2.5 Authorization and Authentication

Two additional security concepts you need to be familiar with are authorization and authentication.

Authentication is the process of validating a user's identity, ensuring he is who he says he is. Passwords are a common component in the authentication process, although the use of biometric components like smart cards and fingerprint readers are becoming more common.

Authorization is the process of determining what an authenticated user has access to. Windows Server 2003 uses a variety of mechanisms to accomplish authorization on files and folders, for remote access, and so forth, which you'll learn about throughout this book.