520 likes | 686 Views
Introduction to Microsoft Management Console (MMC). MMC is a common console framework for management applications. MMC provides a common environment for snap-ins, the tools that support management functionality. MMC allows you to perform a number of tasks. The MMC Window. MMC Consoles.
E N D
Introduction to Microsoft Management Console (MMC) • MMC is a common console framework for management applications. • MMC provides a common environment for snap-ins, the tools that support management functionality. • MMC allows you to perform a number of tasks.
Stand-Alone Snap-Ins • Stand-alone snap-ins are usually referred to simply as snap-ins. • Each snap-in provides one function or a related set of functions.
Extension Snap-Ins • Extension snap-ins are usually referred to as extensions. • An extension provides additional administrative functionality to another snap-in. • Extensions are designed to work with one or more stand-alone snap-ins. • Some snap-ins can act as stand-alone snap-ins or as extensions.
Console Options • Author mode • User mode
Windows 2000 User Accounts • Domain user accounts • Local user accounts • Built-in user accounts
Domain User Accounts • Allow users to log on to the domain and gain access to resources anywhere on the network • Created in an OU in the Active Directory store • Replicated to all domain controllers
Local User Accounts • Allow users to log on to and gain access to resources on the computer where they log in • Created in the computer’s security database • Not replicated to domain controllers
Built-In User Accounts • Administrator • Guest
Naming Conventions • The naming convention establishes how users are identified in the domain. • Several considerations should be taken into account when determining naming conventions.
Password Requirements • Always assign a password for the Administrator account. • Determine whether the administrator or the users will control passwords. • Use passwords that are hard to guess. • Passwords can be up to 128 characters; a minimum length of eight characters is recommended. • Use both uppercase and lowercase letters, numerals, and valid nonalphanumeric characters.
Account Options • Logon hours • Computer from which users can log on • Account expiration
Overview of Modifying Properties • A set of default properties is associated with each user account. • Properties defined for a domain user account can be used to search for users in the Active Directory store. • Several properties should be configured for each domain user account. • You can use the Active Directory Users And Computers snap-in to modify a domain user account. • You can use the Local Users And Groups snap-in to modify a local user account.
The Properties Dialog Box • Personal properties tabs • Account tab • Profile tab • Published Certificates tab • Member Of tab • Dial-In tab • Object tab • Security tab • Terminal Services tabs
Administering User Accounts • Managing user profiles • Modifying user accounts • Creating home folders
Managing User Profiles • A user profile is a collection of folders and data that stores your current desktop environment and application settings as well as personal data. • Microsoft Windows 2000 creates a local user profile the first time you log on at a computer. • User profiles operate in a specific manner.
Introduction to Groups • A group is a collection of user accounts. • Groups simplify administration of user permissions. • Users can be members of more than one group. • When you assign permissions, you give users the capability to gain access to specific resources. • You can add user accounts, contacts, computers, and other groups to groups.
Types of Groups • Security groups • Distribution groups
Introduction to Group Membership • The group scope determines the membership of the group. • Membership rules define which members a group can contain. • Domain local groups and global groups can be converted to universal groups.
Group Nesting • You can add groups to other groups to reduce the number of times permissions need to be assigned. • You should create a hierarchy of groups based on business needs. • Try to minimize the levels of nesting. • Nesting reduces the number of times you assign permissions; however, tracking permissions becomes more complex. • Document group membership to keep track of permission assignments. • Effective nesting in a multiple domain environment will reduce network traffic between domains and simplify administration. • Consider the domain operation mode when nesting groups.
Introduction to Groups • Determine the required group scope based on how you want to use the group. • Avoid adding users to universal groups. • Determine whether you have the necessary permissions to create a group in the appropriate domain. • Determine the name of the group.
Overview of Group Implementation • A local group can contain user accounts on a computer and can be assigned to resources on that computer. • There are two types of local groups: domain and non-domain. • Try to follow specific guidelines when using local groups. • Non-domain local groups can contain local user accounts from the computer on which you create the local groups.
Built-In Global Groups • Windows 2000 creates built-in global groups to group common types of user accounts. • The groups are created in the Active Directory store. • The Users OU contains the built-in global groups. • Windows 2000 includes a number of commonly used built-in global groups.
Built-In Domain Local Groups • Built-in domain local groups provide users with user rights and permissions to perform tasks on domain controllers and in the Active Directory store. • Built-in domain local groups give predefined rights to user accounts when you add user accounts or global groups as members. • Windows 2000 includes a number of commonly used built-in domain local groups.
Built-In Local Groups • Built-in local groups give rights to perform system tasks on a single computer. • Built-in local groups are located in the Groups folder of the Computer Management snap-in. • Windows 2000 includes a number of commonly used built-in local groups.
Built-In System Groups • Built-in system groups exist on all computers running Windows 2000. • You do not see system groups when you administer groups, but they are available for use when you assign rights to resources. • Windows 2000 includes a number of commonly used built-in system groups.
Overview of Group Policies • Group policies are a set of configuration settings that an administrator applies to one or more objects in the Active Directory store. • A group policy consists of settings that govern how an object and its child objects behave. • Group policies provide users with a fully populated desktop environment. • Conflicts can exist between group policies and local needs.
Benefits of Group Policies • Lowering your network’s total cost of ownership (TCO) • Securing a user’s environment • Enhancing a user’s environment
Types of Group Policies • Software Settings • Scripts • Security Settings • Administrative Templates • Remote Installation Services (RIS) • Folder Redirection
Group Policy Structure • Group policy objects (GPOs) • Group policy containers (GPCs) • Group policy templates (GPTs)
Group Policy Objects (GPOs) • A GPO contains group policy settings for sites, domains, and OUs. • One or more GPOs can be applied to a site, a domain, or an OU. • Group policy data that is small in size and changes infrequently is stored in GPCs. • Group policy data that is large and can change frequently is stored in the GPT. • A local GPO exists on every Windows 2000 computer, and by default, only security settings are configured.
Group Policy Containers (GPCs) • A GPC is an Active Directory object that stores GPO properties and includes subcontainers for computer and user group policy information. • The GPC stores the Windows 2000 class store information for application deployment.
Group Policy Templates (GPTs) • When a GPO is created, the corresponding GPT folder structure is created. • Certain subfolders are often contained in the GPT structure.
Support for Windows 95, Windows 98, and Windows NT 4.0 • The Group Policy snap-in does not provide client support for Microsoft Windows 95, Windows 98, or Windows NT computers. • Windows NT is supported through .adm files and Poledit.exe. • Windows 95 and Windows 98 clients are supported through the Windows 9x System Policy Editor.
Managing Software Settings • Use the Group Policy snap-in to centrally manage software distribution. • To assign or publish an application, create a shared folder and copy the application files and package files (.msi files) to the share folders.
Managing Scripts • Windows 2000 group policy allows considerable flexibility in assigning scripts. • Multiple scripts can be assigned to a user or a computer. • You can use the Show Files button to open a window that displays the contents of the scripts folder.
Managing Security Settings • Computer security policy covers areas of policy, administrative rights, and user permissions. • Two types of security policies are defined in Windows 2000. • The security infrastructure can be separated into a number of configurable categories. • Security configurations are stored as .inf files in a text format.