Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
52 Cards in this Set
- Front
- Back
|
Groups that Define Roles
|
These Groups, referred to as role groups, contain users, computers, and other role groups based on common business characteristics such as a location, job type and so on.
(Microsoft, 2011 p. 4-5) |
|
|
Groups that define management rules
|
These groups referred to as rule groups, contain users, computers, and other role groups based on common business characteristics such as location, job type, and so on.
(Microsoft, 2011 p. 4-5) |
|
|
Group Name Properties
|
The cn and name of group object must be unique only within the OU
(Microsoft, 2011 p. 4-6) |
|
|
Group Name Properties (pre-Windows 2000).
|
sAMAccountNAme of Group, unique in domain
(Microsoft, 2011 p. 4-6) |
|
|
Distributions Group
|
- used only with email applications
- Not security enabled (no SID) cannot be given permissions (Microsoft, 2011 p. 4-8) |
|
|
Security Group
|
- Security Principal wit a SID; can be given permissions
- Can also be emailed (Microsoft, 2011 p. 4-8) |
|
|
What are the group Scopes
|
1. Local
2. Global 3. Domain Local 4. Universal (Microsoft, 2011 p. 4-9) |
|
|
What are the characteristics that Distinguish each scope?
|
1. Replication
2. Membership 3. Availability (scope) (Microsoft, 2011 p. 4-9) |
|
|
Replication (scope)
|
Where is the group defined, and what systems is the group replicated?
(Microsoft, 2011 p. 4-9) |
|
|
Membership (scope)
|
What types of security principles can the group contain as members? Can the group include Security principals from a trusted source?
(Microsoft, 2011 p. 4-9) |
|
|
Availability (scope)
|
Where can the group be used? Is the group available to add to an ACl?
|
|
|
What are the characteristics for Global Groups?
|
1. Replication
2. Membership 3. Availability/Scope (Microsoft, 2011 p. 4-13) |
|
|
Replication (Global Groups)
|
- Defined in the domain naming context
- Group and Membership is replicated to every DC in Domain (Microsoft, 2011 p. 4-13) |
|
|
Membership (Global Groups)
|
Only security Principals from the same domain U, C,GG, DLG
(Microsoft, 2011 p. 4-13) |
|
|
Availability (Global Groups)
|
- Available for use by all domains in the forest, and all trusting external domains
- Can be on ACLs on any resource on any computer in any of those domains -- Can be a member of any DLG or UG in the forest, and any DLG in a trusting external domain (Microsoft, 2011 p. 4-13) |
|
|
What are the characteristics for Universal Groups?
|
1. Replication
2. Membership 3. Availability/Scope (Microsoft, 2011 p. 4-14) |
|
|
Replication (Universal Groups)
|
- Defined in a single domain in the forest
-Replicated to the global catalog (forest-wide) 1. Replication 2. Membership 3. Availability/Scope (Microsoft, 2011 p. 4-14) |
|
|
Membership (Universal Group)
|
U, G, GG, an UG,from any domain in the forest
(Microsoft, 2011 p. 4-14) |
|
|
Availability/Scope (Universal Group)
|
- Available to every domain and domain member in the forest
- Can be on ACLs on any resource on any system in the forest - Can be a member of other UGs or DLGs anywhere in the forest (Microsoft, 2011 p. 4-14) |
|
|
Useful tips for multi domain forests in Universal groups
|
- Defining roles that include members from multiple domains
- Defining business management rules that manage resources in multiple domains in the forest (Microsoft, 2011 p. 4-14) |
|
|
Who are the members in a Local Group Scope?
|
- Users
- Computers - Global Users - Universal Groups - Domain Local Groups - Also, local users defined on the same computer as the local group (Microsoft, 2011 p. 4-16) |
|
|
Who are the members of a Domain Local Group
|
- Users
- Computers - Global Users - Domain Local Groups - Universal Groups (Microsoft, 2011 p. 4-16) |
|
|
Who are the members of a Universal Group?
|
- Users
- Computer - Global Groups - Universal Groups (Microsoft, 2011 p. 4-16) |
|
|
Who are the members of a Global Group?
|
- Users
- Global Groups (Microsoft, 2011 p. 4-16) |
|
|
IGDLA
|
I - Identities
G - Global Groups DL - Domain Local A - Access to resources (Microsoft, 2011 p. 4-17) |
|
|
Identities (Group Management Strategy)
|
user and component accounts are members of :
|
|
|
Global Groups (Group Management Strategy)
|
that represent business roles. Those role groups (global Groups0) are members of:
(Microsoft, 2011 p. 4-17) |
|
|
Domain Local Groups (Group Management Strategy)
|
that represent Management - rules - determining who has read permission to a specific collection of folders, for example. These rule groups (domain local groups) are granted.
(Microsoft, 2011 p. 4-17) |
|
|
Access To Resources (Group Management Strategy)
|
In the case of a shared folder, access is granted by adding the domain local group to the folder's access control list (ACL) with a permission that provides appropriate level of access.
(Microsoft, 2011 p. 4-17) |
|
|
Nesting
|
Is the acronym AGDLP
(Microsoft, 2011 p. 4-14) |
|
|
Enterprise Admins (User Container of the Forest Root Domain)
|
This group member of the Administrations group in every domain in the forest, giving it complete access to the configuration of all domain controllers . It also owns the configuration partition of the directory and has full control of the domain naming context in all forest domains.
(Microsoft, 2011 p. 4-19) |
|
|
Schema Admins (User container of the Forest Root Domain)
|
This group owns and has full control of the active directory schema.
(Microsoft, 2011 p. 4-19) |
|
|
Administrators (Bultin Container of each domain)
|
This group has complete control over all domain controllers and data in the domain naming context. It can change the membership of all other administrative groups in the domain, and the administrators group in the forest root domain can change the membership of the Enterprise Admins, Schema Admins, and Domain Admins. The Administrator groups in the forest root domain is arguably the most powerful service administration group in the forest.
(Microsoft, 2011 p. 4-19) |
|
|
Domain Admins (User Control for each domain)
|
This group is added to the Administrators group of its domain. It therefore inherits all of the capabilities of the Administrators Group. It is also, by default, added to the local Administrators group of each domain member computer, giving Domain Admins ownership of all domain computers
(Microsoft, 2011 p. 4-19) |
|
|
Server Operators (Built in Container of Each Domain)
|
This group can perform maintenance tasks on domain controllers. It has the right to log on locally, start and stop services, perform backup and restore operations, format disks, create or delete shares and shut down domain controllers. By default, this group has no members.
(Microsoft, 2011 p. 4-20) |
|
|
Account Operators (Built in Container of Each Domain)
|
This group can create, modify and delete accounts for users, groups, and computers located in any OU in the domain (except the Domain Controllers OU) and in the users and Computers container. Account Operation Cannot modify accounts that are members of the Administrators or Domain Admins Group, nor can they modify those groups. Account Operators can also log on locally to domain controllers. By default, this group has no members.
(Microsoft, 2011 p. 4-20) |
|
|
Backup Operators (Built-In Container of Each Domain)
|
This group can perform backup and restore operation domain controllers. By default, this group has no members.
(Microsoft, 2011 p. 4-20) |
|
|
Print Operators (Built-In Container of Each Domain)
|
This group can maintain print Ques on domain controllers, and log on locally and shut down domain controllers.
(Microsoft, 2011 p. 4-20) |
|
|
Anonymous Logon
|
This identity represents connections to a computer and its resources that are made without supplying a user name and password. Prior to Windows Server 2003, this was a member of the Everyone's group. Beginning with Windows Server 2003, this group is no longer a default members group.
(Microsoft, 2011 p. 4-21) |
|
|
Authenticated Users
|
This represents identities that have h=been authenticated. This Group does not include Guest, even if the guest account has a password.
(Microsoft, 2011 p. 4-21) |
|
|
Everyone
|
This identity includes Authenticated Users and Guest Account. On computers running versions of windows earlier than Windows Server 2003, this group includes anonymous logon .
(Microsoft, 2011 p. 4-21) |
|
|
Interactive
|
This represents users accessing a resource while logged on locally to the computer that hosting the resource, as opposed to accessing the resource over the network. When a user accesses any given resource on a computer to which the user is logged on locally, the user is automatically added to the Interactive group for that resource. Interactive also includes users logged on through a Remote Desktop.
(Microsoft, 2011 p. 4-21) |
|
|
Network
|
This represents users accessing a resource over the network, as opposed to users who are logged on locally at the computer that is hosting the resource. When a user access any given resource over the network, the user is automatically added to the Network Group for that resource.
(Microsoft, 2011 p. 4-21) |
|
|
DSGET
|
Returns the current value of the specified directory object property
(Microsoft, 2011 p. 4-26) |
|
|
DSQuery
|
Allows the directory service to be searched to be searched for an object or all objects with like properties
(Microsoft, 2011 p. 4-26) |
|
|
DSMod
|
Helps an administrator change properties for existing directory objects
(Microsoft, 2011 p. 4-26) |
|
|
DSrn
|
Removes objects from the directory
(Microsoft, 2011 p. 4-26) |
|
|
DSAdd
|
Allows administrators to add new directory objects
(Microsoft, 2011 p. 4-26) |
|
|
DSMove
|
Allows objects to be moved from one OU to another
(Microsoft, 2011 p. 4-26) |
|
|
Why document Groups?
|
- Easier to find them
- Easier to understand how and when to use a group- - Establish and adhere to strict naming convention - Summarize group with its description (Microsoft, 2011 p. 4-41) |
|
|
What are the purposes of the managed tab?
|
- Provide Contact information for who manages the group
- Allow specified user ( or group) to modify group membership if manager can update-membership List if selected (Microsoft, 2011 p. 4-45) |
|
|
Can you click apply to change ACL settings?
|
You must click ok in the properties box for ACL update to take affect.
(Microsoft, 2011 p. 4-45) |
