Group Policy Software Deployments and GPOs, and Active Directory Maintenance and Disaster Recovery - Assignment Example

Technical Paper Project: Planning Group Policy Software deployments and GPOs, and Active Directory Maintenance and Disaster recovery Number Course Tutor Date Question 2 (a) Any software developer is aware of system development life cycle. The process whereby security measure is included in every phase of system development life cycle makes the whole development process holistic. It assists in ensuring that the cost that the company incurs is relatively low since the procedures that already exist in the company are utilized. The confidentiality of information There are four security features that can be integrated to ensure that there is effective risk management that is based on system development life cycle. These are independencies, deliverables, milestones and control gates. The four features ensures that there is integrated in every stage of SDLC. In addition, it serves a very crucial role in determining and providing security needs in the all the phases of SDLC. The embracement of security concerns and complete management is facilitated when there is a complete integration of security components in the SDLC phases. When data or information security is incorporated from the start of a system development, the business requirement is given enough time to develop so that the financial obligation of the project is met. This whole process makes sure that the adjustment can be made in the early stages such that the shortcomings that come with implementing the security at later stages come with for example the need to reconfigure that or make it to adhere to the custom conditions of an individual. If the is done in a very effective way, the cost of implementing a system is very low. Question 2 (b) There are six phases in software development life cycle. Each stage has some level of group policy that is incorporated to ensure maximum data and system security. The first SDLC is planning. During this phase, the user requirement of the system is defined. This involve both functional and non functional requirements, giving a detailed definition of the project scope, cost of the project and the constraints in terms of resources such as human factor and finance. In addition, there might be some changes that need to be made in the organization so that the project development moves on. This also has to be outlined. The security concern that is given emphasis is that concerning risk that can accrue and affect the business functionality of the system. An example is, is the economical risk that might accrue when an attacker cause denial of service by preventing the employees from using the system to carry out the business transaction. This can lead to lose of customers by the company The primary security tasks that can be incorporated in this level are ensuring that the confidentiality, integrity and availability of the company’s data and information is maximized. This can be ensured by using Microsoft group policy object to come up with groups of information that are supposed to be accessed by a particular group of people. This will make it easy to single out the person who has had an access to information at a particular time and also delegate the individual responsible for transfer, keeping and creation of information. The second phase of system development life cycle is analysis which entails collecting the system’s requirement. Examination of the business requirement is done so that the business activities are accomplished faster. This stage concentrates on the functional requirement of the in ensuring that all the system user requirements are attained The group policy that is implemented in this phase is provided after doing a detailed evaluation of the risk involved them assistance is provided to the previous policy measures. Examination of the requirement policy is done then a test of both functional and security features is conducted. This will give a basis for the creating a document that will be used to certify and accredit the system. However the to analyze a complex system requires that the different steps are integrated and repeated until a refined group policy is obtained (Seitsonen, 2008). The third phase of SDLC design. The basic activity that is carried out in this stage is building or rather constructing the system physically. The tools here are the operating system, hardware and programming to create a network configuration, building of the interface that will be used by the user of the system and putting in place the measures that will address the security issues. Basically, the role of this phase is to complete transformation of the system requirement that had been defined into groups of specified seta that are going to be the input of the next stage Since this phase entails training of the users, the group policy template components are used to identify and give allowance to different group of users to access some particular information using in the system. These group policies are configured in the Microsoft windows console on the active directory. The fourth phase is implementation where the system installation is done then an evaluation of how used by the users to achieve the intended purpose. The significant issues that need to be addressed as far as security is concern is scheduling and carrying out tasks to certify who the system has integrated into the environment using the test of the risk controls and lastly handling the tasks that are required so that the system is completely accredited. The fifth phase is support and maintenance. This is a phase where the system is already running and all that need to be done is check for sections that need changes and improvement. In terms of security, the issue need to be addressed is the issues that might be brought by employees trying to explore the system. Question 3 (a) Access policy management is an inbuilt feature of windows access control that help to enhance the control of access, assist in risk management and mechanisms for the same. To provide access to the 35 users, I will install group policy management console that contains remote server administration tool. The steps that I will carry out in giving access are I will go to the serve that is used to provide administration of the network computers then go to the menu for administrative tools. Include the domain that is needed to the group policy management console then open the domain link to give me the container for GPO. Since the software is already installed in the computer, will edit one of the existing group policy objects by opening the editor in group policy management (Sosinsky, 2009). This will give an option of opening the node that I used to configure or se the computer. Inside here I will open the link for configuring the windows and choose the link for setting the computer security. I will choose new software restriction policies by selecting it from the tree pane of the SRP. Next is to go for features that will enable me provide the settings in the setup pane. At this level it means that the settings that were done to the computers were to completely stop them from using the software. I will therefore set the enforcement to give permission to 35 administrators by specifying it in the enforcements settings. I will then enforce a harsh rule by locating the wanted software using for example specifying the file name and the exact location then include in the harsh rule Question 3 (b) When upgrading the software, I will expand the software that is used to install the group policy then there is a window showing the details from which I will select the package for the new window installer. From there, I will select properties where I will click the upgrade button. Since the package already existed, I will select from the list the package or the software that I am going to upgrade (Seitsonen, 2008). There is a dialog box that will instruct you to select a package from which I will choose a particular group policy object that I want to upgrade by browsing from a list that will be displayed. There is a collection of packages that will be shown in the category of the selected package. From this I will select the software that the user needs to be upgraded Then I will choose to upgrade the software over the existing version since I want to retain the applications that belong to the users and even the documents. Then I will sign in as one of the administrators who fall in that particular domain admin policy group so that I publish the upgraded software by assigning the users. Question 4 (a) The maintenance and monitoring procedures that can be used to manage the network before disaster strikes are maintaining the server, monitoring the network, offset disaster recovery service and strategic planning. Maintaining the server proactively is very important because it gives an organization a one hundred percent certainty to the network in terms of reliability. The maintenance process can be done automatically after a given period for example monthly. In addition some activities can be done real time to ensure that any risk is eliminated. This is a sample of ownership of that particular user in the active directory. The good thing with using window server 2003 and above, the process is able to automatically bring back the members that belong to that particular group. In addition there is also creation of files that are double which are used to help any necessary auxiliary modification. There is the first one which is in idf format and it is not available and has to be transferred from the recovery domain where the user belonged. The next is that one that is supposed to be used as text file. Another method is 24*7 server and network monitoring with the ability to detect and resolve any problem. This can be made sure by using a system that facilitates monitoring by evaluating the primary system components and their performance together with their sign in alerts. When there i9s a detection of a [problem that needs an attention, the team is informed and therefore can attend to it immediately, if the issue is more critical that it can be fatal to the organization, then some extra attention is established without altering the functioning of the system. go for features that will enable me provide the settings in the setup pane. At this level it means that the settings that were done to the computers were to completely stop them from using the software. I will therefore set the enforcement to give permission to 35 administrators by specifying it in the enforcements settings. Another procedure is where an automated backup service is installed so that the copy of the data is created offsite and stored in a data centre where there is total security surveillance. This can ensure that the data is saving from any possible risk that might come up. Installation is done then an evaluation of how used by the users to achieve the intended purpose. The significant issues that need to be addressed as far as security is concern is scheduling and carrying out tasks to certify who the system has integrated into the environment using the test of the risk controls and lastly handling the tasks that are required so that the system is completely accredited Another method is automatic management of network change and configuration. This is ensuring that the configuration setting of the network is perfect at any time. The setting should also be simplified such that a troubleshooting task is not complex. In addition there should be a configuration backup so that it can be used to manage the network. Another method is monitoring and troubleshooting the VoIP by checking it performance at a certain interval to ensure that the deployment process is good. Question 4 (b) The process of restoring a deleted file in windows 2008 is simplified in such a way that the procedures that are tedious in the previous versions of windows are eliminated. This is both in authoritative mode of restoration and handling the issue of the features that are missing. To use this method one should ensure that the all the domain controllers are in the scope of windows server 2008 forest such that the windows 2008 operating system is able to get access. An advantage of this method is the capability of making the whole process one way traffic whereby once the process is done, it can be reversed. By having in place a recycle pin for active directory, the whole process of deleting an object is changed by eliminating the features or the attributes that are the process can do without. The objects that are deleted are kept in recycle pin for the rest of the server’s life time so that any time that the user need he or she can get it. This process is equivalent to the status of pre-AD recycle bin delete. The object remains in that location until the lifetime expires that is where it will be restored using garbage collection mechanism (Sosinsky, 2009) To recover a container which has objects and sub-containers, the best method is authoritative restore though recycle bin is also able to perform it. For the s3econd case, the whole restoring procedure is initiated from the deleted hierarchy. There two options that can be used to recover an item that has been lost in the active directory. The first option is where the restoring process is done authoritatively from the backup that had been created. To carry out this process, you restart the domain controller that is in the restore state of directory service. Basically the state of the system is brought back to the previous state at which it was before the disaster strikes. To make sure that the item that had been lost regains the previous state, you need to make use of ntd.exe command-line properties to label the item that was restored. This will enable the restored item to have a structure resembling all the other domain controllers in that particular domain. Sometimes the restored object can have the features of back-link which needed to be ascertained for. To solve this issue, the associated forward-link must also be restored after authoritatively restoring the object of the user. This is a sample of ownership of that particular user in the active directory. The good thing with using window server 2003 and above, the process is able to automatically bring back the members that belong to that particular group. In addition there is also creation of files that are double which are used to help any necessary auxiliary modification. There is the first one which is in idf format and it is not available and has to be transferred from the recovery domain where the user belonged. The next is that one that is supposed to be used as text file. This is converted into the previous format by using the guideline that is provided in the active directory operation guide. Windows server backup is another new backup tool that has been introduced and uses snapshot service when doing a backup which is completed by creating a backup on a disk that is virtual. This mode is very efficient since it shrinks the data without altering it before it is stored. References Seitsonen, M. (2008). Inside Active Directory: A System Administrators Guide. Addison-Wesley Professional. Sosinsky, B. (2009). Microsoft Windows Server 2008: Implementation and Administration. John Wiley & Sons. Read More