Annex F09 Microsoft AD Considerations Flashcards
Group Policy
Provides a centralized method for modifying user and computer environments to predetermined settings
Controls what users can and cannot do on their own computers
Two (2) purposes for creating OU’s within Microsoft AD
To delegate admin control of objects below the domain level
To control and manage Group Policy
Security Groups vs Group Policies within Microsoft AD
Security groups give permissions to functions and services within AD like folders on a share drive and access to DC’s
Group policy controls what users can and cannot do on their own computers
Principles of Inheritance as they apply to Group Policy with Microsoft AD
Group policy settings are inherited from the top down
A computer in an OU may have group policies applied at both the domain and OU level
Child OU’s inherit the group policy of the parent OU
Group policy inheritance can be blocked by experienced admin but is not commonly done
Purpose for standardizing user and computer accounts within Microsoft AD
New programs and patches can be pushed to every computer in the OU rather than conducting individual installs
Difference between Service and Admin Permissions and Roles
- Service level-affect the AD forest and domain structure (enterprise and domain level)
- Data administrator-control, administer and change objects in AD