Windows Server 2012 活动目录项目式教程项目16 OU规划与权限管理

Windows Server活动目录企业应用项目四 使用组策略管理用户地工作环境四.一有关知识识组策略是一种能够让系统管理员充分管理与控制用户工作环境地功能通过它来确保用户拥有符合组织要求地工作环境,也通过它来限制用户,这样不但可以让用户拥有适当地环境,也可以减轻系统管理员地管理负担。

本节介绍如何使用组策略来简化在Active Directory环境管理计算机与用户。

将了解组策略对象(GPO)结构以及如何应用GPO,还有应用GPO时地某些例外情况。

本节还将讨论Windows Server 二零一二提供地组策略功能,这些功能也有助于简化计算机与用户管理。

四.一.一组策略组策略是一种技术,它支持Active Directory环境计算机与用户地一对多管理,特点如图六-一所示。

图六-一组策略通过编辑组策略设置,并针对目地用户或计算机设计组策略对象(GPO),可以集管理具体地配置参数。

这样,只更改一个GPO,就能管理成千上万地计算机或用户。

组策略对象是应用于选定用户与计算机地设置地集合。

组策略可控制目地对象地环境地很多方面,包括注册表,NTFS文件系统安全,审核与安全策略,软件安装与限制,桌面环境,登录/注销脚本等。

通过链接,一个GPO可与AD DS地多个容器关联。

反过来,多个GPO也可链接到一个容器。

一．域策略域级策略只影响属于该域地用户与计算机。

默认情况下存在两个域级策略,如表六-一所示。

表六-一默认域级策略（域策略,域控制器策略）可以创建其它域级策略,然后将其链接到AD DS地各种容器,以将具体配置应用于选定对象。

例如,提供额外安全设置地GPO可应用于包含应用程序服务器计算机账户地组织单位。

又如,GPO可限制某个组织单位用户地桌面环境。

二．本地策略运行Windows 二零零零 Server或更高版本操作系统地每台计算机都有本地组策略。

此策略影响本地计算机以及登录到该计算机地任何用户,包括从该本地计算机登录到域地域用户。

Windows Server 活动目录企业应用项目九 管理操作主机AD DS数据库内绝大部分数据地复制是采用多主机复制模式(multi -master replicationmodel),也就是您可以直接更新任何一台域控制器内绝大部分地AD DS对象,之后这个对象会被自动复制到其它域控制器。

然而只有少部分数据地复制是采用单主机复制模式（single-master replication model）。

在此模式下,当您提出更改对象地请求时,只会由其一台被称为操作主机地域控制器负责接收与处理此请求,也就是说该对象先被更新在这台操作主机内,再由它将其复制到其它域控制器。

Active Directory 域服务（AD DS ）内总有五个操作主机角色:架构操作主机（schema operations master ）域命名操作主机（domain naming operations master ）RID 操作主机（relative identifier operations master ）PDC 模拟器操作主机（PDC emulator operations master ）基础结构操作主杌（infrastructure operations master ）一个林只有一台架构操作主机与一台域命名操作主机,这两个林级别地角色默认都由林根域内地第一台域控制器所扮演。

而每一个域拥有自己地RID操作主机,PDC模拟器操作主机与基础结构操作主机,这三个域级别地角色默认由该域内地第一台域控制器所扮演。

九.一.一架构操作主机扮演架构操作主机角色地域控制器,负责更新与修改架构( schema)内地对象种类与属数据。

隶属于Schema Admins组内地用户才有权利修改架构。

一个林只能有一台架构操作主机。

九.一.二域命名操作主机扮演域命名操作主机角色地域控制器,负责林内域目录分区地新建与删除,即负责林内地域添加与删除工作。

About the T utorialWindows Server 2012 codenamed Windows Server 8 is the most recent version of the operating system from Microsoft regarding server management, but not the last one which is Windows Server 2016. Officially it was released on August 1, 2012 and is just a commercial version as of now.Windows Server 2012 has four editions: Foundation, Essentials, Standard and Datacenter. Each one of them has their own limitations except the Datacenter version, which is also the most expensive one.This is an introductory tutorial that explains all the fundamentals of Windows Server 2012.AudienceThis tutorial has been designed for all those readers who want to learn the features of Windows Server 2012. It is especially going to be useful for all those professionals who are required to install and use this operating system to perform various duties in their respective organizations.PrerequisitesWe assume the readers of this tutorial have a practical experience of handling a Windows-based Servers. In addition, it is going to help if the readers have a basic knowledge of how to install and use an operating system.Disclaimer & CopyrightCopyright 2018 by Tutorials Point (I) Pvt. Ltd.All the content and graphics published in this e-book are the property of Tutorials Point (I) Pvt. Ltd. The user of this e-book is prohibited to reuse, retain, copy, distribute or republish any contents or a part of contents of this e-book in any manner without written consent of the publisher.We strive to update the contents of our website and tutorials as timely and as precisely as possible, however, the contents may contain inaccuracies or errors. Tutorials Point (I) Pvt. Ltd. provides no guarantee regarding the accuracy, timeliness or completeness of our website or its contents including this tutorial. If you discover any errors on our website or inthistutorial,******************************************T able of ContentsAbout the Tutorial (1)Audience (1)Prerequisites (1)Disclaimer & Copyright (1)Table of Contents (2)1.WINDOWS SERVER 2012 – OVERVIEW (5)Improvements in Windows Server 2012 (5)2.WINDOWS SERVER 2012 – INSTALLATION (8)System Requirements (8)3.WINDOWS SERVER 2012 – SERVER ROLES (15)4.WINDOWS SERVER 2012 − POWERSHELL (22)PowerShell ISE (24)PowerShell Basic Commands (27)5.WINDOWS SERVER 2012 − REMOTE MANAGEMENT (29)Adding a Server for Remote Management (30)6.WINDOWS SERVER 2012 − WINDOWS FIREWALL (33)How to Create a New Firewall Rule? (36)7.WINDOWS SERVER 2012 − REMOTE DESKTOP MANAGEMENT (45)8.WINDOWS SERVER 2012 − RESOURCE MON ITOR (49)9.WINDOWS SERVER 2012 − ACTIVE DIRECTORY (51)10.WINDOWS SERVER 2012 − DC ACCOUNTS (61)11.WINDOWS SERVER 2012 − FILE SYSTEM (65)12.WINDOWS SERVER 2012 − GROUP MANAGED SERVICE ACCOUNTS (67)13.WINDOWS SERVER 2012 − GROUP POLICY OVERVIEW (70)14.WINDOWS SERVER 2012 − DHCP ROLE (73)Post-deployment Configuration (79)Scope Implementation of DHCP (81)15.WINDOWS SERVER 2012 − DNS ROLE (91)16.WINDOWS SERVER 2012 − PRIMARY ZONES (96)17.WINDOWS SERVER 2012 − MANAGE RECORDS (100)18.WINDOWS SERV ER 2012 − IIS OVERVI EW (105)19.WINDOWS SERVER 2012 − IIS SECURITY (111)20.WINDOWS SERVER 2012 − HYPER-V (119)21.WINDOWS SERVER 2012 − ADVANCED CONFIGURATION (124)22.WINDOWS SERVER 2012 − CONFIGURE WSUS ROLE (130)23.WINDOWS SERVER 2012 – WSUS POLICIES & TUNING (134)24.WINDOWS SERVER 2012 − SHARING OF FILES (144)25.WINDOWS SERVER 2012 − FILE MANAGER (151)26.WINDOWS SERVER 2012 − PRINT SERVER (160)27.WINDOWS SERVER 2012 − EASY PRINTING (163)28.WINDOWS SERVER 2012 − CONFIGURE PRINT DRIVERS (166)29.WINDOWS SERVE R 2012 − NETWORK SER VICES (168)30.WINDOWS SERVER 2012 − BACKUP MANAGEMENT (176)Windows Server 2012 Windows Server 2012 codenamed Windows Server 8 is the most recent version of the operating system from Microsoft regarding server management. But it is not the last one, as the last one is Windows Server 2016. Officially it was released on August 1st, 2012 and is being sold as a commercial version only.Improvements in Windows Server 2012The major Improvements on this version are as follows:∙It is ready to be integrated with cloud systems and it still can maintain the classic features of local datacenters as a result Hyper-V Virtualization has new features Hyper-v replicas, it allows you to create virtual machines replications between clusters and storage systems.∙The Storage migration virtual disks can be moved to different physical storages, Virtual machine snapshots, virtual machines can be deleted from the Hyper-v and also from the virtual disks and it can be used directly without the need to shut down the virtual machine.∙The Core server installation easily switches to GUI installation without the need of reinstallation.∙The file server and storage service improvement is that it eliminates identical copies in the same volumes as such and saves space.∙The Storage pools and storage spaces allows you to group the hard disks to one or more storage pools then it allows to create virtual disks. It can add other disks to the storage pools and make available to the users without impacting them.∙The iSCSI Target Server can offer block storage to other servers and applications on the network using the iSCSI standard.∙Active Directory cloning can deploy additional domain controllers by cloning an existing virtual domain controller.Windows Server 2012 – OverviewThe Windows Server 2012 has four editions: Foundation, Essentials, Standard and Datacenter. Each one of them has their own limitation accept the Datacenter version which is also the most expensive one.The following table will show what is the right one for your business needs:For finding out the cost of licensing you can click on the following link:https:///en-us/server-cloud/products/windows-server-2012-r2/purchasing.aspxWindows Server 2012 – InstallationWindows Server 2012In this chapter, we will discuss regarding the requirements and prerequisites of the Windows Server 2012.System RequirementsAlthough most of the servers nowadays probably have the necessary requirements for Windows Server 2012. It will certainly be useful to know them in case you want to upgrade from an older system.The main requirements are:∙CPU socket minimum 1.4 GHz (64-bit processor) or faster for single core and Microsoft recommends is 3.1 GHz (64-bit processor) or faster multi-core.∙RAM memory minimum is 2GB, but Microsoft recommends 8GB.∙160 GB hard disk with a 60 GB system partition space in your hard disk.One important thing to note here is that the installation process itself will verify your computer hardware and let you know if it qualifies for a Windows Server 2012 installation. If not, then you will need to upgrade your hardware.InstallationThe following steps are to be adhered for the installation of Windows Server 2012.Step 1: We can download the evaluation ISO of Windows Server 2012 R2 from the following link:https:///en-us/evalcenter/evaluate-windows-server-2012-r2But you will need to sign in first with a Microsoft account like Hotmail for example in order to complete the download and the good thing is that the evaluation period will last for 180 days, so you will have enough time to know if it will be the right product for you or not.At the end, if you decide to buy the license of your Windows server 2012 R2. You can purchase it online via a Microsoft online store found in –/store/msusa/en_US/list/Windows-Server/categoryID.70676900?icid=BusinessR_Software_80_Windows_Server_112315 For the Enterprise solution, I would recommend to purchase it via a Microsoft partner that is found in your country.Step 2: After downloading the ISO of Microsoft, create a boot USB driver which can be created with the Microsoft tool called Windows USB/DVD Download Tool and can be downloaded from the following link:https:///en-us/download/windows-usb-dvd-download-toolAfter downloading the EXE file, open it and select the ISO file location and then click next like in the following screenshot, and wait up to the end when the Boot USB is created.Step 3: After completing the above given steps, plug-in the USB to the server and wait for a while till it loads the files. This will continue for about a couple of minutes as shown in the following screenshot.Step 4: After the files are loaded, you will see the screen of language settings of installation, keyboard, time and currency format. Generally, all the default ones are also good enough to start with. Click Next.Step 5: Click “Install now”.Step 6: Once you have clicked on Install Now, the setup will start and it will load all the files and the screen will look as shown in the following screenshot.Step 7: Wait until the files are loaded and then you will see the following screen. Let’s select Windows Server 2012 DataCenter Evaluation (Server with GUI) and click Next.Step 8:Click “I accept the license terms” and the n click on the Next button as shown in the following screenshot.Step 9:The following screen will appear. In “Driver Options” you can create a new partition, delete or format the Hard disk. After you have done this process then you can select the partition where the Windows server 2012 R2 will be installed in our case we have one partition. Once all this is done, then click on Next.Step 10:Let’s wait until this process finishes during this ti me and then the server will reboot.Step 11: Once the reboot is done the following screen will appear. Set the password for the server and then click on “Finish”.Step 12: It will take some minutes until the setup finishes completely.Step 13: Once all this is done, you have completed the installation process and the following screen will appear.CongratulationsWindows Server 2012Like the previous version, Windows Server 2012 has the following roles which can be used and in the subsequent chapter, we will see how to install and configure the most important ones.The following picture shows all the roles. A small reminder! – Roles and Features are the tools that you need to install or activate in order to complete your IT Administration duties, without their installation you cannot do anything.To add a role in the server we should adhere to the following steps:Windows Server 2012 – Server RolesStep 1: Click with the mouse on Server Manager which is found in the task bar as shown in the following screenshot.Step 2: After opening the “Server Manager”, click on the second option “Add roles and features”.Step 3: The following screen will appear, then you can Click on the Next button.Step 4:Select the Role-based or feature-based installation and then click on the Next button.In the next screen that appears, you will have the following two options:Option 1: Select a server from the server pool. This option is –if you want to install the services in the physical server like being done in the following screenshot.Option 2: Select a virtual Hard disk if you want to install the services in a virtual disk that can be somewhere in the network storage. Take a look at the following screenshot for better understanding.Step 5:The last step will be to check the service that you want to install, but in the upcoming chapters we will continue this setup for each and every important services.Windows Server 2012Windows PowerShell is a command-line shell and scripting language designed especially for system administration. It ’s analogue in Linux is called as Bash Scripting. Built on the .NET Framework, Windows PowerShell helps IT professionals to control and automate the administration of the Windows operating system and applications that run on Windows Server environment.Windows PowerShell commands, called cmdlets , let you manage the computers from the command line. Windows PowerShell providers let you access data stores, such as the Registry and Certificate Store, as easily as you access the file system.In addition, Windows PowerShell has a rich expression parser and a fully developed scripting language. So in simple words you can complete all the tasks that you do with GUI and much more.PowerShell Icon can be found in the task bar and in the start menu. Just by clicking on the icon, it will open.To open it, just click on the icon and then the following screen will open and it means that PowerShell is ready for you to work on.Windows Server 2012 − PowerShellThe latest version of PowerShell is 5.0 and to check what is installed in our server we type the following command –:$PSVersionTable as shown in the following screenshot and from the screen we also know that we have PSVersion 4.0To update with the latest version where it has more Cmdlets we have to download Windows Management Framework 5.0 from the following link –https:///en-us/download/details.aspx?id=50395 and install it.PowerShell ISEThe Windows PowerShell Integrated Scripting Environment (ISE) is a host application for Windows PowerShell. In Windows PowerShell ISE, you can run commands and write, test, and debug scripts in a single Windows-based graphic user interface with multiline editing, tab completion, syntax coloring, selective execution, context-sensitive help, and support for right-to-left languages.You can use menu items and keyboard shortcuts to perform many of the same tasks that you would perform in the Windows PowerShell console. For example, when you debug a script in the Windows PowerShell ISE, to set a line breakpoint in a script, right-click the line of code, and then click Toggle Breakpoint.To open it you just go to Start –Search and then Type –PowerShell as shown in the following screenshot.Then click on Windows PowerShell ISE. Or click on the downward Arrow as shown in the following screenshot.It will list all the applications installed on the server and then click on Windows PowerShell ISE.The following table will be open –It has three sections, which include –The PowerShell Console with number 1, then Scripting File number 2 and the third is the Command Module where you can find the module.End of ebook previewIf you liked what you saw…Buy it from our store @ https://。

windows server 2012 部署活动目录服务今天我们来学习如何在Windows Server 2012中创建域.安装前提条件：1.安装者必须具有本地管理员权限2.操作系统版本必须满足条件（Windows Server 2008 除Web版外都满足）3.本地磁盘至少有一个分区是NTFS文件系统4.有TCP/IP设置（IP位置、子网掩码等）5.有相应的DNS服务器支持6.静态的IP位置，并把DNS指向自己的IP位置7.有足够的可用空间注意：Dcpromo.exe 已弃用。

在 Windows Server 2012 中，如果你从命令提示符运行dcpromo.exe（无任何参数），你将收到引导你到服务器管理器的信息，在该服务器管理器中，你可使用“添加角色”向导安装 Active Directory 域服务。

如果你从命令提示符运行 dcpromo /unattend，你仍可执行使用 Dcpromo.exe 的无人参与安装。

这可让组织继续使用基于 dcpromo.exe 的自动化 Active Directory 域服务 (AD DS) 安装例程，直到它们可以使用 Windows PowerShell 重写那些例程。

实验环境使用1台虚拟机，DC的IP是192.168.6.1,DNS位置指向自己.1.首先检查操作系统的版本2.检查网络的IP位置和DNS位置指向3.打开“服务器管理器”，点击“添加角色和功能”4.选择“基于角色或基于功能的安装”5.选择安装角色的服务器6.选择安装“AD域服务”7.完成AD域服务的安装8.开始进行“AD域服务配置向导”9.选择新建林，域名为10.选择林功能级别和域功能级别，指定是否为DNS服务器和全局编目GC11.制定DNS委派12.设置NETBIOS名13.指定AD DS数据库，日志文件和SYSVOL存放位置14.检查安装参数选项15.首先验证后进行AD的安装16.安装AD成功后进行重新启动，打开“服务器管理器”查看17.打开"AD用户和计算机"工具进行查看18.打开"DNS服务器"工具进行查看19.打开"组策略管理"工具进行查看20.打开"AD管理中心"工具进行查看本文出自“微软技术专题”博客，请务必保留此出处bbb://nickzp.blog.51ctoaaa/12728/1064693。

《Windows网络操作系统》课程标准一、课程基本信息二、课程性质本课程是计算机网络技术、信息安全与管理专业的专业核心课程，也是计算机应用技术和物联网技术与应用专业的专业拓展课程。

是一门操作性和实践性很强的职业技术课程。

其主要教学内容是介绍Windows Server 2012 R2网络操作系统的常见的网络系统管理和主流服务器的配置、维护与管理，并能利用网络互联设备组建和管理具有多台服务器的小型局域网的方法。

本课程采用采用“项目引导、任务驱动，一体化课堂”的教学模式开展教学，整个课程由15个项目引导，通过师生互动的讲练演结合和理实一体化教室实施教学。

学生在学习本课程后，能够根据企业的实际需求，配置相应的网络服务，组建公司的局域网络，并且能够维护和管理该网络。

为后续学习《网络设备配置与管理》、《计算机网络工程》等课程打下坚实的基础。

三、课程目标（一）知识目标1、按照网络组建的要求，掌握网络操作系统的基本概念和技术理论。

2、掌握Windows Server环境下组网的两种模式及其用户账户和组账户的管理。

3、掌握Windows Server系统的基础管理。

4、掌握Windows Server主流服务器的配置与管理。

5、了解中小型企业局域网或校园网的设计与规划。

（二）能力目标1、会安装和维护服务器系统软件和应用软件。

2、会配备网络和管理磁盘。

3、会管理用户和分配用户权限。

4、会搭建常用网络服务器,并对其进行配置和维护。

5、会排除服务器的一些软硬件故障。

6、能够对网络系统进行安全的维护；能运用常用的工具，对常见的问题能够进行简单的诊断与测试。

7、能够独立深入阅读网络相关的技术文献。

（三）态度与情感目标1、适应网络时代的交流、生活，善于用网络获取信息，不迷信网络、也不拒绝网络。

2、具有正确的网络使用价值观，遵守虚拟世界的国家关于网络管理的法律法规、道德，养成良好的网管员职业岗位素养。

3、形成积极动手实践的习惯，以及沟通与团队的协作能力。

Windows Server 2012活动目录安装手册2013年1月微软 (中国)目录安装要求 (3)环境描述 (4)安装步骤 (5)验证安装 (17)1.安装要求2.环境描述服务器计算机名：DC所在域名或工作组名称： IP地址：192.168.99.100 / 24操作系统：Windows Server 2012中文版3.安装步骤1)指定AD角色服务器的IP地址（这里的IP地址根据企业实际情况分配，但一定要是固定IP）2)点击Server2012右下角的“服务器管理器”显示如下界面3)点击“添加角色和功能按钮”弹出如下界面4)点击“下一步”5)这里选择”基于角色或基于功能的安装”，然后点”下一步”6)服务器选择这里选择默认的，假如你需要针对其它主机安装AD角色，这里可以选择你需要的主机，点击”下一步”7)这里勾选“Active Directory域服务”，当勾选这个选项时，会弹出如下对话框，点“添加功能”就OK。

8)这样就正确选择了安装AD角色，点击”下一步”9)功能页面不需要做任何选择直接点“下一步”10)这里是介绍AD角色的功能及注意事项，点击“下一步”11)勾选”如果需要，自动重新启动目标服务器”，然后点击”安装”12)安装成功后我们点击“关闭”，但这还没有完全安装成功13)点击服务器右上角的“功能按钮”14)弹出继续配置AD的对话框15)点击”部署后配置”，在红框处填入相应的域名16)点击“下一步”，红色方框选择域功能级别，绿色方框选择相应的功能，DNS/GC/RODC,黄色方框输入目录服务还原密码17)点击“下一步”后配置DNS，由于不需要委派DNS，所以这里不需要设置，直接点击”下一步”18)这一步配置Netbios名，若没有特殊需求默认的就可以，直接点”下一步”19)配置日志，数据库，sysvol路径，若没有特殊需求，默认就可以20)查看配置信息，若没有任何问题直接点”下一步”21)这个页面是检测是否满足条件，满足条件后就可以直接点”安装”22)等待机器安装配置项，可能需要重启23)重启后我们会看到AD角色已经安装完成4.验证安装1.直接打开CMD命令行，输入”Net query fsmo”,这时会显示五种角色都已经安装成功2.若要进一步验证AD是否安装正确，可以使用DCDIAG/a命令行。

《Windows Server 系统配置管理》课程标准-高本一、课程概要二、课程性质与定位本课程是计算机网络技术专业的专业核心课程，根据计算机网络服务技术工作岗位要求，培养学生部署企业局域网、部署企业网络的DNS服务、部署企业网络的DHCP服务、部署企业网络的FTP服务、部署企业网络的WEB服务以及NAT服务的能力。

本课程注重理论与实践的结合，培养学生网络规划设计、服务部署能力、故障检测与排除能力。

对应IEET专业核心能力1：具备网络工程建设能力、网络系统管理能力。

三、课程教学目标（一）知识目标1.掌握Windows server操作系统的系统管理知识2.掌握常见网络服务如：DNS、DHCP、FTP、WEB等服务的规划、设计、配置和管理知识3.掌握路由和远程访问的知识4.掌握ServU、Helix等市场主流服务产品的配置和管理知识5.掌握常见网络服务运维故障检测与排除方法（二）能力目标:1.具备网络方案规划能力2.具备用户、磁盘、打印等常规服务管理能力3.具备局域网组建及文件共享能力4.具备路由和远程访问服务构建能力5.具备DHCP服务构建与故障排除能力6.具备DNS服务构建与故障排除能力7.具备FTP服务构建与故障排除能力8.具备Web服务构建与故障排除能力9.具备NAT服务构建与故障排除能力10.具备企业网络应用服务器的规划与设计能力（三）素质目标：1.用户至上的服务意识和爱岗敬业的劳动精神；2.“IT工匠”精益求精、追求效率和卓越品质的工作作风；3.实践意识和实践能力、合作意识和合作能力、终身学习的意识和终身学习的能力；4.学生勤奋、踏实、乐学、善学的精神，养成良好的职业素养。

四、课程设计思路1、课程内容面向企业的实际工作任务在基于工作过程导向课程开发过程中，本课程内容选择主要依据网络工程师基于Windows平台主流网络服务的规划、配置、管理与维护工作，通过对典型的工作任务进行归纳设计学习任务，将网络知识融入到各学习任务中，构建该课程的教学内容。