Is3340 Unit 1
In: Computers and Technology
Is3340 Unit 1
Unit 1 Assignment1: Adding Active Directory
Robert Hanke
ITT Tech
IS3340 Windows Security
Dr. Joseph Martinez
3/27/14
Unit 1 Assignment1: Adding Active Directory
Currently, system administrators create Ken 7 users in each computer where users need access. In the Active Directory, the system admins will create Organizational Groups (OU). These OU’s can then can have restriction or Group Policy Objects (GPOs) put in to place that will restrict what a user can and can’t access. An organizational unit is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority. Using organizational units, you can create containers within a domain that represent the hierarchical, logical structures within your organization. You can then manage the configuration and use of accounts and resources based on your organizational model (techNet, 2005).
With the users assigned to group accounts or OU’s, you can use to assign a set of permissions and rights to multiple users simultaneously, along with making any changes that are needed to individual users. Computer accounts provide a means for authenticating and auditing computer access to the network and to domain resources. Each computer account must be unique.
Once the conversion has taken place, the local users on the client computer will not be affected during domain join. They can still logon on the local machine. Meanwhile, on domain controllers, during the Active Directory Installation, local accounts in the registry-based SAM database are migrated to Active Directory; the existing SAM is deleted; and a new, smaller registry-based SAM is created.
Within the AD policy, the admin can adjust different polices that allows for users to have different access while on the same network, but also have different controls at different local machines. This is done by security polices and group polices. Once the user has been authenticated, the user is authorized or denied access to domain resources based on the explicit permissions assigned to that user on the resource
Administrators can use access control to manage user access to shared resources for security purposes. In Active Directory, access control is administered at the object level by setting different levels of access, or permissions, to objects, such as Full Control, Write, Read, or No Access. Access control in Active Directory defines how different users can use Active Directory objects. By default, permissions on objects in Active Directory are set to the most secure setting (techNet, 2005).
References
techNet. (2005, January 21). Access control in Active Directory. Retrieved from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc785913(v=ws.10).aspx
References: techNet. (2005, January 21). Access control in Active Directory. Retrieved from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc785913(v=ws.10).aspx
You May Also Find These Documents Helpful
-
Thank you for helping set up our new US office. There are some additional issues that we need help addressing.…
- 208 Words
- 1 Page
Satisfactory Essays -
2. If there is a conflict between a setting configured in the Local Computer Policy and a setting configured in a domain-linked GPO, which policy setting will be applied?…
- 1334 Words
- 6 Pages
Powerful Essays -
Which departments will need what permissions as far as access to computers, printers, and scanners?…
- 268 Words
- 2 Pages
Satisfactory Essays -
Specifying exceptions to default inheritance of Group Policy. Delegating administration of Group Policy. Evaluating effective policy settings by using Group Policy Modeling. Evaluating the results by using Group Policy Results.…
- 113 Words
- 1 Page
Satisfactory Essays -
Q4. Can you perform administrative tasks, such as creating a user account, shutting down the server, or setting the time, on the domain controllers? Explain the group membership chain that provides this user account with its current permissions. Yes the localadmin account can do administrative tasks.…
- 230 Words
- 2 Pages
Satisfactory Essays -
Open Active Directory Users and Computer and browse to your Users container. Take a screen shot of the Active Directory Users and Computers snap-in that shows the organizational units you created by pressing Alt + Prt Scr, and the paste the resulting image into the Lab1_3_worksheet file in the page provided by pressing Ctrl + V.…
- 285 Words
- 1 Page
Satisfactory Essays -
What defines the types of objects that can belong to a particular group and the types of resources that group can be used to secure?…
- 2578 Words
- 13 Pages
Satisfactory Essays -
Domain - In Windows, a logical group of networked computers, such as those on a college campus, that share a centralized directory database of user account information and security for the entire domain.…
- 986 Words
- 4 Pages
Good Essays -
D) Active Directory Rights Management Services can control what a user is allowed to do with data on a server. You can control printing, copying, transferring and so on.…
- 285 Words
- 2 Pages
Satisfactory Essays -
The Active Directory domain structure is handy to have whether your client’s network is big or small. As you may recall, in Windows NT, each domain had its own Administrator account and its own Domain Admin group that was responsible for managing that domain. In Windows 2000 and 2003 Server, the domain Administrator account and the Domain Admin group still exist and can be used the same way that you were used to using them in Windows NT. There is also an Enterprise Admin group. Members of this group can manage any object within the entire Active Directory, regardless of what domain it exists within.…
- 1088 Words
- 3 Pages
Powerful Essays -
2. When you create a new user account with the User Accounts control panel, you can only add it to which of the following groups? Administrators/Users.…
- 359 Words
- 1 Page
Satisfactory Essays -
In this lab, you used the Microsoft® Active Directory Users and Computers utility to create and manage…
- 271 Words
- 3 Pages
Satisfactory Essays -
To set up the domain access I will utilize the Security Identifiers and Discretionary access control lists. While I could set users in the Alpha domain to have global access; everyone in the Alpha domain would have the ability to do so. This would be counterproductive to the requirements set forth. By utilizing the Discretionary Access Control List, we can set users to have specific access to resources and files across the network. After the user names and passwords are set and assigned to the respective domains, we can use the Active Directory Users and Computers application to grant specific members of the Alpha domain with access to the Omega domain. We can also ensure that specific members of the Alpha domain only have access to resources on the Alpha domain. I can also set the users in the Omega domain with access to strictly the Omega domain.…
- 320 Words
- 1 Page
Satisfactory Essays -
User accounts and passwords provide a level of authentication for employees and is what allows these employees to gain access to a company computer or the ability to log in to a company server or other resource. Each employee should be given a unique username that is different from every other employee, and each employee should create a complex password that is associated with their username. The employee should never give out their password to…
- 3217 Words
- 13 Pages
Better Essays -
Proper management of user accounts will ensure the information and access to devices on the network confidential.…
- 338 Words
- 2 Pages
Satisfactory Essays