A few days ago, a new server was configured as a file server to provide shared folder services for the network. This unit has more than 50 users. The server uses the Windows Server 2008 R2 operating system and is upgraded to Active Directory. A user name is created for each employee, on the server, in addition to creating a "shared folder" for each user to save personal data, a "public" shared folder is also created to save unit data, in addition, you have created several subdirectories in the public folder. With the user permission, you can set to only allow the specified user to upload and modify files.
At the beginning of planning, it is planned to add all computers in the organization to the domain, use the domain user to log on to the computer, and access the shared folder provided by the server. However, after configuring the server, when preparing to add the workstation to the domain, we found that most of the computers in the unit are Windows XP Home operating systems, cannot join the domain (Windows XP Professional can join the domain ). Although Windows XP Home can be upgraded to Windows XP Professional, and the original computer settings can be retained, but with the user to discuss the following points, the user has doubts:
(1) Windows XP Home is a computer OEM operating system. If you upgrade to Windows XP Professional, although there is no technical problem, however, this conflicts with the license for purchasing the software (this unit is a genuine operating system, including a server operating system ).
(2) Many users in the Organization are used to saving a large number of files on the desktop. After they are added to the domain, you also need to move the "desktop" data stored in the original "Local User" folder to the new "domain user" Desktop Folder. This part is simple, but for most users, still complex.
(3) After the domain is added, You need to modify the DNS. Although the access to the Internet is not affected, you are used to setting the Internet DNS.
Because of the above problems, and adding users only uses the "shared folder" provided by the server, it is not the most important to add the workstation to the domain. as long as each user remembers his/her username and password, the shared folder provided by the access server does not affect the usage. At this point, the problem is solved, but this leads to another problem: "How can these users modify their own domain user passwords on computers without a domain "? To solve this problem, I set up the following experiment environment and try to solve it. The experiment topology is very simple. One is Windows Server 2008 R2 (single Nic, single IP address) upgraded to Active Directory, and the other is Windows XP that is not added to the domain, as shown in Figure 1-1 of the network topology.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image002 "border =" 0 "alt =" clip_image002 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698828LqIj.jpg "Height =" 206 "/>
Figure 1-1 experiment environment
If you want to change the domain user password in a non-domain environment, you can think of the following methods:
(1) If there is an exchange server in the network, in Exchange OWA, there is an option to change the password through the web page. However, to deploy another exchange instance for such a network, the cost is high.
(2) create a website on the server, integrate it with Active Directory, and create a password modification script or webpage. But you need to understand
(2) Configure the server as a "single nic" VPN Server, not added to the computer in the domain, create a VPN link, dial to the VPN Server, the first time you log on to the VPN Server, change the user password.
(3) Enable "Remote Desktop" on the server so that you can use the "Remote Desktop Connection" program to connect to the server. During the first login, change the password.
The following two methods are described respectively.
1. Configure the VPN Server to change the password
In most cases, the VPN Server requires at least two NICs. In Windows server, you can configure a VPN Server for a single nic. in this section, you will configure a VPN Server for a single Nic to achieve a successful VPN dial-up connection, use the "user must change password upon next login" setting in the Active Directory account to change the password immediately after successful dialing, so that non-Domain Users can change the password. The following operations are configured on the Active Directory Server. The main steps are as follows.
(1) log on to the Active Directory Server as an administrator, execute "route and remote access" in "Administrative Tools", right-click "computer name ", select "configure and enable Routing and Remote Access" from the shortcut menu, as shown in figure 1-2.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image004 "border =" 0 "alt =" clip_image004 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698828IlaO.gif "Height =" 404 "/>
Figure 1-2 configure and enable Routing and Remote Access
(2) In the "configuration" dialog box, select "custom configuration", as shown in 1-3.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image006 "border =" 0 "alt =" clip_image006 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698829HJQf.gif "Height =" 436 "/>
Figure 1-3 custom configuration
(3) In the "custom configuration" dialog box, select "VPN access", as shown in figure 1-4.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image008 "border =" 0 "alt =" clip_image008 "src =" http://img1.51cto.com/attachment/201407/7/225186_14046988293Udo.gif "Height =" 436 "/>
Figure 1-4 select VPN access
(4) In the "complete Routing and Remote Access Server Installation Wizard" dialog box, click the "finish" button and click the "Start Service" button in the "Start Service" dialog box that appears, 1-5.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image010 "border =" 0 "alt =" clip_image010 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698829N094.gif "Height =" 436 "/>
Figure 1-5 start the service
After the above configuration, the VPN Server has been configured. In "Active Directory users and computers", create a user for each employee, allow users to dial in, and modify user attributes. The main steps are as follows.
(1) After creating a user, right-click the account and select "properties", as shown in figure 1-6.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image012 "border =" 0 "alt =" clip_image012 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698829HYiF.gif "Height =" 354 "/>
Figure 1-6 account attributes
(2) On the "dial in" tab, in the "Network Access Permissions" option group, select "Allow access", as shown in figure 1-7.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image014 "border =" 0 "alt =" clip_image014 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698830ZEgk.gif "Height =" 668 "/>
Figure 1-7 dial-in attributes
(3) On the "Account" tab, select "Change Password Upon next Logon" in "account options", as shown in figure 1-8, and click "OK.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image016 "border =" 0 "alt =" clip_image016 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698830Tm14.gif "Height =" 668 "/>
Figure 1-8 the user must change the password upon next login
2. Change the password using VPN on the client
On a client that has not been added to a domain, an employee creates a VPN dial-up connection, uses an account created by the Administrator, and uses the initial password to log on. After the logon is successful, the password change option is displayed, the main steps are as follows (taking Windows XP as an example ).
(1) Open "network connection" and double-click "New Connection Wizard", as shown in figure 1-9.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image018 "border =" 0 "alt =" clip_image018 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698830kysR.gif "Height =" 374 "/>
Figure 1-9 New Connection Wizard
(2) Select "network connected to my workplace" in "network connection type", as shown in figure 1-10.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image020 "border =" 0 "alt =" clip_image020 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698831EEyI.gif "Height =" 432 "/>
Figure 1-10 connecting to my workplace Network
(3) In the "Network Connection" dialog box, select "Virtual Private Network Connection", as shown in figure 1-11.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image022 "border =" 0 "alt =" clip_image022 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698831hevG.gif "Height =" 432 "/>
Figure 1-11 Virtual Private Network Connection
(4) In the "VPN Server Selection" dialog box, enter the Active Directory Server address (also the VPN Server address) in the network, as shown in the following example: 192.168.10.10, 1-12.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image024 "border =" 0 "alt =" clip_image024 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698831AiXO.gif "Height =" 432 "/>
Figure 1-12 specify the VPN Server address
(5) In the "Creating a connection in progress" dialog box, click the "finish" button, as shown in figure 1-13.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image026 "border =" 0 "alt =" clip_image026 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698831NvDC.gif "Height =" 432 "/>
Figure 1-13 VPN connection created
After creating a VPN connection, the "Connect xx" dialog box is displayed. Enter the user name and password (as shown in Figure 1-14). In this dialog box, the user name is the user name created by the Administrator for each employee, the password is the initial password (a unified initial password is created for each employee when the Administrator creates an account ).
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image028 "border =" 0 "alt =" clip_image028 "src =" http://img1.51cto.com/attachment/201407/7/225186_140469883298pS.gif "Height =" 600 "/>
Figure 1-14 enter the user name and password
The user name and password are verified on the VPN Server. After the user name and password are successfully verified, the "Change Password" dialog box is displayed, as shown in figure 1-15. In this dialog box, employees need to set a new password for their account, as shown in figure 1-15.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image030 "border =" 0 "alt =" clip_image030 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698832GWYN.gif "Height =" 144 "/>
Figure 1-15 Change Password
[Note] If the "Change Password Upon next login" button is not selected in account properties in Figure 1-8, the "Change Password" prompt is not displayed in Figure 1-15, the dial-up is successful.
After the dial-up is successful, right-click the computer icon in the lower-right corner, open the VPN status, click the "Disconnect" button, disconnect the connection to the VPN Server, and then change the password through VPN.
3. enable remote desktop for the server
In addition to configuring the VPN Server, you can also configure the "Remote Desktop". In Figure 1-8, you can set the "user must change the password upon next login" requirement, change the account password by changing the password of the First Login User. First, enable the Remote Desktop function on the server.
(1) Right-click "my computer" and select "properties", and select "remote settings" on the left, as shown in figure 1-16.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image032 "border =" 0 "alt =" clip_image032 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698832Igbd.gif "Height =" 317 "/>
Figure 1-16 remote settings
(2) In the "System Properties" dialog box, on the "remote" tab, select "allow computer connection to run any version of Remote Desktop" in the "Remote Desktop" option, as shown in figure 1-17.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image034 "border =" 0 "alt =" clip_image034 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698832dQ06.gif "Height =" 654 "/>
Figure 1-17 enable remote desktop
Other security attributes on the server do not need to be modified.
4. Use Remote Desktop Connection on the workstation
On the workstation end, you need to use "Remote Desktop Connection Client" to log on to the server to modify the initial password. The main steps are as follows.
(1) On the employee's computer, open the "run" dialog box, enter mstsc, and press the Enter key, as shown in figure 1-18.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image036 "border =" 0 "alt =" clip_image036 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698833uYWt.gif "Height =" 278 "/>
Figure 1-18 run
(2) enter the server address in the "computer" text box, as shown in 192.168.10.10, 1-19.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image038 "border =" 0 "alt =" clip_image038 "src =" http://img1.51cto.com/attachment/201407/7/225186_14046988338FP2.gif "Height =" 597 "/>
Figure 1-19 enter the server address
(3) After logging on to the Remote Desktop, select "other users", as shown in figure 1-20.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image040 "border =" 0 "alt =" clip_image040 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698833vLNd.gif "Height =" 444 "/>
Figure 1-20 other users
(4) enter the account created by the Administrator for the employee, enter the initial password, and press enter, as shown in figure 1-21.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image042 "border =" 0 "alt =" clip_image042 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698833tFPc.gif "Height =" 444 "/>
Figure 1-21 enter your account and password to log on
(5) After Successful Logon, the "user must Change Password Before first Logon" prompt will pop up. As shown in figure 1-22, click "OK.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image044 "border =" 0 "alt =" clip_image044 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698833a20S.gif "Height =" 444 "/>
Figure 1-22 the user must change the password before logging on to the console for the first time.
(6) then the dialog box for changing the password is displayed. The first line is the account, and the second line is the initial password (which has been entered by default). The employee needs to enter a new password in the third and fourth lines, then press enter, as shown in figure 1-23.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image046 "border =" 0 "alt =" clip_image046 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698834MixR.gif "Height =" 444 "/>
Figure 1-23 enter a new password
(7) the password has been modified, as shown in figure 1-24.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image048 "border =" 0 "alt =" clip_image048 "src =" http://img1.51cto.com/attachment/201407/7/225186_14046988349oEy.gif "Height =" 444 "/>
Figure 1-24 Password Changed
However, an error message will pop up later. You cannot log on to this computer, because in the domain controller policy, common domain users cannot log on to the server, as shown in figure 1-25, however, we have modified the user password. You can click "OK" or "x" in the upper right corner to close and exit the Remote Desktop Connection.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image050 "border =" 0 "alt =" clip_image050 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698834WJjU.gif "Height =" 444 "/>
Figure 1-25 users cannot log on
5. Change the password again
If the user forgets the password after changing the password, the administrator can "reset the password" for the user, set a simple password for the user again, or set it as a unified initial password, select the "Change Password Upon next login" option. The main steps are as follows.
(1) In "Active Directory users and computers", right-click the account you want to reset the password for, and select "Reset Password" from the shortcut menu, as shown in figure 1-26.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image052 "border =" 0 "alt =" clip_image052 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698834qHFS.gif "Height =" 270 "/>
Figure 1-26 reset the password
(2) In the pop-up "Reset Password" dialog box, set a new password for the user and select the "Change Password Upon next login" option, as shown in figure 1-27, this will reset the password for the user. One of the two methods described above is that the user can reset his or her password.
650) This. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-Right: 0px; border-top: 0px; border-Right: 0px; padding-top: 0px; "Title =" clip_image054 "border =" 0 "alt =" clip_image054 "src =" http://img1.51cto.com/attachment/201407/7/225186_1404698835QYkg.gif "Height =" 349 "/>
Figure 1-27 reset the password
This article from the "Wang chunhai blog" blog, please be sure to keep this source http://wangchunhai.blog.51cto.com/225186/1435204