WolfTech Active Directory: OU Administration June 30th, 2009 2-5pm Daniels 407.

Slides:



Advertisements
Similar presentations
Auditing Microsoft Active Directory
Advertisements

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.
Module 14: Implementing an Active Directory Infrastructure.
NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.
Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Clyde G. Johnson.  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Lesson 16: Creating Group Policy Objects
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Group Policy in Microsoft Windows Active Directory.
(ITI310) By Eng. BASSEM ALSAID SESSIONS
Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK
Active Directory: OU Administration December 17th, pm Daniels 407.
Introduction to Active Directory December 10th, pm Daniels 407.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
GROUP POLICY An overview of Microsoft Windows Group Policy.
Why use Group Policy? GROUP POLICIES ON SBS: WHY BOTHER? -Save yourself a lot of time - need to install a printer on 20-some computers? - adding a file.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 12: Deploying and Managing Software with Group Policy.
Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.
Module 15: Manage the Windows ® Small Business Server 2008 Environment Using Group Policy.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
70-411: Administering Windows Server 2012
Managing User Desktops with Group Policy
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Module 6: Implementing Group Policy. Overview Implementing Group Policy Objects Implementing GPOs in a Domain Managing the Deployment of Group Policy.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
11.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning.
Module 6: Configuring User Environments Using Group Policy.
Module 7 Configure User and Computer Environments By Using Group Policy.
Planning a Group Policy Management and Implementation Strategy Lesson 10.
Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.
GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.
4. Managing the Desktop Thomas Lee Chief Technologist – QA plc.
Labs. Lab Session 1: Administering Windows Server 2008 Exercise 1: Install the DNS Server Role Exercise 2: Configuring Remote Desktop for Administration.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Module 5: Implementing Group Policy
Module 11: Troubleshooting Group Policy Issues. Module Overview Introduction to Group Policy Troubleshooting Troubleshooting Group Policy Application.
Active Directory Group Policy. Group Policy Overview  Successor to NT policies Much more flexible  Only applies to 2000 workstations Use old style policies.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Module 5: Creating and Configuring Group Policies.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Microsoft Management Seminar Series SMS 2003 Change Management.
How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
Implementing Group Policy
11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Implementing a Group Policy Infrastructure
Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.
Module 11: Troubleshooting Group Policy Issues. Module Overview Introduction to Group Policy Troubleshooting Troubleshooting Group Policy Application.
GROUP POLICY. Group Policy is a hierarchical infrastructure which allows systems administrators to configure computer and user settings from a central.
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
Module 8: Implementing Group Policy. Overview Multimedia: Introduction to Group Policy Implementing Group Policy Objects Implementing GPOs on a Domain.
Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.
Windows Enterprise Services.  Introductions  UNM Directory Services  RSAT  Organizational Units (OU)  Active Directory Groups  Naming Convention.
Managing User Desktops with Group Policy
Windows Server 2008 Administration
Module 8: Implementing Group Policy
Presentation transcript:

WolfTech Active Directory: OU Administration June 30th, pm Daniels 407

Tools Remote Server Administration Tools (RSAT) o Vista SP1+ / 2008 version of AdminPak o Only way to access Group Policy Preferences o Includes all added functionality from 2003 R2 GPMC - Included in Vista o VBScripts for doing GPO Scripting SpecOps GPUpdate - Extension for ADUC Scripting: VBScript/PowerShell ShellRunas - Run as different Domain User for Vista o Do not do administration with normal unity account Custom MMC Consoles DEMO!

Migration Checklist 1.Get your house in order: o DNS needs to be accurate, including DNS domains, use DHCP o Asset tracking needs to be accurate o Laptops - register in NOMAD 2.Design OU/Group Layout Considerations o What types of Users do you have to support? o What types of computers ? o Are there multiple Logical Units? Offices? Departments? 3.Management Policies o Who can login where? What level of permissions should they have? o Who is allowed to administer the machines? o Do you need to deploy Mapped Drives, Scripts, or Printers? 4.Software Deployment Strategy o Who can install their own software on what machines? o What software packages need to be automated? 5.Migrating Machines o Reinstall from scratch or Join them in current state? o Pre-Staging Computer Objects o Do you include Mac/Linux machines? o New Machine/Reinstallation - WDS 6.What other services will you need to provide?

Accounts Accounts already provisioned for all Unity Centrally managed Passwords synced via Password Change Page Units can create their own accounts: o more than 8 characters o Administrative:.admin o Guests:.. o Service:..service Coming Soon: o Workshop Accounts o Cross Realm Trust

Grouping "Best Practices": Creating lots of groups up front will ease administration when change requests are needed later on. It is better to have a group and not use it, than need a group and not have one. Always use groups for delegating permissions. Types of Groups: Group by User Directory Info: Faculty/Staff/Student Group by Machine Use: Public Lab/Teaching Lab/Kiosk/Server Group by Machine type: Laptop/Desktop Group by Administrative Access: Server Admins/Lab Admins Groups for Application Deployment Groups for Printer Deployment Groups for Resource Access

WolfTech Managed Groups Create Groups based on: o OUC o Affiliation o Building o Course Rolls Membership populated daily! Set expiration dates!

OU Layout - Machine Types Single User o Faculty - Individual login, local admin o Staff - Individual or group login, no local admin o Grad Students - Group login, no student admin, Faculty admin Labs o Teaching Labs - college or class login, user rights o Public Labs - any account login (or college), user rights o Research Labs - Group login, user rights Stand Alone o Kiosks - no login, extremely locked down o Conference Rooms - any account login o Loaner machines Servers Macs? Linux boxes?

OU Layout Considerations Favor an overly-hierarchical layout rather than a flat layout Allows for easier targeting of GPO's Follows a more logical structure for support Its harder to move from Flat->Hierarchical than vise-versa Q: Design OU structure based on Function or Organization? A: Both! First one, then the other. Examples! Desktops/Laptops OU's: Cron Job to help maintain group memberships

Group Policy Basics Creating: Group Policy Objects Container How to copy a GPO Starter GPO's GPO Processing: GPO processing starts at the root of the domain and overlays as you get closer to the object Link GPO's to OU's Link ordering on OU's Filter GPO's based on Group membership Filter GPO's based on WMI Enforced vs. Blocking Inheritance Deny permission?

Group Policy Basics (continued) Naming Conventions: - For software: {SW,FW,EX}- - Be descriptive in your GPO names, there is no length limit Some "best practices": GPO's that provide access to a resource should be linked at the highest level that is administratively feasible. WMI filtering on specific versions of software usually doesn't get updated. Use WMI filters for OS, and Item-Level targeting in GPP for everything else you can. If you find yourself creating alot of GPO's to solve a single problem, you are doing something wrong.

Group Policy Diagnostics gpupdate - initiate a Group Policy refresh (optional: /force) Group Policy Results - What is applying now Group Policy Modeling - Planning out changes before making them (currently doesn't work) Group Policy Logging: o

Group Policy - WolfTech Specifics WolfTech uses Loopback Processing (merge mode) Permissions: Cron: o All OU Admins get Read to all GPO's o Delegate permissions to -OU Admins group for GPO's following naming conventions mentioned earlier "Deny" permissions on GPO's should be used with care o Primary use case is in Software Distribution

Policies Types of Policies: Software Deployment Scripts Security Settings o Restricted Groups o User Rights assignment o Machine Permissions (Filesystem, Registry, Services) o Software restriction o Configure Wireless o Windows Security Guide Templates are already in WolfTech  {VSG, XP, WS03, WS08} EC Administrative Templates o Firewall - no spaces in comma separated lists! o Windows Update, IE, desktop environment, etc. o DNS Domain, DNS Search order o WSUS Groups (client-side targetting)

Software Distribution Naming: SW-OU-Vendor-App-Version-Build date o SW-NCSU-Mathworks-Matlab Assigned via GPO o "Remove when out of scope" o SW - Licensed Software o FW - Freeware o EX - Experimental (In testing, Use at own rise, etc.) Group Hierarchy o A Group Created at Software level will replicate down to all child colleges/departments

Preferences Types of Preferences: Mapped Drives Power Settings Printers* Distributing individual files, registry keys, shortcuts Collections Item-Level Targeting lets you filter based off of: o IP Address/MAC Address/Battery State o Security Group/OU/User o Registry/File Match o Date/Time o and much, much more!

Windows Software Update Services WSUS is the freepatch distribution product provided by MS. All patches except drivers Approval Timelines: o Early, Normal, Late o Use GPO to set the Client Group: -Early Reports o on/WSUS_Management_Console on/WSUS_Management_Console US_Service_Group

Windows Distribution Services WDS is the free image creation and deployment product provided by MS PXE - DHCP Templates (WDS-Main, WDS-Centennial, PXE-All) Base OS's + drivers Vista/Windows 7 are easy, XP works ory/Documentation/WDS

Scenarios What are some problems that you need to solve?

Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.