The second week is coming to a close. We have mostly fleshed out the organizational structure of the Nimbus Organization. The Call Center and Headquarters have been set up with their respective departmental subOUs.
Some specialized OUs such as the IT department subOU “ElevatedPrivs” were created in order to allow for more fine tuning of GPO accesses. Speaking of GPOs, we have set up a default GPO policy with highly restrictive accesses. By default, users are locked out of local hard drives and the command prompt, among other things. Certain OUs will unlock features as needed, such as a “Drive Access” OU which would allow certain users to get full local drive access once it is approved by the appropriate people.
We also worked with Kyle to get static IPs for all of the VMs. Due to the DHCP server changing the IPs for the machines, the “DNS” settings we put on the clients stopped working as they were no longer pointing to the IP address of the Cumulus server. Kyle also mentioned that he has figured out a way to grant us limited hypervisor access which would be extremely helpful; we’ve already lost several days of work because of the VMs not being accessible.
We expect to be focused on GPO configurations and testing for a few weeks – GPOs are the bread and butter of an Active Directory domain. They can make or break your setup. By focusing intently on the GPOs, we will create a robust and effective domain with users only getting access to exactly what they need.