Active Directory 2003 Time synchronization - Quick Notes

October 12, 2008 · Filed Under Active directory, Microsoft · Comment 

Whether it is your interview, office or meeting being on time is really important, for which almost all of us carry a watch and keep the watch in sync with a standard time source and when it comes to AD infrastructure it is equally important to maintain accurate time across your forest using windows time service and sync it with a standard time source which is the DC/PDF Emulator in an AD forest. 

  • A Time Service synchronization architecture:

The above diagram is a sample time synchronization architecture, the member server and workstation using type as NT5DS will sync to the domain controller and domain controller in-turn will use the PDF emulator. The PDF emulator uses one or multiple time server in LAN/DMZ and ultimately the external NTP time source for synchronizing time.

Below are some quick notes:

Read more

Tags:

HOW TO disable USB drives via group policy

October 8, 2008 · Filed Under Active directory, HOW TO, Microsoft · Comment 

Disabling the USB drives is a popular action taken by most of the critical organizations now a days considering daily new virus threats and to maintain organizational confidentialy. The end user use there USB drives, flash drives to copy data to and from the business PC and inturn effecting it with viruses or copy critical organization data.

In this articale we will see on how to disable USB drive via group policy in windows 2003 active directory, USB drives means STORAGE only and not USB port hence USB keyboards and mice will still work fine.

Since this is a special requirement you need to extend an existing group policy object by using custom administrative template file (.adm) and apply it to the respective OU containing the computer accounts.

follow the below steps:

Read more

Tags:

HOW TO delegate user to modify fax number & telephone number attributes in AD

September 24, 2008 · Filed Under Active directory, HOW TO, Microsoft, News, Operating Systems · Comment 

Most of the organizations delegates more permissions to users then required for his given job responsibility or task. You may see a very junior administrator or 10+ users in the enterprise/domain admins group. This is a serious security threat & adding an inexperienced administrator in the enterprise/domain administrators groups could be disastrous. Permission control should be treated as an initial step towards a healthier and optimized Active Directory and always remember to grant the right permission for the right person or task Below snapshots highlighting attributes ‘Fax number’ & ‘telephone number’ on which we will delegate a user to modify in active directory user properties for a given domain. Note: Delegation inheritance is per user based and is enabled by default; please verify this setting in case of issues. Firstly, is the permission for all the domain or specific OU? If it is for all users in the domain, right click on the root or on the OU and Select “delegate control “

Read more

Tags: