RE: AD structure for a school environment
From: Sarbjit Singh Gill (ssgill_at_gilltechnologies.com)
Date: 11/16/03
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: New Microsoft Exchange Server Vulnerability"
- In reply to: thenile_at_ziplip.com: "AD structure for a school environment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <thenile@ziplip.com>, <focus-ms@securityfocus.com> Date: Sun, 16 Nov 2003 16:57:27 +0800
You may want to read this
:http://mcpmag.com/Features/article.asp?EditorialsID=380
It is about the moving of the entire Kentucky public school system to
Windows Server 2003. There are stuff on the Windows AD architecture used.
Cheers
Gill
-----Original Message-----
From: thenile@ziplip.com [mailto:thenile@ziplip.com]
Sent: Wednesday, November 12, 2003 12:55 PM
To: focus-ms@securityfocus.com
Subject: AD structure for a school environment
Hi,
We are a college with about 100 PCs for students and 100 staff PCs, with
couple of staff members in HR, couple in marketting .....
I am not sure what would be the best AD design to have taking into
consideration that some data (HR data,exams,student's marks) needs to be
secured and in no reach from the students.
We will be using Windows 2003 and Exchange 2003 and Cisco ACLs.
The current setup is pretty bad, the students are located on a different
vlan than the staff and there is a one way trust relationship between the
students and the staff domains. However, the students servers(PDC and
Exchange) have had dual NICs for years between the staff and the students
network which is
pretty insecure. The reason to have dual NICS was to provide the teachers
with access to the students home folders and to be able to share the GAL.
I am fairly new to NT/AD so I am not sure what the best design would be. I
had in mind isolating the servers on Vlan A, the staff on Vlan B and the
students on Vlan C but I am not sure what is a good AD structure for the
whole thing making it as secure as possible, removing the dual nics and
still be able to access the students home folders and share the GAL.
Having a different domain for students or having a different OU within the
same domain ....???
Any recommendations,links ... would be greatly appreciated.
Thank you,
Jad
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: New Microsoft Exchange Server Vulnerability"
- In reply to: thenile_at_ziplip.com: "AD structure for a school environment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
