Transfer: Winmag.com.cn Author: During the final fifty-one be a friend for help to install his company's network, the network is not big, but basically includes the establishment of a network by installing the client, domain structure, group policies and network antivirus and other design Wait, other networks can be expanded on this basis, I hope to help everyone.
Let's talk about the basic situation: Friends' company is a joint venture factory, now during the preparation, he belongs to the role of the general management, except for technology, and the mixed matter of the mixed part is homing. The company is now indispensable, about 60 sets. Very intuitive, the company's departments have a very complete configuration, but the boss does not want to recruit IT support staff. Therefore, he asked to minimize the chance of making changes to the computer, and can access each other, print the file, and go online (hey, this is what he is prepared for himself).
Do it first ...
Note: Please don't do the numbers in the form, I can't decide anything, the key is to design ideas and implementation methods)
First, the field of domain 1. Server configuration Because only local office, only single field is enough. The server is three IBM servers. The operating system is Windows 2000 Server version (not necessarily three, actually to complete these services, as for you with you without the advanced server version).
Server (192.168.0.1): Main domain controller, domain name final.com, IP192.168.0.1; and configured as a main DNS server (forward DNS request to ISP DNS server IP, so when the client's DNS point to Server You can access the Internet normally; install the WINS service.
Server2 (192.168.0.2): Backup domain controller, DHCP server, establish a scope 192.168.0.0.0/24, provides 192.168.0.0-92.168.0.100 (How much IP address is provided, please customize as needed, please leave a part IP to the server); configure a scope option, where the gateway is 192.168.0.254 (broadband shared router), DNS, WINS server address is 192.168.0.1. Server3 (192.168.0.3): Alternate.
If you are configured as stable, you can configure the backup area and GC of DNS on Server2, so that even if Server is debugging or failing temporarily cannot be used, the client can still use the network.
Please don't ask me how to install DC, DNS, DHCP, WINS service, Microsoft's design is simply a foolish installation.
2. The establishment of the company has five departments of the Administration, the Ministry of Finance, the Department of Engineering, and the Marketing Department (virtual).
For the convenience of management and configuration strategies, the following OU level is established. Establish a level of OU name "Final", "Final" to build three secondary OUs, "administrators", "company leaders", "department". Five sectors OUs are established in the department name under the department name. The security groups and users are separately established under each secondary OU and Levels OU, and the user will join the corresponding security group.
User account establishment principle: Taking the company's flower name, the employee number is established to establish a user account to the login name, and then move to the corresponding department OU, and join the corresponding security group, the employee's account is the Domain User Group.
If you build a "management group" in the "Admin" OU, create the user "000", join the user "000" to the security group "management group"; in the OU "department" - "004" under the "Personnel Department" , Join the security group "personnel group". Please enter the user's name information when establishing a user account, so that you will use it if you install Exchange in the future.
Please note: At this time, there is no computer account in the OU, because the client is not installed when designing the OU, please see the client installation.
3. Group Policy and Network Use the OU hierarchy designed to design the corresponding group policies in the company, management level, and functional sector. The following two instances are given for reference.
Example 1: Restricting client login user clients After joining the domain (after the client's installation and configuration), any domain account can be logged in to the domain client by default. But the people of my friend don't accept this point of view. It is not safe to open every person. It is not safe. To add CMOS boot passwords to each computer. At that time, I almost squatted six holes and blooddown (I was eating KFC at the time, and I won't spit in my mouth).
In my few patient explanations, telling them "Computer should be a company shared office equipment, rather than a single-use computer. Any device (computer, printer) is part of the network, It is the company's resources. " Finally reached the following agreement, people in each department can only log in to the department's computer. This increases the security of the client to a certain extent.
Create a group policy at the Levels of the "Personnel Department", in "Computer Settings" - "Local Policy" - "User Rights Assign" - "Local Local", set the Domain Admin group, and "personnel group" effective, so Only managers and personnel talents can log in to the Personnel Department. Other departments add corresponding group strategies separately.
Example 2: Network sharing design and folder redirection Since the user is Domain User permissions, users cannot share local files, so how to solve user file sharing? This requires that there is an administrator unified on the server.
Sharing on the server: Create a folder "DATA" on Server3 and completely shared, shared "DATA" named by default. Create a "Share Docunt" folder under the "Data" folder, set up the folder of each department and set NTFS permissions.
