[THIN] Re: attention active directory design gurus..again

• From: "Chris Lynch" <lynch00@xxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Tue, 16 Sep 2003 08:33:23 -0700

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Answers inline...

Chris 

- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Brian Lilley
Sent: Tuesday, September 16, 2003 6:57 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] attention active directory design gurus..again

What I know about AD design could be written on the back of a stamp...so
brace yourselves..

I am building a Citrix farm which will exist in its very own autonomous AD
forest which will be bolted next to a customers existing forest....don't
ask...its a long story..

The result is, that the users for this farm will come from a totally
seperate AD forest.

What would be the best AD design for this particular configuration...my
thoughts are :-

an overall OU called FARM1,
within the FARM1 OU, are additional OU's 1 for domain controllers, 1 for
Nfuse servers and 1 for the farm XPE servers

My questions are these

1. when the users enter the farm from an external forest, what group would
they come under? i.e.  where would I apply the AD GPO in order to restrict
them... I'm guessing that the GPO being applied to the XPe servers would
restrict these users?? 

A.  It all depends.  Do you have an External Trust established between the
domains?  If so, then you need to make sure that whatever Domain Global
Group they belong to in DOMAINA, the Global Group in DOMAINA belongs to a
Domain Global Group in DOMAINB that would filter the GPO and give access to
logon to the Citrix servers.  If not, then you would need to create separate
user accounts and add them to the appropriate groups.

2. what sort of GPO would I apply to the domain controllers?

A.  Leave the DC's in their default OU.  Then, modify the Default Domain
Controllers GPO to  what you want.

3. what sort of GPO would I apply to the nfuse servers?

A.  I would only create one that applies auditing.  You could even control
the NTFS/Registry security settings, but I would read up on a Windows 2000
Security book (either the one from MSPress or Global Knowledge).

I think I'd better read the AD book again...boohoohoo
(I would agree)




Brian Lilley
Systems Integration

m +44 (0)7929 002501  
t   +44 (0)1249 665421
e  brian.lilley@xxxxxxxxxxxxxx



**********************************************************************
The information contained in this e-mail message is intended only for the
individuals named above.  If you are not the intended recipient, you should
be aware that any dissemination, distribution, forwarding or other
duplication of this communication is strictly prohibited.  The views
expressed in this e-mail are those of the individual author and not
necessarily those of Vivista Limited.  
Prior to taking any action based upon this e-mail message you should seek
appropriate confirmation of its authenticity.
If you have received this e-mail in error, please immediately notify the
sender by using the e-mail reply facility.
**********************************************************************


_____________________________________________________________________

This message has been checked for all known viruses on behalf of Vivista by
MessageLabs. 

http://www.messagelabs.com or Email: mailsweeper.info@xxxxxxxxxxxxx

Vivista formerly Securicor Information Systems for further information
http://www.vivista.co.uk  

********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
http://thethin.net/citrixlist.cfm
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch

iQA/AwUBP2ctQm9fg+xq5T3MEQLh0gCfax5cMC25B2udHDpRhJLSjygve1EAoPie
LCBsF2Qjc7ugQ4BFMMyWc2u6
=LHPt
-----END PGP SIGNATURE-----


********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

• References:
  • [THIN] attention active directory design gurus..again
    • From: Brian Lilley

Other related posts:

• » [THIN] attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again
• » [THIN] Re: attention active directory design gurus..again

1. Home
2. thin
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---