University of Maryland Active Directory Policies

Size: px
Start display at page:

Download "University of Maryland Active Directory Policies"

Transcription

1 University of Maryland Active Directory Policies Purpose of this policy Scope AD Forest Forest Schema & Data Visibility Account and Group Synchronization Account Creation and Password Forest Security Principle of Least Privilege Active Directory DNS Site AD.UMD.EDU Support for Domain/OU Administrators Communication Root Backup & Disaster Recovery Solution OU Design & Delegation Software License Compliance Authentication Enterprise/Domain Administrator Responsibilities Organizational Unit Administrator Responsibilities Joining\Leaving\Change of Role (s) within Active Directory Naming Conventions Compliance 1 9/29/09

2 Purpose: The purpose of this policy is to provide requirements and specific recommendations for the successful operation of the UMD Active Directory. Scope: This policy applies to all computer support personnel participating in UMD's Active Directory. It covers information regarding the design and naming conventions for Active Directory, responsibilities for computer support personnel and compliance guidelines. AD Forest AD.UMD.EDU domain will house all windows user accounts for the campus. This is done by Microsoft s account provisioning software which has data feeds from the Campus Enterprise Directory (LDAP), PHR, and SIS. Each account will be mapped to their respective UMD Kerberos principals. This is being done to enable authentication through the external Kerberos realm which will allow users to use their directory ID and password for authentication to their desktops and other services in AD. The forest is a single domain structure with 5 domain controllers positioned throughout campus and off-site to provide redundancy in case of a disaster. Organizational Units (OUs) will be created for departments participating in AD based on their listing in the PHR system. OU administrators will be delegated full control within their designated OU(s) and will be able to create and/or modify the following objects where they are assigned privileges: Security Groups Computers Printers Scanners Group Policy Creation of additional OU s Member Servers The domain controllers and services (hardware/software) which run and support AD.UMD.EDU are monitored by OIT administrators on a 24x7 basis. Forest Schema & Data Visibility The schema is a definition of all object classes and their attributes contained within active directory. The schema may be dynamically extended through the approval of the AD steering committee, OIT s Change Management Committee, and acknowledgment by the AD working group. Any proposed schema modification will be evaluated based on potential conflicts; Data Ownership, Privacy, Security etc. Once the steering committee and OIT s Change Management Committee has approved changes to the schema the working group will be notified via mailing list. Schema testing in a staged environment will occur 2 9/29/09

3 before and during the request for modifications. Changes will only be implemented after two weeks of successful testing with no major issues identified. The data populated in AD reflects data in the Enterprise Directory. The Enterprise Directory is updated by PHR and SIS on a daily refresh cycle. Account and Group Synchronization AD.UMD.EDU will be regularly populated by a directory synchronization process using Microsoft s Identity Lifecycle Manager (ILM) server that extracts data from the enterprise directory, PHR, and SIS and populates the objects in Active Directory. ILM takes that information and creates and synchronizes user accounts and security groups in Active Directory. Accounts will be disabled when employees is terminated from the University. Students who graduate or leave the University will be removed from all security groups. Account Creation & Password Accounts within AD.UMD.EDU are maintained centrally through the use of an automated account management system (ILM). When a person becomes affiliated with UMD (Affiliate, Faculty, Staff, Student, etc.) and is entered in the enterprise directory, an account will be automatically created for them in Active Directory. Similarly, when a person is no longer affiliated with UMD, their accounts will be disabled within Active Directory. When ILM initially creates an account in Active Directory, the password will be set based on a randomly generate password. The password can only be changed at the University s password change page (password.umd.edu). When a user changes their password, the changes will be reflected in Kerberos and Active Directory. Password synchronization between the two environments is needed because of applications and services that need Active Directory for authentication. All centrally created accounts will adhere to the campus password policies. OU administrators will NOT have the ability to create accounts within their OU s. If an administrator needs an account for a guest or visiting scholar then they must obtain an account through the campus Affiliate System. Forest Security The resources within AD.UMD.EDU are only accessible by domain members who have been specifically granted access to the resource by their administrators. By default, all enabled domain members have user access to resources when initially created. Administrators are encouraged to apply the appropriate ACLs and group permissions to objects they wish to secure from other users in AD. All domain controllers and servers maintained by OIT are routinely monitored for security vulnerabilities and critical patches are immediately applied in accordance with OIT s security policy. All domain controllers are firewalled using a hardware appliance which only allows the necessary ports needed to provide services in AD.UMD.EDU. OIT requires all OU AD administrators routinely evaluate their systems (both workstations & servers) for vulnerabilities and patch them in a timely fashion. All servers within AD.UMD.EDU will have a base security policy that will turn on Auditing, display the Campus Acceptable use Policy on the screen upon login, turn on the firewall, and point the server to the campus Windows Server Update Services (WSUS) servers. Due to the sensitive nature of data that is visible to Domain and OU administrators, student s employees may NOT be assigned the role of administrator. 3 9/29/09

4 Principle of least privilege The principle of least privilege states that users must have access to the software, data, and devices required to perform their daily duties, but must not have access to local or network resources that are not required for their job tasks. Similarly any process accounts must have access necessary to run the process, but no more. If low-privileged accounts are compromised, they will do a lot less damage to a system than a high-privileged account. Consequently, using a non-administrator account instead of an administrator account while completing daily tasks offers the user added protection against infection from a host of malware, external or internal security attacks, accidental or intentional modifications to system setup and configurations, and accidental or intentional access to confidential programs or documents. Microsoft White Paper: Using a Least-Privileged User Account Active Directory DNS AD DNS services are centrally maintained by OIT. All workstations participating in active directory should utilize the Campus DNS servers: , , There are cases when you will need to register your machine hostname with NTS. If that need occurs, please send to All servers in Active Directory should use Active Directory s DNS servers , , , , as their primary DNS servers. You will also need to contact the Wintel group so that we can register your server in AD s DNS and you will need to register your hostname with NTS for reverse lookup. As secondary or tertiary servers, the campus bind servers may be used: , , Site AD.UMD.EDU The forest currently spans three sites (PDC AV-Williams, the SDC CSS Building, and Shady Grove Campus). Any requests for changing the site configuration will be brought before the AD steering committee. Support for Domain/OU Administrators There will be several resources available to administrators for problem resolution. Administrators can send mail to asking questions of other Active Directory administrators on campus. This list is monitored by members of the Wintel Group. Additionally, OIT s helpdesk system has been modified to handle AD.UMD.EDU specific issues such as login issues using a kerberized account or being unable to locate a user account in AD. Employees and students should continue to use their local support infrastructure or contact the OIT helpdesk for desktop support. Communication Communication will occur via the appropriate mailing lists. Root Backup & Disaster Recovery Solution AD is currently on a nightly backup schedule. 4 9/29/09

5 OU Design & Delegation Top-Level OUs will be automatically created for each department when they join AD. Administration will be delegated to an administrative security group which will hold access controls for administrators of the department identified by appropriate management. OU administrators have the ability to create child objects within their OUs. It is required that everyone adheres to the naming standard described below when creating object within AD. Software License Compliance It is the responsibility of the department to ensure that all of their desktops and servers are properly licensed. Although some CALs may be offered by OIT for specific MS products, Administrators are strongly encouraged to stay abreast of all licensing needs within their environments. Authentication The purpose of this section is to describe the authentication options that are available within AD.UMD.EDU. All workstations that are a part of AD.UMD.EDU will be able to authenticate to the forest using the external Kerberos realm or directly to AD.UMD.EDU. By default, workstations will be configured to authenticate to the external Kerberos realm. There are circumstances when users will have to authenticate directly to AD.UMD.EDU (remote access to files or applications that cannot take advantage of the external Kerberos realm). Below is a description of which protocols will or not be available. Clear text authentication is not allowed in the AD.UMD.EDU infrastructure. Clear text authentication will be turned off on all domain controllers. Clear text authentication is not allowed for IIS, Mac File and Print Services, Samba, or FTP. Kerberos Version 5 Protocol Kerberos Version 5, also known as K5 or Kerberos v5, is the preferred authentication protocol for Windows when operating in a domain environment. Every Windows Infrastructure domain controller is also a Kerberos Key Distribution Center or "KDC". Microsoft has added extensions into the vendor extension area of the Ticket structure to support the Microsoft credential system (Authorization). Microsoft supports trust relationships with an external Kerberos source for user authentication. AD.UMD.EDU currently has an external trust with the campus Kerberos (Heimdal) environment. NTLMv2 Protocol NTLMv2 stands for NT LAN Manager Authentication protocol version 2. This is a challenge-response based protocol. In a challenge-response protocol, the client generates a response using the server challenge and a secret value that the client and server both know (like a password) and sends it back for validation. Security features were added to the protocol in version 2 to provide for stronger protection of encryption keys and challenges. LM and NTLMv1 protocols are not allowed in the AD.UMD.EDU Infrastructure. 5 9/29/09

6 Enterprise/Domain/OU Administrator Responsibilities: The AD Infrastructure is composed of many different computing, administrative and consulting services. This section provides a brief description of these services and specific contact information for each. In general, people who experience problems with a particular service should speak to their local administrator first. If the issue can t be resolved, then the local administrator raises the issue to the appropriate support group. OIT installs and maintains the servers and support machines which run Active Directory for the UMD forest. Staff within the Wintel Group will only be elevated to the level of Enterprise Administrators (EA) only when those rights are needed and with prior approval from the Manager of the Wintel Group. They install, configure, and maintain the Active Directory domain controllers for the campus Active Directory forest that support the AD.UMD.EDU infrastructure. Urgent problems related to domain controllers or infrastructure services should be reported by calling the OIT Helpdesk Desk at For general discussion, this group can be contacted via at The responsibilities of the Enterprise Administrators are: Install and maintain the Active Directory domain controllers in the AD.UMD.EDU forest. Manage the flow of information from the Enterprise Directory to AD.UMD.EDU. The Wintel group also manages the replication of directory information within the Active Directory, and makes any enterprise level changes to the AD directory, such as schema modifications. Maintain Forest-wide Operations Masters: Schema Master and Domain Naming Master Diagnose all reported AD problems. Provide backups for disaster recovery purposes Responsible for maintain accurate time on the forest domain controllers. Responsible for maintaining security of the forest root. Maintain site-level security policy. The Active Directory architecture provides the ability to apply group policy and security to all systems within a site. By default, no policies will be made to the forest default site. Any changes will be presented to the AD community and before implementation. Manage Root-level DNS. Manage forward zones for Root Domain Controllers. Maintain test forest for internal and campus testing. OIT-TSS provides a Windows/AD test environment that mimics the production environment so that services can be tested and questions answered before introducing them into the 6 9/29/09

7 production environment. Any department can participate in the test forest in a manner appropriate to the way that they will participate in the UMD Forest. Testing may also be required before new services or applications are introduced into the production forest. Communicate all enterprise-wide changes to the forest via AD reflector (UMD- and other technical team reflectors. Have administrator privileges on all domain controllers and OUs, in order to support and maintain the infrastructure's domain controllers and directory services. Assume a "hands-off" approach to OU administration. Only when faced with an enterprise-wide emergency, where no adequate alternative exists and every attempt has been made to contact appropriate support personnel and relevant managers first, will an Enterprise administrator take action at the OU level. Support staff required to have working knowledge of Active Directory. Maintain a well documented infrastructure diagram of their respective environments, including descriptions of all services provided by servers participating in AD. Maintain only the recommended list of services on the DCs (KDC, LDAP, and DNS) nothing more. Abide by Forest naming standards. Maintain the appropriate level of security and patch revisions on the domain controllers as specified by the Windows Support Team. Keep current with proposed changes and upgrades to software in the Forest that is communicated by Microsoft s Technical Support Team. Keep a current contact list available for the Windows Support Team. All changes to the domain will be approved by OIT s Change Management Committee Domain Controllers will be monitor 24x7 to ensure high availability. Must have DCs and FSMO roles strategically located in multiple locations to provide redundancy in case of a disaster. DCs must be physically secured. DCs should have a current hardware agreement with vendor. 7 9/29/09

8 Adhere to secure account management process using ILM On-call staff will monitor and resolve all issues pertaining to the DC s Must have onsite support to resolve issues within your domain during business hours Must have disaster recovery & backup/recovery solution for the DCs. Communicate and coordinate all scheduled and unscheduled outages or major upgrades to OU administrators. Must coordinate any maintenance that may affect Forest (i.e. replication, adding services to the DCs, etc.) Follow all OU administrator responsibilities below. Organizational Unit Administrator Responsibilities: Agree to the policies and guidelines for AD.UMD.EDU OU Administrators Work closely with the Windows Support Team. Adhere to the UMD naming standards Provide their own local desktop, application & internal services support Add, Delete & Maintain objects within their OU Add, Delete, Maintain & Troubleshoot GPOs Delegate administrative functions to authorized accounts & ensure policy compliance Maintain proper security groups and authorization policies Windows Client CALs (Currently covered under the campus MEEC agreement see: Server licensing required to be current Maintain member server OS & hardware maintenance Keep workstations and member servers within their OUs secure Service packs & hot fixes should be kept up to date where applicable 8 9/29/09

9 Servers should never be more than 1 service pack behind the current (except where required for business need) Monitor member servers regularly Apply for a new data feed for every application server which will utilize Active Directory for authentication Backup member servers & Test restore procedure. Server operating system must be within the boundaries of Microsoft s Mainstream Lifecycle Support (See: Colleges/Departments/Units are responsible for the management of local resources and services. Examples of these resources and services include installing and removing servers, desktops, printers, creation of file shares and group, and access management. Provide contact information for OU administrators in case of emergency Responsible for maintaining security of all objects within their OU Leaving\Change of Role (s) within Active Directory If at any time a department decides to no longer participate in the campus Active Directory forest, the department head will need to provide a written statement ( or memo) to the Director of Technical Services and Support indicating that they will be leaving the Active Directory forest. If the role of an OU administrator changes (resignation, new job responsibilities, etc.), then department head must notify the Manager of the Wintel group immediately. Naming Convention: Purpose: Provide a naming convention for all units within UMD's Active Directory that uniquely identifies workstations, servers, users, groups, OUs, GPOs and distribution lists in the NetBIOS, DNS, and LDAP name-spaces. The campus Active Directory will have well over 100,000 objects that provide information and act as resources to many departments. The only possible way to ensure AD can be used effectively is to enforce naming standards. Aside from avoiding name collisions, naming standards will allow users and administrators to efficiently search through thousands of objects and locate their resources and data. The naming Convention document can be found at convention. Compliance: All Colleges/Departments/Units heads and designated administrators will have to sign a Memorandum of Understanding and the Acceptable Use Policy in order to participate in/join the campus Active Directory. 9 9/29/09

10 It is the responsibility of each AD administrator to maintain their AD environment as per the above specifications and guidelines. Department heads will be notified upon repeated violations by an AD administrator and explained the impact it has on the entire campus AD infrastructure. In cases of gross negligence or refusal to adhere to the agreed policy, OIT will recommend to the AD Steering committee that a department is immediately removed from the Forest. The Memorandum of Understanding and the Acceptable Use Policy can be found at the links below: Memorandum of Understanding: Acceptable Use Policy for Active Directory: Naming Convention: 10 9/29/09

11 By "signing this form/checking the box below", I verify I have read and understand the information provided above, and agree to comply with its contents. Signatures: I have read and understand the information provided in this document Print Name Signature Title Date Applicant Dept Head OIT Signature 11 9/29/09

Georgia Tech Active Directory Policy

Georgia Tech Active Directory Policy Georgia Tech Active Directory Policy Policy No: None Rev 1.1 Last Revised: April 18, 2005 Effective Date: 02/27/2004 Last Review Date: April 2005 Next Review Date: April 2006 Status Draft Under Review

More information

Department of Information Technology Active Directory Audit Final Report. August 2008. promoting efficient & effective local government

Department of Information Technology Active Directory Audit Final Report. August 2008. promoting efficient & effective local government Department of Information Technology Active Directory Audit Final Report August 2008 promoting efficient & effective local government Executive Summary Active Directory (AD) is a directory service by Microsoft

More information

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server

More information

State of Wisconsin. Active Directory (AD) Service Offering Definition (SOD)

State of Wisconsin. Active Directory (AD) Service Offering Definition (SOD) State of Wisconsin Active Directory (AD) Service Offering Definition (SOD) Document Revision History Date Version Creator Notes January 22, 2009 1.0 Troy Olson Initial Draft February 4, 2009 1.5 Trina

More information

Websense Support Webinar: Questions and Answers

Websense Support Webinar: Questions and Answers Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user

More information

Computer Classroom Security Standard

Computer Classroom Security Standard Computer Classroom Security Standard Cal State Fullerton operates a heterogeneous network environment composed of centrally supported workstations, servers, and the network infrastructure. Along with administrative

More information

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM Policy Compliancy Checklist September 2014 The server management responsibilities described within are required to be performed per University, Agency or State

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

Security Provider Integration RADIUS Server

Security Provider Integration RADIUS Server Security Provider Integration RADIUS Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

Active Directory. By: Kishor Datar 10/25/2007

Active Directory. By: Kishor Datar 10/25/2007 Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory Collection of related objects Files, Printers, Fax servers etc. Directory Service Information needed to use and manage

More information

Role Based Access Control for Industrial Automation and Control Systems

Role Based Access Control for Industrial Automation and Control Systems Role Based Access Control for Industrial Automation and Control Systems Johan B. Nye ExxonMobil Research and Engineering Co. Kevin P. Staggs Honeywell ACS Advanced Technology Labs 27 October 2010 abstract

More information

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Open Directory. Apple s standards-based directory and network authentication services architecture. Features Open Directory Apple s standards-based directory and network authentication services architecture. Features Scalable LDAP directory server OpenLDAP for providing standards-based access to centralized data

More information

Designing and Implementing a Server Infrastructure

Designing and Implementing a Server Infrastructure Course 20413C: Designing and Implementing a Server Infrastructure Course Details Course Outline Module 1: Planning Server Upgrade and Migration This module explains how to plan a server upgrade and migration

More information

MSP Service Matrix. Servers

MSP Service Matrix. Servers Servers MSP Service Matrix Microsoft Windows O/S Patching - Patches automatically updated on a regular basis to the customer's servers and desktops. MS Baseline Analyzer and MS WSUS Server used Server

More information

MOC 20413C: Designing and Implementing a Server Infrastructure

MOC 20413C: Designing and Implementing a Server Infrastructure MOC 20413C: Designing and Implementing a Server Infrastructure Course Overview This course provides students with the knowledge and skills to provide an enterprise solution that supports manual and automated

More information

Introduction to Active Directory Services

Introduction to Active Directory Services Introduction to Active Directory Services Tom Brett A DIRECTORY SERVICE A directory service allow businesses to define manage, access and secure network resources including files, printers, people and

More information

About Microsoft Windows Server 2003

About Microsoft Windows Server 2003 About Microsoft Windows Server 003 Windows Server 003 (WinK3) requires extensive provisioning to meet both industry best practices and regulatory compliance. By default the Windows Server operating system

More information

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet CONTENTS Installation System requirements SQL Server setup Setting up user accounts Authentication mode Account options Import from

More information

MCSE: server infrastructure Syllabus

MCSE: server infrastructure Syllabus MCSE: server infrastructure Syllabus General Information Description The Microsoft Certified Solutions Expert (MCSE): Server Infrastructure course trains you to acquire the skills needed to run a highly

More information

Windows Server 2003 Active Directory: Perspective

Windows Server 2003 Active Directory: Perspective Mary I. Hubley, MaryAnn Richardson Technology Overview 25 September 2003 Windows Server 2003 Active Directory: Perspective Summary The Windows Server 2003 Active Directory lies at the core of the Windows

More information

Forests, trees, and domains

Forests, trees, and domains Active Directory is a directory service used to store information about the network resources across a. An Active Directory (AD) structure is a hierarchical framework of objects. The objects fall into

More information

Select IT Consulting Services RFP 11-01 Technical and Network Support Specialist Services (Lot Group C)

Select IT Consulting Services RFP 11-01 Technical and Network Support Specialist Services (Lot Group C) Computer/Application Support Specialist Computer/Application Support Specialist 1 Typical Functions: Preferred This function requires business work experience with Windows XP, IT experience, work experience

More information

Configuring Sponsor Authentication

Configuring Sponsor Authentication CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

More information

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Length: 5 Days Published: June 02, 2011 Language(s): English Audience(s): IT Professionals Level: 200

More information

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Table of Contents. Page 1 of 6 (Last updated 30 July 2015) Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational

More information

University Systems Desktop Support Service Level Commitment

University Systems Desktop Support Service Level Commitment University Systems Desktop Support Service Level Commitment The Purpose of this Service Level Commitment (SLC) is to formally define the level of service University Systems will provide to UVic faculty,

More information

Managing and Maintaining a Windows Server 2003 Network Environment

Managing and Maintaining a Windows Server 2003 Network Environment Managing and maintaining a Windows Server 2003 Network Environment. AIM This course provides students with knowledge and skills needed to Manage and Maintain a Windows Server 2003 Network Environment.

More information

70-413: Designing and Implementing a Server Infrastructure

70-413: Designing and Implementing a Server Infrastructure 70-413: Designing and Implementing a Server Infrastructure Course Overview This course covers everything you need to know about designing and implementing a server infrastructure. Students will learn about

More information

USFSP Network Security Guidelines

USFSP Network Security Guidelines USFSP Network Security Guidelines Table of Contents I. Access to Data II. Workstations and Personal Computers A. Computer Viruses B. Software C. Hardware D. Storage Media III. Local Area Networks (LANs)

More information

Windows Server 2012 / Windows 8 Audit Fundamentals

Windows Server 2012 / Windows 8 Audit Fundamentals Windows Server 2012 / Windows 8 Audit Fundamentals Jacksonville ISACA Chapter May 17, Speaker Introduction: Timothy P. McAliley 13+ years in IT Currently work for Microsoft Premier Field Engineer SQL Server,

More information

Security Provider Integration RADIUS Server

Security Provider Integration RADIUS Server Security Provider Integration RADIUS Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Question Number (ID) : 1 (jaamsp_mngnwi-025) Lisa would like to configure five of her 15 Web servers, which are running Microsoft Windows Server 2003, Web Edition, to always receive specific IP addresses

More information

6425C - Windows Server 2008 R2 Active Directory Domain Services

6425C - Windows Server 2008 R2 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Introduction This five-day instructor-led course provides in-depth training on configuring Active Directory Domain Services

More information

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM TEXAS AGILIFE SEVE MANAGEMENT POGAM Policy Compliancy Checklist July2012 The server management responsibilities described within are required to be performed per University, Agency or State policy. Each

More information

Dell Compellent Storage Center

Dell Compellent Storage Center Dell Compellent Storage Center Active Directory Integration Best Practices Guide Dell Compellent Technical Solutions Group January, 2013 THIS BEST PRACTICES GUIDE IS FOR INFORMATIONAL PURPOSES ONLY, AND

More information

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10 Table Of Contents - - WINDOWS SERVER 2003 MAINTAINING AND MANAGING ENVIRONMENT...1 WINDOWS SERVER 2003 IMPLEMENTING, MANAGING & MAINTAINING...6 WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS

More information

Windows Server 2003 Active Directory MST 887. Course Outline

Windows Server 2003 Active Directory MST 887. Course Outline Content and/or textbook subject to change without notice. Pennsylvania College of Technology Workforce Development & Continuing Education Windows Server 2003 Active Directory MST 887 Course Outline Course

More information

NETWORK SECURITY GUIDELINES

NETWORK SECURITY GUIDELINES NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus

More information

Portland State University Office of Information Technologies Active Directory Standards and Guidelines for Campus Administrators

Portland State University Office of Information Technologies Active Directory Standards and Guidelines for Campus Administrators Portland State University Office of Information Technologies Active Directory Standards and Guidelines for Campus Administrators Introduced with Windows 2000 Server, Active Directory (AD) is Microsoft

More information

Introduction to Auditing Active Directory

Introduction to Auditing Active Directory Introduction to Auditing Active Directory Prepared and presented by: Tanya Baccam CPA, CITP, CISSP, CISA, CISM, GPPA, GCIH, GSEC, OCP DBA Baccam Consulting LLC tanya@securityaudits.org Objectives Understand

More information

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date: A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine

More information

ANNE ARUNDEL COMMUNITY COLLEGE ARNOLD, MARYLAND COURSE OUTLINE CATALOG DESCRIPTION

ANNE ARUNDEL COMMUNITY COLLEGE ARNOLD, MARYLAND COURSE OUTLINE CATALOG DESCRIPTION ANNE ARUNDEL COMMUNITY COLLEGE ARNOLD, MARYLAND COURSE OUTLINE COURSE: Windows 2003 Server COURSE NO: CSI 265 CREDIT HOURS: 3 hours of lecture weekly DEPARTMENT: CATALOG DESCRIPTION CSI 265 Windows 2003

More information

Security Provider Integration LDAP Server

Security Provider Integration LDAP Server Security Provider Integration LDAP Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

System Security Plan University of Texas Health Science Center School of Public Health

System Security Plan University of Texas Health Science Center School of Public Health System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many

More information

Securing Active Directory Presented by Michael Ivy

Securing Active Directory Presented by Michael Ivy Securing Active Directory Presented by Michael Ivy Presenter: Michael Ivy Consultant, Rook Security Michael Ivy Thank you for being here today August 20, 2014 Brief Overview Securing NTDS and Replication

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Code: M6425 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Overview This five-day instructor-led course

More information

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP) State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP) Document Revision History Date Version Creator Notes File Transfer Protocol Service Page 2 7/7/2011 Table of Contents

More information

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

More information

Xerox DocuShare Private Cloud Service. Security White Paper

Xerox DocuShare Private Cloud Service. Security White Paper Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard

More information

Windows 2000 Deployment Technical Challenges at the University of Colorado at Boulder

Windows 2000 Deployment Technical Challenges at the University of Colorado at Boulder Windows 2000 Deployment Technical Challenges at the Brad Judy Information Technology Services Boulder, CO 80309-0455 (303) 492-4866 Brad.Judy@colorado.edu Al Roberts Information Technology Services Boulder,

More information

VNLINFOTECH JOIN US & MAKE YOUR FUTURE BRIGHT. mcsa (70-413) Microsoft certified system administrator. (designing & implementing server infrasturcure)

VNLINFOTECH JOIN US & MAKE YOUR FUTURE BRIGHT. mcsa (70-413) Microsoft certified system administrator. (designing & implementing server infrasturcure) VNLINFOTECH JOIN US & MAKE YOUR FUTURE BRIGHT mcsa (70-413) Microsoft certified system administrator (designing & implementing server infrasturcure) www.vnlinfotech.com MODULE 1 : Considerations for Upgrades

More information

Windows Enterprise Design Enterprise Design Summary

Windows Enterprise Design Enterprise Design Summary Windows Enterprise Design Enterprise Design Summary July 25, 2002 Last Update: June 7, 2013 Forest Design Single Forest The only design that allows a single Exchange organization. This is required to enable

More information

IT Sr. Systems Administrator

IT Sr. Systems Administrator IT Sr. Systems Administrator Location: [North America] [United States] [Monrovia] Category: Information Technology Job Type: Open-ended, Full-time PURPOSE OF POSITION: Systems Administrators and Engineers

More information

MCSE Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring

MCSE Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring MCSE Objectives Exam 70-236: TS:Exchange Server 2007, Configuring Installing and Configuring Microsoft Exchange Servers Prepare the infrastructure for Exchange installation. Prepare the servers for Exchange

More information

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Domain Services Summary Duration Vendor Audience 5 Days Microsoft IT Professionals Published Level Technology 02 June 2011 200 Windows

More information

Admin Report Kit for Active Directory

Admin Report Kit for Active Directory Admin Report Kit for Active Directory Reporting tool for Microsoft Active Directory Enterprise Product Overview Admin Report Kit for Active Directory (ARKAD) is a powerful reporting solution for the Microsoft

More information

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services About this Course Configuring and Troubleshooting Windows This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting Active Directory Domain

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Active Directory About this Course This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting (AD DS) in and R2 environments. It covers core

More information

Active Directory Infrastructure Design Document

Active Directory Infrastructure Design Document Active Directory Infrastructure Design Document Written By Sainath KEV Microsoft MVP Directory Services Microsoft Author TechNet Magazine, Microsoft Operations Framework Microsoft Speaker - Singapore Document

More information

Shared Infrastructure Service Definition. April 7, 2016

Shared Infrastructure Service Definition. April 7, 2016 Shared Infrastructure Service April 7, 2016 Shared Infrastructure Service 1/13 Date: April 7, 2016 Change Summary Sheet Date of last update: April 7, 2016 Version Control: v1.0 Date Author Version Reason

More information

What s in Installing and Configuring Windows Server 2012 (70-410):

What s in Installing and Configuring Windows Server 2012 (70-410): Brewster New York 10509 What s in Installing and Configuring Windows Server 2012 (70-410): The course provides skills and knowledge necessary to implement a core Windows Server 2012 infrastructure in an

More information

Configuring Managing and Maintaining Windows Server 2008 Servers (6419B)

Configuring Managing and Maintaining Windows Server 2008 Servers (6419B) Configuring Managing and Maintaining Windows Server 2008 Servers (6419B) Who Should Attend This course is intended for Windows Server administrators who operate Windows Servers on a daily basis and want

More information

Univention Corporate Server. Operation of a Samba domain based on Windows NT domain services

Univention Corporate Server. Operation of a Samba domain based on Windows NT domain services Univention Corporate Server Operation of a Samba domain based on Windows NT domain services 2 Table of Contents 1. Components of a Samba domain... 4 2. Installation... 5 3. Services of a Samba domain...

More information

SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION

SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION Date: April 22,2013 Prepared by: Sainath K.E.V Microsoft Most Valuable Professional Introduction: SKV Consulting is a Premier Consulting

More information

JOB OPENING. Please see attached Job Description: Last day to apply: February 27, 2013

JOB OPENING. Please see attached Job Description: Last day to apply: February 27, 2013 JOB OPENING Position: Reports To: Manager of Technology Operations Location: Aledo Position Requirements: Associate s degree in computer science or electronics and/or certification such as MCSE, CNE, A+,

More information

M6419 Configuring, Managing and Maintaining Windows Server 2008 Servers

M6419 Configuring, Managing and Maintaining Windows Server 2008 Servers M6419 Configuring, Managing and Maintaining Windows Server 2008 Servers Looking at Training Differently... Course 6419A: Configuring, Managing and Maintaining Windows Server 2008 Servers Length: Published:

More information

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services www.etidaho.com (208) 327-0768 Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services 5 Days About this Course This five-day instructor-led course provides in-depth

More information

Build Your Knowledge!

Build Your Knowledge! About this Course This 5-day instructor-led course provides you with the skills and knowledge needed to plan, design, and deploy a physical and logical Windows Server 2012 Active Directory Domain Services

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Number: 6425B Course Length: 5 Days Course Overview This five-day course provides to teach Active Directory Technology

More information

Designing and Implementing a Server Infrastructure MOC 20413

Designing and Implementing a Server Infrastructure MOC 20413 Designing and Implementing a Server Infrastructure MOC 20413 Course Outline Module 1: Planning a Server Upgrade and Migration This module explains how to plan a server upgrade and migration strategy. Upgrade

More information

1 Introduction. Windows Server & Client and Active Directory. www.exacq.com

1 Introduction. Windows Server & Client and Active Directory. www.exacq.com Windows Server & Client and Active Directory 1 Introduction For an organization using Active Directory (AD) for user management of information technology services, integrating exacqvision into the AD infrastructure

More information

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4

More information

What we are going to cover...

What we are going to cover... Introduction to WolfTech Active Directory 6 October 2011 10am-12pm Daniels 201 http://activedirectory.ncsu.edu What we are going to cover... What AD is and isn't The WolfTech implementation of AD Management

More information

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services Table of Contents Introduction Audience At Clinic Completion Prerequisites Microsoft Certified Professional Exams Student Materials

More information

Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting

Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting 1 Active Directory Overview SS4200-E Active Directory is based on the Samba 3 implementation The SS4200-E will function

More information

6419: Configuring, Managing, and Maintaining Server 2008

6419: Configuring, Managing, and Maintaining Server 2008 6419: Configuring, Managing, and Maintaining Server 2008 Course Number: 6419 Category: Technical Duration: 5 days Course Description This five-day instructor-led course combines five days worth of instructor-led

More information

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication

More information

Active Directory Monitoring With PATROL

Active Directory Monitoring With PATROL Active Directory Monitoring With PATROL Contents What is Active Directory?...1 Why Monitor?...1 Active Directory and PATROL...2 Critical Active Directory Components to Monitor...3 Address Book...3 Domain

More information

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements Analyze the impact of Active Directory on the existing technical environment. Analyze hardware and software

More information

Presenter s name here Date of presentation (optional) Windows Security and Domains for Experion

Presenter s name here Date of presentation (optional) Windows Security and Domains for Experion Presenter s name here Date of presentation (optional) Windows Security and Domains for Experion Today s Webinar Agenda Overview of Domains Common Setup of a Domain in an Experion Environment Best Practices

More information

Setting Up Scan to SMB on TaskALFA series MFP s.

Setting Up Scan to SMB on TaskALFA series MFP s. Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and

More information

Computer and Network Security Policy

Computer and Network Security Policy Coffeyville Community College Computer and Network Security Policy Created By: Jeremy Robertson Network Administrator Created on: 6/15/2012 Computer and Network Security Page 1 Introduction: The Coffeyville

More information

California State Polytechnic University, Pomona. Desktop Security Standard and Guidelines

California State Polytechnic University, Pomona. Desktop Security Standard and Guidelines California State Polytechnic University, Pomona Desktop Security Standard and Guidelines Version 1.7 February 1, 2008 Table of Contents OVERVIEW...3 AUDIENCE...3 MINIMUM DESKTOP SECURITY STANDARD...3 ROLES

More information

"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary

Charting the Course... ... to Your Success! MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test

More information

המרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון 79165 טל'- 08-6801535 פקס- 08-6801543 בשיתוף עם מכללת הנגב ע"ש ספיר

המרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון 79165 טל'- 08-6801535 פקס- 08-6801543 בשיתוף עם מכללת הנגב עש ספיר מודולות הלימוד של מייקרוסופט הקורס מחולק ל 4 מודולות כמפורט:.1Configuring Microsoft Windows Vista Client 70-620 Installing and upgrading Windows Vista Identify hardware requirements. Perform a clean installation.

More information

Hosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com

Hosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Details Course Outline Module 1: Introducing Active Directory Domain Services This module provides

More information

COMPLETE COMPUTING, INC.

COMPLETE COMPUTING, INC. 6425: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Five days; Instructor-Led Introduction This five-day instructor-led course provides to teach Active Directory

More information

MCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring

MCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring MCSA Objectives Exam 70-236: TS:Exchange Server 2007, Configuring Installing and Configuring Microsoft Exchange Servers Prepare the infrastructure for Exchange installation. Prepare the servers for Exchange

More information

Customer Tips. Basic E-mail Configuration and Troubleshooting. for the user. Overview. Basic Configuration. Xerox Multifunction Devices.

Customer Tips. Basic E-mail Configuration and Troubleshooting. for the user. Overview. Basic Configuration. Xerox Multifunction Devices. Xerox Multifunction Devices Customer Tips November 24, 2003 This document applies to these Xerox products: x WC Pro 32/40 Color x WC Pro 65/75/90 x WC Pro 35/45/55 WC M35/M45/M55 x DC 555/545/535 x DC

More information

AV-006: Installing, Administering and Configuring Windows Server 2012

AV-006: Installing, Administering and Configuring Windows Server 2012 AV-006: Installing, Administering and Configuring Windows Server 2012 Career Details Duration 105 hours Prerequisites This course requires that student meet the following prerequisites, including that

More information

Getting Started Guide

Getting Started Guide Getting Started Guide CensorNet Professional Copyright CensorNet Limited, 2007-2011 This document is designed to provide information about the first time configuration and testing of the CensorNet Professional

More information

Walton Centre. Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure

Walton Centre. Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure Page 1 Walton Centre Access and Authentication (network) Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure Page 2 Table of Contents Section

More information

Mac OS X Directory Services

Mac OS X Directory Services Mac OS X Directory Services Agenda Open Directory Mac OS X client access Directory services in Mac OS X Server Redundancy and replication Mac OS X access to other directory services Active Directory support

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Outline SSS6425 - Configuring and Troubleshooting Windows Server 2008 Active Directory

Outline SSS6425 - Configuring and Troubleshooting Windows Server 2008 Active Directory Outline SSS6425 - Configuring and Troubleshooting Windows Server 2008 Active Directory Duration: Four consecutive Saturdays About this Course This instructor-led course provides the knowledge and skills

More information

Security Provider Integration Kerberos Authentication

Security Provider Integration Kerberos Authentication Security Provider Integration Kerberos Authentication 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are

More information

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Details Course Code: Duration: Notes: 6425C 5 days This course syllabus should be used to determine whether

More information