Access and control are the two methods you can choose from when implementing a strategy for directory services. Control is the favorite since it calls for least access and then relaxing permissions as needed.
Group policy can be used to set permissions on files, folders, and resources.
Restricted groups greatly enhances security because it gives you a mechanism by which to enforce user memberships to sensitive groups.
A good password policy can ensure your system is not vulnerable to easy password attacks by hackers.
There are three types of groups within a forest that you can create: Domain Local groups, Global groups, and Universal groups.
Universal groups differ from Domain Local groups in that they can be assigned permissions on any resource in any domain in the forest, whereas Domain Local groups are limited to the domain in which they were created.
There are four types of domain functional levels and three types of forest functional levels. Domain functional levels are Windows 2000 mixed, Windows 2000 native, Windows Server 2003 interim, and Windows Server 2003. The forest functional levels are Windows 2000, Windows Server 2003 interim, and Windows Server 2003.