windows 2000 deployment conference

Windows 2000 Active Windows 2000 Active Directory Organizational Directory Organizational Unit and Group Policy Unit and Group Policy PlanningPlanning

Adam GordonAdam GordonMCS Senior ConsultantMCS Senior Consultant

Microsoft CorporationMicrosoft Corporation

Windows 2000 Deployment ConferenceWindows 2000 Deployment Conference


AgendaAgenda

OU conceptsOU concepts OU planning & design principlesOU planning & design principles OU for delegationOU for delegation OU for Group PolicyOU for Group Policy OU for publishing (and hiding) OU for publishing (and hiding)

directory objectsdirectory objects OU design exerciseOU design exercise


OU ConceptsOU Concepts


What Is an Organization Unit?What Is an Organization Unit?

A container inside a domainA container inside a domain The element of hierarchical structure The element of hierarchical structure

within the domainwithin the domainForest

Bioquest.com

sales.bioquest.comrsrch.bioquest.com

Maggipharm.com

dev.bioquest.com


OUs vs. DomainsOUs vs. Domains

OUs are easily changedOUs are easily changed Moved, renamed, deletedMoved, renamed, deleted

Within a domain, objects move easily Within a domain, objects move easily between Ousbetween Ous

Less impact on performanceLess impact on performance


Domains vs. OUsDomains vs. OUs

Replication BoundaryReplication Boundary Boundary for Security Polices and Boundary for Security Polices and

Domain AdministratorsDomain Administrators Rights intrinsic to Domain AdminsRights intrinsic to Domain Admins


OUs: What Are They Good ForOUs: What Are They Good For

Delegating AdministrationDelegating Administration Group PoliciesGroup Policies Organizing Published Objects in the Organizing Published Objects in the

directorydirectory


OU PlanningOU Planning

Create an OU plan for Create an OU plan for each domaineach domain

Forest planForest plan

Domain planDomain plan

OU planOU planOU planOU plan

Site topologySite topology


OU PlanningOU PlanningMethodologyMethodology

Forest planForest plan

Domain planDomain plan

OU planOU planOU planOU plan

Site topologySite topology

DelegateDelegateAdministrationAdministration

DelegateDelegateAdministrationAdministration

Apply GroupApply GroupPolicyPolicy

Apply GroupApply GroupPolicyPolicy

OrganizeOrganizeObjectsObjects

OrganizeOrganizeObjectsObjects


OU Design PrinciplesOU Design Principles

Keep it simpleKeep it simple Think supportabilityThink supportability Know your customer’s organizational Know your customer’s organizational

and political boundariesand political boundaries Detach the user from the workstationDetach the user from the workstation Abstract the service from the serverAbstract the service from the server


Current Environment AnalysisCurrent Environment Analysis

Logon ScriptsLogon Scripts ““Functional” Groups (ifmember)Functional” Groups (ifmember)

Current Administrative BoundariesCurrent Administrative Boundaries Current Domain InfrastructureCurrent Domain Infrastructure

User Domains and Resource Domains: User Domains and Resource Domains: why are they there?why are they there?

Users & WorkstationsUsers & Workstations Restricted Labs, Kiosks, Factory FloorsRestricted Labs, Kiosks, Factory Floors Elevated Special Apps and DevicesElevated Special Apps and Devices


OUs for DelegationOUs for Delegation


OUs for DelegationOUs for Delegation

You can assign permissions to You can assign permissions to directory objects on a per-attribute directory objects on a per-attribute basisbasis

Use OUs to “group” objects with Use OUs to “group” objects with similar needs for administrative controlsimilar needs for administrative control

Use Administrative Delegation to Use Administrative Delegation to reduce the number of Domain Adminsreduce the number of Domain Admins

Like NT 4 User and Resource Like NT 4 User and Resource Domains…only betterDomains…only better


Class-based DelegationClass-based Delegation

Delegate administrative control on a Delegate administrative control on a per-class basis for each OU:per-class basis for each OU: Users & GroupsUsers & Groups ComputersComputers

Note: Workstations and Member Servers are Note: Workstations and Member Servers are both “Computers”both “Computers”

Domain Controllers are a distinct class in their Domain Controllers are a distinct class in their own OUown OU

FoldersFolders PrintersPrinters


Attribute-based DelegationAttribute-based Delegation

You can also assign rights to specific You can also assign rights to specific attributes of an object classattributes of an object class Example: Telecom DepartmentExample: Telecom Department


CivilCivil ElectricalElectrical

OU Delegation IllustratedOU Delegation Illustrated

LawLawEngineeringEngineering MedicineMedicine(ENG Admins, Full Control)

aceace

aceace (EE Admins, FC/Groups)

aceace (EE Admins, FC/Computers)

domain.edudomain.edu


Delegation Made EasyDelegation Made Easy

Use the Delegation of Control WizardUse the Delegation of Control Wizard A demo…A demo…


Delegation Made HardDelegation Made Hard

Directly modify object ACLsDirectly modify object ACLs Object Access ControlObject Access Control

DirectoryObject

DirectoryObject

ACL

ACE

ACEs can apply to specific attributes

Go to chalk talk to discuss detailsGo to chalk talk to discuss details


OUs for Group PolicyOUs for Group Policy


OU PlanningOU PlanningApply Group PolicyApply Group Policy

Group policy is used to control Group policy is used to control desktop configurationsdesktop configurations Applied to Users and ComputersApplied to Users and Computers Associated with Sites, Domains, or Associated with Sites, Domains, or

Organizational UnitsOrganizational Units

Create OUs to apply unique policyCreate OUs to apply unique policy Filter application of policy using Filter application of policy using

access controlaccess control


User data User data managementmanagement

Software Software installation & installation & maintenancemaintenance

User settings User settings managementmanagement

Increased protection and availability Increased protection and availability of people’s dataof people’s data““My Documents follow me!”My Documents follow me!”

Increased availability of the Increased availability of the applications that people needapplications that people need““My Applications follow me!”My Applications follow me!”

Increased computer availabilityIncreased computer availability““My Personal Settings follow me!”My Personal Settings follow me!”In

telli

Mir

ror

Inte

lliM

irro

r

Remote OS Remote OS installationinstallation

Fast recovery, setup, Fast recovery, setup, (re)configuration of computer and (re)configuration of computer and operating systemoperating system

FeaturesFeatures BenefitsBenefits

Change And Configuration Change And Configuration ManagementManagement


User data User data managementmanagement

Software Software installation & installation & maintenancemaintenance

User settings User settings managementmanagementIn

telli

Mir

ror

Inte

lliM

irro

r

Remote OS Remote OS installationinstallation

FeaturesFeaturesActive Directory, Group Policy, Offline Active Directory, Group Policy, Offline Files, Synchronization Manager, Files, Synchronization Manager, Enhanced Shell Functionality, Disk Enhanced Shell Functionality, Disk QuotasQuotas

Active Directory, Group Policy, Windows Active Directory, Group Policy, Windows installer, Application Deployment Editor, installer, Application Deployment Editor, Add/Remove Programs, DfsAdd/Remove Programs, Dfs

Active Directory, Group Policy, Offline Active Directory, Group Policy, Offline Files, Roaming User Profiles, Enhanced Files, Roaming User Profiles, Enhanced Shell FunctionalityShell Functionality

Active Directory, Group Policy, Remote Active Directory, Group Policy, Remote install server, remote install capable install server, remote install capable workstation (NetPC, PC98, Boot Floppy)workstation (NetPC, PC98, Boot Floppy)

Technology usedTechnology used

Change And Configuration Change And Configuration ManagementManagement


User Document User Document Management Management

Software Software InstallationInstallation

User Settings User Settings ManagementManagement

Active Directory, Group Policy, Offline Active Directory, Group Policy, Offline Folders (CSC), Synchronization Folders (CSC), Synchronization Manager, Enhanced Shell Functionality, Manager, Enhanced Shell Functionality, Disk QuotasDisk Quotas

Active Directory, Group Policy, Windows Active Directory, Group Policy, Windows installer, Software installer snap-in, installer, Software installer snap-in, Add/Remove Programs, DfsAdd/Remove Programs, Dfs

Active Directory, Group Policy, Offline Active Directory, Group Policy, Offline Folders (CSC), Roaming User Profiles, Folders (CSC), Roaming User Profiles, Enhanced Shell FunctionalityEnhanced Shell Functionality

Inte

lliM

irro

rIn

tell

iMir

ror

Remote OS InstallationRemote OS InstallationActive Directory, Group Policy, Remote Active Directory, Group Policy, Remote install server, remote install capable install server, remote install capable workstation (NetPC, PC98, Boot Floppy)workstation (NetPC, PC98, Boot Floppy)

FeaturesFeatures Technology UsedTechnology Used

Group PolicyGroup Policy




Change And Configuration Change And Configuration ManagementManagementTechnologiesTechnologies

Group PolicyGroup PolicyThe BasicsThe Basics


Technology that enables you to Technology that enables you to specify requirements for your users’ specify requirements for your users’ environment and then rely on environment and then rely on Windows 2000 to continually enforce Windows 2000 to continually enforce themthem

What Is Group Policy?What Is Group Policy?


““Sales department will have Office Sales department will have Office 2000”2000”

““Disable logoff from Start Menu for Disable logoff from Start Menu for all Receptionist”all Receptionist”

““Audit all failed logon attempts for Audit all failed logon attempts for all Computers in the Atlanta area, in all Computers in the Atlanta area, in the Peachtree office”the Peachtree office”

What Is Group Policy?What Is Group Policy?


Group Policy Requires…Group Policy Requires… Windows 2000 Active DirectoryWindows 2000 Active Directory Windows 2000 Professional clientsWindows 2000 Professional clients No support for Windows NT 4.0 No support for Windows NT 4.0

or earlieror earlier No support for Windows 9x or No support for Windows 9x or

earlierearlier


What Can You Do With What Can You Do With Group Policy?Group Policy?AdministrativeAdministrativeTemplatesTemplates

SecuritySecurity

Software Software InstallationInstallation

ScriptsScripts

Folder Folder RedirectionRedirection

Registry-based policy settingsRegistry-based policy settings

Options for local, domain, and Options for local, domain, and network securitynetwork security

Central management of Central management of software installationsoftware installation

Startup, shutdown, logon, and Startup, shutdown, logon, and logoff scriptslogoff scripts

Store users’ folders on the networkStore users’ folders on the network


Where Does Group Where Does Group Policy Live?Policy Live?

Within group policy objects (GPOs)Within group policy objects (GPOs) Created within a domainCreated within a domain Linked to any number of sites, Linked to any number of sites,

domains, and organizational units domains, and organizational units (SDOUs)(SDOUs)

Multiple GPOs can be linked to a Multiple GPOs can be linked to a single SDOUsingle SDOU


ComputerComputer Starts Starts

User Logs OnUser Logs On

……and at periodic intervalsand at periodic intervals(more on this later)(more on this later)

When Does Group When Does Group Policy Get Applied?Policy Get Applied?

Applies Computer Applies Computer Settings from Settings from Group PoliciesGroup Policies

Startup Scripts RunStartup Scripts Run

Applies User Applies User Settings from Settings from Group PoliciesGroup Policies

Logon Scripts RunLogon Scripts Run


SiteSite

DomainDomain

OUOU

22

33

11

Where Does My Policy Where Does My Policy Come From?Come From?

Site, Domain, OU hierarchySite, Domain, OU hierarchy Policy is inheritedPolicy is inherited ““Closer” settings override Closer” settings override

farther” onesfarther” ones


SDOU OrderingSDOU OrderingGroup Policy and the Active Directory

Site

OU’s

Resources

Group PolicyObjects

A1

A2

A3

A5A4

Streetmarket.com

Domain

Accounts

DesktopsHeadquarters Marketing Servers

A6

Server OU GPOs applied = A3, A1, A2, A4, A6Marketing OU GPOs applied = A3, A1, A2, A5


Modifying InheritanceModifying Inheritance No OverrideNo Override prevents child containers from prevents child containers from

overriding policies set at higher levelsoverriding policies set at higher levels Block InheritanceBlock Inheritance prevents inheritance prevents inheritance

of all policies from parent containersof all policies from parent containers Highest Highest No OverrideNo Override takes precedence takes precedence

over lower over lower No OverridesNo Overrides No OverrideNo Override takes precedence takes precedence

over over Block InheritanceBlock Inheritance


What If An SDOU Is Linked What If An SDOU Is Linked To Multiple GPOs?To Multiple GPOs?

Higher GPOs Higher GPOs override lower override lower GPOsGPOs

GPOs are GPOs are processed in processed in the reverse the reverse order listed order listed on the tabon the tab


What If I Don’t Want Everyone InWhat If I Don’t Want Everyone InAn OU To Be Affected By A GPO?An OU To Be Affected By A GPO?

You You cannotcannot link a GPO to a security link a GPO to a security groupgroup

You can “filter” GPOs by changing the You can “filter” GPOs by changing the default permissions on the GPO, using default permissions on the GPO, using security groupssecurity groups

You need the Read You need the Read andand Apply Group Apply Group Policy ACEs to have a GPO applyPolicy ACEs to have a GPO apply

You need Read and Write in order to You need Read and Write in order to readread or modify a GPOor modify a GPO


Default GPO PermissionsDefault GPO Permissions Authenticated UsersAuthenticated Users

ReadRead Apply Group PolicyApply Group Policy

Local System, Domain Local System, Domain Admins, Enterprise Admins, Enterprise AdminsAdmins All permissionsAll permissions

except AGPexcept AGP

The MechanicsThe Mechanics


dsa - [Active Directory Users and Computers]dsa - [Active Directory Users and Computers]

CConsole onsole WWindow indow HHelpelp

AActive ctive VViewiew

Active DirectoryActive DirectorySamerica1.nwtra.Samerica1.nwtra.

BuiltinBuiltinComputersComputersDomain ContrDomain ContrOhioOhio

Delegate control…Delegate control…Add members to a GroupAdd members to a GroupMove...Move...Find….Find….

NewNewAll TasksAll TasksViewViewNew Window from HereNew Window from Here

DeleteDeleteRenameRenameRefreshRefreshExport List…Export List…

PropertiesProperties

HelpHelp

Delegate control…Delegate control…Add members to a GroupAdd members to a GroupMove...Move...Find….Find….

NewNewAll TasksAll TasksViewViewNew Window from HereNew Window from Here

DeleteDeleteRenameRenameRefreshRefreshExport List…Export List…

PropertiesProperties

HelpHelp

PropertiesPropertiesPropertiesProperties

NewNew

Creating A Domain Creating A Domain Or OU GPOOr OU GPO


Creating A Site GPOCreating A Site GPO Use Active Directory Sites Use Active Directory Sites

and Servicesand Services You must be a member of You must be a member of

Enterprise AdminsEnterprise Admins By default, a site GPO is stored By default, a site GPO is stored

in the enterprise root domainin the enterprise root domain This may be altered at creation This may be altered at creation

time, by changing the DC that time, by changing the DC that the ADS&S snap-in is using the ADS&S snap-in is using and then creating a new GPOand then creating a new GPO


Disabling A GPODisabling A GPO

You can disable a You can disable a GPO or just the GPO or just the User or Computer User or Computer Settings nodesSettings nodes


Deleting A GPODeleting A GPO ““Deleting” a GPO from an SDOU gives Deleting” a GPO from an SDOU gives

you a choice betweenyou a choice between Unlinking the GPO from the SDOUUnlinking the GPO from the SDOU Permanently deleting the GPOPermanently deleting the GPO


Group Policy Snap-InGroup Policy Snap-In

Registry-Based PoliciesRegistry-Based Policies


Registry-Based Policy UIRegistry-Based Policy UI


Registry-Based Registry-Based Policy SettingsPolicy Settings

ImplementImplementDo not implement,Do not implement,

removeremove

IgnoreIgnore


The Explain TabThe Explain Tab


Administrative TemplatesAdministrative Templates Framework for defining registry-based Framework for defining registry-based

policiespolicies Text file with .adm extensionText file with .adm extension Windows 2000 ships with system.adm Windows 2000 ships with system.adm

and inetres.admand inetres.adm

Other Policy TypesOther Policy Types


Startup/ShutdownStartup/Shutdown

UserUser

ComputerComputer

Logon/LogoffLogon/Logoff

ScriptsScripts

Logon/LogoffLogon/Logoff

Computer ConfigurationComputer Configuration

Startup/ShutdownStartup/Shutdown

User ConfigurationUser Configuration

Script SettingsScript Settings You can assign multiple scripts and set the You can assign multiple scripts and set the

processing orderprocessing order Default timeout is 10 minutesDefault timeout is 10 minutes

Computer Configuration\Administrative Computer Configuration\Administrative Templates\System\LogonTemplates\System\Logon

““Maximum wait time for Group Policy scripts”Maximum wait time for Group Policy scripts”


Security Policy SettingsSecurity Policy SettingsAccount Account PoliciesPolicies

Local Local PoliciesPolicies

Event LogEvent Log

Restricted Restricted GroupGroup

System System ServicesServices

Configure password, account, Configure password, account, and Kerberos policies (domain only)and Kerberos policies (domain only)

Configure auditing, user rights, Configure auditing, user rights, and security optionsand security options

Configure settings for application logs, system logs, and Configure settings for application logs, system logs, and security logssecurity logs

Configure group memberships for security sensitive Configure group memberships for security sensitive groupsgroups

Configure security and startup settings for services Configure security and startup settings for services running on a computerrunning on a computer

RegistryRegistry Configure security on registry keysConfigure security on registry keys

File SystemFile System Configure security on specific file pathsConfigure security on specific file paths

Public Key Public Key PoliciesPolicies

Configure encrypted data recovery agents, domain roots, Configure encrypted data recovery agents, domain roots, trusted certificate authoritiestrusted certificate authorities

IP Security IP Security PoliciesPolicies

Configure IP security on a networkConfigure IP security on a network


Software Installation Software Installation And MaintenanceAnd Maintenance

Publishing ApplicationsPublishing ApplicationsPublish applications that are not required Publish applications that are not required by users, but might be useful to themby users, but might be useful to them

Assigning Applications to ComputersAssigning Applications to ComputersAssign applications to computers if the applicationsAssign applications to computers if the applicationsare required by anyone using a specific computerare required by anyone using a specific computer

Assigning Applications to UsersAssigning Applications to UsersAssign applications to users if users needAssign applications to users if users needthose applications to do their jobthose applications to do their job


Folder Redirection SettingsFolder Redirection Settings You can redirectYou can redirect

Application DataApplication Data DesktopDesktop My DocumentsMy Documents My PicturesMy Pictures Start MenuStart Menu

……To reduce logon time To reduce logon time and increase availabilityand increase availability


Folder Redirection OptionsFolder Redirection Options For each folder, you can For each folder, you can

choose betweenchoose between No policyNo policy Basic, which redirects all Basic, which redirects all

users to the same placeusers to the same place Advanced, which allows you Advanced, which allows you

to specify different locations for to specify different locations for users based on security users based on security group membership group membership


Group Policy Best PracticesGroup Policy Best Practices Limit how often group policy is updated (to Limit how often group policy is updated (to

reduce replication)reduce replication) Limit the number of admins who can edit Limit the number of admins who can edit

GPOs (to reduce possibility of simultaneous GPOs (to reduce possibility of simultaneous editing)editing)

Limit inheritance modification, filtering, and Limit inheritance modification, filtering, and loopback (to simplify troubleshooting)loopback (to simplify troubleshooting)

Limit the number of GPOs that applyLimit the number of GPOs that apply to an SDOU (to improve logon performance) to an SDOU (to improve logon performance)

Test! (to reduce Help desk calls)Test! (to reduce Help desk calls) Use the Support ToolsUse the Support Tools


OUs for Organizing OUs for Organizing Directory ObjectsDirectory Objects


Published ObjectsPublished Objects

Shared FoldersShared Folders PrintersPrinters Users & GroupsUsers & Groups Application-SpecificApplication-Specific


Shared Folder ObjectsShared Folder Objects

A shared folder directory object A shared folder directory object abstracts a shared folder or Dfs abstracts a shared folder or Dfs volumevolume A UNC path points to the resourceA UNC path points to the resource

OU OU OU

OU

Domain


Printer ObjectsPrinter Objects

A printer directory object abstracts a A printer directory object abstracts a shared printershared printer The printer object attributes include:The printer object attributes include:

The printer’s UNC pathThe printer’s UNC path Printer model and capabilitiesPrinter model and capabilities

OU OU OU

Domain


Locating ResourcesLocating Resources Resources are located by searching Resources are located by searching

or walking the directoryor walking the directory A search of the entire directory sends A search of the entire directory sends

a LDAP query to the global cataloga LDAP query to the global catalog Use UI, ADSI or LDAPUse UI, ADSI or LDAP Search by:Search by:

NameName Class (e.g. Printer)Class (e.g. Printer) Attribute (e.g. location) Attribute (e.g. location)


Organize Objects into OUsOrganize Objects into OUs

May help users to find resourcesMay help users to find resources Avoid too much granularityAvoid too much granularity There are other ways…There are other ways…

Apply ACLs on OUs to collectively Apply ACLs on OUs to collectively apply apply visibilityvisibility to objects with the same to objects with the same visibility requirementsvisibility requirements Example: Chargeback PrintersExample: Chargeback Printers Note: ACLs on directory objects do not Note: ACLs on directory objects do not

equate to ACLs on their referenced equate to ACLs on their referenced resourcesresources


OU ReviewOU Review Use OUs for:Use OUs for:

Delegating AdministrationDelegating Administration Group PolicyGroup Policy Publishing, organizing and hiding Publishing, organizing and hiding

directory objectsdirectory objects

You can apply a variety of access You can apply a variety of access controls to OUs and the various controls to OUs and the various classes of objects thereinclasses of objects therein

OU hierarchies support inheritance and OU hierarchies support inheritance and filtering of inheritancefiltering of inheritance


OU Design PrinciplesOU Design Principles

Keep it simpleKeep it simple Think supportabilityThink supportability Know your customer’s organizational Know your customer’s organizational

and political boundariesand political boundaries Detach the user from the workstationDetach the user from the workstation Abstract the service from the serverAbstract the service from the server


And Some MoreAnd Some More Balance between the Enterprise and its Balance between the Enterprise and its

business units (division, departments, business units (division, departments, whatever)whatever)

Where possible, align administrative Where possible, align administrative delegation, group policies and resource delegation, group policies and resource publicationpublication If you can’t, consider parallel hierarchies (instead If you can’t, consider parallel hierarchies (instead

of OU spaghetti)of OU spaghetti)

Focus on reuse of GPOsFocus on reuse of GPOs Leverage those linksLeverage those links

The “Chutes and Ladders” School of Active The “Chutes and Ladders” School of Active Directory DesignDirectory Design


Keep in MindKeep in Mind

There’s no one right answer There’s no one right answer Understand the technologiesUnderstand the technologies Understand your administrative Understand your administrative

hierarchyhierarchy Create the simplest design possible that Create the simplest design possible that

meets your needsmeets your needs Think about future reorganizationThink about future reorganization Ask the question Ask the question

“How will I troubleshoot this?”“How will I troubleshoot this?” Document the design Document the design


Some Design ApproachesSome Design Approaches

Shallow and WideShallow and Wide DeepDeep

Advantage: Inheritance & FilteringAdvantage: Inheritance & Filtering Disadvantage: Inheritance & FilteringDisadvantage: Inheritance & Filtering

Parallel HierarchiesParallel Hierarchies Separate OUs for Users and Separate OUs for Users and

WorkstationsWorkstations


For More InformationFor More Information Introduction to Windows 2000 Group Policy Introduction to Windows 2000 Group Policy

http://www.microsoft.com/windows2000/library/howitworks/management/grouppolicyintro.asp

Group Policy ScenariosGroup Policy Scenarioshttp://www.microsoft.com/windows2000/library/howitworks/management/grouppolicy.asp

Group Policy Step-by-Step Group Policy Step-by-Step http://www.microsoft.com/windows2000/library/planning/management/groupsteps.asp


Breakout SessionsBreakout SessionsBest for Digital Best for Digital

BusinessBusinessEasier to Manage Easier to Manage

and Useand UseReliabilityReliability

101: Developing Scalable E-Commerce

Windows DNA Applications on Windows 2000

201: The Power of Pro 301: Namespace Planning for Windows 2000 Active Directory

102: Windows 2000 Reliability, Scalability

and Availability

202: Planning a Migration from Windows 9x/NTW 4.0 to Windows

2000 Pro

302: Windows 2000 Active Directory

Planning

103: Upgrading an E-Commerce Company to

Windows 2000

203: Strategies for Rapid Deployment of Windows

2000 Professional

303: Windows 2000 Active Directory

Organizational Unit and Group Policy Planning

104104: Thin Client : Thin Client Solutions using Solutions using

Windows 2000 Server Windows 2000 Server FamilyFamily

204204: Managing the : Managing the Desktop with Windows Desktop with Windows 2000 Active Directory 2000 Active Directory

and Group Policyand Group Policy

304304: Cluster in a Box : Cluster in a Box with Windows 2000 with Windows 2000 Advanced ServerAdvanced Server

WhereWhere dodoyouyouwantwant toto gogo today?today?


windows 2000 deployment conference

Documents

group objects

domain adminsous

windows nt

users environment

configuration managementchange

users groupscomputersnote

number of domain adminslike

customers organizational