Hanson Brothers is a hockey equipment manufacturing company with a head office in Warroad, Minnesota, and distribution offices in Calgary, Alberta, and Boise, Idaho. You've been hired to help Hanson Brothers develop a methodology for designing Windows 2000 security groups.
Hanson Brothers wishes to deploy Exchange Server to provide e-mail services between the Warroad, Calgary, and Boise offices. The Exchange Server deployment will include installation of Exchange Server at each office.
Last month Hanson Brothers bought out a former competitor in Hull, Quebec. As a result of the acquisition, Hanson Brothers has moved from a single domain model to a forest with two domains in it, as shown in Figure 5.1.
Figure 5.1 The modified Hanson Brothers Active Directory directory service structure
Now the security methodology you develop must include the ability to deploy Exchange Server in a multiple-domain environment.
Microsoft Outlook 2000 must be installed on all the desktop computers of users who have been designated for the Exchange project. Not all users will be included during the initial rollout of Exchange Server, and Hanson Brothers wants to use Windows 2000 security groups to ensure that only authorized users can install or configure the Outlook 2000 client software.
To assist with the deployment, a central share called Software has been created on the server at the Warroad office. You must design custom groups to ensure that only approved employees will be able to install the Outlook 2000 software. In addition, members of the Exchange deployment team will need to be able to modify the configuration files within the share.
Exchange Server requires the creation of a service account. The service account must have the following user rights assigned in any domain where Exchange Server is deployed: