Day 10 Flashcards
DSQuery.exe
an extremely powerful command-line tool that allows you to query and manage Active Directory objects
LDIFDE.exe
LDAP Data Interchange Format Directory Exchange
used for object creation, queries, and modification of Active Directory objects.
pulls report of active directory database
Group policy
the primary purpose of Group policy is to apply policy settings to computers and users in an active directory domain
Group Policy Objects (GPOs)
a collection of settings that efficiently apply user and computer configurations for the domain.
GPO’s can be linked to:
sites
domain’s
OU’s
Two default GPO’s
Default domain policy–policy for the domain an dis linked to the domain
default domain controllers policy–domain controller policy and is linked to the domain controller’s OU
SYSVOL (System Volume)
a collection of folders that exist on each domain controller to store elements of GPOs and domain public files
SYSVOL subfolders
machine–contains registry settings to be applied to computer HKEY_Local_Machine settings
User–contains registry settings to be applied to the user’s HKEY_Current_USER settings
user and machine folders are created at install time and other folders are created as needed when policy is set
Group policy has two settings:
computer configuration–group policies can be applied during the computer’s startup/shutdown and affect all users who log into the computer
user configuration- user configuration settings customize the user’s environment at the user level
group policy processing order
- local policies
- Site GPO’s
- Domain GPO’s
- OU GPO’s
Exception to processing order
#no override- previously processed policies are not overwritten #block policy inheritance- policy settings will not inherit from above #GPO disabled #Permissions
security templates
a collection of predefined policy settings in a single file. predefined templates provide a policy starting point and may be customized to meet organizational requirements
User accounts
local-user account that can only be authenticated by the local machine. These accounts exist in local system’s SAM
#Built in-automatically created. There are local and domain built in accounts ###administrator ###guest
user profiles
HKU registry key contains the user environment settings for the user that has interactively logged on to the system.
HKCU registry key is used for configuration settings and changes while the user is logged on.
ntuser.dat is the user profile file.
changes are saved to profile at logoff
ntuser.man
changing ntuser.dat to ntuser.man will make the profile mandatory and does not save changes at logoff
local user profile
stored on the local system
roaming user profile
roaming profiles are stored on a network share
group accounts
used to manage account permissions more efficiently by adding user, computer, and even other group accounts into a single group
two types of domain groups
security groups– used for assigning permissions
distribution groups–used for email distribution lists
domain local groups and domain global groups
#Domain local groups---assigned to resources within a domain #Domain Global Group-used anywhere in the forest.
best practise for managing group membership
1 add user accounts as members of global groups
2 add global groups as members of domain local groups
3. assign permissions to domain local groups
A->GG->DLG
the following groups are of a global scope.
They are located in Users container by default
Domain Admins
Domain Guests
Domain Users
Enterprise Admins
The following groups are of a domain local scope.
They are located in the Built-in container by default
Account operators
administrators
backup operators
Users
Special identity groups
conditional groups whose memberships cannot be manually assigned.
Authenticated users
Creator Owner
Everyone
