Considerations And Guidelines For Designing An Ou Infrastructure For Users

By Author: Jasmine
Total Articles: 286
Comment this article

Like computers, users also play roles on the network. If you have followed convention, the roles of your Vista certificate users are represented in Windows groups. Group Policy policies, however, do not apply to Windows groups but to OUs, and therefore to the user and computer accounts within the OUs.
When designing an OU infrastructure for users, the primary consideration is management of the accounts. To some, management of accounts simply means creation, deletion, user properties management, and group membership management. To others, management of accounts means these things as well as complete control over the user's ability to use the computer. Unlike server role management, management of user accounts can be a political issue as well as an ease-of-management issue. The design of OUs might be up to IT administration, but the authority for controlling what users do on the desktop might not be. Your OU design must accommodate the dual needs of delegating control over user accounts and locking down the desktop according to user role.
These two management issues can result in an OU structure in which 70-640 ...
... represent each user role; that are designed around geographic location, department, or functional area; or that simply collect user accounts into a few OUs for management pur?poses. Some OU infrastructures might be a combination of these designs. Figures 11-6 through 11-9 provide examples of such OU infrastructures. In any of these cases, all user accounts within the OU might need to have the same settings applied. It might also be that this is not so. If possible, you should place user accounts that play the same role in the same OU. However, if it is not possible to use OUs as user role containers—if, for example, users are placed in OUs by department you can filter the Group Policy policy by Windows group.
Marketing VP "We need to be sure that competitive data is not lost if the device is lost or stolen. We especially need to be sure that someone couldn't use the device to place orders or cancel them or reroute them. I read this article today about how corporate espionage is being carried out by stealing PDAs at the airport and then using the data on the Microsoft exam to construct customer lists and socially engineer the company's employees to give out sensitive information. We've got to watch out for that."