Understanding Active Directory Securitya

Active Directory security is determined by security groups, access control, delegation of control, and Group Policy. This lesson briefly reviews security groups, access control, and delegation of control, which were covered in previous chapters. Then, this lesson introduces auditing, security logging, and security configuration and analysis and discusses the security settings in Group Policy.
Security groups simplify administration by allowing you to assign permissions and rights to a group of users rather than having to assign permissions to each individual user account. You implement security groups by using the Active Directory Users And Computers console. Security groups are discussed in Chapter 8, “Administering Groups.” Access control is the granting or denial of permissions to security principals. Access control is implemented by using the object specific access control lists (ACL) in the Security tab of the Properties dialog box of each object. The list contains the names of user groups that have access to the object. Access control is discussed in Chapter 9, “Administering Active Directory Objects.” You delegate administrative control of domains and containers in order to provide other administrators, groups, or users with the ability to manage functions according to their needs. Delegation of control is implemented by using the Delegation Of Control Wizard to automate and simplify the process of setting administrative permissions for a domain, OU, or container. Delegation of control is discussed in 220-701 exam“Implementing an OU Structure,” and Chapter 9, “Administering Active Directory Objects.”
How do you recommend resolving the issue that many users utilize different parts
of the Office XP suite of applications?
Transforms are files that end with an extension of .mst. These files are deployed along with the .msi file to alter the configuration. This is an option to address this complication. It could be quite an administrative burden to develop .mst files for each of the different configurations utilized, and then deploying multiple GPOs with each of the different configurations.
It is important to understand transforms and when their use is appropriate. In this case, however, there was no indication that having extra software simply available would cause trouble. Consider assigning Office XP to users at the domain level. This will make all file extension associations on the client systems and advertise the applications by making all of the Start menu shortcuts available. Essentially, all of the applications are set to install on first use. If some users never launch Excel, for example, then the program files to run Excel will simply not be brought down for that user. A complicated set of transforms in this A+ certification cost case would seem to be a waste of administrative effort.

Processing your request, Please wait....