Chapter 13. Managing Active Directory Security
BIG PROJECTS LIKE OUR WINDOWS SERVER 2003 deployment generally go through several stages that more or less follow a musical theme. First comes the "Itsy-Bitsy Spider" stage where lots of good ideas rise up and get washed away. Then comes the Benny Goodman stage where everyone starts to get in the swing of things. We have now arrived at the Jerry Lee Lewis stage where there's a whole lot of shakin' going on.
During this stage, we need to come to terms with the security challenges in the Active Directory so that we can prepare for the final, Led Zeppelin stage where we climb our stairway to heaven and actually begin operating the network. (If we don't do things right, of course, we go to the Grateful Dead stage.)
The information in this chapter covers the following topics:
Active Directory administration using permissions delegation.
Using groups to manage Active Directory permissions, including step-by-step description of cross-domain group interactions.
Secondary Logon Service (SLS) operation and how to use RunAs to avoid doing daily operations with your privileged administrator account.
How to use WMI to automatically notify you if an Active Directory event occurs.
You may find some of the information in this chapter to be similar to that in Chapter 11, "Understanding Network Access Security and Kerberos." This is because the same security subsystem underlies many different structural components, such as Active Directory.