20336A_03-Configuring Users and Rights
Transcript of 20336A_03-Configuring Users and Rights
![Page 1: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/1.jpg)
MVA Jump Start
Module 3
Configuring Users and Rights
![Page 2: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/2.jpg)
Module Overview
• Managing Lync Server 2013
• Introduction to Role Based Access Control (RBAC)
![Page 3: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/3.jpg)
Lesson 1: Managing Lync Server 2013
• Lync Server Control Panel
• Lync Server Management Shell
• Using PowerShell 3.0
![Page 4: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/4.jpg)
Lync Server Control Panel
![Page 5: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/5.jpg)
Lync Server Management Shell
Lync Server Management Shell
• Built on Microsoft Windows PowerShell™ 2.0
• Contains more than 550 product-specific cmdlets
Example cmdlet:
New-CsUserReplicatorConfiguration
![Page 6: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/6.jpg)
Using PowerShell 3.0
PowerShell syntax
Verb-dash-noun
Get-Help
Parameters
Limit scope of cmdlet
Get-Service –DisplayName Windows
Wildcards
* and ?
Get-Service -DisplayName windows*
![Page 7: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/7.jpg)
Lesson 2: Introduction to Role Based Access Control
• Overview of Role Based Access Control (RBAC)
• Predefined Role Based Access Control roles
• What’s new in Lync Server 2013 RBAC
![Page 8: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/8.jpg)
Overview of Role Based Access Control (RBAC)
• Role Based Access Control is a method of granting a specific group
of users the ability to execute specific management tasks
• Administrative privilege are granted by assigning users to
administrative roles
• Managed exclusively via PowerShell
• a role is enabled to use a list of cmdlets, designed to be useful for a
certain type of administrator or technician
• A scope is the set of objects which the cmdlets defined in a role can
operate on.
• The objects that scope affects can be either user accounts (grouped
by organizational unit) or servers (grouped by site).
![Page 9: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/9.jpg)
Predefined Role Based Access Control roles
Role Tasks allowed
CsAdministrator Can perform all administrative tasks and modify all settings, including creating roles and assigning users
to roles. Can expand a deployment by adding new sites, pools, and services.
CsUserAdministrator Can enable and disable users for Lync Server, move users and assign existing policies to users. Cannot
modify policies.
CsVoiceAdministrator Can create, configure, and manage voice-related settings and policies.
CsServerAdministrator Can manage, monitor, and troubleshoot servers and services. Can prevent new connections to servers,
stop and start services, and apply software updates. Cannot make changes with global configuration
impact.
CsViewOnlyAdministrator Can view the deployment, including user and server information, in order to monitor deployment health.
CsHelpDesk Can view the deployment, including user's properties and policies. Can run specific troubleshooting tasks.
Cannot change user properties or policies, server configuration, or services.
CsArchivingAdministrator Can modify archiving configuration and policies.
CsResponseGroupAdministrator Can manage the configuration of the Response Group application within a site.
CsLocationAdministrator Lowest level of rights for Enhanced 9-1-1 (E9-1-1) management, including creating E9-1-1 locations and
network identifiers, and associating these with each other. This role is always assigned with a global
scope.
CsResponseGroupManager Can manage specific response groups.
CsPersistentChatAdministrator Can manage the Persistent Chat feature and specific Persistent Chat rooms.
![Page 10: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/10.jpg)
Creating/Modify Custom RBAC roles
•A new custom role can be created using PowerShell cmdlets
•A predefined role can be used as a starting template
• To make a new role, you use the New-CsAdminRole cmdlet. Before
running New-CsAdminRole, you must first create the underlying
security group that will be associated with this role.
• You can modify the list of cmdlets and scripts that a role can run
![Page 11: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/11.jpg)
RBAC Scope
• Template – Use a predefined administrative template to create a
new CSAdminRole
•User Scope – Limit the scope of users that can be managed via
organizational unit
•ConfigScope – Limit the scope of servers that can be managed via
Lync “site”
•Cmdlets – Specific cmdlet(s) available to a user role
• ScriptModules – Ability to create and specify custom scripts
available to the user role (C:\Program Files\Common Files\Microsoft Lync Server
2013\AdminScripts)
![Page 12: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/12.jpg)
Custom RBAC Examples/Demo
•Create AD Universal Security Group named CsOnpremAdmin
•New-CsAdminRole -Identity “CsOnpremAdmin" -Template
"CsUserAdministrator" -UserScopes
"OU:ou=Accounts,DC=onprem,DC=local“
•Add User to Group
![Page 13: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/13.jpg)
What’s new in Lync Server 2013 RBAC
1. New custom role creation
2. New Predefined Roles:
• Response Group Manager role
• Persistent Chat Manager role
![Page 14: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/14.jpg)
Module Review and Takeaways
•Review Question(s)
•Real-world Issues and Scenarios
• Tools
![Page 15: 20336A_03-Configuring Users and Rights](https://reader036.fdocuments.net/reader036/viewer/2022062412/577cc9b61a28aba711a46896/html5/thumbnails/15.jpg)
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.