MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298

G

Generate Security Audits right, 467

/generaterollback, 9394

geographical hierarchy, 162163, 189

GINA (graphical identification and authentication), 202

Global Catalog (GC) server, 491

Global groups

described, 516

function of, 491

nesting, 493, 494

in permission structure, 492, 498

global objects, 466

GPO. see Group Policy Objects

GPUpdate command, 9496

graphical identification and authentication, 202

Gravity Storm Software Service Pack Manager 2000, 216217

Group Policy

account security policies in, 463

applying security templates via, 133137

Audit policy creation with, 482

auditing settings in, 480481

client/server authentication settings, 6061

configuring Restricted groups in, 470471

deploying security settings with, 7680

for domains, 8082

group security with, 497

IPSec policies and, 342343

Kerberos policy creation in, 472474

for password policy design, 462

patch management and, 632

Recovery Console options, 611

setting permissions via, 458460

setting registry access permissions via, 546552

tunnels configured via, 260

for WLAN network infrastructure, 322326

Group Policy Editor snap-in, 310

Group Policy Management Console (GPMC), 9798

Group Policy Object Editor snap-in, 331334

Group Policy Objects (GPOs)

assigning IPSec policy and, 277278

assigning IPSec policy to, 285286

IPSec policy assignment and, 275

RSoP and, 9

AD configuration and, 675676

for administrator security, 197

for deployment of software updates, 213215, 232

OS access restriction and, 637638, 672, 676677

for patching IIS servers, 237

recovery agents and, 579

group policy settings, 802.1x, 331334

group scopes, 491

group strategy for accessing resources

group scopes, 491

important points about, 499

permission structure for data, 491495

uses for groups, 490

GROUP_MGMT, 89

groups

account vs. resource, 619

account, maintenance delegation, 529530

Administrative, 645646

combining/nesting, 493494

default for DNS RRs in Active Directory, 302303

default for DNS Server Service, 299

default in AD-Integrated zones, 300301

deleted, troubleshooting, 622

interactive, 512

local as resource groups, 519521

obsolete, LDAP query for, 526529

overview of, 515

privileges and, 622

resource, maintenance delegation, 529530

Restricted groups, 470472

security, 515516

groups, security

creation policy defining, 521522

Delegation of Control Wizard, 530534

described, 515

maintenance, delegating, 529

naming policy, defining, 522523

nesting policy, defining, 524525

request process, defining, 522

retirement policy, defining, 526529

described, 528