ACTIVE DIRECTORY

GVHD:Phm Vn Tnh Thnh vin: Nguyn Thch Nguyn Tn M L Ph Duyn Nguyn Bnh Minh

Mc Tiu
- Khi nim AD -Cu hnh
Nng cp domain H cp domain Join Domain Home Directory Sub domain FolderRedirection User,Group Group policy Forest

Cc Mc Chnh
I.Tng quan Active Directory I.A.L do c AD I.B.Directory Service I.C.Active Directory

II.Cu hnh c bn AD
II.A. DNS II.B. Nng cp Domain II.C.H cp Domain II.D.Join Domain II.E Replication II.F.Group va User II.G.Home Directory II.H.Deploy Software II.I. FolderRedirection II.J.Group policy II.K, Sub domain II.L. Forest II.M. Backup and restore

I.TNG QUAN ACTIVE DIRECTORY

I.A.L do c Active Directory
I.A.1.L do I.A.2.M hnh mng
I.A.2.1.M hnh Workgroup I.A.2.1.M hnh Domain

I.B.Directory Service I.C.Active Directory

I.A.1.L DO

Ngy nay h thng thng mi ngy cng pht trin mnh,cc doanh nghip ngy cng ln mnh ngy cng c nhiu i l khp mi ni ,vy vn dc ra y o l lm sao m cc doanh nghip c th qun l c cc ngun ti nguyn ca cua mnh,AD ra i gi quyt cho vic .. Nh chng ta bit th AD khng phi l mt khi nim mi,Ad c bit n khi h iu hnh NT4.0 ra i ginh cho cc doanh nghip nh,dng l kh tin li cho doanh nghip nh v va,nhng s l rt kh khn trong vic tm kim trong mt doanh nghip ln v nhn thy dc iu Microsoft cho ra i dng sn phm win 2000 trong AD l phn chim rt quan trng nht,

I.A.2.M HNH MNG

I.A.2.1.M hnh Workgroup :

Cn gi l m hnh mng peer-to-peer, l m hnh m trong cc my tnh c vai tr nh nhau c ni kt vi nhau. Cc d liu v ti nguyn c lu tr phn tn ti cc my cc b, cc my t qun l ti nguyn cc b ca mnh,t chng thc trn my cc b Trong h thng mng khng c my tnh chuyn cung cp dch v v qun l h thng mng. M hnh ny ch ph hp vi cc mng nh v yu cu bo mt khng cao

I.A.2.M HNH MNG

I.A.2.1.M hnh Domain:

Hot ng theo c ch client-server, trong h thng mng phi c t nht mt my tnh lm chc nng iu khin vng (Domain Controller), Domain Controller ny s iu khin ton b hot ng ca h thng mng. Vic chng thc ngi dng v qun l ti nguyn mng c tp trung li ti cc Server trong min. M hnh ny c p dng cho cc cng ty va v ln.

CCH CHNG THC KHI NGI DNG NG NHP

Trong m hnh Domain ca Windows Server 2000 th cc thng tin ngi dng c tp trung li do dch v Active Directory qun l v c lu tr trn my tnh iu khin vng (domain controller) vi tn tp tin l NTDS.DIT(C:\WINDOWS\NTDS)

I.B.DIRECTORY SERVICE
I.B.1 Khi nim Directory Service? I.B.2 V sao li c Directory Service? I.B.3 Thnh phn trong Directory Service ?

I.B.1 KHI NIM DIRECTORY SERVICE?

Directory :l mt m hnh t chc thng tin, d liu

m trong cc thng tin d liu c mi quan h chc ch vi nhau ,theo kiu cu trc th mc V d:danh b in thoi:vi Tn trn danh b th ta c th truy ra c s in thoi tng ng

Directory Service l mt dch v th mc c p

dng trong vic lu tr cc thng tin, d liu theo kin trc t chc Directory v qun l tp trung cc i tng(ng dng dng chung,user,my in..), n gin ha qu trnh xc nh v qun l ti nguyn

I.B.2 V SAO LI C DS?

Directory Service l mt trong nhng thnh phn

quan nht ca mt h thng my ch: Simplifies management.:n gin ha , nht qun v cch qun l Strengthens security:m bo tnh bo mt cao,c h thng chng thc ngi dng Extends interoperability:nng cao hiu nng khi thit k v trin khai cc h thng mng

Directory Service l mt dch v hot ng nh mt trung tm chnh trong cc h iu hnh my ch, n h tr cc ngun ti nguyn c lp v phn tn c th lm vic vi nhau, c th kt ni vi nhau

S DNG DIRECTORY SERVICE

I.B.3 THNH PHN TRONG DIRECTORY SERVICE ?

Object (i tng).Trong h thng c s d liu, i tng bao

gm cc my in, ngi dng mng, cc server, cc my trm, cc th mc dng chung, dch v mng,

Attribute (thuc tnh). Mt thuc tnh m t mt i tng.

Schema (cu trc t chc). Mt schema nh ngha danh sch cc thuc tnh dng m t mt loi i tng no Container (vt cha). cha cc i tng v cc vt cha khc:Domain,Site, OU (Organizational Unit): Global Catalog. Dch v Global Catalog dng xc nh v tr ca mt i tng m ngi dng c cp quyn truy cp.

I.C.ACTIVE DIRECTORY

I.C.1 Khi nim Active Directory? I.C.2 Chc nng Active Directory ? I.C.3 M hnh lm vic Active Directory? I.C.4 Thnh phn trong Active Directory?

I.C.1 KHI NIM ACTIVE DIRECTORY?

Active Directory (AD):l mt ng dng ca Directory Service,l mt dch v trong Windows 2000 cung cp mt u mi qun l v bn v cc ti khon ngi dng Windows,cc client,server v cc ng dng AD l ni lu tr c s d liu ca cc ti nguyn trn mng (cn gi l i tng ) cng nh thng tin lin quan n cc i tng AD :s dng LDAP (Lightweight Directory Access Protocol) v c xy dng trn c s h thng xc nh domain theo tn (DNS) AD khng phi l mt khi nim mi bi Novell s dng dch v th mc (directory service ) thng qua HDH Windows NT 4.0

Domain

Computers

Objects
Userss

.C.2 CHC NNG ACTIVE DIRECTORY ?

Lu tr thng tin v ti khon ngi dng v cc ti nguyn mng my tnh. Xc nh tnh hp l ca ngi truy cp ti nguyn mng.ComputersObjectsUserss Lu tr thng tin mng my tnh nh l cc i tng trong mt cu trc phn cp. Ngoi ra n cn cung cp: S qun l tp trung Cc kh nng tm kim nng cao. y quyn i din

I.C.3 M HNH LM VIC ACTIVE DIRECTORY?

Active Directory cho php lu tr thng tin cc t chc

trong mt th bc, theo kiu hng i tng,v cung cp nhiu kiu kt ni h tr cc mi trng mng li phn phi Organization:theo th bc Object-oriented Storage:hng i tng Multi-Master Replication:nhiu kt ni
Hierarchical

HIERARCHICAL ORGANIZATION

OBJECT-ORIENTED STORAGE

MULTI-MASTER REPLICATION

I.C.4 THNH PHN TRONG DIRECTORY SERVICE ?

Active Directory :bao gm cc thnh phn:

I.C.4 .1 Object I.C.4 .2 Organizational Units (OUs) I.C.4 .3 Domains I.C.4 .3 Domains Tree I.C.4 .5 Forest

CU TRC ACTIVE DIRECTORY

I.C.4 .1 OBJECT

Object :mt i tng duy nht c nh ngha

bi cc gi tr c gn cho cc thuc tnh ca i tng

I.C.4 .2 ORGANIZATIONAL UNITS.

Organizational Unit hay OU l n v nh nht

trong h thng AD, n c xem l mt vt cha cc Object c dng sp xp cc i tng khc nhau phc v cho mc ch qun tr ca bn.

I.C.4 .3 DOMAIN

Domain l n v chc nng nng ct ca cu trc

logic Active Directory,l phng tin qui nh mt tp hp nhng ngi dng, my tnh, ti nguyn chia s c nhng qui tc bo mt ging nhau t gip cho vic qun l cc truy cp vo cc Server d dng hn Chc nng ca Domain:
ng vai tr nh mt khu vc qun tr (administrative boundary) cc i tng, l mt tp hp cc nh ngha qun tr cho cc i tng chia s nh: c chung mt c s d liu th mc, cc chnh sch bo mt, cc quan h y quyn vi cc domain khc. Gip chng ta qun l bo mt cc cc ti nguyn chia s. Cung cp cc Server d phng lm chc nng iu khin vng (domain controller), ng thi m bo cc thng tin trn cc Server ny c c ng b vi nhau

I.C.4 .4 DOMAIN TREE

Domain Tree l cu trc bao gm nhiu domain c sp xp c cp bc theo cu trc hnh cy.

I.C.4 .5 FOREST

Forest (rng) c xy dng trn mt hoc nhiu

Domain Tree, ni cch khc Forest l tp hp cc Domain Tree c thit lp quan h v y quyn cho nhau.

II.CI T C BN ACTIVE DIRECTORY

II.A.DNS II.B.Nng Cp Domain II.C.H Cp Domain II.D.Join Domain II.E. Replication d liu trong Active Directory II.F. Sub domain II.G. Forest II.H.Backup and restore

II.A.DNS

Vo card mng thit lp a ch IP cho my ch vi a ch Static l 192.168.12.10, DNS cng l 192.168.12.10

Vo Start chn Administrative Tools DNS s xut hin ca s DNS. Trong phn to Zone ny cc bn s phi to dng Forward Lookup Zone Dng Primary Zone. Chut phi vo Forward Lookup zone chn New Zone.

chn Allow Dynamic Update y l bt buc khi ci t Active Directory s t ng ghi cc Record vo DNS. Nhn next kt thc qu trnh cu hnh DNS

Cn phi chnh sa hai Record trong th mc DNS va to qu trnh ci t chun Active Directory, nhp p vo SOA v Name Servers chnh li bng cch thm vo phn ui cc Record tn Zone va to ra.

Khi ng li dch v mng kim tra hot ng ca DNS bng cch vo run g CMD trong ca s ny chn: ping dtm.nonglam.com

II.B.NNG CP DOMAIN
Vo Run g dcpromo Next

Domain Controller for a New domain: L thit lp to ra Domain Controller u tin trong Domain Additional domain Controller : l la chn ci t thm mt my ch DC vo cho mt Domain, vi thit lp hai hay nhiu DC cho mt Domain p ng c khi mt my ch b s c xy ra th h thng vn hot ng bnh thng. y bn chn Option: Domain Controller for a New Domain ci t My ch Domain Controller u tin trn Domain. Bn nhn Next tip tc qu trnh ci t.

Domain in a new forest: Ci t my ch Domain Controller u tin trn Forest s phi la chn thit lp ny v d y ti ci cho domain u tin l: vnexperts.net phi la chn Options ny.

Bn nhp tn DNS va to trn

 H thng yu cu thit lp Password trong Restore

Mode.

Sau t Password bn nhn Next

H thng s cho bn hin th ton b thng tin

i vi pht cho n khi h thng thng bo hon thnh v yu cu khi ng li l bn hon tt qu trnh ci t Active Directory trn my ch Windows Server 2003.

II.C.H CP DOMAIN

Vo run bn g dcpromo

Bn chn check This server is the last domain controller in the domain Ngha l y l ci domain cui cng m bn mun h cp

Bn check vo Delete all application directory partition in this domain contrller.

Bn nhp password vo 2 trn vi password gm cc k t ch hoa, ch thng, s v cc k t t bit @ # $.....

Sau khi kt thc bn cn khi ng li my hon thnh qu trnh h cp domain controller

II.E REPLICATION

Active Directory trn my ch Windows Server 2003 c c ch Replications gia cc my ch Domain Controller vi nhau. Cho php nhiu my ch Domain Controller cng qun l chung mt d liu Active Directory, vi d liu v thit lp ging nhau. ng thi cho php nhiu my ch Domain Controllers hot ng vi quyn ngang hng nhau trong Active Directory.

- Cc

my ch hon ton c kh nng thm d liu vo trong Active Directory (nh vic to User mi, hay thay i thng tin trong Active Directory). Khi bn thay i d liu Active Directory trn mt my ch Domain Controller th chng s t ng ng b ho vi ton b my ch Domain Controller trong h thng mng.

- Nh vy nu mt h thng Domain nu bn c mt my ch Domain Controller chng may my ch ny b gin on trong mt thi gian nht nh th c h thng s b t lit. Khc phc vn ny bn ci t thm mt hay nhiu my ch Domain Controller na cng qun l d liu Active Directory v DNS ca h thng. Khi mt trong cc my ch Domain Controller trong h thng phi bo tr hay gin on mt thi gian th h thng vn hot ng bnh thng.

my ch Domain Controller mi hot ng vi chc nng tng ng vi my ch Domain Controller u tin phi p ng: + Cung cp gii php tn min DNS cho cc my Client + Cung cp xc thc v cc d liu lin quan khc ti d liu Active Directory.

TO DNS TRN MY CH TH 2 GING HT MY CH 1

Trn Windows Server 2003 dch v DNS cho php to Secondary Zone nh mt bn sao d liu DNS t mt Primary Zone c to sn. Thc hin qua 2 bc: Bc 1: bn my ch dtm.nonglam.com cho php ly d liu Zone nonglam.com (my khc to Secondary Zone nonglam t my ch ny. ) Bc 2 : To Secondary Zone t my ch khc chun b ci t lm Domain Controller

BC 1

Vo Start chn Administrative Tools DNS Trong ca s DNS chn forward lookup zone trong c Zone nonglam.com. Chut phi vo nonglam.com v chn Property vo tab Zone Tranfers.

BC 2 TO SECONDARY ZONE

Bn vo trong Start chn Administrative Tools DNS Trong DNS chut phi vo Forward Lookup Zone chn New Zone nhn Next h thng s bt bn la chn Type Zone bn chn Secondary Zone.

H thng s yu cu bn g a ch ca my ch cha Primary Zone ca nonglam.com Bn g a ch IP l 192.168.12.10 - i ch ca my ch dtm.nonglam.com

ly ton b d liu DNS t my ch dtm v my ch dth bn chut phi vo Zone nonglam.com mi c to ra trn my ch dth chn "Transfers from master".

THM DOMAIN CONTROLLER VO MT DOMAIN C SN

Vo Run bn g dcpromo. Nhn Next tip tc qu trnh ci t Addtions Domain Controller. V chn bnh thng nh trn bn lm. n bc chn Domain Controler Type bn bt buc phi chn Additional domain controller for an existing domain.

in cc d kin t domain, username password. Nhn Next h thng t ng tm kim Domain chn, nu bn t a ch DNS cho card mng sai n bc ny s khng tm thy domain m bn cn add vo

Cc bc cn li ging nh ci t nng cp domain controller ban u.

Sau khi hoan thnh bn khi ng li my sau vo Active Directory Users and Computers xem v ti thy c hai my ch Domain Controller.

JOIN DOMAIN

Vo card mng thit lp a ch IP cho my ch vi a ch Static l 192.168.12.100, DNS cng l 192.168.12.10

JOIN DOMAIN

Bn vo Computer name v chn Changemember of bn nhp tn domain controller cn gia nhp vo. V chn OK

JOIN DOMAIN

Lc ny h thng s yu cu bn nhp thng tin ca ngi dng c trong domain controller

II.F. SUB DOMAIN

Gi s c mt domain controller dc1.hcmuaf.edu.vn c a ch l 192.168.100.200. Chun b mt my winserver 2003 tn dc2 c a ch l 192.168.100.100 v chng ta s ci dc2 l domain controller ca domain mail.hcmuaf.edu.vn

CU HNH A CH IP TRN MY DC2

DCPROMO NEXT NEXT NEXT

NHP USERNAME PASSWORD V TN DOMAIN CHA

G LI TN DOMAIN CHA V TN DOMAIN CON

NHP TN CHO DOMAIN MI MC NH L MAIL

NEXT NEXT NEXT

RESTART LI MY LOGON VO TA S THY DOMAIN MAIL

II.G.FOREST
Gi s c mt domain controller dc1.hcmuaf.edu.vn c a ch l 192.168.100.200. Chun b mt my winserver 2003 tn dc3 c a ch l 192.168.100.150 v chng ta s ci dc3 l domain controller ca domain hcmuaf1.edu.vn

CC BC THC HIN

Cc bc u lm tng t.

NHP USERNAME PASSWORD V TN DOMAIN

NHP TN DOMAIN

NEXT NEXT NEXT

Chn la chn th hai ci t dns t ng

NEXT NEXT

Password restore

NEXT FINISH

II.H.BACK UP V RESTORE

Backup v Restore l mt trong nhng kin thc v cng quan trng trong vic m bo h thng hot ng mt cch hiu qu, v trnh c nhng s c ng tic xy ra. Trong Windows Server 2003 c s dng mt cng c backup d liu l: ntbackup.

NTBACKUP trong Windows Server 2003 s dng cng ngh backup l Shadow Copy backup c nhng d liu ang hot ng nh SQL, hay dch v Active Directory, cc file ang chy hay cc folder b cm truy cp

BACK UP
Trong Windows khng cho can thip vo cc file hay d liu ang hot ng hay ang c s dng bi mt chng trnh khc.Nhng chng ra hon ton c th backup c Active Directory theo mt cch d dng. Khi backup System State s cha ton b thng tin ca Active Directory.

BI TON
Step 1: To mt OU trong Active Directory vi tn OU1 trong OU1 to tip mt User Name l user1. Step 2: Backup Active Directory. Step 3: Xo user1 va to ra. Step 4: Khi phc li user1 va b xo.

TO OU1

TO USER1

NHP PASSWORD

SAU KHI TO THNH CNG

QU TRNH BACK UP

Vo cmd g ntbackup

CHN ADVANCED MODE S XUT HIN CA S BACKUP UTILITY CHN TAB BACKUP

SAU KHI CHN SYSTEM STATE, CN PHI THIT LP NI CHA FILE BACKUP, Y TI CHN L LU TI A:\ V TN FILE L BACKUP.BKF

NHN START BACKUP

QU TRNH BACK UP

XA USER1

TRNG THI SAU KHI XA

RESTORE

Bn khng th thc hin Restore thao tc ln cc d liu ang hot ng, v vy cn phi khi ng h thng ch Safe Mode tin hnh restore. Trong Menu cc Mode chn "Directory Service Restore Mode" bt buc phi chn mode ny bi khi bn la chn Mode ny mc nh Service Active Directory s b tt v bn c th thao tc bng cc tc v khc vo d liu ca Active Directory c.

SAFE MODE

KHI CHN KHI NG T "DIRECTORY SERVICE RESTORE MODE" H THNG S YU CU G USER NAME V PASSWORD.

CHN TAB RESTORE AND MANAGER CHN FILE BACKUP NHN START RESTORE

XC NHN

TRNG THI LM VIC CA H THNG

KIM TRA LI USER1 TN TI HAY CHA

MT S THAO TC TRN DOMAIN CONTROLLER

qun l h thng Domain, ngi qun tr cn tin hnh phn chia Domain thnh cc cp nh hn qun l (OU). Ngi qun tr cn xc nh cn phi to bao nhiu OU v trong mi OU s c nhng loi User v Group no. to cc OU cn ng nhp vo Domain vi quyn Administrator.

TO OU

Log on Administrator Start Programs Administrative Tools Active Directory User and Computers R.Click vo DH06DTB.com New Organizational Unit

NHP TN OU

TO 1 GROUP TRONG OU

R.Click vo OU DH06DTB New Group

Nhp tn Group vo Group Name: HocVien Group scope option mc nh l Global v Group Type option mc nh l Security Ok

TO USER TRONG OU

R.Click vo OU DH06DTB New User

Nhp vo First Name l: u1 v User logon name: u1 Next

NHP VO PASWORD:123 CONFIRM PASSWORD:123 B TT C CC DU CHECK. NEXT

CHN FINISH HON TT

ADD 1 USER VO 1 GROUP

R.Click User U1 Properties Tab Member Of Add

Chn Advanced

FIND NOW CHN GROUP HOCVIEN OK

KT QU SAU KHI ADD

TO OU BNG DNG LNH

Log on Administrator Start Run: CMD - To OU c tn DH06DTB1 trong Domain DH06DTB.com Trong ca s Command line g: dsadd ou ou=DH06DTB1,dc=DH06DTB,dc=com

TO GROUP BNG DNG LNH

To Group c tn GiaoVien trong OU DH06DTB1 Trong cmd: dsadd group cn=GiaoVien,ou=Dh06DTB1,dc=DH06DTb,dc=com

TO USER BNG DNG LNH

To User gv1 trong OU Dh06DTB1 Trong cmd: dsaad user cn=gv1,ou=DH06DTB1,dc=DH06DTB,dc=com

CH

Khi to User bng commain line nh trn th user mc nh trng thi Disable. Enable User: ng Commain line Start Programs Administrative Tools vo OU DH06DTB1 R.Click gv1 Enable Account OK

FOLDER REDIRECTION

Yu cu bi ton: Khi user gia nhp vo domain, thnh phn MyDocument s c lu gi trn h thng, s c khi phc li trong ln ng nhp sau.
Yu cu: phi c h thng domain, c 1 user thng, Login vo Domain vi quyn Adminstrator.

TIN HNH

My domain Logon vi quyn Administrator Vo C:\ to Folder tn MyDocs ,share cho Group Everyone quyn Full Control.

Active Directory Users and Computers R.Click OU Dh06DTB Properties Tab Group Policy New t tn Policy: Folder Redirect Edit

Vo User Configuration Windows Setting Folder Redirection R.Click My Computer Properties

Trong Tab Target Setting Chn Bassic: redirec everyone Trong hp thoi Root Path: \\Server\MyDocs --> Apply --> OK

KIM TRA

Logoff Administrator Logon user u1 R.Click My Documents Properties Trong Target c : \\Server\MyDocs\u1\My Documents

Logoff u1 Login Administrator Vo C:\MyDocs, h thng t to th mc u1 cha My Documents ca user u1.

HOME DIRECTORY

Yu cu: Ngi dng cn 1 a nhm mc ch cha d liu trn file server, d liu ny s xut hin trong ln ng nhp tip theo. Chun b: Khi ng my: chn Windows Server 2003 nng cp ln Domain Controller To OU DH06DTB , trong OU to 2 User u1, u2 Cho Group User quyn Allow logon locally To th mc C:\Homedirs Share th mc Homedirs, cho Group Everyone quyn FullControl

TIN HNH

Logon Administator Active Directory User and Computer R.Click User u1 Properties tab Profile Chn Connect chn a ty ( mc nh l Z) Trong hp thoi To: g \\Tn my Domain\\Tn th mc share\%username% Apply Trong trng hp ny l : \\Server\\Homedirs\%username%

Sau khi chn Apply phn %username% chuyn thnh tn user mnh ang ng nhp OK

KIM TRA

Log off Administrator log on User u1 v quan st thy th mc Homedirs trn file Server tr thnh a Z trn my

Vo C:\Homedirs ta thy trong y c folder u1 (c thm u2 l do em tin tay lm lun cho u2)

OU-DELEGATE CONTROL

Yu cu: Ngi qun tr h thng khng th lc no cng n tng OU v qun l cc user, v th ngi qun tr c th y quyn cho 1 user thay mnh qun l tng OU. Ty yu cu cng vic m ngi qun tr s cho php user c nhng quyn g trn OU m user c qun l. Chun b: - Cn 1 OU v 1 user trong OU - ng nhp vi quyn Administrator.

TIN HNH

Phn quyn cho User u1 qun l cc User Account trong OU DH06DTB Logon Administrator Start Programs Administrator Tools Active Directory R.Click OU DH06DTB chn Delegate Control, hin ra ca s Welcome:

Trong ca s Users or Group chn Add nhp vo u1 chn Check Name Next

Trong ca s Task to Delegate: Chn vo Delegate following common tasks Chn Create ,delete and manage user accounts Next

Chn Finish kt thc

KIM TRA

Logoff Administrator Logon User u1 Start Programs Administrator Tools Active Directory R.Click ln OU DH06DTB New : Ta thy u1 ch c quyn to User.

Y QUYN CHO 1 USER C QUYN FULL CONTROL TRN OU

Logon Administrator Start Programs Administrator Tools Active Directory R.Click OU DH06DTB chn Delegate Control Trong ca s Welcome chn Next Trong ca s User Group chn Add nhp vo u2 Check Names Next

Trong ca s Tasks to Delegate chn vo Create a custom task to Delegate Next

Trong hp thoi Active Directory Object Type Chn vo This folder, existing objects in this folder, and creations of new objects in this folder Next

Trong hp thoi Permissions chn vo General Properties-specific Creation/deletion of specific child objects chn vo FullControl Next Finish

KIM TRA

Logoff Administrator Logon u2 Start Programs Administrative Tools Active Directory R.Click OU DH06DTB New ( u2 c ton quyn trn OU DH06DTB)

Vo Menu View Advanced Features

R.Click OU DH06DTB Properties chn tab Security: thy u2 c quyn Full Control

GROUP POLICY

Logon user Administrator Active Directory Users and Computers R.Click OU DH06DTB Properties tab Group Policy New i tn New Group Policy Objects thnh Hide Control Panel Edit

Chn User Configuration Administrative Templates Control Panel R.Click Prohibit access to the Control Panel ( ca s bn phi) Properties Enabled Apply OK ng ca s Group Policy OK

KIM TRA

ng tt c ca s Cp nht Policy (gpupdate /force) Logoff Administrator Logon KT1 Start Settings quan st thy Control Panel b n.

B CHC NNG K THA POLICY CHO 1 OU

Khi 1 Policy c thit lp 1 cp cao hn, cc cp thp hn s k tha v chu rng buc bi Policy . b s rng buc ny ta lm nh sau. B chc nng k tha trong OU DH06DTB: To OU DH06DTBM bn trong OU DH06DTB, to User DH06DTM bn trong OU DH06DTBM To Policy cho OU DH06DTBM: Lm n My Network Place ( Lm tng t nh trn)

Tin hnh: Logon Administrator Active Directory Users and Computers R.Click OU DH06DTBM Properties Tab Group Policy Chn vo : Block Policy inheritance Apply OK

KIM TRA

Logoff Administrator Logon user DH06DTM My Network Place khng c trn Desktop, Control Panel th c.

BUC CC OU CON THA HNG K THA

C nhng Policy m OU cp cao hn buc cc OU cp thp hn phi k tha, khng cho OU con c th Block Policy. thc hin ta lm nh sau: Logon Administrator Active Directory Users and Computers R.Click OU DH06DTB Properties Tab Group Policy Chn vo Policy: Hide Control Panel Options Chn vo No Override: prevents other Group Policy Objects from overrding policy set in this one OK OK ng tt c cc ca s --> Start Run gpupdate /force

KIM TRA

Logoff Administrator Logon user DH06DTM Control Panel b n.

DEPLOY SOFTWARE

Yu Cu: Khi user Logon vo h thng, user mun c 1 chng trnh no c ci sn trn h thng. Tin hnh: Start Run regedit trong ca s Registry Editor KEY_LOCAL_MACHINE Software Policy Microsoft R.Click Windowns To Key mi: Installer R.Click Installer New DWORD Value

Sa tn New DWORD thnh AllwaysInstallElevated cho gi tr l 1

Vo HKEY_CURENT_USER Software Policies R.Click Windows New Key Nhp tn l Installer

R.Click Installer New DWORD Value i tn thnh AlwaysInstallElevated Restart li my tnh .

Logon Administrator v C:\atrecply ( chun b sn) Share atrecply cho Group Everyone quyn FullControl.

Vo Active Directory Users and Computers R.Click OU DH06DTB Properties tab Group Policy Chn New To 1 Group Policy: Deploy Software

Chn Edit Trong Group policy Object Editor User Configuration Software Settings R.Click Software installation New Package

Trong ca s Open nhp vo File name: ng dn File ci t, trong trng hp ny l: \\Server\atrecply\atrecply.exe --> Open

Trong hp thoi Deploy Software chn mc Assigned OK

Ca s bn tri xut hin thm 1 package ng cc ca s Start Run gpupdate /force cp nht Policy

KIM TRA

Logoff Administrator Logon user u1 Vo C:\atrecply thy file atrecply.msi v ci t bnh thng, Logoff u1 Logon gv1 Vo C:\atrecply thy file atrecply.msi nhng khng ci t c.