Use group policies and ISA to control client behavior instances

This document describes how to useGroup PolicyRestrict client behavior to reduce the possibility of virus propagation. The specific content is as follows.

Requirements of branch GM: reduce virus opportunities, strengthen client management, and enhance Internet management.

Current status:

1. All clients are Windows2000

2. OneServerFor Windows2000

3. This is an office in a remote area. Without ITSupport, the IT skills of employees are not strong and the personnel are chaotic.

4. All clients have installed personal anti-virus software

5. access the Internet through the ADSL route

Requirement Analysis:

According to the current network and system conditions, although the personal anti-virus software has been installed, the anti-virus effect is not obvious. Viruses are always first issued and then created. At the same time, because there is no ITSupport and too many people are involved, the chance to infect and spread computer viruses increases.

The client and server are already windows. You can use group policies to restrict client behavior and reduce the possibility of virus propagation.

The Internet access method is a routing method, which is not conducive to Internet management.

Suggestion:

1. Use the current Windows2000 Server to create a Domain

2. Change the current direct access from a route to a proxy

3. purchase servers and install ISA for Internet management

4. Restrict the client to run programs

5. Restrict members of the Local Administrators Group

6. Restrict accessible websites and servers

7. Port and Protocol restricting users' access to the Internet

8. * For email filtering, consider using the ISA FeaturePack.

9. * is Internet Access Management restricted to the user level?

Procedure:

1. Issue the client user questionnaire form, the daily use software questionnaire form, and the daily access website questionnaire form.

2. Estimate the operation time

3. estimate the number of personnel to be matched

4. After upgrading windows to DC, the host is upgraded to DC)

5. Create a New OU, create two security groups: _ MW_Manager and _ MW_Opt, and add department managers and operators to different groups respectively.

6. Create related policies on OU to restrict the client to run programs

7. install Windows2000 on the newly purchased server, set ISA to Array + integration mode, and install RASPPPOE.

8. Configure the ISA policy to allow the license agreement and website

9. Route the ADSL Network and configure PPPOE dialing on the ISA Server.

10. Configure new group policies and distribute ISA clients

11. Restart the client to make FirewallClient take effect.

12. Configure IPPacketFilter so that the ISA Server can access the Internet.

Components missing after installation completion:

1. Some of the current client network addresses are allocated by DHCP in the previous ADSL route, and some are static IP addresses;

2. The current client cannot correctly resolve the DNS name;

For the incorrect part:

1. Create a DHCP service on the DC and configure the region at the same time.

2. Check the DNS server on the original DC and find that the Root server cannot be accessed correctly. Therefore, install and configure the second DNS server on the ISA Server to replace the previous DNS server. Modify the DNS configuration in the DHCP scope option ISA)

Strange:

1. You cannot restart the ISA Service if you keep working on the Internet. This is not available elsewhere)

2. Why does the ISA Server fail to be accessed from a network neighbor? Virus ?)

Strange 2: virus causes IPC $ to be unavailable, find CSDNFAQ, http://community.csdn.net/Expert/FAQ/FAQ_Index.asp? Id = 195978 solve the problem.

Strange 1: The problem disappears after the configuration of ADSL disconnection automatic redial.

Summary:

1. Due to no on-site investigation, an IP address configuration error occurs in the plan. Or it is a major mistake to forget to investigate the client status;

2. Strengthen Supervision on remote clients; otherwise, the probability of virus infection and transmission is very high;

3. If you have done so much, you will not feel it. If you have killed and killed more, you will be numb. I don't know how they gritted their teeth.

It is hoped that the examples of the clever use of group policy and ISA to control client behavior described in this article will be helpful to readers.