Active Directory and SecurityAn in-depth knowledge of Active Directory (AD) is critical for security. The fundamental reasons are the following:First, AD is the seat of all information about users and computers. It contains the security policy and provides information on network structure and the details of many critical enterprise applications. It is absolutely imperative that this knowledge be protected both from unauthorized viewing and from unauthorized alteration.Second, because security configuration and maintenance are built-in features, proper design and implementation of Active Directory will support the maximum use of Group Policy.Third, if correctly designed, appropriate and secure delegation of authority can be used to support sound administrative practices. Obtaining the necessary foundation knowledge requires immersion in documentation, hands-on experience in test deployments, and where possible, supervised experience in existing Active Directory environments. This chapter merely reviews basic concepts. If you are new to the Active Directory concepts covered in this chapter or want to broaden your knowledge of Windows Server 2003, you can obtain supplementary knowledge from the following sources:Product documentation available online at http://www.microsoft.com/windows/default.mspxWhite papers and other technical information available from www.microsoft.com/technetBill Boswells, Inside Windows Server 2003, Addison Wesley, 2003 Group Policy, the ultimate tool for managing computers and users in a domain and the seat of the initially established security for the domain, is a powerful tool when used to set security settings for all domain member computers and users. Group Policy was introduced in Windows 2000, and significant additions and improvements are available in Windows Server 2003. In order to understand, configure, and troubleshoot security by using Group Policy, you must first look at Active Directory from a security perspective. |