Windows Server2008 域的管理

最後更新：2014-07-14 來源：互聯網

上載者：User

創建阿里雲帳戶，並獲得超過 40 款產品的免費試用版；而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊！

標籤：windows 實驗報告 blank center target

實驗報告

實驗名稱：域的管理

實驗描述：安裝活動目錄，建立域，管理域使用者和組，域組策略的應用

實驗拓撲：略

實驗步驟：

一、在Windows Server2008安裝活動目錄升級網域控制器，網域名稱tarena.com，用戶端加入域

1、以管理員Administrator登入，修改TCP/IP設定

650) this.width=650;" title="clip_image002" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image002" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260629oRvm.jpg" "408" height="416" />

2、 “開始”—“運行”輸入dcpromo命令安裝網域控制站，耐心等待二級制檔案的下載完成，然後自動開啟安裝嚮導，單擊“下一步”

650) this.width=650;" title="clip_image004" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image004" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260632XcOP.jpg" "500" height="435" />

3、選擇“在新林中建立域”，單擊“下一步”。

650) this.width=650;" title="clip_image006" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image006" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260632F4wx.jpg" "507" height="445" />

4、設定新網域名稱為tarena.com，單擊“下一步”。

650) this.width=650;" title="clip_image008" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image008" src="http://img1.51cto.com/attachment/201407/13/6212447_140526063223c9.jpg" "507" height="444" />

5、選擇“林功能層級”，可接受預設值，單擊“下一步”。

650) this.width=650;" title="clip_image010" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image010" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260632jaWy.jpg" "508" height="443" />

6、選擇“域功能層級”，也接受預設值，單擊“下一步”

650) this.width=650;" title="clip_image012" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image012" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260633DZ9a.jpg" "507" height="444" />

7、勾選“DNS伺服器”，單擊“下一步”，出現“是否要繼續”，單擊“是”。

650) this.width=650;" title="clip_image014" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image014" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260633IUre.jpg" "509" height="444" />

8、設定域控制相關檔案的存放位置，單擊“下一步”

650) this.width=650;" title="clip_image016" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image016" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260633Tn9k.jpg" "510" height="445" />

9、設定用在目錄服務還原模式的管理員密碼，單擊“下一步”

650) this.width=650;" title="clip_image018" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image018" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260634t9hp.jpg" "508" height="445" />

10、確認安裝選擇，單擊“下一步”

650) this.width=650;" title="clip_image020" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image020" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260634YQ7T.jpg" "507" height="444" />

11、勾選“完成後重新啟動”（若未勾選則可手動重啟）。

650) this.width=650;" title="clip_image022" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image022" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260634YGv6.jpg" "441" height="287" />

12、待重啟重新設定密碼，進入系統，確認安裝結果。

650) this.width=650;" title="clip_image024" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image024" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260634Gfza.jpg" "630" height="580" />

13、管理員登入windows7客戶機，修改TCP/IP加入建立的域tarena.com

650) this.width=650;" title="clip_image026" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image026" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260635OKSI.jpg" "414" height="432" />

輸入欄位名，單擊“確定”

650) this.width=650;" title="clip_image028" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image028" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260635Myoy.jpg" "340" height="371" />

用域使用者或者網域系統管理員進行驗證

650) this.width=650;" title="clip_image030" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image030" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260635XDE6.jpg" "443" height="262" />

驗證成功會提示“歡迎加入tarena.com域”

二、 域環境下進行組原則設定

1、開啟管理工具---Active Directory使用者和電腦---tarena.com----右擊”Users”單擊建立---使用者，輸入完資訊，單擊“下一步”

650) this.width=650;" title="clip_image032" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image032" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260635eRXm.jpg" "443" height="343" />

設定使用者密碼

650) this.width=650;" title="clip_image034" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image034" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260635nDOh.jpg" "446" height="348" />

在域“tarena.com”中建立OU“caiwu”，在caiwu下面建立普通使用者cai作為員工賬戶，經理作為經理的賬戶

2、禁止域中所有使用者修改案頭背景

1）開啟管理工具---組策略管理，右擊Default Domain Policy選擇“編輯”進入群組原則管理編輯器

650) this.width=650;" title="clip_image036" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image036" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260635HeBf.jpg" "767" height="538" />

使用者配置---策略---系統管理範本---控制台---個人化，右擊“阻止更改案頭背景”，單擊“編輯”

650) this.width=650;" title="clip_image038" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image038" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260636kmrf.jpg" "801" height="544" />

勾選“已啟用”，單擊“確定”。

650) this.width=650;" title="clip_image040" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image040" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260636JVqJ.jpg" "702" height="535" />

2）驗證策略是否正常運行。用user1使用者登入windows7客戶機，在案頭右擊選擇“個人化”，發現“案頭背景”是灰色的，不能設定，說明組策略應用成功

650) this.width=650;" title="clip_image042" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image042" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260636HkGP.jpg" "841" height="597" />

3、在實驗2的基礎上實現caiwu OU的使用者可以修改案頭背景。

1）開啟組策略管理，右擊“caiwu”，建立GPO

650) this.width=650;" title="clip_image044" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image044" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260637fyw5.jpg" "404" height="512" />

建立新的GPO，名字為“caiwu1”

650) this.width=650;" title="clip_image046" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image046" src="http://img1.51cto.com/attachment/201407/13/6212447_14052606378g2e.jpg" "391" height="165" />

右擊caiwu，選擇“阻止繼承”

650) this.width=650;" title="clip_image048" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image048" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260637zEpw.jpg" "419" height="377" />

用 caiwu下的使用者cai登入驗證，可以更改案頭背景，策略應用成功

650) this.width=650;" title="clip_image050" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image050" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260637EG4w.jpg" "277" height="329" />

4、在實驗3的基礎上，在預設域策略上配置強制生效，實現caiwu OU的使用者不可以修改案頭背景

1）右擊DefaultDomain Policy選擇“強制”

650) this.width=650;" title="clip_image052" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image052" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260638Iv0P.jpg" "358" height="514" />

用cai登入windows7客戶機，驗證策略應用成功

650) this.width=650;" title="clip_image054" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image054" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260638jvn0.jpg" "375" height="270" />

5、在實驗4的基礎上取消caiwu OU的阻止繼承，取消域策略的強制，然後再caiwu OU建立一個新的GPO，設定使用者開啟瀏覽器的預設首頁為http://www.tarena.com

1）右擊caiwu OU，解除封鎖繼承，右擊DefaultDomain Policy取消“強制”

2）右擊caiwu OU，建立一新的GPO

650) this.width=650;" title="clip_image056" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image056" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260638hwfL.jpg" "396" height="165" />

3）右擊“預設首頁”，選擇“編輯”，進入組策略編輯器

使用者配置---策略---windows設定---Internet Explorer維護---重要URL，設定自訂首頁

650) this.width=650;" title="clip_image058" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image058" src="http://img1.51cto.com/attachment/201407/13/6212447_14052606382dwA.jpg" "805" height="552" />

4）驗證策略。使用者cai登入windows7，開啟IE瀏覽器，首頁網址為http://www.tarena.com，策略應用成功

650) this.width=650;" title="clip_image060" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image060" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260638xmtH.jpg" "603" height="91" />

6、實驗5的基礎上配置預設域策略使用者開啟的瀏覽器的預設首頁為http://www.baidu.com。

1）

650) this.width=650;" title="clip_image062" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image062" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260639XpIh.jpg" "804" height="545" />

2）用caiwu OU的使用者驗證開啟瀏覽器的預設首頁，依然為http://www.tarena.com

650) this.width=650;" title="clip_image064" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image064" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260639r6Nl.jpg" "570" height="84" />

7、caiwu OU經理使用者不受禁止修改案頭背景策略的影響

1）單擊“DefaultDomain Policy”，在右面選項卡選擇“委派”，單擊右下角“進階”

650) this.width=650;" title="clip_image066" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image066" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260639NcGX.jpg" "845" height="537" />

2）單擊“添加”

650) this.width=650;" title="clip_image068" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image068" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260639Ko9C.jpg" "369" height="418" />

3）添加“經理”，單擊“確定”

650) this.width=650;" title="clip_image070" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image070" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260640cuUS.jpg" "464" height="250" />

3）選擇經理許可權拒絕寫入，和拒絕應用組策略，應用。

650) this.width=650;" title="clip_image072" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image072" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260670B4Ob.jpg" "477" height="435" />

4）用jingli在客戶機登入，可以更換案頭背景。

650) this.width=650;" title="clip_image050[1]" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px" border="0" alt="clip_image050[1]" src="http://img1.51cto.com/attachment/201407/13/6212447_1405260670jiry.jpg" "277" height="329" />

本文章原先以中文撰寫並發佈於 aliyun.com，亦設英文版本，僅作資訊用途。本網站不對文章的準確性，完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴，請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡，一經驗證之後，即會刪除該侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More