when i 1st started we had admin and curr networks but we kinda merged into 1 last few years, i was thinking of splitting it again for security soon but after reading this i wont bother :-)
Printable View
when i 1st started we had admin and curr networks but we kinda merged into 1 last few years, i was thinking of splitting it again for security soon but after reading this i wont bother :-)
Sorry to do a Lazarus on this topic :bored:.. but I have a slight twist on the old scenario...
I have taken on board the curriculum side of things at all of my schools but when it comes to the admin side I'd prefer to be hands off as much as possible. My query at this point relates to one specific, quite large school where a server HD failure was made worse due to the lack of a system state backup and the fact that admin accounts relied in part on the curriculum domain.
Original plan was to create an admin specific domain and then possibly allow a one way trust relationship onto the curriculum network to allow printing, etc... but I'm realising from reviewing this and other topics that perhaps that's less ideal as well as somewhat redundant.
My concern is that I could end up in a blame game war if something should go wrong with the admin accounts so has anyone got any suggestions on how best to proceed?
So far I'm now thinking that perhaps the smartest move is to setup an OU for all admin account and a file server specifically for admin files. I can use the other servers to store SFG backups in encrypted form and intend to run a seperate backup tape system on the admin file server too... Beyond that, I'd get county IT to sort out the client machines with the relevant software, image them once they're done and then keep them for disaster recovery in case county don't.
Am I missing anything?
One School One Lan....
We merged 3 NT4 domain many years ago into one on server 2003 remember
Domains are no longer security boundaries in server 2003 but instead it is now the forest that is security boundary.
see bellow
Security boundary
A boundary that defines a container for which no administrator external to the container can take control away from administrators within the container. For example, a forest is a security boundary. No administrators from outside the forest can control access to information inside the forest unless first given permission to do so by the administrators within the forest. By contrast a domain is not a security boundary because within a forest it is not possible for administrators from one domain to prevent a malicious administrator from another domain from accessing data in their domain.
Erm... I did actually have a specific question here:
http://www.edugeek.net/forums/window...tml#post203140
I'm wondering if I should have just started a new topic and referred back to this if all I've done is recreate the same old arguement :tinfoil3: