This page intentionally left blank
FMTOC.indd Page i 12/16/10 3:01:10 PM f-392
/Users/f-392/Desktop/Nalini 23.9/ch05
Microsoft® Official Academic Course
Windows Server ® Administration Fundamentals, Exam 98-365
FMTOC.indd Page ii 1/15/11 4:59:51 PM users-133
/Users/users-133/Desktop/Ramakant_04.05.09/WB00113_R1:JWCL170/New
Credits EDITOR DIRECTOR OF SALES DIRECTOR OF MARKETING MICROSOFT SENIOR PRODUCT MANAGER EDITORIAL PROGRAM ASSISTANT CONTENT MANAGER SENIOR PRODUCTION EDITOR CREATIVE DIRECTOR COVER DESIGNER TECHNOLOGY AND MEDIA
Bryan Gambrel Mitchell Beaton Chris Ruel Merrick Van Dongen of Microsoft Learning Jennifer Lartz Micheline Frederick Kerry Weinstein Harry Nolan Jim O’Shea Tom Kulesa/Wendy Ashenberg
Cover photo: Credit: © Aimin Tang/iStockphoto This book was set in Garamond by Aptara, Inc. and printed and bound by Bind Rite Graphics. The cover was printed by Phoenix Color. Copyright © 2011 by John Wiley & Sons, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc. 222 Rosewood Drive, Danvers, MA 01923, website www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201)748-6011, fax (201)748-6008, website http://www.wiley.com/go/permissions. Microsoft, ActiveX, Excel, InfoPath, Microsoft Press, MSDN, OneNote, Outlook, PivotChart, PivotTable, PowerPoint, SharePoint, SQL Server, Visio, Visual Basic, Visual C#, Visual Studio, Windows, Windows 7, Windows Mobile, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/ or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. The book expresses the author’s views and opinions. The information contained in this book is provided without any express, statutory, or implied warranties. Neither the authors, John Wiley & Sons, Inc., Microsoft Corporation, nor their resellers or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book. ISBN 978-0-470-90182-3 Printed in the United States of America 10 9 8 7 6 5 4 3 2 1
www.wiley.com/college/microsoft or call the MOAC Toll-Free Number: 1+(888) 764-7001 (U.S. & Canada only)
FMTOC.indd Page iii 12/16/10 3:01:11 PM f-392
/Users/f-392/Desktop/Nalini 23.9/ch05
Foreword from the Publisher Wiley’s publishing vision for the Microsoft Official Academic Course series is to provide students and instructors with the skills and knowledge they need to use Microsoft technology effectively in all aspects of their personal and professional lives. Quality instruction is required to help both educators and students get the most from Microsoft’s software tools and to become more productive. Thus our mission is to make our instructional programs trusted educational companions for life. To accomplish this mission, Wiley and Microsoft have partnered to develop the highest quality educational programs for Information Workers, IT Professionals, and Developers. Materials created by this partnership carry the brand name “Microsoft Official Academic Course,” assuring instructors and students alike that the content of these textbooks is fully endorsed by Microsoft, and that they provide the highest quality information and instruction on Microsoft products. The Microsoft Official Academic Course textbooks are “Official” in still one more way—they are the officially sanctioned courseware for Microsoft IT Academy members. The Microsoft Official Academic Course series focuses on workforce development. These programs are aimed at those students seeking to enter the workforce, change jobs, or embark on new careers as information workers, IT professionals, and developers. Microsoft Official Academic Course programs address their needs by emphasizing authentic workplace scenarios with an abundance of projects, exercises, cases, and assessments. The Microsoft Official Academic Courses are mapped to Microsoft’s extensive research and job-task analysis, the same research and analysis used to create the Microsoft Technology Associate (MTA) and Microsoft Certified Information Technology Professional (MCITP) exams. The textbooks focus on real skills for real jobs. As students work through the projects and exercises in the textbooks they enhance their level of knowledge and their ability to apply the latest Microsoft technology to everyday tasks. These students also gain resume-building credentials that can assist them in finding a job, keeping their current job, or in furthering their education. The concept of life-long learning is today an utmost necessity. Job roles, and even whole job categories, are changing so quickly that none of us can stay competitive and productive without continuously updating our skills and capabilities. The Microsoft Official Academic Course offerings, and their focus on Microsoft certification exam preparation, provide a means for people to acquire and effectively update their skills and knowledge. Wiley supports students in this endeavor through the development and distribution of these courses as Microsoft’s official academic publisher. Today educational publishing requires attention to providing quality print and robust electronic content. By integrating Microsoft Official Academic Course products, WileyPLUS, and Microsoft certifications, we are better able to deliver efficient learning solutions for students and teachers alike. Bonnie Lieberman General Manager and Senior Vice President
www.wiley.com/college/microsoft or call the MOAC Toll-Free Number: 1+(888) 764-7001 (U.S. & Canada only)
| iii
FMTOC.indd Page iv 1/15/11 8:20:04 PM users-133
/Users/users-133/Desktop/Ramakant_04.05.09/WB00113_R1:JWCL170/New
Preface Welcome to the Microsoft Official Academic Course (MOAC) program for Windows Server Administration Fundamentals. MOAC represents the collaboration between Microsoft Learning and John Wiley & Sons, Inc. publishing company. Microsoft and Wiley teamed up to produce a series of textbooks that deliver compelling and innovative teaching solutions to instructors and superior learning experiences for students. Infused and informed by in-depth knowledge from the creators of Microsoft products, and crafted by a publisher known worldwide for the pedagogical quality of its products, these textbooks maximize skills transfer in minimum time. Students are challenged to reach their potential by using their new technical skills as highly productive members of the workforce. Because this knowledge base comes directly from Microsoft, creator of the Microsoft Certified IT Professional, Microsoft Certified Technology Specialist (MCTS), and Microsoft Certified Professional exams (www.microsoft.com/learning/certification), you are sure to receive the topical coverage that is most relevant to students’ personal and professional success. Microsoft’s direct participation not only assures you that MOAC textbook content is accurate and current; it also means that students will receive the best instruction possible to enable their success on certification exams and in the workplace. ■
The Microsoft Official Academic Course Program
The Microsoft Official Academic Course series is a complete program for instructors and institutions to prepare and deliver great courses on Microsoft software technologies. With MOAC, we recognize that, because of the rapid pace of change in the technology and curriculum developed by Microsoft, there is an ongoing set of needs beyond classroom instruction tools for an instructor to be ready to teach the course. The MOAC program endeavors to provide solutions for all these needs in a systematic manner in order to ensure a successful and rewarding course experience for both instructor and student—technical and curriculum training for instructor readiness with new software releases; the software itself for student use at home for building hands-on skills, assessment, and validation of skill development; and a great set of tools for delivering instruction in the classroom and lab. All are important to the smooth delivery of an interesting course on Microsoft software, and all are provided with the MOAC program. We think about the model below as a gauge for ensuring that we completely support you in your goal of teaching a great course. As you evaluate your instructional materials options, you may wish to use the model for comparison purposes with available products.
iv |
www.wiley.com/college/microsoft or call the MOAC Toll-Free Number: 1+(888) 764-7001 (U.S. & Canada only)
FMTOC.indd Page v 12/17/10 4:31:58 PM user-f391
/Users/user-f391/Desktop/24_09_10/JWCL339/New File
Illustrated Book Tour ■
Pedagogical Features
The MOAC textbook for Windows Server Administration Fundamentals is designed to cover all the learning objectives for that MTA exam 98-365, which is referred to as its “objective domain.” The Microsoft Technology Associate (MTA) exam objectives are highlighted throughout the textbook. Many pedagogical features have been developed specifically for Microsoft Official Academic Course programs. Presenting the extensive procedural information and technical concepts woven throughout the textbook raises challenges for the student and instructor alike. The Illustrated Book Tour that follows provides a guide to the rich features contributing to Microsoft Official Academic Course program’s pedagogical plan. Following is a list of key features in each lesson designed to prepare students for success as they continue in their IT education, on the certification exams, and in the workplace: • Each lesson begins with a Lesson Skill Matrix. More than a standard list of learning objectives, the Domain Matrix correlates each software skill covered in the lesson to the specific exam objective domain. • Concise and frequent Step-by-Step instructions teach students new features and provide an opportunity for hands-on practice. Numbered steps give detailed, step-by-step instructions to help students learn software skills. • Illustrations: Screen images provide visual feedback as students work through the exercises. The images reinforce key concepts, provide visual clues about the steps, and allow students to check their progress. • Key Terms: Important technical vocabulary is listed with definitions at the beginning of the lesson. When these terms are used later in the lesson, they appear in bold italic type and are defined. The Glossary contains all of the key terms and their definitions. • Engaging point-of-use Reader Aids, located throughout the lessons, tell students why this topic is relevant (The Bottom Line), provide students with helpful hints (Take Note). Reader Aids also provide additional relevant or background information that adds value to the lesson. • Certification Ready features throughout the text signal students where a specific certification objective is covered. They provide students with a chance to check their understanding of that particular MTA objective and, if necessary, review the section of the lesson where it is covered. MOAC offers complete preparation for MTA certification. • End-of-Lesson Questions: The Knowledge Assessment section provides a variety of multiple-choice, true-false, matching, and fill-in-the-blank questions. • End-of-Lesson Exercises: Competency Assessment case scenarios, Proficiency Assessment case scenarios, and Workplace Ready exercises are projects that test students' ability to apply what they've learned in the lesson.
www.wiley.com/college/microsoft or call the MOAC Toll-Free Number: 1+(888) 764-7001 (U.S. & Canada only)
| v
FMTOC.indd Page vi 12/16/10 6:06:32 PM f-392
/Users/f-392/Desktop/Nalini 23.9/ch05
vi | Illustrated Book Tour ■
Lesson Features
c02ManagingWindowsServer2008R2.i34 Page 34 12/10/10 5:41:23 PM user-f391
2
L ESSO N
/Users/user-f391/Desktop/24_09_10/JWCL339/New File
Managing Windows Server 2008 R2 Objective Domain Matrix
O B J E C T I V E D O M A I N M AT R I X SKILLS/CONCEPTS
MTA EXAM OBJECTIVE
MTA EXAM OBJECTIVE NUMBER
Managing Devices and Device Drivers
Understand device drivers.
1.1
Managing Services
Understand services.
1.2
Using the Control Panel
Understand remote access.
2.3
KEY TERMS Administrative Tools
registry
Computer Management console
Remote Assistance
Control Panel
Remote Desktop
device drivers
Remote Server Administration Tools
device manager
Server Management console
domain
secure desktop
Initial Configuration Tasks
services
Microsoft Management console (MMC)
signed drivers
Plug and Play (PnP)
workgroup
c02ManagingWindowsServer2008R2.i44 Page 44 12/10/10 5:41:43 PM user-f391
Key Terms
/Users/user-f391/Desktop/24_09_10/JWCL339/New File
44 | Lesson 2 3. Right-click the connection that you want to change, and then click Properties. 4. Under the Networking tab, click either Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6), and then click Properties.
To specify IPv4 IP address settings, do one of the following: • To obtain IP settings automatically from a DHCP server, click Obtain an IP address automatically, and then click OK. • To specify an IP address, click Use the following IP address, and then, in the IP address, Subnet mask, Default gateway, Preferred DNS server, and Alternate DNS server boxes, type the appropriate IP address settings. See Figure 2-10.
You just installed several computers for the Acme Corporation. Now, you have to get each server connected to the network and add each computer to the domain. You then need to install the network services that each server is going to host.
■
Figure 2-10
Performing Initial Configuration Tasks
THE BOTTOM LINE
Configuring IPv4
Because configuring Windows servers can be time consuming, Windows Server 2008 and Windows Server 2008 R2 include Initial Configuration Tasks that automatically launch when you first log on to Windows after an installation. With the Initial Configuration Tasks, you can activate Windows, set the time zone, configure networks, provide computer name and domain, update Windows, add roles and features, enable remote desktop, and configure the Windows Firewall.
34
c02ManagingWindowsServer2008R2.i35 Page 35 12/10/10 5:41:23 PM user-f391
/Users/user-f391/Desktop/24_09_10/JWCL339/New File
To specify IPv6 IP address settings, do one of the following:
Managing Windows Server 2008 R2 | 35
• To obtain IP settings automatically, click Obtain an IPv6 address automatically, and then click OK. • To specify an IP address, click Use the following IPv6 address, and then, in the IPv6 address, Subnet prefix length, and Default gateway boxes, type the IP address settings. See Figure 2-11.
Although Initial Configuration Tasks can be accessed within the Control Panel, because it launches automatically it acts as a reminder and a quick method to access key options so that you can quickly get your Windows server up and running with minimal effort. See Figure 2-1. The Initial Configuration Tasks will appear every time you log on until you select “Do not show this window at logon” at the bottom of the window.
Figure 2-11 Configuring IPv6
Figure 2-1 Initial Configuration Tasks
Screen Images
X
REF
For more information about IP Configuration, see Appendix B Understanding TCP/IP.
X Ref Reader Aid ■
Using the Control Panel THE BOTTOM LINE
As with previous versions of Windows, the main graphical utility to configure the Windows environment and hardware devices is the Control Panel.
You can also display the Control Panel in any Windows Explorer view by clicking the leftmost option button in the Address bar and selecting Control Panel. To access the Control Panel, you can click the Start button on the taskbar and select Control Panel. See Figure 2-2. Of the eight categories that are listed, each category includes a top-level link, and under this link are several of the most frequently performed tasks for the category. Clicking a category link provides a list of utilities in that category. Each utility listed within a category includes a link to open the utility, and under this link are several of the most frequently performed tasks for the utility.
The Bottom Line Reader Aid
www.wiley.com/college/microsoft or call the MOAC Toll-Free Number: 1+(888) 764-7001 (U.S. & Canada only)
FMTOC.indd Page vii 12/16/10 3:01:22 PM f-392
/Users/f-392/Desktop/Nalini 23.9/ch05
Illustrated Book Tour | vii c07PopularWindowsNetworkServices206 Page 206 12/14/10 6:06:15 PM users-133
/Users/users-133/Desktop/Ramakant_04.05.09/WB00113_R1:JWCL170/New
206 | Lesson 7 3. Under Create virtual network, select the type of network you want to create. 4. Click Add. The New Virtual Network page appears. 5. Type a name for the new network. Review the other properties and modify them if necessary. 6. Click OK to save the virtual network and close Virtual Network Manager, or click Apply to save the virtual network and continue using Virtual Network Manager.
MODIFY A VIRTUAL NETWORK GET READY. To modify a virtual network: 1. Open Hyper-V Manager. 2. From the Actions menu, click Virtual Network Manager. 3. Under Virtual Networks, click the name of the network you want to modify. 4. Under Virtual Network Properties, edit the appropriate properties to modify the virtual network. 5. Click OK to save the changes and close Virtual Network Manager, or click Apply to save the changes and continue using Virtual Network Manager.
REMOVE A VIRTUAL NETWORK GET READY. To remove a virtual network: 1. Open Hyper-V Manager. 2. From the Actions menu, click Virtual Network Manager. 3. Under Virtual Networks, click the name of the network you want to remove. 4. Under Virtual Network Properties, click Remove. 5. Click OK to save the changes and close Virtual Network Manager, or click Apply to save the changes and continue using Virtual Network Manager.
ADD A NETWORK ADAPTER GET READY. To add a network adapter: 1. Open Hyper-V Manager. Click Start, point to Administrative Tools, and click Hyper-V Manager. 2. In the results pane under Virtual Machines, select the virtual machine that you want to configure.
Easy-to-Read Tables
3. In the Action pane under the virtual machine name, click Settings. 4. In the navigation pane, click Add Hardware.
✚
MORE INFORMATION For more information about Hyper-V, visit the following Web site: http://technet.microsoft. com/en-us/virtualization/ default.aspx
5. On the Add Hardware page, choose a network adapter or a legacy network adapter. 6. Click Add. The Network Adapter or Legacy Network Adapter page appears. 7. Under Network, select the virtual network you want to connect to. 8. If you want to configure a static MAC address or virtual LAN identifier, specify the numbers you want to use. 9. Click OK.
Certification Ready Alert
c02ManagingWindowsServer2008R2.i41 Page 41 12/10/10 5:41:36 PM user-f391
c02ManagingWindowsServer2008R2.i38 Page 38 12/10/10 5:41:31 PM user-f391
More Information Reader Aid
38 | Lesson 2 Table 2-1 UAC Settings
S ETTING
D ESCRIPTION
S ECURITY I MPACT
Always notify
You will be notified before programs make changes to your computer or to Windows settings that require the permission of an administrator. When you’re notified, your desktop will be dimmed, and you must either approve or deny the request in the UAC dialog box before you can do anything else on your computer. The dimming of your desktop is referred to as the secure desktop because other programs can’t run while it’s dimmed.
This is the most secure setting.
Notify me only when programs try to make changes to my computer
You will be notified before programs make changes to your computer that require the permission of an administrator. You will not be notified if you try to make changes to Windows settings that require the permission of an administrator. You will be notified if a program outside of Windows tries to make changes to a Windows setting.
It’s usually safe to allow changes to be made to Windows settings without you being notified. However, certain programs that come with Windows can have commands or data passed to them, and malicious software can take advantage of this by using these programs to install files or change settings on your computer. You should always be careful about which programs you allow to run on your computer.
Notify me only when programs try to make changes to my computer (do not dim my desktop)
You will be notified before programs make changes to your computer that require the permission of an administrator. You will not be notified if you try to make changes to Windows settings that require the permission of an administrator.
This setting is the same as “Notify only when programs try to make changes to my computer,” but you are not notified on the secure desktop. Because the UAC dialog box isn’t on the secure desktop with this setting, other programs might be able to interfere with the dialog’s visual appearance. This is a small security risk if you already have a malicious program running on your computer.
/Users/user-f391/Desktop/24_09_10/JWCL339/New File
Managing Windows Server 2008 R2 | 41 CERTIFICATION READY How do you manage a server from your desk? 2.3
Configuring Remote Settings As with most enterprise versions of Windows including Windows Server 2008 and Windows Server 2008 R2, you can remotely connect to a server using Remote Assistance and Remote Desktop. With Remote Assistance and Remote Desktop, you can access a computer running Windows with another computer that is connected to the same network or over the Internet just as if you were sitting in front of the server. You will be able to use your mouse and keyboard to access the desktop, taskbar, and Start menu. You will be able to run programs and access all of the configuration tools. Remote Assistance is designed for support personnel to connect to an active login session to assist or troubleshoot a problem. Unlike Remote Desktop, Remote Assistance allows the user to interact with the current session including seeing the same computer screen. If you decide to share control of your computer with your remote user, you both will be able to control the mouse cursor. To keep the system secure and to make sure you want the option available, you must first install Remote Assistant as a feature. It must also be enabled in the Remote tab of the System properties dialog box. Next, you will have to invite the person using email or an instant message. You can also reuse an invitation that you sent before. After the person accepts the invitation, a two-way encrypted connection will be created. To start a Remote Assistance session and to create an invitation, open the Start Menu, click All Programs, Select Maintenance, and click Windows Remote Assistance. See Figure 2-7.
Windows Remote Assistance
TAKE NOTE
You will be notified if a program outside of Windows tries to make changes to a Windows setting. Never notify
You will not be notified before any changes are made to your computer. If you are logged on as an administrator, programs can make changes to your computer without you knowing about it. If you are logged on as a standard user, any changes that require the permission of an administrator will automatically be denied. If you select this setting, you will need to restart the computer to complete the process of turning off UAC. Once UAC is off, people that log on as administrator will always have the permission of an administrator.
Figure 2-7
*
/Users/user-f391/Desktop/24_09_10/JWCL339/New File
When you are notified, you should carefully read the contents of each dialog box before allowing changes to be made to your computer.
This is the least secure setting. When you set UAC to never notify, you open up your computer to potential security risks. If you set UAC to never notify, you should be careful about which programs you run, because they will have the same access to the computer as you do. This includes reading and making changes to protected system areas, your personal data, saved files, and anything else stored on the computer. Programs will also be able to communicate and transfer information to and from anything that your computer connects with, including the Internet.
Before you can use Remote Assistance with Windows Server 2008 R2, you must first install the Remote Assistance feature. TAKE NOTE
*
Before you can use Remote Desktop, you must first enable it using System Properties. In addition, by default, administrators and users are members of the Remote Desktop users group and have access to Remote Desktop.
Remote Desktop allows a user running the Remote Desktop program to access a server remotely. By default, Windows Server 2008 R2 supports two remote desktop connections (three if you also count the console mode, which is the active connection as if you were actually sitting in front of the server keyboard and monitor). Unlike Remote Assistance, Remote Desktop is installed but must be enabled before you connect to the server. To enable Remote Desktop, open the System Properties and select one of the following settings: • Allow connections from computer running any version of Remote Desktop (less secure). • Allow connections running Remote Desktop with Network Level Authentication (more secure).
Take Note Reader Aid www.wiley.com/college/microsoft or call the MOAC Toll-Free Number: 1+(888) 764-7001 (U.S. & Canada only)
FMTOC.indd Page viii 12/16/10 3:01:28 PM f-392
/Users/f-392/Desktop/Nalini 23.9/ch05
viii | Illustrated Book Tour c06FileandPrintServices.indd Page 179 12/14/10 3:59:16 PM user-s146
/Users/user-s146/Desktop/Merry_X-Mas/New
File and Print Services | 179 Table 6-6 (continued )
WARNING Enabling auditing of successful events can affect server performance, in particular for busy folders.
E VENT
E XPLANATION
Privilege use
Determines whether to audit each instance of a user exercising a user right.
Process tracking
Determines whether the OS audits process-related events such as process creation, process termination, handle duplication, and indirect object access. This is usually used for troubleshooting.
System
Determines whether the OS audits if the system time is changed, if the system is started or shut down, if there is an attempt to load extensible authentication components, if there is a loss of auditing events due to auditing system failure, and if the security log is exceeding a configurable warning threshold level.
Auditing NTFS files, NTFS folders, and printers is a two-step process. You must first enable Object Access using Group Policy. Then you must specify which objects you want to audit.
Warning Reader Aid
AUDIT FILES AND FOLDERS GET READY. To audit files and folders, perform these steps: 1. Open Windows Explorer. 2. Right-click the file or folder that you want to audit, click Properties, and then click the Security tab. 3. Click Edit, and then click Advanced. 4. In the Advanced Security Settings for
dialog box, click the Auditing tab. 5. Click the Edit button. 6. Do one of the following: •[email protected] . /NewName: Then restart the computer. To join a domain, use the following command: netdom join /domain: /userd: /passwordd:* You are prompted for the admin password. Next, restart the computer. If you need to add a domain user account to the local Administrators group, type the following command: netlocalgroup administrators /add \<UserName> Setting up IP configuration is a little bit more complicated because it is done at the command prompt. To view the IP configuration, you can execute the following command: ipconfig /all To view your interfaces, execute the following command: netsh interface ipv4 show interfaces When you view the output of the netsh command, you need to note of the number shown in the Idx column for your network adapter. To set a static IP address and default gateway, you would use the following command: netsh interface ipv4 set address name=“” source=static address=<StaticIP> mask=<SubnetMask> gateway= To set the static DNS address, use the following command: netsh interface ipv4 add dnsserver name= address= index=1 For each DNS server that you want to set, increment the index = number each time. Therefore, the first DNS server, index number would be 1. For the second DNS server, index number would be 2. To change a server to the DHCP-provided IP address from a static IP address, use the following command: netsh interface ipv4 set address name=“” source=dhcp where ID is the number of the network adapter.[email protected] ). Last, a global catalog is needed for universal group membership caching. In a forest that has more than one domain, and in sites that have domain users but no global catalog server, universal group membership caching can be used to enable caching of logon credentials so that the global catalog does not have to be contacted for subsequent user logons. This feature eliminates the need to retrieve universal group memberships across a WAN link from a global catalog server in a different site. Besides having a global catalog in each geographical site, it is a best practice to enable universal group membership caching in each geographic site. dialog box, click the Auditing tab. 5. Click the Edit button. 6. Do one of the following: • To set up auditing for a new user or group, click Add. In Enter the object name to select, type the name of the user or group that you want, and then click OK. See Figure 6-13. 
