Active Directory Structure By Erick Engelke and Bruce Campbell.

Slides:

Advertisements

Similar presentations

automated single login access to Novell storage resources

Advertisements

Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Active Directory: Final Solution to Enterprise System Integration

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Introduction to Unix GLY 560: GIS for Earth Scientists Class Home Page:

Active Directory Structure June 2011 Erick Engelke.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

1 SLAC Windows Migration Bob Cowles Presented for the SLAC Windows Migration Project HEPNT, Fermilab October 24, 2002.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

PresentPC August 2009 Erick Engelke Engineering Computing.

OIT's Unity Labs Active Directory Windows Environment.

Penn State University College Of Education Understanding College of Education Resources.

Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Introduction to Active Directory December 10th, pm Daniels 407.

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.

Adam Leidigh Brandon Pyle Bernardo Ruiz Daniel Nakamura Arianna Campos.

AHS COMPUTING Introduction to Computing. AHS Computing Personnel.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

WNAG: Advisory Report Presented to: UCIST by: Stephen Sempson.

Designing Active Directory for Security

Computer Basics   Active Directory and Domain   Profiles   Storage Services   Naming Conventions and File Management   Laptop Use.

Active Directory Academic IT Directors December 6 th 2005.

Designing Group Security Designing security groups Designing user rights.

Security Planning and Administrative Delegation Lesson 6.

Campus Computing Resources for Researchers Rutgers University Office of Information Technology Presented By:Joe Sanders University Director, OIT Rutgers.

ACTIVE DIRECTORY : AN INTRODUCTION The Network Team Knox County Schools.

Brian Arkills Software Engineer, LDAP geek, AD guy, Chief Troublemaking Officer Windows HiEd Conference 2006 Managed Workstations: UW Nebula.

Active Directory Harikrishnan V G 18 March Presentation titlePage 2 Agenda ► Introduction – Active Directory ► Directory Service ► Benefits of Active.

1 Windows 2008 Configuring Server Roles and Services.

Dale Smith COSC 4010 Computer Security Authentication & Security in the.NET environment.

WNAG Advisory Report Presented to UCIST June 23, 2006 Presented by Stephen Nickerson Stephen Nickerson.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

AHS COMPUTING INTRODUCTION TO COMPUTING. AHS COMPUTING PERSONNEL.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.

Module 7: Implementing Security Using Group Policy.

Windows 2000 Ronnie Park Jarod Nozawa Joe Stones Yassir Mhdhroui.

Introduction TO Network Administration

FROM MIT KERBEROS TO MICROSOFT ACTIVE DIRECTORY The Pennsylvania State University’s move from a lower case MIT Kerberos realm to a Standard Microsoft Active.

WNAG: Advisory Report Presented to: UCIST By: Stephen Nickerson February 3, 2006.

11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7.

Module 8 Implementing Security Using Group Policy.

CEG 2400 Fall 2012 Directory Services Active Directory Tree Domain.

Department of Mathematics Technology Orientation.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

© ExplorNet’s Centers for Quality Teaching and Learning 1 Describe applications and services. Objective Course Weight 5%

Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,

Administering Windows Server 2012 Question Answer.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

Tuque Automated Software Distribution System By Erick Engelke.

Secure Connected Infrastructure

Managing User and Service Accounts

AHS Computing Introduction to Computing

Introduction to Operating Systems

City-wide Active Directory Project Town Hall II

Active Directory Administration

Network Services.

Working With The EPISD Gregory McChesney.

Getting Started.

Getting Started.

INFORMATION TECHNOLOGY NEW USER ORIENTATION

Connecting Remotely Winter 2014.

INFORMATION TECHNOLOGY NEW USER ORIENTATION

ACTIVE DIRECTORY An Overview.. By Karan Oberoi.

PLANNING A SECURE BASELINE INSTALLATION

Presentation transcript:

Active Directory Structure By Erick Engelke and Bruce Campbell

Starting Point

Top Level Structure

People Organization

People Administered by WatIAM Second account for elevated privileges Elevated account is application-specific –Eg. ability to change people’s pay in DB Use of smartcards for some people Like passport – userids cannot be shared Use other mechanisms to share data Userid/password equivalent to a signature Offer optional lower security account for use on public workstations

Groups Organization

Groups Very useful for managing access to data WatIAM will manage some groups –Faculty, staff, student lists –Course lists Delegated access to groups OU

Naming Conventions Groups, servers, print queues need names ECE: Electrical & Computer Engineering or Early Childhood Education We need a shared naming convention –One of the first duties of the new committee –Will look at existing ADS and Nexus naming conventions

Workstations Organization

Workstations subtree follows organization of university workstation management IST manages many administration PCs Library and residences have own IT shops Much software purchased and policies set at faculty level Non-windows machines also in the tree

Unix Use AD for password authentication Possible to use AD to store uids, gids, home directories, shells, etc. Problem: multiple jurisdictions with distinct uid/gid and home directory systems Various possible solutions –Use NIS or password files (but not passwords) –Virtual directories with different values for each jurisdiction

Macintoshes Many Macs participate in Nexus already Prefer using Apple OpenDirectory which is a virtual directory that gets userids/passwords, groups, etc. from AD Called Magic Triangle MacTUG group involvement on Mac related issues

Software Delivery GPOs, Systems Center, etc. Nexus has a wealth of software packages Would like to move to self-serve for offices –Web based, automated delivery in future Encourage transforms rather than new packaging

Common Applications Software commonly needed –FireFox, Acrobat reader, Flash, etc Set timetable for updates Have early testers before general release

Security Considerations Continue protective measures on DCs Want VPN to limit access from Internet, wireless, residences, etc. ‘reverse turing test’ like CAPTCHAs, audio, etc. - centralized people-tester – Google does this too Certificates for user signing Two factor authentication for some

Summary Domain should be as simple as possible while reflecting the structure of UW Future services like video conferencing and digital signing will make use of AD Economize effort, minimize duplication Take the best of ADS and Nexus