Lab Report
Experiment Name: domain management
Experiment Description: Install Active Directory, create domain, manage domain Users and groups, apply Domain Group Policy
Experimental topology: slightly
Experimental steps:
First, in the Windows Server2008 Install Active Directory upgrade domain controller, domain name tarena.com , the client joins the domain
1. Log in as Administrator administrator, modify TCP/IP settings
650) this.width=650; "title=" clip_image002 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image002 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260629orvm.jpg "" 408 "height=" 416 "/>
2, "Start"-"Run" Enter the dcpromo command to install the domain controller, patiently wait for the download of the secondary files to complete, and then automatically open the Installation Wizard, click Next
650) this.width=650; "title=" clip_image004 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image004 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260632xcop.jpg "" "height=" 435 "/>
3. Select New domain in New forest and click Next.
650) this.width=650; "title=" clip_image006 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image006 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260632f4wx.jpg "" 507 "height=" 445 "/>
4. Set the new domain name to tarena.com and click "Next".
650) this.width=650; "title=" clip_image008 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image008 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 140526063223c9.jpg "" 507 "height=" 444 "/>
5. Select forest functional level to accept the default values and click Next.
650) this.width=650; "title=" clip_image010 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image010 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260632jawy.jpg "" 508 "height=" 443 "/>
6. Select "Domain functional Level" and accept the default value, click "Next"
650) this.width=650; "title=" clip_image012 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image012 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260633dz9a.jpg "" 507 "height=" 444 "/>
7. Tick "DNS Server", click "Next", "Do you want to continue", and click "Yes".
650) this.width=650; "title=" clip_image014 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image014 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260633iure.jpg "" 509 "height=" 444 "/>
8. Set the location of the domain control files and click "Next"
650) this.width=650; "title=" clip_image016 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image016 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260633tn9k.jpg "" 510 "height=" 445 "/>
9. Set the administrator password to use in Directory Services Restore mode, click Next
650) this.width=650; "title=" clip_image018 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image018 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260634t9hp.jpg "" 508 "height=" 445 "/>
10. Confirm the installation selection and click "Next"
650) this.width=650; "title=" clip_image020 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image020 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260634yq7t.jpg "" 507 "height=" 444 "/>
11, tick "reboot after completion" (if not checked, you can restart manually).
650) this.width=650; "title=" clip_image022 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image022 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260634ygv6.jpg "" 441 "height=" 287 "/>
12, to restart the password reset, enter the system, confirm the installation results.
650) this.width=650; "title=" clip_image024 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image024 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260634gfza.jpg "" 630 "height=" 580 "/>
13, the administrator login Windows7 client, modify TCP/IP to join the new domain tarena.com
650) this.width=650; "title=" clip_image026 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image026 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260635oksi.jpg "" 414 "height=" 432 "/>
Enter the domain name and click OK
650) this.width=650; "title=" clip_image028 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image028 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260635myoy.jpg "" 340 "height=" 371 "/>
Authenticate with a domain user or domain administrator
650) this.width=650; "title=" clip_image030 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image030 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260635xde6.jpg "" 443 "height=" 262 "/>
Verify success will prompt "Welcome to tarena.com Domain"
Second, Group Policy settings under a domain environment
1. Open the Administrative Tools---Active directory Users and Computers---tarena.com----Right-click Users, tap New---user, enter the information, click Next
650) this.width=650; "title=" clip_image032 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image032 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260635erxm.jpg "" 443 "height=" 343 "/>
Set User password
650) this.width=650; "title=" clip_image034 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image034 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260635ndoh.jpg "" 446 "height=" 348 "/>
Create a new OU "Caiwu" in the Domain "tarena.com", create a new normal user Cai as an employee account under Caiwu, and the manager as the manager's account
2. Prohibit all users in the domain from modifying the desktop background
1) Open the Administrative Tools---Group Policy Management, right click on default Domain policy, select "Edit" to enter the Group Policy Management editor
650) this.width=650; "title=" clip_image036 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image036 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260635hebf.jpg "" 767 "height=" 538 "/>
User Configuration---Policies---Administrative templates---Control Panel---personalization, right-click Prevent changes to desktop background, clicking Edit
650) this.width=650; "title=" clip_image038 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image038 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260636kmrf.jpg "" 801 "height=" 544 "/>
Tick "enabled" and click "OK".
650) this.width=650; "title=" clip_image040 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image040 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260636jvqj.jpg "" 702 "height=" 535 "/>
2) Verify that the policy is working correctly. Log in Windows7 client with User1 user, right click on desktop Select "Personalization", found "desktop background" is gray, cannot be set, stating that Group Policy applied successfully
650) this.width=650; "title=" clip_image042 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image042 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260636hkgp.jpg "" 841 "height=" 597 "/>
3, on the basis of experiment 2 to achieve CAIWU OU users can modify the desktop background.
1) Open Group Policy Management, right-click on "Caiwu", create GPO
650) this.width=650; "title=" clip_image044 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image044 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260637fyw5.jpg "404" height= "/>"
Create a new GPO with the name "CAIWU1"
650) this.width=650; "title=" clip_image046 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image046 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 14052606378g2e.jpg "" 391 "height=" 165 "/>
Right-click Caiwu and select Block Inheritance
650) this.width=650; "title=" clip_image048 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image048 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260637zepw.jpg "" 419 "height=" 377 "/>
With user Cai login verification under Caiwu, you can change the desktop background and apply the policy successfully
650) this.width=650; "title=" clip_image050 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image050 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260637eg4w.jpg "" 277 "height=" 329 "/>
4, on the basis of experiment 3, on the default Domain policy configuration is enforced, users who implement CAIWU ou can not modify the desktop background
1) Right-click on DefaultDomain Policy and select "Force"
650) this.width=650; "title=" clip_image052 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image052 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260638iv0p.jpg "" 358 "height=" 514 "/>
Use Cai to log in to Windows7 client to verify successful policy application
650) this.width=650; "title=" clip_image054 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image054 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260638jvn0.jpg "" 375 "height="/>
5, on the basis of experiment 4 to remove the Caiwu ou block inheritance, the enforcement of the domain policy, and then caiwu the OU to create a new GPO, set the user to open the default home page of the browser is http://www.tarena.com
1) Right-click Caiwu OU, unblock inheritance, right-click DefaultDomain Policy to cancel "force"
2) Right-click the Caiwu OU to create a new GPO
650) this.width=650; "title=" clip_image056 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image056 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260638hwfl.jpg "" 396 "height=" 165 "/>
3) Right-click on "Default Home Page" and select "Edit" to enter the Group Policy Editor
User Configuration---Policies---windows settings---Internet Explorer Maintenance---Important URLs, setting up a custom home page
650) this.width=650; "title=" clip_image058 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image058 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 14052606382dwa.jpg "" 805 "height=" 552 "/>
4) Validation policy. User Cai login windows7, open IE browser, home page URL for http://www.tarena.com, policy application success
650) this.width=650; "title=" clip_image060 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image060 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260638xmth.jpg "" 603 "height="/>
6. Configure the Default domain policy on the basis of experiment 5 the default home page for users who open a browser is http://www.baidu.com.
1)
650) this.width=650; "title=" clip_image062 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image062 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260639xpih.jpg "" 804 "height=" 545 "/>
2) Open the default home page of the browser with user authentication for Caiwu ou, still http://www.tarena.com
650) this.width=650; "title=" clip_image064 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image064 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260639r6nl.jpg "" 570 "height="/>
7. Caiwu OU Manager users are not affected by the ban on modifying desktop background policies
1) Click "DefaultDomain Policy", select "delegation" on the Right tab, click "Advanced"
650) this.width=650; "title=" clip_image066 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image066 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260639ncgx.jpg "" 845 "height=" 537 "/>
2) Click "Add"
650) this.width=650; "title=" clip_image068 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image068 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260639ko9c.jpg "" 369 "height=" 418 "/>
3) Add "Manager" and click "OK"
650) this.width=650; "title=" clip_image070 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image070 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260640cuus.jpg "" 464 "height="/>
3) Select Manager permissions to reject the write, and deny Apply Group Policy, apply.
650) this.width=650; "title=" clip_image072 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image072 "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260670b4ob.jpg "" 477 "height=" 435 "/>
4) You can change the desktop background by logging in with Jingli at the client.
650) this.width=650; "title=" clip_image050[1] "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image050[1] "src=" http://img1.51cto.com/attachment/201407/13/6212447_ 1405260670jiry.jpg "" 277 "height=" 329 "/>