Assignment # 8.

Slides:



Advertisements
Similar presentations
What’s New in Windows Server 2008 AD?
Advertisements

Managing User, Computer and Group Accounts
Chapter Five Users, Groups, Profiles, and Policies.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies
Module 5: Creating and Configuring Group Policy
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
Understanding Active Directory
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.
Chapter 7 Managing OUs and Active Directory Accounts
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Module 1: Installing Active Directory Domain Services
Module 1: Installing Active Directory Domain Services
Chapter 5 File and Printer Services
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Week 9 Objectives Securing Files and Folders Protecting Shared Files and Folders by Using Shadow Copies Configuring Network Printing.
Implementing File and Print Services
Managing Active Directory Domain Services Objects
Module 6: Designing Active Directory Security in Windows Server 2008.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
Module 9: Active Directory Domain Services. Overview Describe new features in AD DS List manageability and reliability enhancements in AD DS.
Designing Active Directory for Security
Securing AD DS Module A 3: Securing AD DS
Security Planning and Administrative Delegation Lesson 6.
Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Microsoft ® Official Course Module 3 Managing Active Directory Domain Services Objects.
Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.
Module 11: Read-Only Domain Controllers. Overview Describe the Read-Only Domain Controllers role Use Read-Only Domain Controllers.
1 Chapter Overview Understanding User Accounts Planning New User Accounts Creating, Modifying, and Deleting User Accounts Setting Properties for User Accounts.
Chapter 10: Rights, User, and Group Administration.
Module 1: Implementing Active Directory ® Domain Services.
Security Planning and Administrative Delegation Lesson 6.
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Implementing Group Policy
Implementing a Group Policy Infrastructure
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Microsoft Administering Windows Server 2012 Pass Microsoft exam with 100% Guarantee 100% REAL EXAM QUESTIONS ANSWERS Get All PDF with Complete.
100% REAL EXAM QUESTION ANSWER
Real Exam Questions Answers
Implementing Active Directory Domain Services
Overview of Active Directory Domain Services
(ITI310) SESSIONS 6-7-8: Active Directory.
Active Directory Administration
Unit 7 NT1330 Client-Server Networking II Date: 7/26/2016
Windows Server 2008 Administration
Network Administration
Setting up home folders and roaming profiles
Presentation transcript:

Assignment # 8

Q1 Effective permissions of Esra Ali are: -Deny read permission. -Allow Create all child objects. -Allow reset password. -Deny modify owner. -Allow Delete all child Because the Deny permission overrides Allow permission and Explicit Allow override Inherited Deny.

Q2 IT department proprieties, security tab

Click Advanced button, select Auditing tab. Then click Add button.

Select success create user objects. Click OK.

Finally ..

Log event after create new user:

What type of change was made. create object Who made the change What type of change was made? create object Who made the change? Administrator What member was added? Ahmad When the change was made? 2:54 PM

Q3

Follow the steps in the wizard to add the data for both PSOs

A snapshot of Password settings container where the two of the PSO should appear

Apply HR PSO to: HR OU & Domain Admins Note that: you should make a shadow copy of HR OU using a group named HR

Apply Domain Admins PSO to Domain Admins

A snapshot of Admininstrator properties (member of Domain Admins group)

Question HR member will have HR PSO What is the resultant PSO of domain admins? Why it was chosen? Domain Admins PSO Because it has higher precedence.

Q4 Modify the Default Domain Controllers Policy GPO to enable auditing events for both successful and failed account logon events.

Q4 .. Cont. Modify the Client Computers Policy to enable auditing events for both successful and failed logon events

In server side (Fail attempt to logon-- account logon event)

In server side (Successful attempt to logon- account logon event)

Questions How many log entries? Where? -2 one in DC and other one in client computer -Account logon events created in the DC -Logon events created in the client computer

Q5 A.What does an RODC do? RODC provides a way to deploy a domain controller more securely in locations that require fast and reliable authentication services but cannot ensure physical security for a writable domain controller. Also, An RODC provides a more secure mechanism for deploying a domain controller. You can grant a no administrative domain user the right to log on to an RODC while minimizing the security risk to the Active Directory forest. You might also deploy an RODC in other scenarios where local storage of all domain user passwords is a primary threat. B.Are there any special considerations? To deploy an RODC, at least one writable domain controller in the domain must be running Windows Server 2008. In addition, the functional level for the domain and forest must be Windows Server 2003 or higher.

C. What new functionality does RODC provide C.What new functionality does RODC provide? RODC addresses some of the problems that are commonly found in branch offices. These locations might not have a domain controller. Or, they might have a writable domain controller but not the physical security, network bandwidth, or local expertise to support it. The following RODC functionality mitigates these problems: Read-only AD DS database Unidirectional replication Credential caching Administrator role separation Read-only Domain Name System (DNS) D.What are the prerequisites for RODC? -Ensure that the forest functional level is Windows Server 2003 or higher. -Run Adprep.exe commands to prepare your existing forest and domains for domain controllers. -Install Active Directory Domain Services (AD DS). -Deploy at least one writable domain controller running Windows Server 2008 or Windows Server 2008 R2

E. What does the following print screen shows E.What does the following print screen shows? What does Advance, Add and Remove button provide? -The Password Replication Policy tab. You can control how credentials caching for users, groups or computers will take place. Allow passwords for the account replicating to this RODC. -Advanced button provides more options: resultant policy , prepopulate password and view passwords are stored on RODC and Accounts that have been authenticated to RODC. -Add and remove buttons to add and remove account.

F. What does the above print screen provide F.What does the above print screen provide? Advanced window provides more options: resultant policy ,prepopulate password and view passwords are stored on RODC and Accounts that have been authenticated to RODC. G.What each of the following mean? Accounts whose passwords are stored on this Read-only Domain Controller :Current credentials that are cached on an RODC Accounts that have been authenticated to this Read-only Domain Controller : accounts have tried to authenticate to an RODC Prepopulate passwords button: prepopulate the password cache for an RODC with the passwords of user and computer accounts before the accounts try to log on in the branch office.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.