MCITP Enterprise Administrator Security Design Features
Site-link bridges can be a useful technique to implement if you already have preexisting site links in your environment. Later, in Chapter 3 of this book, I Choosing Server Roles Once you’ve taken the time to identify the overall structure and design scheme of your enterprise, the next logical step is to determine the role that Active Directory can play in your design. In the old days, this wasn?t quite as complex a process. With systems such as Windows NT, you simply had to choose a primary domain controller (PDC), and possibly a backup domain controller (BDC), and then go through the much more arduous task of administering the environment after designing it.
Now, however, solution architects and IT administrators have the problem of not just choosing domain controllers but choosing among several types of domain controllers, DNS settings, server roles, server features, scripting, and hundreds of other options that can be implemented in your campus. Microsoft has adapted to this change in administrative design by introducing many new features and best practices that should be followed in your organization.
Part of the dif?culty involved with designing an enterprise with Windows Server 2008 is that there is so much that can be done! In MCTS Windows Server 2008 alone, Microsoft released several major features that are particularly important to large environments. For the exam, you will need to be able to ?re these features and their buzzwords off at whim, because you can bet a silver dollar that you’re going to be seeing all them?either on the certification exam or when you enter the workforce.
Since you already have some familiarity with these new features, I’ll brie?y cover the most commonly tested features here and point out how you need to consider using these features in a Windows enterprise-level environment, as well as one or two old favorites that still raise their heads once in a while.
Although Microsoft doesn?t of?cially group Windows Server 2008?s new features into catego – ries such as security and delegation, it’s useful for your purposes to consider the features this way, because it helps put you in the right frame of mind to think about how these features help your overall environment. The two features you’ll concentrate on in the following sections are read-only domain controllers and Windows BitLocker encryption.
As you probably already know, read-only domain controllers (RODCs) are a hot topic in the IT workplace CCNA Exam right now. RODCs are new to Windows Server 2008 and can be run only on Windows Server 2008. However, Windows Server 2003 domain controllers can com- municate with them.
An RODC is a domain controller that, as the name implies, contains a ?read-only? copy of the Active Directory database that cannot be changed (written to). The primary use for this is in a situation where the physical security of an environment is compromised. In other words, an RODC makes sure that someone can?t steal, tamper with, or alter your domain controller and acquire valuable intellectual property, such as usernames, passwords, or other such need-to-know information.
Processing your request, Please wait....
