1 / 52

Introduction to Microsoft Management Console (MMC)

Introduction to Microsoft Management Console (MMC). MMC is a common console framework for management applications. MMC provides a common environment for snap-ins, the tools that support management functionality. MMC allows you to perform a number of tasks. The MMC Window. MMC Consoles.

nimrod
Download Presentation

Introduction to Microsoft Management Console (MMC)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction to Microsoft Management Console (MMC) • MMC is a common console framework for management applications. • MMC provides a common environment for snap-ins, the tools that support management functionality. • MMC allows you to perform a number of tasks.

  2. The MMC Window

  3. MMC Consoles

  4. Introduction to Snap-Ins

  5. Stand-Alone Snap-Ins • Stand-alone snap-ins are usually referred to simply as snap-ins. • Each snap-in provides one function or a related set of functions.

  6. Extension Snap-Ins • Extension snap-ins are usually referred to as extensions. • An extension provides additional administrative functionality to another snap-in. • Extensions are designed to work with one or more stand-alone snap-ins. • Some snap-ins can act as stand-alone snap-ins or as extensions.

  7. Console Options • Author mode • User mode

  8. Windows 2000 User Accounts • Domain user accounts • Local user accounts • Built-in user accounts

  9. Domain User Accounts • Allow users to log on to the domain and gain access to resources anywhere on the network • Created in an OU in the Active Directory store • Replicated to all domain controllers

  10. Local User Accounts • Allow users to log on to and gain access to resources on the computer where they log in • Created in the computer’s security database • Not replicated to domain controllers

  11. Built-In User Accounts • Administrator • Guest

  12. Naming Conventions • The naming convention establishes how users are identified in the domain. • Several considerations should be taken into account when determining naming conventions.

  13. Password Requirements • Always assign a password for the Administrator account. • Determine whether the administrator or the users will control passwords. • Use passwords that are hard to guess. • Passwords can be up to 128 characters; a minimum length of eight characters is recommended. • Use both uppercase and lowercase letters, numerals, and valid nonalphanumeric characters.

  14. Account Options • Logon hours • Computer from which users can log on • Account expiration

  15. Creating Domain User Accounts

  16. Creating Local User Accounts

  17. Overview of Modifying Properties • A set of default properties is associated with each user account. • Properties defined for a domain user account can be used to search for users in the Active Directory store. • Several properties should be configured for each domain user account. • You can use the Active Directory Users And Computers snap-in to modify a domain user account. • You can use the Local Users And Groups snap-in to modify a local user account.

  18. The Properties Dialog Box • Personal properties tabs • Account tab • Profile tab • Published Certificates tab • Member Of tab • Dial-In tab • Object tab • Security tab • Terminal Services tabs

  19. Administering User Accounts • Managing user profiles • Modifying user accounts • Creating home folders

  20. Managing User Profiles • A user profile is a collection of folders and data that stores your current desktop environment and application settings as well as personal data. • Microsoft Windows 2000 creates a local user profile the first time you log on at a computer. • User profiles operate in a specific manner.

  21. Assigning a Customized Roaming User Profile

  22. Creating Home Folders

  23. Introduction to Groups • A group is a collection of user accounts. • Groups simplify administration of user permissions. • Users can be members of more than one group. • When you assign permissions, you give users the capability to gain access to specific resources. • You can add user accounts, contacts, computers, and other groups to groups.

  24. Types of Groups • Security groups • Distribution groups

  25. Group Scopes

  26. Introduction to Group Membership • The group scope determines the membership of the group. • Membership rules define which members a group can contain. • Domain local groups and global groups can be converted to universal groups.

  27. Group Nesting • You can add groups to other groups to reduce the number of times permissions need to be assigned. • You should create a hierarchy of groups based on business needs. • Try to minimize the levels of nesting. • Nesting reduces the number of times you assign permissions; however, tracking permissions becomes more complex. • Document group membership to keep track of permission assignments. • Effective nesting in a multiple domain environment will reduce network traffic between domains and simplify administration. • Consider the domain operation mode when nesting groups.

  28. Group Strategies

  29. Introduction to Groups • Determine the required group scope based on how you want to use the group. • Avoid adding users to universal groups. • Determine whether you have the necessary permissions to create a group in the appropriate domain. • Determine the name of the group.

  30. Administering Groups

  31. Overview of Group Implementation • A local group can contain user accounts on a computer and can be assigned to resources on that computer. • There are two types of local groups: domain and non-domain. • Try to follow specific guidelines when using local groups. • Non-domain local groups can contain local user accounts from the computer on which you create the local groups.

  32. Creating Local Groups

  33. Built-In Global Groups • Windows 2000 creates built-in global groups to group common types of user accounts. • The groups are created in the Active Directory store. • The Users OU contains the built-in global groups. • Windows 2000 includes a number of commonly used built-in global groups.

  34. Built-In Domain Local Groups • Built-in domain local groups provide users with user rights and permissions to perform tasks on domain controllers and in the Active Directory store. • Built-in domain local groups give predefined rights to user accounts when you add user accounts or global groups as members. • Windows 2000 includes a number of commonly used built-in domain local groups.

  35. Built-In Local Groups • Built-in local groups give rights to perform system tasks on a single computer. • Built-in local groups are located in the Groups folder of the Computer Management snap-in. • Windows 2000 includes a number of commonly used built-in local groups.

  36. Built-In System Groups • Built-in system groups exist on all computers running Windows 2000. • You do not see system groups when you administer groups, but they are available for use when you assign rights to resources. • Windows 2000 includes a number of commonly used built-in system groups.

  37. Overview of Group Policies • Group policies are a set of configuration settings that an administrator applies to one or more objects in the Active Directory store. • A group policy consists of settings that govern how an object and its child objects behave. • Group policies provide users with a fully populated desktop environment. • Conflicts can exist between group policies and local needs.

  38. Benefits of Group Policies • Lowering your network’s total cost of ownership (TCO) • Securing a user’s environment • Enhancing a user’s environment

  39. Types of Group Policies • Software Settings • Scripts • Security Settings • Administrative Templates • Remote Installation Services (RIS) • Folder Redirection

  40. Group Policy Structure • Group policy objects (GPOs) • Group policy containers (GPCs) • Group policy templates (GPTs)

  41. Group Policy Objects (GPOs) • A GPO contains group policy settings for sites, domains, and OUs. • One or more GPOs can be applied to a site, a domain, or an OU. • Group policy data that is small in size and changes infrequently is stored in GPCs. • Group policy data that is large and can change frequently is stored in the GPT. • A local GPO exists on every Windows 2000 computer, and by default, only security settings are configured.

  42. Group Policy Containers (GPCs) • A GPC is an Active Directory object that stores GPO properties and includes subcontainers for computer and user group policy information. • The GPC stores the Windows 2000 class store information for application deployment.

  43. Group Policy Templates (GPTs) • When a GPO is created, the corresponding GPT folder structure is created. • Certain subfolders are often contained in the GPT structure.

  44. Creating a GPO

  45. Using the Group Policy Snap-In

  46. GPO Permissions

  47. Support for Windows 95, Windows 98, and Windows NT 4.0 • The Group Policy snap-in does not provide client support for Microsoft Windows 95, Windows 98, or Windows NT computers. • Windows NT is supported through .adm files and Poledit.exe. • Windows 95 and Windows 98 clients are supported through the Windows 9x System Policy Editor.

  48. Managing Software Settings • Use the Group Policy snap-in to centrally manage software distribution. • To assign or publish an application, create a shared folder and copy the application files and package files (.msi files) to the share folders.

  49. Managing Scripts • Windows 2000 group policy allows considerable flexibility in assigning scripts. • Multiple scripts can be assigned to a user or a computer. • You can use the Show Files button to open a window that displays the contents of the scripts folder.

  50. Managing Security Settings • Computer security policy covers areas of policy, administrative rights, and user permissions. • Two types of security policies are defined in Windows 2000. • The security infrastructure can be separated into a number of configurable categories. • Security configurations are stored as .inf files in a text format.

More Related