1. A centralized Windows directory service that stores user accounts, computer objects, security groups, and network resources; provides unified authentication and access control across the domain; used by the help desk for password resets, account creation, and group membership changes
2. A Windows feature managed from a central console that deploys hundreds of security and configuration settings — password policies, screen lock timeouts, USB restrictions, login scripts — to all domain-joined computers and users automatically
3. Open-source Linux kernel security patches that add mandatory access control, confining each process to only the resources its security policy permits and limiting the impact of compromised applications; included in RHEL, CentOS, and Fedora by default
4. The default Linux access model in which resource owners control who can access their files; flexible but can allow compromised users or processes to expose any resource the owner has permission to access