First off you need to start with a set of policies. You need sit down with
your management to specifically define what you are trying to do. And to
support it through a written policy. Use the process of defining your
policies to educate, elucidate & elicit support for the project. There are
many ways to configure your environment. Some better than others. Some
equally good. But until you know exactly what you are trying to accomplish
you WILL miss an important design consideration(s). Believe me I have done
so before I learned policies are not just paper, they are the blue print
from which you proceed. And I would add they are your authority to say no to
bad ideas.
You have an opportunity to develop a system that is a pleasure to use, and
more importantly to you, maintain. Most of us rarely get the opportunity to
build a virgin system, you lucky dog you. We get legacy systems. Have fun
it's a great challenge.
Michael D. Lowe
Coordinator Computer Applications
Security/Network Administrator
Office of the University Registrar
PO Box 114000
mlowe (at) ufl (dot) edu [email concealed]
352-392-1374x7270
-----Original Message-----
From: Guy Evans [mailto:guye (at) microsoft (dot) com [email concealed]]
Sent: Wednesday, November 12, 2003 5:27 PM
To: thenile (at) ziplip (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: AD structure for a school environment
The forest is the true security boundary. If you require the highest
security model my suggestion would be to create 2 forests, 1 for
teachers, 1 for students. You can create transitive trusts between
forests and/or a trust firewall with 2003 AD. Take a look here for the
latest MS info:
------------------------------------------------------------------------
---
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
------------------------------------------------------------------------
---
your management to specifically define what you are trying to do. And to
support it through a written policy. Use the process of defining your
policies to educate, elucidate & elicit support for the project. There are
many ways to configure your environment. Some better than others. Some
equally good. But until you know exactly what you are trying to accomplish
you WILL miss an important design consideration(s). Believe me I have done
so before I learned policies are not just paper, they are the blue print
from which you proceed. And I would add they are your authority to say no to
bad ideas.
You have an opportunity to develop a system that is a pleasure to use, and
more importantly to you, maintain. Most of us rarely get the opportunity to
build a virgin system, you lucky dog you. We get legacy systems. Have fun
it's a great challenge.
Michael D. Lowe
Coordinator Computer Applications
Security/Network Administrator
Office of the University Registrar
PO Box 114000
mlowe (at) ufl (dot) edu [email concealed]
352-392-1374x7270
-----Original Message-----
From: Guy Evans [mailto:guye (at) microsoft (dot) com [email concealed]]
Sent: Wednesday, November 12, 2003 5:27 PM
To: thenile (at) ziplip (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: AD structure for a school environment
The forest is the true security boundary. If you require the highest
security model my suggestion would be to create 2 forests, 1 for
teachers, 1 for students. You can create transitive trusts between
forests and/or a trust firewall with 2003 AD. Take a look here for the
latest MS info:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/prodtech/win2003/w2003hg/sgch00.asp
Guy
------------------------------------------------------------------------
---
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
------------------------------------------------------------------------
---
[ reply ]