SlideShare a Scribd company logo

Network Implementation and Support Lesson 04 Group and Computer Accounts - Eric Vanderburg

Download as PPT, PDF
Eric Vanderburg
Eric Vanderburg

The document discusses groups and computer accounts in Active Directory. It describes different types of groups like distribution groups, security groups, global groups, and universal groups. It explains how to place users in groups and assign permissions to groups rather than individual users. The document also covers built-in groups, automatic groups, functional levels, converting groups, and using command line tools to manage groups and computer accounts.

Technology
1 of 17
Network Implementation & Support Chapter 4 Group & Computer Accounts Eric Vanderburg © 2006
Groups • Distribution Groups • Security Groups – Local & Domain Local • For permissions to local resources • Other groups should be inside – Global Group • User accounts should go here – Universal Groups • Contains accounts/groups from entire forest • Native mode only Eric Vanderburg © 2006
Resource 1 User 1 Resource 2 User 2 User 3 Resource 3 Eric Vanderburg © 2006
Local Group Resource 1 Resource 2 User 1 Global Group User 2 User 3 Local Group Resource 3 Eric Vanderburg © 2006
Local Group User 1 Resource 1 Global Group User 2 Resource 2 Universal Group User 3 Local Group Resource 3 Global Group User 1 User 2 Eric Vanderburg © 2006
Group Tabs • General – Type – Scope – Name • Members • Member Of • Managed By Eric Vanderburg © 2006
Group Rules • Users should be placed in groups • Permissions should be given to groups, not individual user accounts • Users can belong to many groups • Effective permissions – End result of all group memberships. All permissions from all groups are added together but deny overrides allow (use deny sparingly) Eric Vanderburg © 2006
Built-in Groups • • • • • • • • • Administrators (Also Domain & Enterprise) Account Operators - Create and manage user accounts Backup Operators - backup & restore Incoming Forest Trust Builders - make one way trusts to the root forest domain Network Configuration Operators - Change TCP/IP settings for DCs Performance Log Users - configure performance counters, logs, & alerts Performance Monitor Users - remotely view performance monitor Print Operators Remote Desktop Users Eric Vanderburg © 2006
Built-in Groups • Replicator - Can change the way AD data is sent between DC’s and can start the replicator • Server Operators - log onto DCs, start & stop services, backup & restore, format… • Cert Publishers - Publish CRL, CTL, & Templates • Enrollment Agent - Issue Certificates • DHCP Administrators • DNS Administrators • Group Policy Creator Owner • Schema Administrators • Help Services Group - Manage Help & Support center (remote assistance) • Guests Eric Vanderburg © 2006
Automatic Groups • User Groups • Everyone • Authenticated Users – non guest users • Interactive – local user • Network – logged onto domain • Creator / Owner • Anonymous Logon • Terminal Services User • Dialup Program/Service Groups • Service • Batch • System Eric Vanderburg © 2006
Functional Levels Functional Level Supported DC OS Windows 2000 Mixed Windows NT 4.0 Windows 2000 Windows Server 2003 Windows 2000 Native Windows 2000 Windows Server 2003 Windows Server 2003 Interim Windows NT 4.0 Windows Server 2003 Windows Server 2003 Windows Server 2003 • Can be a domain or forest functional level Eric Vanderburg © 2006
Functional Levels Functional Level Options Windows 2000 Mixed No Universal Groups & Nesting Windows 2000 Native Universal Groups Allowed, Group Nesting Allowed, Group Conversion Allowed, SID History Win Server 2003 Interim No Universal Groups & Nesting Windows Server 2003 Universal Groups Allowed, Group Nesting Allowed, Group Conversion Allowed, SID History, Rename DC’s Eric Vanderburg © 2006
Converting Groups • Groups can be changed by type or scope • Cannot be changed in a way that would violate a rule. Ex: Universal group containing other universal groups is changed to a global group. (Global groups cannot contain Universal groups) • Global cannot be changed to domain local • Domain local cannot be changed to global Eric Vanderburg © 2006
Computer Accounts • Used to restrict access to the domain to certain computers • Must be Domain/Enterprise admin to add computers • Managed computer - connects with a RIS server to download a Windows installation tailored for that computer • Each one has a password. Must be synchronized at least every 30 days Eric Vanderburg © 2006
Command Line • Commands can work for the following: – User – Group – Computer – Contact – OU – Site Eric Vanderburg © 2006
Command Line • Dsadd group “ldap” –secgrp yes –scope u –memberof “ldap” –members “ldap” • Dsmod group “ldap” –desc “description” – rmmbr “ldap of member to remove” – addmbr “ldap of member to add” • Dsquery group –scope u –name “name” – desc “description” – Can also be used on quotas & partitions • Dsmove “ldap” –newparent “ldap” – newname “name” Eric Vanderburg © 2006
Command Line • Dsrm “ldap” – removes entries • Dsget group “ldap” –members -memberof – Get members or member of groups • Netdom reset computer /domain: domain – Reset a computer account Eric Vanderburg © 2006

Recommended

LAN Fundamentals
LAN FundamentalsLAN Fundamentals
LAN Fundamentals
Steven Baule
 
Unit09
Unit09Unit09
Unit09
Nurul Nadirah
 
The "Cloud" Services - DuraCloud and DuraCloud Vault
The "Cloud" Services - DuraCloud and DuraCloud VaultThe "Cloud" Services - DuraCloud and DuraCloud Vault
The "Cloud" Services - DuraCloud and DuraCloud Vault
DuraSpace
 
MCSA 70-412 Chapter 09
MCSA 70-412 Chapter 09MCSA 70-412 Chapter 09
MCSA 70-412 Chapter 09
Computer Networking
 
The Future of Distributed Databases
The Future of Distributed DatabasesThe Future of Distributed Databases
The Future of Distributed Databases
NuoDB
 
Storing and processing data with the wso2 platform
Storing and processing data with the wso2 platformStoring and processing data with the wso2 platform
Storing and processing data with the wso2 platform
WSO2
 
2012 10 24_briefing room
2012 10 24_briefing room2012 10 24_briefing room
2012 10 24_briefing room
NuoDB
 
Introducing Node.js in an Oracle technology environment (including hands-on)
Introducing Node.js in an Oracle technology environment (including hands-on)Introducing Node.js in an Oracle technology environment (including hands-on)
Introducing Node.js in an Oracle technology environment (including hands-on)
Lucas Jellema
 

Recommended

LAN Fundamentals
LAN FundamentalsLAN Fundamentals
LAN Fundamentals
Steven Baule
 
Unit09
Unit09Unit09
Unit09
Nurul Nadirah
 
The "Cloud" Services - DuraCloud and DuraCloud Vault
The "Cloud" Services - DuraCloud and DuraCloud VaultThe "Cloud" Services - DuraCloud and DuraCloud Vault
The "Cloud" Services - DuraCloud and DuraCloud Vault
DuraSpace
 
MCSA 70-412 Chapter 09
MCSA 70-412 Chapter 09MCSA 70-412 Chapter 09
MCSA 70-412 Chapter 09
Computer Networking
 
The Future of Distributed Databases
The Future of Distributed DatabasesThe Future of Distributed Databases
The Future of Distributed Databases
NuoDB
 
Storing and processing data with the wso2 platform
Storing and processing data with the wso2 platformStoring and processing data with the wso2 platform
Storing and processing data with the wso2 platform
WSO2
 
2012 10 24_briefing room
2012 10 24_briefing room2012 10 24_briefing room
2012 10 24_briefing room
NuoDB
 
Introducing Node.js in an Oracle technology environment (including hands-on)
Introducing Node.js in an Oracle technology environment (including hands-on)Introducing Node.js in an Oracle technology environment (including hands-on)
Introducing Node.js in an Oracle technology environment (including hands-on)
Lucas Jellema
 
Network Implementation and Support Lesson 03 User Accounts - Eric Vanderburg
Network Implementation and Support Lesson 03 User Accounts - Eric VanderburgNetwork Implementation and Support Lesson 03 User Accounts - Eric Vanderburg
Network Implementation and Support Lesson 03 User Accounts - Eric Vanderburg
Eric Vanderburg
 
9781111306366 ppt ch10
9781111306366 ppt ch109781111306366 ppt ch10
9781111306366 ppt ch10
Dr. Ahmed Al Zaidy
 
Secure active directory in one day without spending a single dollar
Secure active directory in one day without spending a single dollarSecure active directory in one day without spending a single dollar
Secure active directory in one day without spending a single dollar
David Rowe
 
Lecture 8 permissions
Lecture 8 permissionsLecture 8 permissions
Lecture 8 permissions
Wiliam Ferraciolli
 
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdfchapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
KhadijaTahir29
 
itft_system admin
itft_system adminitft_system admin
itft_system admin
Swati Aggarwal
 
Creating a fortress in your active directory environment
Creating a fortress in your active directory environmentCreating a fortress in your active directory environment
Creating a fortress in your active directory environment
David Rowe
 
Active directoryfinal
Active directoryfinalActive directoryfinal
Active directoryfinal
Rafał Kucharski
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410
omardabbas
 
Network operating system
Network operating systemNetwork operating system
Network operating system
John Carlo Catacutan
 
Anujit CV
Anujit CV Anujit CV
Anujit CV
Anujit Dandapat
 
Anujit CV
Anujit CV Anujit CV
Anujit CV
Anujit Dandapat
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
APSU
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
APSU
 
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming Workshop
Ajay Choudhary
 
Network Implementation and Support Lesson 09 Group Policy - Eric Vanderburg
Network Implementation and Support Lesson 09 Group Policy - Eric VanderburgNetwork Implementation and Support Lesson 09 Group Policy - Eric Vanderburg
Network Implementation and Support Lesson 09 Group Policy - Eric Vanderburg
Eric Vanderburg
 
Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03
gameaxt
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
Radhika Puthiyetath
 
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
CSD-2881 - Achieving System Production Readiness for IBM PureApplication SystemCSD-2881 - Achieving System Production Readiness for IBM PureApplication System
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
Hendrik van Run
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptx
syedasadraza13
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Eric Vanderburg
 

More Related Content

Similar to Network Implementation and Support Lesson 04 Group and Computer Accounts - Eric Vanderburg

Secure active directory in one day without spending a single dollar
Secure active directory in one day without spending a single dollarSecure active directory in one day without spending a single dollar
Secure active directory in one day without spending a single dollar
David Rowe
 
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdfchapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
KhadijaTahir29
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
APSU
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
APSU
 
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming Workshop
Ajay Choudhary
 
Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03
gameaxt
 
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
CSD-2881 - Achieving System Production Readiness for IBM PureApplication SystemCSD-2881 - Achieving System Production Readiness for IBM PureApplication System
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
Hendrik van Run
 

Similar to Network Implementation and Support Lesson 04 Group and Computer Accounts - Eric Vanderburg (20)

Network Implementation and Support Lesson 03 User Accounts - Eric Vanderburg
Network Implementation and Support Lesson 03 User Accounts - Eric VanderburgNetwork Implementation and Support Lesson 03 User Accounts - Eric Vanderburg
Network Implementation and Support Lesson 03 User Accounts - Eric Vanderburg
 
9781111306366 ppt ch10
9781111306366 ppt ch109781111306366 ppt ch10
9781111306366 ppt ch10
 
Secure active directory in one day without spending a single dollar
Secure active directory in one day without spending a single dollarSecure active directory in one day without spending a single dollar
Secure active directory in one day without spending a single dollar
 
Lecture 8 permissions
Lecture 8 permissionsLecture 8 permissions
Lecture 8 permissions
 
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdfchapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
 
itft_system admin
itft_system adminitft_system admin
itft_system admin
 
Creating a fortress in your active directory environment
Creating a fortress in your active directory environmentCreating a fortress in your active directory environment
Creating a fortress in your active directory environment
 
Active directoryfinal
Active directoryfinalActive directoryfinal
Active directoryfinal
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410
 
Network operating system
Network operating systemNetwork operating system
Network operating system
 
Anujit CV
Anujit CV Anujit CV
Anujit CV
 
Anujit CV
Anujit CV Anujit CV
Anujit CV
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
 
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming Workshop
 
Network Implementation and Support Lesson 09 Group Policy - Eric Vanderburg
Network Implementation and Support Lesson 09 Group Policy - Eric VanderburgNetwork Implementation and Support Lesson 09 Group Policy - Eric Vanderburg
Network Implementation and Support Lesson 09 Group Policy - Eric Vanderburg
 
Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
 
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
CSD-2881 - Achieving System Production Readiness for IBM PureApplication SystemCSD-2881 - Achieving System Production Readiness for IBM PureApplication System
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptx
 

More from Eric Vanderburg

Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 

More from Eric Vanderburg (20)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 

Recently uploaded

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 

Recently uploaded (20)

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 

Network Implementation and Support Lesson 04 Group and Computer Accounts - Eric Vanderburg

  • 1. Network Implementation & Support Chapter 4 Group & Computer Accounts Eric Vanderburg © 2006
  • 2. Groups • Distribution Groups • Security Groups – Local & Domain Local • For permissions to local resources • Other groups should be inside – Global Group • User accounts should go here – Universal Groups • Contains accounts/groups from entire forest • Native mode only Eric Vanderburg © 2006
  • 3. Resource 1 User 1 Resource 2 User 2 User 3 Resource 3 Eric Vanderburg © 2006
  • 4. Local Group Resource 1 Resource 2 User 1 Global Group User 2 User 3 Local Group Resource 3 Eric Vanderburg © 2006
  • 5. Local Group User 1 Resource 1 Global Group User 2 Resource 2 Universal Group User 3 Local Group Resource 3 Global Group User 1 User 2 Eric Vanderburg © 2006
  • 6. Group Tabs • General – Type – Scope – Name • Members • Member Of • Managed By Eric Vanderburg © 2006
  • 7. Group Rules • Users should be placed in groups • Permissions should be given to groups, not individual user accounts • Users can belong to many groups • Effective permissions – End result of all group memberships. All permissions from all groups are added together but deny overrides allow (use deny sparingly) Eric Vanderburg © 2006
  • 8. Built-in Groups • • • • • • • • • Administrators (Also Domain & Enterprise) Account Operators - Create and manage user accounts Backup Operators - backup & restore Incoming Forest Trust Builders - make one way trusts to the root forest domain Network Configuration Operators - Change TCP/IP settings for DCs Performance Log Users - configure performance counters, logs, & alerts Performance Monitor Users - remotely view performance monitor Print Operators Remote Desktop Users Eric Vanderburg © 2006
  • 9. Built-in Groups • Replicator - Can change the way AD data is sent between DC’s and can start the replicator • Server Operators - log onto DCs, start & stop services, backup & restore, format… • Cert Publishers - Publish CRL, CTL, & Templates • Enrollment Agent - Issue Certificates • DHCP Administrators • DNS Administrators • Group Policy Creator Owner • Schema Administrators • Help Services Group - Manage Help & Support center (remote assistance) • Guests Eric Vanderburg © 2006
  • 10. Automatic Groups • User Groups • Everyone • Authenticated Users – non guest users • Interactive – local user • Network – logged onto domain • Creator / Owner • Anonymous Logon • Terminal Services User • Dialup Program/Service Groups • Service • Batch • System Eric Vanderburg © 2006
  • 11. Functional Levels Functional Level Supported DC OS Windows 2000 Mixed Windows NT 4.0 Windows 2000 Windows Server 2003 Windows 2000 Native Windows 2000 Windows Server 2003 Windows Server 2003 Interim Windows NT 4.0 Windows Server 2003 Windows Server 2003 Windows Server 2003 • Can be a domain or forest functional level Eric Vanderburg © 2006
  • 12. Functional Levels Functional Level Options Windows 2000 Mixed No Universal Groups & Nesting Windows 2000 Native Universal Groups Allowed, Group Nesting Allowed, Group Conversion Allowed, SID History Win Server 2003 Interim No Universal Groups & Nesting Windows Server 2003 Universal Groups Allowed, Group Nesting Allowed, Group Conversion Allowed, SID History, Rename DC’s Eric Vanderburg © 2006
  • 13. Converting Groups • Groups can be changed by type or scope • Cannot be changed in a way that would violate a rule. Ex: Universal group containing other universal groups is changed to a global group. (Global groups cannot contain Universal groups) • Global cannot be changed to domain local • Domain local cannot be changed to global Eric Vanderburg © 2006
  • 14. Computer Accounts • Used to restrict access to the domain to certain computers • Must be Domain/Enterprise admin to add computers • Managed computer - connects with a RIS server to download a Windows installation tailored for that computer • Each one has a password. Must be synchronized at least every 30 days Eric Vanderburg © 2006
  • 15. Command Line • Commands can work for the following: – User – Group – Computer – Contact – OU – Site Eric Vanderburg © 2006
  • 16. Command Line • Dsadd group “ldap” –secgrp yes –scope u –memberof “ldap” –members “ldap” • Dsmod group “ldap” –desc “description” – rmmbr “ldap of member to remove” – addmbr “ldap of member to add” • Dsquery group –scope u –name “name” – desc “description” – Can also be used on quotas & partitions • Dsmove “ldap” –newparent “ldap” – newname “name” Eric Vanderburg © 2006
  • 17. Command Line • Dsrm “ldap” – removes entries • Dsget group “ldap” –members -memberof – Get members or member of groups • Netdom reset computer /domain: domain – Reset a computer account Eric Vanderburg © 2006