Tài liệu Module 1: Introduction to Advanced Administration of a Windows 2000 Network docx

26 339 0

Daniel Gửi tin nhắn Báo tài liệu vi phạm

Tải lên: 111,441 tài liệu

  • Loading ...
1/26 trang

Thông tin tài liệu

Ngày đăng: 17/01/2014, 08:20

Contents Overview 1 Administering a Windows 2000 Network 2 Centralized Management 3 Delegating Administrative Control 8 Controlling Access to Active Directory Objects and Windows 2000 Resources 9 Demonstration: Examining Access Tokens 18 Review 19 Module 1: Introduction to Advanced Administration of a Windows 2000 Network Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. ??1999 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, PowerPoint, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Other product and company names mentioned herein may be the trademarks of their respective owners. Project Lead and Instructional Designer: Mark Johnson Instructional Designers : Aneetinder Chowdhry (NIIT Inc.), Kathryn Yusi (Independent Contractor) Lead Program Manager: Ryan Calafato Program Manager: Joern Wettern (Wettern Network Solutions) Graphic Artist: Julie Stone (Independent Contractor) Editing Manager: Tina Tsiakalis Substantive Editor: Kelly Baker (Write Stuff) Copy Editor: Wendy Cleary (S&T OnSite) Online Program Manager: Nikki McCormick Online Support: Arlo Emerson (MacTemps) Compact Disc Testing: Data Dimensions, Inc. Production Support: Arlene Rubin (S&T OnSite) Manufacturing Manager: Bo Galford Manufacturing Support: Mimi Dukes (S&T OnSite) Lead Product Manager, Development Services: Elaine Nuerenberg Lead Product Manager: Sandy Alto Group Product Manager: Robert Stewart Module 1: Introduction to Advanced Administration of a Windows 2000 Network iii Introduction This module provides students with an introduction to administering a Microsoft® Windows® 2000 network. It provides a foundation for the course by presenting the concepts of centralized management and decentralized administration through the use of Windows 2000 features. This module also provides an overview of how users are granted access to Active Directory™ directory service objects and other network resources in Windows 2000. Materials and Preparation This section provides you with the materials and preparation needed to teach this module. Materials To teach this module, you need the following materials: ?? Microsoft PowerPoint® file 1558A_01.ppt Preparation To prepare for this module, you should: ?? Read all the materials for this module. ?? Study the review questions and prepare alternative answers to discuss. ?? Anticipate questions that students may ask. Write out the questions and provide the answers. ?? Read the white paper, Introduction to IntelliMirror™ on the Student Materials compact disc. ?? Read the white paper, Introduction to Windows 2000 Change and Configuration Management on the Student Materials compact disc. ?? Read the white paper, Windows 2000 Kerberos Authentication on the Student Materials compact disc. ?? Read the white paper, Windows 2000 Security—Default Access Control Settings on the Student Materials compact disc. Presentation: 60 Minutes iv Module 1: Introduction to Advanced Administration of a Windows 2000 Network Demonstration This section provides demonstration procedures that will not fit in the margin notes or are not appropriate for the student notes. Examining Access Tokens ??To view and compare the access tokens for the domain Administrator account and a user account 1. Log on to your domain as Administrator, click the Start button, point to Programs, point to Accessories, and then click Command Prompt. 2. At the command prompt, run the mytoken program, which is located in the root directory on the Trainer Materials compact disc. 3. Start another command prompt, and using the runas command, run mytoken using a standard user account. 4. Place the two command prompt windows side by side and compare the SID, Group ID, and user rights for the administrator account and the standard user account. 5. Ask students whether the information is the same. Module 1: Introduction to Advanced Administration of a Windows 2000 Network v Module Strategy Use the following strategy to present this module: ?? Administering a Windows 2000 Network In this topic, you will introduce administering a Windows 2000 network. Explain the concepts of centralizing management and decentralizing administration. Talk about the customization of the administrative tools by an administrator to allow other administrators to perform specific tasks in the network. Keep the presentation brief, as all the concepts will be taught in subsequent modules in the course. ?? Centralized Management In this topic, you will introduce centralized management. Explain the purpose of Active Directory and Group Policy for centralized management of resources. Emphasize that it is Active Directory that enables a single administrator to manage all resources in the network. Tell students that Group Policy allows an administrator to centrally manage users’ computer environments without having to visit each desktop individually. Emphasize that you only need to apply Group Policy once, and that the operating system then enforces it continually. Applying Group Policy at an organizational unit (OU) level enables you to place new objects in this OU and have all settings automatically apply to the new object. Explain how publishing shared resources, such as shared folders and printers, enables centralized management. Point out that the location of these resources is transparent to the user. ?? Delegating Administrative Control In this topic, you will explain the purpose of delegating administrative control and the tools that simplify the task. Emphasize that in Windows 2000 you can delegate administrative control at an OU level. This enables an administrator to distribute administrative tasks to other administrators. ?? Controlling Access to Active Directory Objects and Windows 2000 Resources In this topic, you will introduce controlling access to Active Directory and file system objects. Explain the purpose of discretionary access control lists (DACLs) and how Windows 2000 assigns and manages resource security through permission inheritance. Describe the logon process and briefly discuss the local, network, and secondary logon processes. Describe the purpose and components of access tokens. Emphasize that access tokens are permanently attached to each resource. Explain how access token and DACLs are used to gain access to Windows 2000 resources. Emphasize that the process of gaining access to Active Directory objects and network resources is identical to the process of gaining access to file system objects. Demonstrate logging on as an administrator and using Mytoken.exe to see the access token of an administrator, and then demonstrate logging on as a user to see the access token of a user. Compare the two access tokens and show students the difference between the SIDs, Group IDs, and the user rights in the two access tokens. Module 1: Introduction to Advanced Administration of a Windows 2000 Network 1 Overview ? Administering a Windows 2000 Network? Centralized Management? Delegating Administrative Control? Controlling Access to Active Directory Objects andWindows 2000 Resources Microsoft® Windows® 2000 supports the management services that help you to centrally administer and organize servers, networks, and client systems in your organization. Centralizing and organizing users and computers to provide a flexible administrative model reduces the total cost of ownership (TCO) of users and computers. The Windows 2000 Active Directory™ directory service allows policy-based management for users and computers, authorization and authentication services, remote administration, and security features. At the end of this module, you will be able to: ?? Describe the methods of administering a Windows 2000 network. ?? Describe how Windows 2000 enables centralized management of users, computers, and network resources. ?? Describe how to delegate administrative control of Windows 2000 users, computers, and network resources. ?? Describe how you can use Windows 2000 to control access to Active Directory objects and network resources. Slide Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will learn about how Windows 2000 authenticates users during the logon process and uses DACLs to control access to resources. Do not go into too much detail about the concepts in this module. This module sets the foundation for the main concepts that will be covered in the following modules. 2 Module 1: Introduction to Advanced Administration of a Windows 2000 Network Administering a Windows 2000 Network Centralize ManagementCentralize ManagementDelegate AdministrativeControlDelegate AdministrativeControlGroup PolicyGroup PolicyActive DirectoryActive DirectoryAdministrative ToolsAdministrative ToolsCustomize ToolsCustomize Tools Windows 2000 provides administrators with the methods and utilities to centralize the management of all desktop computers in an organization and decentralize administrative tasks: ?? Centralize management. Active Directory and Group Policy allow administrators to centrally manage large numbers of users, computers, printers, and network resources from one place. Active Directory enables you to centrally organize network resources according to administrative requirements, while Group Policy enables you to specify settings and apply management policies to Active Directory organizational units (OUs). In addition, Group Policy enables you to define a policy for a user or computer once, and then use the operating system to reinforce it continually. ?? Delegate administrative control. Active Directory allows an administrator with the proper authority to delegate a selected set of administrative privileges to appropriate individuals or groups within an organization. This administrator can specify the specific privileges that these individuals have over different containers and objects in Active Directory. ?? Customize tools. Windows 2000 also provides you with the tools to match administrative responsibilities and to delegate network administrative responsibilities to other administrators. In this way, administrators can combine all of the tools needed for each administrative function into a single console. Slide Objective To introduce the methods of administering a Windows 2000 network. Lead-in As an administrator, you can take advantage of the Windows 2000 Active Directory and Group Policy features to centrally manage all computers in your organization and to delegate administrative control. Ask the students to explain what Active Directory and Group Policy are. Key Points Active Directory and Group Policy allow administrators to centrally manage a large number of users, computers, and network resources. Senior administrators can delegate administrative tasks to other administrators. Administrators can customize administrative tools for specific administrative tasks and distribute them to other administrators. Module 1: Introduction to Advanced Administration of a Windows 2000 Network 3 ? Centralized Management ? Using Active Directory for Centralized Management? Using Group Policy for Centralized Management? Managing the User Environment? Publishing Resources Distributed systems often lead to time-consuming and redundant management tasks. For example, for each user, an administrator must visit the desktop to perform tasks, such as configuring the operating system software to corporate standards, limiting the user’s ability to change the standard configuration, securing the desktop and important files from unauthorized users, and installing and configuring applications. As organizations add applications to their infrastructures and hire more personnel, they need to create user accounts, configure computers, apply administrative settings, and distribute software to the desktop appropriately. The integration of Active Directory and Group Policy provides administrators with a utility that allows them to manage the entire network from a single location. Slide Objective To introduce the topics related to centralized management. Lead-in Active Directory and Group Policy enable the centralized management of Windows 2000. 4 Module 1: Introduction to Advanced Administration of a Windows 2000 Network Using Active Directory for Centralized Management Active Directory:? Is a Central Repository of Objects? Contains Information About Objects? Allows Administrators to Easily Locate Information? Allows Administrators to Group Objects into OUs? Uses Group Policy to Specify Policy-Based SettingsOU1DomainComputersUsersOU2UsersPrintersComputer1User1Printer1User2DomainDomainOU2OU2OU1OU1User1User1Computer1Computer1Printer1Printer1User2User2SearchSearchSearch Active Directory is the directory service for Windows 2000. Active Directory stores information about network resources, such as computers and printers, and provides services that make this information available to users and applications. Active Directory provides administrators with the capability to centrally manage resources because: ?? Active Directory is a central repository of objects. Users, groups, computers, printers, and files can be organized into OUs according to administrative need. In addition, all servers, domains, and sites in the network are also represented as objects. By representing all network resources as objects in a centralized database, Active Directory enables a single administrator to centrally manage and administer these resources. ?? Active Directory contains attributes and information for each object. The attributes hold data describing the resource that is identified by the directory object. A user’s attributes might include the user’s first name, last name, and e-mail address, while a printer’s attributes might include whether it is capable of printing in color and the building and office in which it is located. The attribute information facilitates searching in Active Directory and administering resources in the network. ?? Active Directory allows administrators to easily locate information about objects. By searching for selected attributes, you can find an object located anywhere in the Active Directory tree. ?? Active Directory allows you to group objects with similar administrative and security requirements into OUs. OUs provide multiple levels of administrative authority for both applying policy-based administration and delegating administrative control. This simplifies the task of managing these objects and allows administrators to structure Active Directory to fit their needs. ?? Active Directory uses Group Policy to provide administrators with the ability to specify policy-based settings for a site, domain, or OU. Active Directory then enforces these policy-based settings for all of the users and computers within the container. Slide Objective To explain the purpose of using Active Directory to centralize management of network resources. Lead-in Active Directory supports centralized management because it has a central repository of objects, contains information regarding these objects, and provides a single point of access from which to administer these objects. Key Points Active Directory is a central repository of objects. Administrators can use search utilities to locate objects and administer them in Active Directory. Active Directory uses Group Policy to provide administrators with the ability to specify policy-based administrative settings for a site, domain, or OU that apply to all objects in the container. [...]... system and application configuration problems ?? Centrally managing software installation (applications, service packs, and operating system updates), repairs, updates, and removal When you use Group Policy to install software, you can ensure that the same applications are available on any computer to which a user logs on You can also ensure that missing files and settings are repaired automatically... tools What can you do to accomplish this? Use the secondary logon process (Run as) to run the administrative tools 20 Module 1: Introduction to Advanced Administration of a Windows 2000 Network 4 A user sitting at a computer running Windows 2000 Professional attempts to connect to a shared folder in Active Directory What is the process that the Windows 2000 server uses to verify that the user is allowed... of DACLs ? DACLs Define Object Permissions and the Level of Access Granted to a User ? DACLs DACLs All Resources in a Windows 2000 Network Have DACLs ? The Type of Access Granted or Denied to a Resource is Added to the DACL ? Entries in a DACL Are Called ACEs Lead-in DACLs keep a record of the actions that users and groups are allowed to perform on an object ACEs ACEs Write Write Group 1 Group 1 DACLs... services and users’ desktop environments and capabilities Administrators can deploy applications and lock down user desktops for a group of users and computers by creating and applying a single Group Policy to a site, domain, or OU 6 Module 1: Introduction to Advanced Administration of a Windows 2000 Network Managing the User Environment Slide Objective Group Policy Applied to an OU To explain the... administrative and security requirements into domains and OUs Finally, Active Directory allows you to set administrative permissions for OUs and Active Directory objects that allow other users to administer them 2 You are the senior administrator in an organization Because your workload has increased you want to delegate the administration of users in the Sales department to a junior administrator How can you... containers (domains and OUs) so that when new users and computers are added to these containers, the Group Policy settings automatically apply to the new objects Centrally Manage Software Installation, Repairs, Updates, and Removal ? Group Policy enables administrators to control user environments, install software, and redirect user data to a network location Control and Lock Down What Users Can Do ? Key... user can perform on the local computer Examples include shutting down the computer, logging on interactively, and taking ownership of objects Module 1: Introduction to Advanced Administration of a Windows 2000 Network 17 How Windows 2000 Grants Access to Resources Slide Objective Domain To explain how Windows 2000 uses DACLs to grant access to resources Access File Read Allowed OU2 Lead-in Windows 2000. . .Module 1: Introduction to Advanced Administration of a Windows 2000 Network 5 Using Group Policy for Centralized Management Slide Objective To explain the purpose of using Group Policy to centralize the management of network resources 12 Apply Group Apply Group Policy Once Policy Once Lead-in A policy affects all users in a specific group Policy-based management eases the task of managing all types... single point of reference for file system resources that may be located anywhere on the network Key Points 8 Module 1: Introduction to Advanced Administration of a Windows 2000 Network Delegating Administrative Control Slide Objective Domain To explain the purpose of delegating administrative control and the tools that simplify the task OU1 Admin1 OU2 Admin2 OU3 Admin3 Lead-in You can manage your network. .. assigned to a user for an administrative task ?? Simplify interface design for users with limited administrative privileges Module 1: Introduction to Advanced Administration of a Windows 2000 Network 9 ? Controlling Access to Active Directory Objects and Windows 2000 Resources2000 Resources and Windows Slide Objective To introduce the topics related to controlling access to Active Directory and file . Module 1: Introduction to Advanced Administration of a Windows 2000 Network Administering a Windows 2000 Network Centralize ManagementCentralize ManagementDelegate. centralizing management and decentralizing administration. Talk about the customization of the administrative tools by an administrator to allow other administrators
- Xem thêm -

Xem thêm: Tài liệu Module 1: Introduction to Advanced Administration of a Windows 2000 Network docx, Tài liệu Module 1: Introduction to Advanced Administration of a Windows 2000 Network docx, Tài liệu Module 1: Introduction to Advanced Administration of a Windows 2000 Network docx

Gợi ý tài liệu liên quan cho bạn