WWTC Active Directory Design
WWTC office at New York is largely autonomous and few IT personnel to take care of day-to-day IT support activities such as password resets troubleshoot virus problems. You are concerned about sensitive data store in this location. You want to deploy a highly developed OU structure to implement security policies uniformly through GPO automatically at all domains, OU, and workstations.
At this location Windows Server 2012 R2 is required providing the following 10 AD features:
1. Use BitLocker encryption technology for devices (server and Work station) disc space and volume.
2. Enables a BitLocker system on a wired network to automatically unlock the system volume during boot (on capable Windows Server 2012 R2 networks), reducing internal help desk call volumes for lost PINs.
3. Create group policies settings to enforce that either Used Disk Space Only or Full Encryption is used when BitLocker is enabled on a drive.
4. Enable BranchCache in Windows Server 2012 for substantial performance, manageability, scalability, and availability improvements
5. Implement Cache Encryption to store encrypted data by default. This allows you to ensure data security without using drive encryption technologies.
6. Implement Failover cluster services
7. Implement File classification infrastructure feature to provide automatic classification process.
8. IP Address Management (IPAM) is an entirely new feature in Windows Server 2012 that provides highly customizable administrative and monitoring capabilities for the IP address infrastructure on a corporate network.
9. Smart cards and their associated personal identification numbers (PINs) are an increasingly popular, reliable, and cost-effective form of two-factor authentication. With the right controls in place, a user must have the smart card and know the PIN to gain access to network resources.
10. Implement Windows Deployment Services to enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a network-based installation.
Other AD Deliverables:
- Create Active directory infrastructure to include recommended features
- Create OU level for users and devices in their respective OU
- Create Global, Universal, Local group. Each global group will contain all users in the corresponding department. Membership in the universal group is restrictive and membership can be assigned on the basis of least privileged principle. (For design purpose, you can assume that WTC as a Single Forest with multiple domains).
· Create appropriate GPO and GPO policies and determine where they will be applied.
Rubic :Exceptional clarity of thought. Shows understanding of
all major points. Reasonable hypothesis or targeted
questions; conclusions supportable by data; creativity; some
graphic representation of data or concepts.