Best Practices


  • Move your user and computer objects into an OU structure, as opposed to the default Users and Computers containers.

  • Keep the OU structure as simple as possible.

  • Do not nest OUs more than 10 layers deep, and preferably keep them less than 3 layers deep, if possible.

  • Keep the number of OUs to a minimum, and use them only when necessary.

  • Apply Group Policy to members of groups through Group Policy Membership Filtering where possible.

  • Use domain local groups to control access to resources, and use global groups to organize similar groups of users.

  • Use distribution groups or mail-enabled security groups to create email distribution lists in environments with Exchange 2000/2003.

  • Mail-enable security groups if separation of security and email functionality is not required.

  • Don't simply delete and re-create groups on the fly because each group SID is unique.

  • Don't include users from other Mixed mode domains in a forest in universal groups.

  • Don't use local groups for permissions in a domain environment.




Microsoft Windows Server 2003 Unleashed(c) R2 Edition
Microsoft Windows Server 2003 Unleashed (R2 Edition)
ISBN: 0672328984
EAN: 2147483647
Year: 2006
Pages: 499

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net