Company A has about 100 employees spread over three locations in the same city, all linked by fast network connections. The IT/IS administration is centralized and includes the helpdesk.
Location 1 contains the executive offices, IT/IS, and Marketing and Design departments.
Location 2 contains the HR, Sales, and Research departments
Location 3 contains the Manufacturing and Prototyping departments.
The HR department has sensitive information that can only be viewed by members of the HR department and executive offices. Each location has computers and printers for use within the individual departments but that not to be used by employees from another department. All executives and members of the executive offices are authorized to enter all locations. All other employees only have authority to enter the location they work at.
Prepare a domain structure for Company A as shown in the example below (do not plagiarize) Include Organizational Units (OUs) and a group structure. Paper must be in APA format with correct intext citations and references.
Abstract
This paper will outline the steps required to be taken to prepare a domain and its group structures for company A, which has about 100 employees spread over three locations in the same city, all linked by fast network connections. The IT/IS administration is centralized and includes the helpdesk.
-Location 1 contains the executive offices, IT/IS, and Marketing and Design departments.
-Location 2 contains the HR, Sales, and Research departments
-Location 3 contains the Manufacturing and Prototyping departments.
The HR department has sensitive information that can only be viewed by members of the HR department and executive offices. Each location has computers and printers for use within the individual departments but that not to be used by employees from another department. All executives and members of the executive offices are authorized to enter all locations. All other employees only have authority to enter the location they work at.
Introduction
In order to prepare for a domain, the first thing that has to be decided is how many forests there are going to be and what resources are available. Once this has been done, the administrator can then design the domain prior to going live. In this example, the administrator had to look what levels of trust need to be established to allow for similar entities within the company to communicate between their databases faster without having to go through the main server at the executive office.
Steps to setup the Domain
According to Morimoto, Noel, and Droubi (2010), a fresh installation of Active Directory on Windows Server 2008 R2 domain controllers allows you to choose which functional level you want to start the forest in. If an existing forest is in place, it can be brought to Windows Server 2008 R2 functional level by performing the following steps:
1. Confirm all domain controllers in the forest are upgraded to Windows Server
2008 R2 or rep.
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Company A has about 100 employees spread over three locations in t.docx
1. Company A has about 100 employees spread over three
locations in the same city, all linked by fast network
connections. The IT/IS administration is centralized and
includes the helpdesk.
Location 1 contains the executive offices, IT/IS, and Marketing
and Design departments.
Location 2 contains the HR, Sales, and Research departments
Location 3 contains the Manufacturing and Prototyping
departments.
The HR department has sensitive information that can only be
viewed by members of the HR department and executive offices.
Each location has computers and printers for use within the
individual departments but that not to be used by employees
from another department. All executives and members of the
executive offices are authorized to enter all locations. All other
employees only have authority to enter the location they work
at.
Prepare a domain structure for Company A as shown in the
example below (do not plagiarize) Include Organizational Units
(OUs) and a group structure. Paper must be in APA format with
correct intext citations and references.
Abstract
This paper will outline the steps required to be taken to prepare
a domain and its group structures for company A, which has
about 100 employees spread over three locations in the same
city, all linked by fast network connections. The IT/IS
administration is centralized and includes the helpdesk.
-Location 1 contains the executive offices, IT/IS, and Marketing
and Design departments.
-Location 2 contains the HR, Sales, and Research departments
2. -Location 3 contains the Manufacturing and Prototyping
departments.
The HR department has sensitive information that can only be
viewed by members of the HR department and executive offices.
Each location has computers and printers for use within the
individual departments but that not to be used by employees
from another department. All executives and members of the
executive offices are authorized to enter all locations. All other
employees only have authority to enter the location they work
at.
Introduction
In order to prepare for a domain, the first thing that has to be
decided is how many forests there are going to be and what
resources are available. Once this has been done, the
administrator can then design the domain prior to going live. In
this example, the administrator had to look what levels of trust
need to be established to allow for similar entities within the
company to communicate between their databases faster without
having to go through the main server at the executive office.
Steps to setup the Domain
According to Morimoto, Noel, and Droubi (2010), a fresh
installation of Active Directory on Windows Server 2008 R2
domain controllers allows you to choose which functional level
you want to start the forest in. If an existing forest is in place, it
can be brought to Windows Server 2008 R2 functional level by
performing the following steps:
1. Confirm all domain controllers in the forest are upgraded to
Windows Server
2008 R2 or replaced with new Windows Server 2008 R2 DCs.
2. Open Active Directory Domains and Trusts from the
Administrative Tools menu on a domain controller.
3. In the left scope pane, right-click on the domain name, and
then click Raise Domain Functional Level.
4. In the box labeled Raise Domain Functional Level, select
Windows Server 2008 R2, and then click Raise.
3. 5. Click OK and then click OK again to complete the task.
6. Repeat steps 1–5 for all domains in the forest.
7. Perform the same steps on the root node of Active Directory
Domains and Trusts, except this time choose Raise Forest
Functional Level and follow the prompts (Morimoto, Noel, &
Droubi, 2010, para. Improvements in Security in Windows
Server 2008 R2).
Company A has three offices in the same city. An Active
Directory plan will help to computerize and smooth the daily
activities of network management.
The IT/IS administration office for Company A is the
centralized location for the merging of the company’s networks.
The IT department will unite the domains into a single AD
domain, and at the same time maintain the administrative
autonomy between departments. The result is a single Active
Directory domain named companya.com that utilized eight
separate OUs, one for each department, similar to the structure
shown in Fig. 4.2
An AD DS tree is comprised of multiple domains connected by
two-way transitive trusts. In Figure 4.2, the root domain of the
AD DS tree is companya.com and the subdomains are
south.companya.com and north.companya.com (Morimoto, Noel,
& Droubi, 2010, para. Improvements in Security in Windows
Server 2008 R2).
Fig 4.2
Figure 1 Organizational unit design.
The company departments that comprise the Organizational Unit
4. design are:
Information Technology/Information Systems
Marketing
Design
Human Resources
Sales
Research
Manufacturing
Prototyping
Company customers, users, information systems, and equipment
such as scanners, printers, and laptops are essential to keep the
company productive, and these will need to be accounted for.
These products will all be controlled and managed through the
Active Directory at all locations.
Company A’s Active Directory set up will comprise Forest,
Trees, Domains, Associational Units, and Groups. The Forest
will be implemented at the executive offices.
Administrative rights are allocated to each OU by creating
special global groups whose members included the local
administrators for each department, as shown in Figure 2. These
groups were then delegated password change, user
creation/deletion, and other typical administrative capabilities
on their respective department's OUs through use of the
Delegation of Control Wizard (Morimoto, Noel, & Droubi, para.
Improvements in Security in Windows Server 2008 R2, 2010).
Figure 2 Delegation control task completion.
Group Structure for company A was generated with eight
different global groups that hold users from each department.
The global groups were named as follows:
IT/IS Global
Marketing Global
Design Global
Human Resources Global
Sales Global
5. Research Global
Manufacturing Global
Prototyping Global
Resources were assigned domain local groups that followed a
standard naming scheme, such as that represented in the
following examples:
Printer1 DL
FileServer1 DL
MailServer1 DL
Security rights for all resources were given to the appropriate
domain local groups that were set up. The global groups were
added as members to those groups as appropriate. As an
example, the printer named Printer1 was physically located in
an area between both the Marketing and the Design
departments. It was determined that this printer should be
accessible from both groups. Consequently, printing access was
given to the Printer1 DL group, and both the Marketing Global
and Design Global groups were added as members to the
Printer1 DL group, as shown in Figure 3.
Figure 3 Nesting groups to assign permissions.
This type of resource security allowed for the greatest amount
of flexibility and reduced the replication of group membership
needed in the domain. If, at a later time, the decision is made to
allow the IT department to print off Printer1 as well, simply
adding the IT Global group into the Printer1 DL group will do
the trick (para. Improvements in Security in Windows Server
2008 R2).
Reference
Morimoto, R., Noel, M., Droubi, O., Mistry, R., & Amaris, C.
(2010). Windows Server 2008 R2 unleashed. Indianapolis, IN:
Sams.
companya.com
south.companya.comNorth.company.com
6. �
companya.com
south.companya.com
North.company.com
Assume for this assignment that Kudler Fine Foods is running
Windows Server® 2008 R2. The company has three locations,
each overseen by a store manager. Each store manager has
access to a desktop, a laptop, and a printer/scanner/fax machine.
This equipment is authorized for use according to the following
rules:
The desktop and laptop are authorized for use by the store
manager, President Kathy Kudler ,and the president’s
administrative assistant.
The printer/scanner/fax machine is authorized for use by the
store employees where it is located, as well as President Kathy
Kudler and the president’s administrative assistant.
The director of store operations can use any equipment in any
location.
Design group objects to implement group policies to manage
access to these resources. Document the group design using the
following table:
Name
Membership
Type
Scope
Permissions
7. During your work on the network operating system, you become
concerned about threats such as disk failures, administrative
errors, natural disasters, and the impact of unauthorized changes
to data.
How do you plan to recover from these types of loss of current
AD DS and other critical information?
What utilities might you investigate to help accomplish your
plan?
(Examples of above assignment below – do not plagiarize)
· The desktop and laptop are authorized for use by the
store manager, President Kathy Kudler ,and the president’s
administrative assistant.
· The printer/scanner/fax machine is authorized for use by
8. the store employees where it is located, as well as President
Kathy Kudler and the president’s administrative assistant.
· The director of store operations can use any equipment in
any location. Design group objects to implement group policies
to manage access to these resources. Document the group design
using the following table:
Name
Membership
Type
Scope
Permissions
Director
Management
Security Group
Universal
Enterprise Admin
President/Administrative Assistant
Management
Security Group
Global
Group Policy Creator/Owner
Store Manager
Management
Security Group
Local
Domain User
GenEmployee
GenUser
Security Group
Local
Print Operator
9. Group Policies are designed with the platform of the forest
consisting of the following domain structure:
· kudler.com – main
· locX.kudler.com – sub – X=location number eg: 1,2,3,4 etc….
Each scope is given access per domain forest. Local users
would be constrained to a local machine(s) within each specific
domain location. Global users would have access to the entirety
of each given domain and the Universal scope would allow
access to the entire forest of domains.
Permissions allowed are based on default permission
settings for these groups:
· Enterprise Admins - Members in the Enterprise Admins group
are given absolute full permissions to perform any actions in the
entire forest. This encompasses functions such as managing the
trust relationships and adding domains to the trees and forests.
· Domain Users - The Domain Users group generally contains
all of current user accounts for the declared domain. This group
is given basic permissions to resources and data that do not
need higher levels of security.
· Group Policy Creator Owners - Group Policy Creator Owners
group are all able to create/modify Group Policy settings for
objects in the domain. This gives them the ability to enable
security settings on OUs (and any of the objects that they
contain).
· Print Operators - By default, members of the Print Operators
group are granted permissions to administer all of the printers
in a domain. This also includes common functions like changing
the priority of print jobs in queue and removing items from the
active print queue.
10. All of the users at Kudler Fine Foods are organized into
groups and assigned permissions based on the following model
of assignment:
(
OU
) (
OU
) (
OU
) (
GROUPS
) (
USERS
)
AD Disaster Recovery Strategy
Kudler Fine Foods needs a Disaster Recovery process in
case of theft, fire, flood etc. There are a few tools we will need
to put in place in order to protect the integrity of the system
structure and data. Windows 2008 Server contains (WSB)
Windows Server Backup tool which is a GUI based component.
By default, it is NOT installed as a feature. Using the Server
Management Console we will install the WSB as well as the
basic CLI support tools. Using the WSB, we will create a
system backup of AD structure and data. Along with the AD
backup, we WSB to create a system state backup along with a
(BMR) Bare Metal Restore. All of the backups will be stored
on disk in a fire-proof safe as well as moved off-site to a secure
data vault location. The BRM feature will allow the Kudler
Systems Administrators to easily create a mirror running image
of the existing system and duplicate it on a fresh piece of
hardware such as a new server out-of-the-box.
References
11. Hester, M., & Henley, C. (2010). Windows 2008 Server R2
Administration . : Sybex.
Mar-Elia, D. (2010). Windows Server 2008 R2 and Windows 7
Group Policy. (cover story). Windows IT Pro, 16(6), 23.
Another example:
Example Table 1. User Groups
Name
Membership
Type
Scope
Permissions
LaJollaPrinters
LaJollaEmployees, Execs, LaJollaStoreMgmt
Security Group
La Jolla OU
Print
EncinitasPrinters
EncinitasEmployees, Execs, EncinitasStoreMgmt
Security Group
Encinitas OU
Print
DelMarPrinters
DelMarEmployees, Execs, DelMarStoreMgmt
Security Group
Del Mar OU
Print
Execs
Kathy Kudler, Dir of Store Ops, Admin Assistant
Security Group
Global
Print, Cancel Jobs, Logon
LaJollaComputers
Execs, LaJollaStoreMgmt
Security Group
La Jolla OU
12. Logon
EncinitasComputers
Execs, DelMarStoreMgmt
Security Group
Encinitas OU
Logon
DelMarComputers
Execs, DelMarStoreMgmt
Security Group
Del Mar OU
Logon
Name
Membership
Type
Scope
Permissions
Kathy Kudler
President
Security
Global Group
All systems/all locations
Admin Assist
President
Security
Global Group
13. All systems/all locations
Director of SO
President
Security
Global Group
All systems/all locations
Manager La Jolla
La Jolla
Security
Domain Local Group
All La Jolla systems
Employees La Jolla
La Jolla
Security
Domain Local Group
Printer/scanner/fax machine
Manager Del Mar
Del Mar
Security
Domain Local Group
All Del Mar systems
Employees Del Mar
Del Mar
Security
Domain Local Group
Printer/scanner/fax machine
Manager Encinitas
Encinitas
Security
Domain Local Group
All Encinitas systems
Employees Encinitas
Encinitas
Security
Domain Local Group
Printer/scanner/fax machine
14. KUDLER FINE FOODS
OVERVIEW NETWORK DIAGRAM
La Jolla Store
and Home
Office
Del Mar Store Encinitas Store
T3 Dedicated Line
Connecting all 3
stores
together
KUDLER FINE FOODS
La Jolla Store Network
100 Base T Ethernet100 Base T Ethernet
POS
terminals
For store
POS
Server
All POS terminals are
15. complete NCR
RealPOS 82XRT
terminals with
scanners, cash
draws, touch screens
and printers
La Jolla runs NCR
POS management
SW
5 U
HP Blade Server
system
c3000 system
Unix OS
SAP Retail SW
Print/File
Communications
Email
Storage
Web
3 U
APC Smart
UPS
5000VA
16. 208V
Support
entire
server room
NAS
10 TB
Total 19 computers
13 Corporate Admin
6 store management
All computers
Dell Vostro
22" screens
i3 Processor 3.3 GHz
4 GB RAM
Windows 7
500 GB HD 7200 RPM
CD/RW drive
802.11n
Dedicated OC 1
SONET
To Del Mar &
Encinitas
Fiber Link
for NAS
17. 19
VOIP
Phones
25 Mbps
To
Internet
3 printers in
back office
1 - HP
CM2320nf
Multifunction
in corporate
2-HP P3015n
B&W laser
KUDLER FINE FOODS
Del Mar Store Network
100 Base T Ethernet100 Base T Ethernet
POS
terminals
For store
POS
Server
18. All POS terminals are
complete NCR
RealPOS 82XRT
terminals with
scanners, cash
draws, touch screens
and printers
5 U
HP Blade Server
system
c3000 system
Unix OS
LAN OS
Communications
Email
Storage
Web
3 U
APC Smart
UPS
5000VA
208V
Support
entire
server room
19. Total 6 computers
All computers
Dell Vostro
22" screens
i3 Processor 3.3 GHz
4 GB RAM
Windows 7
500 GB HD 7200 RPM
CD/RW drive
802.11n
Dedicated OC 1
SONET
To La Jolla
6
VOIP
Phones
25 Mbps
To
Internet
HP Color
Laserjet
CM2320mf
Multi- Function
20. KUDLER FINE FOODS
Encinitas Store Network
100 Base T Ethernet100 Base T Ethernet
POS
terminals
For store
POS
Server
All POS terminals are
complete NCR
RealPOS 82XRT
terminals with
scanners, cash
draws, touch screens
and printers
5 U
HP Blade Server
system
c3000 system
Unix OS
LAN OS
Communications
Email
22. 6
VOIP
Phones
25 Mbps
To
Internet
HP Color
Laserjet
CM2320mf
Multi- Function
KudlerNetworkOverviewKudlerNetworkOverview2010.vsdPage-
1KudlerNetworkLajollaKudlerNetworkLajolla2002.vsdPage-
1KudlerNetworkDelMarKudlerNetworkDelMar2002.vsdPage-
1KudlerNetworkEncinitasKudlerNetworkEncinitas.vsdPage-1