Windows network services proposal

Protection from malicious threats such as viruses should also be a consideration. When Fixing Windows LLC (OW) acquires Media Guru, the two companies will need to share some information while some need to be protected by OW. Windows has introduced several features on its server and this paper aims to explore how OW can leverage some of these features to successful merge the two companies’ sites both efficiently and securely. Active Directory Infrastructure Windows Server 2016 comes with some new capabilities on the AD DS and AD FS that will allow simple and secure integration of the new domain into OW’s existing forest: i. Group Membership Expiry Notable feature for the 2016 windows server is the group membership expiration functionality. Still on security, the 201 server can still support restrictions on the applications that can be accessed, device among other variables.

The new security features ensures that new users can have just enough admission to conduct their operations while restricting their access to protected business secrets (Palmer, 2017). Implementing Forest Functional Levels (FFL) Since forest levels are not backward-compatible, the process of integrating OW’s new acquisition to the 2016 server might appear a challenge. Moreover, OW cannot lower their DC to accommodate Media Guru’s 2012 technology. Therefore, implementing functional levels would entail defining OW’s FFL which ensures that all DC’s operate at the specified FFL. ii. Verifying trusts Once trusts are created, the next step would be to verify the OW’s and Media Guru’s trusts using Active Directory Domains and Trusts snap-in. An effective tool to ensure successful verification would be the Netdom command-line tool (Palmer, 2017).

Figure 1. Illustration of Cross-Trusts between OW and Media Guru’s Websites. From “Rebel Admin,” by D. Francis, 2018, http://www. rebeladmin. com/2018/02/active-directory-replication-works/ Ideally, the bridgehead will function as the DC which manages the traffic moving between OW and Media Group. For example, when there is a change on the Media Guru’s site, the OW’s bridgehead server will request data from Media Guru’s bridgehead server in order to make the changes to its site. Another feature of the AD RMS is email restrictions which ensure that the administrator has control on whether emails can be forwarded, copied or even printed (Palmer, 2017). AD FS Given the need to have users to access information on a company’s site or even trusted partners, work efficiency might slow down specifically when there are multiple firewalls or restrictions.

Some services might even require creation of multiple accounts for the different environments that he user seeks to access. The AD FS cuts this process of multiple authentications by providing users with a single sign-on option that can allow them to use a single account to maneuver around a company’s site or across partner sites. Microsoft notes that administrators can create a solution to manage a federated identity that includes approval services, verification and distributed identification to applications that are hosted on the web both within and outside the company’s platform (Palmer, 2017). Additionally, OW can create separate forests for each department to minimize access to only the specific forest in the regional domain model. For instance, if the company would not want the company’s financials to be seen by the production staff, they can create a separate forest for the finance personnel and another for the production team besides the root forest (Palmer, 2017).

Also, there can be separate forests based on the regions which ensure that information from one region is private and cannot be accessed by users outside that region. The picture (Figure 3) below shows the regional model setup. Figure 1. FSMO describes 5 roles where two handle forest level applications and the rest handling domain-level. Schema master is the first role which handles changes on the domain controller and ensuring that they are replicated across other domain controllers (Krause, 2016). Domain naming master is the second and handles domain removal and addition. The third role is the infrastructure role which is applied when objects are cross-referenced and ensures that that the SID is updated based on data from the Global Catalog. The fourth role handles the relative ID which together with the SID constitutes an object’s security identifier.