Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Enterprise Services.  Introductions  UNM Directory Services  RSAT  Organizational Units (OU)  Active Directory Groups  Naming Convention.

Published byOphelia Carpenter Modified over 8 years ago

Similar presentations

Presentation on theme: "Windows Enterprise Services.  Introductions  UNM Directory Services  RSAT  Organizational Units (OU)  Active Directory Groups  Naming Convention."— Presentation transcript:

1 Windows Enterprise Services

2  Introductions  UNM Directory Services  RSAT  Organizational Units (OU)  Active Directory Groups  Naming Convention  Joining Workstations  File Services  Sharing & Security tabs  GPOs  OU Administrators Responsibilities  Troubleshooting tools  Guidelines  Support

3  LAMB – Authoritative Source of information for AD – Process of NetID creation, org code to OU mapping, account retention  Active Directory – Microsoft’s implementation of LDAP – Empty root – Colleges and HSC domains

4  RSAT (Remote Server Administration Tools) – allows administrators to run snap-ins and tools on a remote computer to manage features and roles – Computers includes the AD Users and (ADUC) and Group Policy Management tools  Windows 7 https://www.microsoft.com/en-us/download/details.aspx?id=7887  Windows 8 https://www.microsoft.com/en-us/download/details.aspx?id=28972

5  Delegate responsibility to UNM departments and affiliates  OU Admins are responsible for their own OU structures  Enterprise Admins oversee entire forest  Standard Sub-OUs we create for you: Accounts - populated by LDAP. DO NOT DISABLE OR DELETE Groups - where you create groups Servers – your departmental servers here SvcAcnts – privileged application or admin accounts Workstations - your workstations. PRESTAGE COMPUTERS BEFORE JOINING TO AD

6  Group Types: – Security Groups  Universal: Cross forest  Global: Between domains  Domain Local: In your domain – Distribution Groups: Not what it used to be!  Microsoft’s Best Practice - AGDLP – The order to assign user permissions to resources - Accounts, Global, Domain Local, Permissions – Role based security provisioning  User Roles correspond to a global group  Security Roles are assigned to a domain local group  Demo

7  Workstations, Servers & Printers – ABC-LN00040797 – ABC153WEB01 – ABC153-1104-Konika284  Groups – ABC-OUAdmins-DL – ABC-OUAdmins-GG  Service Accounts – sqlABCSVC (SQL service in ABC dept) – ahABCSVC (admin acct in ABC dept)  Group Policy Objects (GPOs) – ABC-Classroom 103 File Share

8  Pre-stage all computers – Use your svc account – Demo  Join workstations to colleges.ad.unm.edu – Local vs. domain user profiles – Netdom join /d:colleges.ad.unm.edu ABC-DC8MRSJ1 /OU:OU=Workstations,OU=ABC,DC=colleges,DC=ad,DC=unm,DC=edu /ud:colleges\ahabcsvc /pd:MySecretPassword – Add-Computer –DomainName colleges.ad.unm.edu –OUPath “OU=Workstations,OU=ABC,DC=colleges,DC=ad,DC=unm,DC=edu” – Credential colleges\ahabcsvc -Restart

9  Centralized storage and backup  Mapped drives – Shared and Home directories

10  Sharing – Create a Domain Local group for your department – Grant access to that group  Security – NTFS – Full Control should only be given to OU Admins – Do not remove Domain Admins group – Combination of Modify, Read & Execute, List folder contents, Read and Write permissions may be assigned to User groups – NTFS permissions should be less permissive than Sharing permissions

11  Group Policy Objects – Customized MMC – Default GPOs we create for you – How to request and test GPOs – Support model  Scripts vs Preferences  Loopback Processing Mode

12  Support for your end users  Managing your department’s resources  Managing permissions for resources  Securing your department’s data

13  Command line tools – demo – Nslookup - queries DNS entries and ip lookup – Ping - see if a host is reachable by IP. Firewall restrictions can limit this – Telnet - verifies a port is open on a resource – Gpudate /force - will immediately apply any group policy you have put in place instead of waiting – Gpresult /r /v - will detail what group policies are applied to the workstation and user  Powershell

14  Please… – Do not remove Domain Admins group – Do not use your regular NetID for admin work. Always “Run as different user”. – Do not delete accounts.  Recycle Bin with 2008R2  Common Problems – Typos when pre-staging – Wired vs. wireless – AD is not down… (If it is, we already know it!) – Disabled & expired accounts – Changing group membership

15  Contact IT Service Desk – https://help.unm.edu/CherwellPortal/ServiceDesk – Submit incident or service request  FastInfo  https://unmm.sharepoint.com/teams/it/platforms/wes/adoutr aining/_layouts/15/start.aspx#/SitePages/Home.aspx https://unmm.sharepoint.com/teams/it/platforms/wes/adoutr aining/_layouts/15/start.aspx#/SitePages/Home.aspx  http://it.unm.edu/ad http://it.unm.edu/ad

16 Thank you

Download ppt "Windows Enterprise Services.  Introductions  UNM Directory Services  RSAT  Organizational Units (OU)  Active Directory Groups  Naming Convention."

Similar presentations

AD Child Domains By: Joan Carter 05/29/2003. Who can bring up a child domain in AD.ASU.EDU?  Campus/college/VP level units  Considerations: Is there.

AD Child Domains By: Joan Carter 05/29/2003. Who can bring up a child domain in AD.ASU.EDU?  Campus/college/VP level units  Considerations: Is there.
File Server Organization and Best Practices IT Partners June, 02, 2010.

File Server Organization and Best Practices IT Partners June, 02, 2010.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
15.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

15.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

Similar presentations

Ads by Google