Small chestnuts :
Alice's father is a new venture of the big boss, but do not like trouble. Most likely the big boss are like this now! Now in front of him there is a big problem! He needs to manage multiple computers 2000+ men use!
Red father is not like trouble, and if it is normal procedure, he would have to create a user 2000+ times, bind password, even the most troublesome is updated every time changes, should such a complex operation!
Introducing the concept:
Intranet:
Also refers to a LAN (Local Area Network, LAN), is formed by a group of computers interconnected by a plurality of computers in a certain area, and is usually set within the range of kilometers. For example: banks, government, Internet cafes
work group:
The same set of storage plus a list of calculation functions
Creation Method:
Computer - Properties - change the settings - change - then the computer name , workgroup and then input to the column you want to belong to the working group, the working group if the input does not exist, is the new (of course, only this computer within this working group). windows will be prompted to reboot, enter the network, you can view the members of the working group.
Domain (Domain):
A security boundary (two users in one domain can not access resources in the domain of another domain) collection of computers
The domain controller (Domain Controller, DC):
If the domain is a business, then DC is the guard
substance:
Domain penetration actually is to get control over the use of DC!
Several environmental domain:
Single domain:
At least one DC, DC other as backup. Otherwise, if errors are we going to instantly paralyzed
Parent and child domains:
For management and other needs, demands, divided into multiple domains in the network! , The parent domain the first domain, the domain is called divisions subdomain
Domain tree (Tree):
It refers to the number of fields by establishing a relationship of trust and combined into a new collection!
Good to know something:
abc.com and the parent domain, asia.abc.com for the subdomain, showing that there is a sub-domain must be the parent domain name suffix
Domain name server (Domain Name Server, DNS):
It refers to domain name (Domain Name) and a server IP address corresponding thereto (the IPAddress) conversion.
When general network penetration, is to find the DNS server to locate the DC (DC DNS server and typically are on the same machine)
Active Directory (Active Directory, AD):
It refers to the components provide directory services domain environment
What directory?
Storage related network objects
How to call? Install it!
Administrators can ignore the specific location of managed objects in Active Directory, and these objects in a certain way are placed in different containers, this organization called the logical architecture
Active Directory logical architecture comprises the above-mentioned organizational unit (the OU), the domain, the domain tree forest domain
The difference between domain controllers and Active Directory?
If the network size relatively large , consider the network a number of objects , organized in in a big warehouse , and the right sort of information retrieval, for ease of use, this library is to have the Active Directory database hierarchy. Referred to as AD library
Security domain division:
Purpose-based security domain is a group of the same level of security assigned to a computer on the same network segment, this segment of the computer network have the same boundaries, and to implement a control strategy to other security domains (NACL) through the firewall in order to specify whether have access
Usually a traditional small and medium sized network security domain is divided into external network (the lowest security level), (highest security level) within a network and a quarantine zone (DMZ)
quarantine area:
After installing a firewall is to address internal and external network can not access the network, the general public documents placed in quarantine!
Computers in the domain classification:
Domain Controller (there must be): used to manage all network access
The server computer system installed and joined to a domain, but without Active Directory installation: a member server
Client: user account password to access the resources here and call
Stand-alone server: domain and it does not matter. Neither adding nor domain server installed Active Directory
Domain local group multi-domain single-user access domain resources (access to the same domain), you can add user accounts, universal groups and global groups from any domain, but only within the domain in which they assign permissions. Domain local groups can not be nested within other groups. Domain local group is mainly used to grant access to resources located in this domain.
Global group of single-domain multi-user access domain resources (which must be the same domain users), can only add users and global groups created on the domain of the global group, you can assign permissions in any domain in the domain forest. Global groups can be nested in the other group.
Universal group user accounts, global groups, and other group members from the universal set of common fields in any domain of the forest can be assigned permissions in any domain of the domain of the forest, can be nested within other domain groups, Ideal domain forest cross-domain access.
AG-DL-P strategy AG-DL-P strategy is to add the user account to the global group, the global group is added to the domain local group, and then assign resource permissions domain local group.
A (Account) account
G (GlobalGroup) global group
U (UniversalGroup) represented by general group.
DL (DomainLocalGroup) represents the domain local group.
P (Permission, license) express permission Resources
test tools:
Time
Network configuration problems:
Bridge Mode
In a bridged network, the virtual machine is a separate machine. In this mode, like the virtual machine and the host switch is inserted on the same two computers. If the host turned on the connection to the DHCP Service (wireless) router, the virtual machine can automatically obtain an IP address. If no DHCP service in LAN devices, you need to manually configure the IP address. As long as the IP address in the same network segment, all segments of the same LAN computers can exchange visits. In this way, the virtual machine and the host as can online.
NAT mode
NAT (NetworkAddressTranslator) the network address translation. In this network, the virtual machine to access the network via a physical connection unit. Virtual machines can access all of the same network segment where the host computer in the LAN. However, in addition to a host of other LAN computer can not access the virtual machine (because you can not share resources in the network). Usually Net mode!