Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.
- Create BookmarkCreate Bookmark
- Create Note or TagCreate Note or Tag
- DownloadDownload
- PrintPrint
Solution Collection 5. Active Directory Delegation and Administrative Lock D...
Solution Collection 5. Active Directory Delegation and Administrative Lock Down
| In this chapter: | ||
|---|---|---|
| Scenarios, Pain, and Solution | 363 | |
| 5-1: | Explore the Components and Tools of Active Directory Delegation | 365 |
| 5-2: | Customize the Delegation Of Control Wizard | 373 |
| 5-3: | Customize the Permissions Listed in the ACL Editor Interfaces | 380 |
| 5-4: | Evaluate, Report, and Revoke Active Directory Permissions | 384 |
| 5-5: | Assign and Revoke Permissions with Dsacls | 391 |
| 5-6: | Define Your Administrative Model | 401 |
| 5-7: | Role-Based Management of Active Directory Delegation | 403 |
| 5-8: | Scripting the Delegation of Active Directory | 408 |
| 5-9: | Delegating Administration and Support of Computers | 411 |
| 5-10: | Empty as Many of the Built-in Groups as Possible | 416 |
Because Active Directory is critical to the security and integrity of a Microsoft Windows network, it is very important to secure the directory service itself. Unfortunately, many organizations have not had the time, resources, or knowledge with which to plan and implement their administrative models with least-privilege permissions in Active Directory. In this Solution Collection, I explain the ins and outs of Active Directory security, the tools available to manage permissions on Active Directory objects, and the steps you can take to implement a role-based delegation that supports your current administrative model and is agile enough to adapt to organizational changes over time. I also show you how to delegate the ability to administer computers to your support organizations, and why it’s important to empty as many of Active Directory’s built-in groups as possible.
