Use the domain to manage employee accounts for on-demand use

Source: Internet
Author: User

A large enterprise network should haveDomain Controller, Install in the Domain ControllerActivity directory, CreateDomainCan bring unexpected convenience to the company.

For various reasons, some people often use the company's network during non-work hours, or even remotely use the company's network over the Internet through control software. In this way, security risks are easily generated. So how can we restrict unauthorized use of the network? It's easy. We only need to upgrade the enterprise network to meet this requirement.

1. Upgrade the Enterprise Network

Do not misunderstand that the upgrade here is not a hardware upgrade, so the company does not need to invest any extra cost for this. Before upgrading, you need to check the company's network type. If it is already a domain activity directory environment, skip this step and look down. However, enterprise networks are generally built in a simple working group mode and need to be upgraded. Take Windows 2000/2003, the most common application of Enterprise Server, as an example to introduce how to upgrade to the domain controller.

Open the control panel, start the "configuration server" item in the "Administrative Tools" folder, click "Active Directory" on the left, and then click "start" on the right, in this way, the Active Directory operation wizard window is opened. Because we are using the domain for the first time, we should select the "Domain Controller of the new domain" item when prompted in the Wizard. We recommend that you use the default value for other purposes. You will be prompted to set the DNS domain name. You can enter the domain name here. If the enterprise has its own website, you can also set the domain name as the domain name 1 of the website ), at the end of the wizard, you will be prompted to install DNS. You must complete the installation as required. It takes a long time to generate a domain controller. You need to wait patiently.

2. Create a domain account

After the domain controller is created, we can create an employee domain account in the Active Directory. In the control panel, open the "Manage Users and computers in Active Directory" item, right-click Users, and choose "New"> "user, in the pop-up dialog box, enter the relevant information of the new user, as shown in figure 2 ).

After a new user is created, you must set the user to solve the security problem. In the Active Directory user and computer user list, find the created user, right-click it to open its Properties window, and switch to the "Account" tab, select "after this" in the "Account Expiration" time at the bottom of the window, and then set an expiration time, which is the expiration time of the employee employment contract, after this time, the employee's account will automatically expire. The administrator must re-open the permission to log on to the enterprise's domain network environment ).

If you want to be stricter, you can click the "Logon Time" button to set the allowed or denied logon time in the window that opens. The time set here should take into account the company's schedule figure 4 ).

3. user access to the domain

Now you only need to notify the user to add the computer to the domain. You can open the System Properties window, switch to the "computer name" tab, click the "change" button, set "affiliated" to "Domain", and enter the created domain name, click OK and enter the username and password with administrator permissions to add the computer to the domain.

After joining the domain, you will be prompted to restart. After the initial startup is successful, the user can log on to the system only after entering the domain account, and only in this way can the company's network be used, all the previously created local accounts will be invalid and cannot be logged on.

After such processing, as long as the Personnel Department cooperates with the IT department, an independent Account Logon Time and expiration time are set for the employee so that the account is automatically locked after the employee leaves work or leaves the employee, this prevents unauthorized theft of enterprise data.

Using the domain to manage employee accounts as needed can prevent employees from using the company's network during non-work hours and eliminate potential security risks for the enterprise.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.