Activity: Reviewing Group Memberships

Previous page
Table of content
Next page

You've been called in as a consultant to review security group design proposals for a technology firm. Several sources have submitted the proposals, and the firm fears that some of the proposals are technically incorrect. The proposals all pertain to providing access to a shared folder named Technologies. The folder is stored on a member server named Development that's a member server in the east.technology.tld domain. The shared folder must be accessible to user accounts in both the west.technology.tld and technology.tld domains, as shown in Figure 5.6.

click to view at full size.

Figure 5.6 The technology.tld domain structure

Only members of the marketing, sales, and management teams must have access to the technologies share. No other users should have access.

Due to some legacy applications running on Windows NT 4.0 BDCs, all domains in the Windows 2000 forest are currently running in mixed mode.

Proposal 1

To provide access to the \\Development\Technologies share, you must define the following groups:

  • Marketing. A global group defined in each domain that will contain marketing users for that domain.
  • Sales. A global group defined in each domain that will contain Sales department users for that domain.
  • Management. A global group defined in each domain that will contain management staff for that domain.
  • TechUsers. A global group defined in each domain that will contain the Marketing, Sales, and Management global groups.
  • TechAccess. A domain local group defined in the east.technologies.tld domain. This group will contain the TechUsers groups from each of the three domains.

Proposal 2

To provide access to the \\Development\Technologies share, you must define the following groups:

  • Marketing. A global group defined in each domain that will contain marketing users for that domain.
  • Sales. A global group defined in each domain that will contain Sales department users for that domain.
  • Management. A global group defined in each domain that will contain management staff for that domain.
  • TechAccess. A computer local group defined in the east.technologies.tld domain. This group will contain the Marketing, Sales, and Management global groups from each of the three domains.

Proposal 3

To provide access to the \\Development\Technologies share, you must define the following groups:

  • Marketing. A global group defined in each domain that will contain marketing users for that domain.
  • Sales. A global group defined in each domain that will contain Sales department users for that domain.
  • Management. A global group defined in each domain that will contain management staff for that domain.
  • TechUsers. A universal group defined in the east.technologies.tld domain that will contain the Marketing, Sales, and Management global groups.
  • TechAccess. A computer local group defined in the east.technologies.tld domain. This group will contain the TechUsers groups from each of the three domains.

Proposal 4

To provide access to the \\Development\Technologies share, you must define the following groups:

  • Marketing. A global group defined in each domain that will contain marketing users for that domain.
  • Sales. A global group defined in each domain that will contain Sales department users for that domain.
  • Management. A global group defined in each domain that will contain management staff for that domain.
  • TechAccess. A domain local group defined in the east.technologies.tld domain. This group will contain the Marketing, Sales, and Management global groups from each of the three domains.

Questions

Answer the following questions about this situation. Answers can be found in the appendix.

  1. Will the first proposal work in technology.tld's environment? If your answer is no, what's wrong with the proposal?


  2. Will the second proposal work in technology.tld's environment? If your answer is no, what's wrong with the proposal?


  3. Will the third proposal work in technology.tld's environment? If your answer is no, what's wrong with the proposal?


  4. Will the fourth proposal work in technology.tld's environment? If your answer is no, what's wrong with the proposal?


Answers


Previous page
Table of content
Next page
Microsoft Corporation - MCSE Training Kit (Exam 70-220. Designing Microsoft Windows 2000 Network Security)
MCSE Training Kit (Exam 70-220): Designing Microsoft Windows 2000 Network Security: Designing Microsoft(r) Windows(r) 2000 Network Security (IT-Training Kits)
ISBN: 0735611343
EAN: 2147483647
Year: 2001
Pages: 172
Authors: Microsoft Corporation
BUY ON AMAZON
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
C & Data Structures (Charles River Media Computer Engineering)
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Information Dashboard Design: The Effective Visual Communication of Data
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Special Edition Using FileMaker 8
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy