Stage Two—Creating a Domain Plan

02.02.2011 | Autor: Zhuimeng | Category: Business | Leave comment

After analyzing your organization’s requirements, the first step in creating a domain TS windows vista plan is to determine the number of domains required. Because adding domains to the forest increases management and hardware costs, you should minimize the number of domains. Once you’ve created a domain, the domain cannot be easily moved or renamed. However, you might need to consider using multiple domains in the follow?ing situations:
To meet required security policy settings, which are linked to domains
To meet special administrative requirements, such as legal or privacy concerns
To optimize replication traffic
To retain Windows NT domains
To establish a distinct namespace
The second step in creating a domain plan is to define the forest root domain. You can choose an existing domain for the forest root or designate a new domain to serve as a dedicated forest root domain. Using a dedicated forest root domain provides advantages in security administration, replication traffic, and scalability. Define your forest root domain with caution, because once you’ve named the free 70-620 test questions forest root domain you cannot change it without renaming and reworking the entire Active Directory tree.
The third step in creating a domain plan is to define a domain hierarchy and name domains. To define the domain hierarchy, you must perform the following actions:
Determine the number of domain trees
Designate tree root domains for each of the trees
Arrange the remaining subdomains in a hierarchy under the root domains
To name domains, you must perform the following actions:
Assign a DNS name to the forest root domain for each forest in the organization
Assign a DNS name to each tree root domain
Assign DNS names to each remaining subdomain, according to its position in the
hierarchy
Finally, you determine the placement of DNS servers. You also plan additional zones, determine the existing DNS services employed on DNS servers, and determine the zone replication method to use. The end result of a domain plan is a domain hierarchy free CompTIA IT certification test questions diagram that includes domain names and planned zones.

Read more on Stage Two—Creating a Domain Plan…

Designing a Strategy for Hardening Client Operating Systems

28.01.2011 | Autor: Zhuimeng | Category: Business | Leave comment

An OU infrastructure alone -won’t provide security for client systems. The Group Policy policies that will link to the Microsoft exam 70-291 must be designed, and a strategy must he developed to harden client operating systems that are not member servers or to address security settings that cannot be maintained via Group Policy. To complete the design, you must use security templates, administrative templates, software restriction policies, and local computer tools. This lesson teaches you how.
Tracks use of domain account logon records. Also, records remote connections to the client. If file and print sharing is enabled to provide access for remote administration, records of administrators’ connections will be recorded here, as -will attempts at connection by others.
Records changes to accounts and group memberships. These changes can be checked against authorized changes. A change here in an environment where local accounts are not used might indicate a successful attack.
Logs domain account usage. Tracks local logon and use of local accounts.
Provides the opportunity to track usage or attempted usage of local files systems and registry objects. Audit settings must be made to the objects. However, if audit of object access is not configured in the audit policy, object access auditing will not be done.
Records changes to user rights, audit policy, and trust policy.
Certificate Rules and Software Restriction Policies Consider enabling the security option System Settings free 70-291 test questions: Use Certificate Rules On Windows Executables For Software Restriction Policies when certificate software restriction policies will be used. Disabling this setting will result in certificates not being checked to see whether they are invalid because of revocation. Disabling this setting might improve performance. See the “Guidelines for Designing Software Restriction Pol?icies to Manage Application Usage” section for more information.
Security Event Log Settings Consider estimating what the proper size of the Security event log should be and monitoring log growth. If you find that a larger log is needed to accommodate the number of records, you can make it larger. Your objective should be to capture all records. To do this, schedule archiving of the log on a periodic basis and create a large enough file size to accommodate all records created between archives. If the log is filling faster than you anticipated, either archive logs more frequently or enlarge the log size.
Restricted Groups Consider using restricted groups to control management of local group management. Adding a group here allows you to maintain member?ship of a local group by policy. A user with local administrative privileges might be able to add members to a local group, but then, at the next policy refresh, membership will revert to the free CompTIA IT certification test questions membership identified here.

Read more on Designing a Strategy for Hardening Client Operating Systems…