• No results found

Local 2. Site

In document manuale-2008-98-365-windowsserver.pdf (Page 173-176)

Introducing Group Policy

1. Local 2. Site

3. Domain 4. OU

If you configure a Group Policy setting at the site, domain, or OU level and that setting

contradicts a setting configured at the local policy level; the local policy setting will be overridden.

Generally speaking, if you have a policy setting that conflicts with a previous executed setting, the more recent executed setting remains in effect (Figure 5-15). For a local computer, security settings can be accessed by opening the Local Security Policy MMC from Administrative Tools.

c05EssentialServices.indd Page 153 1/15/11 4:35:32 PM users-133

c05EssentialServices.indd Page 153 1/15/11 4:35:32 PM users-133 /Users/users-133/Desktop/Ramakant_04.05.09/WB00113_R1:JWCL170/New/Users/users-133/Desktop/Ramakant_04.05.09/WB00113_R1:JWCL170/New

154 | Lesson 5

A permission defines the type of access that is granted to an object (an object can be identified with a security identifier) or object attribute. The most common objects assigned permissions are NTFS files and folders, printers, and Active Directory objects. Which users can access an object and what actions those users are authorized to perform are recorded in the access control list (ACL), which lists all users and groups that have access to the object. NTFS and printer permissions will be discussed in the next lesson.

A permission defines the type of access that is granted to an object (an object can be identified with a security identifier) or object attribute. The most common objects assigned permissions are NTFS files and folders, printers, and Active Directory objects. Which users can access an object and what actions those users are authorized to perform are recorded in the access control list (ACL), which lists all users and groups that have access to the object.

NTFS and printer permissions will be discussed in the next lesson.

Figure 5-16

Group Policy user rights assignment

A right authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up files and directories on a system. User rights are assigned through local policies or Active Directory Group Policy. See Figure 5-16.

S K I L L S U M M A R Y

INTHISLESSON YOULEARNED:

• Besides becoming the standard for the Internet, DNS, short for Domain Name System, is a hierarchical client/server-based distributed database management system that translates domain/hosts names to IP addresses.

• A fully qualified domain name (FQDN) describes the exact position of a host within a DNS hierarchy.

• The legacy naming service is Windows Internet Name Service or WINS, which translates from NetBIOS (computer name) to specify a network resource.

• When you share a directory, drive, or printer on a PC running Microsoft Windows or on a Linux machine running Samba, you can access the resource by using the Universal Naming Convention (UNC), also known as Uniform Naming Convention, to specify the location of the resource.

• Dynamic Host Configuration Protocol (DHCP) services automatically assign IP addresses and related parameters (including subnet mask and default gateway and length of the lease) so that a host can immediately communicate on an IP network when it starts.

• The Lightweight Directory Access Protocol, or LDAP, is an application protocol for querying and modifying data using directory services running over TCP/IP.

c05EssentialServices.indd Page 154 12/10/10 8:39:37 PM user-f391

c05EssentialServices.indd Page 154 12/10/10 8:39:37 PM user-f391 /Users/user-f391/Desktop/24_09_10/JWCL339/New File/Users/user-f391/Desktop/24_09_10/JWCL339/New File

Essential Services | 155

• Active Directory domains, trees, and forests are logical representations of network organization, which allow you to organize them in the best way to manage them.

• Sites and domain controllers represent the physical structure of a network.

• A site is one or more IP subnets that are connected by a high-speed link, typically defined by a geographical location.

• A domain controller is a Windows server that stores a replica of the account and security information for the domain and defines the domain boundaries.

• A server that is not running as a domain controller is known as a member server.

• To minimize traffic across a WAN link, bridgehead servers perform directory replication between two sites, whereas only two designated domain controllers talk to each other.

• Active Directory uses multimaster replication, which means that there is no master domain controller.

• Because there are certain functions that can only be handled by one domain controller at a time, Active Directory uses Flexible Single Master Operations (FSMO) roles.

• A global catalog holds replicate information of every object in a tree and forest.

• The functional level of a domain or forest controls which advanced features are available in the domain or forest.

• To help organize objects within a domain and minimize the number of domains, you can use organizational units, commonly known as OUs.

• You can delegate administrative control to any level of a domain tree by creating organizational units within a domain and delegating administrative control for specific organizational units to particular users or groups.

• A user account enables a user to log on to a computer and domain. As a result, it can used to prove the identity of a user, and this information can then be used to determine what a user can access and what kind of access he or she will have (authorization).

• Windows computer accounts provide a means for authenticating and auditing a computer’s access to a Windows network and to domain resources.

• A group is a collection of user accounts or computer accounts.

• Group Policy provides the centralized management and configuration of operating systems, applications, and user settings in an Active Directory environment.

• A right authorizes a user to perform certain actions on a computer.

• A permission defines the type of access that is granted to an object (an object can be identified with a security identifier) or object attribute.

Fill in the Blank

Complete the following sentences by writing the correct word or words in the blanks provided.

1. The file that is used to resolve hostnames to IP addresses is .

2. The resource record used in DNS to resolve IP address to hostnames is . 3. The automatically assigns IP addresses and other IP configuration to

a host.

4. is a popular directory service with objects in a logical hierarchical manner.

Knowledge Assessment

c05EssentialServices.indd Page 155 12/10/10 8:39:38 PM user-f391

c05EssentialServices.indd Page 155 12/10/10 8:39:38 PM user-f391 /Users/user-f391/Desktop/24_09_10/JWCL339/New File/Users/user-f391/Desktop/24_09_10/JWCL339/New File

156 | Lesson 5

5. The are roles that provide certain functions that can only be handled by one domain controller.

6. A(n) is used to organize the objects within a domain.

7. Printers, users, and computers are examples of in Active Directory.

8. The local security database found on a member server is known as the . 9. A collection or list of users is known as .

10. The built-in group is used to create, delete, and modify user accounts and groups.

Multiple Choice

Circle the letter that corresponds to the best answer.

1. The primary naming service used in Windows is . a. AD

b. WINS c. DNS d. DHCP

In document manuale-2008-98-365-windowsserver.pdf (Page 173-176)
Download now "manuale-2008-98-365-wi..."

Outline

Related documents