Thc Hnh: THC HIN TO GROUP POLICY OBJECT

Chun b: 1) My tnh ci t Windows Server 2003 nng cp ln Domain Controller 2) Chnh li Policy Password: cho php s dng Password ngn hoc Password trng 3) To OU mi tn: Athena, trong OU Athena ny to thm 2 OU con tn: DaoTao & HanhChanh 4) Trong OU DaoTao to 2 User l: u1_dt v u2_dt 5) Trong OU HanhChanh to 2 User l: u1_hc v u2_hc 6) Cp quyn cho Group Users c php Logon Locally To Group Policy: 1) Lm mt Control Panel i vi cc User nm trong OU HanhChanh 2) Lm mt biu tng Ricycle Bin trn Desktop ca cc User nm trong OU Dao Tao 3) Lm n biu tng My Network Places v My Computer trn Desktop ca cc User nm trong OU Athena 4) B chc nng tha k cho OU Hanh chanh (Block Policy Inheritance) 5) Bt buc cc OU phi tha k Policy ca OU cha (Override Block Inheritance) 6) p dng Log on Scripts trn Group Policy i vi cc User nm trong OU DaoTao 7) Trin khai phn mm (Deloy Software) cho cc User nm trong OU DaoTao 8) nh hng li th mc My Document cho cc User trong OU DaoTao trn th mc dng chung tn Private DaTa khi to trn my Server Thc hin: Yu cu 1: Lm mt Control Panel i vi cc User nm trong OU HanhChanh 1. Vo Start -> Programs -> Administrative Tools -> chn Active Directory users and computers:

2. Click phi vo OU HanhChanh -> chn Properties:

3. Trong Tab Group Policy -> chn New:

4. t tn cho Policy: Hide Control Panel -> Chn Edit:

5. Trong mc Administrative Template -> Control Panel -> Click phi vo mc Prohibit access to the Control Panel -> chn Properties:

6.

Check vo mc

Enabled -> Chn OK. 7. ng ca s Group Policy v OK. 8. Chy lnh cp nht: GPUPDATE /FORCE. 9. Logoff Administrator -> sau vo li bng User u1_hc v u2_hc kim tra kt qu. Yu cu 2: Lm mt biu tng Ricycle Bin trn Desktop ca cc User nm trong OU Dao Tao 1. Trong Active Directory Users and Computer:

2. Click phi vo OU DaoTao -> chn Properties:

3.

Chn New:

4. Hide Recycle Bin -> chn Edit:

t tn cho Policy:

5.

Tron g mc Administrative Template -> Desktop -> Click phi vo mc Remove Recycle Bin icon from desktop -> chn Properties:

6.

-> Chn OK. 7. ng ca s Group Policy v OK. 8. Chy lnh cp nht: GPUPDATE /FORCE. 9. Logoff Administrator -> sau vo li bng User u1_dt v u2_dt kim tra kt qu.

Check vo mc Enable

Yu cu 3: Lm n biu tng My Network Places v My Computer trn Desktop ca cc User nm trong OU Athena 1. Trong Active Directory Users and Computer:

2. vo OU Athena -> chn Properties:

Click phi

3.

Chn New:

4. Hide My Computer & My Network Place

t tn cho Policy: -> Chn Edit:

5.

Tron g mc Administrative Template -> Desktop -> Click phi vo mc Remove My Computer icon on desktop -> chn Properties:

6. -> chn OK.

Check vo mc Enable

7.

Cn g trong mc Administrative Template -> Desktop -> Click phi vo mc Hide Network Places icon on desktop -> chn Properties:

Chn OK. 9. ng ca s Group Policy v OK. 10. Chy lnh cp nht: GPUPDATE /FORCE.

8. Check vo mc Enable ->

11. Logoff Administrator -> sau vo li bng User u1_hc v u1_dt kim tra kt qu. Yu cu 4: B chc nng tha k cho OU Hanh Chanh (Block Policy Inheritance) 1. Trong Active Directory Users and Computer:

2. trn OU HanhChanh -> chn Properties:

Click phi

inheritance -> Chn OK. 4. ng ca s Group Policy v OK. 5. Chy lnh cp nht: GPUPDATE /FORCE.

3. Check vo mc Block Policy

6. Logoff Administrator -> sau vo li bng User u1_hc v u2_hc kim tra kt qu. Yu cu 5: Bt buc cc OU phi tha k Policy ca OU cha (Override Block Inheritance) 1. Trong Active Directory Users and Computer:

2. vo OU Athena -> Chn Properties:

Click phi

3. Trong Tab Group Policy -> Chn mc Options

4. 5. 6. 7.

Check vo mc NoOverride: nh hnh trn -> Chn OK. ng ca s Group Policy v OK. Chy lnh cp nht: GPUPDATE /FORCE. Logoff Administrator -> sau vo li bng User u1_dt, u2_dt v u1_hc, u2_hc kim tra kt qu.

Yu cu 6: p dng Logon Scripts trn Group Policy i vi cc User nm trong OU DaoTao 1. Vo C:\Windows\SYSVOL\sysvol\Athena1.com\scripts -> to 1 tp tin Scipts t tn l: Logon.vbs c ni dung ty :

2. Active Directory User and Computer:

Vo

3. vo OU DaoTao -> chn Properties:

Click phi

4.

Chn New:

5. Scripts Logon -> Chn Edit:

t tn cho Policy:

6.

Trong mc

Widows Settings -> chn Scripts(Logon/Logoff) -> Click phi vo tn Logon -> Chn Properties:

7. Click Add

8.

Chn Browse

9. Ch n C:\Windows\SYSVOL\sysvol\Athena1.com\scripts -> Chn File Logon.vbs -> Click Open. 10. Sau Click OK -> tip tc OK. 11. ng ca s Group Policy v OK. 12. Chy lnh cp nht: GPUPDATE /FORCE. 13. Logoff Administrator -> sau vo li bng User u1_dt, u2_dt kim tra kt qu.

Yu cu 7: Trin khai phn mm (Deloy Software) cho cc User nm trong OU DaoTao 1. Vo C:\Program Files -> To 1 th mc tn l: Software -> Sau Copy 1 File ci t c ui .MSI ( mt Software bt k ):

2. Share th mc Sortware ny cho nhm Everyone quyn Full Control.

3. Vo -> OK:

Run: g REGEDIT

4. Trong Registry chn KEY_LOCAL_MACHNE: Chn tip Software -> Policies -> Microsoft -> Windows -> Installer Click phi vo mc Installer -> chn New -> DWORD Value:

Sa tn New WORD thnh AlwaysInstallElevated: Sau Click phi vo tn ny chn Modify:

Trong mc Value data -> sa gi tr thnh 1 -> Click OK:

5. Tip theo chn KEY_CURRENT_USER: Chn tip Software -> Policies:

phi vo mc Microsoft -> chn New -> Key: t tn Key mi l Windows:

Click

Click phi vo mc Windows -> chn New -> Key: t tn Key mi l Installer:

Click phi vo mc Installer -> chn New -> chn DWORD Value:

Sa tn New DWORD thnh AlwaysInstallElevated: Sau Click phi vo tn ny chn Modify:

sa gi tr thnh 1 -> Click OK. 6. Khi ng li my tnh xc lp c hiu lc.

Trong mc Value data ->

7. Tip theo vo Active Directory User and Computer:

8. vo OU DaoTao -> chn Properties:

Click phi

9.

Chn New:

10. Policy: Trien Khai Phan Mem -> Chn Edit:

t tn cho

11. Trong mc User Configuration -> Software Settings -> Software Installation -> chn New -> Package

Trong mc File name nhp vo: \\pc1\Software\winzip111.msi -> Click Open.

12.

14. 15. 16. 17.

13. Chn mc Assigned -> Click OK. ng ca s Group Policy v OK. Chy lnh cp nht: GPUPDATE /FORCE. Logoff Administrator -> sau vo li bng User u1_dt v u2_dt: Trong User u1_dt vo Control Panel -> chn Add or Remove Programs -> chn tip Add New Programs:

18. Click Add bt u qu trnh ci t:

19. Tin hnh ci t bnh thng nh cc phn mm khc. 20. Logon vo bng u1_hc v u2_hc (khng thy mc ci t nh trn).

Yu cu 8: nh hng li th mc My Document cho cc User trong OU DaoTao 1. Vo C:\ -> to 1 th mc c tn: Private Data -> Sau Share th mc ny vi quyn Full Control cho nhm Everyone:

2. Vo User and Computer:

Active Directory

3. Click phi vo OU DaoTao -> chn Properties:

4. Policy -> chn New:

Trong Tab Group

5. Policy: Tao Thu Muc -> chn Edit:

t tn cho

6. Trong nhnh User Configuration -> Windows Settings -> mc Folder Redirection -> Click phi vo My Document -> chn Properties:

mc Root Path nhp vo: -> Click OK. 8. ng ca s Group Policy v OK. 9. Chy lnh cp nht: GPUPDATE /FORCE. 10. Logoff Administrator -> sau vo li bng User u1_dt -> Click phi chut trn th mc My Document -> trong Tab Target:

7. Chn nh hnh trn -> trong \\Domaincontroller\Private Data

11. Logoff u1_dt v logon Administrator -> Vo li th mc Private Data thy h thng t to thm th mc u1_dt cha My Document ca User u1_dt.