11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7.

Slides:



Advertisements
Similar presentations
Auditing Microsoft Active Directory
Advertisements

Module 5: Creating and Configuring Group Policy
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
MOAC : Installing and Configuring Windows Server 2012
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Module 1: Introduction to Designing a Directory Services Infrastructure.
(ITI310) By Eng. BASSEM ALSAID SESSIONS
Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 12: Deploying and Managing Software with Group Policy.
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Managing Active Directory Domain Services Objects
Module 6: Designing Active Directory Security in Windows Server 2008.
Part I.  NOS  Directory Data Store(directory service, database)  Located on Domain Controllers (DCs), globally distributed, replicated (no longer PDCs/BDCs)
Designing Active Directory for Security
Module 15: Manage the Windows ® Small Business Server 2008 Environment Using Group Policy.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Module 6: Implementing Group Policy. Overview Implementing Group Policy Objects Implementing GPOs in a Domain Managing the Deployment of Group Policy.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
11.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning.
Planning a Group Policy Management and Implementation Strategy Lesson 10.
Module 5: Implementing Group Policy
Page 1 System and Group Policies Lecture 7 Hassan Shuja 11/02/2004.
Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.
Module 5: Creating and Configuring Group Policies.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Module 3 Creating Groups and Organizational Units.
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
Company Confidential 1 A Course on Planning A Group Policy Management And Implementation Strategy Prepared for: *Stars* New Horizons Certified Professional.
Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.
Implementing Group Policy
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Implementing a Group Policy Infrastructure
Module 10: Implementing Administrative Templates and Audit Policy.
11 INTRODUCTION TO GROUP POLICY Chapter 7. Chapter 7: INTRODUCTION TO GROUP POLICY2 WHAT CAN YOU DO WITH GROUP POLICY?  Control the user environment.
Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.
Module 8: Planning for Windows Server 2008 Active Directory Services.
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Designing Group Policy Planning Deployment of Group Policy Troubleshooting Group Policy.
GROUP POLICY. Group Policy is a hierarchical infrastructure which allows systems administrators to configure computer and user settings from a central.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
9.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 9: Planning.
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
Module 8: Implementing Group Policy. Overview Multimedia: Introduction to Group Policy Implementing Group Policy Objects Implementing GPOs on a Domain.
Working at a Small-to-Medium Business or ISP – Chapter 8
MCSA VCE
Utilize Group Policy Terminal Server Settings
Planning a Group Policy Management and Implementation Strategy
Windows Server 2008 Administration
Module 8: Implementing Group Policy
Presentation transcript:

11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE2 GATHERING AND ANALYZING DESIGN INFORMATION  Administration model  Active Directory structure  Security group structure  Group Policy structure  User job roles  Hardware resources  Physical topology  Forest and domain design  Administration model  Active Directory structure  Security group structure  Group Policy structure  User job roles  Hardware resources  Physical topology  Forest and domain design

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE3 CHOOSING AN ADMINISTRATION MODEL

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE4 UNDERSTANDING ORGANIZATIONAL UNITS

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE5 STANDARD MODELS FOR OU STRUCTURE

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE6 USING OUs TO DELEGATE ADMINISTRATIVE CONTROL

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE7 ENVISIONING THE OU STRUCTURE  Physical locations  Types of administrative tasks  Types of objects  Physical locations  Types of administrative tasks  Types of objects

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE8 PLANNING FOR INHERITANCE

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE9 USING OUs TO LIMIT OBJECT VISIBILITY

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE10 ORGANIZATIONAL UNITS AND GROUP POLICY  Create GPOs for OUs as needed  Add OUs to support Group Policy as needed. For example:  Subdivide OUs so that you can apply different policies to different groups of users  Create new OUs based on location  Create new OUs based on the type of objects that will be stored in the OU  Create GPOs for OUs as needed  Add OUs to support Group Policy as needed. For example:  Subdivide OUs so that you can apply different policies to different groups of users  Create new OUs based on location  Create new OUs based on the type of objects that will be stored in the OU

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE11 OU STRUCTURE AND GROUP POLICY  Security requirements  Administration requirements  Software deployment and update requirements  Planned network infrastructure  Security requirements  Administration requirements  Software deployment and update requirements  Planned network infrastructure

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE12 DETERMINING DESIGN REQUIREMENTS

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE13 SECURITY REQUIREMENTS

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE14 ADMINISTRATION REQUIREMENTS  Planned administrative model and roles  User requirements  Computer requirements  Remote office requirements  Planned administrative model and roles  User requirements  Computer requirements  Remote office requirements

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE15 SOF T WARE DEPLOYMENT AND UPDATE REQUIREMENTS

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE16 GROUP POLICY DESIGN CONSIDERATIONS

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE17 INHERITANCE AND FILTERING METHODS  Group Policy inheritance review  Security filtering through access control lists (ACLs)  Windows Management Instrumentation (WMI) filters  User Group Policy loopback processing mode  Block Policy Inheritance  Group Policy inheritance review  Security filtering through access control lists (ACLs)  Windows Management Instrumentation (WMI) filters  User Group Policy loopback processing mode  Block Policy Inheritance

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE18 PERFORMANCE CONSIDERATIONS  Limit the number of GPOs  Consider slow links  Limit how often GPOs are updated  Group Policy and slow link detection  Disable unused portion of GPO (Computer Settings | User Settings)  Monitor and track usage  Limit the number of GPOs  Consider slow links  Limit how often GPOs are updated  Group Policy and slow link detection  Disable unused portion of GPO (Computer Settings | User Settings)  Monitor and track usage

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE19 TESTING AND MAINTENANCE OF GROUP POLICIES  Group Policy backup procedures  Administrative strategy  Change management plan  Group Policy backup procedures  Administrative strategy  Change management plan

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE20 DEVELOPING AN ADMINSTRATIVE STRATEGY

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE21 DEVELOPING A CHANGE MANAGEMENT PLAN

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE22 GROUP POLICY IMPLEMENTATION FOR NEW USERS  New computers and users added to default locations unless otherwise specified.  Redirusr.exe  Redircomp.exe  Allows you to immediately apply user- and computer-specific GPOs to new objects.  New computers and users added to default locations unless otherwise specified.  Redirusr.exe  Redircomp.exe  Allows you to immediately apply user- and computer-specific GPOs to new objects.

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE23 FINALIZING THE GROUP POLICY DESIGN

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE24 PLANNING AN ACCOUNT STRATEGY

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE25 ACCOUNT NAMING STRATEGIES

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE26 PLANNING A PASSWORD POLICY

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE27 CREATING AN AUTHENTICATION, AUTHORIZATION, AND ADMINISTRATION STRATEGY

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE28 DESIGNING A SECURITY GROUP STRATEGY

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE29 SECURITY GROUP STRATEGY (continued)

Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE30 SUMMARY  Gather information before making your design plans  Name some factors that influence OU design  Give some examples of IT administration models  Top-level OU structure should be relatively static  Identify and plan for security threats  Carefully assess user and computer requirements  Separate users, groups, and permissions to increase the efficiency of network administration  Gather information before making your design plans  Name some factors that influence OU design  Give some examples of IT administration models  Top-level OU structure should be relatively static  Identify and plan for security threats  Carefully assess user and computer requirements  Separate users, groups, and permissions to increase the efficiency of network administration

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.