Chapter Scenario: Wide World Importers | MCSE Training Kit (Exam 70-220): Designing Microsoft Windows 2000 Network Security: Designing Microsoft(r) Windows(r) 2000 Network Security (IT-Training Kits)

In this chapter you will apply design decisions to Wide World Importers, a North American corporation with distribution and service centers across the continent. Your task is to design a Group Policy deployment for the installation of application software that enforces specific restrictions of the Microsoft Windows 2000 desktop settings.

Proposed OU Structure

A consultant has recommended the Organizational Unit (OU) structure depicted in Figure 7.1 to Wide World Importers for the deployment of Group Policy.

Figure 7.1 Proposed OU structure for Wide World Importers

In addition to the Washington, D.C., office (shown in Figure 7.1), the regional offices in Vancouver, Toronto, Portland, Dallas, and Mexico City each need to have its own OU structures. Departments within each regional office also have separate OUs. Each office might have additional departments besides IT and Accounting.

Existing Site Definitions

Each city has been defined as a site within Active Directory directory service. The IP addressing scheme has been defined to associate the IP subnet at each office with the site name, as shown in Figure 7.2.

click to view at full size.

Figure 7.2 Site and IP subnet addressing for Wide World Importers

All computers at a site will use addresses from the subnets assigned to each site. The site information for each computer will be determined by its IP address. Regional offices will be assigned a subset of the site's IP address range to ensure that they connect to a domain controller (DC) at the nearest regional office.

Application Installation Requirements

Wide World Importers wants to use Group Policy to assign Microsoft Office to all full-time employees. Contingent staff will have Office manually installed to ensure that licensing information is maintained. To perform the automatic installation, Wide World Importers wants to assign Office to all full-time employees in the wideworldimporters.tld domain.

The Accounting department wants to assign the accounting software to all of its computers. Because Wide World Importers has purchased only a limited number of licenses, the software must be available only on the Accounting department's computers.

Engineering Requirements

As mentioned in Chapter 2, the Engineering department has its own requirements for account policies that require a separate domain for the department. Figure 7.3 shows the OU structure required by the Engineering department.

Figure 7.3 OU design for engineering.wideworldimporters.tld

The Engineering department has implemented an OU structure using the type of security principal (Engineering Users and Engineering Computers) as the top level of the OU hierarchy. Below this level are six OUs based on the six regional office locations. The Engineering department needs to have Office automatically installed on the desktop computers of all users, including full-time and contingent staff.

The New Employee

Don Funk was hired by Wide World Importers' Accounting department after working two years as an on-site contractor in the Toronto office. When Don logged on to the network on his first day as a full-time employee, he found that the accounting software was installed and available but Office wasn't installed.