Information Technology Reference
In-Depth Information
In Activity 3-10, you might have noticed a delay between setting a policy and the policy
taking effect. You can run the command-line program Gpupdate.exe, which applies the group
policy immediately to the computer on which Gpupdate.exe is running and to the currently
logged-on user. Gpupdate.exe is an invaluable tool for testing GPOs because it saves consider-
able time. As mentioned, computer policies are applied when a computer restarts, which can take
some time, and user policies are applied when a user logs on. GPOs are also updated on domain
controllers every 5 minutes and on workstations and servers every 90 minutes, even if the com-
puters don't restart.
A directory service is a database that stores network resource information and can be used
to manage users, computers, and resources throughout the network. A directory service
provides network single sign-on for users and centralizes management in geographically
dispersed networks.
■
Active Directory is the Windows directory service and has been part of the Windows
Server family since Windows 2000 Server. Active Directory is a hierarchical, distributed
database that's scalable, secure, and flexible. Active Directory's physical structure is com-
posed of sites and domain controllers, and the logical structure is composed of organiza-
tional units, domains, trees, and forests.
■
You use Server Manager to install the Active Directory Domain Services role. After run-
ning the wizard in Server Manager, you must finish the Active Directory installation by
running Dcpromo.exe. After Active Directory is installed, a number of new MMCs are
added to the Administrative Tools folder. The main tool for managing an Active Directory
domain is Active Directory Users and Computers.
■
The data in Active Directory is organized as objects. Available objects and their structure
are defined by the Active Directory schema, which is composed of schema classes and
schema attributes. The data in a schema attribute is called an attribute value.
■
There are two types of objects in Active Directory: container objects and leaf objects.
Container objects contain other objects and include domains, folders, and OUs. OUs are
the primary organizing container in Active Directory. Domains represent administrative,
security, and policy boundaries. OUs are organizing and management containers mainly
used to mimic a company's structure and apply group policies to collections of users or
computers.
■
Leaf objects generally represent security accounts, network resources, and GPOs. Security
accounts include users, groups, and computers. There are three categories of user account
objects: local user accounts, domain user accounts, and built-in user accounts. Groups are
used to assign rights and permissions to collections of users. Computer account objects are
used to identify computers that are domain members. Other leaf objects include contacts,
printers, and shared folders.
■
Active Directory objects can be located easily with search functions in Active Directory
Users and Computers and Windows Explorer. Users can use the Active Directory search
function to find network resources (such as shared printers and folders), other users, and
contacts, among many other items.
■
GPOs are lists of settings that enable administrators to configure user and computer oper-
ating environments remotely. GPOs have two main nodes: Computer Configuration and
User Configuration. Each node contains a Policies folder and a Preferences folder. Under
the Policies folder are three additional folders called Software Settings, Windows Settings,
and Administrative Templates.
■
Policies defined in the Computer Configuration node affect all computers in the Active
Directory container to which the GPO is linked. Policies defined in the User Configuration
node affect all users in the Active Directory container to which the GPO is linked. Group
■
Search WWH ::
Custom Search