Computers and Technology: Adding an Active Directory
Page » Computers and Technology
Is3340 Unit 1
In: Computers and Technology
Is3340 Unit 1
Unit 1 Assignment1: Adding Active Directory
Robert Hanke
ITT Tech
IS3340 Windows Security
Dr. Joseph Martinez
3/27/14
Unit 1 Assignment1: Adding Active Directory
Currently, system administrators create Ken 7 users in each computer where users need access. In the Active Directory, the system admins will create Organizational Groups (OU). These OU’s can then can have restriction or Group Policy Objects (GPOs) put in to place that will restrict what a user can and can’t access. An organizational unit is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority. Using organizational units, you can create containers within a domain that represent the hierarchical, logical structures within your organization. You can then manage the configuration and use of accounts and resources based on your organizational model (techNet, 2005).
With the users assigned to group accounts or OU’s, you can use to assign a set of permissions and rights to multiple users simultaneously, along with making any changes that are needed to individual users. Computer accounts provide a means for authenticating and auditing computer access to the network and to domain resources. Each computer account must be unique.
Once the conversion has taken place, the local users on the client computer will not be affected during domain join. They can still logon on the local machine. Meanwhile, on domain controllers, during the Active Directory Installation, local accounts in the registry-based SAM database are migrated to Active Directory; the existing SAM is deleted; and a new, smaller registry-based SAM is created.
Within the AD policy, the admin can adjust different polices that allows for users to have different access while on the same network, but also have different controls at different local machines. This is done by security polices and group polices. Once the user has been authenticated, the user is authorized or denied access to domain resources based on the explicit permissions assigned to that user on the resource
Administrators can use access control to manage user access to shared resources for security purposes. In Active Directory, access control is administered at the object level by setting different levels of access, or permissions, to objects, such as Full Control, Write, Read, or No Access. Access control in Active Directory defines how different users can use Active Directory objects. By default, permissions on objects in Active Directory are set to the most secure setting (techNet, 2005).
References
techNet. (2005, January 21). Access control in Active Directory. Retrieved from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc785913(v=ws.10).aspx
References: techNet. (2005, January 21). Access control in Active Directory. Retrieved from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc785913(v=ws.10).aspx
Is3340 Unit 1
In: Computers and Technology
Is3340 Unit 1
Unit 1 Assignment1: Adding Active Directory
Robert Hanke
ITT Tech
IS3340 Windows Security
Dr. Joseph Martinez
3/27/14
Unit 1 Assignment1: Adding Active Directory
Currently, system administrators create Ken 7 users in each computer where users need access. In the Active Directory, the system admins will create Organizational Groups (OU). These OU’s can then can have restriction or Group Policy Objects (GPOs) put in to place that will restrict what a user can and can’t access. An organizational unit is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority. Using organizational units, you can create containers within a domain that represent the hierarchical, logical structures within your organization. You can then manage the configuration and use of accounts and resources based on your organizational model (techNet, 2005).
With the users assigned to group accounts or OU’s, you can use to assign a set of permissions and rights to multiple users simultaneously, along with making any changes that are needed to individual users. Computer accounts provide a means for authenticating and auditing computer access to the network and to domain resources. Each computer account must be unique.
Once the conversion has taken place, the local users on the client computer will not be affected during domain join. They can still logon on the local machine. Meanwhile, on domain controllers, during the Active Directory Installation, local accounts in the registry-based SAM database are migrated to Active Directory; the existing SAM is deleted; and a new, smaller registry-based SAM is created.
Within the AD policy, the admin can adjust different polices that allows for users to have different access while on the same network, but also have different controls at different local machines. This is done by security polices and group polices. Once the user has been authenticated, the user is authorized or denied access to domain resources based on the explicit permissions assigned to that user on the resource
Administrators can use access control to manage user access to shared resources for security purposes. In Active Directory, access control is administered at the object level by setting different levels of access, or permissions, to objects, such as Full Control, Write, Read, or No Access. Access control in Active Directory defines how different users can use Active Directory objects. By default, permissions on objects in Active Directory are set to the most secure setting (techNet, 2005).
References
techNet. (2005, January 21). Access control in Active Directory. Retrieved from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc785913(v=ws.10).aspx
References: techNet. (2005, January 21). Access control in Active Directory. Retrieved from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc785913(v=ws.10).aspx