Вы находитесь на странице: 1из 608

Exam 70-217

Microsoft

Windows 2000
Active Directory
Services

Microsoft Press


70-217

Microsoft

Windows 2000
Active Directory
Services
Microsoft

3- ,

2004

. 1

004
32.973.26-018.2
59

Microsoft Corporation
59

Microsoft Windows 2000 Active Directory Services. MCSE: . . 3- ., . .: - , 2004. 608 .: .


ISBN 5-7502-0247-

Active Directory. , Active Directory (Domain Name System, DNS). Active Directory
, , , , , , Active
Directory.
, , , Microsoft Windows 2000, ,
MCSE 70-217: Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure.
15 , .

004
32.973.26^018.2

Microsoft Corporation, , , .
ActiveX, JScript, Microsoft, Microsoft Press, MSDN, MS-DOS, PowerPoint, Visual Bask, Visual C++, Visual InterDev, Visual SourceSafe, Visual Studio, Win32, Windows Windows NT Microsoft / .
.
, , , ,
, , .

ISBN 0-7356-OW9-3 (.)


ISBN

5-7502-0247-

,
Microsoft Corporation, 2000
, Microsoft Corporation, 2001
, , 2004




,






Microsoft
Microsoft



1. Microsoft Windows 2000
1. Windows 2000
Windows 2000
Windows 2000

2. Windows 2000
, Windows 2000




Windows 2000

3. Windows 2000


Windows 2000


DNS
LDAP HTTP

Active Directory Windows 2000

XXIII
XXIII
XXIV
XXV
XXVII
XXX
XXX
XXXI
XXXI
XXXVII
XXXVIII
XXXIX
XXXIX
XL
1
2
2
8
... 8
9
11
12
12
12
13
13
14
14
15
15
15
16
17
17
17
18
19
19
19
19
20
20
21

Active Directory

4. Windows 2000


Windows 2000
:

5. ; Windows Security
Windows Security
: Windows Security


2, Active Directory
1. ! Active Directory
Active Directory
Active Directory
Active Directory

2. Active Directory




DNS







3. Active Directory .,
1. Active Directory
Active Directory Windows 2000

2. Active Directory
Active Directory
Active Directory Domains and Trusts

21
23
24
24
25
25
27
27
28
28
29
31
32

33
: . . . 34
34
35
35
35
36
36
37
38
39
39
39
40
41
41
42
42
43
44
45
46
49
49
49
50
51
51
51
52
53
54
54
55
56
56
56


Active Directory Sites and Services
Active Directory Users and Computers
Active Directory
Active Directory Schema
Active Directory
,11 Directory



3.



:
1:
2:

4. Task Scheduler
Task Scheduler


: Task Scheduler


4. Active Directory
1. Active Directory







DNS







, .

||
56
57
57
57
57
59
60
60
62
62
63
63
63
64
64
64
65
66
66
66
67
.. 67
67
68
71
72
72
72
73
73
75
76
77
78
78
78
79
80
80
81
81
82
82
85
86
88
88
88
89
. . . 89

2. Active Directory
Active Directory


DNS Active Directory




Active Directory
; Active Directory

3.



















4.


:


5. DNS Active Directory
1. DNS

IP-


DNS

2.

90
90
90
90
91
91
91
92
92
92
93
95
96
96
96
96
96
97
97
97
97
98
99
99
99
99
100
101
102
102
102
102
102
103
104
104
104
105
106
107
109

110
110
110
111
111
112

114
.114

[X





DNS




DNS


Dynamic DNS

DDNS DHCP
:

3.

:

DNS
DNS

4. DNS Active Directory


DNS
DNS

DNS

114
115
116
116
116
116
117
117
117
117
117
118
119
120
120
121
123
124
124
... 124
126
126
127
127
128
128
128
128
129
131
132

6,
1.

2,



,

-
:
..

133
134
134
135
137
137
.. 138
139
141
142
142
142
142
143
143
144
146
147
147
148

3.

4.
-
-

-


7.
1.



Administrator
Guest

2.




,

:

3.



,
:




,
Dial-In
:
1:
2:

4.


,

149
150
150
151
151
151
152
152
152
153
155
156
156
157
157
157
158
158
159
159
160
160
160
161
161
161
161
161
161
162
164
165
165
166
167
169
170
171
172
173
174
175
176
176
178
180
181
181
181
182
. 183

XI


184

184

184

185

185

186

186
:
187
1:
187
2: . . . . 188

191
5.
192

192

192

193
6.
194
, ,

194

195

195

196
:
196
1: . .*
,.. 196
2:
197

197

198
8.
1.











.199
200
200
201
201
201
201
202
202
202
202
203
203
203

2.


:

3.

204

205
205
206
206
206
208
208
209
209
210

XII





:
1:
2:

4.



'

5.

Users Power Users
Run As
RUNAS
RUNAS
:
Run As

'

9.
1. NTFS
NTFS
NTFS
NTFS

NTFS



NTFS

2. NTFS
NTFS
NTFS


: NTFS
1: NTFS
2: NTFS Data
3: NTFS
4; NTFS

3.

210
211
212
212
214
214
215
216
217
217
218
219
220
,...; 221
..... 222
222
222
223
224
224
225
225
226

227
228
228
228
229
229
; 229
230
230
230
231
231
232
233
233
234
234
235
236
236
237
239
241
242
243
243
, 245

4.


NTFS
NTFS
:

5.


:

XIII
246
246
248
248
250
251
251
252
252
252
252
253
255
255
256
256
257
258

10.
259
1.
260

260

261

261
:
262

263
2.
264

264

265

265

266

266
3.
267

267

267

268

269

.. 270

271

272
4. NTFS
273
NTFS . . . . 273
:
274
1:
274
2:
275
3:
276
4:
276
5 ();
277
6:
278
7: NTFS . . . . 279
8 (): NTFS

279

XIV

5. DFS
DFS
DFS
DFS
DFS
DFS
DFS-
DFS

DFS
DFS
: DFS

280
,281
281
282
282
283
283
283
284
285
285
285
286
;;.-; 289
; 290

11. Active Directory


1. Active Directory
Active Directory
Find
: Active Directory
'

2. Active Directory
Active Directory
Active Directory


Active Directory

.'

: Active Directory

3. Active Directory
Active Directory





4. Active Directory



, MOVETREE
, MOVETREE


MOVETREE
MOVETREE
MOVETREE .

291
292
292
293
294
296
297
297
297
297
298
298
301
301
302
303
304
304
304
304
305
305
305
306
306
307
307
307
308
:
. 308
309
309
310
310
311
. 311


NETDOM

:

5. Active Directory

Delegation Of Control
Active Directory
: Active Directory

6. Active Directory


What to Back Up
Where to Store the Backup

Active Directory

7. Active Directory
Active Directory






Active Directory

8. Active Directory


12.
1.



Group Policy
Group Policy

Software Settings
Windows Settings
Administrative Templates

Group Policy





}(

311
311
312
312
313
314
314
314
315
316
317
318
318
. 318
319
319
320
322
323
324
, 324
324
324
325
326
328
329
329
331
.. 332
333
335
336
336
336
- . 336
.. 337
337
339
339
340
341
342
342
342
343
344
345
345

XVI

2.





3.













:
1:
2:
3:
4:
5: . . .
6:
7;
8:
9:

4. . .

Software Installation


Software Installation
Windows Installer
Software Installation
.

346
347
347
347
348
348
348
348
348
349
349
349
350
350
351
351
352
353
353
353
354
355
356
357
358
359
360
361
361
361
362
362
362
362
363
363
364
364
364
365
365
365
366
366
366
367
367
367
368
368

5.

My Documents


6.


Software Installation


13.
1.

Account Policies
Local Policies
Event Log
Restricted Groups
System Services
Registry File System
Public Key Policies
IP Security Policies

2.






)((|
368
369
370
371
372
373
373
374
375
376
376
,. 378
378
379
379
380
381
382
382
382
383
383
387
388
389
393
393
393
394
394
395
397
398
398
398
399
399
400
400
400
401
401
401
402
402
402
403
403
403
404
404

XVII!


Active Directory


:
1:
2:
3:
4:
5: Active Directory

3.
Windows 2000





:
1:
2:
3:

4.

5.





Security Templates




:
1: Security Templates
2:

. Security Configuration and Analysis


Security Configuration and Analysis



Security Configuration and Analysis
Security Configuration and Analysis

407
.... 410
412
414
414
415
415
416
417
417
418
419
419
419
421
422
423
424
425
425
425
425
426
427
427
427
431
432
432
433
433
433
433
434
435
435
435
436
437
437
438
438
438
439
440
440
440
440

441
441








: Security Configuration and Analysis
1: Security Configuration and Analysis Console
2:
3:
4:

7.

14. Active Directory


I. Active Directory
Event Viewer
Performance
System Monitor

NTDS

Performance Logs and Alerts






: System Monitor

2. Active Directory
LDP
Replmon
Repadmin
Dsastat
Sdcheck
'
Nltest
Acldiag
Dsacls

3.




XIX
441
442
443
443
444
445
. 445
445
. 446
446
446
447
448
448
449
450

.451
, 452
452
453
454
455
455
459
461
461
461
461
461
462
465
467
467
469
471
472
472
472
.. 474
474
475
475
475
476
476
477
477
477
478
478


15, Windows 2000 RIS
1. RIS








RIS
)'


, RIS

2. RIS
RIS
RIS
R1S
R1S
RIS
RlS-
RIS
RIPrep
RIPrep


RIPrep
RIPrep
Rl Prep
<

RIS
RIS

3. RIS
RIS
RIS
- RIS
- RIS
- RIS
G UID -

479
479
480
480
'..... 481
481
482
483
484
484
484
485
485
486
487
487
487
489
489
489
489
489
490
491
491
491
492
493
493
493
497
499
500
500
500
501
502
502
503
503
504
504
505
505
505
506
506
508
509


RIS

4. RIS
RIS
RIS
RIS

XXI
510
. . . . 510
511
512
513
513
516
517

518

519

&

DHCP

550

554

06

MCSE Microsoft Windows 2000 Active Directory


Services*. , , , ,
Microsoft Windows 2000 Active Directory.
Active Directory ,
,
(Domain Name System, DNS) , . Active Directory
, , , , ,
Active Directory.
Windows 2000 (Remote
Installation Services, RIS).
Microsoft.
MCSE . Microsoft.
, , . , , , .

, , .
, .


, , , Microsoft Windows 2000 Active Directory, , MCSE 70-217: Implementing and Administering Microsoft a Windows 2000
Directory Services Infrastructure.
:
;
Microsoft Windows 2000 Server MSCE.


:
Windows 2000, http:/
/www.microsoft.corn/windows/server/;
Windows 2000 Server;
( );
Windows 2000 Server Resource Kit.

,
, .

, .
, .
, . .
!
. , , , .

,
, .
.


.
.
! , .
.

.
,
. , , .
, (
, ). ,
.
.
.
.

________________^__^______ XXV

, , , , ,
( ).
[].
[_] ,
. .
{}.
.
.

,
.
.

+*> , .
, Alt+Tab , , Alt, Tab.
. ,
Alt, F, X ,
. Alt+W, L,
AJt W , L.
. Alt (
), . ,
( ).
.
Alt, , . , Tab, , , .
4
, ESC.


, , ,
Active Directory Windows 2000. , , .
, , (
). ,
.
, .
, .
: , . Microsoft Windows 2000 Surver
.

XXVI

1 Microsoft Windows 2000 Windows 2000. Windows 2000.


2 Active Directory Active Directory,
, , (), . Active Directory, , , , DNS
.
3 Active Directory
Active Directory , , , , . Active Directory, (Microsoft
Management Console, MMC) Task Scheduler ( ).
4 Active Directory Active Directory,
, ,
5 DNS Active Directory
DNS, DNS Active Directory.
, .
6 , , .
7
. , , .
, , , , , .
8 , Windows 2000
, .
9
NTFS. NTFS
, , . .
10
.
,
(DPS) Mcrosoft ,
.
11 Active Directory
Active Directory, , ,
, , , , Active Directory.
12 : . , ,
, .
13 , , , , -

XXVII

Security Configuration and Analysis. .


14 Active Directory
, .
\ 5 Windows 2000 RIS
(RIS).
RIS.
, ! RIS.

.
DHCP DHCP RIS.


,
, . , , .
, , .

70-217: Implementing
and Administering a Microsoft


. ,
.

Windows 2000 Directory Services


Infrastructure

.
.


70-217: Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure , .
Microsoft .
, Active Directory

, Active Directory
Active Directory




XKVHI

, Active Directory

6

Active Directory

'

Active Directory
Active Directory

II

11

, , , DNS

1
1

, , , DNS
Active Directory DNS DNS

2,4

2, 4

3, 4

, DNS
DNS

, , , ,


()

12

3, 6

12

3, 6

12

3, 6

12

3, 6

12

3, 6

12

3,6

12

3,6

12

3, 6

()



12
4

12

12

12

12

- RIS

15

RIS

15

15

RIS

15

15

RIS

15

15

-
RIS

15

Windows 2000 RIS

RIS

, Active Directory

Active Directory
Active Directory

11

Active Directory

11

Active Directory

11

3, 4, 5
3, 4, 5

Active Directory

11


Active Directory

11

14

1, 2, 3

,
Active Directory

14

1, 2, 3

Active Directory

2, 3

1,3

Active Directory

XXX

()
, , Active Directory

Ktt

13

1, 3, 4, 7

,
Security
Configuration and Analysis

13

5, 6, 7

13

2,1

13



, Windows 2000 Active Directory.
Windows
2000 Server. ; . , .
,
.
.
!
. , .
.


,
Windows 2000 (Hardware Compatibility List, HCL):
32- Pentium 166 ;
64
( 128 );
2 > ;
12- CD-ROM ( Windows 2000 CD-ROM
);
SVGA 800 600 ( 1024 768);
3,5- ( CD-ROM
);
Microsoft .

XXXI


-
Microsoft Windows 2000 Server. Windows 2000 Server Web- Microsoft : http://www.microsoft.com/windows
2000/downIoads/default.asp ( Windows 2000 : http://www microsoft.com/rus/windows2000).



. Windows 2000 , .
. . , :
Windows 2000 Server;
Windows 2000 Server;
;
.
, Windows 2000. .
. Windows 2000 Server
MSCE, Microsoft Windows 2000 Server.

Windows 2000 Server


Windows 2000 Server.
, , . Windows 2000 Server
Windows 2000 Server.

MS-DOS Windows,
Bootdisk - Windows 2000 Server. CD-ROM, Windows 2000, . BIOS CD- (IOM.
! 1,44
. ; .
> Windows 2000 Server
1. 1,44
:
Windows 2000 Server 1;
Windows 2000 Server 2*;
Windows 2000 Server 3;
Windows 2000 Server 4.
2. - Microsoft Windows 2000 Server CD- ROM.

3. Windows 2000 CD-ROM Windows 2000, No.


4. .
5. CD-ROM Enter.
6. Bootdisk, cd bootdisk,
Enter.
7. , , MSDOS, 16- Windows, Windows 95 Windows 98,
makeboot : ( : ) Enter. Windows NT Windows 2000, makebt32 : ( :
) Enter. ,
Windows 2000,
.
8. . ,
, .
9. ,
Windows 2000 Server 1 .
Windows 2000 , .
10. exit Enter.
- CD-ROM.
> Windows 2000 Server
,
, , CD-ROM
.
1. , Windows 2000 Server 1 Windows 2000 Server .
, . Windows 2000 Setup.
. ,
Windows 2000 Executive
Windows 2000.
2. 2 ( ) Enter.
Setup HAL, , , ,
. , Windows 2000 Setup.
3. 3 ( ) Enter.
Setup , . Setup
.
4. 4 ( ) Enter.
,
, Windows 2000 Executive .
Windows 2000, .

5. Setup, Enter.
, , Windows 2000.
6. , Welcome To Setup, Enter
. License Agreement ( ),
7. .
Page Down.
8. I Accept The Agreement ( ), F8.
Windows 2000 Server Setup ( Windows 2000 Server), ( ) Windows
2000, .
( ), .
9. , Unpartitioned space ( ), .
, , .
10. ( 2 ), Enter.
: New (Unformatted).
. Windows 2000, Disk Management.
11. , , Enter.
.
12. , Format The Partition
Using The NTFS File System ( NITS)
Enter.
Setup NTFS,
, , .
.
.
13. .
! CD-ROM CD-ROM BIOS,
. , .
- CD-ROM .
14. ,
Windows 2000.
*

Setup .

1. Windows 2000 Next () .

2-434

XXXIV

06

Setup NTFS . , , . ,
2. , ,
Regional Settings ( ),
, Next.
, Windows 2000
, Regional Options .
3. Name () Organization
(), Next.
Your Product Key ( ),
, - Windows 2000 Server.
Licensing Modes ( )
- Per
Server ( ). Setup
.
4. Per Server Number Of Concurrent Connections ( ) 5 ( 5 ). Next.
! Per
Server Number Of Concurrent Connections 5.
. Per
Seat Per Server.
Computer Name And Administrator Password ( ). ,
.
5. Computer Name ( ) server 1.
. ,
.
! ,
.
Server 1. -,
Serverl .
6. Administrator Password ( ) Confirm Password ( ) password Next.
, , password .
password .
( ). , Microsoft

XXXV
,
(, Lp6*g9).
Windows 2000 Components ( Windows 2000), Windows 2000.
7. Next.
Windows 2000.
Add/Remove Programs ( ) . ,
. ,
.
,
Modem Dialing Information ( ).
8. Modem Dialing Information, Next.
Date And Time Settings ( ).
! Windows 2000
. , ,
.
9. , , Next.
Network Settings ( ),
.
^
Windows 2000 Server. . , .
1. , Networking Settings ( ) Typical Settings, Next. .
Typical Settings , , . ,
TCP/IP IP- DHCP.
Workgroup Or Computer Domain ( ) , .
2. , Workgroup Or Computer Domain No,
This Computer Is Not On A Network or Is On A Network Without A Domain (
, ) WORKGROUP, Next.
Installing Components ( ), . .
Performing Final Tasks ( ),
,
. ,
30 .
Completing The Windows 2000 Setup Wizard
( Windows 2000)

XXXVI

3. - Windows 2000 Server CD-ROM Finish ().


! CD-ROM
-,
, CD-ROM .
Windows 2000
Server.
^
Plug and Play,
,
1. , Ctrl+AlH-Delete.
2. Enter Password ( ) administrator User Name
( ) password Password ().
3. .
4. Windows 2000 , ,
Found New Hardware ( ), ,
Windows 2000 .
Found New Hardware, , Restart The
Computer When I Click Finish ( )
, Finish Found New Hardware,
Configure Your Server ( ),
.
5. I Will Configure This Server Later ( )
Next ().
6. Show This Screen At Startup (
).
7. Configure Your Server.
Windows 2000 Server ,
Administrator.
Windows NT Server Start
Shut Down .
, , . Server 1 (primary domain controller, PDC) Domain 1.
.
! , , , .

.

Microsoft
Microsoft (Microsoft Certified Professional, MCP)
. Microsoft
.

Microsoft. Microsoft
.

.
Microsoft (Microsoft Certified Professional, MCP) Microsoft. , Microsoft BackOffice, .
Microsoft + (MCP + Internet) ,
, , (Common Gateway Interface, CGI) (Internet Server Application
Programming Interface, ISAPI), , .
Microsoft + Site Bulding (MCP + Site Bulding) , , \-
Microsoft.
Microsoft (Microsoft Certified Systems Engineer)
, , Microsoft Windows 95, Microsoft Windows NT Microsoft BackOffice.
1
Microsoft + (MCSE + Internet) - , , , , . ,
Web- .
Microsoft (Microsoft Certified Database
Administrator, MCDBA) , , , SQL, , , , Microsoft SQL Server.
Microsoft
(Microsoft Certified Solution Developer, MCSD)
, Microsoft, Microsoft Office Microsoft BackOffice.
Microsoft (Microsoft Certified Trainer, MCT) Microsoft.

XXXVIII

Microsoft
Microsoft
,
. Microsoft , , . ,
, .
, Microsoft , .
. Microsoft Certified Professional :
Microsoft;
Microsoft
Web- ;
MSDN Online Certified Membership, , (
MSDN Online ,
); ,
, \\- MSDN;
, , Microsoft;
, Microsoft;
Microsoft Certified Professional;
Microsoft, Microsoft.
, , :
- Microsoft TechNet
Technical Information Network;
- Microsoft (
12 - -
Microsoft),
.
Microsoft .
, Microsoft:
;
, ;
;
;
;
.
, , http://www.microsoft.com/mcp/mktg/bus_bene.htm ( http://www. microsoft. com/rus/mcp/org_be nefits.html).

XXXIX


, .
Microsoft , Microsoft. , ,
Microsoft.
Microsoft
.
, Microsoft BackOffice,
.
Microsoft + Microsoft Windows NT Server 4.0, TCP/IP
Microsoft Internet Information Server.
Microsoft + Site Building
Microsoft Front Page, Microsoft Site Server
Microsoft Visual InterDev.
Microsoft
Microsoft Windows,
Microsoft BackOffice,
Microsoft +
.
Microsoft
.
Micro .oft
Microsoft Windows
Microsoft BackOffice.
Microsoft Microsoft.
Microsoft (800) 636-7544 (
) http://www.microsoft.com/train_cert/mct/.
Microsoft.


: , ,
.


. Microsoft Press Microsoft Developer Division Microsoft. , , , , .
.


. ,
Microsoft
. Microsoft , . .

Microsoft
Microsoft (Certified Technical Education Center, CTEC)
. Microsoft CTEC , Microsoft.
, Web-
Microsoft http://www.microsoft.com/CTEC/default.htm ( : http://www.microsoft.com/rus/CTEC/default.htm).


, ,
- .
, Microsoft Press .
tkinput@microsort.com
: Microsoft Press
Attn:MCSE Training Kit-Microsoft Windows 2000 Professional Editor
One Microsoft Way
Redmond,WA 98052-6399
Microsoft Press http://mspress.microsoft.com/support/.
, . Microsoft Web- Microsoft http://www.microsoft.com/support/ Microsoft Support Network Sales no (800)
936-3500 - .
Microsoft
, Microsoft Sales (800) 426-9400
www.microsoft.com.

Microsoft
Windows 2000

1 > Windows 2000

2.

Windows 2000

12

3.

Windows 2000

17

4. Windows 2000

5.

Windows Security

24
28
32


Microsoft Windows 2000 , . , ,
. Windows
2000 Windows 2000. ,
Windows
Security ( Windows).

, .

Microsoft Windows 2000

1.
Windows 2000
Windows 2000, . ,
.
, :
/ Windows 2000;
/ Windows 2000 Professional Windows 2000
Server;
S Windows 2000;
S .
15 .

Windows 2000
Windows 2000 . ,
. (Total cost of ownership,
TCO) , , . , , -
, - .
Windows 2000.
Windows 2000 Professional.
, Microsoft
Windows 98 , , Microsoft Windows NT Workstation 4.0. Windows 2000 Professional

Windows 2000 Server Windows NT.
Microsoft .
Windows 2000 Server. , , ,
Web-, Windows 2000 Professional,
. , \\-, .
Windows 2000 : Windows 2000 Advanced
Server Windows 2000 Datacenter Server.
Windows 2000 Advanced Server. , (network operations system, NOS)
. Advanced Server , . .
Windows 2000 Datacenter Server.
Windows 2000. , , -

Windows 2000

.
.
. 1-1 Windows 2000.
. 1-1. Windows 2000


Active Directory

Active Directory ,

.

. Active Directory
, , ,


Active Directory (Active
Directory Service
Interfaces, ADSI)

Active Directory -.
Windows 95, Windows 98, Windows NT Windows 2000
,
Active Directory. Software Development Kit (SDK)


(Asynchronous Transfer
Mode, ATM)

,

. , .
ATM
, ,


Windows 2000
. , , SSL TLS,
, IP.
,
.509 V3,
.
,


( ) Microsoft Transaction Server
(
). , ,
,

NTFS
.

Microsoft Windows 2000

. 1-1.

Windows 2000 ()

Dynamic
Host Configuration
Protocol (DHCP)
Domain
Name System (DNS)
Active Directory

DHCP DNS Active


Directory IP
IP- . DHCP
IP- , IP


(Encrypting File
System, EPS)

Windows 2000
.
, .

Disk Management ( ) ,


( Active Directory)

.
,
, Active
Directory.
, , ,

,
.
, Search () Start (), HTML,

IntelliMirror

IntelliMirror
Windows 2000 Professional.
IntelliMirror
, .
Windows 2000 Professional



(Internet
Authentication
Service, IAS)


, ,

. IAS PvADIUS (Remote Authentication
Dial-In User Service), IETF (Internet Enginee
ring Task Force)



(Internet
Connection
Sharing, ICS)

. ,
. , ,
(network
address translation, NAT),

. 1-1.

Windows 2000

Windows 2000 ()

Internet Information
Services (IIS) 5.0

IIS, Microsoft Windows 2000 Server,


. IIS
^feb-,
. IIS
ASP

Internet Security
Protocol (IPSec)

(IPSec)

.
IETF (Internet Engineering Task Force)

TCP/IP

(Cerberos V5

Kerberos V5
. Windows 2000
, ,
. Kerberos V5 , ,
,
, , ,


Layer 2 Tunneling
Protocol (L2TP)

L2TP
(Pointto-Point Tunneling Protocol)
,

LDAP

LDAP (Lightweight Directory Access Protocol)


, Active
Directory. LDAP 3 IETF
(Internet Engineering Task Force)

Windows 2000
,
, .
,
, ,
UNIX


Microsoft (Microsoft
Management Console,
MMC)

Microsoft (MMC)
.

.

5
. 1-1.

Microsoft Window*: 2000

Windows 2000 ()


(Network
Address Translation,
NAT)

NAT IP- ,
.
IP-,
IP-

. ,

Windows 2000

Windows , . Windows
2000 :
Windows NT Server 3.51 4.0;
,
Windows 3.x, Windows 95, Windows 98 Windows NT
Workstation 4.0;

S/390 AS/400 SNA-;
Macintosh, Macintosh

Windows 2000 Server TCP/IP
( AFP IP)

Plug and Play (PnP)

Plug and Play



(Quality of Servict,
QoS)

QoS,
. ,
. QoS
,


(Remote
Installation Services,
RIS)


Windows 2000 Professional, .
- boot ROM (Pre-Boot execution Environment),
.

Removable Storage ( ) (, )
, .
, . ,
.
, . Remote
Storage ( ) ,

Windows 2000

1
. 1-1.

Windows 2000 ()

Routing and Remote Access (


) ,
, IP, IPX
AppleTalk.
Windows 2QOO Server
, ,

Windows 2000 ,
, .
,

Windows 2000 .
, -,
SSL TLS,
,
IP

TAPI 3.0

IP- ,
,
,

Windows 2000 Server ,


.
[
,
. ,
Windows 2000 Professional 32- , .
Windows, . ( , Windows,
Citrix Systeim.)


(Virtual Private
Network, VPN)

,
,
.

-
, .

Windows 2000 Server
.

. 1-1.

Microsoft Windows 2000

Windows 2000 ()

L2TP (Layer 2 Tunneling Protocol),


(Point-to-Point Tunneling Protocol)
. L2TP ,
.
IPSec (Internet Protocol Security), ,

. IPSec


Windows


Windows (Windows
Scripting Host, WSH)

, ,
;
.
, , Visual Basic
Scripting Edition JScript

Windows 2000
. Windows 2000 Professional,
Windows 2000 Server . .


(workgroup) , , . (peer-to-peer) , .
Windows 2000 Server Windows 2000 Professional
(. 1-1),
, .

.
:
,
;
, ,
.
,
;
,
.

Windows 2000

Windows 2000:
Windows 2000 Server ;
: ;
. ( , 10
.)

Windows 2000
Professional

Windows 2000
Professional

Windows 2000
Server

. 1-1.

Windows 2000

Windows 2000 Server,


Windows 2000, (stand-alone server).


(domain) Windows 2000 ,
(. 1-2). (directory database)
. , , . Active Directory
Windows. Active Directory , . .

10

Microsoft Windows 2000


. 1-2.

Windows 2000

,
, .
. Windows 2000 Server.
.
, : , ISDN (Integrated Services Digital Network),
, Ethernet, , , . 2.
Windows 2000 :
,
. ;

, , . , ;
,
.
Windows 2000 .
Windows 2000 Server. . ,
Windows 2000 . , , .
. .
Windows 2000 Server. (member server) .
; , , .

Windows 2000

31

Windows 2000 Professional. , .

Windows 2000 -
. Windows 2000 : Windows 2000
Professional, Windows 2000 Server, Windows 2000 Advanced Server Windows 2000 Datacenter
Server. Windows 2000 Professional
,
Windows 2000 Server. Windows 2000 Server , ,
Web-.
Windows 2000 , , . Windows 2000 Server.
Windows 2000 Professional Windows 2000 Server
, .
Windows 2000 , ,
.
, ,
.

: Microwatt Windows 2000


Windows 2000
Windows 2000 , , ,
. ,
.
, :
^ Windows 2000.
15 .

, Windows 2000
Windows, 2000 ; () () (.1-3).
Windows 2000 .

( (HAL)

. 1-3.

Windows 2000


Windows 2000 : .

Windows 2000

-| 3


Windows 2000 ,
. (environment subsystems),
, API-. API, ,
Windows 2000, .
. 1-2 Windows 2000.
.1-2.

Windows 2000

32-
Windows 2000
Windows (Win32)

Win32,
Wml6 MS-DOS.
- ,

OS/2

UNIX
(POSIX)

API 16-
OS/2
API POSIX-

, , :
;
;
API ;
Microsoft CD-ROM (MSCDEX);
API ;
;

;
, ;
,
, (central processing unii, CPU)
, .


. .1-3 .
, . 1-3.

j 4

Microwatt Windows 2000

. 1-3.

Windows 2000

, . ,
.
.

, API
. Windows
2000

, API . Windows
. 2000


.
, . :
Windows 2000, ,
(Hardware Abstraction Layer, HAL).
Windows 2000
- ,
.
Microsoft Win32. Windows 2000 Windows 2000. :
, ;
.
(. 1-4).
. 1-4.

Windows 2000

- . ,
-, (file systems),
-
.
. (device
drivers) ,
, .
(cache manager) -,
.

. 1-4.

Windows 2000

15

Windows 2000 ()


(Virtual Memory
Manager, VMM)

,
,
. VMM
(demand paging)

(Interprocess Communication
Manager, I PC)

,
( ) ( , ). IPC
:
(local procedure call, LPC), , ,
(remote procedure call, RPC), ,

. (process)
. (thread)

Plug and Play

. ,

API- , ,
,


(Graphical
Device Interface, GDI)

,
Win32k.sys, .
,

. GDI ,

, , ,
,

. -
.


, Windows 2000 . - , -, -

^g

Microwoft Windows 2000

. Windows 2000 Intel Alpha ,


.

Windows 2000,
: .
: , Windows 2000 , ,
.
, .

Windows 2000

-j 7

3.
Windows 2000

. Windows 2000 Active Directory.
Active Directory . Active Directory , Active
Directory . , Active Directory.
, :
S ;
/ Active Directory;
S Active Directory.
20 .


(Directory) ,
. ,
. .
, , , ,
, , .
, .
, , .
, . , , .
, . ,
, .
.
. ,
. ,
.



.
.

<; Mierowoft Windows 2000

18

.
, (. 1-4.). , *
( ).
.
Server 1

Prlnterl

Server2

. 1-4.

: Served
: Windows 2000
:
: 1
: Server2
: Novell NetWare 4.0
;
: 2
: Printer!
: HP4SJ
:
:
: 3

:
, ;
;
;
, .

.

, .
, .

Windows 2000
Active Directory Windows 2000 Server. Active Directory
, ,
. , , , ,
, , , , , , , (object).
Active Directory Windows 2000 Server :
;
;
;
.

Windows 2000

-| 9


Active Directory (domain)
.
Windows 2000.
. (domain controller) Windows 2000 Server, : , . . , , .
Active Directory ,
. ,
, ,
.

Active Directory , . .
.


Active Directory
Windows 2000. , . Active Directory
DNS , LDAP (HTTP).
! Active Directory , LDAP 2 3, Novell (Novell
Directory Services, NDS).

DNS
Active Directory DNS,
Windows 2000 DNS. Windows 2000 Server DNS (DDNS),
DNS DNS. DDNS , Windows
(Windows Internet Name Service, WINS).

20

Microwoft Windows 2000

! Active Directory DNS.

LDAP HTTP
Active Directory LDAP HTTP.
LDAP .500,
(Directory Access Protocol, DAP). Active
Directory LDAP: 2 3. HTTP
. Active Directory, HTML- Web,
Active Directory Web.
Active Directory LDAP. LDAP
RFC 1777, Web.


Active Directory , , Active Directory .
. 1-5 , Active Directory.
. 1-5.

, Active Directory

RFC 822

@,

HTTP :///__,

Vvfeb
(URL)

\\fljicrosoft.com\xI\BUDGET.XLS

Windows 2000 Server ,

Active Directory RFC 1779


LDAP URL
, :
LDAP://someserver.m icrosoft.com/
CN=FirstnameLastname, OU=sys, OU=product,
OU=division, DC=devel

CN ;

OU ;
DC ;
LDAP URL ,
Active Directory

Windows 2000

Active Directory Windows 2000


, Windows 2000 .

, , .
, , (module)
,
API, . , . . Active Directory
. (security reference monitor), , . . 1-5 Active Directory Windows 2000.

Windows 2000.
( ), (), .
[

POSK

Win32
j.
i[

OS/2
i

i .

IPC

VMM


and Play

(HAL)

. 1-5.

Active Directory Windows 2000

Active Directory.

Active Directory
Active Directory , , . Active Directory -

Microwoft Windows 2000

,
. , . API-,
.
. 1-6 Active Directory . ,
Active Directory.
API Windows NT 4

LDAP/A DSI
Outlook

LDAP

{RPC, SMTP IP)

REPL

Windows NT 4 Outlook

SAM




NTFS
. 1-6.

Active Directory

.
(Directory System Agent, DSA). - , . API- .
. . , .
.
.
( NTDS.DIT). , \Winnt\NTDS .
NTDSUTIL, \\Mnnt\system32 .
Active Directory, , DSA.
LDAP/ADSI. , LDAP, DSA. Active
Directory LDAP 2 ( RFC 1777). Windows 2000,
Windows 98 Windows 95 Active Directory DSA LDAP 3. ADSI API LDAP, Active Directory LDAP.
API- (Messaging API, MAPI).
MAPI, Microsoft Outlook, DSA, MAPI RPC.

Windows 2000

23

(Security Accounts Manager, SAM). Windows NT 4.0 SAM


DSA. SAM.
(REPL). , DSA
, RPC.

, ,
. , , .
, Active Directory Windows 2000
Server. Active Directory ,
, , , , , , , .
,
. Active Directory , ,
.
, , Active Directory
. , ,
.
Active Directory
, ,
. Active Directory
, .

4, Windows 2000
Log On To Windows ( Windows),
. ,
.
, :
^ Log On To Windows;
S , Windows 2000
;
S .
10 .


Windows 2000 ,
Windows 2000
. . Windows 2000 , .
Windows 2000 Welcome To Windows ( Windows)
Ctrl+Alt+Delete (. 3-7). , Windows 2000. Windows 2000 Log On To Windows (. 1-7).

. 1-7.

Welcome To Windows ( Windows)


Log On To Windows ( Windows)

. 1-6 Log On To Windows.

4
. 1-6.

Windows 2000

Log On To Windows

User Name
()

,
.

Password
()

.
(*).

Log On To
( )

, .

Log On Using
Dial-Up Connection
(
)

Shutdown
( )

, ,
.
Windows 2000 Server Shutdown
.
. ,

Options
()

Log On To
Log On Using Dial-Up Connection

!
Windows 2000 Server Log On
Locally ( )
. .


:
;
, . Log On To Log On To Windows.
.
,
.

Windows 2000
Windows 2000 .
Windows 2000 , (. 1-8).

3-434

Microwatt Windows 2000

. 1-8.

Windows 2000

.
1. , , .
, Windows 2000 .
, Windows 2000 .
2. Windows 2000 , , .

.

, .
3. , Windows 2000 (access token)
. , {security ID, SID). . SID ,
, .
4. ,
.


. .

Windows 2000

27

:

Log On To Windows.
** :
1. Ctrl + Alt+Delete.
Log On To Windows ( Windows).
2. User Name () administrator ( , ).
,
. ,
.
3. Password () password ( , ). , . ,
.
4. .

, Windows 2000
Ctrl+Alt+Delete.
Log On To Windows, . ,
Log On To Windows, , .
, . , . ,
.

28

Microwoft Windows 2000

5. Windows Security
Windows Security ( Windows).
, :
Windows Security.
20 .

Windows Security
Windows Security . , ,
Windows Security , , ,
. , , .
Windows Security Ctrl + Alt+Delete
(. 1-9).
Windows. Secuiity

Microsoft

windows.

. 1-9.

&

Windows Security

. 1-7 Windows Security.

. 1-7.

Windows Security

Windows Security

Lock Computer
()

.
. , . , Ctrl+Alt+Delete . ,
.
,

LogOff

( )


. Windows 2000
.

Shut Down
( )

Change Password
( )

.
.
.

Task Manager
( )

,

,
. Task Manager *

Cancel ()

Windows Security

:
Windows Security
:
;
;
, Task Manager;
Windows 2000;
.
Windows Security.
> 1:
1. Ctrl+Alt+Delete.
Windows Security.
2. Lock Computer ().
Computer Locked ( ) , ,
.

30

Microwoft Windows 2000

3. Ctrl+Alt+Delete.
Unlock Computer ( ).
4. Password () ,
.
> 2:
1. Ctrl+Alt+Delete.
Windows Security.
2. Change Password ( ).

3.
4.

5.
6.

',

. , User Name () Log On To ( ) .


Old Password ( ) .
New Password ( ) Confirm New Password () .
.
Windows Security.
Cancel.

> 3: Task Manager


Wordpad, , Task Manager.
, , .
1. Start\Programs\Accessories (\\)
WordPad.
WordPad.
2. .
3. Ctrl+Alt+Delete.
Windows Security.
4. Task Manager ( ).
Windows Task Manager ( Windows).
5. Applications (), .
.
6. WordPad, End Task ( ).
WordPad, . 1-10 .

f a response from you,


return to Windows and check the status tit the
program. c6ck Cancel,

ar&i unsaved date. To end the pragi am itow, click End-:

---.-'_[ . , . . - .

. 1-.

... IndNowi I f Kinc^:'

Windows Security

31

( End Task),
Wait (), .
WordPad , \VbrdPad , Cancel.
\\ferdPad , End Now ( ) WardPad.
Task Manager .
7. Task Manager.
> 4:
1. Ctrl + Alt+Delete.
Windows Security.
2. Log Off ( ).
.
3. Yes.
: Start ()
Shut Down ( ),
Log Off Administrator ( ) .
> 5:
1. Ctrl+AJt+Detete.
Windows Security.
2. Shut Down ( ).
Shut Down Windows ( Windows).
Shut Down ( ).
3. Cancel
Windows Security.

, Windows Security ( Windows) CtrHAlt+Delete ,


. , Windows Security
, , Task Manager, ^,
.

32

Microwoft Windows 2000


7J


. , . . .

1. Windows 2000 Professional Windows 2000 Server?


2. ?
3. Active Directory?
4. Active Directory?
5. ?
6. Windows Security ( Windows)?

Active Directory

1.

Active Directory

34

2.

Active Directory

41

52


.
Windows Microsoft Windows 2000
Active Directory . Active Directory : ,
. Active Directory.

Active Directory

1, Active Directory
Active Directory ,
. Active Directory ,
, :
S Active Directory;
S Active Directory.
30 .

Active Directory
1 , , , , Active Directory . ,
, , , , , , (object).
, . (attribute) . , (user account)
, , (. 2-1)

(Jane Doe)
,... John Doe"

. 2-1. Active Directory

Active Directory , . ,
, , , ().
, , (container). , ,
, .
Active Directory, ,

Active Directory

35

Active Directory
Active Directory (definitions), ,
Active Directory, .
, Active Directory
, Active Directory.
: .
(schema objects) (metadata).
.
, . ,
Description , , .
, (object classes), , Active Directory . .
. ,
' User Netwok Address, Home Directory .
Active Directory .
Windows 2000 Server .
, . , *!
, ,
Users. . , , ,
.

Active Directory
Active Directory ,
. Active Directory: , , ,
. ( )
. Active Directory
.


Active Directory ,
. , . Active Directory
. . 2-2 Active Directory.

. 2-2.

Active Directory

Active Directory ,
. , , , : , , , ,
, . Active Directory .
. :
, , .
10 , 1 ;
. (access control lists,
ACL) . , , . Windows
2000 , , ,
Active Directory. , , , , .
.


() ,
,
- , ()
, , , , , , , .

Active Directory

3?

, .
,
, , .
. 2-3 , domain.com : US, Orders Disp.
, . ,
.
, Orders.

domain.com/

ai4 .

. 2-3.


US, Orders Disp,
. US, Orders Disp. , Active Directory
(Orders Disp) -
(US).
,

(tree) ,
Windows 2000, . > . . :
(Domain Name System, DNS),
. . 2-4 microsoft.com , a us.microsofl.com uk.microsoft.com . uk.microsoft.com
sls.uk.microsoft.com;
, , Active Directory;

Active Directory

, ,
.
microsoft.com

uk.microsoft.com /

us.microsoft.co

s.uk.micro5oft.com

. 2-4.
, . ,
.
.

(forest) , ,
. :
;
, ;
;
,
;
.
. 2-5 microsoft.com msn.com.
.
micrasoft.com

msn.com

uk.microsoft.com
us.msn.com

sls.uk.microsoft.com
. 2-5.

sls.uk.msn.com

Active Directory

39


Active Directory . , .

(site) IP
,
. , ". , ,
, .
, 512 /, 128 /.
Active Directory . , ,
, . ,
.
,
.


Windows 2000 Server,
( ).
, , .
:
Active Directory,
, ;

. Active Directory -
. .
, Windows 2000
,
;
, ,
;
Active Directory (multimaster replicaton), . , , .
,
;
.
,
, Active Directory;

40

a Active Directory

,
Active Directory .

, ,
Active Directory. . Active Directory , . Active Directory
, .
Active Directory , .
Active Directory .
Active Directory
, .
Active Directory , ,
. () , . Windows 2000,
, ,
.
Active Directory .
IP, . Windows 2000 Server, .

Active Directory

41

'. Active Directory


Active Directory , , , , DNS . Active Directory.
, :
S
S
S
S
S

Active Directory;
Active Directory;
( ] );
DNS, Active Directory;
Active Directory .
20 .


(global catalog) (, 2-6). , (global catalog server).
,
. ,
(, , ..).
, , ,
.
;
,
;
.
, , ,
. , .
, , .
,
.

Active Directory

42


. 2-6.

! Domain Admins (
), , ,
,
.
, ,
. .

. , ,
. , . , .

, . . ,
.


, (directory partition). .
:
,
;

Active Directory

43

, . ;
.
,
,

.

. , .
:
;
;
. , .
:
;
;
(
);
, .
! -
.


Active Directory , ,

.

Active Directory
. ,
(. 2-7).

, , .
, . Active Directory .
, Active Directory .

Active Directory

. i

. 2-7.

*
3


(site link). Active Directory
-, .
,
, , . , Active Directory , . , ,


(trust realtionship) ,
. Active
Directory .
(implicit two-way transitive
trust).
. ,
().
Kerberos, Windows 2000 .
. 2-8, : , ,
. . .
-
.

.

Active Directory

4S

( ,
).

. 2-8.

Active Directory

(explicit one-way nontransitive trust). ,


. . () . , . 2-8 , 1, 1 . :
Windows 2000 Windows NT;
Windows 2000 Windows 2000
Windows 2000 (realm) MIT Kerberos V5,
Kerberos Active Directory
.

DNS
, Active Directory
. (namespace) , . (name resolution)
, . Active
Directory DNS,
. DNS ,
. DNS :
DNS , IP-;
DNS , IP-. IP- ,,
;
DNS ,
, .

46

Active Directory

. RFC 1034 1035. RFC 1034 RFC 1035.


Active Directory DNS
, Windows 2000 DNS. Windows
2000 Server (Dynamic DNS, DDNS),
, , DNS- DNS. DDNS , Windows
Internet Name Service (WINS).
! Active Directory DNS.


(domain namespace) , DNS. (node) DNS. .
DNS , .
, (subdomain). ,
. , . 2-9 sales.microsoft.com sales microsoft.com, a microsoft
com.

Computer 1 .sales .micro solt.com

. 2-9.

Active Directory

4?

, , .
:
(contiguous namespace) .
;
(disjointed namespace)
,
. , :
www.microsoft.com;
msdn.microsoft.com;
www.msn.com.

microsoft.com, .
DNS ,
Windows 2000. Windows 2000 , , .

; (.). , Network Solutions, Inc.

. . 2-1 .
. 2-1.

gov

com

edu
org

net


, ru .
,

, Network Solutions, Inc., . : . ,
2-2 .

Active Directory

. 2-2.


ed.gov
microsoft.com
stanford.edu


Microsoft

w3.org

World Wide \Vfeb

pm.gov.au

gov.au, edu.au com.au . .,


.

. , . 2-9 Computer! .
(Fully Qualified Domain Name, FQDN),
. . 2-9 computerl.sales.microsofi.com. ( , ) .
, , NelBIOS
.

, .
. , . 2-10 microson.com . microsoft
sales, development.
. , , . 2-10, ,
sales.microsoft.com development.microsoft.com, sales development
.
IP- .
, (zone's root domain).
.
. 2-10 microsoft.com Zonei,
IP- microsoft sales.
Zone2 development,
IP- development. Zonel
development, microsoft.

Active Directory

Zone2



Zone!

Zonet
. 2-10.

49

Zone2


, , , .
(name server) :,
(primary zone database file). To
. ,
, ,
.
, .
:
.
, ,
. (zone transfer).
. , ,
;
. ,
,
-;
, .

DNS Active Directory . 5.


Active Directory . Active Directory : (distinguished name, DN), {relative distinguished name, RDN),
(globally unique identifier, GU1D) (user principal name, UPN).


Active Directory (distinguished name, DN). ,

Active Directory

50

. DN , , .
, DN - Firstname Lastname
microsoft.com ( Firstname Lastname
):
DC=COM/DC=Mic rosoft/OU=dev/CN=Users/CN=Fi rstname Lastname
, .
. 2-3.

01

CN

. Active Directory .
RFC 1779.

RFC 1779.


Active Directory , ,
DN .
(relative distinguished name, RDN) ,
. RDN - Firstname Lastname
Firstname Lastname, a RDN Users.
Active Directory RDN , () . ,
Jane Doe,
.
Jane Doe, DN (. 2-11).
(DN)
(RDN)
_/ Users / Sales / Managers/ Jane Doe

ON

RDN

. 2-11.

Active Directory

51


(globally unique identifier, GUID) 128- , . . GUID DN.
Windows NT (security identifier, SID), , SID . GUID , .


(user principal name, UPN) ,
DN . , , , DNS- ,
USER. : , @,
. , James Smith microsoft.com username@microsoft.com. UPN DN
-, User , .

, Active Directory, , , ,
DNS .
,
Active Directory.

.
Active Directory . Active Directory
.
, .
, , . Active
Directory : .
Active Directory DNS , Windows 2000 DNS-.
Windows 2000 Server DDNS, DNS- DNS. .
, , Active Directory:
(DN), (RDN),
(GU1D), (UPN).

52

Active Directory


7 1


. , . . .

1. Active Directory?
2. ()?
3. ?
4.
?

Active Directory

Active Directory

2,

Active Directory

56

3.

bfi

4.

Task Scheduler

??


\ctive
Directory. : Active Directory, , , , Active Directory, Active
Directory Windows 2000. : , ( Start\Adminislrative
Tools) Task Scheduler ( ).


:
, ;
Windows 2000;

Active Directory

1.
Active Directory
Active Directory.
, :
S Active Directory Windows 2000.
5 .

Active Directory Windows 2000


Active Directory Windows 2000 ,
. (. 3-1).
. 3-1.

Active Directory

Active Directory

, , , ,
Active Directory,
,
() .

, ,
. ,
, ,

Active Directory

Active
Directory. Active Directory

Active Directory

,
.

Active Directory


Active Directory


Windows 2000

Remote Installation Services (RIS)


Windows 2000

Active Directory

55

, , , .

Active Directory, Active Directory, , Active Directory, Active Directory, , Active Directory Windows 2000.

Active Directory

2,
Active Directory
Windows 2000 Server
. Active Directory , . Active Directory .
, :
S Active Directory Users and Computers, Active Directory
Sites and Services, Active Directory Domains and Trusts;
S ,
, , , .
- 20 .

Active Directory
,
Windows 2000. ,
Administrative Tools.
Windows 2000, Active Directory ,
. Administrative Tools Windows 2000 Active Directory:
Active Directory Domains and Trusts (Active Directory );
Active Directory Sites and Services (Active Directory );
Active Directory Users and Computers (Active Directory );

Active Directory Domains and Trusts


, , Windows NT Kerberos
V5. Active Directory Domains and Trusts :
(
, Windows 2000, Windows 2000)
;
Windows 2000 ;
(user principal
name, UPN), ;
;
.

Active Directory Sites and Services


Active Directory. Active Directory, , .

Active Directory

57

Active Directory Users and Computers


, , Windows 2000, , , , , .

Active Directory
Active Directory Administrative Tools,
Active Directory .

Active Directory Schema


Active Directory.
Administrative Tools.
Administration Tools Windows 2000, Add/Remove
Programs .
ADMINPAK.MSI - Windows 2000 Server.
^ Active Directory Schema
1. .
2. Start\Settings (\) Control Panel (
).
3. Add/Remove Programs ( ).
4. Add/Remove Programs Change Or Remove Programs
( ), Windows 2000 Administration Tools
Change ().
5. Next.
6. Setup Options ( ) Install All Of The
Administrative Tools ( ), Next.
7. Windows 2000.
Finish ().
8. Add/Remove Programs, Control Panel.
9. Start Run ().
10. Open () mmc .
11. Console () Add/Remove Snap-In (/ ).
12. Add ().
13. Add Standalone Snap-In ( ) Snap-In
() Active Directory Schema ( Active Directory),
Close () .
14. Console Save ().
! Active Directory ,

. Active Directory
Microsoft Active Directory Programmer's Guide.

Active Directory
Windows 2000 Support Tools ,
, Active Directory.

4-434

58

Active Directory

\Support\Tools - Windows 2000. Microsoft, .


Active Directory .
> Windows 2000 Support Tools
1. Windows 2000. .
2. CD-ROM - Windows 2000.
3. Microsoft Windows 2000 CD (- Microsoft Windows 2000) -.
4. \SUPPORT\TOOLS.
5. Setup.exe.
6. , .
Windows 2000 Support Tools ,
18,2 . Windows 2000 Support
Tools Programs Start.
\Program Files\Resource Kit (
, ) PATH
.
. 3-2 Active Directory.
. 3-2.

Active Directory

ACLDIAG.EXE: ACL
Diagnostics

,
.

. 14

ADS1 Edit 3

Microsoft, (
),

DFSUTIL.EXE: Distributed File System Utility 1


(DFS),
DFS, DFS

DNSCMD.EXE: DNS
Server Troubleshooting
Tool1


DNS, DNS,

DSACLS.EXE1


Active Directory. 14

DSASTAT.EXE: Active
Directory Diagnostic Tool


. 14

LDP. EXE: Active Directory


Administration Tool

LDAP- Active
Directory. 14

MOVETREE.EXE: Active
1
Directory Object Manager

Active Directory, () , . 11

2
. 3-2.

Active Directory

Active Directory ()

NETDOM.EXE:
Windows 2000 Domain
Manager

Windows 2000

NLTEST.EXE1

,
,
.
14

REPADMIN.EXE:
Replication Diagnostics
Tool1

, , .
- ,
. 14

REPLMON.EXE: Active
Directory Replication
Monitor

, { ),
. . 14

SDCHECK.EXE: Security
Descriptor Check Utility1


.

, ,

.
14

SIDwalker: Security
Administration Tools

Windows 2000
Windows NT. : Showaccs.cxe
Sidwalk.exe1
, Security Migration Editor3

(SID)

.
.
(Microsoft Management Console).

Active Directory . Microsoft Windows


Server 2000 Resource Kit (Microsoft Press, 2000)*.

Active Directory
Active Directory (Active Directory Service Interfaces, ADSI} , , - Active
Directory. ADSI , ,
Microsoft Visual Basic, Java, , Visual C++, ,
VBScript, JScript, PerlScript, * Windows 2000 .
2001 . . .

5Q

Active Directory

. ADSI , .
ADSI ,
, LDAP .


(Microsoft Management Console) , , (console). Active Directory,
. , Active Directory Domains and Trusts (Active Directory ), Active Directory Sites and Services (Active Directory )
Active Directory Users, and Computers (Active Directory ) . . , ,
(snap-in), .
: ()
. Administrative Toots (). . , .


.
Windows 2000 , :
,
;
, , . , ,
;
Windows 2000. Windows 2000 Server Windows 2000
Professional ;
Windows 2000. Windows 2000 , - . , DNS DNS.
. 3-3 Windows 2000
.
. 3-3.

Active Directory Domains


and Trusts '

Active Directory

. 3-3. ()

Active Directory Sites


and Services '


Active Directory

Active Directory Users


and Computers '

, , Active Directory

Component Services
( )

Computer Management
(
)

Configure Your Server


( )

Windows

Data Sources (ODBC)


[
(ODBC)]

, ODBC (Open Database Connectivity)


, Windows

DHCP

Distributed File System


(DPS) [
(DPS)]

DHCP (Dynamic Host


Configuration Protocol)
,

DNS ''

DNS, DNS- IP-

Domain Controller
Security Policy (

) 1 '

Domain Security Policy


(
) '

Event Viewer
( )

Windows

Internet Services Manager


(
)

IIS (Internet Information Services) , \\-


Licensing
()

Local Security Policy


(
)

Performance (
)

Routing and Remote


Access (
)

g2

Active Directory

. 3-3. (}

Server Extensions Administrator (


)

Microsoft FrontPage
Server Extensions \Veb-cepBepoB FrontPage

Services ()

Telnet Server Administration (


Telnet)


Telnet

1
2
3

Windows 2000 Professional.


Windows 2000 Server.
Windows 2000 Server.



. - . , , , . :
;
;

.
.
, , .
.msc. , , ,
.


(console tree), . . 3-1, Device Manager ( ) Disk
Defragmenter ( ).
,
. , ,
. (details panel)
.
Action () View ().
() .

Active Directory

63

. 3-1.
_.

[J;

, . . .


(snap-in). . Window* 2000
Server . Windows 2000 Professional
.

- (extension). .
.
. , Software Installation ( ) Group Policy, Disk Defragmenter,
.
Windows 2000 , . Windows 2000 -
.
.
.
. 3-2 . ( ) (). ,
,
( ).

64

Active Directory

;
"";;
1 rr

[ ]
, J
Computer / [
Management
Event Viewer
Device Manager
.
.
.

.
. 3-2.


.
, , . : Author () User ().

. 12.


, ,
. :
;
;
;
.


,
.
.

(. 3-4).

2
. 3-4.

Active Directory

gg


Full Access ( )


,
, , , i

Limited Access, Multiple Windows


(
)

Limited Access, Single Window


(

)

Active Directory,
Active Directory Domains and Trusts
. Active Directory Sites and Services
Active Directory. Active Directory Users and Computers , , Active
Directory.
, , . , . () ; Administrative Tools. . , .
, .
.
. . .
. : Author () User
(). , , .
User,
.

55

Active Directory

3,
,
.
, :
S ;
S ;
S .
30 .


Start\Programs\Administrative
Tools (\\). Computer
Management , My Computer ( ) Manage ().


.
^
1. Start () Run ().
2. Open mmc .
, Console 1. Console Root.
. , .
. 3-5 Console ().
. 3-5.

Console

New ()

Open ()

Save ()
Save As ( )
Add/Remove Snap-In
(/
)

( )

()

Options ()

3. .

gy

.
. , Windows 2000 Professional
Windows 2000 Server. ; .
:
,
Windows 2000;
, . , Windows 2000 .
, Windows 2000 Server . Windows 2000 Professional. Windows 2000 Professional
, Windows 2000 Server,
Windows 2000 Professional. My Network Places ( )
Windows 2000 Add/Remove Programs
, Windows 2000
Professional- . ,
,
.

:
Jf
, :
^ ;
;
.

1:
^ :
1. Administrator ().
2. Start\Programs\Administrative Tools (\\) Event Viewer ( ).
Event Viewer, . Event Viewer .
?
?
3. Event Viewer.

gg

Active Directory

2:
. , . , . .
^ 1:
1. Start () Run.
2. Open mmc .
, Consolel Console Root ( ). . , .
3. Consolel.
4. Console Root.
5. Console ()
Options ().
Options () Console (),
.

6.
7.
8.
9.

, , , ?
, Console Mode ( ) Author Mode
( ) .
Console Save As ( ).
.
File Name ( ) All Events Save.
.
Console Exit ().
All Events .

^ 2:
1. Start\Programs\Administrative Tools All Events.
Events, .
> 3: Event Viewer
1. Console All Events Add/Remove Snap-In (/ ).
Standalone ( ).
, ,
.
2. Add ().
Add Standalone Snap-In (. 3-3).
. , , .
3. Event Viewer ( ) Add ().
Select Computer ( ) ,
.
, Event Viewer ,
; , Event
Viewer .

69

Event Viewer , Another Computer ( ) Browse ().


Select Computer (: ) , Event Viewer, .

Use lh 0 Wto add jgmove a slwdabne Snapn from #e eorwofe

soft Coipoialia
ive Drectny Sites and Seivi

Microsoft Corpriiato

K-e Dkectny Users and Corrpiitas Microsoft Coip


ActiveX Control

jgt Component Services


Computer M anagemenl
Device Manager
DHCP
D.sk Deiiaamenlei

. 3-3.

Add Standalone Snap-In ( )

4. , Select Computer Local Computer ( ) Finish ().


5. Add Standalone Snap-In Close (), Add/Remove
Snap-In - OK.
Event Viewer (Local) .
,
.
^ 4: ,
1. All Events Event Viewer (Local) System
().
.
2. ,
Source () eventlog.
Event Properties (: ).
. .
3. Event Properties, .

7Q

Active Directory

4. Console Exit, All Events.


, All
Events.
5. No ().
> 5:
1. Start () Run.
2. Open mmc .
.
3. Consolel Console Root.
4. Console Add/Remove Snap-In.
Add/Remove Snap-In Standalone.
.
5. Add.
Add Standalone Snap-In.
.
6. Computer Management Add.
Computer Management, ,
. Computer
Management ( ) .
7. , Local Computer Finish.
8. Close.
Computer Management .
9. Add/Remove Snap-In .
Computer Management . .
10. Computer Management , System Tools ( ).

, , System Information
( ) Device Manager ( ).
, .
11. Console Add/Remove Snap-In.
Add/Remove Snap-In Standalone.
12. Computer Management (Local) Extensions (),
Computer Management.
, ?
13. Add All Extensions ( ), Available
Extensions ( ) Device Manager Extension
( ) System Information Extension ( ).
14. .
.

J1

15. Computer Management ( ) System Tools ( ), , System Information Device


Manager .

?
16. .
, .
17. No.

, ,
.
Event Viewer.
. Start.
: Event Viewer, , , ,
Computer Management. , , . , ,
.

Active Directory

72

4. Task Scheduler
Task Scheduler ( )
, . Task Scheduler .
, :
/ Task Scheduler .
25 .

Task Scheduler
Windows 2000 Scheduled Tasks ( ), Control Panel ( ); Start\Programs\ Accessories\System Tools (\\\
). Scheduled Tasks , My Network Places ( ).
Scheduled Tasks .
, , - .
Task Scheduler ( ) :
;
, .

Scheduled Task ( ).
Add Scheduled Task ( ) Scheduled
Tasks. . 3-6 , .
. 3-6.

Scheduled Task

Frequency (
)

: , , , ,

Application () , .

Windows 2000 Browse (),

Task name ( )
Time and date (
)
Name and password
(
)


. ,

.
,
.

4
. 3-6.

Task Scheduler
Scheduled Task ()

, ,
, ,
. ,
,

Advanced Properties
( )


, Scheduled Task,
. . 3-7 .
. 3-7.

Advanced Properties Scheduled Task Wizard

Task ()

, ,

Schedule
()

. ^
, (,
22.00 )

Settings
()

,
, , ,
, .

Security
()

,
.

: Task Scheduler

,1

, :
;
Task Scheduler.

Disk Defragmenter ( ) .
Task Scheduler.
^ 1:
1. My Computer ( ), Control Panel
Scheduled Tasks ( ).
Scheduled Tasks.
, Add Scheduled Task ( ).

Active Directory

2. Add Scheduled Task.


Scheduled Task.
3. Next.
.
, Windows 2000, Browse
() .
4. Browse ().
Select Program To Schedule ( ,
).
5. Program Files, WINNT.
6. Accessories, DFRG.MSC.
7. Launch Disk Defragmenter (. 3-4).
, , .
Scheduled Tasks ( ) .
Scheduled Task Wizard
Tjjps a name fot (his 1- . 1 Iv i.'ist' ivune c.vi hr

. 3-4.

Scheduled Task ( )

8. One Time Only (), Next.


9. Start Time ( ) 4 . .
, .
Start Date ( ).
10. Next.
.
,
. ,
. , , SERVERl\Administrator,
( SERVER1,
).
, .
.

75

11. Enter The Password ( ) Confirm Password () password.


12. Next.
Advanced Properties ( )
.
13. Finish ().
, .
14. , ,
, 9. Disk Defragmented
15. Disk Defragmenter.
^ 2: Task Scheduler
1. Scheduled Tasks ( ) Launch WordPad.
Launch WordPad.
. ,
Advanced Properties ( )
Scheduled Task. He - .
2. Settings ().
.
3. Delete The Task If It Is Not Scheduled To Run Again ( ,
).
4. Schedule () 2 .
.
5. .
, ,
, 4. WDrdPad.
6. WordPad.
, Scheduled Tasks .

.
7. Scheduled Tasks ( ).
8. Windows 2000.

Task Scheduler , , . Windows 2000 Scheduled Tasks ( ),


Control Panel My Computer. ,
, .
Scheduled Tasks , My Network Places ( ). , , -
. Scheduled Task Disk Defragmenter .

Active Directory


? 1


. , . . .

1. Active Directory Domains and Trusts,


Active Directory Sites and Services Active Directory Users and Computers?
2. ?
3. ?
4. , Computer Management Active Directory Users and Computers.
, :
-
;
;
.
?
5. Windows
2000 Server , Windows 2000 Professional?
6.
Windows 2000 Server . ?

Active Directory

1,

Active Directory

78

2, Active Directory

90

3.

96

4.

104

107


Windows 2000 Active Directory.
Active Directory , () .


:
, ;
;
;
Microsoft (Microsoft Management Console,
MMC).

78

Active Directory

1.
Active Directory
Active Directory !
. Active Directory,
, ,
. Active Directory ,
. Active Directory.
, :
S ;
S ;
S ;
S .
35 .


Active Directory ,
, . :
;
;
.


, . , . 4-1 Microsoft
.
Administration (), Purchasing (), Sales ()
Distribution (). -, -,
.

Active Directory

79

. 4-1.

Microsoft no


Active
Directory. ,
,
Active Directory. :
;
;
.
:
;
;
;
TCP/IP.
, . 4-2 Microsoft.

. , , Administrators. 5 3-
. . , .

(15 000 )

(6000 )
-^

(7000 )
-*7

/V\

(4000
)

1,
51,2 /,
60%

-
(8500 )

1,

51,2 /,

40%

71,
1544 /,

90%
(9000 )
-

[7500 )
(7000 )
. 4-2.


. .
.
.
.
. . , .
. , .
.
.
, .


.
.
. :
.
, .
.

.

Active Directory

g-f


, .
, .
.
, :
;
;
;
;
;
;
.
Microsoft , :
;

-;

( ).


, ,
.
. : ,
.
.
itx (Domain Name Service, DNS). DNS. , , , DNS,
.
, . DNS. .
Microsoft
. Microsoft ,
.


Active Directory DNS-. DNS , DNS. , DNS .
.
DNS
?
Active Directory ?

DNS?

82

Active Directory

DNS
DNS- DNS, . , Microsoft microsoft.com.
, .
DNS , ,
. DNS Network Solutions, Inc.,
.
DNS . ,
Microsoft Chicago,
chicago.microsoft.com.


Active Directory .
Active Directory DNS
.

,
(. 4-3). mcrosoft.com ,
. :
, ( );
, ,

.
, DNS, ,
, . ,
.
, DNS
. DNS
. -, - ,
microsoft.com .

Active Directory

83

www,microsoft.com
192.168.0.20
ftp.microsoft.com
192.168.0.21
DNS
microsoft.com


microsoft.com

www.microsoft,com IN A 192.168.0.20
ftp.microsoft.com INA 192.168.0.21

microsoft.com
server1.microsoft.com 172.16.0.5
Web- microsoft.com
www.microsoft.com 172.16.0.6
DNS microsoft.com
172.16.0.2
dnssvr! .microsoft.com

microsoft.com

clientl .microsoft.com
172.16.0.46
. 4-3.

172.16.0.5
server! .micrasoft.com
172.16.0.6
www. m icrosoft. com
Clientl .microsoft.com
INA172.16.0.46
ldap.tcpmicrosoft.com INSRVOO 389
server! .microsoft.com
ldap.tcp.ms-dcs.microsoft.com

:
, microsoft.com, ;
; , jsmith@microsoft.com
.
:
- , ;
, ;
, , , ;
, -.



(. 4-4). .
microsoft.com , msn.com .

Active Directory

www.microsoft.com
192.168.0.20
ftp.microsoft.com
192.168.0.21
DNS
microsoft.com


microsoft.com

www.microsoft.com IN A 192.168.0.20
ftp.microsoft.com IN A 192.168.0.21

microsoft.com
server! .microsoft.com 192.168.1.5
Web- microsoft.com
vwfw.microsoft.com 192.168.1.6
DNS microsoft.com
dnssvrl .microsoft.com
192.168.1.2

clientl .microsoft.corn
192.168.1.46
. 4-4.

setver1.msn.com
192.168:1.5
www.msn.com
192.168.1.6
Client1.msn.com
IN A 192.168.1.46
ldap.tcp.msn.com
INSRV00389
server1.msn.com
ldap.tcp.ms-dcs.msn.com

DNS .

. ,
, DNS.
, . microsoft.corn, msn.com . .
:
;
;
-,
microsoft.com.
:
. , John
Smith jsmith@msn.com,
jsmith@microsoft.com;
DNS .

Active

. (user principal name, UPN),


.


:
, . ;
: ;
DNS Unicode. Windows 2000 DNS: AZ, z, 09 (-),
RFC 1035. Unicode , ASCII, ;
Unicode,
DNS-. Unicode . RFC 2044,
RFC 2044.
. , cot
DNS, -.
;
. , DNS;
63 , .
255 . .
. 4-5 Microsoft. ,
microsoft.com, .
microsoft.com

kc.microsoft.com,

/ \

"

stp.microsoft.com/

. 4-5.

col.microsoft.com

Xchi.microsoft.com

Microsoft


(). . -

86

Active Directory

, . ,
.
. , .
:
.
, ;
,
. :;
;
, .
. , , Temp Employees;
Active Directory. ,
, .

.
1. , ,
.
2. .
. ,
. : ;
;
.

, , (. 4-6.). - ADM IN, DEVELOPMENT f DEVEL) SALES - .
-.

Active Directory

domain.com

. 4-6.


(. 4-7).
WEST, CENTRAL EAST , .
domain.com

. 4-7.


(. 4-8).
NORTH AMERICA EUROPE , . .

Active Directory

domain.com

. 4-8.


Active Directory, IP-, . Active Directory . ,
.
.
Windows 2000 .
. Windows 2000 ,
.
.
- .
, ,
.


, ()
. , , , .


,
. ,
, . -, , .

Active Directory

39


, , .
, .
, . . ,
.
,
, , .
1. . , , , , TCP/IP.
2. , . ,
.
3. , . , .
4. . , , .
(site link object) , , .
5. .
. ,
( 100 ; , ).
3 .
.
6. .
(site link bridge) .

6.

Active Directory , , .

, , .
, DNS,
DNS, DNS
. , DNS.
- . .
Windows 2000.
, .

5-434

Active Directory

90

Active Directory
Active Directory
, , Active Directory
. DNS Active Directory .
, :
S Active Directory;
S Active Directory .
25 .

Active Directory
Active Directory :
;
;
;
;
DNS-;
;
;
Active Directory .
Active Directory Administrative
Toots () Configure Your Server ( ) DCPROMO . , Active Directory
.
Active Directory .


. .


. , Active Directory .
(. 4-1).
. 4-1.

Active Directory

91

DNS Active Directory


Active Directory DNS , . DNS , IP- LDAP- .
LDAP , Active
Directory . Active Directory, DNS, Active Directory DNS
. DNS Active Directory.
DNS-
Active Directory. DNS
Active Directory; , DNS-
Windows 2000 . , , ,
DNS, DNS. DNS , MCSE Windows 2000, 2001.

DNS Active Directory 5.


Active Directory , (. 4-2).
. 4-2.

, Active Directory

. <?
systemroof^NTDS, syslemroo;
Windows 2000.

,
Windows 2000.
.

systemroof\SYSVQL.
, NTFS 5.0

,
Active Directory,
, (
10). , , .


: .

92

Active Directory


Windows 2000 Server (mixed mode), Windows NT.


Windows 2000 Server
, (native mode).
:
, , Windows 2000 Server;
;
, , ;
.
.
.
^
1. Start\Programs\Administrative Tools (\\) Active Directory Users And Computers (Active Directory ).
2.
Properties ().
3. General () Change Mode ( ).
4. Active Directory' Yes (), .
5. .

Active Directory
DCPROMO Run Active Directory , .
, .
Active Directory ,
, . ,
, .
^ Active Directory
1. .
2. Start\Run (\), Open () dcpromo .
Active Directory.
3. Next.
4. ,
Next.
5. Enterprise Administrator (
) Next.

Active Directory

93

6. Administrator ()
Next.
7. Next.
8. Finish (), Active Directory .

: Active Directory
Active Directory , . DCPROMO Active Directory.
Active Directory Users And Computers. ,
DNS .
^ 1: Active Directory
1. .
Configure Your Server ( ), ,
DCPROMO.
2. Start\Run (\).
Run ().
3. Open () dcprnmo .
Active Directory.
4. Next.
Domain Controller Type ( ).
5. Domain Controller For A New Domain ( )
Next.
Create Tree Or Child Domain ( ).
6. , Create A New Domain Tree (
) Next.
Create Or Join Forest ( ).
7. Create A New Forest Of Domain Trees (
) Next.
New Domain Name ( DNS-).
8. Full DNS Name For New Domain ( DNS- )
microsoft.com Next.
( microsoft.com , ).
NetBIOS Domain Name (NetBIOS- ).
9. , MICROSOFT ( DNS-, } NetBIOS Domain Name Next.
Database and Log Locations ( ).
10. , sysiemroot\NTDS
Next. ( Windows 2000 WINNT,
NTDS , Windows 2000.)
Shared System \blume ( ).
11. , SYSVOL systemroof\ SYSVOL ( Windows
2000 WINNT, SYSVOL , Windows 2000).

94

Active Directory

SYSVOL?
SYSVOL?
12. Next, systemroot\SYSVQL ( , Windows 2000) SYSVOL.
,
DNS-. . Configure DNS ( DNS).
13. Yes, Install And Configure DNS On This Computer (, DNS) Next.
Permissions ().
14. , Permissions Compatible Only With
Windows 2000 Server (, Windows 2000)
Next.
Directory Services Restore Mode Administrator Password ( ).
15. , Administrator
, Directory Services Restore ( ), Next.
Summary (), .
16. Next.
Configuring Active Directory ( Active
Directory). .
- Windows 2000 Server.
17. Completing The Active Directory Installation Wizard (
Active Directory), Finish ()
Restart Now ( ).
> 2: My Network Places
1. .
2. Configure Your Server ( ), .
3. My Network Places ( ).
.
?
4. Entire Network ( ),
Microsoft Windows Network ( Microsoft Windows).
?
5. Microsoft Windows Network.
> 3: Active Directory Users And Computers
1. Start\Programs\Administrative Tools (\\) Active Directory Users And Computers.
.
2. microsoft.com ( ).
microsoft?
3. Domain Controllers.

Active Directory

95

: SERVER!. SERVER1 , DNS ,


4. Active Directory Users And Computers.
^ 4: DNS DNS
1. Start\Programs\Administrative Tools DNS.
2. DNS. DNS SERVER]
( ) Properties ().
SERVER1 ( , ).
3. Monitoring.
4. Select A Test Type ( ) A Simple Query
Against This DNS Server ( DNS-) A Recursive Query To
Other DNS Servers ( DNS-) Tesl Now
().
Serverl
PASS ( ) Simple Query ( ) Recursive Query
( ).
5. .
6. DNS.

Active Directory Configure Your


Server, DCPROMO . Active
Directory , ,
, Active Directory .
Active Directory .
systemroot\NTDS. Active Directory ,
Windows 2000. . systemroof\SY$> VOL.
Active Directory DNS ,
, Active Directory,
DNS. DNS- , Active Directory. Windows 2000 DNS , DNS Active Directory .
. Windows NT, ,
Windows 2000 Server.

96

Active Directory


,
Active Directory. , , . , .
, :
S
S
S
^

;
;
;
.
15 .


Active Directory . ,

, (
). (operations master roles) .
Active Directory . , , .
, . , ; ,
.


Active Directory :
;
.
,
.


. .
.


, , .
.


:
;
(primary domain controller, PDC);
.
: , .



. , .
,
. ( ,
) , , .
( Movet.) ,
,
.


Windows 2000 Windows NT,
Windows NT. .
, .
Windows 2000
, . .
- ,
,
.


.
, ,
(
, )
. , , .

Active Directory

.

. ,
, .


Active Directory .
.


:
;
;
.

, , .
. 4-9
.

,

,
,

F
. 4-9.

, ( ). . ,
.
, . , , .

Active Directory

99


, .
, . . . (standby) , .

,
. , ,
. ,
.
, , . , . , , .


, .
. , , , , .



. , ,

.


,
,
**

, PDC
1. Active Directory Users and Computers (Active Directory ).
2. Active Directory Users and Computers,
Operations Masters ( ).
3. :
R1D, Operations Master ( )
;

1 00

Active Directory

PDC, Operations Master ;


Infrastructure (), Operations Master .
4. Cancel (), Operations Master.
^

1. Active Directory Domains and Trusts (Active Directory ).


2. Active Directory Domains and Trusts
Operations Master.
Change Operations Master ( )
Domain Naming Operations Master ( ).
3. Close (), Change Operations Master.
>
1. Active Directory Schema ( Active Directory).
Windows 2000 Administration Tools ( Windows 2000). Active Directory
Schema . 3.
2. Active Directory Schema,
Operations Master.
3. Change Schema Master ( )
Current Operations Master ( ).



. Active Directory.
*
1.
2.

3.
4.
5.

6.

, PDC

Active Directory Users and Computers.


, , PDC , Connect To Domain ( ).
Connect To Domain Browse (),
, .
Active Directory Users And Computers
Operations Masters ( ).
:
RID, Change ();
PDC, Change;
Infrastructure, Change.
, Operations Masters.

Active Directory

101

*
1. Active Directory Domains And Trusts .
2. ,
, Connect To Domain.
3. Connect To Domain Browse,
, .
4. Active Directory Domains And Trusts
Operations Master.
5. Change Operations Master Change.
6. OK, Change Operations Master.
*-
1. Active Directory Schema.
2. Active Directory Schema Change Domain Controller ( ).
3. Change Domain Controller :
DC, Active Directory ;
Name () ,
.
4. .
5. Active Directory Schema Operations Master.
6. Change Schema Master ( ) Change.
7. , Change Schema Master.


.
, - . , , - , .
, . .
.
, , . ,
, , .
, ,
, . , . , , .
!
, ,
, Windows 2000.

102

Active Directory


. , ,
.
, , . , ,
.


.
, .
,
, .
- , ,
.


. , , .
, , . , ,
.

PDC
. , PDC ,
.
PDC , Windows 2000
Windows NT, PDC ,
. ,
.


. ,
.
,
, ,
( ). , , .
, .

Q3

: , : ,
. Active Directory .
, . , Active Directory.

J 04

Active Directory


() . . ,
. .
, :
S

.
10 .


Active Directory Users and Computers (Active Directory
). , , .
^
1. .
2. Start\Programs\Administrative Tools (\\) Active Directory Users And Computers (Active Directory ).
3. , , (, microsoft.com)
.
4. Action () New (), Organizational Unit ().
5. New Object Organizational Unit ( ) Name
() .


, .
, , .
. , ,
General (), Managed By () Group
Policy ( ) . , General (. 4-10), , .

. 4-10.

General ()

. 4-3 .
. 4-3.

General ()

, , , ,

Managed By ()

, , ,
, , ,

Group Policy
( )

^
1. Start \Programs\Administrative Tools Active Directory Users
And Computers,
2. ,
3. Properties.
4. , , .

:
.
> :
1 . .
2. Start\Programs\Administrative Tools (\\) Active Directory Users And Computers (Active Directory ).
.

Active Directory

106

3. microsoft.com ( ).
.
.
?
, , , .
4. (, microsoft.com).
5. Action () New () Organizational
Unit ().
New Object Organizational Unit ( ).
: . ,
. .
6. Name () Sales .
7. Sales.
8. Action New Organizational Unit.
9. Name Trucks .
Trucks ( Sales).
10. Sales Autos.
Active Directory Users and Computers Autos ( Sales) Trucks (. 4-11).
idles krujierllei
} Managed By ] Stoup Petey j

. 4-11.

Active Directory Users and Computers.


,
, .
,
, .

-j Q7


9J


. , . . .

!. ?
2. DNS. Active Directory
.
?
3. Windows 2000?
4. , , ?
5. ?
6. ?

DNS
Active Directory

1.

DNS

110

114

.
4.

DN5 Active Directory

124
128
132


Microsoft Windows 2000 Server
DNS Active Directory. Active Directory \Vindows
2000 Server :
Windows 2000 DNS. Netlogon DNS DNS;
Active Directory , pei .
DNS,
, , Active Directory. . ,
Active
Directory DNS.


:
, ;
Active Directory, 4;
.

"110

DNS Active Directory

1. DNS
DNS Windows 2000.
, IP-, . .
, :
D ;
10


IP- DNS; , . , Web- Microsoft www.microsoft.com. DNS
IP- 207.46.130.149. IP- DNS.

IP-
, TCP/IP, IP; 32- IP- .
, , TCP/IP-. ,
, IP-.
.
, , TCP/IP ( , , , TCP/
IP) . .
32- IP-:
10000011 01101011 00010000 11001000
IP- - . 32- 8- .
. , IP-
131.107.16.200, (131.107),
(16.200).


DNS . IP- , . DNS . , DNS, , , . DNS , .

DNS

111


DNS -.
, DNS.
, DNS. . 5-1 ,
, microsoft.com DNS IP-
www.microsoft.com.

. 5-1.

. 5-1.
1. DNS.
2. , ,
. microsoft.com, DNS, . DNS com.
3. DNS com,
microsoft.
4. DNS microsoft.
, IP-
www.microsoft.com DNS.
5. www.microsoft.com .
6. , www.microsoft.com.

DNS
, . DNS, . ,
(. 5-2).

DNS Active Directory

. 5-2.

DNS, .
1. , (Time
to Live, TTL).
TTL , . 60 .
2. TTL
.
3. , .
, .
TTL . ,
, DNS. TTL ,
.
TTL.


IP-. , NSLOOKUP, . ,
, IP-.
DNS , IP-,
. in-addr.arpa,
in-addr.arps , DNS; IP-, :
IP- - ;
IP- ;
in-addr.arpa IP .
, . 5-3 169.254.16.200 in-addr.arpa.
, IP- 169.254.16.0 169.254.16.255 255.255.255.0, 16.254.169.in-addr.arpa.

DNS

200

. 5-3.

"j "f 3

255

in-addr.arpa

IP- ,
DNS. , DNS
, pa DNS IP-. , DNS
.
, DNS
. IP-. DNS , ,
in-addr.arpa. , DNS; , -, .

j "14

DNS Active Directory

2,
DNS ,
.
.
DNS .
, :
Q ;
D ,
Active Directory;
D ;
D ;
D .
30 .
DNS
, , DNS. ,
.


, , :
;
,
;
,
.
, , . , . :
.


. DNS DNS.
Active Directory
DNS, , ,
.
>
1. Start\Programs\Administrative Tools (\\) DNS.
2. DNS.

f ]5

3. Forward Lookup Zone ( )


New Zone ( ).
: Zone
( ), Zone Name ( ), Zone File ( ) Master DNS Servers
( DNS).


.
Active Directory. , Active Directory,
.
Active Directory.
. , . , .
. . . . DNS, ,
, . .
, Active Directory

, DNS Active Directory,


.

Active Directory.
DNS . DNS .
. . , .
Active Directory, DNS !5 .
DNS (, DNS)
. Active Directory,
, DNS . DNS , .
(access control list, ACL)
. , ACL -
,
, .
.

& DNS Active Directory

,
Active Directory.
DNS , Active Directory , . , , Active Directory, ,
,
.
DNS Active Directory, DNS, Active Directory.
, ,
. DNS Active Directory, .
Active Directory , DNS.
Active Directory , . .


,
. , , microsoft.com sales.microsoft.com,
microsoft.com. 2.


,
. .dns.
, microsoft.com MICROSOFT.COM.DNS.

.
.sy.s/e/nro0/\System\DNS , systemroot Windows 2000, C:\Winnt.

DNS
DNS, . IP- DNS.


. . ,
NSLOOKUP, .
^
1. Start\Progfams\Adrninistrative Tools DNS.
2. DNS.

-\ \ J

3. Reverse Lookup Zone ( ) New Zone ( ). : Zone


( ), Zone Name ( ), Zone File ( ) Master DNS Servers
( DNS).


( Active Directory, ), .


. , IP- 169.254.16.200 169.254. 169.254 .


. . , in-addr.arpa. , 169.254 254. 169. in-addr.arpa. dns.
.
systemroot\System32\DNS
.

DNS
DNS, . IP- DNS.


, , IP-. .
DNS :
(Start of Authority, SOA) (Name Server, NS). . 5-1 , .
. 5-1.


()

IP-


(PTR)


(CNAME)

.

. ,
,
. , \\eb www.microsoft.com - ftp.microsoft.com

f "18

DNS Active Directory

. 5~1.

()




(HINFO)


(MX)


(NS)

DNS



(SRV)

, ,
, ,
, DNS,


, DNS (SOA)
.
SOA

>
1.
2.
3.
4.
5.

RFC 1035, RFC 1183, RFC 1886 RFC 2052.


, .
, .
Action () Properties ().
.
.

*
, ,
, , New Host ( ) New Mail
Exchanger ( ).


, . , ,
. :
;
, .
. 5-4 microsoft.com,
microsoft. microsoft
microsoft. , , microsoft.com
, .
. 5-4 example microsoft.com. example.microsoft.com example.microsoft.com,

-\-\Q

01 (J

Zone:
microsoft.com

:
example.microsofl.com
. 5-4.

SOA, DNS . DNS .


.
>

1.
2.
3.
4.

DNS , .
Action New Delegation ( ).
Next.
Delegated Domain Name ( ) Next.
5. Name Servers ( ) DNS, , Next.
6. , Finish ().
, ,
, .

Dynamic DNS
DNS, , Dynamic DNS
(DDNS). DNS , , .
DDNS (. 5-5).

IP 192.168.120.133

. 5-5.

DDNS IP-


, . ,
, (, DHCP WINS).

DDNS DHCP ,
. DHCP () , DHCP (PTR) . DHCP PTR .
,
DHCP DNS. DHCP
; , Windows 2000.
*
1. DNS ,
, Properties.
2. General () Allow Dynamic Updates ( ) ;
No () .
Yes () .
Only Secure Updates ( ) , DNS, . .
Only Secure Updates , Active
Directory. ,
DNS.
DNS - RFC 2136 RFC 2137.

:
.
, , , PTR .
^ 1:
1. Start\Programs\Administrative Tools, DNS.
DNS.
2. SERVER1 ( ).
Forward Lookup Zones Reverse Lookup Zones.
3. SERVER1 New Zone ( ).
.
4. Next.
.
5. , Standard Primary (), Next.
.
6. , Forward Lookup Zone ( ) Next.
.
7. training.microsoft.com Next. ( ,
, .)
.
8. , Create A New File With This File Name (
) TRAINING.MICROSOFT-.DNS. ( 7 , .dus.)
9. Next.
.
10. Finish ().
^ 2:
1. SERVER1, New Zone.
.
2. Next.
.
3. , Standard Primary, Next.
.
4. , Reverse Lookup Zone ( ),
Next.
.
5. , Network ID, 10.10.1 Network ID ( ).
( IP- 10.10.1.1, .)
, in-addr.arpa, L10.10.in-addr.arpa.
, .

6-43-1

\ 22

DNS Active Directory

6. Next.
.
7. , Create A New File With This File Name ( )
10. lO.l.in-addr.arpa.dns. ( . 5 , in-addr.arpa.dns.)
8. Next.
.
9. Finish ().
> 3: DDNS
1. DNS SERVER] ( ).
2. Forward Lookup Zones ( ) training.microsoft.com ( , ),
3. training.microsoft.com ( ),
Properties ().
.
4. General () Allow Dynamic Updates Yes () .
.
5. Reverse Lookup Zones, 10.10.1.x Subnet , .
6. 10.10.1.x ( )
Properties.
.
7. General () Allow Dynamic Updates Yes () .
** 4:
1. DNS Reverse Lookup Zones.
2. .
?
3. , New Pointer (
).
4. Host IP Number (IP- ) 1 IP-.
Host Name ( ) , . , Browse (). , SERVER1,
serverl.microsoft.com. ( ).
5. .
PTR.
6. DNS.

DNS ,
. DNS
, DNS .

-J 23

, , , Active Directory; , , , .
, , DNS , ,
, , PTR
.

^ 24

DNS Active Directory


(
DNS ).
, :
D ;
D .
10 .
DNS, , DNS. , ,
, .
DNS, .
:
,
;
; DNS
;
.

(Full Zone Transfer, AXFR) . DNS
, .
DNS Windows 2000 Server (Incremental Zone Transfer, IXFR), .


IXFR RFC 1995
.
DNS . IXFR.
,
DNS.
. ,
SOA , .
, , . . .

:
:
DNS ;
;

125

, .
-,
. , . -
, .
. 5-6 . , .

SOA ( )
IXFR AXFR
4

. 5-6.

...- '". ...".. ... . ,. .,1. ..

..,.

IXFR AXFR
( )

- - , .
1. DNS, .
2. - .
,
SOA. SOA ( - 15
), , .
3. ,
SOA.
4. - .
-.
5. - , .
, ,
. - ,
, .
, , .
6. - , IXFR, SOA.
7. - .

, .
, .
Windows 2000 Server
IXFR. DNS Windows NT Server 4.0,
DNS,
.

126

DNS Active Directory


DNS , ,
.
> ,
1. Start\Programs\Administrative Tools DNS.
2. DNS , , Properties.
3. Zone Transfers (. 5-7).

. 5-7.

Zone Transfers ( )

4. , , .

DNS
DNS. . DNS DNS (RFC 1996).
DNS . , Active Directory, , , Active Directory,
15 ( SOA). .
^
1. Start\Programs\Administrative Tools DNS.
2. DNS ,
, Properties.
3. Zone Transfers Notify ().
4. Notify () ,
, .

. 5-8.

27

Notify ()

DNS
.
1. DNS . SOA.
2. - , .
3. , ,
.
, .

.
DNS, DNS , .
DNS Windows 2000 Server
, .
, ,
DNS,
. . DNS , ; , Active Directory, DNS .

DNS Active Directory

4.

DNS Active Directory

DNS. DNS, Active Directory, .


, :
D DNS;
D DNS Active Directory.
10 .

DNS
Windows 2000 Server DNS:
DNS;
.

DNS
Windows 2000 Server DNS
(log-) , .
Event Viewer.
, DNS, , .
Event Viewer DNS ,
Windows 2000.

Event Viewer 14.


DNS
. DNS.LOG system_root\
Systems32\Dns. DNS Windows 2000 , (. 5-2).
. 5-2. DNS

Query

Notify

, DNS

Update

Questions

,
DNS

Answers

,
DNS

Send

, DNS

DNS Active Directory


. 5-2.

DNS ()

Received

, DNS

U DP

, UDP

TCP

, TCP

Full Packets

, DNS

Write
Through

, DNS

. - DNS
, .
( ), , .
>
1. DNS , Properties.
2. Logging .

DNS
. 5-3 DNS .
. 5-3.

DNS


DNS

, , ,
DNS


DNS.

PING,
DNS.


-
- ,

DNS, SQA
-,
-.
-

,
DNS, BIND


, DNS

, ,
,
. ,
,
. DNS

130
. 5-3.

DNS Active Directory

DNS ()

, , .
,
' DNS

. 5-4.

(
DHCP)

DNS

,
Windows 2000.
,
Windows 2000 DHCP


DNS
- DNS

, ,
.
DNS
IP-
DNS

DNS

DNS -

DNS, , ,
.
Windows 2000 Event Viewer
log-
() (PTR)

DNS

, DNS. ,
,
RFC 2136. , DNS Windows
NT 4.0, Windows 2000,

4
. 5-4.

DNS Active Directory


()

DNS
,

, , , . , DNS
Windows 2000 .
DNS,

, .
DNS ,
.
. , ,
SOA NS. , Active
Directory, , DNS
Active Directory,

DNS, , ipo .

132

DNS Active Directory


|
,*1


. , . . .

1. ? ?
2. , Active Directory?
3. SOA?
4. ?
5.

1.

134
142

149

151

153


Microsoft Windows 2000 :
;
.
, Active Directory, Exchange 2000 Personalization and Membership
Site Server.
.
, ,
.


:
;
Active Directory, 4;
().

f 34

1,
, , , .
, :
/ ,
20 .

, ,
. : -
, . , , , .
, , . ; , .
IP-.
Active Directory
Sites Default-First-Site-Name. . (, IP-
) .
Default-First-Site-Name .
Active Directory ,
Active Directory I - ,
. .
^

1. Start\Programs\Administrative Tools (\\~


) Active Directory Sites And Services (Active Directory ).
2. Sites New
Site ( ).
3. New Object Site ( ) Name
() (. 6-1). .

IDEFAULTIPSITEUNK

. 6-1.

New Object Site

4. .
**
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. Sites.
3. Rename ().
4. .

TCP/IP . , .
, , . , Active Directory,
*
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. Sites.
3. Subnets
New Subnet ( ).
4. New Object Subnet ( ),
Address () (. 6-2). Mask () ,
, . ,
, .

Eif Ihe !it>r.el address end (Vtfjk.


HN.I- -us - r.vnitirifpi'i<ii.

J a ale ofcieel -for Hi is s

Chicago
Redmond

. 6-2. New Object Subnet


^
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. Subnets,
Properties ().
3. (. 6-3) Site () , , ,
10,0.0.0/EIPi.juertie
''-"-

I , , .,

. 6-3.

' ,

",

) 37


. , ,
Active Directory Sites and Services. , , .
, . Active Directory Sites and Services ,
. ;
.
Active Directory
IP DEFAULTIPSITELINK. , , .
DEFAULTIPSITELINK .


, ,
IP SMTP:
IP-. (remote procedure call, RFC)
() ().
IP- , Active Directory, . IP- .
SMTP-. (),
. SMTP ,
. (certification
authority, CA) SMTP- . () SMTP,
.
;
Microsoft Windows 2000 ( , 2001).
*
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. Inter-Site Transports IP
SMTP, , , New Site Link ( ).
! SMTP
SMTP
, .
3. New Object Site Link ( ) Name
() (, 6-4).

1 38

Chicago
Redmond

. 6-4.

New Object Site Link

4. Add ().
5. .
>
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. Inter-Site Transports, IP SMTP, , , Properties.
3. General (), Sites In This Site Link ( ) ,
, Add ().
4. .


Microsoft
BackOffice, ,
.
License Logging ( ), Windows 2000 Server.
License Logging , , .
Licensing () Administrative Tools , .

. , .
. .

139

*
1. Start\Programs\Administrative Tools Active Director}' Sites
And Services.
2. , .
3. License Site Settings Properties.
4. Licensing Site Settings Properties (: Licensing Site Sel tings)
Licensing Computer ( ) Change
().
5. Select Computer (: ) -
.
6. Licensing Site Settings Properties .
*
1. Start\Programs\Administrative Tools Licensing ().
2. License () Select Domain ( ),
.
3. Select Domain ( ) Domain ()
.

:
, , , .
* 1:
1. Start\Programs\Admimstrative Tools Active Directory Sites
And Services.
Active Directory Sites and Services.
2. Sites.
?
3. Default-First-Site-Name
Rename ().
4. , Redmond, .
Default-First-Site-Name Redmond.
>* 2:
1. Sites New
Site ( ).
2. Name () Chicago. Chicago DEFAU LTIPSITELINK .
Active Directory, , Chicago :
, ;
Subnets;

;
.

> 3:
1. Sites.
2. Subnets
New Subnet ( ).
3. Address () 10.10.1.1. Mask () 255.0.0.0. ,
. Chicago, , .
10.0.0.0/8 Chicago.
^ 4:
1. Subnet, 10.0.0.0/8 Properties.
10.0.0.0/8 Subnet
().
2. Site () Redmond,
, .
> 5:
1. Inter-Site Transports IP.
?
2. IP New
Site Link ( ).
New Object Site Link ( ).
3. Name () Redmond to Chicago.
4. , Redmond Chicago Sites In This Site Link
( ), .
> 6:
1. Chicago.
2. License Site Settings Properties.
License Site Settings Properties.
3. Licensing Computer ( ) Change
().
Select Computer (: ).
4. SERVER1 ( ) .
Licensing Site Settings Properties (: Licensing Site
Settings). SERVER 1, microsoft.com ( ; . Licensing Computer).
5. .
6. Active Directory Sites and Services.
> 7:
1. Start\Programs\Administrative Tools Licensing ().
MICROSOFT.COM Licensing.
Products View ( ).

.
Subnets, ,
, . . ; .
License Logging , . Licensing
, .
, , ,
.

142

2,

. , Active
Directory , .
, . ,
-,
. .
, :
/ .
25 .


,
.
1. (. 1).
2. .
3. .
4. ( ).
5. -.


, .

,
?^ . ,
, . , -1
-1, -1
. Active Directory ; , , .
>

1. Start\Programs\Administrative Tools (\\) Active Directory Sites And Services (Active Directory ).
2. Inter-Site Transports , IP SMTP.
Properties ().

143

3. Cost ()
(. 6-5). 100; , . , 1 100 , 120 .

. 6-5.

4. .


, Active Directory ( ) .
15 10 080 ( ). ,
.
, .
>
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. Inter-Site Transports, IP SMTP.
Properties.
3. Replicate Every ( )
. 180 ; , 15, 15 10 080.
4. .


,
. SMTP ,

6
.
SMTP- , :
;
SMTP ;
, , Ethernet.
>
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. Inter-Site Transports, IP SMTP.
Properties.
3. Change Schedule ( ).
4. Schedule For ( ) , (. 6-6). ,
5. .
,
Ignore Schedules ( ).

. 6-6.

Schedule For


Start\Programs\Administrative Tools Active Directory Sites
And Services.
Inter-Site Transports, IP SMTP
Properties.
IP SMTP General ()
Ignore Schedules ( ).
4. .

,
, , (. ). , ,

,
. , IP- ( ,
IP) .
IP- IP . IP- , . ; , ,
, .
>
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. Inter-Site Transports, IP SMTP New Site Link Bridge (
).
3. New Object Site Link Bridge ( ) Name () (. 6-7).
tew Ob|ect - Site Urflt Bridge

natal Ib

'

te late iri Ihis site Irfe

wdge;

DEFAULTipSITELINK
Redmond to Chicago

A ssie trk bridge rhuil ionian a: least tWQsite Inks

. 6-7.

New Object Site Link Bridge

4. Add ().
5. .
,
Bridge All Site Links (
).
>
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. Inter-Site Transports, IP SMTP Properties.

146

3. IP SMTP General () Bridge All Site Link ( ).


4. .


Active Directory
. ,
, , Active Directory Sites and Services. , , , .
^
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. , , .
3. Servers,
NTDS Settings New Active Directory Connection ( Active Directory).
4. Find Domain Controllers (: )
- .
5. New Object Connection ( )
Name .
^
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. , , .
3. Servers, , NTDS Settings.
4. Replicate Now ( ) {. 6-8).

3 1 Chicago
Servers
server 1
cji ia Inter-Site Transports
i-i I Redmond
- Servers

SERVER 1

. 6-8.

-\ 47

-
,
, , -,
. -
. -
.
- . -, , .
.
Active Directory, .
-,
. -
Active Directory -. -,, Active
Directory -
. , ,
-.
-, . - , ,
, . , .
-
, .
, - .
> -
1. Start\Programs\Admimstrative Tools Active Directory Sites
And Services.
2. , -, Properties.
3. Transports Available For Inter-Site Data
Transfer ( ) , -, Add ().
4. .

:
jf

, ^ , .

1| 43

> 1:
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
Active Directory Sites and Services.
2. Inter-Site Transports, IP
Redmond To Chicago, .
Properties.
Redmond To Chicago.
3. Cost () 20.
> 2:
1. Replicate Every ( ) 120,
.
^ 3:
1. Change Schedule ( ).
Schedule For Redmond To Chicago ( Redmond
Chicago).
2. , 8:00 9:00 16:00
17:00 .
3. Redmond To Chicago .
> 4:
1. Inter-Site Transports, IP
New Site Link Bridge ( ).
New Object Site Link Bridge ( ).
2. Name () Redmond to Chicago Bridge.
3. , Site Links In This Site Link Bridge ( , ) DEFAULT1PSITELINK Redmond to Chicago, .

, ,
. Active Directory
; , . .
, -
, .
, , , .

3.
, . , , Active Directory Sites and Services,
:
;
.
, .
, :
S .
5 .
],: Active
Directory; .
, . . . 6-1 .
. 6-1.

,
,

.

, , Active Directory
- .
, ,
.
,

, .
, ,

150

. 6-1.

()

.
,
Active Directory,

, .
. .
,

,
,
,

. , , . ,
,


,


.

, ,
. ,

,
.


Active Directory , ,
- .
-, .
I*
1.

Start\Programs\Administrative Tools Active Directory Sites


And Services.
2. , .
3. NTDS Settings All
Tasks\Check Replication Topology ( \ ).

, ,
[.

-| 51

4.
, . , - , ,
.
, :
/ .
10 .
:
- ;
- ;
;
- .

-
, - , Active Directory Installation.
>- -
1. Start\Programs\Admimstrative Tools Active Directory Sites
And Services.
2. , .
3. Servers New\Server (\).
4. New Object Server ( ) Name ()
-. .

-

.
^ -
1. Start\Programs\Administrative Tools Active Directory
Sites And Services.
2. - All Tasks\Move ( \).
3. Move Server ( ) ,
-, .

j 52


,
,
.
^
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. , .
3. NTDS Settings Properties.
4. Global Catalog (
) .

-
, - .
, NTDS Settings. Active Directory NTDS Settings,
.
>
1. Start\Programs\Administrative Tools Active Directory Sites
And Services.
2. - Delete ().
3. Yes.

, , , , - .


9 |
**


. , . . .

1. .
2. , Active
Directory .
3. ?
4. .
5. ?
6. -?

7-434

1.

156

2.

159

3.

165

4.

181

5.

192

6.

194

198


, , . , ,
, , ,
, , ,
.


:
;
;
Windows 2000;
Active Directory.

- ,
. , , .
Windows 2000 : ,
. (local user account) , . , (domain user account)
, . (built-in user
account) . .
, :
S ;
S .
10 .


, .
Windows 2000 (. 7-1). Windows 2000 - . ,
.
Windows 2000, , . , ,
,
Action () Computer
Management ( ).

=-:-;





. 7-1.

157


.
.
Windows 2000 , . Windows 2000, . Windows 2000 .
Active
Directory (. 7-2).
.

.
.
.
.




Active Directory

. 7-2.


Windows 2000 . Administrator () Guest ()
\$&__ __
, Internet Information Services
(IIS). IUSR_uAw_ IIS. IWAM_ _ IIS.
TsInternetUser Terminal Services
.

Administrator
. , .

158

Administrator ,
, , .
Administrator . , , 8.
Administrator .
. ,
Administrator. .

Guest
.
, , . , .

Microsoft Windows 2000 : . ,


. .
, , .
.
Active Directory . . Windows 2000
( ).
. Windows 2000 .

159

2.
,
. :
;
;
(, , ,
, ).
, :
;
, .
10 .


, , .

.
. 7-1 ,
.
. 7-1.

(distinguished name, DN)


Active Directory. (relative distinguished name,
RDN)
(),


20

20 ,
, . , Windows 20

- , . ,
Windows 2000


,
,
,
. ,
.
: ! 2

/\[]:;1= , + *?<>

160
. 7-1.

()

.

. , -. ()


,
. .
Administrator (),
.
, ^' : .
.
. , .
, . (, , . .).
128 . 8
.
, , , .
.
.
.
.
Windows 2000 .
12.


, , , . ,
.


, . ,
.

,
.
, , , .
! NetBIOS TCP/IP , Windows 2000 , , , ,
, .


, , ,
. .

:
.

, Window'; 2000 ,
. , . :
,
, ;
, ;
, .

:
;
;
;
8:00 17:00, 18:00 6:00,
;
, Tempi 2,


. 7-2 .

162

. 7-2.

Don Hall

Donna Hall

James Smith

James Smith

Jon Morris

Judy Lew

Kim Yoshida

Laurent

Sandra Martinez


. 7-3, , * , .
. 7-3.

Don Hall
Donna Hall
James Smith
James Smith
Jon Morris
Judy Lew
Kim Yoshida
Laurent Vernhes
Sandra Martinez
. 7-4, ,
, , .

2
. 7-4.

\ 3

Don Hall
Donna Hall
James Smith
James Smith
Jon Morris
Judy Lew
Kim Yoshida
Laurent \ernhes
Sandra Martinez
. 75, , .
. 7-5.

Don Hall
Donna Hall
James Smith
James Smith
Jon Morris
Judy Lew
Kim Yoshida
Laurent \%rnhes
Sandra Martinez

, , ,
, , , . 20
, .
(DN) .
(RDN) ,
. 20
, . , , , .
.
,
, . , , , , .

165


Local Users and Groups ( ) Computer Management ( ). Active Directory Users and
Computers (Active Directory ). .
.
, :
;
S ;

.
45 .


Local Users and Groups (. 7-3) ,
, .

Computer Management (Local]


fc , System Tor*
Event rtew
SyiOmi Irf of matmr
Performance Logs and Weft
Shared Folders
Device Manao&r
Lcical Uter? and Groups
L-3J Groups
=3 storaJe
- 1>* Management
|^ Dak De(rgmenter
U2I Logical Drives
S;-jj|f Removable Storage
ft-! -5fe Services and Application?

. 7-3.

Local Users and Groups New User

*
1. Start\Programs\Administrative Tools (\\) Computer Management ( ).
2. Local Users And Groups ( ), Users () New User ( ).
3. (. 7-3) , . 7-6.

166

. 7-6.

User Name
()


( )

Full Name ( )

, (
, . .).

Description ()

(
)

User Must Change Password At Next Logon


(

)

,
. ,

User Cannot Change Password (


)

Password Never Expires


(
)

, , .
User Must Change Password At Next
Logon, User Cannot Change Password

Account Is Disabled
(
)

, : ,


Active Directory Users and Computers (. 7-4) , .
, . , ,
. , , .
Users ,
.
^
1. Start\Programs\Administrative Tools (\\) Active Directory Users and Computers (Active Directory ).
2. , Users () New\User (\).
Users . , Users.

167

.'

t,u."> iv-

. 7-4.

< E'J

'

Active Directory Users and Computers New Object User

3. New Object User ( ) (. 7-4)


, . 7-7.
. 7-7.

New Object User

First Name ()

. : First Name, Last Name, Full Name


Initials

Initials ()

Last Name ()

Full Name
( )

. ,
. Windows 2000 :( , First Name,
Initials Last Name. Create-In ( ) ,

User Logon Name


(
)

User Logon Name , . ()


, .
,
. ()

User Logon Name


(Pre-Windows 2000)
(
Windows)

,
Windows, Windows NT 4.0
Windows NT 3.51. ,


New Object User ( ) (. 7-4) Next, New Object User (. 7-5),
.

(.

. 7-5.

!8..|11'1_|;(8

New Object User

. 7-8 , New Object User.


. 7-8.

New Object User

Password ()

, .

Confirm password
()

, ( )

User Must Change


Password At Next
Logon (

)

.
, ,

User Cannot
Change Password
(

. ,
(, Guest)

Password Never
Expires (

)

, , .
User Must Change Password At Next Logon,
User Cannot Change Password

Account Is Disabled
( )

, ,
,

,
. ,
.

~| gg


, .
.

:
, . 7-9.

. 7-9.

First Name
()

Last Name
()

User Logon Name


(
)

Password
()

Change Password (
)

User

One

Userl

()

Must

User

Three

User3

()

Must

User

Five

UserS

User5

Must

User

Seven

User?

User?

Must

User

Nine

User9

User9

Cannot

, Active Directory Users and Computers.


.
^ :
1. Administrator ().
2. Start\Programs\Administrative Tools (\\) Active Directory Users and Computers (Active Directory ).
.
3. microsoft.com ( ,
) Users.
Active Directory ?
4. Users New\User (\).
New object User.
Active Directory ?
5. First Name User.
6. Last Name One.
: Full Name .
7. User Logon userl.
8. User Logon @microsoft.com ( , microsoft.com DNS).
, User Logon Name, .
(, userl@microsofi.com).
: Windows .

170

Windows?
9. Next, .
Windows 2000 New Object User,
.
10. Password Confirm Password ,
.
, ,
(*), .
11. , .
User Must Change Password
At Next Logon User Cannot Change Password? .
Account is Disabled ?
12. Next.
New Object User, ,
.
13. Finish ().
,
Back (), .
: Active Directory Users and Computers
.
14. 413 .


. , . .


.
. ,
(. 7-6) .
. 7-10.
. 7-10.

General ()

Address ()
Account
( )

, ,
, () (), ,
.

: ,
, , ,
,

. 7-10.

171

()

Profile ()

, ,

Telephones ()

, , ,
, IP-

Organization
()

, , ,

Remote Control ( )

Terminal Services

Terminal Services
Profile (
)
Member Of
( )

Terminal Services

Dial-In
( )

Environment ()

Terminal Services

Sessions ()

Terminal
Services

General, Member Of Profile, Active Directory


.


: General, Address, Telephones
Organization. . ,
Address (. 7-6), .
>
1. Administrative Tools () Active Directory Users and
Computers, .
2. ,
.
3.
Properties ().
4. , , .
5. .

172

/ 7

. 7-6.

Address ()


Account (
) (. 7-7). Account New Object User. . 7-11
, .
. 7-11.

Store Password Using Reversible Encryption (


,
)

Macintosh. Macintosh

Smart Card is Required For


Interactive logon (
-)


-.
-

Account is Trusted For


Delegation (
)

Account is Sensitive And


Cannot Be Delegated
(
)

Use DES Encryption Types


For This Account ( DES)

DES

3
. 7-11.

()

Do Not Require Kerberos


Preauthentication (
.11 '' Kerberos)

, Kerberos. Kerberos

Account Expires (
)

.
Never (He ), . End Of
()
, Windows 2000 ai

'

. 7-7. Account ( )


, .
Windows 2000 24 .
. , .
>
1. Account Logon Hours ( ),
,
. , (. 7-8).
2. , :
, , , ,
Logon Permitted ( );

174

, , , ,
Logon Denied ( );
3. .
, .
.

. 7-8.

Logon Hours ( )

,
.
, .
.
,
, NetBIOS TCP/IP.
>
1. Account Log On To ( ).
2. Logon \Vbrkstations ( ) ,
, (. 7-9).
3. , .
Windows 2000 ,
.
4. , .
5. .

"| 75

Logon Works tatiwts


.
The lotow) cuftipu*!-;



i ^

. 7-9.



Add

Logon Workstations ( )

Dial-In
Dial-In ( ) , . , Remote Access Service (RAS).
RAS , , . Network Connection ( ), Network Connections ( ) My Computer ( ).
. 7-12 .
. 7-12.

Dial-In

Allow Access
( )

Deny Access
( )

Control Access Through


Remote Access Policy
(

)

\ferify Caller-ID ( )

. 7-12.

Dial-In ()

Callback Options ( )

, : No Callback (
) RAS , . ;
Set By Caller (Routing and Remote Access Service Only)
( )
RAS .
;
Always Callback ( ) RAS
.
, , , .

Assign A Static IP Address


(
IP-)


,
TCP/IP

Apply Static Routes


(
)

Static Routes
( )

:
. . Print Operators ( ),
. , , , .

1:
, UserS UserS , UserS .

. 7-13.
. 7-13.

User3

18.00 - 6.00,

User5

! , Administrator
(), Active Directory Users and Computers
.
^ 1:
1. Active Directory Users and Computers (Active Directory
) Users.
2. User Three Properties (),
User Three Properties (: User Three), General ().
, ,
General? ?
3. Account ( ) Logon Hours ( ).
Logon Hours For User Three ( User Three).
User Three ?
4. , , , .
, ,

Sunday (), , , . , .
5.

Logon Denied ( ).
. ,
.
6. 45, .
7. , Logon Hours For User Three.
8. User Three Properties ,
Active Directory Users and Computers.
^ 2:
1. Active Directory Users and Computers (Active Directory
) | Users ().
2. User Five Properties
().
User Five Properties (: User Five) General ().
3. Account ( ).
?
6. End Of () .
7. , Active Eiirectory
Users and Computers.
8. Active Directory Users and Computers Windows 2000.

178

2:
.
^ 1:
1. Userl .
Logon Message ( )
.
2. Change Password ( ) Old Password ( ), New Password ( ) Confirm New Password () student.
, .
3. , .
? ?
. Print Operators (
), . , , . , , , . 8.
> 2: Print Operators
1. Administrator ().
2. Active Directory Users and Computers (Active Directory
) Users.
3. User One Properties
().
User One Properties (: User One), General ().
4. Member Of ( ).
5. Add ().
Select Groups (: ).
6. Print Operators ( ), Add (), .
7. , User One Properties.
8. 37 User3, User5, User? User9.
9. Active Directory Users and Computers .
^ 3:
1. Userl student.
? ?
2. UserS .
3. student.
? ?
^ 4:
1. User? .
? ?

-\ 79

2. User? User?.
3. student.
? ?
4. .
5. User9 User9.
? ?
^ 5: ,
1. Ctrl+Alt+Delete.
Windows Security ( Windows).
2. Change Password ( ).
.
3. Old Password ( ) User9,
New Password ( ) Confirm New Password ()
student .
? ?
4. , Change Password, Cancel
(), Windows Security.
5. Log Off ( ).
Log Off Windows ( Windows), .
6. , .
> 6:
1. UserS.
2. student.
? ?
3. Windows 2000.
^ 7:
1. Administrator (), Start\Settings
(\) Control Panel ( ).
2. Date/Time ( ).
Date/Time Properties (: ).
3. Date () , .
4. .
> 8:
1. UserS student.
? ?
> 9:
1. Administrator (), Start\Settings
(\) Control Panel ( ).
2. Date/Time.
Date/Time Properties.

3. Date () , .
4. Windows 2000.

Local Users and Groups ( ), Computer Management ( ), Active Directory


Users and Computers (Active Directory ).
, , .
.
, .
, , , , . .

I.
(user profile) , , .
, , &
Start () , .
,
.
, .
, :
/" , ;
S ,
.
45 .


Windows 2000
.
:
, ;
;

;
Windows NT 4.0 Windows 2000 . (roaming user profiles);
,
Windows 2000.

:
, ;
(mandatory user profile), , .
,
;
,
.

182

.
. , , , .
. . . , , .
. ,
. .

,

(. 7-14).
. 7-14.

Windows
Explorer

Windows Explorer ()

My Documents ( )

My Pictures ( )

Favorites ()

My Network Places ( )

Desktop ( )

Application data

PrintHood

Control Panel ( )

,
Windows,
Calculator, Clock,
Notepad Paint

Accessories ()

. 7-14.

183

, (}

,

Windows 2000

Windows 2000

,
Windows 2000


C:\Documents and ^>&\\\%^\__~
, :\ , __ , . . . 7-15 .
. 7-15.

Application Data"

, .
,

Cookies

Desktop
( )

, ,

Favorites ()

Front PageTe mpDir

, Microsoft Front Page

Local Settings*

, History Temporary.

My Documents
( )

My Pictures
( )

NetHood*

My Network Places

PrintHood*

Recent*

SendTo*

Start Menu
( )

Templates ()

NTUSER.DAT*

'

My Documents ; . Windows 2000


My Documents, Microsoft. .


Windows 2000
.
C:\Documents and $11\&$\___, :\
, __ , . Windows 2000, ,
.
, .
, My
Documents. Windows 2000
, .
.


, ,
. , ,
, .
, .
, Windows 2000

. Windows 2000
. , ,
Windows 2000 . , , .
, Windows 2000 , , ,
.


,
.
:
, , ;
,
;
: , .

185


.

, .

.
.

,
.
* :
1. : \\_ \__.
2. Profile () (. 7-10)
Profile Path ( ) (, \\_\__\__).

DaMft . j
*
\
THraialS
Addiesf | Account P'fife j Telephone; j Oajsntation
Uieipitfle-

. 7-10.

i,.

%$%
Windows 2000 , .


.
1. . Active Directory Users and Computers .

2. ,
.
I. , , User Profile ( ) System Properties ( )
(. 7-11).

Profile (. 7-10).

."1*1

rdewd
s-a; ;

MICROS OFT \plei


MICROSOFT \pusMICROSOFTMJse;
MICROSOFT\UieMICROSOFT\U-

j fi User Two (uiH2@miacsolLcoff,]


User Five |UsH5@rricroscfl com]
E Usei Seven (lisa7@microsolt coir
fi L",e- Mi-.; |Usei9@mbDsoft cam)
Dornar : xnpulers

rriciosofl corn/Useu
rricrosotl.com/Uieii
rricrosott.com/Uiere

. 7-11.


. - ,
. , . .
,
. , .


(, \51\_\__), NTUSER.DAT. Windows
2000.
, .
, NTUSER.MAN.

j 37

:
. .

1:
, , .
> 1:
1. Administrator ().
2. Active Directory Users and Computers puser (. 7-16).
User Logon Name ( ) @niicrosoft.com.
. 7-16.

puser 1

First Name
()

Last Name
()

User Logon Name


(
)

Password
()

Member Of
( )

Profile

User

puser

Print Operators
( )

3.

Windows 2000.

> 2:
1. puser.
Windows 2000 , . puser
.
2. Windows 2000.
* 3:
1. Administrator ().
2. Start\Settings (\), Control Panel ( ) System ().
System Properties ( ).
3. User Profiles ( ).
?
4. , System Properties, .
5. Windows 2000.
^

4:

1. puser.
2. Properties ().
Display Properties (: ).
3. Appearance (),
.
4. Scheme () .

188

.
5. puser.
? ?
6. .

2:

, . Profile Template,
.
. Profile Template
User2, User2. , .
^

1:

1. .
1.
2.
3.
4.
5.

Administrator () .
:\ ( :\ ) Profiles.
Profiles Properties ().
Profiles Properties (: Profiles) Sharing ().
Share This Folder ( ), Permissions ().
6. Permissions For Profiles ( ) , Everyone () Full Control ( ), .
7. Profiles Properties (: Profiles) .

^ 2;
1. Start\Programs\Administrative Tools (\\) Active Directory Users and Computers (Active Directory ).
2. Active Directory Users and Computers ptemplate
(. 7-17). User Logon Name ( ) microsoft.com. ptemplate Print Operators ( ),
.
3. Windows 2000.
4. ptemplate.
Profile
Template C:\Documents and Settings __ ( :\ ).

4
. 7-17.
First Name


ptemplate 2

()

Last Name
()

User Logon Name


(
)

Password
()

Member Of
( )

Profile

Template

ptemplate

Print Operators
( )

5. Properties ().
Display Properties (: ).
7. Appearance ().
.
8. Scheme () .
.
9. ptemplate.
: .
10. Windows 2000.
^ 3:
1. Administrator ().
2. Active Directory Users and Computers (Active Directory ) User2 (. 7-18).
User Logon Name ( ) @microsoft.com.
User2 Print Operators ( ),
.
. 7-18.

User2 2

()

Last Name
()

User Logon Name


(
)

Password
()

Member Of
( )

User

Two

User2

Print Operators
(
)

First Name

3. Start\Settings (\) Control Panel ( ).


4. System ().
System Properties ( ).
5. User Profiles ( ).
: , , MICROS FT\ptemplate.
6. Profiles Stored On This Computer (, )
MICRO SO FT\ptemplate, ().
7. Copy Profile To ( ) \\*_
Kutibjo/nep<i\profiles\user2 ( _ SERVER1 ). , .

^ 4: ,
1. ( ) Permitted To Use ( ) Change ().
Select User Or Group (: ).
2. Name () User Two, .
Permitted To Use MICROSOFT\user2.
3. .
Windows Explorer () Profiles\user2.
, Profiles.
^ 5:
1. Active Directory' Users and Computers User Two.
User Two Properties (: User Two).
2. Profile ().
3. Profile path ( ) \\_\\$\$2 (
_ SERVER! ).
4. .
5. Active Directory Users and Computers.
, , , \\serverl\profiles\user2\ntuser. man.
Windows NT Windows 2000,
Windows 3.1, .
Windows NT 3.1,
Windows NT 4.0 Windows 2000,
.
Windows
2000,
.man. ,
.
> 6:
1. User2.
Profile
Template? ?
^ 7: ,
1. , Administrator ()
.
2. System () User Profiles ( ).
User2?
3. Windows 2000.
, .

"| 91

^ 8:
1. User2.
2. , Download
().
: , ,
, .
3. .
> 9: Profile Template
1. User Profiles ( ) Profiles Stored On This
Computer (, ) MSCROSOFT\ptemplate, Delete ().
Confirm Delete ( ).
2. Yes (), .
Profile Template .

,
, .
, , Start ()
.
: , . . , , , . . . . ,
.
.
, ,
, . , , .


My Documents (
), Windows 2000 .
, :
S .
5 .


(home directory) , , .
. , . ' .
:
;
;
,
Microsoft ( MS-DOS, Windows 9x/2000).
NTFS NTFS .
FAT,
.


, . :
, . ;
Full Control ( )
Everyone () Users (). ,
;
Profile ()
Home folder ( ) (. 7-12). , Connect ()
. () UNC, \\_\_,_\__.
%username%, , . , \\_\
\Jsers\%username%.

OiaJ'ih
Remote cwtiot
j
Gerieial j Address I Aceourt

Connect ! ' ID

. 7-12.

Environrasnt

193

; ;3

Tstmwi^Seivtefs Piaffe
FVoSte | Teteftiones

j-J IK lK\seiv1 \Users

NTFS %username%, Full Control.


, Administrator.

My Documents ( ), Windows 2000 .


.
,
.
. -,
.
-, . , ,
Microsoft ( MS-DOS, Windows 9x/2000).

J 94

6,

, . , .
5 Active Directory. , .

, :
S , ;
S ;
/ .
30 .

, ,

/. , , , .
, , ,
, .
. , , , . , ,
, , .
. (
). Active Directory.
, , .
> , ,
1. Active Directory Users and Computers (Active Directory ) ,
, .
2. Action () ; (. 7-13).
, Action Disable
Account ( ). , Action Enable Account ( ).

195

& HO Users and Computers


:$ Consde

Whcfciw

'

Copy,,,

n:

1 liii.-riL.-i-l

"

<i4-u'_i..

Account
ResetPaKWdrd..,
-.
^
Move
... ' - .' . '
Open !meoaga ,
rtfasks

"

Kensne
&sSra& *
:.:..

..

PtC4i*ies
_ Wte __

. 7-13.

'

Enterprise Admins
;. "
Group Policy Cre...
;
Gueit
: ^
IU5R_5ERVEP.l
1WAM_5ERVER1
.'.Jkrbtgt
RASandl4S5er,..
"X Sates Proffe
Schema Admim
TsinterneHJser
,...-...- User Five
User Nine
""
||"' Seven

'
/.-

Secuityu
Security Gr
User
i .

.
Security Gn
User
Security Gr
User
...
User
U.

, ,


, , .
, .


, ,
, . .
(
), , .
: , , .
, , ,
- , .
^
1. Active Directory' Users and Computers ,
, ".
2. Action () Reset Password ( ).
.
3. , .
Reset Password User Must Change Password A.t Next
Logon ( ),
.
,
.


Windows 2000 ,
,
. , Windows 2000 . 12.
*
1. Active Directory Users and Computers (Active Directory ) ,
, , .
2. Action () Properties ()
Account ( ).
: Account Lock Out ( ).
3. .

:
.

1:
, .
.
^ 1:

1.
2.
3.
4.

5.
6.

7.
8.
^
1.
2.
3.
4.

Administrator ().
Active Directory Users and Computers.
microsoft.com Users.
Profile User,
5, Disable Account ( ).
Active Directory , .
.
, Active Directory Users and Computers.
Active Directory Users and Computers , , .
, ?
Windows 2000.
puser.
? ?
2:
Administrator ().
Active Directory Users and Computers.
Microsoft.com Users.

Profile User Enable Account ( ).

-| 97

Active Directory , .
5. , Active Directory Users and Computers.
6. Active Directory Users and Computers , , .
, ?
7. Windows 2000.
> 3:
1. puser.
? ?
2. student.
3. Windows 2000.

2:
1:
Administrator ().
Active Directory Users and Computers.
microsoft.com Users.
Profile User Reset Password ( ).
, . : Administrator .
5. New Password ( ) Confirm Password ()
password User Must Change Password At Next Logon (
). .
Active Directory , .
6. , Active Directory Users and Computers
7. .
>
1.
2.
3.
4.

* 2:
1. puser password,
? ?
2. .

,
, .
, , , . , , , , .
, .
, ,
, , .
,
Administrator .

198


|
^,


. , . . * .

1. ?
2. ?
3. ?
4. ,
. ?
5. ?
6. , Windows 2000 ?
7. , ?
8. ?

1.

200

2.

205

3,

209

217

222

226


, , .
. Windows 2000. , , , Run As, . , .


:
;
7;
, ;
Userl, User5 User9 7.


, , . ,
Windows 2000.

, :

S ;
J ;
/ , ;
/ .

15 .


(group) . , , (. 8-1).
(permissions), . , , , ,
. (rights) , ,
, .


.,
, \.! j

N


. 8-1.


9, 13.

, , . . . .


, . , , . , Windows 2000 Server : . .
Active Directory, .


Windows 2000 ,
. Active
Directory , ,
, Web-. Windows 2000
, .


, ,
, . , , . .
, Active Directory. , ,
Microsoft Exchange Server ,
, .


, . , . , (. 8-2).


.

.

.

.

.
.
. 8-2.

202



. :
,
;


. :
;
, .


, . :
;
;
. Windows 2000 .


( ) .
. Windows 2000 . , ,
, . Worldwide Managers. , Worldwide Managers. ,
, . , .
:
. .
. , ;
. , , . , , ,
, , .

203


. .


. , . . . 8-1.
. 8-1.

,
,
,

-
,


.
,
. Windows 2000 .
!
Active Directory , , ,
.


, :
, .
;
Windows 2000 Professional
Windows 2000 Server. , Active Directory;

, Internet Information Server.
:
,
;
.

204

, .
, ,
, .
. Windows 2000 , . Active Directory , ,
. ,
.
, , , .
, , , .

rpvnny

205

2.
,
, . , .
, :
S ;
S .
30 .



, .
. , .
1. ; , Accounting.
2. , , . ,
, Color Printer-;.
3. , ,
; , Accounting, Sales Management Color Printers.
4. ;
Color Printers .
. 8-3.
, , .

.
.
. . .
.
.
, .

\
1 \
(^
/ Sales vjVy
2 /
!
2
1 /
'"V
3
2 ~^~J/ Accounting/


Color Printers

( 4 '

I
{2 1\
, ,


. 8-3.


, .

. . ,
, , .
, .
, .
,
, . ,
. , .

:

, -.

,
, . ,
.
.
, Active Directory.

207

, :
;
. ,
;
.
.
:
1. ;
2. ;
3. .
, . . , .
. 8-2
.
. 8-2.

20

250
5

. 8-3 ,
.
. 8-3.

( )

( )

( )


( )

Microsoft Office
{ )

208

. ?
2. ?
3. -
. , , . .
?

. Windows 2000. Microsoft


Windows 2000
.
. , . .


,
. .
, ,
.
, :
S ;
/ ;
S .
25 .


Active Directory Users And Computers (Active
Directory ). Users
, . . .
.
>
1. Start\Prograrns\Administrative Tools (\\) Active Directory Users And Computers (Active Directory ).
2. , Users
New\Group (\).
3. New Object Group ( ) (. 8-4)
.
. 8-4 New Object Group Active
Directory Users and Computers.
. 8-4.

New Object Group

Group Name
( )

. , ,

Group Name(preWIndows 2000) [


(Windows 2000)]

, Windows.

Group Scope (
)

Group (
)

. :
Domain Local ( ). Global () Universal
(). Universal ,
Distribution

. Distribution ( ) Security ( )

210

. 8-4.

New Object Group


i


, SID, . SID Windows 2000 . Windows 2000
, , .
, , , .
.
.

, , .

^
1.
Delete ().
2. Active Directory Yes.


, ,
.
, . Active Directory Users And Computers.
^
1. Active Directory Users And Computers Users.
2.
Properties.
3. Members ( ) Add ().
Select Users, Contacts, Or Computers (: , ) (. 8-5).

211

4. , , , Look In ( ). ,
Entire Directory ( )
Active Directory.
Add ().
Select
Users, Contacts, Or Computers.
, Shift Ctrl.
Shift, ; Ctrl , , Add ().

,ook ire

]p miciosoK

"

*4
1

! ^ .-*

i; "-: P?-. -

ILISR_SEPVER1

microsoll.txinAljett

fi

miciosdt coivlJsats

kibtgt

TsirtemetUser

microsolt.conVUieis

ElUsei OnelUserl@memsoil com]

microsoft. comAUeis

t3 UierTwo IU5H2@rricfosott.com)

microtofLcomAJjert

S User Five (UserS&niciosofl com)

microsofLcom/Llier!

Uie- Sm (Usei6@niicroEofl.caTi)

nicrosofLcom/tftst

:!S,,j,ii.l

.f

.
UseOnelUserlPTnicrosoil com!

. 8-5.

Select Users, Contacts, Or Computers


(: , )

5. , , .
6. .


. ,
, , ,
.
. , .
Windows 2000 .

212

1.
Properties.
2. General .


. ,
, .
.
:
, ;
,
.
Windows 2000
, .
^

1. Properties.
2. General
.


Local Users and Groups (
) Computer Management ( ). Groups.
^

1.

Start\Programs\Administrative Tools (\\) Computer Management ( ). Windows 2000


Professional Start\Settings (\) Control Panel
( ).
2. Local Users And Groups (
) Groups () .
New Group ( ).
3. (. 8-6) .

iiiji*

-.elect Ibprs, ruiitni 1 s I Qfilputers, or


laaktrc

>$ mtcrasoll.Eon

Nan

;i!feFofcfef - -

| .. .

ILISFLSERVERI
^'btgt

microsoftcom/Uia!
microsoft dm/lisa*

TdntenetUsei
fl SB One (Userl @iaosoft.cunj

nicrosofl comi'U ?

Dsei Two (Use(2@Tnicrosoll com]


User Five (Uset5@micrQ soft. com)
U?ei Sin (Uier6@micio!ofl.cora|

mciosofl com/Usere
miclooll.eom/Utere
micioiolt.corn/Usefi
rnicioiolt.com/tesl

^^

,*|

User One flJsaKamjciojoft.coml

. 8-6.

213

New Group ( )

New Group ( ) . 8- 5.
. 8-5.

New Group

Group Name ( )

. .
, (\).
256 ;

Description ()

Members ( )

Add ()

Delete ()

Create ()

, .
>
1. ' Delete ().
2. Active Directory Yes.
>
1. Local Users and Groups Groups.
2. Properties.
3. Add ().
Select Users Or Groups (. 8-7).

214

[ ! Everyone
f I Authenticated User?
f JANQNYMOUS LOGON
t JBATCH

[CREATOR OWNER

E ! CREATOR GROUP
HDIALUP

. 8-7.

-I

Select Users Or Groups (: )

4. Look In ( ) , .
Add ().
5. , , .
6. .

:

User) UserS. , .

1:
.
^ :
1. Administrator ().
2. Start\Programs\Administrative Tools Active Directory Users
And Computers.
3. Users.
.
4. Users
New\Group.
New Object Group. . .
5. Group Name ( ) Sales.

215

6. Group Scope ( ) Global


(), Group Type ( ) Security (
).
7. .
Windows 2000 Users.
> 2:
1. Active Directory Users and Computers Sales.
Sales.
2. , Members ( ).
.
3. , Add ().
4. , Look In ( ) Select Users, Contacts, Or
Computers (: , , )
.
5. User One Add.
6. User Five Add.
7. .
Userl UserS
Sales.
8. , Sales.

2:

, .
, 1.
> 1:
1. , Active Directory Users And Computers Users.
2. Users New\Group.
New Object Group.
3. Group Name Reports.
4. Group Scope Domain Local ( ),
Group Type Security ( ).
5. .
Windows 2000 Users.
> 2:
1. Active Directory Users and Computers
Reports.
Reports.
2. , Members.
.
3. , Add.
4. Look In Select Users, Contacts, Or Computers Entire
Directory.

216

Select Users, Contacts, Or Computers ,


.
\ Users.
5. Name () ,
.
.
6. Sales, Add .
Sales Reports.
7. , Reports.

. , . , . Administrators () Account
Operators ( ). , .
Active Directory Users and Computers (Active Directory ) , , , . ,
Local Users and Groups ( )
Computer Management ( ).
, , .

217

4.
Windows 2000 : ,
, . . ,
.
.
, :
Windows 2000.
15 .


. Windows 2000 .
, .
Windows 2000
Users Active Directory. -
. , .
Users . . 8-6
.

. 8-6.

Domain Admins
( )

Windows 2000
Domain Admins Administrators,
Domain Admins
.
Administrator
Domain Admins

Domain Users
( )

Windows 2000
Domain Users Users
(). Administrator () Domain Users,
Windows 2000

Domain Guests ( )

Windows 2000
Domain Guests Guests
(). Guest
Domain Guest;

9-434

218
. 8-6.


()

Enterprise Admins
{ )

( ) ,
.
Administrators
Enterprise
Admins. Administrator


Windows 2000 ,
Active Directory, a
. .
Builtin . . 8-7
,
.
. 8-7.

Account Operators
( )

,
.
Administrators

Administrators
()

, .

Administrator, Domain
Admins Enterprise Admins

Backup Operators
( )


Windows Backup
()

Guests ()

, . . Guest
Domain Guests. .
, Microsoft Internet Information Services (IIS)
Guests

4
. 8-7.

219


()

Pre-Windows 2000
Compatible Access

, .

Everyone () Windows

Print Operators
( )

Replicator ()

.
, Repli
cator .

,

Users ()

, .

.
Domain Users , Authenticated Users
( ) Interactive ().
Windows 2000;
. Users
,


, Window', 2000
Professional . ( , ,
.) . Windows 2000 Groups () Computer Management ( ).
. 8-8 , ipynn.
, .
. 8-8.

Administrators
()

. Administrator

Administrators. - Windows 2000
Professional , Windows 2000
Administrators
Domain Admins

220
. 8-8.


()

Backup Operators
( )


Windows Backup

Guests ()


,
.
.
Guest
Guests;
.
Windows 2000 Professional ,

Power Users
( )

Replicator ()

Users ()


, .
.
Windows 2000 Users
.
Windows 2000 Professional , Windows 2000
Users Domain Users
Authenticated Users INTERACTIVE


Windows 2000- . , ;

. ,
. Windows 2000 , ,
. . 8-9
.
. 8-9.

Anonymous Logon
( )

,
Windows 2000

Authenticated Users
( )

Active
Directory, .

Everyone

4
. 8-9.

221

()

Creator Owner
(-)

,
.
Administrators,
Administrators

Dialup ( )

Everyone ()

, .
Everyone
Guest . Windows
2000
(Guest). ,
Everyone

Interactive ()

, . Interactive
,
.
,

Network ()

,
,

, Windows 2000 : , , . . Windows 2000


, .

5,
Microsoft Administrators , . , , , .
, :
S , ,
;
S ,
;
s Run As
.
15 .



Windows 2000 , . Web- .
* ,
. , *
, , . .
, Administrators ,
, . Users () Power Users ( ). , .
.

Users Power Users


Users,
, , . Power Users ,
Control Panel. ,
, .

, Run As .

Run As
, , Run As. , .
Run As , ,
Control Panel. :
;
;
, , Control Panel .
, Windows Explorer, Printers
, Windows 2000, Run As.
> Run As
1. Windows Explorer , ,
Control Panel.
2. Shift, , Run As ( ).
3. Run As (. 8-8) Run The Program As The
Following User ( ).
Run As Other Uer
i may rot heva the necessary permissions touse ;
^j thsfeaturefisfl:hep!ogr9rnyoueie.abc.ui:i:i5run, YOU
run the program as -?.

(7
- rw!

j Adminjstfator

Cancel

. 8-8.

Run As

4. User Name Password, .


5. Domain:
, ;
, .
6. .
Run As ,
Control Panel , , ,
.
.

224

Run As RunAs .
Services () .
Run As , . , , ,
Control Panel, .
, , .
, Properties Run As Different User { ).
, , , .

RUNAS
Run As. RUNAS :
runas [/profile] [/env] [/netonly] /use:_. program
:
/profile , ;
/env
;
/netonly ;
/$:__ @ /
, .
, /user: /
$:___@_ /$:_/___.
, /
user: /$-.___@_ /8:_
/___',
/program .

RUNAS

MS-DOS Windows 2000


, :
runas /5:__\\181^ cmd

.
Computer Management
companydomam\domainadmin,
:
runas /user:companydomairi\dornai.nadrnin mmc %windir%\svstem32\compmgint.msc

.
Notepad Computer Management
user domam.microsoft.com, :

225

runas /user :user@dornain.microsoft.corn notepad my_file.txt

.
MS-DOS, ,
Control Panel , ;
runas /netonly /;\_ "
_ , . .
:
runas /'._@1!1.{1. com ,

:
Run As
User9 ( ,
), Run As Active Directory Users and Computers .
> : Run As
1. , User9.
2. Start\Prograrns\Administrative Tools ( ) Active
Directory Users And Computers.
3. Shift, Active Directory Users And Computers Run As ( ).
4. Run As ( ) Run The Program As The Following User ( ).
5. , User Name (ooafe) Administrator.
6. Password () .
7. Domain () microsoft.com ( ).
8. .
Active Directory Users And Computers .

Windows 2000 , . Users Power Users. , , , .


, Run As.
Run As , .
,
Run As Active Directory Users and Computers
.


|
^,


. , . . .

1. ?
2. ?
3. , ?
4.
?
5.

, ?

6. ?
7. '' ?
8.

, -
.
. ?

9.

, . , .
.
?

NTFS

228

NTFS

233

243

251

2.

255
258


NTFS, Microsoft Windows 2000. ,
NTFS / / NTFS. , .


:
, :
7 8;
.

1. NTFS
NTFS , ,
. NTFS , .
, :
S NTFS ;
</ NTFS
;
/
.
10 .

NTFS
NTFS , ,
. NTFS NTFS. FAT
FAT32 NTFS .
NTFS , .
.

NTFS
,
/ . . 9-1 NTFS , , , .
. 9-1.

NTFS

NTFS

Full Control ( )

,
, , NTFS-

Modify ()

,
Write Read & Execute

Read & Execute


( )

,
,
, ,
Read List Folder Contents
List Folder Contents (
)

1
. 9-1.

&TFS

229

NTFS ()

NTFS

Read ()

Write ()


,
, Read-Only
( ), Hidden (), Archive ()
System ()
,

.
, Full Control.

NTFS
. . 9-2
NTFS, ,
.
. 9-2. NTFS
NTFS

Full Control
( )

,
, NTFS-

Modify
()

, ,
Write Read & Execute

Read & Execute


( )

, ,
Read

Read
()

, ,

Write
()

, ,


NTFS (access control list, ACL), NTFS. ACL /, , . ], , ACL (access
control entry, ) , . , , Read. ACL .

NTFS
, , .

230

, NTFS,
, NTFS.
.


(effective permissions) NTFS, , . Read
, Write ,
.


NTFS- . , , , . , ,
(universal naming convention, UNC) ,
, ,
. , ,
, .
, , .
Traverse Folder/Execute File ( / )
, . , Bypass Traverse Checking
( ) Group Policy ( ).
3. 13.


/
. .
,
.
,
, (. 9-1).
. 9-1 .
Read . Write
. Write File2. Filel, File2. File2 , , .

NTFS

231

> | 1 \ '

NTFS



. 9-1.

NTFS
.
(. 9-2).
[ ^

. 9-2.


/, /, .



/, . . , , , .

232

NTFS , ,
. NTFS NTFS.
Full Control, Modify, Read & Execute, List Folder Contents, Read Write. . Full Control, Modify, Read &
Execute, Read Write.
NTFS ACL, NTFS. ACL , ,
.
, ,
.
.
.
. , , , .
.

NTFS

233

2, NTFS
NTFS . ,
. , NTFS.
, :
S ,
;
S
- 60 .

NTFS
NTFS . .
1. , . ,
. :
, ;
; ,
.
2. . , Re;id.

.
3. ,
, .
.
4. Users Administrators Read & Execute . ,
5. . .
. Read & Execute Users Write, Full Control. , ,
. , . , ,
.
7. ,
.
8.
.

234

NTFS
NTFS Everyone () Full Control. NTFS. , Everyone () Guest ().
Windows 2000 ( ) , , Guest.
, Everyone ().


, Full Control /
.
^ NTFS
1. ,
, Properties ().
2. Security () (. 9-3) , . 9-3.

Read S Execute
List Foldet Content
Read
Write

ttDiB:R,is-jt 2*;1 Sw

. 9-3.

Security Data

. 9-3. Security

Name ()

Permissions
()

Allow (), ,
Deny (),

NTFS

235

. 9-3. Security ()

Add ()

Select Users, Computers, Or Groups (


, ),
Name

Delete
()

Advanced
()

Access Control Settings (


),

AJlow Inheritable Permissions


From Parent To
Propogate To
This Object
(


.
Security Allow
Inheritable Permissions From Parent To Propagate To This Object (
). , .
,
Allow Inheritable Permissions From Parent To Propagate To This Object ( ). (. 9-4).
. 9-4.

()

Delete
()

, ,

Cancel
()

, Allow Inheritable Permissions


From Parent To Propagate To This Object ( )

236

NTFS
, -. NTFS
. , NTFS
, .

1: NTFS
NTFS
Windows 2000 Professional .

Everyone () Full Control


(. 9-4). ,
/ NTFS ,
.
NTFS

Apps
Database
-Q Spreadsh
-Q WordProc
Public
2J Library
; .. Bronte.txt
Q
. 9-4.

| Hamlet.txt
Manuals

NTFS :
, , , ;
;
.
:
NTFS, , /.
/ Apps, NTFS;
,
, ,
Allow Inheritable Permissions From Parent To Propagate To This Object ( ).
.
, Accounting, Managers, Executives.
Administrators () Full Control .

NTFS

237

WordProc, .
Spreadsheet Database, ,
Accounting, Managers Executives. .

Public.
Public\Library.
Public\Manuals
UserSl.
NTFS ?
. 9-5, .
. 9-5.

NTFS

(\)

Apps
Apps\ \\brdProc
Apps\Spreadsh
Apps\Database
Public
Public\ Library
Public\Manuals

2: NTFS Data
C:\Data ( :\ ), . 1
, . 9-6.
. 9-6.

Administrators
()
Sales

UserSl, Print Operators ( )


User82, Sales Print Operators

Sales

UserS3, Administrators Print Operators

( :\ ):
C:\Data
C:\Data\Managers
C:\Data\Managers\Reports
C:\Data\Sales

238

:

Data;
Data;
, , Data.
* 1: Everyone ()
1. Administrator.
2. My Computer ( )
Explore.
3. :\, Data Properties ().
Data General ().
4. Security (),
Data.
Data.
5.

6.
7.

8.

, .
Name () Everyone () Remove ().
?
. .
Allow Inheritable Permissions From Parent To Propagate To This Object
( ), .
,
.
Remove ().
Data.

> 2: Users () Data


1. Data Add ().
Select Lsers, Computers, Or Groups (: ,
).
2. Look In ( ) .
,
. ,
, .
3. Name () Users () Add ().
Select Users, Computers, Or Groups
Groups (: , ). , .
Windows 2000,
Check Names. Windows 2000
.

NTFS

239

4. (, Data.
.
5. , Users (), Allow () Write.
6. Apply (), .
^
1.

2.
3.

4.
5.

6.

7.

8.
9.

3: CREATOR OWNER (-) Data


Data Add ().
Select Users, Computers, Or Groups (: ,
).
Look In ( ) .
Name () CREATOR OWNER (-)
Add ().
Name () CREATOR OWNER (- ).
, Data.
.
, CREATOR OWNER (-),
Allow () Full Control. Apply
(), .
?
Advanced (), .
Access Control Settings For Data (
Data).
Name () CREATOR OWNER (-).
CREATOR OWNER (-)
?
.
Data , .

> 4: , Data
1. UserSl Windows Explorer ().
2. C:\Data.
3. Data userSl.
? ?
4. : ; ; .
, , CREATOR OWNER
(-) Full Control Public.
5. Windows 2000.

3: NTFS
NTFS Data, Managers, Reperts Sales
.

. 9-7.
. 9-7.

C:\Data

Users ()
Administrators
()

Read & Execute


Full Control

C:\Data\
Managers

Users
Administrators
Managers

Read & Execute


Full Control
Modify

C:\Data\Managers\ Reports

Users
Administrators
User82

Read & Execute


Full Control
Modify

C:\Data\Sales

Users
Administrators
Accounting

Read &. Execute


Full Control
Modify

> :
1. Administrator Windows Explorer ().
2. ;\.
3. , , Properties ().
General ().
4. Security ().
5. ,
, Allow Inheritable Permissions From Parent To Propagate To
This Object (
) , , ().
6. , Add ().
Select Users, Computers, Or Groups (: ,
).
7. , Look In ( ) .
8. Name () , , Add ().
Name ().
9. 8 ,
.
10. , .
11. Properties () ,
, Remove ().
12. ,
, Name , -

NTFS

241

Allow () Deny () 2.
13. , ,
14. , (. ).
15. .
4: NTFS
NTFS.
/
> 1: Reports UserSI
1. UserSI Windows Explorer ().
2. C:\Data\Managers\Reports.
3. Reports.
? ?
4. Windows Explorer () .
^ 2: Reports User82
1. User82 Windows Explorer ().
2. C:\Data\Managers\Reports.
3. Reports.
? ?
4. .
3: Sales Administrator
Administrator Windows Explorer ().
C:\Data\Sales.
Sales.
? ?
4. Windows Explorer () .

>
1.
2.
3.

^
1.
2.
3.

4: Sales UserSI
UserSI Windows Explorer ().
C:\Data\Sales,
Sales.
? ?
4. Windows Explorer () .
5: Sales User82
User82 Windows Explorer ().
C:\Data\Sales.
Sales.
? ?
4. .

*
1.
2.
3.

242

NTFS Everyone () Full Control.


NTFS. Administratots (), Full Control
NTFS ,
. NTFS Security ()
.
. , , .
, NTFS , ,
.


NTFS .
NTFS,
. , , .
, :
S ;
S
;
S
;
S , ;
S .
20 .


, . 9-8. .
. 9-8.

List Folder/Read Data


( /
)

List Folder
(
). Read Data
( )

Read Attributes (
)


, Read-Only ( ) Hidden
(). NTFS

Read Extended Attributes


(
)

Read Permissions
( )


, Full Control, Read Write

Traverse Folder/Execute File


( /
)

Traverse Folder
, , , ( ). Traverse Folder ,
Bypass Traverse Checking ( )
. Everyone ()
Bypass Traverse Checking.
Traverse Folder Execute File . Execute File ( )


. 9-8.

()

Create Files/Write Data


( /
)

Create Files
( ).
Write Data
( )

Create Folders/Append Data


( /
)

Create Folders
( ). Append Data
, ,
( )

Write Attributes
( )

,
Read-Only Hidden. NTFS

Write Extended Attributes


(
)


.
.

Delete Subfolders and Files


(
)

,
Delete

Delete ()

.
Delete ,
, Delete Subfolders and
Files

Change Permissions (
/
)


, Full Control, Read Write

Take Ownership
( )

.

, ,

Synchronize
()

,
.
,

Permission Entry (
) . , Advanced () Security ()
, Access Control Setting ( )
View/Edit (/).
. . 9-9 .

3
. 9-9.

lull
Control

Modify

Read & Execute

List Folder
Contents

List Folder/
Read Data

Read Attributes

Read Extended
Attributes

Create Files/
Write Data

Create Folders
/Append Data

Write Attributes

Write Extended
Attributes

Delete Subfolders and Files

Traverse Folder
/Execute File

Delete

Read

Read
Permissions

Change
Permissions

Take
Ownership
Synchronize

List Folder Contents Read & Execute , ,


, - . List Folder Contents , ,
. Read & Execute ,
, .
, , , .
Change Permissions Take Ownership
.


, Full Control
. ,
, .

246

,
Administrators Change Permissions /.


. - . , .
: Full
Control Full
Control Take Ownership,
.

. ,
Administrators (), Take Ownership /. , ,
Take Ownership .
.
!
- . ,
Full Control
Take Ownership , .
/, Take Ownership .


, .
^ Change Permissions Take Ownership
1. , , Properties (), Security ().
2. Advanced ().
3. Permissions () Access Control Settings ( ) , (. 9-5).
Access Control Settings , , ,
.
4. Allow Inheritable Permissions From Parent To Propagate To This Object ( ):
,
,

, .

The pamsacn is riiepited hoa-i fhe parent cfcjetf and turtrete access tta object ID ace
iiheiifca'PWBVSsratti. tear the befew. Vou san ft the. i(v * the
pare -it obifc " r is defined 1 f>s perm-en i i--*T:'s-d bv chB obtecb.

. 9-5.

Access Control Settings ( )


Program Files

5. Reset Permissions On All Child Objects ( ):


,
, ,

,
.
6. View/Edit (/), Permission
Entry ( ) (. 9-6).

n Entry for I'rowani Fife*

Tiispeprassifla BhharitecftlorR&B parent atjecl


Name: pUSrtstfaiJ
,[.[..' n.|tt

.: ';'; ' ' .

-Afet )

Traverse Folder ' Enecute File

Lia Folder/ Read Data

Re ad Attributes

El

Read Extended Attribute!

El

Create Files /Write Data


Create Folder; i Append Dale

El

Write Attributes
Write ExtendsdAttiibutes

E]

Delete Sublolders and Files

Ddete

R Bad Permissions

p T. ' :-- -- - :.-,

Derv


a !
a

a ri
D it
np
a ^J
a
a ^i

_-HlJ '

OK,

] S

j_^_J

. 9-6,

Permission Entry Program Files

248

Permission Entry . 9-10.


. 9-10. Permissions Entry

Name ()

, Change ()
Apply Onto
()

, NTFS. This Folder, Subfolders And Files

Permissions
()

. Change
Permissions Take Ownership, Allow ()

( , )

Apply These Permi- ,


ssions To Objects
. ,
And/Or Containers
.
Within This Contai- ,
Only (


)
Clear All

( )


,
Take Ownership ( ) .
*
1. Owner () Access Control Settings ( ) Change Owner To ( ).
2. Replace Owner On Subcontainers And Objects ( ),
.
3. .

:
, Take Ownership
.
^

1:

1. Administrator Windows Explorer ().


2. C:\Data ( :\ )
OWNER.
3. OWNER.TXT Properties
().

249

General ().
4. Security (),
OWNER.TXT.
" OWNER.TXT?
5. Advanced ().
Access Control Settings For OWNER.TXT ( OWNER.TXT) Permissions ().
6. Owner ().
OWNER.TXT?
> 2: Take Ownership
1. Access Control Settings For OWNER.TXT (
OWNER.TXT) Permissions ().
2. Advanced ().
Select User, Computer, Or Group (: ,
).
3. Look In ( ) .
4. Name () User83, .
Permission Entry For OWNER.TXT.
, User84.
5. Allow () Take Ownership.
6. .
Access Control Settings For OWNER.TXT ( OWNER.TXT) Permissions ().
7. , .
8. , OWNER.TXT.
9. Windows 2000.
>
1.
2.
3.

4.

5.
6.

7.

3:
User83 Windows Explorer ().
C:\Data.
OWNER.TXT
Properties ().
General ().
Security () OWNER.TXT.
, OWNER.TXT.
.
Security ().
Advanced (), Access
Control Settings For OWNER.TXT { OWNER.TXT),
Owner ().
OWNER.TXT?
Name () User83 Apply ().
OWNER.TXT.

10-434

250

8. , Access Control Settings For


OWNER.TXT ( OWNER.TXT).
OWNER.TXT Security ().
9. , Properties ().
* 4:
1. User83. User83
Full Control Owner.txt Apply ().
2. Allow Inheritable Permissions From Parent To Propagate To This Object
( ).
3. Security () Remove (),
Users () Administrators ()
OWNER.TXT.
4. , OWNER.TXT.
5. OWNER.TXT.
6. .

: Change Permissions
Take Ownership.
, Full Control
. ,
.
Take Ownership
. Full Control Full Control
Take Ownership ,
. - .
,
Take Ownership .

. Administrators () , .
, Take Ownership
.

251

4,

. .
, :
S , NTFS
;
S
.
15 .



. 9-7.

. 9-7.

/ /

NTFS NTFS:
Windows 2000 , ;
;
Write ,
;
CREATOR OWNER (-) .

FAT / NTFS,
FAT NTFS.

252


(. 9-8.).

^ "? =

write Modify
. 9-8.

/ /

NTFS
/ NTFS:
;
Write , /;
Modify /; Windows 2000 ;
/ .
NTFS
NTFS:
;
Write , /;
Modify ,
Windows 2000 ;
CREATOR OWNER (-).
FAT / NTFS, FAT NTFS.

:
,
.

253

> 1: ,
1. User83. Windows Explorer ()
: Tempi.
, .
? ?
2. .
> 2: , Administrator
1. Administrator Windows Explorer ().
2. : 2 .
.
2 ? ?
Everyone () 2 , . 9-11. Allow Inheritable Permissions
From Parent To Propagate To This Object (
). , Add (), ( ) Select
Users, Computers, Or Groups (: , ), Add (), . .
. 9-11.

C:\Temp2

Administrators: Full Control

C:\Temp3

Backup Operators ( ): Read & Execute

Users Read & Execute


Users: Full Control
> : NTFS
1. C:\Temp2 C:\Templ.
2. C:\Templ\Temp2 C:\Temp2.
C:\Templ\Temp2 ,
? ?
3. .
^ 4: NTFS
1. User83.
2. C:\Temp3 C:\Templ.
C:\Templ\lemp3?
3. .

, . , , . ,

254

, . Windows 2000 , , .
Write , .
, CREATOR OWNER () .
NTFS, . ,
NTFS, .
, ,
.

255

5.

NTFS / . .
, :
,
;
S .
S

5 .


. 9-12 , ,
, , .
. 9-12.



NTFS, .
,
, .
,



,
,

,
, ,
,


Full Control
,
.


, Delete Subfolders And Files,
Full Control

Windows 2000 POSlX-, UNIX.


UNIX Full Control
. Windows 2000 Full Control
Delete Subfolders And Files, .

256


NTFS,
.
NTFS, .
, ,
, ,
.
Administrators () Read & Execute Change Permissions, Users () Read & Execute. .
Users () Read & Execute Read & Execute
Change Permissions Administrators (), .
Administrators ()
Full Control,
Read & Execute Change Permission.
CREATOR OWNER (-) Full Control
,
/. , /
, /,
.
CREATOR OWNER (-) Full Control, Everyone () Read and Write. , Everyone
() .
, . , /
.
, . , ,
. ,
.

:
, . 9-12.
Full Control ,
. , , .
>
1.
2.
3.

1: Full Control
Windows Explorer ().
Fullaccess.
, Everyone () Full Control Fullaccess.

^ 2:
1. C:\Fullaccess NOACCESS.TXT,

257

2. Allow Inheritable Permissions From Parent To Propagate To This Object


( ). Everyone () Full Control NOACCESS.TXT
.
Security () ,
NoAccess.txt. i
.
3. Yes (), Security
().
* 3: Full Control
1. B--Wmdows Explorer () NOACCESS.TXT
C:\Fullaccess, .
? ?
2. Start (), Programs (), Accessories
Command prompt.
3. cd c:\fullaccess, C:\Fullaccess.
4. NOACCESS.TXT, del noaccess.txt.
? ?
Full Control
?

NTFS . . .
, , , .


) I
^*-


. , . . * .

1. , NTFS?
?
2. , Write
Read ?
3. Modify Read .
. ?
4. , ,
NTFS? , NTFS?
5. ?
6. ,
?

10

1,

260

2.

264

3,

267

4.

NTF5

273

5.

DFS

281

290


9 NTFS, . NTFS
NTFS , .
FAT FAT32.
, .


:
, ;
79 ;
.

260

10

1.
Microsoft Windows 2000 , .
.
, :
S ;
/ , .
15 .


, . .
,
, , NTFS.
, , . ,
.

FAT. NTFS FAT .
Everyone () Full Control ( ) .
Windows Explorer () (. 10-1).
, 10-1.
. 10-1.

Read ()

, ,

Change ()

,
, ,
,
Read

Full Control
( )

,
,
Change

__ -----^J -~
(
8"~
\ 1

-13
[

InHinut

|
^

PfLOQ*

Praftn

Llvtd' !.KB

P'J

^
[JZI

L_J

D f 5.90 a

J.

,,.

f* Q Data

DKunwnl^
. ^?

Local Disk (C:)


Sstat an tan In ts
DocimBts and fttr
Set*

261

i D ^j

jj

Capactr: 7.95SE

it- PrcqramFlH

as Q "

Ci
^-^1

. 10-1.

-s.

2]

LJ

WlhNT

WBHIPBO

|
U

Windows Explorer ()

.
, . , . , ,
. , Full Control ( ).


, . .
.
,
. , . , Read Change,
Change, Read.
. ,
, , ,
NTFS NTFS.
, FAT, NTFS.
NTFS, ,
NTFS .
. , . .



:
, ,
. ;

262

10

, ;
, . , ,
, , Read;
.
, Read () , ( );
. ,
Application Apps. , .
. 10-2 .
. 10-2.

Windows 2000/NT/9x

80

255

MS-DOS, Windows 3.1,


Windows for \\brkgroups

8.3

8.3

Microsoft Windows 2000 8.3, . , Windows 2000


Accountants Database MS-DOS, Windows 3.x Windows for Workgroups
Account-1.

:
Userl (. 10-2). ,
Userl *.

Folder A

Folder

. 10-2.

1. Userl Groupl, Group2 Group3. FolderA Groupl Read, Group3 Full Control ( ), a Group2
. Userl
FolderA?
2. Userl Sales, Read () FolderB. Userl, , Full
Control ( ) FolderB.
UserlOl FolderB?

.
FAT. , . ,
, , ,
.
: Read (), Change ()
Full Control ( ). Read , , . Change , ,
, , , Read. Full Control
, ( NTFS) , Change. Everyone ()
Full Control ( ) .

10

2,

.
. , , .
.
, :
S ,
.
5 .


(application folders) ,
.
, . ,
, ,
. , .
. 10-3 , .
. .
Administrators () Full Control (
) , .
Full Control ( ) Everyone () Read () Users (). , Users ,
Everyone , , Guest ().
Change () ,
.
, , .


Administrators
Full Control
Full Control
Everyone Read
Users
Change ,




. 10-3.


(data folders).
, . , , , . , , .


:
, ;
Users () Change () ,
; , , (. 10-4).

. 10-4.

266

10


, :
Administrators () Full Control (
) ,
;
, Change () .
, Accountants, Data, Accountants Change Accountants (. 10-4).
,
.
Microsoft Windows 2000.

. Administrators ()
Full Control ( ), . Full Control Everyone () Read () Users (), , Users , a Everyone
, ,
Guest ().
.
. , .


.
, .
, ,
, . : , ,
.
, :
S ;
S .
20 .


Windows 2000 Administrators (), Server Operators ( ) Power Users ( ). :
Windows 2000 Administrators Server Operators
. Power Users Windows 2000
Professional, ;
Windows 2000 Administrators Power Users pa ( Windows
2000 Professional, .
NTFS
Read.


Windows 2000 .
($), , . ,
, . Windows 2000.
. 10-3.

Windows 2000

$, D$, E$ . .


,
($). ,
. . Windows 2000 Administrators Full Control.

268

. 10-3.

10

Windows 2000 ()


Windows 2000 CD-ROM;

AdminS

, C:\Winnt,
AdminS. Administrators
, , . Windows 2000
Administrators Full Control

PrintS

, systemroot\Sy$tem32\
Spool\Drivers Print$; .
Administrators, Server Operators ( ) Print Operators
( ) Full Control, Everyone
() Read ()

, . , ($) ,
, .


, ,
, , , .
*
1. Properties ().
2. Sharing () (. 10-5) Share
This Folder ( ).

You nhtfihit fofcfer tiket Usm or jjaui


nwo&.' to to aiit.FoWer- Share rt

*" DojjntsbajelfcfaSdH

f"

lju

To ccitigi*e jean
His shared fddfs, c

. 10-5.

Sharing ()

3. Share Name ( ) .
.
4. Comment (). .
5. User Limit ( ) ,
. Maximum Allowed ( ), Windows 2000 Professional
10 . Windows 2000 Server , .
6. .


,
^
1. Sharing () Permissions ().
2. Permissions For () (. 10-6) , Everyone (), Remove ().
hv Apps
Shaie

Ful Central
Change
Read

. 10-6.

Permissions For ()

3. Permissions Add ().


4. Select Users, Computers, Or Groups (: , ) /, .
5. Add () , / .
/.

270

10

-Select LKers, Computer* Grwflie

zl
______J \ Folrja

N- gj

;Admostialors
I Lisas
' Backup Operators
(J3 Replicator
Server Operators
count Opera! ws

. 10-7.

raicrotofl.ccm/fl uftin
rmciosoU . cc m/B uiton
mctosotl.cc m/Buftin
mciosoU . cc m /B uilSri
mcrotoH . cc m/B
(TUCtOiOlt 1 '

i Eii:lii

mic^osinccm/Bijinr,

JJJ

Select Users, Computers, Or Groups


(: , )

6. ,
7. Permissions / , Allow () Deny (), .

Select Users, Computers, Or Groups (: , ) Look In ( )


/ ,
. ,
Active Directory Entire Directory.


: , .
>
1. Sharing () .
2. , . 10-4.
. 10-4.

Do Not Share This Folder (


).
,

New Share ( ). ,
,


. 10-4. ()

Remove Share ( )
,

Permissions () Add () Remove


(). Select Users. Computers, Or Groups
(: , )
/,

, ,
. , Do Not
Share This Folder ( ),
, .


: Map Network Drive { ), Add Network Place ( ), Run (), My Network Places ( ).
> Map Network Drive
1. My Network Places (
) Map Network Drive (
).
2. Map Network Drive ( ) Folder ()
UNC- (, \\_\__) (. 10-8).

and assign a drive letter to the connection so that you can


specify the drive letter for *he eomecticn and the feifer
the*: you want to correct to:
il-il

I \\serverl\apps
Example: V\?
Connect using a dffejentjjser nan.
Qreafce a shortcut to a Web f^der

Finish

. 10-8.

Map Network Drive ( )

3. Drive () .

272

10

4. Reconnect At Logon ( ),
.
5. Connect Using A Different User Name ( ), ,
Connect As ( ) .
^ Add Network Place
1. My Network Places ( ).
2. Add Network Place ( ).
3. \Sfelcome The Add Network Place Wizard (
) Type The Location Of The Network
Place ( ), Next ().
4. Completing The Add Network Place Wizard (
) Enter A
Name For This Network Place ( ), Finish ().
5. , My Network Places (
).
^ Run
1. Start () Run () Open () \\_ .
2.
.
^ My Network Places
1. My Network Places ( ).
2. , .
3. .

,
, . ,
, . , , , .
, .

NTFS

4.
NTFS
NTFS NTFS.
NTFS
.
, :
S NTFS.
45 .


NTFS
NTFS
NTFS.
NTFS , .
, NTFS
. , ,
.
NTFS :
NTFS,
;

NTFS . FAT
, ;
NTFS
.
. 10-9 , Everyone Full Control (
) Public NTFS Read FileA. FileA Read (),
FileB Full Control, ,
NTFS .

10

NTFS NTFS
NTFS

. 10-9.

NTFS

:
, , , ,
NTFS.
(5 8)
Windows 2000, . , ,
.

1:
NTFS ,
NTFS (. 10-10). .

NTFS ">-A sales


g*^

=i)

JIJToMNTFS Jj

_- N rFS _>-\Userl
!

,-.:..: NTFS >\ 32

. 10-10.

NTFS

275

1. Data. Sales
Read, Sales NTFS- Full Control.
Sales Sales
Data?
2. Users .
, , . Users Users Full Control. Userl User2 NTFS Full Control NTFS . Users.
Userl Userl Users? User2?

2:
(. 10-11).
, .

Server2

_i

. _ -,~..~

"|

Data

Customers
Management
guidelines

. 10-11.

, , , .
:
Managers
Management Guidelines. ;
, Management Guidelines;

276

10


. Customer Service;
;
, , ;
Managers ;
CustomerDBFull ;
CustomerDBRead ;
, ;
Windows 2000/NT/98/95,
.
.

. 10-5.

: Management Guidelines

MgmtGd

Managers: Full Control

:
^ :
1. Administrator ().
2. Windows Explorer (), C:\Apps ( :\ ), Sharing ().
3. .
4. Share This Folder ( ).
5. Share Name ( ) ; .
6. Comment () shared productivity applications
.
Windows Explorer Apps, ,
?

4:

.
^ 1: Apps
1. Apps Sharing ()
Permissions ().
?
^ 2:
1. , Everyone ().

NTFS

277

2. Remove ().
^ 3: Full Control Administrators
1. Add ().
Select Users, Computers, Or Groups (: ,
).
2. Look In ( ) , Name ()
Administrators, Add ().
3. .
Administrators , .
Administrators ?
4. Allow () Permissions () Full
Control ( ).
Change ()?
5. .
6. , Apps.

5 ():
. .
! 5
( Windows 2000, ). , ,
.
*
1.
2.
3.

1: Run
Administrator.
Start () Run ().
Open () \\SERVER1 ( , ) .
SERVER1. , .

?
4. Apps, ,
.
5. Apps On SERVER!.
^ 2: Map Network Dri>e
1. My Network Places ( ) Map Network Drive ( ).
2. Folder () Map Network Drive ( ),
\\SERVERl\Apps ( , ).
3. Drive () :.
4. Reconnect At Logon ( ).
.
Windows 2000 .
5. Finish ().
6. Apps On 'SERVER1 1 (:).

278

10

7. , , My
Computer ( ) , : Apps On Server 1.
Windows Explorer , ?
* 3: Windows Explorer
1. Windows Explorer Apps On 'Server (:) Disconnect ().
Windows 2000 Apps On 'Server (:) My Computer.
2. Windows Explorer.
^
1.
2.
3.

4:
UserSl.
Start (), Run ().
Open () \\SERVER1 ( , ) .
, . ?
4. .

^ 5:
1. My Network Places ( ) Map Network Drive ( ).
2. Map Network Drive ( ) Folder ()
\\SERVERl\Apps ( , ).
3. Drive () J:.
4. Connect Using A Different User Name ( ).
Connect As ( ) , (
Windows). ?
5. Connect As ( ) User Name domain I \administrator
( domain 1 ).
6. Password () password .
7. , Reconnect At Logon ( )
, Finish ().
8. .
6:
^ :
1. Administrator
Windows Explorer.
2. C:\Apps
Properties ().
3. Apps Sharing ().
4. Do Not Share This Folder (
), .

NTFS

279

Apps , , . , F5.
5. Windows Explorer.

7: NTFS
NTFS Apps, Wordprocessing, Database, Public Manuals
Apps Public.
Windows Explorer NTFS , . NTFS.
. 10-6.

NTFS 7

NTFS

C:\Apps

Administrators
Users

Full Control
Read & Execute

C:\Apps\Wordprosessing

Administrators
Users

Full Control
Read & Execute

C:\Apps\Database

Administrators

Read & Execute

C:\Public

Administrators
Users

Full Control
Modify

C:\Public\Manuals

Administrators
Users
User83

Full Control
Read & Execute
Full Control

, . .
. 10-7. 7

C:\Apps.
Apps

Administrators
Users

Read
Read

C:\Public,
Public

Administrators
Users

Full Control
Full Control

8 (): NTFS

, ,
1. 7.
! 8 Windows 2000, . , ,
.

280

10

1: Manuals
User82
1. User82 .
2. Windows Explorer C:\Public\Manuals.
3. Manuals - .

? ?
4. Windows Explorer,
^

2: Manuals

1. User82 ( ).
2. Start () Run ().
3. Open () \\serverl\public ( serverl )
.
4. Public On Serverl Manuals,
5. - .
? ?
6. .
*

3: Manuals

1. User83 ,
2. Windows Explorer C:\Public\Manuals.
3. Manuals - .
? ?
4. .

. FAT
. NTFS
NTFS .
NTFS .
, ; , ,
NTFS,
.

DFS

281

DFS
Distributed file system, DFS Windows 2000 Server
. DFS
, .
, :
/ DFS Windows 2000 Server.
40 .

DFS
Microsoft DFS Windows 2000 Server , .
(, 10-12).
, , .
.
Server!

User!

. 10-12.

Users
ghx _J User3

DFS

DFS .
. DFS DFS (DFS share). DFS (DFS
root). DFS-,
, . DFS,
.

1 ', -434


. 10-8.

10

DFS

DFS Active Directory.


, .
Domain Name System
(DNS), DFS-

DFS .
, ,
,
DFS . DFS-

.
DFS ,
, .
. DFS- . DFS .
. , DFS
NTFS.
DFS. Windows 98/NT 4.0/2000 Windows 95.

DFS
DFS :
;
;
, ;
;
Wfeb- .

DFS
DFS DFS, DFS- DFS ( ).
DFS , DFS,
. ,
.
DFS
. DNS. DFS DNS DFS
.
DFS , DFS
Active Directory. DFS , , DFS, DFS.

DFS

DFS
DFS :
DFS;
DFS-;
DFS ( );
.

DFS
DFS Windows 2000 FAT, NTFS (4TFS
). .
^ DFS
1. Start (), Programs (),
Administrative Tools, Distributed File System ( DFS).
2. Action () New DFS Root ( DFS)
New DFS Root Wizard ( DFSK
.
. 10-9.

DFS

Select The DFS Root Type


( DFS)

DFS

Specify The Host Domain For


The DFS Root (
DFS)

DFS

Specify The Host Server For The


DFS Root (
DFS)

( DFS).
Windows 2000 Server

Specify The DFS Root Share


(
DFS)

DFS. :

Name The DFS Root (


DFS)

DFS

DFS-
DFS DFS-. 1 000
.
"

* DFS-
1. Start (), Programs (),
Administrative Tools, Distributed File System ( DFS).
2. DFS, . Action
() New DFS Link ( DFS).

284

10

3. Link Name ( ) Create A New DFS Link (


DFS) (. 10-13) , .
4. Send The User To This Shared Folder (
) Browse () , .
,T 1)141 hitidlDd hit' 4yil .-tn

whws e uj^-.ij9?|^ i
L'^rtbriie _
JWord Piocessing
Sena*heu!ei|eifr4si*edrDfdei:

. 10-13.

.--1

Create A New DFS Link

5. Comment () (, ).
6. Clients Cache This Referral For X Seconds (
) , DFS-. DFS
, .
7. .
DFS.

DFS
DFS- DFS.
DFS DFS-. Add A New Replica.
32 . DFS .
.
> DFS
1. Start (), Programs (),
Administrative Tools, Distributed File System ( DFS).
2. DFS DFS-,
, New Replica ( ).
3. Send The User To This Shared Folder (
) Add A New Replica ( )
Browse () (. 10-14).

DFS

285

Add a New Replica


Whena user

mMlCROSQFT\More Shaped AppsWustoms seivfce

QK

. 10-14.

Add A New Replica

4. Replication Policy ( ):
Manual Replication, ,
;
Automatic Replication ( DFS), . NTFS Windows 2000.
5. .


DFS DFS .

DFS
DFS DFS , .
> DFS
1. Start (), Programs (),
Administrative Tools, Distributed File System ( DFS).
2. DFS DFS, , New Root Replica (
).
3. New DFS Root Wizard (
DFS).

DFS
DFS .
DFS-
, , , . . DFS-,
.

10

DFS. DFS . DFS FAT. DFS


(File Replication Service, FRS).
DFS. 15
. DFS . DFS.
DFS FRS, DFS .
>
1. Start (), Programs (),
Administrative Tools, Distributed File System System (
DFS).
2. DFS DFS-, ,
, Replication Policy ( ).
3. Replication Policy ( ) ,
, Set Master (. 10-15).

.Sstfor

]9*

dFaldei

| RagheatoB^

eivei2 \eust.

. 10-15.

No

mm

j^D
Enable

Replication Policy ( )

4. , .
.
DFS-,
.

: DFS
, . , DFS DFS-.
Windows 2000
Server , - .

DFS

^ 1:
1. .
2. Windows Explorer
, 7 4.
. 10-10.

C:\Apps\Database

DB

C:\Apps\W>rdprocessing

Word

> 2:
Windows Explorer ( :\ ) .
. 10-11.

C:\MoreApps\Maintenance

Maint

C:\MoreApps\CustomerService

Custom

^ 3: DFS
1. Start (), Programs (), Administrative Tools, Distributed File System
( DFS).
Distributed File System ( DFS).
2. Action () New DFS Root ( DFS).
New DFS Root Wizard ( DFS).
3. Next.
Select The DFS Root Type ( DFS).
4. Create A Domain DFS Root ( , DFS)
, Next.
Select The Host Domain For The DFS Root.
5. , Domain Name microsoft.com ( ) Next.
Specify The Host Server For The DFS Root (
DFS).
6. DFS Server Name Next.
Specify The DFS Root Share ( DFS).
7. .
Create A New Share.
. c:\apps-DFS
( :\ ) Path To Share Shared Apps
Share Name.

288

10

8.

.
DFS
C:\App-DFS.
9. Yes ().
Name The DFS Root ( DFS).
DFS Root Name .
10. Next.
Completing The New DFS Root Wizard (
DFS) .
. , , Finish ().
, DFS \\microsoft.com\Shared
( microsoft.com ).
DFS-, ( :\
).
. 10-12. DFS-

Database

\\Serverl\DB

:\Apps\ Database

\Vbrd Processing

\\Serverl\W>rd

: \Apps\W> rdprocessing

Maintenance

\\second_computer\Maint

C:\MoreApps\Maintenance

Customer Service

\\second_computer\Custom

C:\MoreApps\CustomerService

> 4: DFS-
1. DFS \\microsoft.com\Shared Apps ( microsoft.com
).
2. Action () New DFS Link ( DFS).
Create A New DFS Link ( DFS).
3. Link Name ( ) Database.
4. Send The User To This Shared Folder (
) \\serverl\DB ( server! ).
5. ..
6. 1 5 \Vbrd Processing, \\Serverl \Wird ( server! ).
* 5:
1 . DFS \\microsoft.com\Shared Apps ( microsoft.com
).
2. Action () New DFS Link ( DFS).
Create A New DFS Link ( DFS).
3. Link Name ( ) Maintenance.
4. Send The User To This Shared Folder (
) \\_\ ( _ ,
) .

DFS

289

5. 1 4 Customer Service, \\_\51 ( _ , ).


6. DFS.
^ 6: DFS
1. :
My Network Places ( ), Entire Network ( ), Microsoft
Windows Network ( Microsoft Windows), .
2. SERVER1.
Windows Explorer .
Shared Apps, DFS.
- Windows 2000, Shared Apps
?
3. DFS- Shared Apps.
Windows Explorer Shared Apps On Serverl
.
- Windows 2000, DFS- Shared Apps
?
4. .

Microsoft DFS Windows 2000 Server , . DFS


, . DFS

. DFS- . DFS .
, , DFS DFS-.

10


9 i
^

. ,
. . .

1. FAT, Full
Control. ?
2. .
3. ?
4. NTFS,
Full Control. . ?
5. ?
6. NTFS?
7. DFS ?

11

Active Directory

Active Directory

292

2, Active Directory

297

3.

Active Directory

304

4,

Active Directory

307

Active Directory

314

Active Directory

318

Active Directory

324

Active Directory

331

333


Active Directory ,
, , , , (), , .
Active Directory.


:
;
;
Windows 2000 Support Tools
3;
7, 8, 9 10 .

292

Active Directory

t1

!. Active Directory
Active Directory . , . Active
Directory
. Active Directory
Find () Active Directory Users and Computers (Active Directory
).
, :
^ Active Directory;
S Active Directory Find.
15 .

Active Directory
Active
Directory. Active Directory.
. 11-1.
. 11-1.

Active Directory

, Windows 2000
(, ).
, ,
, ,
. .

, : , , , . .

, ,

(pointer) .
, .
. Active Directory
,

. ,
Active Directory, . Microsoft Windows
2000 Active Directory ,

,
, DNS-, , ,
Windows, ,


()

, ,
Active Directory

Active Directory

293

Find
Active Directory Users and Computers (Active
Directory ),
Find (). Find (), (. 11-1).
LDAP- .
/. , , / . Active Directory
,
.
Find ().
. 11-2.

Find

In ()

, Active
Directory,

Browse
()

Find ()

, , , , , , , ,
.
LDAP-
. , LDAP- =** (
Advanced) , .
Domain Controllers

Advanced
()

- ,
,
, , , .
Advanced
,
Custom Search ( ). Custom
Search , Advanced

Field ()

-
. Advanced

Condition
()

-
. Advanced

Value ()

(),
Active Directory. Advanced.

. , , R, Field First ISame
(), Condition Starts With ()
\klue R

Find Now
()

Stop
()

. ,
,

Active Directory
. 11-2.

11

Find ()

Advanced .
Field Condition, Value.
, Remove (). ,

Clear All
( )

Find,

fi find Users. Curtails. ail Groups

. 11-1.

Active Directory Find

: Active Directory
Active Directory , .
. , .
! . , .
, . ,
, , Windows 2000 .

Active Directory

295

^ 1;
1. Administrator ()
Active Directory Users and Computers (Active Directory ).
2. Users.
3. Action () New\User (\).
New Object User ( ) , Users
.
4. , . 11-3.
. 11-3.

First Name
()

Last Name
()

User Logon Name


(
)

Password
()

Change Password (
)

User

Twenty

User20

Password

User

Twentyone

User21

Password

User

Twentytwo

User22

Password

Print Operators ( ) , .
5. User20 General ()
Telephone Number ( ) 555-1234.
>- 2:
1. Find
().
Find ().
?
2. , Find Users, Contacts, And Groups (,
), Find Now (). ?
, Windows 2000 ,
, .
3. Find Users, Contacts. And Groups (: ,
) Clear All ( ) , .
4. In () .
5. Advanced ().
6. Field, User (), Telephone Number ( ).
: Windows 2000 Condition () Starts With ().
7. Value () 555 Add ().
8. Find Now ().
Find Users, Contacts, And Groups User20, 555-1234.
9. Find Users, Contacts, And Groups.

298

Active Directory

11

3: Active Directory Users and


Computers
1. View () Users, Groups, And Computers As Containers
(, ).
Active Directory Users and Computers .
.
2. Domain Controllers, .
Active Directory Users and Computers . , , .
3. .
Active Directory Users and Computers .
4. .
5. Staple (), , , .
6. Active Directory Users and Computers.
7. Start\Search\For Printers (\\).
8. Find Printers (: ) Features ().
9. Can Staple ().
10. In () Find Now.
, .
11. Find Printers.

Active Directory , , , , , , .
Active Directory Users and Computers, Properties (). Find () Active Directory.
Active Directory .

Active Directory

297

2.
Active Directory
Active Directory Windows 2000 , Windows 2000
NTFS. Active Directory ,
. Windows 2000 . Active Directory.
, :
S Active Directory.
20 .

Active Directory
Active Directory , .

Active Directory
, , Active Directory.
, . Windows 2000 , (access control list, ACL) . ACL , ,
.
, Active Directory.


. , , . , - Reset Password, - .
, , .
,
,
. ,
Read , Write
, Read Write.
. ,
. ,
, . , ,
.

298

Active Directory

,
Full Control. , ( ) Active Directory Users and Computers, .


. , , .
.
, Write Write
All Properties ( ), Add/Remove Self As Member (
) Read ().

( ) , .
. 11-4.

Full Control ( )


, ,

Read ()

, ,
Active Directory

Write ()

Create All Child Objects


(
)

Delete All Child Objects


(
)

Active Directory
Active
Directory Users and Computers. Security ()
(. 11-2).
.
! Security View () Advanced Features (
).
Permissions, () ,
. , Allow Inheritable
Permissions From Parent To Propagate To This Object ( ).

Active Directory

299

Sara*

fJjAdmmisliatoi! (MICROSOFT\A*irdirjalois)
{JI Authenticated U sets
(5 Domain Adirms (MICROSOFT\Domam Adrmn
fjl Enterprise AdmnsiMICROSOFTVEnterpfise A.

Reed
Write
CieateAIIChJdObiBils
Ddele All Chid Objects

. 11-2.

Ful Contid

Active Directory

>
1. , View () Active Directory Users and Computers Advanced Features ( ) .
2. , Action Properties
Security () .
3. :
, Add (),
, Add
.;
, .
4. Permissions Allow () Deny ().
.

. Security ,
; , / .
Advanced ().
^
1. Security Advanced.
2. Access Control Settings For ( ),
. 11-3, Permissions () , Permission Entries ( ), View/Edit (/).

Active Directory

11

111
j^emnsisis j Atdtomj: O^rer |
Prameaof Er.jjtef

Atow

Ejomar Acmirs IM U! .

Special

Ihisobje

SYSTEM
Account Dpeialors (Ml.
Accamt Operator? (M
PiHDpaatori(MOO.
Admmstrators (MICROS.
Erterpliie Admins |M)Q.

Full Contlol
Special
Special
Special
Special
FullContiol

this ctiec
this objec
this obiec
thisobjec
this objec
(

' ; - , ,,.-

. 11-3.

,!-.. ,.,!

Access Control Settings For Users

3. Permission Entry For ( )


(. 11-4):
Object () ,
/;
Properties () ( ) / .

, (, Active Directory ..), .

Cfc*?cl j Propaiies j

Hans. "

Ful Conlrol
List Contents
ReadAJIPnperlies
Write All Properlies
Detote
Delete Subtree
Read Permissions

Doty

El

D
D

D
1 1
1

El
0

3
;:

Modiljj Own

Al Validated Writes
Create All CNd Otiecls
Detele All Chid ObiecB

!. =

Alow

Modily Permissions

All Extended RigHs

',

El
El

...

i !
i J

a
a

. 11-4. Permission Entry For Users

Active Directory


, Active Directory .
,
(. 11-5). .
, Full Control .
.
, . . , ,
.
Windows 2000 . .


i Allow inheritable permissions from
parent to propagate to this object.
| OK 11 j Apply]
. 11-5.


Allow Inheritable Permissions From Parent To Propagate To This Object ,
,
. , . Security.
Windows 2000 :
.
.
;
. Windows 2000 , - .
.

Active Directory

11

: Active Directory
, ,
Active Directory.
! Active Directory Active Directory .
^ 1: ,
1. Administrator Active Directory Users
and Computers.
2. .
3. Action New\Organizational Unit (\).
4. New Object Organizational Unit ( ) Name () security 1 .
5. Security 1 , First Name ()
User Logon Name ( ) Assistant 1.
password .
6. , First Name User
Logon Name Secretaryl. password .
7. Print Operators ( )
, .
> 2: , Active Directory
1. View () Advanced Features ( ).
Active Directory.
2. Security! Properties ().
3. Security ().
4. ,
Security 1. 5.
. 11-5.

, Securityl

, - (
)?
3:
Securityl Security ()
Advanced ().
Access Control Settings For Securityl ( Securityl).
Account Operators ( ), Permission Entries ( ) , , View/Edit (/).

Active Directory

303

Permission Entry For Security! ( Securityl).


Account Operators?
Account Operators ? (:
Permission Entries , Account Operators).
, Account
Operators? ?
3. ; Active Directory Users and Computers .
^
1.
2.
3.
4.

4: , Active Directory -
Active Directory Users and Computers Securityl.
Securityl Properties.
Security.
,
Secretaryl. 5. - ,
, Advanced.
. 11-6. Securityl

- -? ?
- Securityl?
?
Account Operators ?
5. .

Active Directory , . ,
. Windows 2000 , (access control list, ACL) Active Directory.
.
Full Control, Write, Read, Create All Child Objects Delete All Child Objects.
. Active Directory .
, . .
, , , .

Active Directory

11

3. Active Directory
, , .
, , Windows 2000 .
Active Directory.
, :
S , .
10 .

Active Directory
, Active Directory, ,
, , , , .


Active Directory Users and Computers (Active Directory ).
, , . , , .


(, ) . Windows 2000 .
Windows NT Active Directory Users and Computers.
^
1. Start\Programs\Administrative Tools (\\) Active Directory Users And Computers (Active Directory ).
2. .
3. , ,
New\Shared Folder (\ ).
4. New Object-Shared Folder ( )
Name () .
5. Network Path ( ) UNC- (\\cepeep \_\), , .
.
^ Windows NT
Active Directory Windows NT. Slart\Settings\ Printers (\\).

Active Directory

305

1. Start\Programs\Administrative Tools Active Directory Users


And Computers.
2. .
3. , , New\Printer (\).
4. New Object-Printer ( ) Network Path
Of The Pre-Windows 2000 Print Share ( -Windows 2000 ) UNC-, , .
Windows NT .


(, ) Active Directory Sites and
Services (Active Directory ). , , ,
. API- Active
Directory.
, . ,
Active Directory .


Active Directory .
,
. , Windows 2000 . , , .
.
. .
.


, :
. , , ;
. , , , . 15 , OF .
. , . -

306

Active Directory

11

. ,
. , TCP-.
Active Directory Service
Connection Point (SCP). ,
SCP. , SCP
, ,
;
.
. .


*
1. Administrator.
2. Start\Programs\Administrative Tools Active Directory Sites
And Services (Active Directory ).
3. Active Directory Sites And Services (Active Directory
).
4. View () Show Services Node ( ).
5. Active Directory Sites And Services\Services\Public Key
Services Certificate Templates.
6. , . .
7. Security ()
.
8. .
.

, Active Directory.

Active Directory

307

4. Active Directory
, , Active
Directory. Active Directory .
, :
S ;
S ;
S .
20 .


Active Directory .
.


. .
^
1. Active Directory Users and Computers Action Move ().
2. ,
, (. 11-6).
, :
, , ;
. ;
.

Action

V-P

*,

O ;^f

*etuf*y'l 'jobiett

SlnrtoaebJK*1s

. 11-6.

Move ()

<

Active Directory

11

, ,
,
. Computer.
, View Users, Groups, And Computres As Containers (, ).



Windows 2000 . MOVETREE
Active Directory, , , . MOVETREE Windows 2000 Support
Tools, \SUPPORT\TOOLS - Windows 2000.
Windows 2000 Support Tools 3.
( ) .
.
(globally unique identifier, GUID) .
(security identifier, SID).
, , Windows 2000
SIDHistory ,
Windows 2000. (access control list,
ACL)
, SID SIDHistory
.
SID (SID history), SID , .
MOVETREE ,
(group policy object, GPO) .
GPO , GPO .
12.

, MOVETREE


.
;
.

.

Active Directory

309

, MOVETREE
. (orphaned) LostAndFound
. , View tiveDirectory Users and Computers . GUID , , MOVETREE. , MOVETREE :
.
, ;
Computer. MOVETREE
Computer . MOVETREE
. Computer NETDOM;
, , , , , , , - . , . ,
- . MOVETREE , Remote
Administration Scipts;
, objectClass systemOnly;
;
(Builtin, ForeignSecurityPrincipals
LostAndFound);
, ;
, .
, MOVETREE:
;
. , ;
;
, , ,
, , -
;
. , ;
.


, :
User - .
;
, (security accounts manager, SAM). , samAccountName
;

310

Active Directory

11

User .
. ,
.

:
Domain Users ( )
User, . ,
User Domain Users .


, , :
Group ;
;
samAccountName .

MOVETREE
MOVETREE, ,
. , ,
. MOVETREE
; , .
^ MOVETREE
1. MS-DOS movetree {/start | /startnocheck
| /continue | /check} /s SrcDSA /d DstDSA /sdn SrcDN /ddn DstDN [/u [Domain\] Username
/p Password] [/verbose] [{/? [/help}]
:
/start . /check. , MOVETREE /startnocheck;
/continue MOVETREE;
/check MOVETREE ( );
/s SrcDSA DNS- ;
/s DstDSA DNS- ;
/snd SrcDN , ,
;
/snd DstDN , ,
;
/u [Domam\\Username /p Password MOVETREE
(Username) (Password}.
(Domain}. , MOVETREE ;
/verbose MOVETREE ( );
/? /help .

Active Directory

311

MOVETREE
Marketing Server! Promotions. Sales
Server2. Promotions Marketing
Sales Sales Promotions. MOVETREE :
novetree /start /s Server"!.Marketing, Reskit.Com /d Server2. Sales. Reskit. cor /
sdn OU=Promotions, DC=Marketing,DOReskit,DC=Com /ddn OU-Sales Promotions, QC=Sales. DC=Reskit ! DOCom
MOVETREE
MOVETREE , , :
MOVETREE.ERR ;
MOVETREE.LOG ;
MOVETREE.CHK ,
.



NETDOM: Windows 2000 Domain Manager. NETDOM
Windows 2000 Support Tools, \SUPPORT\TOOLS - Windows 2000. Windows 2000 Support Tools 3.
>-

1. MS-DOS netdom move /D:domain [/OU:ou_


path] [/-.User/Pu:{Ptassward\*}] [/Uo:t^er/Po:{Password|*}] [/Reboot:[time_in_seconds]]
:
/domain , ;
/OU:ou_porA (/D:domain);
/Vd:User ,
/D. ,
;
/Pd: {password]*} , /Ud.
(*), ;
/Uv.Llser .
, ;
/Pd:{password]*} , /Uo.
(*), ;
/Reboot:[time_in_seconds] , .
20 .

NETDOM
mywksta
mydomain.

netdom move /d:mydomain mywksta /ud:mydomain\admin /pd:password

11

Active Directory

Windows 2000, SID


, .



. ,
; Default-First-SiteName. - , Default-FirstSite-Name; . , Default-First-Site-Name
.
.

Active Directory Sites and Services
Action Move ().
Move Server ( ) , , (. 11-7).
.-it? Cpnscfe
1

&

tjSSndew

S*W

: !

*=*

**

'

JJ Active Directory Sites and 5eri


;-: i^3 Sites
s- | Chicago
"*' ^"^ servers

- ,
,jik

5 efect iHs ato if al ihcdd coruain tre

f) Chic

!t -ill Subnets

JU

. -7.

'j

Move Server ( )

:
#

~ ^ .
^

1:

1. Administrator Active Directory


Users and Computers.
2. Users.
3. User20, User21, User22, 1.
Ctrl .

Active Directory

313

4. Action Move ().


5. , Securityl (, 2) .
,
Users.
6. , , Securityl.
, Securityl.
7. Active Directory Users and Computers.
^ 2: ,
1. User21.
Windows 2000 , ? ?
2. .

Active Directory
Move,
MOVETREE,
NETDOM. , ,
Move Server.
, ,
Move Active Directory Users and Computers, .

12-43-1

314

Active Directory

11


Active Directory
.
Delegation Of Control, .
, :
S .
20 .


,
.
:
;
,
;
.
,
, . , . Delegation Of Control.
, Full Control , . , , .
:

.
;
Delegation Of Control,
. ;
. ,
;
-. .

Delegation Of Control
Delegation Of Control ( )
. .

Active Directory

315

Active Directory Users and Computers , , Action Delegate Control


( ). Delegation Of Control, . 11-7.
. 11-7.

Delegation Of Control

Users Or Groups
( )
Tasks To Delegate
( )

Active Directory Object Type


( Active Directory) ( ,
)

:
This Folder, Existing Objects In This Folder, And Creation Of New
Objects In This Folder (
, )
Only The Following Objects In This Folder ( )

Permissions ()
( ,

)


: General ()
, ;
Property-Specific ( ) ,
;
Creation/Deletion Of Specific Child Objects (
)

Active Directory

Active Directory . , , , .
Active Directory ( . .) . .
. , . .
, Full Control ( ). .
, , ,
. , , , . , , ,
.
, . , , , , .

316

Aciive Directory

11

: Active Directory
, . , 2.
>
1.
2.
3.

1:
, Assistant! password.
Active Directory Users and Computers.
Securityl.
- Securityl?
? (: . , 2.)
Secretary! . -?
?

Assistant!. ?
?
4. Active Directory Users and Computers .
^ 2: Active Directory Delegation Of Control
1. Administrator Active Directory Users
and Computers.
2. .
3. Securityl Action Delegate Control ( ).
4. Delegation Of Control Next.
Users Or Groups ( ).

5.
6.
7.

8.

9.

10.

, - . .
Add.
Select Users, Computers, Or Groups.
Assistant!, Add .
Next.
Tasks To Delegate ( ).
.
, Delegate The Following Common Tasks ( ) ( ),
Create, Delete, And Manage User Accounts (, ) Next.
Completing The Delegation Of Control Wizard ( ).
.
, Assistant! , Finish ().
Back ().
Active Directory Users and Computers .

Active Directory

317

^
1.
2.
3.
4.

3:
Assistant 1 password.
Active Directory Users and Computers.
Security!.
Securilyl.
? ?
5. Users.
? ?

, .
. Delegation Of Control .
. , Delegation Of Control ( .

318

Active Directory

11

6, Active Directory
.
,
Backup.
.
, :
S Active Directory ;
S Active Directory.
20 .


Active Directory
. , , , . , . ,
, (, ), , Windows Backup , .
Send Console Message ( ); Computer Management ( ). Services () Shared Folders ( ).
, :
.
, Windows Backup;
Windows 2000 (Hardware Compatibility List, HCL);
. ,
.


, Active Directory
Backup.
**
1. Administrator. Start\Programs\Accessories\System Tools (\\\) Backup ( ).
2. Backup ( ) Welcome ( ).
3. Next, . What To Back Up ( ). Where To Store The Backup (Rie ) .
4. Completing The Backup Wizard ( ) Finish ().

Active Directory

319

What to Back Up
, , Active Directory , ,
(System State) (. 11-8).
WhalloBackUp
You can specify the item? you want to back up

Seied wiiai you want to back up:


<" 8&upprylhinganrr4CQm
f'- Back-yp selected lilesvdaves, ot naiwoik data

. 11-8.

What To Back Up ( )

Windows 2000 , +, ( ), ,
Active Directory SYSVOL.
;
, . , ,

Where to Store the Backup


(. 11-9).

Where to Store the Backup


Youi backed-] data is stcied on the media in the destination you specily

^ndthen enter (ha name of ihemeAa lecew?

. 11-9,

Where To Store The Backup ( )

Active Directory

11

. 11-8 , .
. 11-8.

Backup Media Type


( )

(, ).
,
,

Backup Media Or File Name


(
)

, Windows Backup . .

, :
. Finish (),
Backup Progress ( ) ;
. Advanced (), .

. , .



, , .
. 11-9.
. 11-9.

Type Of Backup
( )

Select The Type Of Backup


Operation To Perform ( )

: Normal
(), (), Incremental
(), Differential ()
Daily ()

Backup Migrated Remote


Storage Data (
)

, , HSM

Verify Data After Backup


(
)

, . , Windows Backup
,
. Microsoft

How To Backup
(
)

Active Directory

. 11-9. ()

Media Options
(
)

Backup Label
( )

When To Back
Up (
)

Use Hardware Compression, If Available ( ,


)

,
.

,

If The Archive Media Already Contains Backups


( )

, ,

. Append This Hackup
Media (
),
. Replace The Data On The
Media With This Backup ( ),

Allow Only The Owner And


The Administrator Access
To The Backup Data And
To Any Backups Appended
To This Media (



)

, ,
. .

Active Directory,

Backup Label
( )

, .

. : Set
Created At .
( Active
Directory backup 09-12-00)

Media Label
( )

,
(, ).
: Media Created At .


, ,
Active Directory

When To Back Up
( )

: Now
() Later ().
Later,
. : ,

322

Active Directory

. 11-9.

11

()

Job Name ( )

Start Date ( )

Set Schedule (
)


( ) :
.
;
. . .


Active Directory

. , Active Directory
, Windows 2000
Windows Backup Task Scheduler ( ).
*

1. When To Back Up ( )
Later ().
Task Scheduler Set Account Information (
), . .
Task Scheduler , Windows 2000 . . Set Account Information.
2. Password () Confirm Password ()
.
When To Back Up,
. .
3. Job Name ( ) .
4. Set Schedule ( ),
. Task Scheduler Schedule Job ( ).
, 22:00 . , , ,
Show Multiple Schedules ( ). .

Active Directory

323

Advanced (), ,
.

, Windows Backup Schedule Jobs ( ) . .

, , ,
, Windows Backup ,
. , . Active
Directory , .
. .
Task Scheduler, Windows Backup
.

324

Active Directory

11

7. Active Directory
Active Directory: (authoritative)
(nonauthoritative). Active
Directory.
, :
S ;
S Active Directory.
25 .

Active Directory
, Active Directory,
, , , +,
SYSVOL, Active Directory ( ). (,
Active Directory).
, . .


, ,
Active Directory, , . ,
, , , .
Active Directory , .


, , . , , ,
Active Directory ,
.
Active Directory ( ) Ntdsutil. Active Directory . ,
(update sequence number, USN) Active
Directory. , -

Active Directory

325

. NTDSUTIL systemroof\system32, Windows 2000 ( Start).


, ,
, . .
,
, . , NTDSUTIL,
.
, .



. SYSVOL
Active Directory. . .
,
.
,
, SYSVOL ,
Active Directory,
+ .
^
1.
2.
3.

Active Directory
.
, , F8.
Windows 2000
Enter. .
4. Microsoft Windows 2000 Server Enter.
5. Administrator ().
6. , Windows . .
,
Administrator, SAM
, Active Directory. ,
Active Directory .
Active Directory SAM.
SAM Active Directory.
7. Start\Programs\Accessories\System Tools (\\\) Backup ( ).
8. Backup Restore Wizard ( ).
9. Next.
10. What To Restore ( ) , , Import File (
). (. 11-10).

326

Active Directory

11

1 1 . , .
.
12. , , Next.

What to Restore
You can restore any combirialion of drives, (oldere, NIes

k*. iofdsr. or (te thai you

. 11-10.

What To Restore ( )

13. :
Finish (), . .
Restore ;
Advanced (), .


,
. . 11-10 .
. 11-10.

Where To Restore
(
)

Restore Files To
(
)

.
: Original Location
( )
; Alternate Location ( )
; Single Folder
{ )
, ,
,
.
,

Active Directory

327

. 11-10. ()

How To Restore
(
)

When Restoring
Files That Already
Exist (

)

.
: Do Not Replace The File On My Disk
(He )
( );
Replace The File On Disk Only If It Is Older Than The
Backup Copy ( ,
) -
;
Always Replace The File On Disk (
) Windows Backup
,

Advanced Restore
Options (

Select The Special


Restore Options
You Want To Use
( ,
)


. : Restore
Security ( )
, NTFS. ,
NTFS NTFS;
Restore Removable Storage Database (
) RSM
. syjtemro0f\system32\Ntmsdata;
Restore Junction Points, Not The Folders And File
Data They Reference ( , ,
)
,
, .
(junction points) , ,

- , Windows Backup :
, . Windows Backup ;
. , ( ) .
, , .

328

Active Directory

11


,
. NTDSUTIL
,
.
Active Directory
, .
.
, , F8.
Enter. .
5. Windows 2000 Server.
6. Administrator.

>
1.
2.
3.
4.

,
Administrator, SAM ,
Active Directory. , Active
Directory , . Active Directory SAM. SAM Active Directory.
7. , Windows . .
8. Start\Programs\Accessories Command prompt (
).
9. ntdsutil Enter.
10. NTDSUTIL authoritative restore Enter.
11. :
, restore database
Enter;
,
, , restore subtree <_>
Enter.
, Security 1 microsoft.com,
:
ntdsutil
authoritative restore
restore subtree
OU=Security1, DC=Microsoft, DC=COM

,
restore database verinc <_> Enter;
,
restore subtree <__ noddepeea>vermc <_> Enter.

Active Directory

339

NTDS.DIT, , , ,
, . , .
12. quit Enter, NTDSUTIL.
.
13. ,
,
, .
. ,
, . (JUID
SID, .


Active Directory
Active Directory,
Sysvol. . , Sysvol Sysvol.
Active Directory ( ) Sysvol. , ( GUID),
, Sysvol.
.
Active Directory
, Sysvol Sysvol. ,
Sysvol ,
. ,
. , Sysvol ; .

, Active
Directory. .
, ,
Active Directory,
. ; .

330

Active Directory

11

. SYSVOL Active Directory.


.
.
.
, NTDSUTIL, . .

Active Directory

331

8. Active Directory
Active Directory, , .
, :
S

Active Directory.
10 .

. 11- Active Directory.


. 11-11.

Active Directory


.


,


,
.

Active Directory

.
,


,
. ;

.

,


,
.

332

Active Directory

. 11-11.

11

Active Directory ()

.
,


,
.

Active Directory


.


,


,
.


.
PDC

Active Directory,
, .


. , . . .

1. Active Directory?
2. , !, . ?
3. ?
4. Delegation
Of Control?
5. Active Directory?
?
6.
? ?

12

336

2,

347

3.

353

4,

366

5.

382

6,

389

395



. , , , , , , . Microsoft Windows 2000
.
,


:
, ;
;
8 11.

12

1.
, , . ,
, . , ,
.
, :
S
"
^
S
S
S

;
, ;
;
, ;
;
.
35 .


(group policy) . ,
, , ,
Start (), .


,
() .
Windows 2000 (local) ; , (nonlocal) ,
Active Directory.
,
Active Directory. ,
, Active Directory . (
Windows 2000) ,
.
Active Directory (, ),
. Windows 2000. Active Directory : ( ) ( ).
, .


,
(, ), .

337

Read Write
.

Group Policy

. . 12-1 Default Domain Controllers Policy.

^| Software instalation
Qj Windows Setting?
Scripts (Statup/3iulo*nJ
Setutity Settng!
il-j a*i<etratri<e Templates
.i? Q3 Widows Component?

+j System
3 i Network
S^frrtat
! User ConFigwaEien
Software Settings
software stsllsiiofi
Windows Setting*
! Internet Explorer Mamb
tit (LDgoi/LogofT)
I Security Settings
' Remote Installation 5er
| FiJder Peduettion
[^' Qj AdminsCrative Templates
S QjVrtndo
Desktop

. 12-1.

Group Policy ( )

Group Policy
. 12-1 Group Policy, .
. 12-1,

Group Policy


( )

(.
Group Policy
)
Group Policy.
Administrative Tools
() Local Security Policy ( )


( )

Windows 200C
(. Group Policy )
.

338

. 12-1,

12

Group Policy ()

(. Group Policy
Active Directory Sites and Services)

(. Group Policy
Active Directory Users and Computers)


()

(. Group Policy
Active Directory Users and Computers)
. ,
, ,



>

Group Policy

1. Microsoft Management Console.


2. Console () Add/Remove Snap-In (/
).
3. Standalone ( )
Add (),
4. Group Policy ( ),
Add.
5. , Group Policy Object ( )
Select Group Policy Object ( )
Local Computer ( ).
6. Finish (). Add Standalone Snap-In
( ) Close ().
7. Add/Remove Snap-In .
^

Group Policy Active Directory Sites and Services

1. Active Directory Sites and Services (Active Directory ).


2. ,
, Properties ().
3. Group Policy ( ), Group
Policy Object Links ( )
Edit (). New
() Edit.
Group Policy .
^

Group Policy Active Directory Users and Computers

1. Active Directory Users and Computers (Active Directory ).


2. , , Properties.

339

3. Group Policy, Group Policy Object Links Edit (


New Edit).


. : .
(computer configuration settings)
, ,
; .
,
, , ; .
, Run ()
Start (), .

Software Settings ( ), Windows Settings ( Windows)
Administrative Templates ( ) Group Policy.

Software Settings
Software Installation ( ), (. I2-2). ,
.
, , , Active Directory , . . ,
, ,
. , ,
- , . . 4.
Computer Configuration

" Software Settings

iij Software installation

User Configuration
1 Software Settings
Software installation

. 12-2.

Software Settings ( )

340

12

Windows Settings
Scripts () Security Settings ( ) (. 12-3).
Scripts / / .
/ / , Windows
2000 , . Windows 2000 . - 10 . 10 ,
- .
ActiveX,
VBScript, JScript, Perl MS-DOS ( .bat .cmd).
Security Settings ( )
.
. 13.
Windows Settings
Internet Explorer Maintenance ( Internet Explorer), Remote
Installation Services ( ) Folder Redirection (
). Internet Explorer Maintenance
Microsoft Internet Explorer Windows 2000. Remote Installation
Services . ,
Active Directory , Windows 2000 (,
Windows 2000, Active
Directory Windows). Folder Redirection Windows 2000 My Documents ( ), Application
Data, Desktop ( ) Start ( ) , , , . 5.
Computer Configuration
Software Settings
Windows Spttings
iirj Scripts (Startup/Shutdown)
Security Settings

.-; j^P User Configuration


;+: L.."J Software Settings
:- L...J! Windows Settings
I Si ^JP Internet Explorer Maintenance
;

ffll Scripts (Logon/Logoff)


E) Ip Security Settings
; 3JJ& Remote Installation Services
JlO Folder Redirection

. 12-3.

Windows Settings ( Windows)

341

Administrative Templates
, , Windows Components ( Windows), System () Network () (. 12-4). Windows Components Windows 2000, NetMeeting, Internet Explorer, Windows Explorer (), Microsoft Management Console ( Microsoft), Task Scheduler ( ) Windows Installer ( Windows), System
, . Network Offline File-; ( ) Network and Dial-Up Connections ( ).
Administrative Templates Printers (). , System Disk Quotas ( ), Domain Name System (DNS) Client (DNS-)
Windows File Protection ( Windows).
Administrative Templates
, ,
Start Menu & Taskbar ( ), Desktop (
) Control Panel ( ). Start Menu & Taskbar
Start ; Desktop . Control Panel ,
Windows .
Administrative Templates 450 .
HKEY_LOCAL_MACHINE (HKLM), - HKEY_CURRENT_ USER (HKCU).
1
.
.
.

Computer ConflgutaOon
ffl 'Jiij Software Settings
- bJ Windows Settings
- Ii3 Administrative Terrplates
[+! Windows Components
-- System
- Network
'- 7j printers

'.r. <jP User Configuration


Software Setth^
- Windows Settings
A; Cj Administrative Templates
!*. Qj Windows Component?
l|j Start Menu & Taskbar
.- QjJ Desktop
;*, Cj Control Panel
i+, 03 Network
ii 23 System

. 12-4.

Administrative Templates ( )

Administrative
Templates View () Show Policies Only (
) Show Configured Policies Only (
) .

342

12


Group Policy .
Group Policy .
. Administrative Templates.
, Group
Policy . , . Security Settings,
-.
V

Group Policy
Group Policy :
_ [_] Policy
: Default Domain Controllers Policy [serverl.microsoft.com] Policy



, ?
1. . Remote Procedure Call
System Service (RPCSS) Multiple Universal Naming Convention Provider (MUP).
2. , :
Windows 2000 Active Directory;
Active Directory;
, . .
3. . : , , , . .
. .
4. .
;
, - . 600 (10 ). , .
5. Ctrl+Alt+Del .
6. , .
7. , :
Windows 2000
Active Directory;

343

, (Merge Replace). ;
Active Directory;
, . .
8. . : , , , . . .
.
9. . Windows NT 4.0 , , . .
10. , .


, .
1. Windows 2000 , .
2. , . ; .
3. , , ; .
4. , , Active Directory.
. . , .
. Active Directory . . ,
, , .
, , ,
,
. , , .
, , . . 12-5
Active Directory.

12

Marketing = A3, 1, 2, 5
Servers = A3, 1, 2, 4, 6

. 12-5.

Active Directory

, , .
No Override (He ). , ,
( ), No Override no
, , . No
Override Active Directory ( , Active
Directory).
Block Policy Inheritance ( ). , Block Policy Inheritance. , ,
No Override, , .
Block Policy Inheritance ,
. , . ,
Block Policy Inheritance ,
( Active Directory),
, .

Loopback ( ) , , (, , , ). , . ,
Active Directory. ,

345

, , ,
,
Active Directory , .
, ,
: Not Configured ( ), Enabled () Disabled (). Enabled Merge () Replace ().
.
, (. 2
*). , .
. .
, (. 2
) , ( 7).
, , .


, .
, ,
. , .
. . ,
, .
, .
. . , ,
, .
, ,
, , . .



, , , . , ,
.

13134

346

12

, , ,
, . , (). ,
(, , ),
.
:
. Software Settings, Windows Settings Administrative Templates Group Policy.
. ,
.
: , , . No Override, Block Policy Inheritance, Loopback .
,
, .

347



: . .
, :

;
15 .


, . :
, .
, , ;
,
. , ,
;
, ,
.
. 12-6.
^]

. 12-6.



. ,
, . .
Read/Write , .

348

12

, .



.
, ,
.


, , , , , . , , , . . ,

, ,
, , .


Active Directory, ,
. ,
, (
), .
.
, , .


, ( ) ( ).


(. 12-7) ,
. ( ) . ,
(- ).
, . ,
, , .
, (, , , ), .
,

.

149


(. 12-7)
( ) . , . ,
, .
, ,
; .
,
.

. 12-7.


Active Directory .
. ,
,
. ,
, .


(. 12-8) , . , .
.
ACL- .
,
-

12

: , ,
. . .
, .


(. 12-8).
, .
; .
.
.
,
; .
, . : ,
.
,

.

. 12-8.



, ,
, .
,
. , .

351


(. 12-9).
No Override (He ). , ,
, No
Override, . .
, ,
(, ) .



(. 12-9). No Override.
. ACL-, . Block
Policy Inheritance ( ).
,
, .
.

7:00 19:00

. 12-9.

352

12

, . ,
.
.
,
. , .
, : ,
, . . , .
, ,
(, )
. ,
, .

353

3,
. Group
Policy Group Policy. .
, :
/ .
60 .


:
1. ;
2. ;
3. ;
4. ;
5. ;
6. ;
7. ;
8. , .


. ,
.
>
1. , .
, Active Director/ Users
and Computers.
, Active Directory Sites and Services.
2. , ,
, Properties (). Group
Policy ( ) (. 12-10).
3. New () .
,
, , .
4. Close ().

Kir

12

Current Group Pc|itJji Objeet UnM ijf Seewi

^!;!!

Wo Overinte ,

"': ' :

. 12-10.

Group Policy ( )


Group Policy
. , Administrative Tools ().
>
1. Start () Run ().
2. Open () Run ( ) mmc .
3. Console () Add/Remove Snap-In (/ ).
4. Add ().
5. Add Standalone Snap-In ( ) Group Policy ( ) Add.
6. Select Group Policy Object ( ) Browse (), , .
7. Browse For A Group Policy Object All, ,
.
8. Select Group Policy Object Finish (),
Close () Add Standalone Snap-In.
9. Add/Remove Snap-In .
10. Console Save As ( ).
11. File Name ( ) Save ().
, Administrative Tools.

355


, . . 12-2.
. 12-2.


Authenticated Users
( )
CREATOR OWNER


Read (), Apply Group Policy (
) Special ()
Special ()

(- )
Domain Administrators
Read (), Write (), Create All Child Objects
( ) ( ), Delete All Child Objects ( ) Special
Enterprise Administrators
(
)

Read, Write, Create All Child Objects, Delete All Quid


Objects Special

SYSTEM ()

Read, Write, Create All Child Objects, Delete All Child


Objects Special

Default Domain Policy. , .


, Active Directory Users And
Computers,
; .
*
1.
2.
3.


Group Policy .
Properties.
Security () ,
(. 12-11).
, , Add Remove.
4. ,
, Write, Group Policy. Group Policy Write.
5. .

V* f*

12

OWNER
Domain Admins (MICROSOFTVDorriain Anm!|
? Entei prise Admins (MICROSOFTSEnteipnse Adminil
SYSTEM

Fill Control
Read
Write
Create Al Chid Objects
Delete Al Chid Object:
Apply Group Poky

Advanced

. 12-11.

Security ()


, , .
>
1. Group Policy (. 12-12).

_ New GiojpPdfay Object [SER.VER1.microsoft,com] Polc>


H- Computer Corflguraticn
! Si- 21 Software Setang?
i Whdoivs Settino^
1
AdmtustratN'e Template?
=j g|P Us Configuratbn
IE -2j Software 5ettiriQs
;*_ i"..1 Windows Setbngs
* Administrative Template?
!+; :'! Windows Ccrrponerts
Qi Start Menu Bt Taskbar
fS- i
i DesHiop
LD Cortrol Panel
."..' ftdd^Renrave Programs

Disable Display in Control p=


Hide Badryafid tcb
Disable cdanghg waHpapet
Hide Apgearance tab
Hide Settings tab
Hide Screen Saver tab
No screen saver
Screen saver executable name
Password protect the screen saver

-iij Printers
- iyj Regional Options
i+i- LLJi NetworH
E-fflj System

. 12-12.
2.

Group Policy

357

, . 12-12 User Configuration ( ), Administrative Templates ( ), Control Panel (


) Display ().
3.
Properties. . 12-13 Hide Screen Saver Tab ( ).
4. Enabled (), , , .
Not Configured (He ) , , . Disabled () , : , .
Hide Sir'Tii Saver

. 12-13.



Computer Configuration User Configuration
Not Configured (He ), . , .
^
1.
2.
3.

Computer Configuration User Configuration


Group Policy .
Properties.
General :
Computer Configuration, Disable Computer
Configuration Settings ( );
User Configuration, Disable User Configuration Settings ( ).
4. .

358

12


Active Directory; ,
, .
, ,
Block Policy Inheritance, No Override Loopback ( ).
>
1. , Active Directory
Users and Computers (Active Directory ).
, Active Directory Sites and Services (Active
Director)' ).
2. ,
Properties. Group Policy ( ).
3. Group Policy Object Links ( ) Up () Down ()
, (. 12-14). Windows 2000
, .
i rnnttollers '*

Gioup >_ Objects highef in tfa 5s Kave the hshfnt RflOiity.


Thfefetobffijnecjfiom SERVER' ancrosotteon

iijjfe:: : ' ' i


iptora..

. 12-14,

Oekje,.

^
1. , Active Directory Users and Computers.
, Active Directory Sites and Services.
2. ,
Properties. Group Policy ( ).
3. Block Policy Inheritance ( ), , ,

359

, Active Directory. , No Override (He ), .




, Active Directory Users and Computers. , Active Directory Sites and
Services.
2 ,
Properties. Group Policy.
l Options (). Options
(. 12-15) No Override (He ), . .
New Group Polity Object Options

Disabled: the Sfpup'Pofcj? Qbjed is not applied to W*

. 12-15.

Options ()

^ Loopback ( )
1. Group Policy .
2. Computer Configuration\Administrative Tempi ate s\System\Group Policy ( \ \\ ).
3. User Group Policy Loopback Processing Mode ( ).
4. Enabled ().
5. Mode () :
Replace () ,
;
Merge () , ,
, .
6. .


, Read
. ,
Read.
, Read.

12

^
1. Group Policy .
2.
Properties.
3. Security ()
(. 12-11).
, Add Remove.
4. . 12-3 .
. 12-3.


Allow
Group Policy (AGP)
Read


,
, AGP,
Read


AGP
Read


AGP Read
Allow () Deny
()


, , AGP Read
Allow. ,
, AGP
Read Deny


, ,
, ,
. , ,
Group Policy , .
^

1. Active Directory Users and


Computers. Active Directory Sites and
Services.
2. , .
3. Properties Group
Policy ( ).
4. Group Policy Object Links (
), Cancel (). Add ().
5. Add A Group Policy Object Link ( ) All (), ,
(.12-16).

381

add Group Pnlky Object La*

! Default Doma-i ContioHets Policy


! Default Domain Pofeii
! New Group Policy Objeel

. 12-16.

Add A Group Policy Object Link


( )

6. , .


:
;
;
.


, Active Directory, .
>
1. Active Directory Users and
Computers. Active Directory Sitt:s and
Services.
2. , .
3. Properties Group
Policy.
4. Group Policy Delete ().
5. Delete () Remove The Link From The List (
, ).
Active Directory, , .


Active Directory ,
, . , , , Active Directory.

362

12

>
1. Active Directory Users and
Computers. Active Directory Sites and
Services.
2. , .
3. Properties Group
Policy.
4. Group Policy Delete ().
5. Delete Remove The Link And Delete The Group Policy Object
Permanently ( ). .
Active Directory.


, .

:
. I
8 , , ,
, , , . 9 .

1:
.
> :
1. Administrator ().
2. Start\Programs\Administrative Tools Active Directory Users
And Computers.
3. microsoft.com ( ).
4. Dispatch.
5. Dispatch , Properties Group Policy.
6. New () DispatchPolicy.
7. Close.

2:
DispatchPolicy. , Administrative Tools.
> : DispatchPolicy
1. Stan Run.
2. Open () mmc .
.
3. Console Add/Remove Snap-In.
.

363

4. Add.
Add Standalone Snap-In.
5. Group Policy Add.
Select Group Policy Object.
6. Browse (), DispatchPollcy.
7. All (), Dispatch Policy,
.
8. Finish (), Close ()
Add Standalone Snap-In.
9. Add/Remove Snap-In .
10. Console Save As ( ).
11. Save As ( ) File Name ( ) Dispatch Policy
GPO Save ().
DispatchPoticy GPO Administrative
Tools ().

3:
Administrators
DispathPolicy.
^ :
1. Dispatch Policy.
2. (DispatchPolicy [serverl.microsoft.com] Policy)
, Properties Security ().
DispathPolicy.
Dispatch Policy?
3. Administrators (), Add.
4. Administrators ,
Read, Write, Create All Child Objects Delete All Child Objects.
5. .

4:
DispatchPolicy.
> :
1. DispatchPolicy .
2. User Configuration\Administrative Templates ( \ ).
3. Start Menu & Task Bar ( ).
?
4. Remove Search Menu From Start Menu (
).
.
5. Enabled (), .
, ?

12

6. 4 5, Remove Run Menu From Start Menu


( ) ( , User Configuration).
7. System () Logon/Logoff (/
).
.
8. Disable Lock Computer ( ), .

5:

Computer Configuration ,
. , .
^ : Computer Configuration
1. Dispatch Policy,
Properties.
Dispatch Policy.
2. General Disable Computer Configuration Settings ( ).
Confirm Disable ( ),
Computer Configuration.
3. Yes (), .

6:
DispatchPolicy ,
.
^
1.
2.
3.

: No Override
Start\Programs\Administrative TooIs\Active Directory Users And Computers.
Dispatch Properties.
Group Policy, DispatchPolicy
Options ().
.
4. No Override (He ), .
5. Dispatch .

7:
Sales, Read . Sales 8.
^ :
1. DispatchPolicy Properties.
.
2. Security Sales.
Add.

365

3. Sales Apply Group Policy Read. .


, .
4. Yes,

8:
Dispatch Policy Dispatch. DispatchPolicy Security I, 11.
^ :
1. Start\Programs\Administrative Tools Active Directory Users
And Computers.
1
2. Security 1 Properties
.
3. Group Policy Add.
Add A Group Policy Object Link (
).
4. All (), DispatchPolicy, .
5. Security ! .

9:
, .
^ : DispatchPolicy
1. Assistant 1, Security 1.
2. CtrI+Alt+Delete.
Windows Security ( Windows).
? ?
3. Cancel () Start.
Start Search () Run ()?
4. Assistantl Administrator.
5. Assistantl Sales.
6. Administrator Assistant 1.
7. Ctrl+Alt+Delete.
? ?
8. .

: , ,
, , , ,
, .
,
, , , , , , ,
. , .

366

12

4,


Software Installation ( ) Windows 2000,
. ,
; ,
.
-,
. Software Installation.
, :
S ;
S ;
S
75 .


Windows 2000 Server (. 12-4)
. 12-4.

Windows 2000

Software Installation
( )
Group Policy ( )

Windows Installer (
Windows)

,
Windows Installer

Add/Remove Programs

( )

Control Panel ( )

Software Installation
, . Software Installation Active
Directory, ,
:
;
, .
;
.
Software Installation
,

367

. (assign). (publish).


,
.
, . ,
, Start .
, , ,
, .


.
, Start , .
Active Directory. , , Active Directory. , Add/Remove Programs Control Panel , (, ,xls Microsoft Excel).

Software Installation
Software Installation
Windows Installer ( Windows), . Windows Installer :
, , Windows Installer;
, , ;
API-, Windows Installer

.
Software Installation Windows Installer, (self-repairing) . Windows Installer
, , , .
, ,
. .msi-
Windows Installer .
,
.
Software Installation , :
Windows Installer (.msi). ;
(.msi) , Windows Installer, , ;

368

12

(.zap) SETUP EXE.


, Windows Installer
. (modifications)
.mst.
Software Installation :
(.msp) ,
;
(.aas) .

Windows Installer
, (modifications)
. .
, .
, Microsoft Office 2000
Customization, . Microsoft Word
. ,
, ,
, , , . , Word Microsoft PowerPoint. , .

Software Installation
Software Installation :
1. ;
2. ;
3. , ;
4. ;
5. ;
6. ;
7. ;
8. .


:
Active
Directory, ;
;
, ;
, . Windows Installer .

069

. 12-5 .
,
-.
. 12-5.



. ,

,
Active Directory
,
, Active Directory



, .
, ,
10 , ,
10 , . ,



, /

,
/

, (software distribution point, SDP), .


, ,
, . , .
.


: SDP ,
.
> SDP
1. , SDP, . , \\\__.
2. SDP, , , , . ( ) SDP.
3. SDP ,
(Read Write),

370

12

.
.
, SDP. , Microsoft Office
SETUP /. , (SDP),
. ,
.

,

, , . General () Software Installation. ,
Software Installation.
> ,
1. Group Policy ( ) Computer Configuration ( ) User Configuration ( ) Software Settings ( ).
2. Software Settings Properties.
3. Software Installation Properties (: ) General () Default Package Location ( ) ( .msi) SDP (. 12-17).

General

(SMiflnerf

InsMbftOn !( ><;|}|

. 12-17.

General () Software Installation Properties

371

4. New Packages ( )
:
Display The Deploy Software Dialog Box (
) , , ;
Publish ( ) . , . Computer Configuration Group Policy, Publish .
Assign ( ) . ,
.
Advanced Published Or Assigned
Configure Package Properties.
5. Installation User interface Options ( ) :
Basic () .
Maximum () .
6. , , , /, .
7. .


,
, . . 12-6 ,
. 12-6.

(
)

()

()

Add/ Remove
Programs
Control Panel

Start


( )


,
:

372

. 12-6.

12

()

()

()

Add/Remove
Programs
Control Panel?

.
,

.
.

Windows Installer,
.zap

Windows
Installer

Windows
Installer

( .msi) Windows Installer , .


, , . ,
.
>
1. Group Policy Computer Configuration User Configuration Software Settings.
2. Software Settings New\Package (\).
File Name ( ) Open () Windows Installer, SDP . Windows
Installer - , Browse ().
3. File Name Open
Open ().
4. Deploy Software ( ) Assigned () . Computer Configuration Group Policy, Published () (. 12-18).

Cancel

. 12-18. Deploy Software ( )


, , ,
, . , . .
>
1. Group Policy Computer Configuration User Configuration Software Settings.
2. Software Settings NewVackage (\).
File Name Open Windows Installer, SDP . Windows Installer
- , Browse.
3. File Name Open
Open.
4. Deploy Software (. 12-18) Published
() .
Add/Remove
Programs Control Panel .


Windows Installer ,
. ( .mst) windows Installer ( .msi) , . ,
.
>
1. Group Policy Computer Configuration User Configuration Software Settings.
2. Software Settings New\Package.

374

12

File Name ( )
Open ().
Deploy Software (. 12-] 8) Advanced Published
Or Assigned ( ) .
Modifications ()
(. 12-19),
Add ().
Open () Open (). .
Remove ().
, .
,
Move Up () Move Down ().
.
, , ..
! .
, . , .
Windows ?niw AdnwwtKttiim loafs Pmsettiee

tmptiawt Do tw piess OK umil d ttamftjiffls re aifed.and or itrd


. fry rnoie ittanntfrm. ItJiHM on ihe M ^ I if . ami

. 12-19,

Modifications ()


, , File Extensions ( )
Software Installation . .
, Microsoft Word 2000 Microsoft FrontPage
2000. HTML- (.htm ).

375

, , , Microsoft FrontPage, FrontPage .htm- . ,


Microsoft Word 2000, Microsoft FrontPage 2000, .htm-, Software Installation
FrontPage 2000 .htm- .
Software Installation Open With ( ),
.

. , .
**
1. Group Policy Computer Configuration User Configuration Software Settings.
2.. Software Settings Properties.
3. Software Installation File Extensions Select File
Extension ( ) (. 12-20).
4. Application Precedence ( ) Up () Down () . ;.,
,
Application Precedence.
5. .

Seoenf F*
L",h.'.I..','., ,<,-, -,.!||-, <-

'

Apptgetion -ecederiee:

.acl
.aw

jetecllileedareapn

.CSV

.dot

.db
.d*

docWrnl

dot

dothtrnl

ehi

fdV

Ifa
ffl
ffl
ffx
ma

. 12-20.

3t

File Extensions ( )
Software Installation Properties


, Add/Remove
Programs Control Panel. Windows 2000 .

376

12

, . .
*
1. Group Policy Computer Configuration User Configuration Software Settings.
2. Software Settings Properties.
3. Software Installation Categories () Add (. 12-21).
4. Enter New Category ( ) Category () . .
5. Software Installation .
boftwate installation Wopetraf

fold Processing Packages

. 12-21.

Categories () Software Installation Properties


, .



General Software Installation, . , .
*
1. Group Policy Computer Configuration User Configuration Software Settings.
2. Software Installation.

37?

3.
Properties.
4. Deployment () Deployment ( ) (. 12-22);

Oepfecment tjpe

<" Sasrr

. 12-22.

Deployment ()

Published () , Add/Remove
Programs Control Panel ;
Assigned () , ( ) ( ).
Deployment Options ( ) :
Auto-Install This Application By File Extension Activation ( ) - - , File
Extensions Software Installation.
Computer Configuration Group Policy,
, ;
Uninstall This Application When It Falls Out Of The Scope Of Management (
, ,
) / , ,
, ( ) ( );
Do Not Display This Package In The Add/Remove Programs Control Panel (He
) Add/Remove Programs Control Panel.

14-434

378

12

6. Installation User Interface Options ( ) :


Basic () ;
Maximum () .
7. Advanced (). Advanced Deployment Options
( )
:
Ignore Language When Deploying This Package (He
) ,
;
Remove Previous Installs Of This Product From (Users/Computers) If Product \\fcs Not
Installed By Group Policy-Based Software Installation ( ,
) Software Installation, a
- , .
8. .
9. .


. . Add/
Remove Programs .
>
1.
2.
3.
4.

5.

, Add/Remove Programs
Control Panel
Group Policy Computer Configuration User Configuration Software Settings.
Software Installation.

Properties.
Categories () Available
Categories ( ) Select () (. 12-23).
4. , .


, , .
>
1. Group Policy Computer Configuration User Configuration Software Settings.
2. Software Installation.
3.
Properties.
4. Security ()
.

379

, ,
Full Control, , Read.
5. .

. 12-23.

Categories ()


- , , .


:
, ;
.

.
. Software Installation.
>*
1. Group Policy Computer Configuration User Configuration Software Settings.
2. Software Installation.
3. - Windows Installer ( ) Properties.
.
4. Upgrades () Add (), .

380

12

5. Add Upgrade Package ( ) (. 12-24)


Cunent Group Policy Object [ (GPO)] A Specific GPO ( ).
Browse (),
Browse For A Group Policy Object ( )
.
Package To Upgrade ( )
, .
.
6. ,
7. Uninstall The Existing Package, Then Install The Upgrade
Package ( , ) Package Can
Upgrade Over The Existing Package ( ). .
(, ).
, . .
8. Upgrades Required Upgrade For
Existing Packages ( ),
, . .
Computer Configuration Group Policy, , , .

IfiPOJ

tnfl padtags

. 12-24.

Add Upgrade Package ( )


, . Software
Installation , :
. Software Installation, -

381

. . ( Start, Add/Remove Programs Control Panel ) ;


. .
(
) ( ).
.
, , / , Uninstall
This Application When It Falls Out Of The Scope of Management .
>
1. Group Policy Computer Configuration User Configuration Software Settings.
2. Software Installation.
3. All Tasks\Remove
( \).
4. Remove Software ( ) :
Immediately Uninstall The Software From Users And Computers (
) ;
Allow Users To Continue To Use The Software, But Prevent New Installations (
, )
.
,
.
5. .

Software Installation . ,
/ .
. , , .
Software Installation Windows Installer. Windows Installer , .
: , SDP, , , , , , .

382

12

5.

Microsoft Windows 2000 Folder Redirection ( ) Group Policy. .
, :
S .
- 15 .


Folder Redirection Group Policy Windows 2000 . ,
My Documents My Pictures, C:\Documents and Settings ( :\
).
Windows 2000 :
Application Data;
Desktop ( );
My documents ( );
My Pictures ( );
Start Menu ( ).
Folder Redirection User Configuration\Windows Settings Group Policy.

My Documents
,
My Documents ,
.
,
.
My Documents , .

, Windows NT 4.0.
, . , .
, , .
, . , .

383


(. 12-7).
. 12-7.


Windows 2000, Windows 95 Windows 98

Windows 2000


C:\Documents and Settings ( :\
).
, C:\Documents and Settings

Windows NT 3.51
Windows NT 4.0
Windows 2000

systemroof\Profi\es. , C:\WinNT\Profiles

Windows 95
Windows 98

Windows 2000

systemroof\Prof[[es. , C:\Windows\System\Profiles


:
;
, .
, My Pictures My Documents ( My Pictures My Documents,
).

My Pictures My Documents , .
, My Documents My Pictures.
>
1.
2.

3.
4.

5.


, ,
, .
, , User Configuration\Windows Settings\Folder Redirection (
Wmdows\epeapaee ).
(Desktop, My Documents . .) Properties.
Target (). Setting ()
Advanced Specify Locations For Various User Groups (
) Add ().
Specify Group And Location ( ) Security
Group Membership ( ) Browse ()
(. 12-26).

384

. 12-25.

12

Target ()

6. Select Group (: ) .
7. Specify Group And Location ( ) Target Folder
Location ( ) Browse ().
8. Browse For Folder ( )
. .
, D:\, . UNC.
, ,
, %username% UNC, \\\_\%$%. %username%
. , My Documents SecUser,
Users, \\serverl\share\secuser\My
Documents (\\serverl\ share\%username%\My Documents),
9. Specify Group And Location ( ) .
10. , 29, .
11. Settings () . ;
Grant The User Exclusive Rights To ( ). .
, . , , , , ;
Move The Contents Of ( ) The New Location
( ). .

Specify Group and Location

385

XI

You can choose the tatget fokfet * fc* a


security group.

f older location

. 12-26.

Specify Group And Location ( )

12. Policy Removal (


):
Leave The Folder In The New Location When Policy Is Removed ( ). ;
Redirect The Folder Back To The Local User Profile Location When Policy Is Removed
(
).
13. My Documents
My Pictures:
Make My Pictures A Subfolder Of My Documents (
) My Pictures My Documents;
Do Not Specify Administrative Policy For My Pictures (He ) My Pictures My
Documents, .
My Pictures,
My Documents. . My Pictures My Documents.
14. .

12

TJ: fae FBdseclijn sett ngs ? Mi> Documents.

i.;hU ta My EJoejiiwikj

P" .

p1 S^ove ttie contend of My Ihe new tecaficn

i$ve lobe; in the new tocabon when pctq,) is


Redrect9iBfWejbad
policy is moved.

. 12-27.
^
1.
2.

3.
4.

5.

Settings ()

,,
, , ,
, .
, , User Configuration\Windows Settings\Folder Redirection (
\ Windows\ ).
(Desktop, My Documents . .) Properties,
Target. Setting () Basic-Redirect
Everyone's Folder To The Same Location (
) Browse ().
Browse For Folder ( ) .
, D:\,
. UNC.

, , , , %username% UNC-,
\\cepeep\o6tquii_pecypc\%usemame%. %username%
. , My Documents SecUser,
Users, \\serverl\share\secuser\My
Documents (\\serverl\share \%username%\My Documents).
6. Browse For Folder .
7. Settings () . .
Grant The User Exclusive Rights To ( ). .
, . -

38

, , , , .
Move The Contents Of ( } The New Location
( ). .
8. Policy Removal (
).
Leave The Folder In The New Location When Policy Is Removed { ). .
Redirect The Folder Back To The Local User Profile Location When Policy Is Removed
(
).
! .
9. My Documents
My Pictures:
Make My Pictures A Subfolder Of My Documents (
*) My Pictures My Documents;
Do Not Specify Administrative Policy For My Pictures (He ) My Pictures My
Documents, .
My Pictures
, My Documents.
. My Pictures
My Documents*.
10. .
> My Pictures My Documents
1. , , , , My Pictures
.
2. User Configuration\Windows Settings\Folder Redirection.
3. My Pictures Properties.
4. Setting () My Pictures Follow The My
Documents Folder ( ) .


. 12-8 , ,
I ' M .

. 12-8.

12


.
,

.

.

,


.


.
! ,


.
.


.
Windows 2000 : Application
Data, Desktop, My Documents, My Pictures Start Menu. , .

389

6,

, , .
, :
V ;
S .
10 .
. , Software Installation
, Active
Directory. , , .
- . , .
. 12-9 ,
Group Policy.
. 12-9.

Group Policy

, Read

,
Group Policy
Read Write .
- ,
Read Write
.

Failed To Open The Group Policy
Object ( )

, DNS
DNS
. 12-10 , .


. 12-10.

!2


, ,

.

,
.

, .
, Active Directory



.

,
. . ,
,

,
/.
,
:
, , ,
. ,
.

,
- No
Override (He ). ,
,

,
. , ,
, No Override.
Block Policy Inheritance { ) No Override, ,
No Override. ,
/ AGP. ,
/
,
AGP , /
,
Read

6
. 12-10.

391

(}


Active Directory

- Active
Directory, ,

,
Active Directory.

,
Active Directory

. 12-11 ,
Software Installation.
. 12-11.

, Software Installation

Add/Remove Programs
Control Panel

: . ,
Software Installation
.
Terminal Server
Active Directory.

.

Terminal Server ( )
, ,

, Deployment ()
Auto-Install
This Application By File Extension Activation (

).

392

. 12-11.
()

12

, Software Installation

The feature you are trying to install cannot be found in the source
directory (, , )

.
,
AGP
Read. ,
Read SDP.
,
Read

,
Windows Installer

Another Installation Is Already In Progress


( )

Windows Installer

Active Directory Will Not Allow The Package To Be Deployed (Active


Directory ) Cannot Prepare Package For Deployment
( )

393


. User Configuration Computer
Configuration ,
. , .
Block Policy Inheritance No Override.
.
, :i/.
/, .
. , , ,
,
.
. , ,
.
. ,
.

Software Installation

.
Add/ Remove Programs Control Panel. , , . .
, .
. , , , Modifications ()
. , , ,
. ,
Microsoft Office , ,
,
.
. , , ,
Windows Installer, .
. ,
.msi, Windows Installer
, . ,
( ).
System Management Server DPS. Microsoft Systems Management Server
Windows 2000 Distributed File System (DPS) SDP
, .

394

12

Active Directory. Active Directory,


. , , .
Software Installation .
. , , , SDP.
Windows Installer .
.

%username% UNC-. . , \\&\_\%\name%\My Documents.


My Pictures My Documents.
.
. ,
. . .
. .

,
, . ,
.

395


f j
=*


. , . . ,

1. ?
2. , .
3. Active Directory.
4. .
5. Block Policy Inheritance No Override?
6. ?
7. ?

13

1,

2.

398
402

3.

419

4,

427

5.

433

6.

Security Configuration and Analysis

440

7,

448

450


.
(group policy object, GPO) Active Directory,
. () . , .


:
, ;
' ;
12.

398

13

1,
Security Settings ( ) Group Policy ( )
. .
, :
/ , .
10 .


(security configuration) (security area) Windows 2000. Security Settings Group Policy
:
Account policies ( );
Local policies ( );
Event log ( );
Restricted groups ( );
System services ( );
Registry ();
File system ( );
Public key policies ( );
IP security policies ( IP).

Account Policies
.
:
Password Policy ( )
,
;
Account Lockout Policy ( ) , ;
Kerberos Policy ( Kerberos) Kerberos
, .
! (), , , ,
.
Active Directory ,
Windows 2000 . , . .
; , Domain
Controllers.

399

Local Policies
,
. , , , .
:
Audit Policy ( ) , (, ), Event Viewer ( );
User Rights Assignment ( ) -- , ;
Security Options ( ) , , Administrator () Guest (), -
CD-ROM, .
, , /. , Active Directory, , .

Event Log
, Application
( ), Security ( ) System ( ): , , (. 13-1).

. , .

Default Domain Controlers [serverl.mfj


| Compute' Configuration
! Software Setting!
n .'Jjj Windows Settings
| Scripts (Startup/Shutdown)
Security Settings
I Account Policies
Local Policies
Event Log
iiS Restricted Groups
03 System 5*rvi
E- yjg Registry
SJ- ijjl File System

application log size

defined.

security log see

Hot defined

Maximum system log size

Dot defined

Restrict guest access Co application log

Not defined

Restrict guest access to security bo

Not defined

Restrict guest access to system log

Not defined

Retain application log

Not defined

Retain security log

Not defined

Retain system tog

Not defined

Retention method for application log

Not defined

Retention method for security log

Not defined

S3 Retention method for system log


[]Shut down trie computer when trie security a.

1 IP Security Pokes on Active


AdmHstrative Templates
{JS User Configuration
f+j ( Software Settilgs
i+j Windows Settings
+i '- Administrative Templates

. 13-1.

Mot defined
Not defined

400

13

Restricted Groups
, .
Windows 2000, , Administrators (), Power Users ( ), Print Operators ( ), Server Operators ( ) Domain Admins (
), Restricted Groups. .
, Power Users Restricted Groups,
Windows 2000. , : . Active Directory Users and Computers (Active Directory
) ,
. .
Power Users . Restricted Groups . Power Users Restricted Groups , .
. , Restricted Groups,
. , ,
,
Member Of ( ), .

System Services
.
-, :
///, , .
:
Automatic () ;
Manual () ;
Disabled () .
, , . ,
.
.

Registry File System


. ,
: /
//, , .

401

Public Key Policies


, .

IP Security Policies

IP-.

402

13

2.
Windows 2000, . . , , , , .

, :
/
V
/
S

;
, ;
;
, Active Directoryn .
60 .


(auditing) Windows 2000
, (events). , , , ,
, , . :
;
, ;
( ) .


(audit policy) ,
. , .
, ,
, ,
.
:
, ,
, ,
;
.
, ,
Event Viewer. , . ,
.

403


, , , . .
,
: , , .
, ,
. . . , ,
, , - .
, .
, .
. ,
.
. . .
.
. ,
. . Windows 2000.
Everyone, Users.
, , , ,
, . Everyone.
.
, .



:
/ Windows 2000
Professional .
,
;
:!.
, Domain Controllers.
,
.


:

Manage Auditing And Security Log ( -

13

). Administrators (
4);
, , NTFS.


.
1. . , .
2. . , ,
Active Directory, .


( )
. , : , , .
Group Policy. ,
, . . 13-1
, Windows 2000.
. 13-1. , Windows 2000

Account logon events


( )

Account management
(
)

,
. , ,

Directory service access


(
)

Active Directory.

Active Directory

Logon events (
)

Object access
( )

, .

Policy change
( )

, ,
!>

Privilege use (
)

,
( , )

Process tracking (
)

, .

System events
( )

, Windows 2000
(, )

405

Active Directory Users and Computers (Active Directory ).


Domain Controllers
Properties ().
Group Policy ( ), Edit ().
4, Group Policy ( ).
Computer Configuration\Windows Settings\Security Settings\Local Policies ( Wmdows\ \ ) Audit Policy ( ).
(. 13-2).

iJTr^fautDornaii Controller
[SERVERl.i
Computer Configuration
* ^j Software Setthgs
3- iia WHdows Stttrigs
Scripts (Startup.'Shutdowr)
Security Settings
iti * Account Pofccie!
=3 local Policies

account manager
drectorv serve.
Audit logon everts
Audit object access
Audi! oofe change
Audi; privfege use
Audil process trading
Audit i/stem event:

Uset R
f.
4hts Assignn
i-JJ5ecuitv Options
Eventing
| Restricted Groups
i Services

Key Policies
W: - IP Security Pokes or Active
; 5 Mmjnetrative Templates
3 4B Ler Configuration
'Srtlinos
1

. 13-2.

Success, Failure
J'tf i.,

No auditing
No audtng
No auditing
No auditing
Noaudtng
No auditing

, ,
Windows 2000

5. Security ().
6 Template Security Policy Setting ( ) Define These Policy Settings In The Template (
), (. 13-3):
Success () ;
Failure () .
7. .
. , :
secedit /refreshpolicy machine_policy Enter;
;
.
, 8 .

406

13

Template Security Polity Scttine

. 13-3.

Template Security Policy Setting


( )

* ,
1. Start\Programs\Administrative Tools (\\) Local Security Policy ( ).
2. Local Policies ( ), Audit Policy ( ).
3. Security ().
4. Local Security Policy Setting ( ) (. 13-4) :
Success () ;
Failure () .
Effective Policy Setting ( )
. , .
5. .
6. . , :
secedit /refreshpolicy machine_poucy Enter;
;
.
, 8 .

407

Local Security Policy Setting


Audit object access

Elective policy setting.

Local polc^ setting - -


Audit these aRertsfts:

if dfrnaJrvlevel poScji sitings are defined, tiie^ twentde local pofe?

i - .-I

. 13-4.

Local Security Policy Setting


( )

>
1.
.
2. Active Directory Users and Computers ,
.
, .


, NTFS.
Audit Object Access (
). . , ,
.
>
1. Windows Explorer, Properties ().
2. Security () Advanced ().
3. Access Control Settings For ( )
Auditing () Add (). ,
, .
4. Auditing Entry For ( )
Successful () Failed (. 13-5).

13

, 13-2 , Windows 2000,


, .
. 13-2. ,

List Folder/Read Data


( /
)

(
)
( )

Traverse Folder/Execute
File ( / )


,
, ( )
( )

Read Attributes (
) Read
Extended Attributes
(
)

Create Files/Write Data


( /
)

( ) ( )

Create Folders/Append
Data ( /
)

( ) ,
( )

Write Attributes (

) Write Extended Attributes (
)
Delete Subfolders And
Files (
)

Delete ()

Read Permissions
( )

Change Permissions
( )

Take Ownership
( )

f|| JJ_XJ

**:| :, ,. ...
SWtt J
i-

Travel Folda / Execute File

''.', I

List Folder /Read Data


Read Attributes

ReadEnlendedAtlnbutes
CieateFilei/WnteData

]j

Deale FoWerj /Append Data

|g

Wrte Altribulej

',:.

WiileEntendedAllribiites

r!

Delete Subloldeis aid Files

|l

Delete

-,\ Fl*ad Pel mission J


E

ii
il

rj

a
a
a ,
a :

G
D

LJ
II

a i
D
D

'

|f }:} .

Change Peirrassion?

. 13-5.

FaSsI

*J

Auditing Entry ( )
Command Prompt

5. Apply Onto () ( ) . This Folder, Subfolders And Files ( ,


). , , , . ,
Apply Onto, Apply These Auditing Entries To
Objects And/Or Containers Within This Container Only (
) (. 13-3).
. 13-3.

Apply These Auditing Entries


To Objects And/Or Containers Within This Container Only


Apply Onto
()

This folder
only
(

)

This folder,
subfolders, and
files (
,

)

410

13

. 13-3.

Apply These Auditing Entries


To Objects And/Or Containers Within This Container Only ()


Apply Onto
()

This folder and


subfolders (

)

This folder and


files (

)

Subfolders only
(
)

Subfolders and
files only
(

)

Files only
(
)

Apply These Auditing Entries To Objects And/Or Containers Within


This Container Only, , Apply Onto
.
6. , Access Control Settings For.
7. , Allow Inheritable Auditing Entries From Parent To Propagate To This Object ( ).
Auditing Entry For
Access Control Settings For ( )
Remove (), , .
8. .

Active Directory
Active Directory ,
, , , .
^

Active Directory

1. Active Directory Users and Computers (Active Directory ) View () Advanced Features ( ).

, Action () Properties
(), Security () Advanced
().
3. Access Control Settings ( ) Auditing () Add. , , .
4. Auditing Entry For (. 13-6}
Successful () Failed.
2.

. 13-4 Active Directory,


Windows 2000. , .
. 13-4.

Active Directory ,

Full Control
( )

List Contents
( )

Read All Properties


( )

Write All Properties


( )

Create All Child Objects (


)

Delete All Child


Objects (

)

Read Permissions
(
)

Modify Permissions
( )

Modify Owner
( )

13

. | Pjatetiasf
" ; fevafjw

FJiCorticJ
List Content?
Re ad All Properties
Wiite Piopeitie:
Delete
Delete Subtree
Read Permission!
Modify Peirrussions
Modty Owner
A II Validated Writes
All Extended Right;
Create Al Chid Objects
.-1.1- 11 rH.]jnt;.,k.

D
D

D
D
0

a
n

n &
a -.
a P!
D

fj i

D
D
D
D

a
t~l _ 1

!,!,, il

. 13-6. Auditing Entry For Computers


Apply Onto . This
Object And All Child Objects ( ). ,
, , . , Apply Onto,
Apply These Auditing Entries To Objects And/Or
Containers Within This Container Only (. 13-3). , .
, Access Control Settings For.
, Allow Inheritable Auditing Entries From Parent To Propagate To This Object.
Auditing Entry For
Access Control Settings For Remove, .
.


,
Audit Object Access ( ).
, , ,
.
.
^
1. Start\Settings (\) Printers ().
2. Printers Properties.
3. Security Advanced.

413

4.

Access Control Settings Auditing Add. , ,


.
5. Auditing Entry For (. 13-7)
Successful () Failed.
Auditing Entry tot IIP I tWWhrt
Object

!
11'
11

& f$ea "

***
Manage Pi into!

Manage Documents
Read Petimsions

Change Remissions
Take Owneiship

\~,.'

I)

,:::.

. 13-7. Auditing Entry For


. 13-5 ,
.
. 13-5.

Print ()

Manage Printers
(
)

, ,

Manage Documents
(
)

, , ,
,

Read Permissions
( )

Change Permissions
( )

Take Ownership
( )

6. Apply Onto .
7. .

414

13


. 13-6 , .
. 13-6.


, , ,

,

,
.



, .


,
(.
.dll). ,
. .

:
. , Active Directory.

415

1:
. ;
, ;
(, ), .
, :
;
, Customer;
;
;
, ;
, ;
Active Directory.
(. 13-7).
. 13-7.

Account logon events ( )


Account management (
)
Directory service access (
)
Logon events ( )
Object access ( )
Policy change ( )
Privilege use ( )
Process tracking ( )
System events ( )

2:
.
> :
1. Active Directory Users and Computers (Active Directory ).
2. Domain Controllers
Properties.
3. Group Policy ( ), Default Domain Controllers Policy Edit ().
4. Group Policy. Computer Configuration's Windows Settings\Security Settings\Local Policies Audit Policy.
5. ,
Success Failure, . 13-8.

416

13

. 13-8. 2

Account logon events


Account management

Directory service access

Logon events

Object access

Policy change

Privilege use

Process tracking
System events

6.
7.
8.
9.

Group Policy.
.
Start Run ().
secedit /refreshpolicy machinej>olicy Enter.
.
10. Run.

3:
.
> 1:
1. Windows Explorer .
2.
Properties.
3. Security () Advanced ().
4. Access Control Settings For ( )
Auditing ().
5. Add ().
6. Select User, Computer, Or Group (: , )
Everyone ().
7. Auditing Entry For ( ) Successful () Failed () :
Create Files/Write Data ( / );
Delete ();
Change Permissions ( );
Take Ownership ( ).
8. .
Everyone Access Control Settings For.
9. OK, .
> 2:
1. Security () Everyone ().

2. Read () Everyone Allow


Inheritable Permissions From Parent To Propagate To This Object ( ).
.
3. Remove (), ..
.
4. ., . Windows Explorer.

4:
.
11, . .
(printing device) ,
, (local printer) , Windows 2000 . , .
^ :
1. Start\Settings (\) Printers ().
2. Printers ,
, Properties.
3. Security Advanced,
4. Access Control Settings For Auditing
Add.
5. Select User, Computer, Or Group Everyone.
6. Auditing Entry For Successful .
7. .
Everyone Access Control Settings For.
8. Access Control Settings For OK, .
9. OK, .
10. Printers.

5: Active Directory
Active Directory.
^
1.
2.
3.
4.

: Active Directory
Active Directory Users and Computers.
View () Advanced Features ( ).
.
Users, Action ()
Properties.
5. Users Properties (: Users) Security
Advanced.
6. Access Control Settings For Users Auditing
Everyone.
Auditing Entry For Users.

13

Everyone.
, , ,
?
7. , Auditing Entry For Users, Access Control Settings For
Users Users Properties.
Active Directory? ?
8. Active Directory Users and Computers.

, . , Windows
2000. , : , , .
/ Windows 2000 Professional .
,
.
.
, .
, ,
, , Active Directory.

419

3,
, . Event Viewer
( ). ,
.
, :
S
S
S
*"
S

;
;
;
;
.
25 .

Windows 2000
Event Viewer Windows 2000. Event Viewer (. 13-9).
. 13-9.

Windows 2000

Application
( )

, .
, . , ,

Security
( )

, . , ,
, , Windows 2000. , .

System
( )

, ,
. . , .
.
, DNS DNS server.


,
, .

13

083


Start\Programs\Administrative Tools (\\) Event Viewer { ).
Security Log ( ).
(. 13-8).

'

, **

||":

" [!

Tree
'
,
[ Log- Si5 event Cs,>
....-I.--*. /-----
'..'.'.' :,. j~
"i
&g
tijl Ev* Vert fl.iv aft

i^aw/Mis

Application Log

"i
p

... i i?if 1 I j

H,v--

&

**^" j

578 *
576 ^

10/13/1999

9:00:31 AM

Secufity

FTiyibge ..

Success Audit

10/13/1099

9:00:03 AM

Security

Privilege ..

System Log
Dirsctcty Service

j" Success Audit

10/13/1094

;:00:0i AM

Security

Privilege ..

576

^Success Audit

10/13/1999

9:00:OS AM

Security

Privilege..

576

DNS Server

$" Success Audit

10/13/1999

3:59:59 AM

Security

Privilege..

578 : =

File Replication Service

f Success Audit

10/13/1999

3:59:59 AM

Security

Privilege..

576 " !

qj} Success Audit

/ Success Audit
1

10/13/1999

S:59:S9 AM

Securly

Privilege ..

576

jgr Success Audit

10/13/1999

3:59:59 AM

Security

Privilege . .

576

Jjr Success Audit

10/13/1999

8:59:59 AM

Security

Privilege . .

576

^Success Audit

10/13/1999

3:59:59 AM

Security

Pnvtfege , ,

576

^y Success Audit

1Q/1 3/1999

3; 59:50 A^

Security

Privilege . .

576

^Success Audit

10/13/1999

3:59:50 AM

Security

Privilege . .

576 1

^Success Audit

10/13/1999

S:57:21 AM

Security

Privilege . .

578 \~:s:

,?* Success Audit

10/13/1999

8:57:03 AH

Security

Privlege ..

^Success Audit

10/13/1999

8:57:03 AM

Security

Privlege ..

576
578

j/ Success Audit

10/13/1999

8:57:03 AM

Security

Privilege , .

576

^Success Audit

]Q/'13/19K

e:57:D3AM

Security

Privilege .,

576 I

^Success Audit

10j'13/1999

B:57:03AM

Security

Privilege ..

S7S

Security

Privilege ,.

578 jj

' ^Success Audit 10/13/1999


;

B:57;03AM

'I

. ..!

. 13-8.

, .
, , .
Category () , Object access (
) Logon events ( ).
3. .
, .
.
^
1. , (. 2).
2. Start\Programs\Administrative Tools Event Viewer.
3. Event Viewer (Local) Connect
Another Computer ( ).
4. Another Computer ( ) Select Computer ( ) , IP- DNS-.
.
5. .

421


Event Viewer , .
Find ().
^
1. Event Viewer, Security Log, View
() Find ().
2. Find In () (. 13-9, . 13-10).
. 13-10.

Find In

Event Types
( )

,
Windows 2000

Event Source
( )

Category ()

, /

Event ID ( )

. ,
,

User ()

Computer ()

Description ()

Search Direction
( )

(, )

Find Next ( )

Find m l< fl Security I <"|

Search drection

. 13-9. Find In ()

422

13


, ,
.
>
1. Event Viewer, Security Log, View
Filter ().
2. Security Log Properties (: ) Filter () (. 13-10, . 13-11).
. 13-11.

Filter

, Windows 2000
Event Types
( )
Event Source
(
)

Category
()

, , /

Event ID
( )

. ,
,

User
()

Computer
()

From ()

. : First
Event () , , Events On ()

()

- : Last Event
() , , Events On ()

;, [Fust Event

. 13-10.

Jjj

V;

Filter ()


,
, , .
. , . .
>

1. Event Viewer.
2.
Properties.
3." Security Log Properties General () (. 13-11, . 13-12).
. 13-12.

General

Display Name
( )

Log Name ( )

Maximum Log Size


(
)

. 64
4 194 240 (45). 512

Overwrite Events As
Needed (

)

,
. ,

Overwrite Events Older


Than X Days (
)

, (1365)
. ,
,

Do Not Overwrite Events


(Clear Log Manually) [He

(
)]

,
.

Using A Low Speed


Connection (
)

, ,

,

:-: 1

13

!,!-,

.,. ,. .

. 13-.

General ()

.
.
, .
^
1. Event Viewer.
2. Clear Ail Events ( ).
3. Event Viewer ( );
Yes, ;
No, .
4. .
File Name ( ) .
5. Save As Type ( ) Save ().


. . , .
^
1. Event Viewer.
2.
Save Log File As ( ).
3. File Name .
4. Save As Type Save.
(*.evt), Event Viewer. . ,

425

(*.txt *.csv ), , Word.


.
^
1. Event Viewer.
2.
Open Log File ( ).
3. . ,
.
4. Log Type ( ) Security ().
5. Display Name ( ) ,
Open ().
Windows Explorer.

:
. Event Viewer ,
. .
!

2.

1:
. Event Viewer
.
^ :
1. Start\Programs\Administrative Tools Event Viewer.
2. . , .

2:
Event Viewer ,
.
** :
1.
Properties.
2. Overwrite Events As Needed ( ).
3. Maximum Log Size 2048 .
, 2041! .

3:
. .

426

13

> 1:
1. Event Viewer.
2. Clear All Events ( ).
3. Yes,
4. Save As File Name , archive.
5. , Save As Type Event Log (*.evt)
Save.
> 2:
1. Open Log File ( ).
2. ARCHIVE.EVT (,
).
3. Log Type Security.
4. , Display Name Saved Security Log,
Open.
. , Refresh ()
Clear All Events ( ) ,
.
5. Event Viewer.

Windows 2000
Event Viewer, , ,
.
, , Event Viewer , , .

427

4.
, , , Windows
2000 , .
, :
S , ;
S , ;
S .
10 .


.
,
, . (user rights) , ,
. , ,
.
. ,
, , .
.
, , . , .
, . ,
, , . , - , .
: .

(privileges) , . . 13-13
, Windows 2(100.

. 13-13.

13

Act As Part Of The


Operating System
(


.
,
.
, , .
,
, .
, . , ,'
LocaiSystem,

Add Workstations To
Domain (

)

.
Computer Active Directory . Windows 2000 Computer

Back Up Files And


Directories (
)

.
Traverse Folder/Execute File
( / ), List Folder/Read Data ( / ), Read Attributes ( ), Read
Extended Attributes ( ) Read
Permissions ( )
. . Restore Files And Directories

Bypass Traverse
Checking (


, .
,

Change The System


Time (
)

Create A Pagefile
(
)

Create A Token Object


(
)


API-, NtCreateToken().
, , LocalSystem.

Create Permanent
Shared Objects (

)


Windows 2000. ,

Windows 2000.
,

Debug Programs
( )

. 13-13,

()

Force Shutdown
From A Remote System (
)


. . Shut Down The System

Generate Security Audits ( )


.
. .
Manage Auditing And Security Log

Enable Computer And


User Accounts To Be
Trusted For Delegation
(

)

Trusted For Delegation


.

. -,
,
. , Account Cannot Be Delegated. Trusted For Delegation ,

Increase Quotas
( )

,
. ,
(denial-of-service, DoS)

Increase Scheduling
Priority (

. , .
Task Manager

Load and Unload


Device Drivers (
)


.
, Plug and Play.
. () , , ,
,

Modify Firmware Environment Values (


)

Lock Pages In Memory


(
)

,

. ,

430

13

. 13-13. ()

Manage Auditing And


Security Log ( )

, , Active Directory . ,
Active Directory.
. , , Event Viewer

Profile Single Process


(
)
Profile System Performance (
)

Windows NT
Windows 2000

Windows NT Windows 2000

Remove Computer
From Docking Station
(
)


Windows 2000

Replace A Process
Level Token (

)

Restore Files And Directories (


)

:1

. . Back Up Files And
Directories

Shut Down The System


(
)

Synchronize Directory
Service Data (
)
Take Ownership Of
Files Or Other Objects
(
)

. .
Administrator LocalSystem

,
Active Directory, , , ,
,

,
. , Backup Operators
( ), .
, , ,
, Backup Opera-

431

tors.
.


(logon rights) . . 13-14
, Windows 2000.
. 13-14.

Access This Computer


From The Network
(
)

.
Administrators, Everyone Power Users

Deny Access To This


Computer From The
Network (
)

Deny Logon Locally


(
)

Deny Logon As A
Batch Job (

)

Deny Logon As A
Service (

)

Log On As A Batch Job


(
)

.
Administrators

Log On As A Service
(
)


. LocalSystem.
, ,
.

Log On Locally
(
)

. Administrators (), Account Operalors


( ), Backup Operators ( ), Print Operators ( ) Server Operators ( )

LocalSystem
, , , ,
,

432

13


, , . .

I. Group Policy ( ).
2. Computer Con figuration\ Windows Settings\Security
Settings\Loca1 Policies User Rights Assignment ( ).
Security ().
Template Securily Policy Setting (. 13-12) Define
These Policy Settings Add.

Template Secutity Policy Setting


& compute' ftwn ifie s*wa

MICROSOFTVSales

, 13-12.

Template Security Policy Setting (


)

5. Add User Or Group (: !


, , .
6. , .
7. Computer Setting.

. , . . , , .
. Group Policy.

43$

5.
.
, :
^ ;
^ ;
S .
25 .


(security template) ; , , . . .inf,
, . , IPSec.


.
, , , , . ,
.
. , . .


Windows 2000
. , . , .
Windows 2000:
(BASICDC.INF);
(BASICSV.INF);
(BASICWK.INF);
(COMPATWS.INF);
, (DC
SECURITY.INF);
(HISECDC.INF);

434

13

(HISECWS.INF);
, Terminal Server User SID (NOTSSID.1NF);
Optional Component File Security (OCFILESS.INF);
Optional Component File Security (OCFILESW.INF);
(SECUREDC.INF);
(SECUREWS.INF);
(SETUP SECURITY.INF).
jry'mrao/\Security\Templates.


.
(basic*.inf). , .
Windows 2000 , . , , .
, , .
(compat*.inf). Windows 2000 Users () , Power Users ( ) , Windows
NT 4.0. ,
Windows 2000, Windows , ,
Windows 2000, , .
Users Users , , Windows 2000. . ,
, , Users.
,
Power Users, .
(secure*.inf). , , .
, .
(hisec*.inf).
Windows 2000.
,
Windows 2000. , , Windows
2000. , Windows 9x
Windows NT, .

435


.
1. Security Templates.
2. ,
3. .
4. .
5. ,

Security Templates
Security Templates ( ) .
^ Security Templates
1. , : Security Templates
.
, Start () Run (), mmc .
Security Templates ,
2.
2. Console () Add/Remove Snap-In (/
) Add ().
3. Add Standalone Snap-In ( ) Security Templates ( ), Add, Close,
.
4. Console Save ().
5. Save.
Administrative Tools.


.
( ), .
**
1. Security Templates (. 13-13) Security Templates.
2. sjtf/emro0f\Security\Templates,
Save As ( ).
3. Save As ( ) File Name ( )
Save ().
4. Set Description ( ).
5. Security Template Description ( ) .
6. , ,
, Account Policies ( ).

13

fmI IFWmmnT
fetion *

EESI
_ Beta* Security Seftricg_._4H1urK_H>'.,ormef(v*s_[)SMJD|..
& gl Security Teraplatas

Drfaul Secunty Setbngs .her RigW^^earictod Soups not In..


Def Security Settrig^ Jser P^'^siBestncled Ooups not m.
;
taunts de^niislal hTPn *5lTcc ads, Pela^BS ACL's for User..

;isicsy
I basicwk
s
nisecdc
->;.-.-,;

Oefaul security setortgl uJdelftd fw dcrraeln ccrtrollers


p^sumes clean-stflflNTF:.ffle*regACLs. Includes Secure-DC se..
lioeases SeruiewS Settn igs Hesoicts Powei User and Termi...
ftWBVe the TenrmJ 5> User SID from Windows 2 Ser..
OptionalCawonent Fie Security. Many of the filesmay no! be..
Optional lomponent File Security. Many of the files may nc* be..
Assures clean-install NTF'. file\reg A'ZLs secures rernsnnj a.
1

Assumes clean-install NTF ; fje\reg AOs. Secures retimme*


Out of box cWau securlv settings

. 13-13.

Security Templates ( )

7. , , Password
Policy ( ), , Minimum Password Length ( ).
8. Template Security Policy Setting ( ) Define This Policy Setting In The Template ( ) .
9. .
10. .
. Security Templates.
12. Save Security Templates Yes, .


.

Security Templates Security Templates.
New
Template ( ).
.

Set Description.
Security Template Description
.
, ,
, Account Policies.
, Password Policy , Minimum Password Length.
Template Security Policy Setting Define This Policy
Setting In The Template .
9 .
10. .
11. Security Templates.
12. Yes, .


. ,
.

, , ,
Security Settings ( )
Import Policy ( ).
Import Policy From (. 13-14) ,
, Open ().
mport Polity From
Lookjn; | ^ templates

:
-

r.l i

\]jj Nsecws

basics v

( notssid

= basicwk
1 compatws
DC security
hisecdc

ocfiless

-;

^J * (t
setup security

^ ocfilesw
securedc

securews

Security Template (.inf)

r
. 13-14.

Import Policy From ( )

4. . , :
secedit /refreshpolicy machine_policy Enter;
;
.
, 8 .


. . , .
(. 6),
.
>
I. Start\Programs\Administrative Tools Local Security
Policy ( ).

438

13

2. Security Settings ( ) , Export Policy ( ),


Local Policy ( ) Effective Policy ( ).
I Export Policy To ( ) Save (. 13-15).
f HllCirl

'

' 111

| btdcdc
I .. . > -

Sbastcwk
compettvs
DC security
SJNsecdc

hisecws
notssti
ocftes

setup security
test

te5ter

ocfilesw
seoiredc
securews

gays

. 13-15.

Export Policy To ( )

:
Security Templates .

1: Security Templates

Templates.

Security

^ : Security Templates
1. Start Run, mmc (.
2. Console Add/Remove Snap-In Add.
3. Add Standalone Snap-In Security Templates, Add, Close, .
4. Console Save.
5. Security Templates Save.
Administrative Tools.

2:
. ( ),
.
^ :
1. Security Templates Security Templates ( ).
2. sys/e/nroofXSecurityXTemplates,
basicdc Save As.
3. Save As File Name new template
Save.

439

4. New Template
Set Description.
5. Security Template Description .
6. New Template.
7. Account Policies, Password Policy Minimum Password Length.
8. Template Security Policy Setting Define This Policy
Setting In The Template 10 .
9. .
10. Security Templates .
11. Yes,
NEWTEMPLATE.INF.

, , . .
. Security
Templates, , , ,
.
, Security Templates
.

440

13

6, Security Configuration
and Analysis
Security Configuration and Analysis ( ) ,
, . ,
Security Configuration and Analysis.
, :
S Security Configuration and Analysis;
s Security Configuration and Analysis ,
.
25 .

Security Configuration and Analysis


Security Configuration and Analysis . . , , .
.
.


Security Configuration and Analysis . , , Security Templates
( ), .
.


. , .
,
.
Security Configuration and Analysis .
. . Security Configuration and Analysis ,
.
,
-

Security Configuration and Analysis

, , , , .


Security Configuration and Analysis
.
1. Security Configuration and Analysis.
2. .
3. .
4. .
5. .
6. .
7. .

Security Configuration and Analysis


Security Configuration and Analysis
.
> Security Configuration and Analysis
1. :
, Start () Run (), mmc ;
Security Configuration and Analysis , 2,
2. Console Add/Remove Snap-In Add.
3. Add Standalone Snap-In Security Configuration and Analysis
( ) Add.
4. Close, .
5. Console Save.
6. Save.
Administrative Tools.


Security Configuration and Analysis
. , .
>
1. Security Configuration and Analysis (. 13-16) .
2. Open Database ( ).
3.
Open ().
; Import Template ( ).
4. Open (), .
.

'6-43-1

,n Security Lorrfig & Analysis - [Lonsfile Hoot]

i*ss?.

'

13

&-
i*fe.

1 5ecjnty Configu'ation end Analyse


) SecurityCorfio

. 13-16. Security Configuration and Analysis


5 , . ,
Security Configuration and Analysis.
.
, , , , , .
.
>
1. Security Configuration and Analysis .
2. .
3. Security Configuration and Analysis
Import Template ( ).
4. Open.
5. ,
, .
, , , Import Template Clear This Database Before Importing ( ).

Security Configuration and Analysis

443


Security Configuration and Analysis
,
. .
Security Configuration and Analysis
. .
, , .
.
>
1. Security Configuration and Analysis (
).
2. Security Configuration And Analysis Analyze Computer Now ( ).
3. Perform Analysis () .
. .
, Security Configuration And Analysis
View Log File ( ).


Security Configuration and Analysis
, .
.
**
1. Security Configuration and Analysis .
2. , Account Policies (
), , Password Policy
( ).
3. Policy () (. 13-17) ,
Database Setting ( )
, Computer Setting ( )
.
; ;
, .

444

\ - Hi

: V -

24 passwords reme...

1 passwords remem.

Maximum password age

days

42 day;

Minimum password age

2 days

[i days

Minimum oasswctd length

characters

0 characters

Enforce password history

. 13-17.

13

Passwords must meet complexity r,., Enabled

Disabled

Stae passwot d using reversible e,,,

Disabled

Disabled

User must log on to charge the ca... Disabled

Disabled

Password Policy ( )


Security Configuration and Analysis , :
,
;
, ;

,
,
. , , , , , . Configure System Now
( ), .
, ,
. , Security Templates { )
.
Security Configuration and Analysis
,
. Security Templates, ,
.
>
1. Security Configuration and Analysis (
).

Security Configuration and Analysis

445

2. Security Configuration And Analysis


Configure Computer Now ( ).
3. Configure System ( )
, .
. .
*
1. Security Configuration and Analysis ,
2. , Account Policies, , Password Policy.
3. .
4. Define This Policy In The Database (
), .
5. .
6. , .
^
1. , ,
.
2. Security Settings.
3. , Account Policies, , Password Policy.
4. , Minimum Password Length (.
).


. , ,
,
Security Templates.
^
1. ,
, Security Configuration and Analysis
Export Template ( ).
2, Export Template To ( ). File Name
, Save As Type Save.

: Security Configuration
and Analysis
Security Configuration and Analysis, , .

1: Security Configuration
and Analysis Console
Security Configuration and Analysis.

446

13

^
1.
2.
3.

: Security Configuration and Analysis


Start Run, .
Console Add/Remove Snap-In Add.
Add Standalone Snap-In Security Configuration And Analysis
Add.
4. Close, OK.
5. Console Save.
6. File Name security config & analysis Save.
Administrative Tools.

2:
.
> :
1. Security Configuration and Analysis .
2. Open Database ( ).
3. File Name new
Open, .
4. Import Template ( ), securedc Open, .
new .
securedc.

3:
securedc .
* :
1- Security Configuration And Analysis
Analyze Computer Now ( ).
2. Perform Analysis () .
.

4:
.
> ;
1. Security Configuration and Analysis .
2. Account Policies Password Policy.
Policy, Database Setting Computer Setting ?
Policy?

Security Configuration and Analysis

447

Security Configuration and Analysis


.
Security Configuration and
Analysis , ,
. , Security Templates .
Security Configuration and Analysis
, . .
, Security Configuration and Analysis,
,
.

13

L

, .
, :

S .
5 .


. 13-15 , , .
. 13-15.

: Event message: Event ID 1202, Event source: scecli, Warning


(Ox%x) occurs to apply security policies ( 1202)


Secedit,

: Failed to open the Group Policy Object


( )

DNS. , DNS
. DNS-cep DNS- (Internet service
provider, ISP). ,
DNS-: DNS- (,
) DNS- ISP.
ping
, .
, DNS- ISP
, .
, IP- DNS- ISP
DNS-

. ,
,

,
. .
seccdit / refreshpolicy
machine_policy

. 13-15.

449

(}

Windows NT 4.0 Windows 2000

Windows NT 4.0
Windows 2000. Windows
NT 4.0

.pol. Windows 2000


Active Directory. Windows 2000
-

Windows NT 4.0 Windows


2000 Server Windows 2000 Professional
Windows NT 4.0 Server Netlogon
( Windows NT 4.0). Windows
NT 4.0 Windows 2000
Active Directory, Windows NT 4.0 .
Windows NT 4.0 ( ), . Windows NT 4.0
. ,
, .
:
Windows NT 4.0 , . .
. Windows NT 4.0 .

Windows NT 4.0 Windows 2000

450

13


9 |


. , . . .

1. ,
. ?
2. ,
?
3. ?
4. ?
5. ?
6. Security Configuration and Analysis ,
?

14

Active Directory

1.

Active Directory

452

2. Active Directory

472

3.

477

482


Active Directory
, .


:
;
;
.

Active Directory

14

I.
Active Directory
Active Directory Microsoft Windows 2000. Active Directory
:
Active Directory ;
;

;
, , .
,.Active
Directory,
Active Directory.
, :
Event Viewer ( );
Event Viewer;
Performance ();
System Monitor ( );
System
Monitor;
S , ;
/ ,
Performance Logs and Alerts ( ).
S
S
S
S
S

50 .
Windows 2000 Active
Directory. Event Viewer ( ),
Administrative Tools (),
, . Performance () Active Directory
. ,
,
.

Event Viewer
Windows,
, , ,
, . , , Event
Viewer File Replication Service ( ).
, Active Directory .
, .

Active Directory

Event Viewer ,
, Windows 2000,
. , Active Directory,
. . 14-1.
. 14-1.

,
Active Directory

Application Log
( )

, , , ,

Directory Service

, ,
Active Directory (. 14-1)

File Replication Service


(
)

, , File Replication Service

System Log
( )

, , Windows 2000.
Windows 2000

- Apcfcation Log

^Wormatior

10/17/1999

10:30:14...

NTDS 15

OnkneO..

701

Security Log

Information

10/1'/1999

10:30:12...

4T05ISAM

Online D...

"

N/A

System Log

10/17/1999

1020:12...

NTDS CC

Knni^led .

! '

N/A

DNS Server

^Information

10/17/1999

1015:10...

NTDS GenerjJ

ServfceC..

1394

Evervona

; ~P Information

10/1J(1999

1015:10...

NTD5 GeneHl

ServkeC.,

1000

Everyme

^Information

10/17/1999

1014:50...

NTDS ISAM

General

loo

NfA

/^Warniig

10/17/1999

10 HiSJ.M

NTDS General

Service C.,

1091

^Information

10/16/1999

10 02:05 PM

NTDS General

SefviceC,.

1004

'.."
1 i/j.

'^Information

10/16/1999

10:flJ;oSP4

NTOSISAM

General

^Information

1 Of W 1999

J:E7:07PM
S:57:0; pM

NTDS General

Service C,.

1391

Everyone

Event Viewer {Local)

Q| File Recitation Service

g
N/A

:.-

4> Information

10/16/1999

Service .

looo

Everyone

Informal ion

10/16/1999

9:56:16 PM

NTDS 15AM

General

100

N/A

A Warring

10/16/1999

9:56:16 PM

NTDS General

Service C..

109

'

*Vlriformatiori

10/16/1999

; 33: 43PM

NTDS General

Service C.,

10/16/1999

5-.

NTDS ISUM

General

101

LDAPInt..

Information

NTTDS General

[itformatcn

10/16/1999

10:26:36 ..

NiDSLDAP

Information

10/16/1999

9:34:17

rJTDSISAN

OrJcieD ..

1..

'^1

10/16/1999

9:31: 15

NTDS ISAM

Online D,,,

700

Information

10/16/ IW9

9:24: 15 AW

NTDSKCC

Knowled...

Information

10/16/1999

9:19:15 AM

NTDS General

Service C.

. 14-1.

!"><,'.

1V]U~

....

1394

N/A

HI
i,.:.
'.'.
.,,

N)

Everyone

Directory Service

Performance
,
. Performance
. ,
-

454

Active Directory

14

. , , , Performance Event Log ( ) - .


Performance System Monitor (ActiveX-) Performance Logs and Alerts.

System Monitor
Active Directory . System Monitor :
;
, ;
' , ;
' System Monitor Microsoft Ward
Microsoft Office (Automation);
HTML- ;
, , .
System Monitor . 14-2.
.
. ,
.
. System Monitor , (
). , ,
, , .
. System Monitor , . .
, System Monitor .
. System Monitor ,
.
.
, .

. 14-2.

Active Directory

455

System Monitor


.
(performance object) ,
. Active Directory NTDS (NT Directory Service). System Monitor . (performance counter) , . ,
Lightweight Directory Access Protocol (LDAP),
NTDS LDAP Client Sessions
System Monitor.

NTDS
NTDS , Active Directory. .
,
. , , total. , . (statistic
counter) ; DRA (Directory
Replication Agent) Inbound Properties Total/Sec
. (ratio counter)
. , DS (Directory Service) % Writes From LDAP
, LDAP-. (accumulative counter) Active Directory. , DRA Inbound Bytes Total Since Boot

456

( Active Directory

14

( ) ( ).
. , . 14-2.
. 14-2.

NTDS

DRA Inbound Bytes


Compressed (Between Sites,
After Compression)/Sec
[
DRA ( ,
)/]

( ) [
, Directory System Agent
(DSA) ]

DRA Inbound Bytes


Compressed (Between
Sites, Before Compression)/
Sec [
DRA (
, )/|

( ) ( , DSA
rax)

DRA Inbound Bytes Not


Compressed (Within Site)/
Sec [
DRA ( )/
]

, (, DSA ), .

DRA Inbound Bytes


Total/Sec ( DRA/)

.
( ) (
)

DRA Inbound Full Sync


Objects Remaining
(
DRA)

DRA Inbound Objects/Sec


(
DRA/)

DRA Inbound Objects


Applied/Sec (

DRA/)

, .
, ,
(, ).

,

DRA Inbound Objects


Filtered/Sec (
DRA/)

,
,

Active Directory

. 14-2.

NTDS ()

DRA Inbound Object


Updates Remaining in
Packet (
DRA)

,
,
. ,

DRA Inbound Properties


Applied/Sec (

DRA/)

, ,

DRA Inbound Properties


Filtered/Sec (
DRA/)

, ,

DRA Inbound Properties


Total/Sec ( DRA/)

DRA Inbound \&lues


(DNs On!y)/Sec [ DRA
( DN)/ceK]


; , .
,
, . ,

, , ,
.

DRA Inbound Wiles


Total/Sec ( DRA/)

, .
,
.

DRA Outbound Bytes


Compressed (Between
Sites, After Compression)
/Sec [
DRA ( , )/]

( )
( , DSA )

( ) DRA Outbound Bytes


( , DSA )
Compressed (Between
Sites, Before Compression)
/Sec [
DRA ( ,
)/]

458

Active Directory

. 14-2.

14

NTDS ()

DRA Outbound Bytes Not


Compressed (Within Site)
/Sec [ DRA (
)/]

,
(, DSA )

DRA Outbound Bytes Total/Sec (


DRA/)

.
( )
( )

DRA Outbound Objects/


Sec (
DRA/)

DRA Outbound Objects


Filtered/Sec (
DRA/)

, ,

DRA Outbound Properties/Sec (


DRA/)

.
, -

DRA Outbound Wues


(DNs Only)/Sec [ DRA

,
(DN) . DN-, , , ,
. ,
, ,
,

( DN)/CCK]

DRA Outbound \fclues


Total/Sec ( DRA/)

DRA Pending Replication


Synchronizations (
DRA)

, .
.
,

DRA Sync Requests Made


( DRA)

DS Directory Reads/Sec
(
DS/)

DS Directory Writes/Sec
(
DS/)

DS Security Descriptor
Suboperations/Sec (
DS/)


(Security Descriptor Propagation).
.

Active Directory

1
. 14-2.

459

NTDS ()

DS Security Descriptor
Propagations Events (

DS/)

,
,

DS Threads in Use ( DS)

,
( ).
,
API, ,

Kerberos Authentications/Sec ( Kerberos/)

LDAP Bind Time (


LDAP)

( ),
LDAP

LDAP Client Sessions


( LDAP)

LDAP-

LDAP Searches/Sec
( LDAP/)

, LDAP-

LDAP Successful Binds/Sec


(
LDAP/)

LDAP

NTLM Authentications
(
NTLM)

NT LAN Manager (NTLM) ,


XDS Client Sessions


( XDS-)

< >
.
Windows NT Windows NT Administrator



System Monitor , .
> Active Directory
1. Start\Programs\Administrative Tools (\\) Performance ( ).
2. System Monitor ( ),
+ Add ().
3. Add Counters ( ) (. 14-3
, ,
Use Local Computer Counters ( );
, ,
, Select Counters From Computer ( -

Active Directory

) ( ).
4. Performance Object () NTDS.
(. 14-3) Explain ().
5. .
NTDS All Counters ( );

Select counters - *

:
j|NTD5

DRA Inbound Dowels Rtered/teM


DRA Inbound Objects/see
DRA Inbound Properties Appled/-4
DRA InbOLnd Properties Filtered,

.i

. 14-3.

Add Counters ( )

Select Counters
From List . , , Ctrl.
6. Add ().
7. , Close ().
, . (, ), .
System Monitor ,
Select Counters ( ) Use
Local Computer Counters ( ). System Monitor , , ,
.

Active Directory

461

Performance Logs and Alerts


,
.


System Monitor, , . , . System Monitor .


- , , - . Performance Logs And
Alerts. ,
,
.
Active Directory NetLogon, Klerberos, Security
Accounts Manager (SAM) Windows NT Active Directory Service.
, ,
.
. API-, Web- Microsoft http://nisdn.microsoft.com/.


:
, ,
. , ;
,
;
, i , /
;
, ;
. , ,
.


Full
Control , Performance Logs and Alerts:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Q u e r i e s

462

Active Directory

14

. , Security ()
Regedt32.exe Permissions ().
Performance Logs and Alerts ( ) .
. Performance Logs and Alerts
, .


, ,
, .
**
1. Start\Programs\Administrative Tools (\\) Performance ( ).
2. Performance Logs And Alerts ( ), Counter Logs ( ).
. , ;
.
3. New
Log Settings ( ).
4. Name () .
5. General () Current Log File
Name ( ) .
Add ().
6. Select Counters ( ) , .
,
Performance Logs and Alerts ( ),
Use Local Computer Counters ( ).
, ,
Performance Logs and Alerts, Select Counters From Computer ( )
.
7. Performance Object () ,
.
8. Add ().
9. , Close ().
10. Log Files ( )
, . 14-4 . 14-3.

. 14-3.

Active Directory

463

Log Files ( )

Location
()

, .
Browse ()

File Name
( )

.
End
File Names With.
Performance Logs and Alerts

End File Names With


( )

; .

Start Numbering At
( )

,
, End File Names With nnnnnn

Log File Type


( )

:
Text File CSV ( CSV) ( .csv).
;
Text File TSV ( TSV) ( tsv). ;
Binary File ( )
.big. ,
;


;
Binary Circular File ( )
. ,

Comment
()

. Performance Logs and Alerts

Log File Size


(
)

Maximum Limit ( ) , ,
;
Limit Of {He ) ( ; 2 ).
,

Active Directory

14

Stilt

PHC. 14-4.

Log Files ( )

11. Schedule () ,
. 14-5 . 14-4.
. 14-4.

Schedule ()

Start Log
( )

Manually () ;
/(/()

Stop Log (
)

Manually () ;
After ()
;
At )
;
When The Log File Is Full ( )

When A Log File Closes ( )

Start A New log File ( ) ,


;
Run This Command ( )

. 14-5.

Schedule ()

12. .
Performance Logs and Alerts ,
Select Counters Use Local Computer Counters. System Monitor ,
, , .


, , ,
*
1. Start\Programs\Administrative Tools Performance.
2. Performance Logs And Alerts, Trace Logs
( ).
, , ;
.
3. New
Log Settings ( ).
4. Name () .,
General () Current Log File
Name ( ) .
PerfLogs . ; sequental (, .etl).
5. , .

466

Active Directory

14

Events Logged By System Provider (, ), , . (


Windows). .
.
Nonsystem Providers ( ),
(,
). Add () Remove ().
(/) Provider Status ( ).
,
. ,
, .
, , .
.
6. Log Files ( ) . , , , . 14-5.
. 14-5.

Log File Type

Log File Size

Log Files

:
Circular Trace File ( ) .etl.
,
;
Sequential Trace File ( )
.etl.
,

Maximum Limit ( ) , ,
;
Limit Of (He )
( ). ,

7. Schedule () , .
8. .
.
.

Active Directory

467

System Monitor ,
, .
, , , .
, , .


, , , .
^
1. Start\Prograrns\Administrative Tools Performance.
2. Performance Logs And Alerts, Alerts.
. ,
; .
3.
New Alert Settings.
4. Name () New Alert Settings ( ) .
5. Comment () Add ().
6. Select Counters ( ) , .
, Performance
Logs and Alerts, Use Local Computer Counters (
).
, ,
Performance Logs and Alerts, Select
Counters From Computer ( ) .
7. Performance Object () .
8. Add.
9. , Close.
10. Alert When The Nklue Is (, ) Under () Over (), Limit () , .
11. Sample Data Every ( ) .
12. Action () ,
. 14-6 . 14-6.

14

. 14-6. Action ()

Log An Entry In The


Application Event Log
(

)

, Event Viewer
( )

Send A Network
Message To (
)
Start Performance Data
Log (
)

Run This Program


( )

Command Line Arguments (


)

Run This
Program

13. Schedule ,
.
14. .

. 14-6.

Action ()
Command Line Arguments ( )

Active Directory

469

: System Monitor
System Monitor. , Performance Logs and Alerts
LDAP Searches/Sec ( LDAP/).
^ 1: Active Directory
,
System Monitor , ^ .
1. Start\Programs\Administrative Tools (\\) Performance ( ).
2. System Monitor ( ).
3. Add Counters ( ).
4. Select Counters From Computer ( ) , .
5. Performance Object () NTDS.
6. Select Counters From List ( )
DRA Pending Replication Synchronizations (
DRA). Add ().
7. LDAP Searches/Sec ( LDAP/) Add.
8. Close ().
; . (,
), .
^ 2:
: ,
.
1. Start\Programs\Administrative Tools Performance.
2. Performance Logs And Alerts, Counter Logs
( ).
3. New
Log Settings.
4. New Log Settings Name LDAP Searches Per Sec .
5. , General () LDAP Searches Per Sec
Current Log File Name ( )
. Add.
6. Select Counters ( ) Select
Counters From Computer ( ) , .
7. Performance Object () NTDS.
8. LDAP Searches/Sec Add. Close.
9. Log Files ( ) :
Location (): C:\PerfLogs ( :\ );
File Name ( ): LDAP_Searches_Per_Sec;
* End File Names With ( ): nnnnnn;
* Stan Numbering At ( ): 1;

470

Active Directory

1 4

Log File Type ( ): Text File


Log File Size ( ): Maximum Limit.
10. Schedule () :
Start Log ( ) At (): 3 , ;
Stop Log ( ) After (): 2 .
11. .
12. 3 ,
Active Directory Users and Computers (Active Directory ),
.
13. , ,
\PERFLOGS\LDAP_SEARCHES_PER_ SECJJOOOOI.CSVc , Microsoft Excel.
>* 3:
:
.
1. Start\Programs \Adrninistrative Tools Performance.
2. Performance Logs And Alerts, Alerts ().
3. New
Alert Settings ( ).
4. Name New Alert Settings LDAP Searches Above 5 Sec .
5. Comment Alerts when LDAP Searches are more
than 5 per second Add.
6. Select Counters Select Counters From
Computer , .
7. Performance Object NTDS.
8. LDAP Searches/Sec Add.
Close.
9. Alert When The \&lue Is (, ) Over (),
Limit () 5.
10. Sample Data Every ( ) ,
, 3 .
11. Action () Log An Entry In The Application Event
Log ( ).
12. Schedule () :
Start Scan ( ) At (): 3 ,
;
Stop Scan ( ) After (): 2 .
13. .
14. , 3 , ,
Active Directory Users and Computers,
, .
15. , Application Log ( ) Event Viewer (
). , .

Active Directory

471

Active Directory Event Viewer Performance.


Event Viewer , .
Active Directory .
Performance ,
. Performance System Monitor (ActiveX-) Performance Logs and Alerts. Performance Logs and Alerts , .
, System Monitor,
Performance Logs and Alerts LDAP Searches/Sec.

472

Active Directory

14

2 Active Directory
Windows 2000 Support Tools - Windows 2000,
, Active Directory. Windows 2000 Support Tools,
Active Directory , :
S Windows 2000 Support Tools;
S Windows 2000 Support Tools,
Active Directory.
- 10 .
Windows 2000 Support Tools, -
Windows 2000, .

Windows 2000 Support Tools . 3.

Active Directory :
LDP.EXE Active Directory;
REPLMON.EXE Active Directory;
REPADMIN.EXE *;
DSASTAT.EXE Active Directory *;
SDCHECK.EXE *;
NLTEST.EXE*;
ACLDIAG.EXE ACL *;
DSACLS.EXE *.

LDP
LDAP- , Active Directory, LDAP- , , , , . LDAP , Active
Directory. LDP , Windows
2000 Support Tools\Tools.
LDP
Active Directory , .

REPLMON
Active Directory
, ,
, . REPLMON , Windows 2000
Support Tools\Tools,

Active Directory

473

REPLMON.
. REPLMON ,
,
,
. Replication Monitor -:
, ,, - , . , , .
.
.
Replication Monitor, .
. , GUID, , : , (RFC SMTP; RFC ), , USN- .
. , ,
( )
, , , (),
(Flexible
Single Master Operations, FSMO),
[ Knowledge Consistency
Checker (KCC), Active Directory, Jet LDAPj. ,
, ,
, , ( )
. ,
GUID, DNS,
Active Directory,
, ( , ).
Active Directory.
Server Wizard.
. .ini,, .
REPLMON .
. REPLMON

, .
.
, , DNS- ,
Active Directory, -, (, ),
FSMO, (Replication Monitor , ), ,

17-434

Active Directory

14

, IP .
. Automatic Update REPLMON , ,
.
.
REPLMON
.
, REPLMON
.
. , .
. ,
.
. Active Directory, .

REPADMIN
, Windows 2000.

, .
REPADMIN
. , REPADMIN ( ), , .
. REPADMIN . /.

DSASTAT
, .
DSASTAT , , . DSASTAT (/, , / . .)
.

. DSASTAT , .

Active Directory

475

DSASTAT , . DSASTAT REPADMIN.EXE RE.PLMON.EXE , .

SDCHECK
SDCHECK , Active Directory.
ACL,
Active Directory.
,
SDCHECK ACL.
ACL Active Directory. SDCHECK ,
ACL, ACL . SDCHECK REPADMIN.EXE REPLMON.EXE , .

NLTEST
NLTEST , :

Windows;
;
;
;

Microsoft Windows NT 4.0 (
Windows 2000
).
NLTEST.EXE 86 (Intel).

ACLDIAG
ACLDIAG Active Directory. ACLDIAG ACL
, . ,
. , ACLDIAG .
ACLDIAG :
ACL ,
;
, Delegation of Control ( ) Active Directory Users and Computers;

476

Active Directory

14

, ,
ACL.

ACLD1AG ,
.
, ACLDIAG .
, ACL DSACLS.

DSACLS
DSACLS ACL . DSACLS Active Directory
, Security ()
Active Directory, .
ACLDIAG DSACLS
Active Directory .

Windows 2000 Support Tools, Active Directory.

477

3.
Microsoft Windows 2000 Shared Folders ( ),
. .
, :
S Windows 2000
;
S , ;
/ ;
S ;
S ;
S .
20 .


.
. ,
, , .
.
, .
. , . .
Microsoft Windows 2000 Shared Folders, .
Computer Management ( ) . Shared Folders
, ,
.


. . 14-7
, .
. 14-7.

Administrators () Server Operators


( )

Administrators Power Users ( )


,
Microsoft Windows 2000 Workstation

14

Active Directory



Shares () Shared Folders (
). , I4-7 Shares Computer Management,
.

I CamBiiter Management (Local)


, System Tods
j Event View
I System Irformation
| PerformafKe Log; and Alerts

Prhter Df
Logonserv

PNEILOSOTJ
C:\MySrme

vie Manager
cal User* arid Gra

I^Tnetpub
! \WINNT

Windows
Windows
Windows

OfaiJtsliare
Remote Adrmn

Management
(^DEkDefragrnenter
^ Logical f>ives
jg> Retmveble Storage
i Se rvice

. 14-7.

Shares () Shared Folders

. 14-8 Shares (. 14-7).


. 14-8.

Shares

Shared Folder ( )

Shared Path ( )

()

# Client Redirections
(
)

Comment ()

. ,

Windows 2000 , . , Action ()


Refresh ().



Shared Folders . Shared Folders ,

479

, Action
Properties. .
General ().
, Shared Folders , . . , . . ,
.


Shares , . Action
Properties. General , . , . Security () .


Open Files ( ) Shared Folder (. 14-8) . , . , ,
, , .

| Computer Management (Local)


System Tools
-( Event: Viewer
i System Worfnation
Pnforrrnnte Logs and Alerts
& Shared Folderi

' C:\My5ha

UDMMSTR...
ADMMSTR.,,

Windows
Windows

. .,

- Disk Management
I^OikDeirapnentei
-SB Logtaal Drives
0
) Services and

. 14-8.

Open Files ( ) Shared Folders

. 14-9 Open Files.

480

Active Directory

14

. 14-9. Open Files

Open File ( )

Accessed By ()

()

# Locks (.)

Open Mode
( )

.


,
(Read Write)


, . NTFS ,
- , ,
.
, :
.
Shared Folders Open Files Action Disconnect
All Open Files ( );
.
Shared Folders Open Files Action Close
Open File ( ).
!
.



, .
^
1. Shared Folders ( ) Action ()
All Tasks\Send Console Message ( \ ).
2. Message () ,
3. Recipients () , , Send ().
,
, .
- ,
Send Console Message. , ,
. .

:

Shared Folders .
> 1:
1. Start\Programs\Administrative Tools (\\) Computer Management ( ).
2. Computer Management System Tools (
), Shared Folders ( ).
3. Shares.
, ,
^ 2:
1, Open Files ( ) Shared
Folders.
, , Open Files
,
^ 3: ,
1. Open Files Action
Disconnect All Open Files ( ).
, .
2. Computer Management.

Shared Folders Microsoft Windows 2000


. . Shared Folders
, ,
.

Shares Shared Folders.
General . Open Files Shared Folders
.
, .

482

Active Directory

14


9 |
****


. , . . .

1. Active
Directory?
2. ?
3. ?
4. ?
5. LDP ?
6. , ?

15

Windows 2000
RIS

1.

RIS

484

2,

RIS

491

3.

RIS

505

4.

RIS
RIS

513

518


(Remote Installation Services, RIS) , - , . , .
, -
.
. , RIS.
, RIS, .

15

484

RIS

RIS, Microsoft
Windows 2000, . , .
, :
, ;
;
-: .
RIS;
, RIS.
20 .


. 15-1 .

at*

RIS
BINL
TFTPD
SIS

DHCP-

DNS-

RIS
,
/
- Intel, 3Com Award
* BIOS,

. 15-1.

. ,
, .
Active Directory, DHCP- DNS.


RIS , .
(Boot Information Negotiation Layer, BINL).
BINL RIS .
, Active Directory -

R!S

. BINL ,
,
, . - , BINL - Active Directory.
- (THvial File Transfer Protocol Daemon, TFTPD). , . TFTPD Client Installation ( ) ,
(Single Instance Store, SIS).
, .
S1S RIS .
SIS ,
.


-, :
DHCP ,
(Pre-Boot execution Environment);
, .


DHCP, ,
. (, RIS) Windows 2000 - RlPrep. Windows 2000 Professional , . .
-. -
Windows 2000 Professional. RIS;
RIPrep-. ,
, , . Windows 2000 Professional , ,
RIS-. .
RIS- ()
RIS-.
,
. , .

486

Windows 2000 RIS

15


(-Boot execution Environment) , .
RIS- TCP/IP, DHCP. , Net PC/PC98,
, Windows 2000. Net
/98 , Microsoft Intel Compaq . 98
,
Microsoft Windows , , .
. 15-2 DHCP, - .
^
DHCP Discover 67
[ -]
DHCP Discover 67
[
DHCP Offer 6
IP- +"
[ DHCP]
__

DHCP
Offer 68 -[ -] +
[ DHCP]
DHCP Request 67
[
-] + [
DHCP]
DHCP Ack 69
DHCP Request 401 1
BINL [^^ -] + [
DHCP]
^

Execute
Downloaded
Boot Imag

DHCP Ack
[ ]
(
)

69 ^- *
^

. 15-2.

-, , IP- DHCP. - RIS-,


.
RIS-, IP- , . ,
, DHCP . BINL,

RES

487

, RIS-.
BIN L
,
, . , Windows 2000 Server.


-,
PCI-. !5 RIS
-
.
.


. 15-3.
RIS .
.

Active
Directory

DHCP

RIS-

. 15-3.

RIS

RIS- ;
RIS-.


1. - . , DHCPDISCOVER, DHCP- IP- RlS-cep. (GUID). GUID BIOS PC98/Net PC- -. DHCP- , IP- RIS-. RIS- IP- ,
. , FI2, .

Windows 2000 RIS

15

1. RIS- ( BINL) , Active Directory


, -.
BINL Active Directory - GUID, .
3. - (Client Installation Wizard, CIW), .
RIS- Active Directory !
, . RIS
, .
, RIS , .
CIW (. 15-4).

. 15-4.

, CIW

5. ,
-. , . CIW
,
. .
, CIW, 1.
6. ,
.
- Active Directory, BINL ,
. ,
-
.
tl CIW ,
, ( , ,
, ).
,
RIS .

RIS

489

. ,
. , , .

RIS

Pentium Pentium II
166 ( 200
).
64 (96128 , , ,
Active Directory, DHCP DNS).
, RIS,
2 . RIS
.
10 100 / ( 100 /).
! RIS , .
R1S . , RIS,
Windows NT (NTFS).


,
, :
DNS;
DHCP;
Active Directory.

DHCP .


Net PC- Pentium 166 .
32 ( 64 ).
800 .
PCI- Plug and Play.
: .99 .

, RIS
, RIS.
RBFG Adapter List.
3Com:
900 (Combo ):

490

Windows 2000 RIS

15

900 (Combo, FL, TPC, TPO);


905 (4 );
905 (Combo, TX, FX);
905 ().
AMD:
AMD PCNet Fast PCNet.
Compaq:
Netflex 100 (NetIntelligent II);
Netflex 110 (Netlntelligent III);
Netflex 3.
Digital Equipment Corp (DEC):
DE 450;
DE 500.
Hewlett-Packard:
HPDeskdirect 10/100TX.
Intel Corporation:
Intel Pro 10+;
Intel Pro 100+;
Intel Pro 100B ( El00).
SMC:
SMC 8432;
SMC 9332;
SMC 9432.
RIS 1-. ISA, EISA Token ring .

RIS Windows 2000, , ,


.

RSS

491

2. RIS
R1S, RIPrep, RIS R1S.
, :
S
S
/
S

RIS;
RIPrep;
RIS;
RIS.
- 30 .

RIS
RIS RIS.
! RIS
RIS 1.

RIS
RIS:
Windows 2000.
. RIS ,
Windows 2000 Server Add/Remove Programs (
) Windows.
> RIS
1. Windows Components ( Windows) :
Windows 2000 Server;
Start\Settings (\) Control Panel (
); Add/Remove Programs
( ). Add/
Remove Windows Components ( Windows,).
2. (. 15-5) Remote Installation Services
( ) Next.
3. - Windows 2000 Server.
4. Completing The Windows Components Wizard ( Windows) Finish ().
5. System Settings Change ( )
Yes RIS.

Windows 2000 RIS

15

Windows Component!
You can add or remove components of Windows 2000

Foadriw moves component, click (he checkbox. A ^hededbw weans (hat


part at the component wif l:e j

Li fSSOther Network File and Print Services

0.0MB _*)

: Jjjl Remote Inslalation Services

1.7MB

....! Iji Remote Storage

3.5MB

. ^Sciipt Debugger

1.1MB f

V >rr-rii,=rl ^prwirpi

,|

11 MR JEI

Includes Wblows Accessories indUliSlies lor your

.. j. i

. 15-5.

U9MB

Windows

RIS
RIS RIS .
^ RIS
1. Start\Programs\Administrative Tools (\\) Configure Your Server ( ).
2. Configure Your Server ( Windows 2000)
Finish Setup ( ).
3. Configure Remote Installation Services ( ) Add/Remove Programs Configure (),
.] RIS.
4. Next.
5. , . :
, ;
RIS ;
- Windows 2000 Professional ,
;
;
,
.
RIS
, ,
RIS. , RIS.

RIS

493

RIS
RIS -. RIS , :
RIS-;
RIS-;
RIS-;
RIPrep.

RIS
RIS , RlS-, . RIS-
. RIS-
.
>
1.
2.
3.
4.
5.
6.
7.

RIS
Start\Programs\Administrative Tools DHCP.
DHCP DHCP.
Action () Manage Authorized Servers ( ).
Manage Authorized Servers ( )
Authorize ().
Authorize DHCP Server ( DHCP-)
IP- .
DHCP Yes.
Manage Authorized Servers .
RIS- DHCP

RIS-
, .
> RIS-
1. Start\Programs\Administrative Tools Active Directory Users
And Computers (Active Directory ).
2. ,
, Computers Domain Controllers,
3. RIS-
Properties ().
4. Rerhote Install ( ).
5. Remote Install (. 15-6) ,
. 15-1.

494

Windows 2000 RIS

. 15-6.
. 15-1.

15

Remote Install ( ) RIS-


Remote Install

Respond To Client Computers


Requesting Service (
,
)

RIS ,

Do Not Respond To Unknown


Client Computers (He

)

RIS . ,
Respond To Client Computers
Requesting Service

6. Remote Install Advanced Settings ( ).


7. New Clients ( )
(. 15-7) , . 15-2.

. 15-7.

New Clients ( ) RIS-

. 15-2.

RES

495

New Clients

Generate Client Computer


Names Using (
)


.

-

Customize ()

Computer Account
Generation ( ),

Client Account Location


(
)


: Default Directory Service Location (
) ,
Active
Directory,
;
Same Location As That Of The User Setting Up The Client Computer
( , ) ,
Active Directory,
, ;
Use The Following Directory Service Location ( )
Active Directory,
, . ,

8. Images () RIS (. 15-8) RIS- . . Add


()
RIS. 3.

9. Tools () RIS (. 15-9) RIS- .


10. RIS- .
11. .
, Windows 2000 Professional, , Windows 2000 Administration Tools () - Windows 2000 Server.

496

Windows 2000 RIS

15

SERVER l-Rernotp Instalialtan-Sei-vicfi*!

The flawing pfttaJ'aNwi Wiaget are imiaSedWi th


msldla&Qii server

Relresh

L
. 15-8.

Images () RIS-

Windows 2000 Administration Tools ,


RIS-,
RIS-. .

I OteiSsI images -to*


The Iclbwire ffiaintB'iauce and troutfesl
crttN) lemole uu-tallatiofi

SK \

. 15-9.

Cancel

Tools () RIS-

R1S

497

RIS
, CIW. (. 15-4):
Automatic Setup ( );
Custom Setup ( );
Restart A Previous Setup Attempt ( );
Maintenance And Troubleshooting ( ).

Automatic Setup
RIS. Automatic
Setup ,
.
- ,
.
: . RIS , . .
,
Active Directory, -.
Custom Setup

Custom Setup Automatic Setup,


. -, , Active Directory.
Custom Setup Active Directory, . RlS- , -, . , Active Directory
(client computer account object, CAO).
, CIW.
Restart A Previous Setup Attempt

, - . CIW , . ;
.
Maintenance And Troubleshooting
. , Flash BIOS
. .

498

Windows 2000 R1S

15

Maintenance And Troubleshooting,




(.sif), . ,
, . , , , , .
, CIW
.
^
1.
2.

3.

4.

5.

6.

7.
8.


Start\Programs\Administrative Tools Active Directory Users
And Computers.
,
Computers Domain Controllers, Properties.
Group Policy ( ).
(). Edit (),
.
User Configuration\Windows
Settings ( \ Windows) Remote
Installation Services ( ).
Choice Options ( ).
Choice Options Properties (: )
(. 15-10):
Automatic Setup ( );
Custom Setup ( );
' Restart Setup ( );
Tools ().
:
Allow () ,
;
Don't Care ( ) . , RIS
, Don't
Care, , ,
. Don't Care ;
Deny () ,
.
Choice Options Properties .
Group Policy .

RIS , () , : seeedit /refreshpolicy user_policy Enter; ; -

BIS

499

, . 8 .
Choice Potions Proper! IPS

-'"

'" Oen'lcare
*'" tieny

. 15-10. Choice Options Properties (: )

RIPrep
, RIS-
RIPrep, , . RIS- , .
* RIPrep
1. Start\Programs\Accessories (\\) Windows Explorer ().
2. \RemoteInstaH\Setup\coomemcmsj/ou<uH_s3WK\lmages\wwi_ _
opa3a\i386\templates ( ,
) .sif Properties,
3. Security ().
4. , , .

, , , .sif , Templates. ,
.

Widows 2000 RIS

15

RIPrep

.
- . RIS
RIPrep.
RIPrep :
;
.


, RIS
Windows 2000 Professional.
, , . ,
. , , , , ,
- Internet Explorer.


RIPrep , ,
, RIPrep, , , RIPrep.
Certified for Windows , . ,
RIPrep. Windows 2000
/ ,
, , RIPrep ( ). . , RIPrep, . , , , ,
, RIPrep.
,
RIPrep,
, .
- , (, ).
.
, , , RIPrep. RIPrep,

BIS

501

. ,
.
,
{ ), All Users. , , , Start .
, .

RIPrep
RIPrep.
> RIPrep
1. - Start Run (). noj'e Open
UNC- RIPrep . : \\\_ cypc\RemoteInstall\Admin\l386\RIPREP.EXE
2. Next.
3. , Remote Installation Preparation.
;
Server Name ( ) ,
. , Remote Installation Preparation
Wizard;
Folder Name ( ) RIS-,
;
Friendly Description And Help Text ( )
, CIW.
4. , .
,
Next.
5. Next.
6. Finish, RIS-.
1 ,
2 , RIS
2 , .
,
, (security identifier, SID), ;!, . RIS-.
, CIW
- , , .

502

Windows 2000 BIS

15

7. . . , -
.

RIPrep
(,
, RlS-) , ,

Windows 2000 Professional RIPrep Plug and Play.
(hardware abstraction layer, HAL) , (,
ACPI, ).
HAL, .
, .
Microsoft, .
, . .

RIPrep

Windows 2000 Professional


. , Windows 2000 Professional , , -.
.
.
.
,
, .
.


-, Windows 2000 Professional,
(riprep.sif) (product
ID, FID), FID ,
Windows 2000. PID
, .

R1S

503

PID riprep.sif, Rl Prep.


> PID RIPREP.SIF
1. RIPREP.SIF (\1&\51\\\$1\_\1%$\2. [UserData] RIPREP.SIF ProductID = ---
( ). PID Windows 2000
Professional.
PID PID, RIPREP.SIF.
OEM- Windows 2000 Professional, PID RIPREP.SIF .

RIS
-, , RIS
. , RIS F12
,
CIW. ,
RIS ,
> RIS
1. Start Run (). Open UNC-
RBFG . ; \\\6_\RemoteInstall\Admin\
I386\RBFG.EXE
2. .
3. Windows 2000 Remote Boot Disk Generator ( Windows 2000) ( )
Create Disk ( ) (. 15-11).
,- Window* 2000 Remotf Boot * Geoet
create a remote boal tfok i * with the Wtrotow 1 Remote.
lr;t.sts:,er Kswcs, ; (matted fhrw Jp;k rJc th drive A m

snorted pa*ased rwtwxfc adapter. Fra a ol wpnwieci adapters.

. 15-11.

Windows 2000 Remote Boot Disk Generator

4. , Close () .

Windows 2000 RIS

15

RIS PCI-. , Windows 2000 Remote Boot Disk Generator Adapter


List ( ).

RIS
RIS-. , RIS RIS.
Check Server ( ).
> RIS
1. Start \Programs\Administra live Tools Active Directory Users
And Computers.
2. , ,
, Computers Domain Controllers.
3. RIS-
Properties.
4. Remote Install Verify Server
( ), Check Server ( ).
5. Next.
6. Remote Installation Services Verification Complete (
) Finish ().
RIS
, .

,
RIS, RIPrep, RIS
RIS.

RIS

505

RIS
RIS, , - RIS RIS.
, :
/ RIS;
/ - RIS;
^ RIS.

20 .

RIS
:
RIS;
- RIS;
RIS.

RIS
:
;
.
^
1. Start\Programs\Adininistrative Tools (\\) Active Directory Users And Computers (Active Directory ).
2. RIS-
Properties.
3. Remote Install (
) Advanced Settings ( ).
4. Images ().
5. Add, .
6. New Answer File Or Installation Image ( ) Add A New Installation Image ( ) Next, Add Installation Image ( ).
7. Next.
8. Installation Source Files Location ( )
Windows 2000 Professional ( -
) Next.
9. Windows Installation Image Folder Name ( Windows)
Windows Next.
10. Friendly Description And Help Text ( ) . Next.
. CIW , Previous Client
Installation Screens Found ( ).

1-34

506

Windows 2000 RIS

15

CIW, , Next.
12. Review Settings ( )
Finish ().
Remote Installation Setup .
^
1. Start\Programs\Administrative Tools Active Directory Users
And Computers.
2. RIS- Properties.
3. Remote install
Advanced Settings.
4. Images ().
5. Add, .
6. New Answer File Or Installation Image ( ) Associate A New Answer File To An Existing Image ( ) Next.
7. Unattended Setup Answer File Source ( ) , :
Windows Image Sample Files ( Windows);
Another Remote Installation Server ( );
An Alternate Location ( ).
8. Next.
9. Select An Installation Image ( ) ,
, Next.
10. Select A Sample Answer File ( )
Next.
11. Friendly Description And Help Text ( ) . Next.
12. Review Settings ( )
Finish ().

- RIS
:
- R1S;
- RIS.

- RIS
- (client computer
account object, CAO) Active Directory. RIS-
. , , RIS-
, . , .

RiS

507

- , , RIS-,
. - . ,
- .
, - RIS-.
* -
1. Start\Programs\Administrative Tools Active Directory Users
And Computers.
2. ,
, New\Computer {Co\).
3. New Object Computer ( )
-,
, , . Next.

ie's to ifeis account

. 15-12.

New Object Computer ( )

4. Managed () This Is A Managed Computer ( ), G U I D Next (. 15-13). . GUTD .


5. Host Server (. 15-14) , , :
Any Available Remote Installation Server -
RIS-;
The Following Remote Installation Server -
RIS-;

Windows 2000 RtS

15

*&bo &dow,$R#thfiiYlypethecomputer'stcnpteteGLIID.
maj) be found in tte 4*8!ii BIOS ot posted on ihe conii-ulei case.

. 15-13.

Managed ()

The mtaeyou * be a [ulv oualifted DMS h

. 15-14.

Host Server

Host Server (-) RIS-, ,


RIS ,
-, . , RIS , RIS- .
6. Next.
7. New Object Computer
Finish ().

- RIS
- RIS Active Directory
GUID . Show Clients -, -

RiS

RIS-. Active
Directory . , GUID.
Show Clients RIS- .
, RIS- RISsvrl, Show Clients ;
RISsvrl*. Show Clients RIS- - . , RIS- RISsvrl, RISsvrlO, RISsvrlOO,
,
.

GUID -
GUID :
;
;
BIOS .
G U I D (dddddddd-dddd-dddd-uddddddddddddddd], d . : 8 ,
4, 4, 4, 12 , : (921FB974-ED42-11BE-BACD0057223}
GUID -
:
01 2 3 4 5 6 7 8 9 a b c d e f - A B C D E F
, . GUID {}.
** - RIS
1. Start\Programs\Administrative Tools Active Directory Users
And Computers.
2. RIS-
Properties.
3. Remote Install.
4. Remote Install Show Clients ( ).
5. GUID ( GUID) Find Remote Installation Clients (. 1:5-15)
GUID Find Now ().
- RIS, Rl server ( ).
6. Find Remote Installation Clients
- RIS, Name GUID.
7. Find Remote Installation Clients.
8. .

Windows 2000 RiS

15

, 11 f

. 15-15.

Find Remote Installation Clients


(; )

RIS
:
, , ;
,
Computers , .



Active Directory .
, , .
>

1. Start\Programs\Administrative Tools Active Directory Users


And Computers.
2. View Users, Groups And Computers As Containers (, ) Advanced Features (
).
3.
Properties.
4. Security () Add
().
5. Select Users, Computers, Or Groups (: , ) , Add .
6. .

RIS

jj-f -|

7. Permissions Read (), Write (), Change Password


( ) Reset Password ( ) .
, .
-,
Active Directory, Active Directory Users and Computer .
>
1.
2.

3.
4.
5.

6.
7.

8.

,
Start\Programs\Administrative Tools Active Directory Users
And Computers.
Delegate Control ( ),
Delegation Of Control ( ).
Next.
Users Or Groups ( ) Add.
Select Users, Computers, Or Groups (), , . Add .
Users Or Groups Next.
Tasks To Delegate ( ) Delegate The Following
Common Tasks ( ), Join A Computer
The Domain ( ) Next,
Finish ().


. , , .
>
1.
2.

3.
4.
5.

6.
7.
8.

, Computers,
Start\Programs\Administrative Tools Active Directory Users
And Computers.
Delegate Control, Delegation Of
Control.
Next.
Users Or Groups Add.
Select Users, Computers, Or Groups (), , . Add .
Users Or Groups Next.
Tasks To Delegate Delegate The Following Common Tasks, Join
A Computer To The Domain Next.
Finish.

512

Windows 2000 RIS

15

, ,

1. Start\Programs\Administrative Tools Active Directory Users


And Computers.
2.
Properties.
3. , Group Policy Group Policy
Object Links ( )
Edit.
4. Group Policy ( ) Computer Configuration
\Windows Settings\Security Settings\Local Policies ( \ Windows\ \ )
User Rights Assignment ( ).
5. Add Workstations To Domain.
6. Security Policy Setting ( )
Add.
7. User And Group Names ( ) Add
User Or Group ( )
(), ,
. .,
8. Security Policy Setting .
9. Group Policy.
10. .

>

RIS , () . : secedit /refreshpolicy user_policy Enter; ;


, . 8 .

R1S, , - RIS RIS.

RIS

513

4.
RIS
RIS
,
.
, :
^ RIS.
15 .

RIS
1. .
. Net PC -, , .
.99 ,
, .99L. - , ta .
2. , - IP-
.
. - . PC9S Net PC,
, ,
.
>
1. - DHCP, .
IP- DHCP-. ,
IP- DHCP .
, IP-, IP-,
DHCP-.
. , IP-
BINL .
.
DHCP- ? DHCP Active Directory, . , ,
, IP- .
IP- DHCP- '
DHCP- ,
DHCP-?
, DHCP?
-, ,
IP- ?

514

Windows 2000 RtS

15

2. IP- DHCP-, BINL, , IP-


.
No Bootfile received from
DHCP, BINL, or Bootp ( DHCP, BINL Bootp).
. BINL, , .
.
? , . DHCP DHCP- Active Directory.
, ,
? , - , , .
-. Active Directory,
- , -.
,
DHCP? RIS
DHCP
DHCP.
,
(BINLSVC), DNS Active Directory?
3. TFTP
F12. ,
. BINL
TFTP , .
. -
, ,
DHCP, B I N L TFTP. RIS -, .
1. BINLSVC, Start ()
Run ().
2. Run ( ) Net Stop BINLSVC Net Start BINLSVC .
3. RIS , Respond To Client Computers
Requesting Service ( , ) , Do Not Respond To Unknown Client Computers (He
) , -
Active Directory.
4. , DHCP,
DNS, BINLSVC Active Directory.
4. - ,
.
3. , ?

RIS

1 5

. . ,
, , / , . . ,
RIS , RIS.
4. ,
RIPrep?
. . ,
, , .
RIPrep , -.
5. ,
RIS, RIS
-?
.
RIS , ,
, Systems
Management Server. , . . ,

.
6. RIS ? , ?
. ,
. ,
.
, -, , IP- ,
. , , .

- Active Directory R1S, -. RIS - ( ), , RIS.
. , .
7.
?
. .
Rbfg.exe . Microsoft -

516

Windows 2000 RIS

15

RIS Rbfg.exe , , Windows.


8. Active Directory
?
. . , , Active Directory. Active Directory.

RIS
,
, .
. 15-3. RIS
:


OemPreinstall = yes .sif


\\RemoteInstall\Setup\m/>e6y*wu_#3ft:
\]&\_\$'


\Vfelcome.osc.

\Velcome.osc
Multilng.osc

, , CIW \Vfelcome.osc, \RemoteInstall\QSChooser.


\\felcome.osc file Multilng.osc
\\felcome.osc,

. \\elcome.osc

- RIS,

- , -


RIS

RiS

517

. 15-3. RIS ()




(SIS)

RIS ;;.
,
, .

518

Windows 2000 RIS

15


,
^^


. , . . * .

1. ? RIS?
2. ?
3. ?
4. RIPrep?
5. ?

Microsoft Windows 2000

. 32


1. Windows 2000 Professional Windows 2000 Server?
Windows 2000 Professional ( )
Windows 2000 Server. Windows 2000 Server
, , Web-.
2. ?
, .

. Active Directory.
3. Active Directory?
.
4. Active Directory?
Active Directory , Windows 2000 Server. Active Directory
. Active Directory ,
. Active Directory .
5. ?
Windows 2000 , . ,
.
6. Windows Security ( Windows)?
Windows Security , , , ,
, .
.

Active Directory

. 52


1. Active Directory?
Active Directory, , .
2. ()?
, , - .
, , , , , , , .
3. ?
IP-, . ,
. Active Directory,
.
4. ?
,
Windows 2000, .
.
, .
-Windows 2000 ,


Active Directory

3.
. 67
^
2.

:
Starl\Programs\Administrative Tools (\\)
Event Viewer ( ).
Event Viewer, .
Event Viewer .
?
, , .
?
. , . ,
, .

. 68
^ 1:
5. Console ()
Options ().


Options () Console (),
.
, , ,
?
, , .
- ^ .

. 70
^ 5:
12. Computer Management (Local) Extensions ().
Computer Management.
, ?
, .
15. Computer Management ( ) System Tools (
), , System Information Device Manager .
?
.
, .
, , .

. 76


1.

Active Directory Domains and Trusts, Active


Directory Sites and Services Active Directory Users and Computers?
Active Directory Domains and Trusts . Active Directory Sites and Services Active Directory. Active Directory Users and Computers , , Active Directory.
2. ?
. , , ,
. .
, , .
3. ?
. , . .
4. ,
Computer Management Active Directory Users and Computers. :
- ;
;
* .

?
, .
5. Windows 2000 Server
, Windows 2000 Professional?

522

Windows 2000 Professional , Windows 2000


Server. Windows 2000 Professional, s>"ston/w/\systeni32\adnimpak.nisi, Windows 2000 Server, My Network
Places Windows 2000 Professional.
6. Windows 2000
Server . ?
Task Scheduler.

Active Directory

2. Active Directory
. 93
^ I: Active Directory
11. , SYSVOL systemroot\ SYSVOL ( Windows 2000 WINNT, SYSVOL
, Windows 2000).
SYSVOL?
Sysvol Windows 2000, NTFS 5.0.
SYSVOL?
Sysvol Windows 2000.
.
.

. 94
^ 2: My Network Places
3. My Network Places ( ).
.
?
Add Network Place ( ) Entire Network ( ),
4. Entire Network ( ), Microsoft
Windows Network ( Microsoft Windows).
?
( microsoft).

. 94
^ 3: Active Directory Users And Computers
2. microsoft.com ( ).
microsoft?
Builtin, Computers, Domain Controllers Users.

4.
. 105
^ :
3. microsoft.com ( ).

Q23

.
.
?
Domain Controllers. Builtin, Computers Users -.

. 107


1. ?
: , ,
, , , .
2. DNS. Active Directory . ?
. , .
, DNS.
3. Windows 2000?
. , Windows 2 , ,
.
.
- . ,
, .
4. , , ?
,
Windows 2000.
. sysremro0r\Sysvol. ,
NTFS 5.0.
5. ?
, .
,
( ). .
6. ?
Active Directory Users and Computers.

DNS Active Directory

2.
. 122
^ 4:
2. .
?


Start of Authority Name Server.
. 132


1.

2.

3.

4.

5.

? ?
IP-. IP-
.
, Active Directory?
, , Active Directory. DNS Active Directory DNS
Active Directory. , DNS.
SOA?
SOA .
SOA. ,
. .
?
, SOA. DNS- , DNS, .
?
IFXR ,
,
, DNS-. AXFR .

1.
. 139
^ 1:
2. Sites.
?
Default-First-Site-Name ( , Active Directory), Inter-Site Transports Subnets.

. 140
^ 5:
1. Inter-Site Transports IP.
?
DEFAULTIPSITELINK, , Active Directory.

. 153


J. .
, ,
.
2. , Active Directory .
Active Directory Default-First-Sit^-Name
Sites DEFAULTIPSITELINK IP.
3.
?
IP.
4. .
, (, , ) .
5. ?
.
, .
6. -?
-
. - .

2.

. 162

. 7-3, , , .
. ,
. .
. 7-4, ,
, , .
24 ,
. Tempi
Tempi. , 4- 2- .
. 7-5 , , .
.
, , .

526

3.
. 169
^ :
3. mJcrosoft.com ( , )
Users.
Active Directory ?
Administrator, Cert Publishers, DHCP Administrators, DHCP Users, DnsAdmins, DnsUpdateProxy,
Domain Admins, Domain Computers, Domain Controllers, Domain Guests, Domain Users, Enterprise
Admins, Group Policy Creator Owners, Guest, IUSR_SERVER1, IWAM_ SERVER1, krbtgt, RAS and
IAS Servers, SchemaAdmins Islnternet User. ( .)
4. Users
New\User (\).
New Object User.
Active Directory ?
microsoft.com/Users ( , microsoft.com)
8. User Logon @ microsoft, com ( ,
microsoft.com DNS).
,
User Logon Name, .
(, userl@microsoft.com).
: Windows .
Windows?
-Windows 2000 Windows
2000 Microsoft Windows.
11. , .
User Must Change Password At Next
Logon User Cannot Change Password? .
,
.
,
( ). Windows 2000
, .
Account is Disabled ?
: , ; .

. 177
^ 1:
2. User Three
Properties ().
User Three Properties (: User Three), General ().
, ,
General? ?
, , , ,
Web-. Active Directory ,
. ,
Active Directory.

3.

527

Account ( ) Logon Hours ( ).


Logon Hours For User Three ( User Three).
User Three ?
.

. 177
^ 2:
3. Account ( ).
?
.

. 178
^ 1:
3. , .
? ?
. , .

. 178
^ 3:
1. Userl student.
? ?
, Userl 24 ,
.
3. student.
? ?
, User3 18:00 6:00. ( ,
18:00 6:00).

. 178
^
1.

4:
User? .
? ?
, User? .

3. student.
? ?
, User7 User?.
5. User9 User9.
? ?

, User? User9.

. 179
^ 5: ,
3. Old Password ( ) User9, New
Password ( ) Confirm New Password () student .
? ?
, User9 .

. 179
^ 6:
2. student.
? ?
, UserS .

4.

. 187
^ 3:
3. User Profiles ( ).
?
MICROSOFT^administrator, MICROSOFT\puser , -
.

. 187
^ 4:
5. puser.
? ?
, puser.

. 190
^ 6:
1. User2.
Profile Template?
?
, ,
User2 ,
UserZ.

. 190
^ 7: ,
2. System () User Profiles (
).
User2?
.

6.

. 196
^ 1:
6. Active Directory Users and Computers
, ,
.
, ?
Enable Account, .

vi
8.

529

puser.
? ?
, .

. 196
^ 2:
6. Active Directory Users and Computers
, , .
, ?
Disable Account,
.
. 197

^ 3:
1. puser.
? ?
, .
. 197

^ 2:
1. puser password.
? ?
. User Must Change Password At Next Logon, , , , .
Change Password, ,
. .
. 198


1.

?

, .

, .
2. ?
, , .
.
, .

.
.
My Documents .
3. ?
, , Windows.
4. ,
. ?
Dial-In Set By Caller (Routing and Remote
Access Service Only), RAS
. Always Callback To, RAS
.
.

530

5. ?
, . , .
6. , Windows 2000 ?
.
. , , .
7. , ?
. Users Full Control . , (\\_\__\1__).
8. ?
, , .! , , . , , .

2.
. 208

Testers

Customer Reps

Maint \\brkers

Managers

Sales Reps

Network Admin

All Employees

Topics Employees

Customer database



, ,

531

()

Company policies

Microsoft Office

,


, ,
,

Sales reports

E-mail announcements

E-mail manufacturing
topics

1. ?
. , ,
, .
2. ?
. , .
, .
3. - . , ,
. . ?
. . , (
. ,
.

. 226


1. ?
,
, .
2. ?
(), , .
3. , ?
,
, , . .
4. ?

5.

6.

7.

8.

9.

, , .
,
?
Active Directory:
.
.
Domain Admins. Active Directory.
, Windows 2000 Domain Admins Administrators,
Administrators
Windows 2000 Professional. Administrators Active Directory.
Administrators , .
? ?
Windows 2000
. , ,
Users Power Users.
, .
, Run As .
, -
.
. ?
. , ,
.
, .
, .
. ?

.
, ( ).
, ().
. .

2.

NTFS

. 236
1: NTFS

NTFS ?
Full Control Everyone .
. 9-5, .


. 9-5.

NTFS

(\)

Apps

Administrators

Full Control

AppsYWbrdProc

Users

Read & Execute

Apps\Spreadsh

Accounting
Managers
Executives

Read & Execute


Read & Execute
Read & Execute

Apps\Database

Accounting
Managers
Executives

Read & Execute


Read & Execute
Read & Execute

Public

Administrators
Creator Owner
Users

Full Control
Full Control
Write

Public\Library

Administrators
Users

Full Control
Read & Execute

Public\ Manuals

Administrators
Users
User8 1

Full Control
Read & Execute
Full Control

. 238
^ 1: Everyone ()
4. Security (),
Data.
Data.
5.

Everyone Full Control.


Name () Everyone () Remove ().
?

, Everyone .
Everyone .
8. Remove ().
Data.
.

. 238
^ 2: Users () Data
4. , Data.
.
Users : Read & Execute, List Folder Contents Read. , Windows 2000 ,
.

. 239
^

3: CREATOR OWNER (-)


Data
4. . Data.
.

534

Users : Read & Execute, List Folder Contents, Read Write.


Creator Owner ,
5. , CREATOR OWNER (-),
Allow () Full Control. Apply (), .
?
Creator Owner Allow .
Advanced , ,
. Advanced .
7. Name () CREATOR OWNER (-).
CREATOR OWNER (-) ?
Creator Owner Full Control. . , Creator Owner, ,
, . , , , Creator Owner
, ,
,
. 239

^ 4: , Data
3. Data userSl.
? ?
, Users ( User81) Write Data.
. 241

^ 1: Reports UserSl
3. Reports.
? ?
, User82 Managers Administrators Reports.
. 241

^ 2: Reports User82
3. Reports.
? ?
, User82 Modify .
. 241

^ 3: Sales Administrator
3. Sales.
? ?
, Administrators Full Control Sales.

. 241
^ 4: Sales UserSl
3. Sales.
? ?
, Sales NTFS
Sales. UserSl .

. 241
^ 5: Sales User82
3. Sales.
? ?
, UserSZ Sales, Modify
Sales.

3.

. 248
^ 1:
4. Security (),
OWNER.TXT.
OWNER.TXT?
6.

Administrators Full Control. Users Read & Execute.


Owner ().
OWNER.TXT?
Administrators.

. 249
^ 3:
6. Advanced (), Access Control
Settings For OWNER.TXT ( OWNER. TXT),
Owner ().
OWNER.TXT?
Administrators.
7. Name () User83 Apply ().
OWNER.TXT.
User83.

4.

. 253
^ 1: ,
1. User83. Windows Explorer () :
Tempi.
, .
Everyone Full Control.
? ?
User83, , , .

. 253
> 2: , Administrator
2. : 2 .
.

Everyone Full Control.


2 ? ?
Administrators, Administrators.

. 253
^ 3: NTFS
2. C:\Templ\Temp2 C:\Temp2.
C:\Tempi\Temp2 , ? ?
- Administrators,
Administrator. NTFS, ,
, .
Everyone Full Control, , NTFS, , .

. 253
^ 4: NTFS
2. C:\Terap3 C:\Templ.
C:\Templ\ ?
C:\Templ\Temp3 ( Administrators),
C:\Temp3. , ,
NTFS, .

5.
. 257
^ 3: Full Control
1. Windows Explorer ( ) NOACCESS.TXT C:\Fullaccess,
.
? ?
. Everyone Full Control C:\Futlaccess\noaccess.txt. Administrator Everyone.
4. NOACCESS.TXT, del noaccess.txt.
? ?
, Full Control Delete Subfolders and Files
POSIX-.
, Full Control.
.
Full Control ?
, Delete Subfolders and Files.

. 258


, NTFS? ?
Full Control. Everyone .
2. , Write Read ?
1.

37

Read Write , NTFS .


3.

Modify Read . . ?

, Modify .
, ,
NTFS? ,
NTFS?
NTFS, . NTFS,
.
5. ?
Administrator, . Take Ownership ,
. ,
Take Ownership, .
6. , ?
, , .

4.

, , ,
.
, () . , .

10
1.
. 262
;
1.

Userl Group I , Group2 Group3. FolderA Groupl


Read, Group3 Full Control ( ), Group2
. Userl FolderA?
Userl , Userl FolderA Full
Control, Read.

2.

Userl Sales, Read ()


FolderB. Userl, , Full Control ( ) FolderB. UserlOl FolderB?
Userl FolderB. Userl Sales,
Read Sales, Userl Full Control FolderB.
.

4.
NTFS
. 274
1:
1.

Data. Sales Read, a


Sales NTFS- Full Control.

19-434


Sales SaJes Data?
Sales Read Sales, ,
NTFS, .
2. Users .
, , . Users
Users Full Control. Userl User2 NTFS Full
Control NTFS .
, Users.
User! Userl
Users? User2?
Userl Fall Control Userl, ,
NTFS . Userl
UserZ, NTFS . .

. 275
2:
. NTFS
Full Control Everyone,
. , .
Management Guidelines MgmtGd. Full Control Managers.
Data Data.
Full Control Administrators.
Data\Customer Service CustServ. Change Customer Service.
Data\Public Public. Change Users Full Control
Administrators.
Applications Apps. Read Users Full Control Administrators.
Project Management ProjMan. Change Managers Full Control
Administrators.
Database\Customers CustDB. Change CustomerDBFull, Read CustomerDBRead Full Control Administrators.
Users Users.
. Full Control . , Windows 2000
.

. 276
^ :
6. Comment () shared productivity applications .
Windows Explorer Apps, , ?
Windows Explorer , Apps. ,
.

. 276
^ 1: Apps
1. Apps Sharing () Permissions
().
?
Everyone Full Control.
. 277

^ 3: Full Control Administrators


3. .
Administrators , .
Administrators ?
Read.
4. Allow () Permissions () Full Control
( ).
Change ()?
Full Control .

. 277
^ 1: Run
3.

Open () \\SERVER1 ( ,
) .
SERVER1. .
?
, , : Printers, Scheduled Tasks, NETLOGON SYSVOL. ,
, .

. 277
^ 2: Map Network Drive
7. , , My Computer
( ) , :
Apps On Serverl.
Windows Explorer , ?
Windows Explorer , .

. 278
^ 4:
3. Open () \\SERVER1 ( ,
) .
, . ?
UserSl, , , . Administrators
Apps.
. 278

^ 5:
4. Connect Using A Different User Name ( ).

8 Connect As ( )
, ( Windows).
?
, ,
, , .

.
7. , Reconnect Al Logon ( ) , Finish ().
J Windows Explorer? ?
, .

. 280
1 : Manuals User82
3. Manuals - .
? ?

. Administrators User83 NTFS Manuals.

. 280
> 2: Manuals
5. - .
? ?
. Users Full Control \\serverl\public,
Administrators User83 NTFS
Manuals.

. 280
^ 3: Manuals
3. Manuals - .
? ?
. User83 NTFS- Full Control .

5.

DFS

. 289
^ 6: DFS
2. SERVER1.
Windows Explorer .
Shared Apps, DFS.
- Windows 2000, Shared Apps ?
Windows 2000 , Dfs.
3. DFS- Shared Apps.
Windows Explorer Shared Apps On Serverl .
- Windows 200l), DFS- Shared Apps
?
Windows 2000 , Dfs.

. 290


1.

2.
3.
4.

5.
6.

7.

FAT, Full Control,


?
.
.
Full Control, Change Read.
?
Everyone Full Control.
NTFS, Full Control,
?
.
NTFS .
?
.
NTFS?
, ,
( Everyone Full Control ).
NTFS .
DFS ?
, , DFS, ,
. DFS
, ,
, .

11 Active Directory
1. Active Directory
. 295
^ 2:
1. Find ().
Find ().
?
, ; ; ; ; ;
( RIS).
2. , Find Users, Contacts, And Groups (, ), Find Now (). ?
.

2.

Active Directory

. 302
* 2: , Active Directory
4. ,
Security 1. 5.

. 11-5.

, Security 1


Account Operators
Administrators "
Authenticated Users



Read, Write Create All C h i l d
Objects,
Read

Domain Admins

Full Control

Enterprise Admins

Full Control

Pre-Windows 2000
Compatible Access

Print Operators

SYSTEM

Full Control

, - ( )?
, Administrators, . .
. 302

^ 3:
2. Account Operators ( ),
Permission Entries ( ) , , View/Edit (/).
Permission Entry For Security 1 ( Securityl).
Account Operators? Account Operators ? (: Permission Entries
, Account Operators).
, Account Operators, : Create User Objects, Delete User
Objects, Create Group Objects, Delete Group Objects, Create Computer Objects Delete Computer
Objects. ,
.
, Accoun! Operators?
?
. . Apply To Permission Entries
Access Control Settings For Securityl , ,
Account Operators, (This Object Only).

. 303
^ 4: , Active Directory
4.

, Secretary'I. 5. - , ,
Advanced.

. 11-6.

543

Securityl

Account Operators
( )

Full Control ( )

Administrators

, Full Control Delete All Chile


Objects ( ),

Authenticated Users

Read , Web-

Cert Publishers

Domain Admins

Full Control

Enterprise Admins

Full Control

Everyone

Change Password

Pre-Windows 2000
Compatible Access

Read (), Read Phone and Mail


Options ( ), Read General
Information ( ), Read Group Membership
( ), Read Personal Information (
). Read Public Information (
), Read Remote Access Information ( ), Read Information Logon ( ), Read Web Information ( )
Read Account Restrictions ( )

RAS and IAS Servers

Read Group Membership, Read Remote Access Information, Read Account Restrictions Read Logon Information

SELF

Read, Change Password ( ). Receive As ( ),


Send As ( ), Read Phone and Mail Options, Read General Information, Read Group Membership, Read Personal Information,
Read Public Information, Read Remote Access Information, Read
Account Restrictions, Read Logon Information, Read Web Information;
Write Phone and Mail Options, Write Personal Information Write
Web Information

SYSTEM

Full Control

- -? ?
. . ,
,
.
- Securityl? ?
,
Administrators Enterprise Admins. .
Account Operators -?
Account Operators Full Control. , .

4.

Active Directory

. 313
^

2: ,

1.

User21.
Windows 2000 , ? ?

544


. Windows 2000 Active Directory,
.

5.


Active Directory

. 316
^
3.

1:
Securityl.
- Securityl?
Secretaryl Assistant I UserZO, User21 User22.
? (: . ,
2.)
Assistantl Authenticated Users, Read .
Secretaryl . ? ?
. Assistantl Write Secretaryl.
Assistantl. ? ?
. Assistantl Write Assistantl.

. 317

^- 3:
4. Securityl.
? ?
. Assistantl Full Control ,
.
5. Users.
? ?
. Assistantl Users.
. 333


1.

Active Directory?
,
.
, , , . Active Directory , ,
2. , . ?
, .
3. ?
, , .
. , ,
.


4. Delegation Of
Control?
5.

.
Active Directory?
?
. Windows 2000 Server
, +,
( ).
, Active Directory SYSVOL ,

6.


? ?

Administrator, Security Accounts Manager SAM).
Active Directory, Active Directory ,
. SAM. SAM Active
Directory.

12

3.

. 363
^ :
2. (Dispatch Pol icy [serverl.microsoft.com] Policy) - , Properties Security (!.
Dispath Policy.

DispatchPolicy?
Domain Admins, Enterprise Admins SYSTEM.

. 363
^ :
3. Start Menu & Task Bar ( ).
?
5.

, Start Menu & Task Bar.


Enabled (), .
, ?
.

. 365
^ : DispatchPolicy
2. Ctrl+Alt+Delete.
Windows Security ( Windows).
? ?
, Lock Computer . Assistant! , 8 DispatchPolicy Security!.

3- Cancel () Start.
Start Search () Run ()?
.
7. Ctrl+Alt+Delete.
? ?

, Lock Computer . Assistant I , Sales Dispatch Policy 7.

. 395


1. ?
, . Windows 2000 ( Active Directory).
, Active Directory . .

2-

3.
4.

5.

Active Directory (, )
, .
Windows 2000. Active Directory,
, ; .
, .
.
, , ,
.
, ,
Active Directory.
: , , .
,
: , ,
, ,
, ,
, .
Block Policy Inheritance No Override?
Block Policy Inheritance , .
, , , ,
. , No Override,
Block Policy Inheritance.

, , (), No Override , ,
. No Override , Active Directory ( , Acitve Directory). No Override
.
6. ?
, . , .

, , . ,
. .
7. ?
Application Data, Desktop, My Documents, My Pictures Start Menu.

13

2.

. 415
1:
(. 13-7).
. : Account logon events: ( ); Account management: ( ); Directory service access: ( );
Logon events: ( ); Object access: (
) ( ); Policy change:
( ); Privilege use: ( ); Process tracking:
( ); System events: (
).

. 417
^ : Active Directory
6. Access Control Settings For Users Auditing
Everyone.
Auditing Entry For Users.
Everyone. , , , ?
, ; , , .
7. , Auditing Entry For Users, Access Control Settings For l.'sers
Users Properties.
Active Directory?
?
Windows 2000 Active Directory , . , Active Directory-
, Active
Directory.
.450


1. , .
?
, ,
.

2.

,
?
, Active Directory,
, .
3. ?
4.

, .
?
, .

5.

?
- ,
, .
.
6. Security Configuration and Analysis , ?
.

14
Active Directory
. 482


1.

Active Directory?
Event Viewer.

2.

?
, . , .

3.

?
. , , ,
- . Performance
Logs and Alerts , , .
4. ?
' ,
, ,
.
5.

LDP ?
Active Directory Replication Monitor Active Directory, , . Active Directory Replication Monitor , Windows 2000 Support Tools.
6. , ?
Start\Programs\Administrative Tools Computer Management. Shared Folders Open Files.

15

549

Windows 2000
RIS

. 518


1.

? R.IS?
(Remote Installation Services, RIS) ,
. . : , DHCP,
, RIS.
2. ?
. TCP/IP DHCP RIS. ,
Net PC/PC98, , Windows 2000, Net PC/PC98 ,
Microsoft Intel Conipaq .
PC9S Microsoft , RIS. Windows.
3. ?
, , Windows 2000 . RIS PCI.
RIS - . RIS
.
4. RIPrep?
RIPrep
, , . Windows 2000 Professional,
,
RIS
.
?
(Client Installation Wizard, CIW)
, . , . , . , ,
.


DHCP

(Remote Installation Services, RIS) DHCP , RIS.


DHCP. MCSE Windows 2000 ( , 2001).

DHCP
DHCP DHCP, , TCP/IP IP-,
.
*
1.

2.
3.
4.
5.
6.
7.
8.

DHCP
Start\Settings (\), Control Panel ( ) Add/Remove Programs ( )
Add/Remove Windows Components ( Windows).
Windows Networking Services ( ) Details ().
Dynamic Host Configuration Protocol
(DHCP) .
Next .
, - Windows
2000 Server.
Completing The Windows Components Wizard ( Windows) Finish ().
Add/Remove Programs ( ).
Control Panel - Windows 2000
Server.

DHCP ; DHCP .

DHCP

DHCP
DHCP DHCP, IP-.
DHCP
DHCP IP-,
(scope) DHCP IP-,
DHCP. DHCP
DHCP.
DHCP, :
DHCP ;
IP-;
IP-, ,
DHCP ;
;
DHCP, , IP- IP-.
^ DHCP
1. Start\Programs\Administrative Tools (\\),
DHCP.
2. DHCP ' New Scope
( ) .
3. Next.
4. Name () Scope Name ( ) .
Description () . Next.
5. IP Address Range ( ) IP-,
. IP-. Next.
6. Add Exclusions ( ) , , Next.
, . .
7.
8.
9.
10.

11.

Lease Duration ( ) IP- DHCP, Next.


Configure DHCP Options ( DHCP) , DHCP , Next,
DHCP , 12.
DHCP ,
:
Router (Default Gateway) [ ( )] IP- , , Next;
Domain Name And DNS Servers ( DNS-) , DHCP. , DNS, IP- . Next;
WINS Servers (WINS-) IP- , WINS , NetBIOS. Next.
Activate Scope ( ) ,
, Next.

552
, .
12. Completing The New Scope Wizard ( ) Finish ().
! IP-
.
DHCP
, DHCP. .

DHCP. ,
. , WINS-. , .
^ DHCP
1. DHCP Server Options ( ) Configure Options ( ).
2. DHCP, , Data Entry
( ) .

, . ,
, .
.
^ DHCP
1. DHCP .
2. Scope Options ( )
Configure Options ( ).
3. DHCP, , Data Entry .
IP-
DHCP , IP-. IP-. DHCP
I -. , SRV187 , WINS, SRV187 IP-. DHCP
IP-. WINS NetBIOS LMHOSTS. , NetBIOS- IP-, IP- SRV187
LMHOSTS .
* IP-
1. DHCP , Reservations () New Reservation ( ).

DHCP
2. Reservation Name ( ) . DHCP ,
.
3. IP Address (IP-) IP-, .
4. MAC Address (-) . .
- , DHCP, DHCP IP-
.
5. Description () .
6. Supported Types ( ) , :
Both () IP- DHCP, .
DHCP Only ( DHCP) IP- ].).
Only ( ) IP-
.
7. Add (), .

access control entry .


access control list . ACL
access token .
Account Lockout Policy 398
Account Policies 398
accumulative counter
.
ACE (access control entry) 229
ACL (access control list) 36, 115, 229, 297
ACLD1AG 475
Active Directory 3, 9, 17, 18
Account Policies 398
- ACL 297
-ACLDTAG 475
- Backup 318
- CAO 497
Delegation Of Control 315
- DPS 282
- DN 49
-DNS 19,45,81,91
-DSACLS 476
- DSASTAT 474
Event Viewer 452
- Find 293
-GUID 49,51
- HTTP 19. 20
- LDAP 19, 20
-LDP 472
- NDS 19
- NLTEST 475
- NTDSUTIL 324
Performance Logs and Alerts 461
- RDN 49, 50
- REPADMIN 474
- REPLMON 472
- SDCHECK
475
Software Installation 366
System Monitor 454 _,
- UPN 49,51
- USN 324
- What To Back Up 319
- Where To Store The Backup 319
54, 55, 315
22
34
410
- 91
297
78
41

- 201,292
336, 344, 348, 366
314
37
44
- 19,36,78,97

- 91
453
461
(standby) 99
301
56, 57
292
19, 39, 90, 292
- 38, 96
35
90
19
- 60

452
459
299
37, 301

324, 325
292
91
34
455
298
- 36, 85, 104, 292, 349
467
326
307
57
146
293
49
305
292

324, 328, 329
82, 85
46

304
305
304
297

318, 320, 322


39, 42, 472
- 96
96
- 39, 88, 134

41
49
147
298, 299
35, 57
455
39
461
92
302
90, 92, 93
331
292
39
20

96, 102
97, 102
96, 100
97, 102
96, 102

- 102
97
Active Directory Domains and Trusts 56
Active Directory Schema 57
Active Directory Service Interfaces CM. ADSI
Active Directory Sites and Services 56, 137
Active Directory Users and Computers
57, 293, 298
ActiveX 340
Add/Remove Programs 366
ADSI (Active Directory Service Interface) 59
ADSI (Active Directory Service Interfaces) 3
API-
. MAPI
application folder .
Asynchronous Transfer Mode CM. ATM
ATM (Asynchronous Transfer Mode) 3
attribute .
Audit Policy 399
auditing .
Auditing Entry 409
Auditing Entry For 412, 413
authoritative CM. Active Directory,

AXFR (Full Zone Transfer) 124

Backup 318,320
BINL (Boot Information Negotiation Layer)

555

CA (certification authority) .
cache manager .
CAO (client computer account object) 497, 506
CIW (Client Installation Wizard) 488
client computer account object CM. CAO
Client installation Wizard CM. CIW
computer configuration settings
. ,

console .
console tree .
container .

DAP (Directory Access Protocol) 20


data folder .
DDNS 19
- DHCP
120
119
DEFAULTIPSITELINK 137
definition .
Delegation Of Control 314
demand paging .
device drivers .
DPS (Distributed file system) 281, 393
- FRS 286
282
289
282
282
- 281, 283
283
282, 284
285
285
283
282, 283

282
DHCP (Dynamic Host Configuration
Protocol) 4, 120
directory .
Directory Access Protocol CM. DAP
directory database .
directory partition .
Directory System Agent . DSA
Disk Management 4
distinguished name CM. DN
Distributed file system CM. DPS
DN (distinguished name) 49, 159
DNS (Domain Name System) 4, 19, 81
Active Directory 19, 45, 81, 91
-IP- 110
114
112
111

110
82
126, 127
129
DNS-
128
128
111
domain .
domain controller .
Domain Name System . DNS
domain namespace .

DSA (Directory System Agent) 22


DSACLS 476
DSASTAT 474
Dynamic DNS CM. DDNS
Dynamic Host Configuration Protocol
CM. DHCP

EPS (Encrypting File System) 4


environment subsystem
.
event .
Event Log 399
Event Viewer 128, 419
Active Directory 452
421
422
extension .

FAT 192, 273


File Replication Service . FRS
file system .
File System 400
Find 293
forest .
FQDN (Fully Qualified Domain Name) 48
FRS (File Replication Service) 286
Full Zone Transfer CM. AXFR
Fully Qualified Domain Name CM. FQDN

GDI (Graphical Device Interface) 15


global catalog .
global catalog server .

globally unique identifier CM. GUID


GPO (group policy object) 308
Graphical Device Interface CM. GDI
group .
Group Policy 337, 354
.

- MMC 342,354
338
338
342
337
389
group policy object . GPO
GUID (globally unique identifier) 49, 51, 308

H
HAL (hardware abstraction layer) 14-15, 502
HCL (Hardware Compatibility List) 318
home directory .

IAS (Internet Authentication Service) 4


ICS (Internet Connection Sharing) 4
IETF (Internet Engineering Task Force) 4, 5
IIS (Internet Information Service) 5
Incremental Zone Transfer CM. IXFR
Integrated Services Digital Network CM. ISDN
IntelliMirror 4
Internet Authentication Service CM. IAS
Internet Connection Sharing CM. ICS
Internet Engineering Task Force CM. IETF
Internet Information Service CM. IIS
Internet Security Protocol CM. IPSec
Interprocess Communication Manager
. IPC
IP Security Policies 401
IPC (Interprocess Communication Manager) 15
IPSec (Internet Protocol Security) 5, 8
IP- 110

110

IP- 137
ISDN (Integrated Services Digital Network) 10
IXFR (Incremental Zone Transfer) 124

J Script 340
junction point

KCC (Knowledge Consistency Checker) 473


Kerberos 461
Kerberos Policy 398
Kerberos V5 5
Knowledge Consistency Checker CM. KCC

L2TP (Layer 2 Tunneling Protocol) 5, 8


LDAP (Lightweight Directory Access
Protocol) 5,455

LDP 472
License Logging 138
Lightweight Directory Access Protocol
CM. LDAP
Local Policies 399
local procedure call CM. LPC
Local Security Policy Setting 407
Local Users and Groups 165
Log On To Windows 24, 25
logon right .
LPC (local procedure call) 15

M
mandatory user profile .
,
Map Network Drive 27!
MAPI (Messaging API) 22
member server .
Messaging API CM. MAPI
metadata .
Microsoft Management Console .
Microsoft Systems Management Server 393
MMC (Microsoft Management Console)
5, 60.342, 354
64
62
66
62, 66
64
60, 66
modification .
module .
MOVETREE 308,311
310
309, 310
311
multimaster replicaton .

MUP (Multiple Universal Naming Convention
Provider) 342

N
name resolution .
name server .
Name Server CM. NS
namespace . .
NAT (Network Address Translation) 4, 6
NDS (Novell Directory Service) 19
NETDOM 309,311
NetLogon 461
Network Address Translation CM. NAT
Network Connection 175
New Object Group 209
NLTEST 475
node .

nonauthoritative CM. Active Directory.



NOS (network operation system)
.
Novell Directory Service CM. NDS
NS<Name Server) 117
NTDS (NT Directory Service) 455
NTDSUTIL 325
NTFS 192
- ACL 229
/ 251
273
/ 252
228, 255, 273
228
229
234, 237
231
233
23!, 235
230
241
234, 245
273
243
(effective permission) 230

object .
object class .
operations master roles . Active Directory.

orphaned .
OS/2 13

Password Policy 398


PDC (primary domain controller) 97
peer-to-peer .
performance counter .

Performance Logs and Alerts 461


performance object . ,

Perl 340
permission .
PID (product ID) 502
Plug and Play CM. PnP
PnP (Plug and Play) 6, 15
Point- to-Point Tunneling Protocol
.
pointer .
POSTX 13
PPTP (Point- to-Point Tunneling Protocol) 5
Pre-Boot execution Environment .

primary domain controller CM. PDC


primary zone database file .

process .
product ID . PID
Public Key Policies 401
PXE (Pre-Boot execution Environment) 485, 486

QoS (Quality of Servict)

RADIUS (Remote Authentication Dial-In User


Service) 4
ratio counter .
RDN (relative distinguished name) 49, 50. 159
realm .
Registry 400
relative distinguished name CM. RDN
Remote Authentication Dial-In User Service
CM. RADIUS
Remote Installation Service CM. RIS
remote procedure call CM. RPC
Remote Procedure Call System Service
CM. RPCSS
Remote Storage 6
Removable Storage 6
REPADMIN 474
Replication Policy 286
REPLMON 472
Restricted Groups 400
right .
RIPrep

502

500, 501
502

499

RIS (Remote Installation Service) 6, 483


Automatic Setup 497
- BINL 484
- CAO 506
-CIW 488
Custom Setup 497
- G U I D 509
Maintenance And Troubleshooting 497
Restart A Previous Setup Attempt 497
- RIPrep
500
-- Show Clients 508
- SIS 485
- TFTPD 485
493
487
510
491
489, 503

489
504
493
505
506
489
492
516
roaming user profile .
,
Routing and Remote Access . RRAS
RPC (remote procedure call) 15, 137
RPCSS (Remote Procedure Call System
Service) 342
RRAS (Routing and Remote Access) 7
Run As 223,224
RUNAS 224

SAM (Security Accounts Manager) 23, 309, 461


Scheduled Task 72
schema object . ,
SCP (Service Connection Point) 306
SDCHECK 475
SDP (software distribution point) 369
Security Accounts Manager CM. SAM
security area .
security configuration
.
Security Configuration and Analysis 440
440, 443
441
442
445
440
444
441
445
security ID . SID
Security Log .
Security Options 399
security reference monitor
.
Security Settings
Account Policies 398
- Event Log 399
- File System 400
IP Security Policies 401
Local Policies 399
- Public Key Policies 401
Registry 400
Restricted Groups 400
System Services 400
security template .
Security Templates 435, 438


self-repairing .

Server Wizard 473


Service Connection Point . SCP
Shared Folders 477
SID (security ID) 26, 51, 210, 308, 501
SID history . SID
SIS (Single Instance Store) 485
site .
site link bridge .
site link object . ,
SMTP- 137
snap-in .
SOA (Start of Authority) 117
software distribution point CM. SDP
Software Installation 366, 367
Active Directory 366
- SDP 369, 370
366

374
378
376
375
372
379
368
373
371

373

376,378
380
378
393
stand-alone server .
Start of Authority . SOA
statistic counter .
subdomain .
System Monitor 454, 469
System Services 400
SYS VOL 319

TAPI 7
Task Manager 29
Task Scheduler 72, 73
TCO (Total cost of ownership)
.
Template Security Policy Setting 406
TFTPD (Trivial File Transfer Protocol
Daemon) 485
thread .
Time to Live CM. TTL
tree ,

559

Trivial File Transfer Protocol Daemon


CM. TFTPD
trust realtionship .

TTL (Time to Live) 112

UNC (universal naming convention) 230


universal naming convention CM. UNC
update sequence number CM. USN
UPN (user principal name) 49, 51, 85
user account .
user principal name CM. UPN
user profile .
user right .
User Rights Assignment 399
USN (update sequence number) 324

VBScript 340
Virtual Memory Manager CM. VMM
Virtual Private Network . VPN
VMM (Virtual Memory Manager) 15
VPN (Virtual Private Network) 7

w
What To Back Up 319
Win32 13
Windows 2000
Event Viewer 419
-GDI
15
- IPC 15
-OS/2 13
- PnP 15
- POSIX 13
- RIS 484
-VMM 15
- Win32
13
12

3, 8
14
24

- 14
I5
15
15
15
9
419
14
452

14

25

13
12, 14
431
8
14, 16
2, 3

14
14
67
433
Windows 2000 Advanced Server 2
Windows 2000 Datacenter Server 2
Windows 2000 Professional 2
Windows 2000 Server 2
Windows Installer 366
Windows Internet Name Service CM. WINS
Windows NT Active Directory Service 461
Windows Scripting Host CM. WSH
Windows Security 28
WINS (Windows Internet Name Service) 19, 46
workgroup .
WSH (Windows Scripting Host) 8

zone transfer .
zone's root domain .


. , Administrative
Templates

. Security Configuration and Analysis
318 .

. ATM
34, 35
402
404
404
404
404
404
404
404
415
Active Directory 410, 417
404
412, 417
415
404
414
404
403

404
416
/ 407
25

9
Windows . Windows Security
. IPSec

. VPN
. TTL
13


. GUID
41, 42, 152
178,200
- SID 210
201
202
217
219

220
202
210
212
212
203
213
212
213
202
- 201
310
205
206
203
201
209
202
210
202, 206
4, 196, 336
. ; Group Policy
Active Directory 344, 348, 366
Administrative Templates 341
Block Policy Inheritance 344
Loopback 344
No Override 344
Software Installation 366
Software Settings 339

218


Windows Settings 340
345
336
358
361, 362
347, 348

339
338
344, 345
343
- 336, 353
347
356, 359
339
347, 348
392
389
345
. Group Policy

. Restricted Groups

37
62
DNS . DDNS
3

- 14
. VMM
. Task Manager
14
. IPC
15
15
15
15
. SAM
. IXFR
44
192
- 193
192
9, 19, 36, 46, 80
44
11
10
- 343
(native mode) 92
308
78
360
10
(mixed mode) 92
. DNS
14, 15

SID 308
419
424
423
424
420, 425
425
425
. Event Log
421
422
461
462, 469
463

, NS
.

118
120
115
117
116, 117
Active Directory
115, 116
316
115
114
114
116, 117
49, 124, 126

. SID
9

. GDI
Active Directory . ADSI
3, 7

17
. QoS
3 5
60
Microsoft .
34
10, 19, 39, 43, 90, 292
312
405
398, 448
.
, Software Settings

561

562

48
455

38, 99
8, 156
. Local Policies

. Local Users and Groups
294

26, 157

. RRAS

. Backup
. Delegation
Of Control
. Scheduled Task
. Network
Connection
. CIW
19
35 .
15
21
14

Active Directory 452


478
479
477
459
89


. User Rights Assignment
. SOA
. New Object
Group


398
260, 479
267
265
480
270
478
275
271, 478
262

264
481
260, 261, 269
273

. ICS
18, 34
.
89
455
35 .
( ) 336,
342 .
404
349
362
354
336, 343
348
336
358
-1- 360
355, 360
336
353, 362
365
347
362
361
360
433, 437
8
( ) 36, 292
85
- 343
360
35!
104
349, 350
351
467
35
60
63
63
. UPN
.
49
. RDN
455
5

407

367


265
267, 268
251
252
382, 383, 394
248
278
264
383

. Local Security Policy Setting

. Template Security Policy
Setting
. Security Options
. Task Scheduler
46
15
. Map
Network Drive

14
13
402 . Audit Policy
403
- 403. 405, 406, 4 1 5
403
415
403

. Password Policy
. Password Policy
. Replication Policy
IP . IP security
policies
. Public key
J H I n !'.'

. Account
lici
. AXFR
. FQDN
. USN
309
15
200
431
427, 432
368
. NAT
427, 431
. Event Viewer
45
47
46
47
48

48
47
48
(disjointed namespace) 47
(contiguous namespace) 47
48
. DAP
181
182, 184
181, 182, 186
186
182
181, 182, 184
185
184
181
187
183
18 7
191
188
15

8
9
42
200
45, 110
255
. DFS
63
22
. PID
. Registry
318
.
320
320

321,322
320
293
23,42
-IP 137
-SMTP 137
43, 137
143
43
44, 137, 142
146
142
43, 150
149
143
10

39, 80, 134


152
139
88
138
144
139
145
- 151, 152
- 343
135
360
88

137
143
88
137, 142
143
(site link) 44
137
139
- J47
134, 139
142
88, 89
144
367

41
49
Windows . WSH
147
2
. System Services
. DSA

Windows
. WINS
4
17 . Active Directory
Novell . NDS
3

. IAS
14
. FRS
14
3
7
. R1S
. License Logging
Windows 8
402
2

. DN
CJH. ACL

. LPC

. RPC
455
45
455


39

. SDP

327
. NAT
461, 465

. Remote Storage
. RFC
46
292
. UNC
. Disk Management
FTP- . TFTPD

. HAL

. BINL

. Add/Remove Programs
. Software Installation
Windows . Windows Installer
294
170, 172
- Dial-In 175
196
194
173
160
(built-in user account)
157, 158
174

167
166
(domain user account) 157
161
.
(local user account) 156
194
160
194


171
34, 292
159
196
195
161
- 178, 180, 197
194

166
165

407
256
251
252
248
368
416

22
. SIS

( )

137

433
(secure *.itif) 434
433, 437, 442
435
435, 438
(basic'.inf) 434
(hisec*.inf) 434
(compat*.inf) 434
436
433
435
445
437
306
EFS

. Auditing Entry
1

Microsoft Corporation

Microsoft Windows 2000


Active Directory Services
3- ,

. .

. . , . .
. .

. .

. .


. . , . .

. .

-
Adobe PageMaker 6.0

TypeMarketFon*ii&rar>'

. .


121087, , . -, . 13
.: (095) 256-5120, ./: (095) 256-454!
e-mail: into@rusedii.ru, hltp://www.rusedit.ru

I I I
16.02.2004 . 2000 .
!
70x100 /16. , . , 38
""
10700', , . . , 46

Microsoft Press

.

,

.

.1 1 1 1 1
e-mail: info@rusedlt.ru; www:rused ft.ru

$1000?


'-
- .
,
, : 123317, , . ,
. -, . 13. .
. !
, !



!
! Microsoft,

" .
- (www.rusedit.ru/tionus)
(www.invente.ru).
. (095) 775-8777

! .

.

Microsoft Windows 2000 Active Directory Services. MCSE.


. 70-217. ISBN 5-7502-0247-X

Оценить