reading from lower levels to upper levels沒有閱讀水平較低的水平上
No writing from upper levels to lower levels沒有文字由上級給下級
Data can move between various levels, however how this data is moved is defined by transition functions.數據可以不同層次之間移動,但這一數據是如何提出的定義是轉變職能。 These functions ensure that the initial security state of the data is maintained, and the destination security state can also be considered concerned.這些功能可以確保安全的初始狀態的數據被保留,並且目標安全狀態也可以考慮關注。
There are three multi-level properties that exist in he BLP model:有3個多層次的屬性,存在於他BLP模型:
Discretionary Security Property (DS) – specify the discretionary access control by using an access matrix自由裁量安全屬性(副) - 指定的自由訪問控制使用訪問矩陣
Simple Secure Property (SS) – transition function that states that a subject trying to access an object at higher level is not permitted簡單安全屬性(不銹鋼) - 轉移函數,指出主題試圖訪問一個對象在較高的水平是不容許的
Star Property – transition function that states that a subject trying to write down to an object at a lower level is not permitted三星物產 - 過渡功能,指出主題試圖寫下一個對象在一個較低的水平是不容許的
Leveraging this particular security model means that a user will not be able to push or pull various objects beyond their related security levels.利用這個安全模型意味著用戶將不能推或拉的各種對象超出其相關的安全水平。 This is particuarlly helpful within organizations that must maintain a classification system, since users will not able to write sensitive information where other users whom don't meet the classification standard would be able to read it, as well users that are at a lower level are not able to directly access information that is beyond there classification level.這是particuarlly有助於組織內,必須保持一個分類系統,因為用戶將無法寫在其他用戶的敏感信息的人不符合分類標準將能夠讀取它,以及用戶處於較低水平無法直接訪問信息的分類級別有超越。
Biba Security Model 比巴安全模型
The Biba security model is in essence the opposite of the BLP system, since it promotes no reading down and no writing up.該比巴安全模型在本質上是相反的二層規劃系統,因為它可以促進沒有下來,沒有文字閱讀起來。 The transition functions of the Biba system are:過渡的職能比芭系統有:
Simple Integrity – A subject at a high level of integrity is not able to read the objects that exist at a low level of integrity簡單的完整性 - 一個主題在一個較高的水平,完整性無法讀取的對象,存在於一個低水平的完整性
Star Integrity – A subject cannot write objects from a lower level of integrity to a higher level of integrity誠信之星 - 一個題目寫不了物體從一個較低的水平向更高層次完整的完整性
The way that the Biba model functions is on the concept that objects which spawn from a lower level of integrity can't be pushed to a higher level which might pollute a higher level of integrity.該方式的Biba模型的功能是在概念,物體從一個較低的水平生成的完整不能推到一個更高的水平可能污染較高水平的完整性。 By insuring that information can only travel from higher levels of integrity to those at a lower level, safeguarding the environment.通過投保旅行的信息只能從更高層次的完整那些在一個較低的水平,保護環境。
Clark-Wilson (CW) Security Model 克拉克威爾遜(連續)安全模型
The Clark-Wilson model focuses on the I on the CIA triad.克拉克- Wilson模型的重點是我在中央情報局黑社會。 To promote the integrity of the environment, the Clark-Wilson model focuses on two main objectives:為了促進環境的完整性,克拉克威爾遜模型著重於兩個主要目標:
Internal and external consistency內部和外部的一致性
Managing changes for users, unauthorized users should make no changes and authorized users should not make unauthorized changes管理變更為用戶,未經授權的用戶應該沒有修改,並授權用戶不應使未經授權的更改
The central portion that builds the CW model is the need for consistency, as stated in the above there are two types of consistency that exist:中央部分是建立在連續模式是必要的一致性,正如以上情況,有兩種類型的一致性存在:
Internal Consistency – Security policies of the operating system that are related to SharePoint內部一致性 - 安全政策的操作系統有關係到SharePoint
External Consistency – Internal state of the system as it related to end-users that are controlled by either SharePoint or other software products.外部一致性 - 內部狀態的系統,因為它涉及到最終用戶,無論是控制SharePoint或其他軟件產品。
There are two main operations that provide the basis for the CW model:有兩個主要的操作提供依據的連續模型:
Separation Of Duties (Promotes External Security) – By having a true separation of duties for users, it can be ensured that not one person has complete control over a system and that there are always failover mechanisms that are in place職責分離(促進外部安全) - 由有一個真正的職責分離的用戶,可以確保沒有一個人有一個完整的控制制度,總有故障轉移機制已到位
Well-Formed Transactions (Promotes Internal Security) – Data or data processes is never directly controlled by users, however they have access to applications that can manipulate these assets.格式良好的交易(促進內部安全) - 資料或數據過程是沒有直接控制用戶,但他們能夠獲得的應用程序可以操作這些資產。 It is important to note that the user will never have access to the data directly.重要的是要注意,用戶將不會獲得直接的數據。
BLP AspectJ for Multilevel Security
BLP 正式的安全模型和SharePoint
A security model is an abstract layer to security that provides multiple levels of security in which a user cannot read or manipulate data through the user of tiers.安全模式是一個抽象層的安全,提供了多種級別的安全中,用戶不能讀取或操作數據通過用戶的層次。 Security models are based on principles of creating multiple levels of objects and subjects, by which there can be a conceptual approach made to securing SharePoint.安全模型是基於原則建立多層次的對象和主題,其中可以有一個概念方法作出保證共享點。
Bell-LaPadula (BLP) Security Model 貝爾拉帕杜拉(的BLP)安全模型
BLP is a security model that relies on the overlying concept of state machine concepts, and focuses mostly on the C on the CIA triad.的BLP安全模型是一個依賴於覆蓋其上的概念,狀態機的概念,主要注重於對美國中央情報局的C黑社會。
By leveraging the concept of state machines is that a machine change can only occur at discrete points in time and that when the state of a machine can only be altered by a state transaction.通過利用國家機器的概念是,一台機器發生的變化只能在離散的時間點,當一台機器的狀態只能改變一國的事務。
This allows the environment to capture itself in its initial state where it is considered healthy and secure, and repeatedly capture the snapshots of the machine which are its states.這使得本身的環境,以捕捉在其初始狀態,它被認為是健康和安全,並多次捕捉到快照的機器,是其狀態。 This allows analysis of machine as to whether a state transaction has placed the machine in a insecure state, and ensures that the machines starts securely, commit actions securely, and allow objects to be manipulated in a secure state.這使得分析機,以一國是否交易已放置在一個不安全的國家機器,並確保安全的機器啟動,承諾行動安全,並允許對象被操縱在一個安全的狀態。
The way that the model works is:該工程的方法,該模型是:
No reading from lower levels to upper levels沒有閱讀水平較低的水平上
No writing from upper levels to lower levels沒有文字由上級給下級
Data can move between various levels, however how this data is moved is defined by transition functions.數據可以不同層次之間移動,但這一數據是如何提出的定義是轉變職能。 These functions ensure that the initial security state of the data is maintained, and the destination security state can also be considered concerned.這些功能可以確保安全的初始狀態的數據被保留,並且目標安全狀態也可以考慮關注。
There are three multi-level properties that exist in he BLP model:有3個多層次的屬性,存在於他BLP模型:
Discretionary Security Property (DS) – specify the discretionary access control by using an access matrix自由裁量安全屬性(副) - 指定的自由訪問控制使用訪問矩陣
Simple Secure Property (SS) – transition function that states that a subject trying to access an object at higher level is not permitted簡單安全屬性(不銹鋼) - 轉移函數,指出主題試圖訪問一個對象在較高的水平是不容許的
Star Property – transition function that states that a subject trying to write down to an object at a lower level is not permitted三星物產 - 過渡功能,指出主題試圖寫下一個對象在一個較低的水平是不容許的
Leveraging this particular security model means that a user will not be able to push or pull various objects beyond their related security levels.利用這個安全模型意味著用戶將不能推或拉的各種對象超出其相關的安全水平。 This is particuarlly helpful within organizations that must maintain a classification system, since users will not able to write sensitive information where other users whom don't meet the classification standard would be able to read it, as well users that are at a lower level are not able to directly access information that is beyond there classification level.這是particuarlly有助於組織內,必須保持一個分類系統,因為用戶將無法寫在其他用戶的敏感信息的人不符合分類標準將能夠讀取它,以及用戶處於較低水平無法直接訪問信息的分類級別有超越。
Biba Security Model 比巴安全模型
The Biba security model is in essence the opposite of the BLP system, since it promotes no reading down and no writing up.該比巴安全模型在本質上是相反的二層規劃系統,因為它可以促進沒有下來,沒有文字閱讀起來。 The transition functions of the Biba system are:過渡的職能比芭系統有:
Simple Integrity – A subject at a high level of integrity is not able to read the objects that exist at a low level of integrity簡單的完整性 - 一個主題在一個較高的水平,完整性無法讀取的對象,存在於一個低水平的完整性
Star Integrity – A subject cannot write objects from a lower level of integrity to a higher level of integrity誠信之星 - 一個題目寫不了物體從一個較低的水平向更高層次完整的完整性
The way that the Biba model functions is on the concept that objects which spawn from a lower level of integrity can't be pushed to a higher level which might pollute a higher level of integrity.該方式的Biba模型的功能是在概念,物體從一個較低的水平生成的完整不能推到一個更高的水平可能污染較高水平的完整性。 By insuring that information can only travel from higher levels of integrity to those at a lower level, safeguarding the environment.通過投保旅行的信息只能從更高層次的完整那些在一個較低的水平,保護環境。
Clark-Wilson (CW) Security Model 克拉克威爾遜(連續)安全模型
The Clark-Wilson model focuses on the I on the CIA triad.克拉克- Wilson模型的重點是我在中央情報局黑社會。 To promote the integrity of the environment, the Clark-Wilson model focuses on two main objectives:為了促進環境的完整性,克拉克威爾遜模型著重於兩個主要目標:
Internal and external consistency內部和外部的一致性
Managing changes for users, unauthorized users should make no changes and authorized users should not make unauthorized changes管理變更為用戶,未經授權的用戶應該沒有修改,並授權用戶不應使未經授權的更改
The central portion that builds the CW model is the need for consistency, as stated in the above there are two types of consistency that exist:中央部分是建立在連續模式是必要的一致性,正如以上情況,有兩種類型的一致性存在:
Internal Consistency – Security policies of the operating system that are related to SharePoint內部一致性 - 安全政策的操作系統有關係到SharePoint
External Consistency – Internal state of the system as it related to end-users that are controlled by either SharePoint or other software products.外部一致性 - 內部狀態的系統,因為它涉及到最終用戶,無論是控制SharePoint或其他軟件產品。
There are two main operations that provide the basis for the CW model:有兩個主要的操作提供依據的連續模型:
Separation Of Duties (Promotes External Security) – By having a true separation of duties for users, it can be ensured that not one person has complete control over a system and that there are always failover mechanisms that are in place職責分離(促進外部安全) - 由有一個真正的職責分離的用戶,可以確保沒有一個人有一個完整的控制制度,總有故障轉移機制已到位
Well-Formed Transactions (Promotes Internal Security) – Data or data processes is never directly controlled by users, however they have access to applications that can manipulate these assets.格式良好的交易(促進內部安全) - 資料或數據過程是沒有直接控制用戶,但他們能夠獲得的應用程序可以操作這些資產。 It is important to note that the user will never have access to the data directly.重要的是要注意,用戶將不會獲得直接的數據。
作者: dogfish001 发布时间: 2010-08-19
奇怪的问题:
1.先重启机子再试,先直接用命令net user和net localgroup,没问题就只是一些界面控件注册信息丢失的问题
2.重新把c:\windows\system32\*.dll全部注册一遍
3.用sfc /scannow扫描修复系统文件
1.先重启机子再试,先直接用命令net user和net localgroup,没问题就只是一些界面控件注册信息丢失的问题
2.重新把c:\windows\system32\*.dll全部注册一遍
3.用sfc /scannow扫描修复系统文件
作者: just4 发布时间: 2010-08-19
HKEY_CLASSES_ROOT\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553
HKEY_CLASSES_ROOT\LDAP\Clsid
注册表可能有内容丢失,
从正常的机器上复制一个过来,
HKEY_CLASSES_ROOT\LDAP\Clsid
注册表可能有内容丢失,
从正常的机器上复制一个过来,
作者: qishine 发布时间: 2010-08-19
是否还有必要chkdsk下?
CSDN专业人事多,祝你好运!
CSDN专业人事多,祝你好运!
作者: jackiedzc 发布时间: 2010-08-19
看看日志里有什么错误提示
作者: drifter250771 发布时间: 2010-08-19
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
