Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
Define Organizational Units |
a type of container which allows you to hierarchically group objects and resources |
|
|
What are some characteristics of OUs? |
- unlike security groups, permissions cannot be assigned to OUs - The objects inside OUs can be considered security principals, but the OUs themselves are not - typically users are assigned to groups, and then groups may be placed into OUs - OUs are "smaller" containers than domains in that an OU may only contain objects from the domain in which the OU exists - while OUs may be nested, too many levels of nesting can slow performance and make understanding of property inheritance confusing |
|
|
What are the benefits of using OUs? |
- they are the smallest unit to which you can delegate management permissions - The OU structure is more flexible than the domain structure, and is easier to change - You can set Group Policy settings on OUs - You can delegate the administration of OUs and their contents to selected users and groups - child OUs can inherit settings for the parent OUs |
|
|
_____ allows you to allow specific people or groups to manage selected portions of the AD DS hierarchy |
delegating authority |
|
|
What are the advantages of delegating authority over an OU? |
- Reducing the number of administrators that have global privileges - Limiting the scope errors |
|
|
define Delegation Model |
the principles you will use to determine the structure underlying which tasks can be delegated to which types of users |
|
|
define Group |
a collection of user or computer accounts that can function as a security principal |
|
|
Rather than assigning permissions to users or computers individually, permissions can be assigned to a _____ and in doing so, to all members of that _____ |
group |
|
|
What are the advantages of groups? |
- once a group and its permissions have been established, it's simple to grant additional users the same permissions by just adding them to the group - to revoke a user's access, rather than modifying the permissions for the user, the user's account can simply be removed from the group - if the type of access to a resource needs to be changed for all the users in a group, rather than altering all the users' permissions individually, you can just modify the permissions for the group |
|
|
When a user logs on, an _________ is created that identifies the user and their group memberships |
access token |
|
|
List and define the 2 types of groups in Windows Server 2012 R2 |
Distribution Groups: used for applications like MS Exchange, to control who gets group email messages, cannot be used to assign permissions Security Groups: used for granting resource access permissions to users in the group |
|
|
The _______ specifies the location of the resources that the group controls permissions for, as well as what objects the group can have as members |
group scope |
|
|
What are the three possible group scopes? |
domain local, global, and universal |
|
|
Define Domain Local Scope |
used to assign permissions to resources that are in the same domain as the group you are creating |
|
|
what can domain local groups contain? |
- user and computer accounts from any domain in the forest, or in trusted forests - domain local groups from the same domain as the group you're creating - global groups from any domain in the forest - universal groups from any domain in the forest |
|
|
define Global Scope |
used to assign permissions to resources that're in any domain in the forest that contains the group you are creating |
|
|
What can global groups contain? |
- user and computer accounts from the same domain as the group you're creating - global groups from the same domain as the group you're creating |
|
|
define Universal Scope |
used to assign permissions to resources that are in any domain in the forest that contains the group you are creating |
|
|
What can Universal Groups contain? |
- user and computer accounts from any domain in the same forest as the group you are creating - global groups from any domain in the same forest as the group you are creating - universal groups from any domain in the same forest as the group you are creating |
|
|
What are the three notes for nesting groups? |
- universal groups can be nested only in global and universal groups - global groups can be nested in domain local, global, and universal groups - domain local groups can be nested only in other domain local groups |
