Active Directory

Ace your homework & exams now with Quizwiz!

Domain controller

A Windows server that holds a copy of the Active Directory database.

Active Directory

A centralized database that contains user account and security information.

Group Policy Object (GPO)

A collection of policy settings that are stored in Active Directory.

Forest

A collection of related domain trees. The forest establishes the relationship between trees that have different DNS name spaces.

Organizational Unit (OU)

A container (similar to a folder) that subdivides and organizes other OUs, users, groups, and computers within a domain.

Domain Controller

A domain controller is a Windows server that holds a copy of the Active Directory database. A domain controller is a member of only one domain. A domain can contain multiple domain controllers. Each domain controller holds a copy of the Active Directory database. Any domain controller can make changes to the Active Directory database. Replication is the process of copying changes made to the Active Directory database between all of the domain controllers in the domain.

Domain

A domain is an administratively-defined collection of network resources that share a common directory database and security policies. The domain is the basic administrative unit of an Active Directory structure. Database information is replicated (shared or copied) within a domain. Security settings are not shared between domains. Each domain maintains its own set of relationships with other domains. Domains are identified using DNS names. The common name is the domain name itself. The distinguished name includes the DNS context or additional portions of the name.

Tree

A group of related domains that share the same contiguous DNS namespace.

Group Policy Facts

A policy is a set of configuration settings applied to users or computers. Group policies allow the administrator to apply multiple settings to multiple objects within the Active Directory domain at one time. Collections of policy settings are stored in a Group Policy Object (GPO).

Policy

A set of configuration settings applied to users or computers.

GPOs contain hundreds of configuration settings that can be configured. The following table describes common settings you should be familiar with.

Account Policies, Local Policies/Audit Policy, Local Policies/User Rights Assignment, Local Policies/Security Options, Registry, File System, Software Restriction Policies, Administrative Templates

Administrative Templates

Administrative templates are registry-based settings that can be configured within a GPO to control the computer and the overall user experience, such as: Use of Windows features such as BitLocker, Offline files and Parental Controls. Customize the Start menu, taskbar, or desktop environment. Control notifications. Restrict access to Control Panel features. Configure Internet Explorer features and options.

User Account Control (UAC) helps minimize the dangers of unwanted actions or unintended software installations. UAC prompts for permission before allowing changes that can affect your computer's security or performance

Always notify, Notify me only when apps try to make changes to my computer (default), Notify me only when apps try to make changes to my computer (do not dim my desktop), Never notify

Domain

An administratively defined collection of network resources that share a common directory database and security policies.

Organizational Unit (OU)

An organizational unit is like a folder that subdivides and organizes network resources within a domain. An organizational unit: Is a container object Can contain other OUs or any type of leaf object (e.g., users, computers, and printers) Can be used to logically organize network resources Simplifies security administration.

Each GPO has a common structure and hundreds of configuration settings that can be enabled and configured. Settings in a Group Policy object are divided into two categories:

Computer Configuration and User Configuration

Local Policies/User Rights Assignment

Computer policies include a special category of policies called user rights

The GPO includes registry settings, scripts, templates, and software-specific configuration values.

GPOs can be linked to Active Directory domains, organizational units (OUs), and containers.

Active Directory is a centralized database that contains user account and security information.

In a workgroup environment, authentication, security, and management all take place on each individual computer, with each device independently storing information about users and configuration settings.

Built-in Containers

Like OUs, generic built-in containers are used to organize Active Directory objects. However, built-in container objects have several differences: They are created by default. They cannot be created, moved, renamed, or deleted. They have very few editable properties.

Administrators

Members of the Administrators group have complete and unrestricted access to the computer, including every system right. The Administrator user account and any other account designated as a "computer administrator" is a member of this group.

Backup Operators

Members of the Backup Operators group can back up and restore files (regardless of permissions), log on locally, and shut down the system. Members of this group cannot change security settings.

Cryptographic Operators

Members of the Cryptographic Operators group are allowed to perform cryptographic operations.

Event Log Readers

Members of the Event Log Readers group are allowed to use Event Viewer to read the system's event logs.

Guests

Members of the Guests group have limited rights (similar to members of the Users group). Members can shut down the system.

Hyper-V Administrators

Members of the Hyper-V Administrators group are allowed to use Hyper-V on the system to create and manage virtual machines.

Network Configuration Operators

Members of the Network Configuration Operators group have limited administrative privileges to allow them to manage the system's network configuration.

Performance Log Users

Members of the Performance Log Users group are allowed to schedule logging of performance counters, enable trace providers, and collect event traces on the system.

Performance Monitor Users

Members of the Performance Monitor Users group can access performance counter data on the system.

Remote Desktop Users

Members of the Remote Desktop Users group are allowed to access the system remotely using the Remote Desktop Client.

Users

Members of the Users group can use the computer but cannot perform system administration tasks and might not be able to run some legacy applications.

Power Users

Modern versions of Windows no longer use the Power Users group, although it still exists for backwards compatibility. This group was originally used in Windows XP and earlier.

Trees and Forests

Multiple domains are grouped together in the following relationship: A tree is a group of related domains that share the same contiguous DNS namespace. A forest is a collection of related domain trees. The forest establishes the relationship between trees that have different DNS name spaces.

Local Policies/Security Options

Security Options allow you to apply or disable rights for all users the Group Policy applies to.

User policies are enforced for specific users. User policy settings include:

Software that should be installed for a specific user. Scripts that should run at logon or logoff. Internet Explorer user settings (such as favorites and security settings). Registry settings that apply to the current user (the HKEY_CURRENT_USER subtree) . User policies are initially applied as the user logs on and often customize Windows-based user preferences.

Computer policies (also called machine policies) are enforced for the entire computer and are applied when the computer boots. Computer policies are in effect regardless of the user logging into the computer. Computer policies include:

Software that should be installed on a specific computer. Scripts that should run at startup or shutdown. Password restrictions that must be met for all user accounts. Network communication security settings. Registry settings that apply to the computer (the HKEY_LOCAL_MACHINE subtree). Computer policies are initially applied as the computer boots and are enforced before any user logs on.

Account Policies

Use Account Policies to control the following: Password settings. Account lockout settings. Kerberos settings"

Local Policies/Audit Policy

Use Audit Policy settings to configure auditing for events such as log on, account management, or privilege use.

File System

Use File System policies to configure file and folder permissions that apply to multiple computers. For example, you can limit access to specific files that appear on all client computers.

Software Restriction Policies

Use software restrictions policies to define the software permitted to run on any computer in the domain

Objects

Within Active Directory, each resource is identified as an object. Common objects include: Users, Groups, Computers. You should know the following about objects: Each object contains attributes (i.e., information about the object, such as a user's name, phone number, and email address) which are used for locating and securing resources. Active Directory uses DNS for locating and naming objects. Container objects hold other objects, either other containers or leaf objects.

Objects

Within Active Directory, users, groups, and computers, each resource is identified as an object.

Registry

You can use registry policies to: Configure specific registry keys and values. Specify if a user can view and/or change a registry value, view sub-keys, or modify key permissions.


Related study sets

CHAPTER 10: Appendicular Skeleton

View Set

NUR 2420 Maternal Nursing Chapter 20: Nursing Management of the Pregnancy at Risk: Selected Health Conditions and Vulnerable Populations

View Set

1.2 Climate Affects on Species Distribution

View Set

Managing in a Global Business Environment - D080 UNIT 4

View Set

MNGT- Ch.3 understanding the organization's environment

View Set

Practice Test - Community Manager - A

View Set

філософія екзамен

View Set

REAL ESTATE PREP-National Ownership

View Set