Tony Northrup, CISPP, MCSE, and MVP, is a networking consultant and author living in the Boston, Massachusetts area. During his seven years as Principal Systems Architect at BBN/Genuity, he was ultimately responsible for the reliability and security of hundreds of Windows servers and dozens of Windows domains—all directly connected to the Internet. Needless to say, Tony learned the hard way how to keep Windows systems safe and reliable in a hostile environment. As a consultant, Tony has provided networking guidance to a wide variety of organizations, from Fortune 100 enterprises to small businesses. Tony has authored and co-authored many books on Windows and networking, from NT Network Plumbing to MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a Microsoft Windows Server 2003 Network.
Before you can create user accounts or user profiles, you must understand the types of user accounts and the information necessary to create them. This lesson introduces you to the various types of user accounts, user account naming conventions, and user account password requirements.
After this lesson, you will be able to
Describe the difference between a local user account and a domain user account
Describe the purpose of the built-in accounts
Explain the purpose of user account naming conventions
Explain the user account password requirements
Explain how smart cards are used to authenticate users
You are the domain administrator for City Power & Light (http://ivww.cpandl.com), as introduced in the Troubleshooting Lab of Chapter 5. City Power & Light now has three Active Directory sites, as shown in Figure 6-11. The North and East sites have one domain controller each and the Main site has two domain controllers. All locations contain client computers running Microsoft Windows XP Professional. All servers running Microsoft Windows 2000 were upgraded to Windows Server 2003. The number of employees at each location has not changed.
City Power & Light still has a single Windows 2003 domain. There are three different offices in the Main location. These offices are named Accounting, Human Resources, and Operations. Each location (except Main) is also an office. The offices are named after their geographic location (North, South, East, and West).
Given this information, answer the following questions:
1. Each office with more than 100 users is allowed to hire its own network administrator. Network administrators should be allowed to create, delete, rename, reset, and manage the user accounts and computer accounts of those offices. Currently, the East, North, and Operations offices have more than 100 users apiece. What should you do?
2. The North, South, East, and West offices all require the same specialized software. However, none of the other offices require this software. What are ways in which you can organize the Active Directory structure to accommodate these requirements while distributing the software using Group Policy?
3. A total of 50 contracted employees are hired to work in the Operations office. They require different software than the rest of the users in the Operations office. Furthermore, the manager of the Operations office wants you to lock down specific portions of their desktops. The network administrator of the Operations OU needs your help. You must ensure that the network administrator of the Operations OU can manage these users and their computers. What should you do?
| Advertisement |
|
|
 |