Tài liệu Advanced Administration for Microsoft® Windows® 2000 ppt

Microsoft, Active Directory, PowerPoint, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A.. 10 Module 1: Introduction to Advan

Part Number: X04-97023

Course Number: 1558A

Released: 7/99

Delivery Guide

Advanced Administration for

Information in this document is subject to change without notice The names of compan ies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended

to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

? ? 1999 Microsoft Corporation All rights reserved

Microsoft, Active Directory, PowerPoint, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted

Other product and company names mentioned herein may be the trademarks of their respective owners

Project Lead and Instructional Designer: Mark Johnso n Instructional Designers :Aneetinder Chowdhry (NIIT Inc.), Kathryn Yusi (Independent Contractor)

Lead Program Manager: Ryan Calafato Program Manager: Joern Wettern (Wettern Network Solutions) Graphic Artist: Julie Stone (Independent Contractor)

Editing Manager: Tina Tsiakalis Substantive Editor: Kelly Baker (Write Stuff) Copy Editor: Wendy Cleary (S&T OnSite) Online Program Manager: Nikki McCormick Online Support: Arlo Emerson (MacTemps) Compact Disc Testing: Data Dimensions, Inc

Production Support: Arlene Rubin (S&T OnSite) Manufacturing Manager: Bo Galford

Manufacturing Support: Mimi Dukes (S&T OnSite) Lead Product Manager, Development Services: Elaine Nuerenberg Lead Product Manager: Sandy Alto

Group Product Manager: Robert Stewart

Course Number: 1558A Part Number: X04-97023 Released: 7/99

Contents

Introduction

Introduction 1

Course Materials 2

Prerequisites 4

Course Outline 5

Course Outline 6

Course Outline 7

Microsoft Certified Professional Program 8

Facilities 10

Module 1: Introduction to Advanced Administration of a Windows 2000 Network Overview 1

Administering a Windows 2000 Network 2

Centralized Management 3

Delegating Administrative Control 8

Controlling Access to Active Directory Objects and Windows 2000 Resources 9

Demonstration: Examining Access Tokens 18

Review 19

Module 2: Strategies for Administering a Windows 2000 Network Overview 1

Windows 2000 Administrative Strategies 2

Customizing MMC Consoles 4

Installing Windows 2000 Snap-Ins 9

Setting Up Taskpads 10

Lab A: Customizing MMC Consoles 14

Using Secondary Logon for Administration 28

Using Terminal Services for Administration 32

Lab B: Administering a Windows 2000 Network 36

Best Practices 47

Review 48

Module 3: Administering Active Directory Overview 1

Introduction to Administering Active Directory 2

Managing Active Directory Objects 3

Publishing Resources in Active Directory 7

Locating Objects in Active Directory 11

Lab A: Managing, Publishing, and Locating Objects in Active Directory 18

Controlling Access to Objects 29

Delegating Administrative Control 34

Lab B: Delegating Administrative Control in Active Directory 39

Best Practices 47

Review 48

Module 4: Implementing Group Policy

Overview 1

Introduction to Group Policy 2

Group Policy Structure 3

How Group Policy Settings Are Applied in Active Directory 10

Modifying Group Policy Inheritance 17

Lab A: Implementing Group Policy 22

Delegating Administrative Control of a Group Policy Object 35

Lab B: Delegating Group Policy Administration 36

Best Practices 42

Review 43

Module 5: Using Group Policy to Manage User Environments Overview 1

Introduction to Managing User Environments 2

Using Administrative Templates 4

Lab A: Using Administrative Templates to Assign Registry-Based Policies 14

Using Scripts 23

Lab B: Assigning Script Policies to Users and Computers 28

Best Practices 34

Review 35

Module 6: Using Group Policy to Manage Software Overview 1

Introduction to Managing Software Deployment 2

Windows Installer Technology 3

Deploying Software 4

Configuring Software Deployment 11

Lab A: Using Group Policy to Deploy Software 15

Maintaining Deployed Software 27

Removing Deployed Software 30

Deploying non-Windows Installer Packages 31

Lab B: Using Group Policy to Upgrade Software 35

Lab C: Creating and Deploying a non-Windows Installer Package File 42

Troubleshooting Software Deployment 46

Best Practices 47

Review 48

Module 7: Advanced Administration of User Accounts and Groups Overview 1

Introduction to Administering User Accounts and Groups 2

Windows 2000 Logon Names 3

Using Group Policy to Configure Account Policies 5

Creating Multiple User Accounts 10

Using Group Policy to Redirect User Data to a Network Server 15

Lab A: Advanced Administration of User Accounts 19

Using Universal Groups 30

Setting Up Computers for Mobile Users 34

Lab B: Setting Up Windows 2000 for Mobile Users 38

Best Practices 42

Review 43

Module 8: Implementing Security in a Windows 2000 Network

Overview 1

Introduction to Securing a Windows 2000 Network 2

Windows 2000 Security Policies 3

Implementing Security Policies 5

Implementing an Audit Policy 13

Recovering Encrypted Files 21

Lab A: Implementing Security in a Windows 2000 Network 25

Best Practices 46

Review 47

Module 9: Using Dfs to Share File Resources Overview 1

Introduction to Dfs 2

Setting Up a Fault-Tolerant Dfs Root 7

Configuring Child Nodes for a Fault-Tolerant Dfs Root 10

Guidelines for Configuring Dfs for a Multisite Environment 15

Administering Dfs 16

Lab A: Implementing Dfs 19

Best Practices 27

Review 28

Module 10: Implementing Disaster Recovery Overview 1

Recovering from Disasters in a Windows 2000 Network 2

Repairing a Network Server 3

Restoring Active Directory 10

Restoring Active Directory Objects 12

Rebuilding a Network Server 15

Lab A: Implementing Disaster Recovery for Active Directory and Windows 2000 16

Best Practices 24

Review 25

About This Course

This section provides you with a brief description of the course, audience, suggested prerequisites, and course objectives

Description

This course provides students with the knowledge and skills necessary to perform advanced administration tasks in a Microsoft® Windows® 2000 network The course focuses on the administrative tasks required to centrally manage large numbers of users and computers The course also provides students with the strategies and tools necessary to delegate administrative tasks

to other administrators or users

Audience

This course is intended for support professionals who do not have prior experience administering a Microsoft Windows NT® 4.0 network It is designed for students who will be tasked with administering a medium to large Microsoft Windows 2000 network and who will be responsible for implementing Active Directory™ directory service and Group Policy to manage an organization’s user and computer environments

Student Prerequisites

This course requires that students meet the following prerequisites:

?? Course 1556, Administering Microsoft Windows 2000, or equivalent

knowledge and skills

This includes creating and administering user accounts and groups, managing network resources, setting up and administering permissions for files and folders, creating and administering printers, backing up and restoring files and folders, and using the built-in administration account and groups to perform administration tasks

?? Course 1557, Installing and Configuring Microsoft Windows 2000, or

equivalent knowledge and skills

This includes installing Windows 2000, configuring hard disks and partitions, installing and configuring network protocols and services, installing and configuring Active Directory on a domain controller, configuring replication of Active Directory, and configuring various types

of Windows 2000 servers, including file, print, and Terminal servers

Course Objectives

At the end of this course, the student will be able to:

?? Identify the tasks involved in centrally managing a Windows 2000 network, and describe how Windows 2000 controls access to resources

?? Use Windows 2000 administration tools and methods to perform administrative tasks both locally and remotely

?? Administer Active Directory by managing Active Directory objects and by delegating administrative control of Active Directory objects

?? Describe how to implement Group Policy to configure computers and user environments in a Windows 2000 network

?? Configure and control user environments by using Group Policy

?? Deploy and manage applications by using Group Policy

?? Perform advanced administrative tasks that are beyond the scope of day-to-day administrative tasks (for example, creating multiple user accounts and redirecting user data to a network file server)

?? Implement Windows 2000 security by implementing an Audit policy and by using the Security Configuration Tool Set to create, modify, and analyze security settings

?? Share file resources in a network by installing, configuring, and managing the Distributed file system (Dfs)

?? Implement disaster recovery in a Windows 2000 network

Course Timing

The following schedule is an estimate of the course timing Your timing may vary

Day 1

8:30 9:00 Introduction 9:00 10:00 Module 1: Introduction to Advanced Administration of a

Windows 2000 Network 10:00 10:15 Break

10:15 10:45 Module 2: Strategies fo r Administering a Windows 2000 Network 10:45 11:45 Lab A: Customizing MMC Consoles

11:45 12:45 Lunch 12:45 1:15 Module 2: Strategies for Administering a Windows 2000 Network

(continued)

1:15 1:45 Lab B: Administering a Windows 2000 Network 2:00 2:45 Module 3: Administering Active Directory 2:45 3:00 Break

3:00 3:45 Lab A: Managing, Publishing, and Locating Objects in Active

Directory 3:45 4:15 Module 3: Administering Active Directory (continued)

4:15 4:45 Lab B: Delegating Administrative Control in Active Directory

Day 2

8:30 9:15 Module 4: Implementing Group Policy 9:15 10:15 Lab A: Implementing Group Policy 10:15 10:30 Break

10:30 10:45 Module 4: Implementing Group Policy (continued)

10:45 11:00 Lab B: Delegating Group Policy Administration 11:00 11:45 Module 5: Using Group Policy to Manage User Environments 11:45 12:45 Lunch

12:45 1:30 Lab A: Using Administrative Templates to Assign Registry-Based

Policies 1:30 1:45 Module 5: Using Group Policy to Manage User Environments

(continued)

1:45 2:15 Lab B: Assigning Script Policies to Users and Computers 2:15 2:30 Break

2:30 3:15 Module 6: Using Group Policy to Manage Software 3:15 4:00 Lab A: Using Group Policy to Deploy Software 4:00 4:30 Module 6: Using Group Policy to Manage Software (continued)

4:30 5:00 Lab B: Using Group Policy to Upgrade Software 5:00 5:15 Lab C: Creating and Deploying a non-Windows Installer

Package File

Day 3

8:30 9:15 Module 7: Advanced Administration of User Accounts

and Groups 9:15 10:00 Lab A: Advanced Administration of User Accounts 10:00 10:15 Break

10:15 10:45 Module 7: Advanced Administration of User Accounts and

Groups (continued)

10:45 11:00 Lab B: Setting Up Windows 2000 for Mobile Users 11:00 12:00 Module 8: Implementing Security in a Windows 2000 Network 12:00 1:00 Lunch

1:00 2:15 Lab A: Implementing Security in a Windows 2000 Network 2:15 3:00 Module 9: Using Dfs to Share File Resources

3:00 3:45 Lab A: Implementing Dfs 3:45 4:30 Module 10: Implementing Disaster Recovery 4:30 5:15 Lab A: Implementing Disaster Recovery for Active Directory and

Windows 2000

Trainer Materials Compact Disc Contents

The Trainer Materials compact disc contains the following files and folders:

?? Default.htm This file opens the Trainer Materials Web page

?? Readme.txt This file contains a description of the compact disc contents and

setup instructions in ASCII format (non-Microsoft Word document)

?? Sg_1558a.doc This file is the Classroom Setup Guide It contains a

description of classroom requirements, classroom configuration, and classroom setup instructions

?? Errorlog This folder contains a template that is used to record any errors

and corrections that you find in the course

?? Fonts This folder contains fonts that are required to view the Microsoft

PowerPoint® presentation and Web-based materials

?? Mplayer This folder contains files that are required to install Microsoft

Windows Media Player

?? Powerpnt This folder contains the PowerPoint slides that are used in

this course

?? Pptview This folder contains the PowerPoint Viewer, which is used to

display the PowerPoint slides

?? Setup This folder contains the Setup files that are required for an automated

classroom setup

?? Studntcd This folder contains the Web page that provides students with

links to resources pertaining to this course, including additional reading, review and lab answers, lab files, multimedia presentations, and course-related Web sites

?? Tprep This folder contains the Trainer Preparation Presentation, a narrated

slide show that explains the instructional strategy for the course and presentation tips and caveats To open the presentation, on the Trainer

Materials Web page click on Trainer Preparation Presentation

Student Materials Compact Disc Contents

The Student Materials compact disc contains the following files and folders:

?? Default.htm This file opens the Student Materials Web page It provides

students with resources pertaining to this course including additional reading, review and lab answers, lab files, multimedia presentations, and course-related Web sites

?? Readme.txt This file contains a description of the compact disc contents and

setup instructions in ASCII format (non-Microsoft Word document)

?? AddRead This folder contains additional reading pertaining to this course

The AddRead folder also contains the following two subfolders:

?? Techwalk This folder contains Window 2000 beta 3 technical

walkthroughs

?? Wpapers This folder contains Windows 2000 beta 3 white papers

?? Answers This folder contains answers to the module review questions and

hands-on labs

?? Appendix This folder contains appendix files for this course If there are no

appendix files, this folder does not appear

?? Fonts This folder contains fonts that are required to view the PowerPoint

presentation and Web-based materials

?? Labfiles This folder contains files that are used in the hands -on labs These

files may be used to prepare the student computers for the hands-on labs

?? Media This folder contains files that are used in multimedia presentations

for this course If this course does not include any multimedia presentations, this folder does not appear

?? Mplayer This folder contains files that are required to install Microsoft

Windows Media Player

?? Webfiles This folder contains the files that are required to view the course

Web page To open the Web page, open Windows Explorer, and in the root

directory of the compact disc, double-click Default.htm

?? Wordview This folder contains the Word Viewer that is used to view

any Word document (.doc) files that are included on the compact disc If no Word documents are included, this folder does not appear