Download Active Directory Domain Policy

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts

Computer security wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript 
Massey University Policy Guide
ACTIVE DIRECTORY DOMAIN POLICY
Section
Information Technology Services
Contact
Information Technology Services
Last Review
October 2010
Next Review
October 2012
Approval
VCEC 06/10/216
Purpose:
The purpose of this policy is to ensure that only properly registered and configured ICT equipment is able to join the
Massey University domain, to improve the detection of vulnerable equipment and to enhance the manageability and
security of Windows desktops and other devices connected to the University network.
Policy:
Staff have access to the internet to undertake research and collaboration with external organisations and their
peers.
All computers and mobility devices running a Microsoft Windows operating system or an operating system
that interoperates with a Windows domain and that are connecting to Massey‟s networks are required to join
the “Massey” Windows domain.
Native Windows authentication is used to control access to the University‟s ICT services - this authentication
is transparent to domain members who would otherwise be prompted for credentials when accessing services
like network drives and print queues.
University policies and other actions, with regard to security settings, patch levels or operating parameters,
will be applied and implemented on computers and mobility devices that have joined the domain.
Where computers and mobility devices are being used for teaching purposes and do not require access to
central resources such as file or print servers, email or internet access then an exemption to domain
membership must be sought through the ITS Associate Director (Infrastructure).
Exemptions to domain membership are conditional upon the department involved accepting responsibility for
maintaining adequate patching and virus protection levels, and may also be conditional upon the limiting of
network access to the non-domain computer equipment.
All computers and mobility devices that are members of the Massey Windows domain must have the „Domain
Admins‟ group as a member of the local Administrators group. When Windows computers join the domain this
group is automatically added; it must not be deleted subsequently.
Domain Admins group access is required to verify service pack and patch levels, virus definitions, software
versions and (where necessary) to purge or remove virus infections.
ITS will create an account in the Windows domain for computer equipment and mobility devices when these
are entered into the Network Administration System (NAS) database. When this equipment is configured to
join the domain it will then be associated with its pre-existing entry.
No Domain computer accounts will be created directly from client machines.
© This Policy is the property of Massey University
Massey University Policy Guide
Active Directory Domain Policy – Page 2
Definitions
Active Directory: Technology created by Microsoft to provide a variety of network services e.g. directory access
protocol, DNS-based naming and other network information; provides a central location for network administration and
delegation of authority and apply critical updates to an organisation. Microsoft‟s directory service is also used to
provide authentication and authorisation services.
Authentication: Verification of the identity of a user, device, or other entity in a computer system, often as a
prerequisite to allowing access to a system.
Authorisation: Approved user access to approved network systems.
ICT: Information and communications technology is an umbrella term used to cover all network, computing, software,
and telecommunications systems and resources, including storage and peripheral devices, whether used for
research, teaching or administration.
Infrastructure: The computer and communication hardware, software, databases, people, and policies supporting the
University‟s information management functions.
Mobility Device: A portable computing device, such as a Personal Digital Assistant (PDA), celphone, iPhone or
tablet, capable of accessing the University network.
Network Administration System (NAS): A database managed by ITS containing network user and equipment
details, and which is used to facilitate services such as Active Directory.
Windows Domain: A logical group of computers running Microsoft Windows that share the same Active Directory
service.
Audience:
All users of computers running a Microsoft Windows operating system, computers capable of interoperating with
Windows domains and mobility devices that are connecting to Massey University‟s network, including staff, students,
visitors, contractors and affiliates.
Relevant legislation:
Nil
Legal compliance:
Nil
Related procedures / documents:
Data Network Policy
Use and Access to Information Technology Systems
Wireless Network Policy
Policy on Staff Conduct
Code of Student Conduct
Contractors Policy
© This Policy is the property of Massey University
Massey University Policy Guide
Active Directory Domain Policy – Page 3
Document management control:
Prepared by: Chief Information Officer
Authorised by: AVC – Finance, IT, Strategy and Commercial
Approved by VC/VCEC -16 November 2005
Date issued: 1 June 2005
Last review: October 2010
Next review: October 2012
© This Policy is the property of Massey University
Related documents
Patriarchy
Patriarchy
Own a Business? Consider the Following
Own a Business? Consider the Following
Mitigating radiation damage (CTI) for weak lensing
Mitigating radiation damage (CTI) for weak lensing
Capital Development Post Completion Reviews
Capital Development Post Completion Reviews
Regulatory statistics and information
Regulatory statistics and information
Operating Systems (OS)
Operating Systems (OS)
“Living Your Best After Cancer: You and Your Primary Care Doctor
“Living Your Best After Cancer: You and Your Primary Care Doctor
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
Progetto JOIMAN - Erasmus Mundus
Progetto JOIMAN - Erasmus Mundus
Module 11: Configuring a Web Server
Module 11: Configuring a Web Server
Linux - the most important … Linux: SHELL ~$ command –options
Linux - the most important … Linux: SHELL ~$ command –options
Electric mobility in future energy systems
Electric mobility in future energy systems
Module 7 Active Directory and Account Management
Module 7 Active Directory and Account Management
Tutorial: Install and configure JDK (Java Development Kit) Step 1
Tutorial: Install and configure JDK (Java Development Kit) Step 1
Protocol Overview
Protocol Overview
Week 3 Chapter 04
Week 3 Chapter 04
H 10.3. File-System Interface
H 10.3. File-System Interface
Comparing Sun Solaris 7, Windows NT Server 4.0, and
Comparing Sun Solaris 7, Windows NT Server 4.0, and