Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7.

Published byCleopatra Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7."— Presentation transcript:

1 11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7

2 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE2 GATHERING AND ANALYZING DESIGN INFORMATION  Administration model  Active Directory structure  Security group structure  Group Policy structure  User job roles  Hardware resources  Physical topology  Forest and domain design  Administration model  Active Directory structure  Security group structure  Group Policy structure  User job roles  Hardware resources  Physical topology  Forest and domain design

3 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE3 CHOOSING AN ADMINISTRATION MODEL

4 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE4 UNDERSTANDING ORGANIZATIONAL UNITS

5 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE5 STANDARD MODELS FOR OU STRUCTURE

6 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE6 USING OUs TO DELEGATE ADMINISTRATIVE CONTROL

7 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE7 ENVISIONING THE OU STRUCTURE  Physical locations  Types of administrative tasks  Types of objects  Physical locations  Types of administrative tasks  Types of objects

8 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE8 PLANNING FOR INHERITANCE

9 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE9 USING OUs TO LIMIT OBJECT VISIBILITY

10 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE10 ORGANIZATIONAL UNITS AND GROUP POLICY  Create GPOs for OUs as needed  Add OUs to support Group Policy as needed. For example:  Subdivide OUs so that you can apply different policies to different groups of users  Create new OUs based on location  Create new OUs based on the type of objects that will be stored in the OU  Create GPOs for OUs as needed  Add OUs to support Group Policy as needed. For example:  Subdivide OUs so that you can apply different policies to different groups of users  Create new OUs based on location  Create new OUs based on the type of objects that will be stored in the OU

11 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE11 OU STRUCTURE AND GROUP POLICY  Security requirements  Administration requirements  Software deployment and update requirements  Planned network infrastructure  Security requirements  Administration requirements  Software deployment and update requirements  Planned network infrastructure

12 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE12 DETERMINING DESIGN REQUIREMENTS

13 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE13 SECURITY REQUIREMENTS

14 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE14 ADMINISTRATION REQUIREMENTS  Planned administrative model and roles  User requirements  Computer requirements  Remote office requirements  Planned administrative model and roles  User requirements  Computer requirements  Remote office requirements

15 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE15 SOF T WARE DEPLOYMENT AND UPDATE REQUIREMENTS

16 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE16 GROUP POLICY DESIGN CONSIDERATIONS

17 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE17 INHERITANCE AND FILTERING METHODS  Group Policy inheritance review  Security filtering through access control lists (ACLs)  Windows Management Instrumentation (WMI) filters  User Group Policy loopback processing mode  Block Policy Inheritance  Group Policy inheritance review  Security filtering through access control lists (ACLs)  Windows Management Instrumentation (WMI) filters  User Group Policy loopback processing mode  Block Policy Inheritance

18 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE18 PERFORMANCE CONSIDERATIONS  Limit the number of GPOs  Consider slow links  Limit how often GPOs are updated  Group Policy and slow link detection  Disable unused portion of GPO (Computer Settings | User Settings)  Monitor and track usage  Limit the number of GPOs  Consider slow links  Limit how often GPOs are updated  Group Policy and slow link detection  Disable unused portion of GPO (Computer Settings | User Settings)  Monitor and track usage

19 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE19 TESTING AND MAINTENANCE OF GROUP POLICIES  Group Policy backup procedures  Administrative strategy  Change management plan  Group Policy backup procedures  Administrative strategy  Change management plan

20 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE20 DEVELOPING AN ADMINSTRATIVE STRATEGY

21 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE21 DEVELOPING A CHANGE MANAGEMENT PLAN

22 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE22 GROUP POLICY IMPLEMENTATION FOR NEW USERS  New computers and users added to default locations unless otherwise specified.  Redirusr.exe  Redircomp.exe  Allows you to immediately apply user- and computer-specific GPOs to new objects.  New computers and users added to default locations unless otherwise specified.  Redirusr.exe  Redircomp.exe  Allows you to immediately apply user- and computer-specific GPOs to new objects.

23 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE23 FINALIZING THE GROUP POLICY DESIGN

24 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE24 PLANNING AN ACCOUNT STRATEGY

25 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE25 ACCOUNT NAMING STRATEGIES

26 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE26 PLANNING A PASSWORD POLICY

27 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE27 CREATING AN AUTHENTICATION, AUTHORIZATION, AND ADMINISTRATION STRATEGY

28 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE28 DESIGNING A SECURITY GROUP STRATEGY

29 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE29 SECURITY GROUP STRATEGY (continued)

30 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE30 SUMMARY  Gather information before making your design plans  Name some factors that influence OU design  Give some examples of IT administration models  Top-level OU structure should be relatively static  Identify and plan for security threats  Carefully assess user and computer requirements  Separate users, groups, and permissions to increase the efficiency of network administration  Gather information before making your design plans  Name some factors that influence OU design  Give some examples of IT administration models  Top-level OU structure should be relatively static  Identify and plan for security threats  Carefully assess user and computer requirements  Separate users, groups, and permissions to increase the efficiency of network administration

Download ppt "11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
MOAC : Installing and Configuring Windows Server 2012

MOAC : Installing and Configuring Windows Server 2012
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Module 1: Introduction to Designing a Directory Services Infrastructure.

Module 1: Introduction to Designing a Directory Services Infrastructure.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 9-10-11 2008.

(ITI310) By Eng. BASSEM ALSAID SESSIONS
Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK

Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

Similar presentations

Ads by Google