Establishing an OU Hierarchy for Managing and Securing Clients

Establishing an OU Hierarchy for Managing and Securing Clients

Base design on business and IT needs

Split hierarchySeparate user andcomputer OUs

Simplifies securitymanagement issues

Apply appropriatepolicy settings to each OU

Root Domain

Department OU

Domain Controller OU

Secured XP Users OU Windows XP OU

Desktop OU

Laptop OU

How to Apply Security Templates and How to Apply Security Templates and Administrative TemplatesAdministrative Templates

Root Domain

Department OU

Domain Controller OU

Secured XP Users OU

Windows XP OU

Desktop OU

Laptop OU

Enterprise ClientDomain.inf

Domain Policy

Secured XP Users Policy

Enterprise ClientDesktop.inf

Enterprise ClientLaptop.inf

Laptop Policy

Desktop Policy

How Software Restriction WorksHow Software Restriction Works

Define policy for domain using Group Policy Editor

Policy is downloaded by Group Policy to machine

Enforced by operating system when software is run

1

2

3

A Role-Based OU HierarchyA Role-Based OU Hierarchy

An OU hierarchy based An OU hierarchy based on server roleson server roles

Simplifies securitySimplifies securitymanagement issuesmanagement issues

Applies security policy Applies security policy settings to servers and settings to servers and other objects in each OUother objects in each OU

Domain Policy Domain

Domain Engineering

Member Server Baseline Policy

Member Servers

Domain Controllers

Domain Controller Policy

Print Server Policy

File Server Policy

IIS Server Policy

Print Servers

File Servers

Web Servers

Operations Admin

Operations Admin

Web Service Admin