Windows Active Directory Domains - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • Windows Active Directory Domains

    • Local Security Accounts database
      • SAM
        • HKEY_LOCAL_MACHINE
        • Show Registry file locations
          • C:\Windows\System32\config
    • Domain Accounts
      • Windows Domain Controler

  • Active Directory Components

    • DCs
    • Active Directory
    • Member Servers
    • Organization Units

  • Domain Membership

    • Computer account object in the database
    • Computer and users are subject to centralized domain security configuration and policy settings
    • Some domain accounts can become a part of the local groups (We did this with the student accounts at NH)
    • System Properties - Windows 7/8.1
    • Windows Settings app - Windows 10
    • Demonstrate via Windows 7 and Windows 10

  • Group Policy Objects

    • Standalone computers are configured via Local Security Policy and Local Group Policy
    • GPOs configure
      • Software deployment
      • Windows settings
      • Script deployment
      • Printer deployment
    • Administrative Templates
      • Define custom registry settings
      • Can be defined on a per-user or per computer basis
    • Security Templates
      • Provide a basis for GPOs (configuration baselines)
      • Configured via MMC
      • GPOs configured via Group Policy or the Group Policy Management Console
      • The system uses a technique known as Resultant Set of Policies or RSoPs through inheritance to determine settings that are applied to the computer or user.
    • Policy Updates
      • User settings are applied at logon or logoff
      • Computer settings are applied at startup or shutdown
      • Applied via client-side extensions
      • Computers pull settings from policies from domain controllers
      • You can force policies to update outside of off normal policy refresh cycle via
      • Update every 90 minutes
        • gpupdate
          • /force
          • /logoff
          • /boot
        • gpresult
          • /s = scope
          • /u = user
          • /p = password
          • /h = exports RSoP out to HTML format

  • Basic AD Functions

    • User account creation
    • Computer management

  • Logon script

    • Applied to the user settings
      • Domain, OU, or security group

  • Home Folder

    • Properties of the user account

  • Folder Redirection