1 / 68

Welcome to this TechNet Event

Welcome to this TechNet Event. We would like to bring your attention to the key elements of the TechNet programme; the central information and community resource for IT professionals in the UK: FREE bi-weekly technical newsletter FREE regular technical events hosted across the UK

gryta
Download Presentation

Welcome to this TechNet Event

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome to this TechNet Event We would like to bring your attention to the key elements of the TechNet programme; the central information and community resource for IT professionals in the UK: • FREE bi-weekly technical newsletter • FREE regular technical events hosted across the UK • FREE weekly UK & US led technical webcasts • FREE comprehensive technical web site • Monthly CD / DVD subscription with the latest technical tools & resources • FREE quarterly technical magazine To subscribe to the newsletter or just to find out more, please visit www.microsoft.com/uk/technet or speak to a Microsoft representative during the break

  2. Active DirectoryDan Lewis

  3. Prerequisites • Understanding of day-to-day administration tasks • Understanding of administration challenges in a network environment

  4. What We’ll Cover… • Introduction to Active Directory • Group Policy • Advanced Active Directory Tasks • Microsoft Resources and Training Options

  5. Course 2279, Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure (5 Day) Course 2282, Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure (5 Day) Course 2278,Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (5 Day) Microsoft Official Curriculum

  6. MCP MCSA MCSE MCAD MCSD MCDBA MCT Microsoft Certified Professional Program http://www.microsoft.com/learning/

  7. Introduction to Active Directory

  8. Overview • Active Directory Basics • Creating the Organization

  9. Lesson: Active Directory Basics • What are Directory Services? • Benefits of Active Directory • Multimedia: The Logical Structure of Active Directory

  10. Windows Clients • Mgmt profile • Network info • Policy • Windows Servers • Mgmt profile • Network info • Services • Printers • File shares • Policy • Windows Users • Account info • Privileges • Profiles • Policy • Other • Directories • White pages • E-Commerce • Network Devices • Configuration • QoS policy • Security policy Active Directory • A Focal Point for: • Manageability • Security • Interoperability • Other NOS • User registry • Security • Policy • Firewall Services • Configuration • Security policy • VPN policy • Applications • Server config • Single Sign-On • App-specificdirectory info • Policy • E-Mail Servers • Mailbox info • Address book Internet What are Directory Services? Provides a focal point for management, security, and interoperability

  11. Paris Reduced TCO Sales Repair User1 Computer1 User2 Printer1 Benefits of Active Directory Flexible Administration Simplified Administration Scalability

  12. Domain Tree Domain Domain Domain Domain Objects Domain Domain OU Domain Organizational Unit OU OU Forest Multimedia: The Logical Structure of Active Directory

  13. Lesson: Creating the Organization • Microsoft Management Console • Organizational Units • Organization Unit Hierarchical models • User Accounts • Groups Printers • Demonstration: Creating Active Directory Objects

  14. Microsoft Management Console MMC hosts tools, called snap-ins, that perform administrative functions Snap-ins

  15. Organizational Units • Organizes objects in a domain • Allows you to delegate administrative control • Simplifies the management of commonly grouped resources

  16. Function-based Examples of Hybrid-based S S – Sales C – Consultants M– Marketing • Function • Organization M C • Location • Function Organization-based M • Organization • Location M – Manufacturing E – Engineering R– Research E R N Location-based F I N – Norway F – France I – Indonesia Organizational Unit Hierarchical Models

  17. User Accounts Local user accounts (stored on local computer) Domain user accounts (stored in Active Directory) Windows Server 2003 Domain

  18. Groups • Groups simplify administration by enabling you to assign permissions for resources Group Groups are characterized by scope and type • The group scope determines whether the group spans multiple domains or is limited to a single domain • The three group scopes are global, domain local, and universal

  19. Local printers: Network printers: Print Server Print Server TCP/IP or IPX or AppleTalk LPT or USB or IR Print Device Print Device Print Device Printers

  20. Demonstration: Creating Active Directory Objects How to create: • Organizational Units • User Accounts • Groups • Printers

  21. Group Policy

  22. Overview • Introduction to Group Policy • Using Group Policy for Organizational Control

  23. Introduction to Group Policy • Purpose of Group Policy • Group Policy Processing • GPMC Administration

  24. 1 2 Domain OU1 OU2 OU3 3 TM 1 2 3 Apply Group Policy Once Windows Server Enforces Continually Purpose of Group Policy • Computer Configuration • User Configuration • Security Settings • Centralized Management • Consistent Configurations • Automatic Configurations

  25. GPO1 Site GPO2 GPO3 Domain GPO4 OU OU OU Group Policy Processing

  26. Group Policy Management Console • What is the GPMC? • New administrative tool for managing Group Policy • Set of scriptable interfaces for managing Group Policy • MMC Snap-in, built on these interfaces • Web release of stand-alone version concurrent with launch of Windows® Server 2003 • Requires users to have a licensed copy of Windows Server 2003 in their organization • GPMC Design Goals • Unify management of Group Policy, including both Windows 2000 and Windows Server 2003 domains • Address key deployment issues • Provide better UI for visualization • Enable programmatic access to Group Policy

  27. Lesson: Using Group Policy for Organizational Control • Using Group Policy to Control Security • Security Templates • OU Design for Security • Classroom Practice: Applying a Security Template • Using Group Policy to Control the User Environment • GPO Settings to Control the User Environment • Software Restriction Policies • ADM Templates • Deploying Software • Classroom Discussion: Assigning and Deploying Software • Best Practices

  28. Using Group Policy to Control Security • Create an OU structure • Determine Multiple Operating System Requirements • Use Security Templates Based on Role • Use Group Policy to apply templates

  29. Security Templates

  30. OU Design for Security • Identify the security template that most closely matches the configuration required by client computers or servers • Create a new Group Policy object for each security template you will be using • In the new Group Policy object, import the security template • If necessary, modify the group policy object to add any additional security settings • Link the new Group Policy object to the appropriate OU • Move computer objects for client computers and servers to the appropriate OU

  31. Applying a Security Template • Create a new GPO • Import a security template

  32. Using Group Policy to Control the User Environment Use Group Policy to: • Manage users and computers • Deploy software • Enforce security settings • Enforce a consistent desktop environment

  33. GPO Settings to Control the User Environment • Group Policy settings for users: • Desktop settings • Software settings • Windows settings • Security settings • Group Policy settings for computers: • Desktop settings • Software settings • Windows settings • Security settings

  34. Software Restriction Policies • Group Policy can restrict software installation and execution • Can restrict by: • Hash rule • Path rule • Certificate rule • Zone rule

  35. Administrative Templates • Default templates • Office Templates • Custom templates • Text files that end with an .adm extension • Update the user or computer portion of the registry • Adding ADM templates into a GPO

  36. Create a software distribution point (shared folder) Use a GPO to deploy software 1 2 Publish Assign Change the software deployment properties 3 Property 1 Property 2 Property 3 Overview of the Software Deployment Process

  37. Assigning Software vs. Publishing Software

  38. Create as few GPOs as possible Large numbers of GPOs make troubleshooting difficult Disable unused portions of GPOs Limit use of enforcement Limit use of block inheritance Create documentation and regular backups Link a GPO to only one location Group Policy Best Practices

  39. Controlling the User Environment • Securing Client and Servers Using Administrative Templates • Deploying Software • Controlling the User Environment • Testing the User Environment

  40. Summary • Introduction to Group Policy • Using Group Policy for Organizational Control

  41. Advanced Active Directory Tasks

  42. Overview • Delegation and Custom MMCs • File Server Management • Additional Management Techniques

  43. Delegation and Custom MMCs • Delegating Control • Demo: Delegating Control • Demo: How to Create a Custom MMC • MMC Taskpads

  44. Domain OU1 Admin1 OU2 Admin2 OU3 Admin3 Delegation of Control • Grant Permissions to: • Delegate control to other administrators for specific organizational units • Modify specific attributes of an object in a single organizational unit • Perform the same task in all organizational units

  45. Demo: Delegating Control • How to delegate control of an OU for specific tasks

  46. How to Create a Custom MMC

  47. MMC Taskpads • Creates custom of the MMC snap-in • Allows for specific tasks to be set in Task Pad • Customizes view of MMC • Removes confusing toolbars • Removes menu options • Removes configuration options • Useful for novice administrators

  48. File Server Management • Encrypting File System • Disk Quotas • Volume Shadow Copies • Demonstration: How to Restore a Previous Version • Distributed File System • Distributed File System Capabilities

  49. Encrypting File System EFS encryption makes data unintelligible without a decryption key • EFS encrypts data • Users encrypt a file or folder by setting the encryption property • All files and subfolders created in or added to an encrypted folder are automatically encrypted • Use EFS to access encrypted data • When accessing an encrypted file, users can read the file normally • When users close the file, EFS encrypts it again • Use EFS to decrypt data • The file remains decrypted until it is encrypted again • Use the cipher command to display or alter encryption of folders and files on NTFS volumes

  50. Track and control user’s disk space on NTFS volumes • Prevent users from taking any additional disk space above their quota limit • Log events when users near and exceed quota limits • Can be enabled on local volumes, network volumes, and removable drives if they are formatted with NTFS • Can be enabled on local computers and remote computers • Cannot use file compression to prevent users from exceeding their limits Disk Quotas

More Related