Tao Group trong OU THUCHANH BI : Chck phải chuột vào OU THUCHANH > New > Group 1 & Active Directory Users and Computers : There are no items to show in this view, - Computers #}-{ Dom
Trang 1splace
t_3 eetate vee cows
DOMAIN USER & DOMAIN GROUP
I Chuan bi
- Khởi động máy Windows 2003 da nang cap lén Domain Controller
- Tao OU (Organizational Unit)
B1 : Log on Administrator > Start > Programs > Administrative Tools >
Active Directory Users and Computers > click phải chuột vào domx.com
& Añctivye Directory Llsers and Computers P E = {oj x}
<3 File Action View Window Help | 18) xJ
« 3 lm| | @ m|%: # la Ÿ 6 oe KZ1Active Directory Users and Computers! Active Directory Users and Cornputers [setver1.doif.comj 2 objects Saved Queries -
BP dom! com Name [ Type [ Description |
| domi “com Domain Ê11saved Queries Folder to store your Favor
> click phải chuột vào domx.com > New > Organizational Unit
“File Action view Window Help | 16) x
« > ||m| là la | @ m| %: @ l vy ée
‹ Peek Active Directory Users and Computers [serverl.domi.com] 2 objects Saved Queries
ep dam1.com Hàng Type Description |
Delegate Control Domain
Find s Folder to store your Favor
Connect to Domain
Connect to Domain Controller
Raise Domain Functional Level
Operations Masters
Computer All Tasks > ~~ Contact
New Window From Here Thờ Refresh MSMQ Queue Alias
©rganizatianal LInit
Peace Printer
Shared Folder
ij +4
[Create a new object
BS Hé Thong Mang Trang 1 Lé Xuan Tung
Trang 2splace
> Trong ctra s6 New Object > Organizational Unit > trong 6 Name : gõ
THUCHANH > OK
New 0bject - Drganizational LInit
Nhu vay OU THUCHANH da dugc tao trong domain domx.com
II Tao Group trong OU THUCHANH
BI : Chck phải chuột vào OU THUCHANH > New > Group
1 & Active Directory Users and Computers
: There are no items to show in this view,
-( Computers
#)}-{) Domain Controllers
(QQ ForeignSecurityPrincipals
BL-Ði Users
BS Hệ Thống Mạng Trang 2 Lê Xuân Tùng
Trang 3splace
B2 : Nhap tén group vao 6 Group Name : HOCVIEN
EE =
New Object - Group
F Universal
- Group scope : mặc định là © Global
- Group type : mặc định là © Security
ta vẫn giữ nguyên mặc định như vậy > OK
III Tao cac User trong OU
BỊ : click phải chuột vào OU THUCHANH > New > User
| active Directory Users and Computers
=p dom1.com
#I-È] Builtin
(QQ Computers
)-{@] Domain Controllers
#¡-J Foreign5ecurityPrincipals
a Users
‘nf THLICHANH
BS Hệ Thống Mạng Trang 3 Lê Xuân Tùng
Trang 4splace
B2 : Nhập tên user vao 6 First Name: ul va 6 User logon name : ul > Next
New Object - User ` xi
¢: Create in: = dom1.com/THUCHANH
First name: jul Initials: | Last name: |
Full name: jul User logon name:
jul @dom1.com y|
User logon name [pre-Windows 2000):
< Back | Next > Cancel |
B3 : Nhập mật khâu là 12345?a lần lượt vào 2 6 Password va Confirm Password >
bỏ dâu check tại LI User must change password at next logon > Next
New Object - User ` xi
¢: Create in: = dom1.com/THUCHANH
Password: |eeeeeee
Confirm password: |seeseee [— Liser must change password at next logon [— Llser cannot change password
[ Password never expires
Account is disabled
< Back | Next > Cancel
BS Hệ Thống Mạng Trang 4 Lê Xuân Tùng
Trang 5splace
= Object - User
> Finish
B4 : Lap lại các bước từ Í đến 3 để tạo các user account sau đây :
- user u2 : User name : u2
Password : 12345?a
- user u3 : User name : u3
Password : 12345?a
Eesti Directory Users and Computers
<3 Active Directory Users and Computer
(#9 Saved Queries
=p dom1.com
1-8 Builtin F7 HOCVIEN Security Group ,
(QQ Computers Gut User
4)-(@) Domain Controllers Guz User
#2 ForeignSecurityPrincipals — | f3 User
BS Hệ Thống Mạng Trang 5 Lê Xuân Tùng
Trang 6splace
IV Đưa các user vào trong Group
BI : Đưa u1 vào sroup HOCVIEN > click phải chuột vao user ul > Properties
J File Action View Window Help | les x)
© + |Eimi # 6ã Xr#fa3l@m.'eiianv‹á®
(9 Saved Queries
1-299 dom1.com Nang Type Description |
(3 Builtin fliHocviru Security Group
(3 Computers g ay {] Domain Controllers uz User Add to 8 group
ForeignSecurityPrincipals Gus User By
{| THUCHANH boos
Open Home Page
Send Mail
All Tasks >
Cut
Delete Rename
te |
lOpens the properties dialog box for the current selection |
Trong ctra so ul Properties chon tab Member of > Add
Remote control | — TerminalServices Profile | © COM+
General | Address Account Profile | Telephones Organization
MemberOf | Diain | Environment | Sessons
Member of:
Name Active Directory Folder |
Domain Users dom1.com/LUsers
Add | Remove |
Primary group: Domain Users GeePrimanG There is no need to change Primary group unless L_ 52Pfmz/Bioip | you have Macintosh clients or POSIX-compliant
applications
[ ox | Cancel | Apply |
> ctra s6 Select Groups > nhap vao 6 Enter the object names to select : HOC
BS Hệ Thống Mạng Trang 6 Lê Xuân Tùng
Trang 7splace
! ect names t t (examples):
_
> bam vào nút Check Names > ta thấy nó tìm cho ta tên đầy đủ là HOCVIEN
he object names t | (examples):
Ce
> OK
set Primary Group:
> Apply > OK
BS Hệ Thống Mạng Trang 7 Lê Xuân Tùng
Trang 8spìace
vn vent
B2 : Dua user u2,u3 vào group HOCVIEN > click phải chuột vao group
cả) Active Directory Users and Computers
=lnl xị
& File Action View Window — Help | =l#| x|
aire iets Lees ad Cait
(4) Saved Queries
= ap dom1.com chu sig
(9 Computers l eG u 2 U ser Send Mail
{@] Damain Controllers u ser tee ae
(2) ForeignSecurityPrincipals us User All Tasks »
Delete
Rename
Help
|Opens the properties dialog box for the current selection |
—> cửa số HOCVIEN Properties > chọn tab Members > Add
HOC¥IEN Properties 2) x!
General Members | Member Of | Managed By |
Members:
Name | Active Directory Folder |
dam1.com¿THLICHàHH
Add Remove |
BS Hệ Thống Mạng Trang 8 Lé Xuan Tung
Trang 9splace
> nhap vao 6 Enter the object names to select : u1;u2
ISelect LIlsers, Contacts, or Computers
' L [examples]‡ Ae
U2 fu2@dom Icom): u3 {uX@dom com]
HOCY¥IEN Properties
dom com/THUCHANH dom com/THUCHANH
> Apply > OK
BS Hệ Thống Mạng Trang 9 Lê Xuân Tùng
Trang 10spìace
ư *®Ỷỷyxe«=Sotsi6 nee few
V Điều chỉnh Poliev để các user thuơc Group HOCVIEN được phép lò on
locally vao may Domain Controller
B1: Logon Administrator > vao menu Start > Programs > Administrative
Tools > Domain Controller Security Policy
cĩ
My Documents
-
a”
My Computer
(Γ Accessories
>) Mozilla Firefox 'Œì Realtek IŒ) startup
Edition (2) Howie's Quick Screen Capture
» (A} Acrobat Reader 5.0
®& Internet Explorer (S) Outlook Express i, DNS
i Remote Assistance "N9 0s ï HH
5 Howie's Quick Screen Ca | (`) C:|Documents and Settin |
(É] cCertfication Authority đẩy Cluster Administrator
® Component Services Computer Management
3 Configure Your Server Wizard a) Data Sources (ODBC)
al Distributed File System Event Viewer
® Licensing
_Đ Manage Your Server Sfq Microsoft NET Framework 1.1 Configuration {Microsoft NET Framework 1.1 Wizards
@ Network Load Balancing Manager i} Performance
cà Remote Desktops
3 Routing and Remote Access
» &y Services
> |B) Terminal Server Licensing
> &) Terminal Services Configuration
> oP Terminal Services Manager
> $8 Active Directory Domains and Trusts
ff) Domain Security Policy
I8 Active Directory Sites and Services
4 Active Directory Users and Computers
> ctra s6 Default Domain Controller Security Settings
File Action View Help
't Default Domain Controller Security Settings - || x|
wD) AD) 5:36 PM
« + || < Ia| @ m
#i-(CĐ File System
-W( wireless Network (IEEE 802 11) f
/#i-~] Public Key Policies
(5) Software Restriction Policies
(+): ® IP Security Policies on Active Dire
BS Hệ Thống Mạng
Name
fflaccount Policies
##jLocal Policies
egevent Log
(Srestricted Groups
CĐ5ystem Services CBreaistry
File system
Y Wireless Network (IEEE 802.1
(Public Key Policies (software Restriction Policies
& IP Security Policies on Active
Trang 10
|_ Description
Password and account lockout policies Auditing, user rights and security options policies
Event Log
Restricted Groups
System service settings Registry security settings
File security settings Wireless Network Policy Administration Manage th
Internet Protocol Security (IPSec) Administration
Lé Xuan Tung
Trang 11splace
“entsle pee reel
> chon Security Settings > Local Policies > User Rights Assignment > Allow log on locally > click phai chuét vao Allow log on locally > Properties
"tì Default Domain Controller Security Settings
File Action View Help
s8 Security Settings Policy / | Policy Setting | «|
5 Account Policies Tee] act as part of the operating system
E)~ ggg Local Policies 82] Add workstations to domain Authenticated Users
€@ Audit Policy RZ] Adjust memory quotas For a process LOCAL SERVICE, NETWORK SERVI
eg) User Rights Seer Allow log on locally Gonerins Administrators, Backup Operators,
SN Securky Options RE] Allow log on through Ter = Not Defined
3 An dc Log (88]Back up Files and directo — Help Administrators,Backup Operators,
{@ Restricted Groups a ; 88] Bypass traverse checking : Everyone, Administrators, Authenti vu :
GB Registry Rg] Change the system time LOCAL SERVICE, Administrators,Se
File System (82) Create 4 pagefile Administrators
YY Wireless Network (IEEE 802.11) F [82] Create a token object
Public Key Policies (82) create global objects Not Defined
Software Restriction Policies {&2]Create permanent shared objects
4, IP Security Policies on Active Dire [88] Debug programs Administrators
(88]Deny access to this computer from the netw DOM1\SUPPORT_388945a0 aa
(88]Deny log on as 4 batch job
Re] Deny log on as 4 service
R¥]Deny log on locally DOM1\SUPPORT_388945a0
Re] Deny log on through Terminal Services Not Defined
8] Enable computer and user accounts to be tr Administrators
82) Force shutdown from a remote system Administrators, Server Operators
Rd] Generate security audits LOCAL SERVICE, NETWORK SERVICE
R¥]Impersonate a client after authentication Not Defined
4 | | >| iB) Increase scheduling priority Administrators xị
\Opens the properties dialog box for the current selection, |
—> cửa số Allow lò on locally Properties
Allow log on locally Properties
Security Policy Setting | Explain This Setting |
et Allow log on locally
Account Operators Administrators Backup Operators Print Operators Server Operators
Add User or Group Remove
ứ Modifying this setting may affect compatibility with clients, services, and applications
For more information, see Allow log on locally (9823659)
_x_] Cancel Apply
> bam vao nit Add User or Group > Browse
BS Hệ Thống Mạng Trang 11 Lê Xuân Tùng
Trang 12splace
t.- ” sau see
> Advanced
Select Llsers, Conputers, or fsroups _?| xị
Select this object type:
|Users Groups, or Built-in security principals Object Types
From this location:
|domt com Locations
Enter the object names to select (examples):
Check ames
Advanced |
> tim va chon group HOCVIEN
Select Llsers, Computers, or Groups - - ?| xị
Select this object type:
|Users, Groups, or Built-in security principals Object Types
From this location:
|dam1 com Locations
Common Queries |
Name: | Starts with xị | Columns
25 [E Disabled accounts Stop
[ Non expiting password Davs since last loqor: | *] e [ip
OK | Cancel
> OK
Search results:
Name [RDN] | E-Mail Address | Description | In Folder | ^l Domain Guests All domain quests = dom1.com/Users
#8 Domain Users All domain users dom1.com/Users
ft? Enterprise Ad Designated admi doml.com/Users
*@ Everyone
#8 Group Policy Members inthis doml.com/Users
Guest Built-in account f dom1.com/Users
#8 Guests dom com/Builtin
#8 HelpServices Group for the He dom1.com/Users
#HOCVIEN dam1.com¿T HLI
& incomming FeKe dom com/Builtin xÍ
BS Hệ Thống Mạng Trang 12 Lê Xuân Tùng
Trang 13splace
Ba See LIsers, Connputers, or (sroups
elect (examples):
5 - - - ⁄⁄ ⁄
> OK > xuất hiện hộp thoại Add User or Group
= ñdd Llser or Group
> OK > OK
B2 : vao menu Start > Run > gpupdate /force
[oondtefoed „Ị
B3 : Log on lần lượt bằng các users : u1,u2,u3
B4: Tạo user u4, sau đó logon băng user u4 > Hãy nhận xét kêt quả quan sát được ? giải thích tại sao ?
BS Hệ Thống Mạng Trang 13 Lê Xuân Tùng