Windows Server 2012 Active Directory Basic Configuration and application (Novice tutorial) 1---Why do I need a domain?

Source: Internet
Author: User

Do the following first:

( 1 ) in the installed WIN In addition to the system disk C , create a new volume, for example E disk.

650) this.width=650; "Src=" Http:// -wmp_4-s_2569165829.jpg "title=" 1-1.jpg "alt=" Wkiom1glukks2l9zaabu8oaf30m276.jpg-wh_50 "/>

( 2 ) to create a shared folder (share and local permissions can be set temporarily to EVERYONE readable), named after your own name. When you're done , open a command prompt on WIN, and use the net share command to check if the shared resource appears.

650) this.width=650; "Src=" Http:// -wmp_4-s_2319014275.jpg "title=" 1-2.jpg "alt=" Wkiom1glupjjzffpaabvhfaeyms600.jpg-wh_50 "/>

( 3 Check to see if you have access to the shared folder above through another host. If you cannot access it, you will need to enable the guest account, and if you have access, open the shared folder on the client (the host where the visitor resides). And in the "Computer Management" window on WIN, view client's access situation.

650) this.width=650; "Src=" Http:// -wmp_4-s_363584387.jpg "title=" 1-3.jpg "alt=" Wkiol1glutiaupbxaabrjctajcw055.jpg-wh_50 "/>

( 4 ) . Disabled WIN of the Guest account to check if the shared folder you just opened will still be accessible;

650) this.width=650; "Src=" Http:// -wmp_4-s_3853373027.jpg "title=" 1-4.jpg "alt=" Wkiol1gluv3g_mzxaabxjpona2g089.jpg-wh_50 "/>

The four steps above illustrate the system's built-in account Guest whether the impact on network resource access is turned on. in practical applications, Guest The account is usually not open .

The following is an analysis of another situation ------ only the specified user can access a specific folder. (To see the results more clearly, rename the built-in Administrator account to the pinyin of your own name).

The administrator (the account named LJP tested in the following example) stores a shared folder on the server win 2012, and the limit can only be accessed by the administrator's own account LJP, and other user accounts cannot access the share.

( 1 ) Disable Guest account; Change the login name of the administrator account;

( 2 Deactivate the shared folder set in the first link above to prevent interference;

( 3 ) to re - WIN set up a folder under the non-system disk and store some test files in it, share the folder, and set the local and share permissions to only specify user-readable.

650) this.width=650; "Src=" Http:// -wmp_4-s_1896663371.jpg "title=" 1-5.jpg "alt=" Wkiom1glubnrd9h_aacfni97fok472.jpg-wh_50 "/>

650) this.width=650; "Src=" Http:// -wmp_4-s_907740489.jpg "title=" 1-6.jpg "alt=" Wkiom1gluemzizsyaab7tgjxohm210.jpg-wh_50 "/>

( 4 after the sharing setting is complete, the access test is performed from the client. From the test results, visitors need to know: the account name and password on the host where the shared folder resides !!!!

650) this.width=650; "Src=" Http:// -wmp_4-s_3964978574.jpg "title=" 1-7.jpg "alt=" Wkiol1glug3ztzp7aabfyryokdg605.jpg-wh_50 "/>

650) this.width=650; "Src=" Http:// -wmp_4-s_3013348927.jpg "title=" 1-8.jpg "alt=" Wkiom1gluisz0jimaabhmsx0hpm605.jpg-wh_50 "/>

( 5 ) in WIN The Computer Management window on the client side to view access. Note the account name displayed in the window is the one on which the host is owned.

650) this.width=650; "Src=" Http:// -wmp_4-s_2573999140.jpg "title=" 1-9.jpg "alt=" Wkiol1glukxsvgrgaabhwz6zkoa975.jpg-wh_50 "/>

When all of the above operations are complete, it concludes that no matter which host the user accesses from the target host (either locally or over the network), it must provide a legal basis (access to the account name and password information) .

In the example above, consider: if there are many servers on the network, and the resources on each server can only be accessed by a designated user, what is the problem for the manager as a network?

650) this.width=650; "Src=" Http:// -wmp_4-s_1659432341.jpg "title=" 1-10.jpg "alt=" Wkiol1glupervrc0aaaoqfdtzg8735.jpg-wh_50 "/>

the key to the above file access: Authentication!!! Why do I need to set up an account on every server? is because: Workgroup Network and domain network management difference!

  • The Working Group network realizes the decentralized management mode, each computer is independent, the user account and the privilege information is saved in the local machine , and with the help of the workgroup to share the information, the permission setting of sharing information is controlled by each computer. The list of workgroup machines that you can see in your network Places is through a broadcast query to browse the master server, provided by the browse master server.

  • the domain network implements the primary / from management mode, through a domain controller ( Domain Controller , abbreviated as DC ) to centrally manage user accounts and permissions within the domain , account information is kept within the domain controller, and the shared information is distributed across each computer, but access rights are managed uniformly by the controller.

This article from "Network Snail" blog, declined reprint!

Windows Server 2012 Active Directory Basic Configuration and application (Novice tutorial) 1---Why do I need a domain?

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.