group policy object phần 3
TRANSCRIPT
Group Policy Object Phn 3
Group Policy Object Phn 3
phn tip theo ca Seri T hc MCSA 2012 , mnh xin cp n cc ng dng thc t ca GPO l Folder Redirection v Scripts.
Chun b
Nh c
Tnh hung:
KT1munDocumentstrong Profile lun i theo mnh khi ngi bt k v tr no, ta s dngRoaming Profile. Tuy nhin dng Romaing Profile s ko theo Application Data, Desktop, v.v i theo KT1 m ta ch mun 1 mnh folder Documents. Vic s dng Roaming Profile i tr nh chng ta bit cng gy ra nhiu vn . Trong mi trng domain, Windows cung cp cho ta tnh nngFolder Redirection(Ti nh hng profile).
Folder Redirection (FR) cho php chng ta la chn thng tin trong profile ti nh hng.
FR cho php ta c th roaming tt c cc thng tin trong profile:
Nguyn l hot ng :Ging vi Roaming Profile nhng sau khi chng thc ti DC th DC s xem user thuc OU no, GPO no tc ng ti. Nu c GPO v FR th user b tc ng (cu hnh d hn, t tn thi gian hn Roaming Profile)
Trin khai: ti 2 v tr
Vi tr 1 ti File Server: To folder lu tr, share Full Control (nh l khng ng chm g n NTFS) . Lc ny AD s t ng khi to folder ng vi tn user, t phn quyn ch mnh user tng ng c truy cp.
Vi tr 2 ti GPMC: to GPO tc ng ln OU c nhu cu.
Cu hnh:
Bc 1: To Folder tn: RF v share full.
Bc 2: run -> gpmc.msc
Chn OU KeToan ->Creat a GPO .
Name: GPO 7: Folder Redirection -> Edit cu hnh Policy
Create GPO 7
User Configuration->Windows Setting->Folder Redirection
GPO: Folder Redirection
Ta thy tt c cc thng tin trong profile.
tnh hung trn ta ch mun RoamingDocumentsnn ta cu hnh vi Documents
ChnDocuments-> Tab Target
Target Setting
Ta c 2 la chn
Basic: Tt c mi folder profile ca user trong cc group trong OU s cng 1 ni lu tr (thng dng).Ta s trin khai ci ny
Advanced: Mi Group trong OU c 1 folder lu tr ring
Minh ha: Advanced
Target folder location: c 4 ty chn
Target folder location
Redirect to the users home directory: Nu ta cu hnh Home Foldercho user th h thng s t a cc thng tin profile ta thit lp vo th mc home folder ca tng ngi dng.
Create a folder for each user under the root path: To ra tng folder cho tng ngi dng.( Lu tr profile trong folder ta ch nh theo ng dn)
VD: 192.168.2.100\FR. H thng s t to cc folder tng ng vi tn ngi dng.
Redirect to the following location: Tt c profile s chung 1 ng dn
Redirect to the local profile location( ti nh hng quay v lu tr trn local). Mc ch ta dng option ny khi no ???
*** Profile th thng tin nng nht l application data. Ta mun Romaing tt c thng tin nhng cha li folder Application Data. Ta s cu hnh Romaing Profile ri to GPO Folder Redirection Application option Redirect to the local profile location folder ny ch lu tr local.
Ta chnCreate a folder for each user under the root path
\\192.168.2.100\FR
nh lnh:gpupdate/ force
Sau : ng nhp KT1 kim tra.
Ch : ta ch cn to policy trong Group Policies Objects ri link n cc OU cho cng cu hnh.
Trin khai Script
Bn cht script l 1 file cha on code thc thi cc cng vic thng dng. GPO c th thng qua cc on script tc ng ln user, computer ( cc on script thng dng: *.bat, *.vbs, v.v)
Ta mun: rename, change password, disable account local administrator th c th dng script trin khai n cc member computer (automatic tc ng)
Cc on script thng dng c Microsoft public trn trang:http://gallery.technet.microsoft.com/scriptcenterScript ch tc ng n user account v computer account v ch chy trong4 thi im
i vi user account(2 thi im): Khi log on hoc log off.
i vi computer(2 thi im) : khi khi ng hoc chy trc khi shut down.
Trin khai:
To file Map.bat: New -> text.txt sau dnh lnh: net use Z: \\192.168.2.100\Data
Sau i tn file thnh *.bat ( Map.bat)
Trn OU NhanSu toGPO 8 : Script MapNetworkDrive Logon(ngha l c mi ln user log on l chy script Map.bat)
GPO: Scripts
Sau Edit->User Configuration->Windows Setting->Scripts
Double click vo log on (Log on Properties)
Do to sn file script (map.bat) ta ch cn b file vo folder lu tr bng cch chn: Show File.
Nhng script log on s nm trong foler Log on, nhng script log off s nhm trong folder Log off. C 2 folder ny u lu trong folderSysvolca my DC.
copy file script vo folder log on
Sau quay li ca s Log on Properties
ChnAdd-> Browse-> chn Map.bat ->OK
Add scripts vo
nh lnh :Gpupdate /force
Cc bn t test kt qu.
Ghi ch:Mun Remname cc member computer th to 1 OU ri move cc computer cn p Policy vo:
Mnh xin kt thc phn 3, cm n cc bn theo di.