Enterprise application case of Windows2003 domain

  
Case Environment 1: yye1.com Shanghai Branch has a total of 100 computers, installed Windows Server 2003 system and xp system. Case Description: When the administrator manages the network, the following problems are found: 1. Since the entire network is configured in the workgroup mode, the administrator must establish a user account for each employee on different computers when managing the user account, and often Modifying the account settings, account management is very confusing and the workload is very large. Administrators want to be able to centrally manage all of their computers on a single computer. 2. When the company employees use the computer, they often arbitrarily modify the settings of the control panel, making the operation of the computer extremely unstable. The administrator wants to be able to control the user's operational behavior and does not allow the user to modify the control panel. 3. The administrator wants to install "Office 2010" for all computers in the domain. He hopes to install all the computers automatically, instead of manually installing them one by one. Creating a Windows 2003 domain requires two main steps: installing a domain controller and joining the computer to the domain. Case implementation: 1) Install the domain controller. (To create a domain controller, you need to install Active Directory on your computer.) 1. Set the IP address. (Set the IP address, subnet mask, and preferred DNS address for the domain controller computer) 2. Start the Active Directory Installation Wizard. (Click “Start”“Run”, enter the dcpromo command, click the “OK” button to launch the Active Directory Installation Wizard. 3. Specify the type of domain controller. (Twice click “ Next & rdquo; button, select “ new domain domain controller & rdquo;, click the "next" button 4. Create a new domain. (Select “ in the new forest domain & rdquo;, click “ Next step & rdquo;) 5. Set the domain name. (Enter the domain name, such as yye1.com, click “ Next & rdquo;) 6. NetBIOS name of the domain. (Accept the NetBIOS name of the default domain, click “ Next ”) 7. Specify the database and log folder. (Specify the location of the database and log folder, click <; next & rdquo;) 8. Specify the location of the shared system volume. (Specify the location of the shared system volume, click “ Next step & rdquo;) 9. Set DNS registration diagnostics. (Click ““Next” in the “DNS Registration Diagnostics” dialog box) 10. Set the password for the directory service restore mode. Click in the box “ Next, click the button, enter the password for the directory service restore mode, click “Next”) 11. Start the installation of Active Directory. (Click “Next” to start the installation of Active Directory. 12. Complete the installation. (Click ““Complete” after the installation is complete.) 13. Restart the computer. (Click “Resume now” to restart the computer.) 14. Verify the installation. 2) Join the computer to the domain. (After installing the domain controller computer, you need to join the client computer to the domain for centralized management) 1. Set the IP address of the client computer. (The preferred DNS address must be set correctly. Since the domain controller is installed as a DNS server when the domain controller was previously installed, the preferred DNS address is set here to the domain controller's address as the domain controller). 2. Enter the domain name. (Right-click "My Computer", select "Properties", click on the "Computer Name" tab. Click "Change" and enter the domain to be added to the domain. Domain Name, click “OK” button) 3. Enter your username and password. (Enter the domain administrator's username and password, click “OK”) 4. Successfully join the domain. (The system pops up "Welcome to the yye1.com domain" dialog box, click & rdquo; OK & ldquo;, click again & ldquo; OK & ldquo; restart the computer. Repeat the above steps to join other computers to the domain) 3) Management domain Users, groups, and organizational units. (After establishing a Windows domain, you can create a domain user account for all users in Active Directory, let them use domain users to log in to the domain and access domain resources. At the same time, administrators can centrally manage all domain users through Active Directory. In the yye1.com domain, establish the sales organization unit and user account as an example to establish a user account. 1. Create a new organizational unit. (Click “Start”“Program”“Administrative Tools”“Active Directory Users and Computers. Right click on the domain and select “New”“Organizational Unit" The name of the unit. (Enter the name Sales_OU of the sales organization unit, click “OK”) 3. Create a new user. (Right-click “Sales_OU”, select “New”“User”) 4. Enter user information. (Enter user information, such as dongjun, click “Next”, set the user password, click “Next”) 5. Complete user creation. (The established user account is shown in the figure below. To set the user attribute, you can right click on the corresponding user and select “Attributes”. To enable the user to obtain the corresponding rights, you can add the user to the built-in group or directly to the user) 4) Use Group Policy to control the user's operational behavior. (After establishing a domain user, you need to control the operation behavior of the domain user. For example, the control user cannot modify the settings of the control panel. The administrator can control the operation behavior of the user by setting the group policy to realize the management and control of the domain. 1. Open “ Group Policy & rdquo; tab. (Open Active Directory Users and Computers, right-click Sales_OU, select “Properties", click “Group Policy" tab in the pop-up dialog box. 2. Create a new group policy. (Click “New” to create a new group policy, click “Edit” to open the Group Policy Editor to set the group policy. 3. Set the group policy. (In the Group Policy Editor, expand “User Configuration”“Administrative Templates", click “Control Panel" in the right window to find "No Access Control Panel" control panel. (Double click “No access to control panel", select “Enable", click “OK" button) 5. Verify Group Policy settings. (After completing the above settings, log in to the domain with the dongjun user in Sales_OU, open “start”“set", and find that there is no "control panel" item, that is, the control panel is not allowed to be modified. If you want to control the user's other Action, you can set other policy items in Group Policy) 5) Use Group Policy to deploy software. (Windows2003 Group Policy can not only control the user's operation behavior, but also quickly deploy application software on the network. For example, the process of using Group Policy to deploy the "Office" software is as follows) 1. Prepare the Office installation file and the .msi installation package file to copy. Go to a shared folder. 2. Establish a group policy. (Open "“ Active Directory Users and Computers", right click on Sales_OU to create a group policy) 3. Set up Group Policy. (In the Group Policy Editor, expand “User Configuration”“Software Settings" "Right-click"Software Installation" "Select"New”“ Package”) 4. Open the installation package file . (Open the installation package file and select “Open”. Note that the file path must be the network path here.) 5. Select the software deployment method. (Select “ Assigned & rdquo;, click “ OK” button) 6. Verify Group Policy settings. (After completing the above settings, log in to the domain with the dongjun user in Sales_OU, open the “Programs” menu, you can see the shortcut of the Office software, the software is installed, the user can use the software.
Copyright © Windows knowledge All Rights Reserved