1 / 59

Introduction to Microsoft Management Console (MMC)

Introduction to Microsoft Management Console (MMC). MMC is a common console framework for management applications. MMC provides a common environment for snap-ins, the tools that support management functionality. MMC allows you to perform a number of tasks. The MMC Window. MMC Consoles.

madra
Télécharger la présentation

Introduction to Microsoft Management Console (MMC)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Microsoft Management Console (MMC) • MMC is a common console framework for management applications. • MMC provides a common environment for snap-ins, the tools that support management functionality. • MMC allows you to perform a number of tasks.

  2. The MMC Window

  3. MMC Consoles

  4. Introduction to Snap-Ins

  5. Stand-Alone Snap-Ins • Stand-alone snap-ins are usually referred to simply as snap-ins. • Each snap-in provides one function or a related set of functions.

  6. Extension Snap-Ins • Extension snap-ins are usually referred to as extensions. • An extension provides additional administrative functionality to another snap-in. • Extensions are designed to work with one or more stand-alone snap-ins. • Some snap-ins can act as stand-alone snap-ins or as extensions.

  7. Console Options • Create a Custom Console • Run MMC • Author mode • User mode • Full Access • Limited Access, Multiple Windows • No access to console tree • Can’t open new windows • Limited Access, Single Window

  8. Windows 2000 User Accounts • Domain user accounts • Local user accounts • Built-in user accounts

  9. Domain User Accounts • Allow users to log on to the domain and gain access to resources anywhere on the network • Created in an OU in the Active Directory store • Replicated to all domain controllers

  10. Local User Accounts • Allow users to log on to and gain access to resources on the computer where they log in • Created in the computer’s security database • Not replicated to domain controllers

  11. Built-In User Accounts • Administrator • Rename • Create new account with administrator privleges • runas /user:<domain name>\<username> prog • Guest • Disabled by default

  12. Naming Conventions • The naming convention establishes how users are identified in the domain. • Several considerations • User account Naming • Password requirements • Account options • Logon hours • Computer restrictions

  13. Must be uniques within the OU 20 characters max / \ [ ] : ; | = + * < > invalid Not case sensitive How will you deal with duplicates Services may require an account name to run Logon Name

  14. Password Requirements • Always assign a password for the Administrator account. • Determine whether the administrator or the users will control passwords. • Use passwords that are hard to guess. • Passwords can be up to 128 characters; a minimum length of eight characters is recommended. • Use both uppercase and lowercase letters, numerals, and valid non-alphanumeric characters.

  15. Account Options • Logon hours • Computer from which users can log on • Account expiration

  16. Creating Domain User Accounts

  17. Creating Local User Accounts

  18. Overview of Modifying Properties • A set of default properties is associated with each user account. • Properties defined for a domain user account can be used to search for users in the Active Directory store. • Several properties should be configured for each domain user account. • You can use the Active Directory Users And Computers snap-in to modify a domain user account. • You can use the Local Users And Groups snap-in to modify a local user account.

  19. The Properties Dialog Box • Personal properties tabs • Account tab • Profile tab • Desktop settings • Home Directories • Published Certificates tab • Member Of tab • Dial-In tab • Object tab • FQDN of Object • USN • Security tab • Terminal Services tabs

  20. Administering User Accounts • Managing user profiles • Modifying user accounts • Creating home folders

  21. Managing User Profiles • A user profile is a collection of folders and data that stores your current desktop environment and application settings as well as personal data. • Microsoft Windows 2000 creates a local user profile the first time you log on at a computer. • User profiles operate in a specific manner. • Stored in • %systemdrive%\Documents and Settings\<logon name> • <%systemdrive>\profiles

  22. Profiles • Customizable • ntuser.dat • Mandatory • ntuser.man • Local • Stored on the local machine • Roaming • Stored in a shared folder on a server

  23. Assigning a Customized Roaming User Profile

  24. Creating Home Folders

  25. Introduction to Groups • A group is a collection of user accounts. • Groups simplify administration of user permissions. • Users can be members of more than one group. • When you assign permissions, you give users the capability to gain access to specific resources. • You can add user accounts, contacts, computers, and other groups to groups.

  26. Types of Groups • Security groups • Distribution groups

  27. Group Scopes

  28. Introduction to Group Membership • The group scope determines the membership of the group. • Membership rules define which members a group can contain. • Domain local groups and global groups can be converted to universal groups.

  29. Group Nesting • You can add groups to other groups to reduce the number of times permissions need to be assigned. • You should create a hierarchy of groups based on business needs. • Try to minimize the levels of nesting. • Nesting reduces the number of times you assign permissions; however, tracking permissions becomes more complex. • Document group membership to keep track of permission assignments. • Effective nesting in a multiple domain environment will reduce network traffic between domains and simplify administration. • Consider the domain operation mode when nesting groups.

  30. Group Strategies

  31. Introduction to Groups • Determine the required group scope based on how you want to use the group. • Avoid adding users to universal groups. • Determine whether you have the necessary permissions to create a group in the appropriate domain. • Determine the name of the group.

  32. Group Scope • Domain Local • Users from any domain • Access to Domain resources only • Global • User from same domain • Access to all domains resources • Universal • Open membership • Open access

  33. Administering Groups

  34. Overview of Group Implementation • A local group can contain user accounts on a computer and can be assigned to resources on that computer. • There are two types of local groups: • Local • Domain local • Try to follow specific guidelines when using local groups. • Non-domain local groups can contain local user accounts from the computer on which you create the local groups.

  35. Creating Local Groups

  36. Built-In Global Groups • Windows 2000 creates built-in global groups to group common types of user accounts. • The groups are created in the Active Directory store. • The Users OU contains the built-in global groups. • Windows 2000 includes a number of commonly used built-in global groups.

  37. Built-In Domain Local Groups • Built-in domain local groups provide users with user rights and permissions to perform tasks on domain controllers and in the Active Directory store. • Built-in domain local groups give predefined rights to user accounts when you add user accounts or global groups as members. • Windows 2000 includes a number of commonly used built-in domain local groups.

  38. Built-In Local Groups • Built-in local groups give rights to perform system tasks on a single computer. • Built-in local groups are located in the Groups folder of the Computer Management snap-in. • Windows 2000 includes a number of commonly used built-in local groups.

  39. Built-In System Groups • Built-in system groups exist on all computers running Windows 2000. • You do not see system groups when you administer groups, but they are available for use when you assign rights to resources. • Windows 2000 includes a number of commonly used built-in system groups.

  40. Overview of Group Policies • Group policies are a set of configuration settings that an administrator applies to one or more objects in the Active Directory store. • A group policy consists of settings that govern how an object and its child objects behave. • Group policies provide users with a fully populated desktop environment. • Conflicts can exist between group policies and local needs.

  41. Benefits of Group Policies • Lowering your network’s total cost of ownership (TCO) • Securing a user’s environment • Enhancing a user’s environment

  42. Types of Group Policies • Software Settings • Scripts • Security Settings • Administrative Templates • Remote Installation Services (RIS) • Folder Redirection

  43. Group Policy Structure • Group policy objects (GPOs) • Group policy containers (GPCs) • Group policy templates (GPTs)

  44. Group Policy Objects (GPOs) • A GPO contains group policy settings for sites, domains, and OUs. • One or more GPOs can be applied to a site, a domain, or an OU. • Group policy data that is small in size and changes infrequently is stored in GPCs. • Group policy data that is large and can change frequently is stored in the GPT. • A local GPO exists on every Windows 2000 computer, and by default, only security settings are configured.

  45. Group Policy Containers (GPCs) • A GPC is an Active Directory object that stores GPO properties and includes subcontainers for computer and user group policy information. • The GPC stores the Windows 2000 class store information for application deployment.

  46. Group Policy Templates (GPTs) • When a GPO is created, the corresponding GPT folder structure is created. • Certain subfolders are often contained in the GPT structure.

  47. Creating a GPO

  48. Using the Group Policy Snap-In • Computer Configuration • Applies to Computers • When system initialized • Every user • Startup/Shutdown Scripts • User Configuration • Applies to users • When logon • Logon/logoff scripts

  49. Group Policy • More than 500 settings • Software Settings • Software installation • Windows Settings • Desktop settings • Administrative Templates

  50. Group Policies • Computer settings take precedence over user settings • Computer settings take effect • After refresh interval • When OS restarted • User setting • After refresh interval • When new logon

More Related