Your company is asked to provide consulting, development, and integration services for a company named Contoso Research. As a part of this project you will implement Windows 2000. All client computers that currently run Windows will be upgraded to Windows 2000 Professional. Wherever possible, the Windows NT 4.0 domain controller environment will be fully upgraded to Windows 2000 Server.

Background:

Contoso Research is a military research company that operates from several locations in the United States.
Most of the company's business comes from contracts from the United States government and military.
Its headquarters and primary IT center is in Washington, D.C. The company is distributed as follows

Research facilities
Boston, Massachusetts
Denver, Colorado
San Diego, California
San Francisco, California
Seattle, Washington
St. Petersburg, Florida
St. Petersburg, Florida
Washington, D.C.

The Denver, San Diego, San Francisco, and Seattle facilities were originally a separate company named
Parnell Aerospace. These facilities became a part of Contoso Research when they were purchased in 1997.
These facilities still use the Parnell Aerospace name, and Parnell Aerospace still maintains its identity as a separate company. Contoso Research is likely to acquire another company in the near future.

Problem Statement:

Chief Executive Officer (CEO):

Because we are primarily a military research contractor working on a variety of classified projects, our primary concern is security. We purchased Parnell Aerospace in 1997, but in many respects it still operates as a separate company. We are attempting to eliminate duplicated work within the two companies as much as possible. We are also in the process of developing common operating practices.

For the purposes of shared research, we allow our government and military customers to access some of
our data.

When we bought Parnell Aerospace, we needed to restructure our entire network security structure. We need to be able to support our growth plans without needing to perform this type of restructuring again.

Chief Information Officer (CIO):

In some cases, to avoid the need to replace existing hardware, we will use other operating systems rather than Windows 2000.

Rather than build more than one directory service, we want an integrated directory service. To work toward accomplishing this goal, we will be migrating Microsoft Exchange Server 5.5 to Exchange 2000 Server.

All account administration currently needs to be performed from our IT centers. We want to remove
this limitation. We also want a security infrastructure that will not need to be restructured when the
accounts database reaches 40 MB.

Our current arrangement of trust relationships is cumbersome to manage. The current Windows NT 4.0
domain structure requires several domains for delegation of administration. We eventually want to have
a global IT facility that uses common software, standards, and procedures. This consolidation will
begin during the Windows 2000 upgrade, but we do not expect to complete it during the upgrade. We [Page]
want the IT facilities to be controlled from one location as necessary. However, we also want to be able
to delegate certain tasks without necessarily needing to create domains for them.

We are concerned that Microsoft Windows 95 and Windows 98 do not offer enough security at the
client computer level. We want to increase our control and continue to standardize our client computers
and applications in all departments.

We want to standardize our security and management environment throughout the company as much as
possible.

We must minimize the disruption caused by the Windows 2000 upgrade, and the upgrade must not
compromise our security.

History:

Contoso Research has a diverse server environment. The company uses mainframe, UNIX, Novell,
Macintosh, Banyan VINES, and Microsoft servers.

The current Windows NT 4.0 domain structure was configured in 1997, after the purchase of Parnell
Aerospace, in an attempt to try to integrate the IT structures of the two companies. The network based
on Windows NT 4.0 was configured as a coexisting server structure, and migration and interoperability
were gradually implemented. Since then, all service packs up to Service Pack 7 have been applied to
Windows NT 4.0. The goal of this migration is to finally remove all of the remaining Banyan VINES
and Novell server

从华盛顿D.C市到丹佛，波士顿，圣彼得斯堡，西雅图和圣地亚哥有1.544 Mbps的线路。
从旧金山到圣地亚哥，丹佛和西雅图， 有1.544 Mbps的线。
如果要更多的带宽的话，线路将会被升级。

每个地方都为了管理现在的UNIX环境，都有1台内部的DNS服务器。
现在的DNS不支持SRV记录，动态更新，Unicode特性或增量区域传输。
当前维持DNS服务器的职员同时管理UNIX环境和Windows NT服务器环境。
为Contoso Research Web站点和帕内尔航空和宇宙航行空间站点提供外部DNS系统的是第三方的Internet服务提供商的服务器。
为实现win2000而进行的对DNS的修改修改将基于目前的内部的DNS结构。


基础设施：

主IT中心位于华盛顿D.C市
另外， 在旧金山也有一个IT中心。
就很多方面而言，旧金山研究机构如同独立的商务单位那样运作。
自从1997年以来的，IT部门已经趋向于集中化管理结构。
全部账户管理都在华盛顿D.C市和旧金山中被实行。
全部windows 2000个操作主控都将留在他们的原来的地方。


必须得到IT部门技术支持的部门如下：

管理部
财政部
人力资源——如同单一的集团那样由我管理
厂方
公共宣传部
不动产部
信息技术(IT)
市场营销部
研究部
航空和宇宙航行空间部
生物学部
化学部
电子部
机械部

策略和应用说明在华盛顿D.C市和旧金山的IT中心。
这些两个地方也为每个部门提供电话技术支持。

另外，在每个地理学上的位置都有IT部门。
这些当地IT部门直接向全局技术支持中心报告。
在地方的办公室，IT职员依据部门和部门职责被分配。


安全：

当前，两个域的口令长度和复合状态，以及账户锁定有不同的安全策略。
在windows 2000升级工程被完成之后，这些策略将不被改变。
账户将在华盛顿D.C市和旧金山被建立。
设置口令和改变属性的权限将授予当地的IT部门管理员。
IT管理者通过把全局组加入本地组来赋予用户权限。

为了日常管理，有四个等级的管理员：

企业管理者将是一个小的集团，管理整个组织，最高水平的域。
域管理员对域有完全的权限。
枝管理员对其所在物理位置由管理的权限。
部门的管理者的权限根据他们本身的角色限于局部。资源域的部门和枝域的管理者对其相应的账户域没有权限。 [Page]

组策略的目的：

集组策略将尽量在华盛顿D.C市实现。
开始时，集团政策将被设计为对文件夹进行重定向，把登录上网时间减少到最小、定义登录上网脚本、设置安全，允许有安装软件的能力的用户安装特定的软件。