Information Technology Reference
In-Depth Information
For management ease and to implement a hierarchical structure, you can place groups
within OUs. You can also assign Group Policy settings to all of the objects contained
within an OU. By using this method, you can combine the benefits of a hierarchical
structure (through OUs) with the use of security principals. Figure 7.6 provides a diagram
of this process.
figure 7.6
An overview of security management
Group
Policy
OU
a
ssigned
to
o
rganized
in
OU
OU
Users
Groups
Organizational Units (OUs)
The primary tool you use to manage security permissions for users, groups, and
computers is the Active Directory Users and Computers tool. Using this tool, you can create
and manage Active Directory objects and organize them based on your business needs.
Common tasks for many system administrators might include the following:
■
Resetting a user's password (for example, in cases where they forget their password)
■
Creating new user accounts (when, for instance, a new employee joins the company)
■
Modifying group memberships based on changes in job requirements and functions
■
Disabling user accounts (when, for example, users will be out of the office for long
periods of time and will not require network resource access)
Once you've properly grouped your users, you need to set the actual permissions that
affect the objects within Active Directory. The actual permissions available vary based on the
type of object. Table 7.1 provides an example of some of the permissions that you can apply
to various Active Directory objects and an explanation of what each permission does.
Table 7.1
Permissions of Active Directory objects
Permission
Explanation
Control Access
Changes security permissions on the object
Create Child
Creates objects within an OU (such as other OUs)
Delete Child
Deletes child objects within an OU
Search WWH ::
Custom Search