Attached is the document, I already wrote,
Attached is the document, I already wrote, but it is picked up for
fraud. Please change the words around, so it is not picked up for fraud. I would like this paper to make sense, you may also change the design of images too.
Active Directory Policy StatementGeneralActive Directory Forest :Deployment of one Active Directory Forest will suffice for WWTC’s requirments.There are not requirements for data isolation within WWTC’s Active Directory configurationand any data separation can be performed using data isolation. A single-forest was chosenbecause it is very cost-effective and requires the least amount of administrative support. Forexample, with only one forest, the global catalog does not require synchronization acrossforests and management of a duplicate infrastructure is not required. An organizational forestmodel will be used with user accounts and resources contained in the forest and managedindependently. The forest will be used to provide service and data isolation. This has beenchosen insteady of other models where resources and users are isolated in separate forests.Active Directory Domain :WTC will use an Organizational Domain Forest to provide autonomous groups withinthe forest as required. The New York office will have a separate domain from the Hong Kongoffice since it will be largely autonomous. In addition, a separate domain can be created torestrict access to confidential data. Since WWTC will have few IT personnel to care for day-to-day IT support activities in New York, the following functions will be maintained by forest-level administration:Creating and removing domain controllersMonitoring the functioning of domain controllersManaging services that are running on domain controllersBacking up and restoring the directoryTwo domains will require that Group Policy settings as well as access control/auditing settings( required forest-wide) are implemented separately to each domain in theforest. This setup is considered a regional domain configuration and will reduce traffic overwide area network (WAN) links. While service administration will be carefully controlled atthe Hong Kong office, the following functions will be maintained within the New York office:Creating organizational units (OUs) and delegating administrationRepairing problems in the OU structure that OU owners do not have sufficientaccess rights to fixInstead of creating a separate forest root domain, the New York office function as theforest root domain. It will be a parent domain to the other offices. Service administratoraccounts will reside on the New York root domain while user accounts for each region willreside on the appropriate domain. For administration purposes, the branch offices willfunctions as child domains under the New York root domain. This configuration was chosenbecause it is much easier to manage than a configuration with a separate domain foradministrative accounts.Active Directory Naming Convention:
WWTC.org is the Active Directory namespace used by WWTC. It is a registered fullyqualified domain name for WWTC. WWTC will use the same internal and externalnamespace. WWTC.org will be used from inside and outside the organization without aseparate namespace for internal access to resources. This means that the tree name(WWTC.org) is consistent for the private and public (Internet) allowing users to logon withthe same credentials internally and externally. This requires a separate zone outside thefirewall to provide name resolution for public resources and does create security concerns toensure that clients accessing resources from outside the organization do not have access tointernal company resources. This also creates the requirement for maintaining the records onboth the internal and external DNS servers simultaneously. The attached illustration showsthis configuration.Application Services:Windows Server 2012 is installed on the network and the following Active Directory featureswill be implemented.Windows Deployment Services (WDS)will be implemented to allowsnetwork-based installation of Windows Operating Systems (OS) to reduce thecomplexity and cost of manual installation. This will require a WDS Server asa member of the Active Directory Domain Services (AD DS) domain. This alsorequires a Dynamic Host Configuration Protocol (DHCP) server with anactive scope sine PXE relies on DHCP for IP addressing.Smart Card Authenticationwill require valid user principal names (UPNs)since they are required fo smart card login. Since a certificate authority (CA)will issue the domain controller certificates, the root certificate will be addedto the Trusted Root Certification Authorities group policy in Active Directory.IP Address Management (IPAM)will be implemented to provide highlycustomizable administrative and monitoring capabilities for the IP addressinfrastructure. IPAM will be used to discover, utilize, monitor, audit, andmanage IP address space in the network. This requires an IPAM server thathas connectivity to existing DHCP, DNS, DC, and NPS servers in the ActiveDirectory forest. WDS services will be hosted on the same computer as DHCP.This requires that WDS is configured so that it doesn’t listen on Port 67 andDHCP option 60 will be used to notify a booting PXE client that there is alistening PXE server on the network. The server will also be configured torespond only to known client computers. This ensures that client computersare added to Active Directory before the image is deployed.File Classification Infrastructure (FCI)will be implemented to ensure thatautomatic classification is performed. The different classifications will be
Looking for a Similar Assignment? Order now and Get 10% Discount! Use Coupon Code "Newclient"
