Shulou(Shulou.com)06/01 Report--

In this issue, Xiaobian will bring you about how to configure the Active Directory domain infrastructure. The article is rich in content and analyzes and narrates from a professional perspective. After reading this article, I hope you can gain something.

The Active Directory domain infrastructure configuration is described below:

content

Describes the concepts required to apply Group Policy to Windows XP Professional clients in Windows Server 2003 and Windows 2000 Server domains. Group Policy is a feature of Microsoft Active Directory Directory Services that enables administrators to change user and computer settings and administrative configurations, but certain basic steps need to be performed in the domain before Group Policy can be applied to Windows XP Professional clients in the environment.

Group Policy is an important tool to ensure Windows XP security. This module provides detailed information on how to apply and maintain consistent security policies throughout a network from a central location using Group Policy.

This guide provides options for both enterprise and high-security environments. The recommended settings in this module are the same for desktop and laptop clients.

Target

The following objectives can be achieved using this module:

Describes how Active Directory applies Group Policy Objects

Design organizational unit structure to support security management

Designing Group Policy Objects to Support Security Management

Manage security templates

Manage administrative templates

Implementing effective password policies using group policy

Implement effective account lockout policies using Group Policy

Determine which users can add workstations to a domain

Ensure that the user logs out at the end of the allowed logon time

Use the Group Policy Management tool to update policies and view the results of Group Policy application

scope of application

This module applies to the following products and technologies:

Windows XP Professional clients in Windows Server 2003 domains

Windows XP Professional clients in Windows 2000 domains

How to use this module

This module provides a method and describes the steps required to secure Windows XP Professional clients in Windows Server 2003 or Windows 2000 Active Directory domains using Group Policy.

To fully understand this module, please read "Introduction to Windows XP Security Guide." This module defines the enterprise client environment and the high security environment referenced in this module.

Use checklists. The checklist Configuring Active Directory Domain Infrastructure in the Checklists section of this guide provides printable job instructions for quick reference. Use task-based checklists to quickly assess which steps are required and help you step through them.

Use the Windows XP Security Guide Settings spreadsheet provided with this guide. It helps you document the settings you make in your environment.

Use the included workaround. This guide quotes the following guidance articles (all in English):

"How To:Prevent Users from Changing a Password Except When Required in Windows Server 2003"

"How To:Prevent Users from Changing a Password Except When Required in Windows 2000"

Group Policy

Group Policy is a feature of Microsoft Active Directory Directory Services that allows you to change user and computer settings, as well as configuration management in Microsoft Windows Server 2003 and Microsoft Windows 2000 Server domains. However, before you can apply Group Policy to Microsoft Windows XP Professional clients in your environment, you need to perform certain basic steps in your domain.

Group Policy settings are stored in Group Policy Objects (GPO) on domain controllers in the environment. GPO links to containers, which include Active Directory sites, domains, and organizational units (OUs). Because Group Policy is tightly integrated with Active Directory, a basic understanding of the structure of Active Directory and the security implications of configuring different design options within it is necessary before implementing Group Policy. For more information about Active Directory design, see Module 2, Configuring the Domain Infrastructure, of the Windows Server 2003 Security Guide.

Table 2.1: Benchmark Safety Template

OU Design Supporting Security Management

OUs are containers in Active Directory domains. OUs can contain users, groups, computers, and other organizational units, all called child OUs. You can link GPOs to OUs, which are *** containers in the Active Directory hierarchy. You can also delegate administrative privileges to OU. OU provides an easy way to group users, computers, and other security principals, and an efficient way to demarcate administrative boundaries. Assign users and computers to separate OUs because some settings apply only to users and some only to computers.

You can delegate control of a group or individual OU using the Delegation Wizard, which is available as part of the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in tool. For links to documentation that delegates permissions, see the Additional Information section at the end of this module.

A primary goal in designing OU structures for any environment is to provide a foundation for creating seamless group policy implementations that span all workstations residing in Active Directory while ensuring that they meet the organization's security standards. Another goal in designing OU structures is to provide appropriate security settings for specific types of users in your organization. For example, you can allow developers to do things to workstations that normal users don't have permission to do. Security requirements can also differ slightly for laptop users compared to desktop users. The following figure illustrates a simple OU structure sufficient to discuss Group Policy in this module. The structure of this OU may differ from the organizational requirements of your environment.

Figure 2.1 OU structure for Windows XP computers

Department OU

Because security requirements change frequently within an organization, it is necessary to create departmental OUs in the environment. Departmental security settings can be applied to computers and users in their respective departmental OUs through GPOs.

Secure XP User OU

This OU contains accounts for users who participate in both an enterprise client environment and a high-security environment. The settings applied to this OU are discussed in the User Configuration section of Module 4, Windows XP Administrative Templates.

Windows XP OU

This OU contains child OUs for each Windows XP client in the environment. Here, guidelines for desktop and laptop clients are included. For this reason, desktop OUs and laptop OUs have been created.

Desktop OU: This OU contains desktop computers that are always connected to the corporate network. The settings applied to this OU are discussed in detail in Module 3, Windows XP Client Security Settings, and Module 4, Windows XP Administrative Templates.

Portable OU: This OU contains portable computers for mobile users who are not always connected to the corporate network. The settings applied to this OU are discussed in detail in Module 3, Windows XP Client Security Settings, and Module 4, Windows XP Administrative Templates.

The above is how to configure the Active Directory domain infrastructure shared by Xiaobian. If you happen to have similar doubts, you may wish to refer to the above analysis for understanding. If you want to know more about it, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.