Scribd Logo
Upload

Welcome to Scribd!

  • Network security configuration and policies in Windows Server 2008

    Uploaded by

    amro
    4 views13 pages

    Original Title

    MCITP9

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views13 pages

    Network security configuration and policies in Windows Server 2008

    Uploaded by

    amro

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    See discussions, stats, and author profiles for this publication at: https://www.researchgate.

    net/publication/335976585

    ‫ ﻛﺘﺎب ﻫﻨﺪﺳﺔ اﻟﺸﺒﻜﺎت‬MCITP ‫اﻟﺠﺰء اﻟﺘﺎﺳﻊ‬

    Book · October 2008

    CITATIONS READS

    0 176

    1 author:

    Nashaat Semaan
    National Earthquake Center
    30 PUBLICATIONS   2 CITATIONS   

    SEE PROFILE

    Some of the authors of this publication are also working on these related projects:

    Spatial databank View project

    Alternative energy View project

    All content following this page was uploaded by Nashaat Semaan on 23 September 2019.

    The user has requested enhancement of the downloaded file.


    ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت ‪MCITP‬‬

    ‫‪ -32‬ﺣﻣﺎﯾﺔ اﻟدﺧول إﻟﻰ اﻟﺷﺑﻛﺔ‬


    ‫‪NAP(Network‬‬ ‫‪Access‬‬
    ‫ﺳﯾرﻓر‬ ‫وﯾﻧدوز‬ ‫ﻓﻲ‬ ‫)‪Protection‬‬
    ‫‪:Windows Server 2008‬‬
    ‫ﺗﻌﺗﻣد اﻟﻔﻛرة ﻓﻲ ﻫذا اﻟدرس ﻋﻠﻰ أن أي‬
    ‫ﺣﺎﺳب ﯾرﯾد اﻟدﺧول إﻟﻰ اﻟﺷﺑﻛﺔ ﯾﺟب أن‬
    ‫اﻟﺷﻛل)‪(537‬‬ ‫ﯾﺣﻘق ﻋدة ﺷروط ﺗﺗﻌﻠق ﺑﺻﺣﺔ اﻟﺟﻬﺎز‬
    ‫)‪ HV(Health Validator‬أي ﻫل ﯾﺣوي‬
    ‫اﻟﺣﺎﺳب ﻋﻠﻰ ﻣﺿﺎد ﻓﺎﯾروس أو ﺟدار‬
    ‫ﻧﺎري أو ﻣﺿﺎد ﺳﺑﺎم ﻣﺛﻼ وﻓﻲ ﺣﺎل ﻋدم‬
    ‫ﺗﺣﻘق أﺣد ﻫذﻩ اﻟﺷروط ﻋﻧدﻫﺎ ﻧﻣﻧﻊ‬
    ‫اﻟﺟﻬﺎز ﻣن اﻟدﺧول إﻟﻰ اﻟﺷﺑﻛﺔ‪.‬‬
    ‫وﻫﻧﺎ ﻓﻲ اﻟﺟﻬﺎز ‪ DC02‬اﻟذي ﻗﻣﻧﺎ‬
    ‫ﺑﺈﻋدادﻩ ﻛراوﺗر ‪ Router‬اﺿﻐط ﺑﺎﻟزر‬
    ‫اﻷﯾﻣن ﻋﻠﻰ ‪Network Policy and‬‬
    ‫‪ Access Services‬اﻟﺗﺎﺑﻌﺔ ﻟـ ‪Roles‬‬
    ‫‪Add‬‬ ‫‪Role‬‬ ‫‪Services‬‬ ‫واﺧﺗر‬
    ‫اﻟﺷﻛل)‪ (537‬ﻟﺗﻔﺗﺢ ﻧﺎﻓذة ‪Add Role‬‬
    ‫أن‬ ‫ﻟﻧﺟد‬ ‫اﻟﺷﻛل)‪(538‬‬ ‫‪Services‬‬
    ‫‪Health Registration Authority‬‬
    ‫ﻏﯾر ﻣﻔﻌﻠﺔ‪.‬‬
    ‫اﺿﻐط ‪ Start‬وﻓﻲ ‪Start Search‬‬
    ‫‪Microsoft‬‬ ‫اﻛﺗب ‪ mmc‬واﻟﺗﻲ ﺗﻌﻧﻲ‬
    ‫واﺿﻐط‬ ‫‪Management Console‬‬
    ‫اﻟﺷﻛل)‪(538‬‬
    ‫‪Console1‬‬ ‫ﻧﺎﻓذة‬ ‫ﻟﺗﻔﺗﺢ‬ ‫‪Enter‬‬

    ‫‪157‬‬
    ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت ‪MCITP‬‬

    ‫اﻟﺷﻛل)‪(539‬‬

    ‫اﻟﺷﻛل)‪(540‬‬

    ‫اﻟﺷﻛل)‪(539‬‬
    ‫‪Add or‬‬ ‫وﻣن اﻟﻘﺎﺋﻣﺔ ‪ File‬اﺧﺗر‬
    ‫‪ Remove Snap-ins‬ﻟﺗﻔﺗﺢ اﻟﻧﺎﻓذة‬
    ‫‪Add‬‬ ‫‪or‬‬ ‫‪Remove‬‬ ‫‪Snap-ins‬‬
    ‫اﻟﺷﻛل)‪.(540‬‬
    ‫‪NAP‬‬ ‫وﻣن ﻧﺎﻓذة ‪ Snap-in‬اﺧﺗر‬
    ‫‪ Client Configuration‬واﺿﻐط ‪Add‬‬
    ‫‪Network Policy‬‬ ‫ﺛم ‪ Ok‬ﺛم اﺧﺗر‬
    ‫اﻟﺷﻛل)‪(541‬‬ ‫‪ Server‬واﺿﻐط ‪ Add‬ﺛم ‪ Ok‬واﺧﺗر‬
    ‫‪Routing and Remote Access‬‬
    ‫واﺿﻐط ‪ Add‬ﺛم ‪ Ok‬اﻟﺷﻛل)‪.(541‬‬
    ‫اﺿﻐط ‪ OK‬وﻟﯾﺗم ﺣﻔظ وﺣدة اﻟﺗﺣﻛم ﻣن‬
    ‫اﻟﻘﺎﺋﻣﺔ ‪ File‬اﺧﺗر ‪ Save‬وﺣدد اﻟﻣﻛﺎن‬
    ‫اﻟذي ﺗرﯾد اﻟﺣﻔظ ﺑﻪ واﻛﺗب اﺳم ﻟﻬذﻩ‬
    ‫اﻟوﺣدة وﻟﯾﻛن ‪.NAP Config‬‬
    ‫اﺿﻐط إﺷﺎرة ‪ +‬ﯾﺳﺎر ‪ (NPS) Local‬ﺛم‬
    ‫اﺿﻐط ‪ +‬ﯾﺳﺎر ‪ Policies‬واﺧﺗر‬
    ‫اﻟﺷﻛل)‪(542‬‬ ‫‪ Health Policies‬اﻟﺷﻛل)‪.(542‬‬

    ‫‪158‬‬
    ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت ‪MCITP‬‬

    ‫اﺿﻐط ‪ New‬ﻣن ﯾﻣﯾن اﻟﻧﺎﻓذة ﻟﺗﻔﺗﺢ ﻧﺎﻓذة‬


    ‫‪ Create New Health Policy‬واﻛﺗب‬
    ‫اﺳم ﻟﻬذﻩ اﻟﺑوﻟﯾﺳﻲ وﻟﯾﻛن ‪Client FW‬‬
    ‫‪ is ON‬أي ﯾﺟب أن ﯾﻛون اﻟﺟدار اﻟﻧﺎري‬
    ‫ﻣﻔﻌل ﻋﻠﻰ اﻟﺟﻬﺎز اﻟذي ﺳﻧﺳﻣﺢ ﻟﻪ‬
    ‫ﺑﺎﻟدﺧول واﺿﻐط ﻋﻠﻰ اﻟﻣرﺑﻊ ﺑﺟﺎﻧب‬
    ‫اﻟﺷﻛل)‪(544‬‬
    ‫‪Windows‬‬ ‫‪Security‬‬ ‫‪Health‬‬
    ‫‪ Validator‬اﻟﺷﻛل)‪ (543‬واﺿﻌط ‪.OK‬‬

    ‫اﻟﺷﻛل)‪(543‬‬
    ‫‪Network Access‬‬ ‫اﺿﻐط ‪ +‬ﯾﺳﺎر‬
    ‫‪ Protection‬واﺧﺗر ‪System Health‬‬
    ‫اﻷﯾﻣن‬ ‫ﺑﺎﻟزر‬ ‫واﺿﻐط‬ ‫‪Validators‬‬
    ‫‪Windows Security‬‬ ‫ﻟﻠﻣﺎوس ﻋﻠﻰ‬
    ‫واﺧﺗر‬ ‫‪Health‬‬ ‫‪Validators‬‬
    ‫‪ Properties‬اﻟﺷﻛل)‪ (544‬ﻟﺗﻔﺗﺢ اﻟﻧﺎﻓذة‬
    ‫‪Windows‬‬ ‫‪Security‬‬ ‫‪Health‬‬
    ‫‪Validators‬‬ ‫‪Properties‬‬
    ‫اﻟﺷﻛل)‪.(545‬‬
    ‫اﻟﺷﻛل)‪(545‬‬
    ‫ﻧﺎﻓذة‬ ‫ﻟﺗﻔﺗﺢ‬ ‫‪Configure‬‬ ‫اﺿﻐط‬

    ‫‪159‬‬
    ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت ‪MCITP‬‬

    ‫‪Windows‬‬ ‫‪Security‬‬ ‫‪Health‬‬


    ‫‪ Validators‬ﻟﻧﺟد ﺗﺑوﯾﺑﺗﺎن ‪Windows‬‬
    ‫‪ Vista‬و ‪ Windows XP‬وﻫﻧﺎ ﻗم ﺑﺈﻟﻐﺎء‬
    ‫ﺟﻣﯾﻊ اﻟﺣﯾﺎرات ﻋدا ﺧﯾﺎر ‪ Firewall‬ﻓﻲ‬
    ‫ﻛﻼ اﻟﺗﺑوﯾﺑﺗﯾن اﻟﺷﻛل)‪ (546‬واﺿﻐط ‪OK‬‬
    ‫ﺛم ‪.OK‬‬
    ‫اﻟﺷﻛل)‪(546‬‬
    ‫‪ -33‬إﻧﺷﺎء ﻧطﺎﻗﺎت اﻟﺗﺳﻣﯾﺔ ‪:Zones‬‬
    ‫ﺳﻧﻘوم ﻓﻲ ﻫذا اﻟﺟرء ﺑﺈﻧﺷﺎء ﻧطﺎق ﺗﺳﻣﯾﺔ‬
    ‫ﺟدﯾد ﻓﻲ ﻛﻼ اﻟﺳﯾرﻓرﯾن ﺳواء أﻛﺎن‬
    ‫اﻟﺳﯾرﻓر اﻟﻣﺗﺣﻛم ﺑﺎﻟدوﻣﯾن أو اﻟﺳﯾرﻓر‬
    ‫اﻟﻌﺿو‪.‬‬
    ‫ﻓﻲ اﻟﺳﯾرﻓر ‪ DC01‬اﻟﻣﺗﺣﻛم ﺑﺎﻟدوﻣﯾن‬
    ‫اﺿﻐط ‪ +‬ﯾﺳﺎر ‪ Roles‬واﺿﻐط ‪ +‬ﯾﺳﺎر‬
    ‫‪ DNS Server‬ﺛم ‪ +‬ﯾﺳﺎر ‪ DNS‬و ‪+‬‬
    ‫اﻟﺷﻛل)‪(547‬‬
    ‫‪Forward‬‬ ‫ﯾﺳﺎر ‪ DC01‬ﺛم ‪ +‬ﯾﺳﺎر‬
    ‫‪ Lockup Zones‬واﺿﻐط ﺑﺎﻟزر اﻷﯾﻣن‬
    ‫ﻋﻠﻰ ‪Forward Lockup Zones‬‬
    ‫واﺧﺗر ‪ New Zone‬اﻟﺷﻛل)‪ (547‬ﻟﺗﻔﺗﺦ‬
    ‫ﻧﺎﻓذة ‪ New Zone Wizard‬واﺿﻐط‬
    ‫‪ Next‬ﺛم ‪ Next‬ﺛم ‪ Next‬واﻛﺗب اﺳم‬
    ‫‪abc.com‬‬ ‫وﻟﯾﻛن‬ ‫اﻟﺟدﯾد‬ ‫اﻟزون‬
    ‫اﻟﺷﻛل)‪ (548‬واﺿﻐط ‪ Next‬ﺛم ‪ Next‬ﺛم‬
    ‫‪ Finish‬ﻟﯾﺗم إﻧﺷﺎء اﻟزون اﻟﺟدﯾد‪.‬‬
    ‫اﻟﺷﻛل)‪(548‬‬
    ‫ﻓﻲ اﻟﺳﯾرﻓر ‪ DC02‬اﻟﻌﺿو اﺿﻐط ﺑﺎﻟزر‬

    ‫‪160‬‬
    ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت ‪MCITP‬‬

    ‫‪New‬‬ ‫اﻷﯾﻣن ﻋﻠﻰ ‪ Roles‬واﺧﺗر‬


    ‫‪ Roles‬اﻟﺷﻛل)‪ (549‬ﻟﺗﻔﺗﺢ ﻧﺎﻓذة ‪Add‬‬
    ‫‪Roles Wizard‬‬

    ‫اﻟﺷﻛل)‪(550‬‬

    ‫اﻟﺷﻛل)‪(549‬‬
    ‫واﺧﺗر ‪ DNS Server‬اﻟﺷﻛل)‪(550‬‬
    ‫واﺿﻐط ‪ Next‬ﺛم ‪ Next‬ﺛم ‪.Install‬‬
    ‫اﺿﻐط ‪ +‬ﯾﺳﺎر ‪ Roles‬واﺿﻐط ‪ +‬ﯾﺳﺎر‬
    ‫‪ DNS Server‬ﺛم ‪ +‬ﯾﺳﺎر ‪ DNS‬و ‪+‬‬
    ‫‪Forward‬‬ ‫ﯾﺳﺎر ‪ DC02‬ﺛم ‪ +‬ﯾﺳﺎر‬
    ‫‪ Lockup Zones‬واﺿﻐط ﺑﺎﻟزر اﻷﯾﻣن‬
    ‫ﻋﻠﻰ ‪Forward Lockup Zones‬‬
    ‫واﺧﺗر ‪ New Zone‬اﻟﺷﻛل)‪ (551‬ﻟﺗﻔﺗﺦ‬
    ‫ﻧﺎﻓذة ‪ New Zone Wizard‬واﺿﻐط‬
    ‫‪ Next‬ﺛم ‪ Next‬ﺛم ‪ Next‬واﻛﺗب اﺳم‬
    ‫اﻟزون اﻟﺟدﯾد وﻟﯾﻛن ‪ abc.com‬واﺿﻐط‬
    ‫‪ Next‬ﺛم ‪ Next‬ﺛم ‪ Finish‬ﻟﯾﺗم إﻧﺷﺎء‬
    ‫اﻟزون‪.‬‬
    ‫‪Reverse‬‬ ‫اﺿﻐط ﺑﺎﻟزر اﻷﯾﻣن ﻋﻠﻰ‬
    ‫اﻟﺷﻛل)‪(551‬‬
    ‫‪ Lockup Zones‬واﺧﺗر ‪New Zone‬‬

    ‫‪161‬‬
    ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت ‪MCITP‬‬

    ‫ﻟﺗﻔﺗﺦ ﻧﺎﻓذة ‪New Zone Wizard‬‬


    ‫واﺿﻐط ‪ Next‬ﺛم ‪ Next‬ﺛم ‪ Next‬واﻛﺗب‬
    ‫‪ 192.168.0‬أﺳﻔل ‪Network ID‬‬
    ‫اﻟﺷﻛل)‪(552‬‬

    ‫اﻟﺷﻛل)‪(553‬‬

    ‫اﻟﺷﻛل)‪(552‬‬
    ‫واﺿﻐط ‪ Next‬ﺛم ‪ Next‬ﺛم ‪ Next‬ﺛم‬
    ‫‪ Finish‬وأﻋد اﻟﻌﻣﻠﯾﺔ ﻹﻧﺷﺎء زون ﺟدﯾد‬
    ‫ﻓﻲ ‪ Reverse Lockup Zones‬ﻓﻲ‬
    ‫اﻟﺳﯾرﻓر ‪.DC01‬‬

    ‫اﻟﺷﻛل)‪(554‬‬ ‫ﻓﻲ‪ DC01‬اﺧﺗر اﻟزون ‪course.local‬‬


    ‫اﻟﺷﻛل)‪ (553‬وﻓﻲ اﻟﻧﺎﻓذة اﻟوﺳطﻰ اﺿﻐط‬
    ‫ﺑﺎﻟزر اﻷﯾﻣن ﻓﻲ ﻣﻛﺎن ﻓﺎرغ واﺧﺗر ‪New‬‬
    ‫‪ Host‬اﻟﺷﻛل)‪ (554‬واﻛﺗب ‪ ST10‬أﺳﻔل‬
    ‫‪ Name‬واﻛﺗب ‪ 192.168.0.5‬أﺳﻔل‬
    ‫‪Create‬‬ ‫واﺧﺗر‬ ‫‪IP‬‬ ‫‪Address‬‬
    ‫‪ associated pointer‬اﻟﺷﻛل)‪(555‬‬
    ‫واﺿﻌط ‪ Add Host‬ﻟﺗﺟد أﻧﻪ ﺗم إﺿﺎﻓﺔ‬
    ‫اﻟﺳﺟل ﻓﻲ ﻛل ﻣن ‪Forward Lockup‬‬
    ‫اﻟﺷﻛل)‪(555‬‬ ‫و ‪.Reverse Lockup Zones‬‬

    ‫‪162‬‬
    ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت ‪MCITP‬‬

    ‫‪ -34‬اﻟدوﻣﯾن اﻹﺑن ‪:Child Domain‬‬


    ‫ﻋﻧد إﻧﺷﺎء اﻟدوﻣﯾن اﻹﺑن ﺳﯾﻛون ﻟدﯾﻧﺎ‬
    ‫ﺣﺎﻟﺗﺎن اﻟﺣﺎﻟﺔ اﻷوﻟﻰ ﻫﻲ أن ﯾﻛون ‪DNS‬‬
    ‫‪ Server‬اﻷب ﻫو اﻟﻣﺳؤول ﻋن ﻫذا‬
    ‫اﻟدوﻣﯾن أﻣﺎ اﻟﺣﺎﻟﺔ اﻟﺛﺎﻧﯾﺔ ﻓﻬﻲ ﺗﻔوﯾض‬
    ‫‪ DNS Server‬آﺧر ﺑﻬذا اﻟدوﻣﯾن اﻹﺑن‪.‬‬
    ‫اﻟﺷﻛل)‪(556‬‬
    ‫ﻣن أﺟل اﻟﺣﺎﻟﺔ اﻷوﻟﻰ ﻓﻲ ‪ DC1‬اﺿﻐط‬
    ‫‪DNS‬‬ ‫‪ +‬ﯾﺳﺎر ‪ Roles‬ﺛم ‪ +‬ﯾﺳﺎر‬
    ‫‪ Server‬ﺛم ‪ +‬ﯾﺳﺎر ‪ DNS‬ﺛم ‪ +‬ﯾﺳﺎر‬
    ‫‪ DC1‬ﺛم ‪ +‬ﯾﺳﺎر ‪Forward Lockup‬‬
    ‫‪ Zones‬واﺿﻐط ﺑﺎﻟزر اﻷﯾﻣن ﻋﻠﻰ‬
    ‫‪ course.local‬وﺧﺗر ‪New Domain‬‬
    ‫اﻟﺷﻛل)‪(556‬‬
    ‫ﻟﺗﻔﺗﺢ ﻧﺎﻓذة ‪New DNS Domain‬‬
    ‫اﻟﺷﻛل)‪(557‬‬ ‫ﻓﺎﻛﺗب اﺳم اﻟدوﻣﯾن اﻻﺑن وﻟﯾﻛن ‪right‬‬
    ‫اﻟﺷﻛل)‪(557‬‬
    ‫اﻟدوﻣﯾن‬ ‫إﻧﺷﺎء‬ ‫ﻟﯾﺗم‬ ‫‪OK‬‬ ‫واﺿﻐط‬
    ‫‪.right.course.local‬‬

    ‫ﻣن أﺟل اﻟﺣﺎﻟﺔ اﻟﺛﺎﻧﯾﺔ اﺿﻐط ﺑﺎﻟزر‬


    ‫واﺧﺗر‬ ‫ﻋﻠﻰ ‪course.local‬‬ ‫اﻷﯾﻣن‬
    ‫‪New‬‬ ‫‪ New Delegation‬ﻟﯾﻔﺗﺢ‬
    ‫‪ Delegation Wizard‬اﻟﺷﻛل)‪(558‬‬
    ‫اﻟﺷﻛل)‪(558‬‬ ‫‪Delegation‬‬ ‫واﺿﻐط ‪ Next‬وأﺳﻔل‬

    ‫‪163‬‬
    ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت ‪MCITP‬‬

    ‫‪ Domain‬أﻛﺗب ‪ left‬اﻟﺷﻛل)‪(559‬‬

    ‫اﻟﺷﻛل)‪(560‬‬
    ‫اﻟﺷﻛل)‪(559‬‬
    ‫واﺿﻐط ‪ Next‬واﺿﻐط ‪ Add‬واﻛﺗب‬
    ‫‪ DC2‬واﺿﻐط ‪ Resolve‬واﺿﻐط ‪OK‬‬
    ‫اﻟﺷﻛل)‪ (560‬واﺿﻐط ‪ Next‬ﺛم ‪.Finish‬‬

    ‫‪ -35‬اﻟﺗوﻛﯾل ‪:Forward‬‬
    ‫ﻧرﯾد ﺟﻌل اﻟﺳﯾرﻓر ‪ DC1‬ﻫو اﻟﺳﯾرﻓر‬
    ‫اﻟوﻛﯾل ‪ Forwarder‬ﺑﺣﯾث أﻧﻪ ﻋﻧدﻣﺎ‬
    ‫ﯾطﻠب أي ﺟﻬﺎز اﻟدﺧول ﻟﻼﻧﺗرﻧت ﯾﻛﻔﻲ‬
    ‫وﺿﻊ ﺧﺎدم ‪ DNS‬ﻫو اﻟﺳﯾرﻓر‪.‬‬
    ‫وﻟﻠﻘﯾﺎم ﺑذﻟك اﺿﻐط ‪ +‬ﯾﺳﺎر ‪ Roles‬ﺛم‬
    ‫‪ +‬ﯾﺳﺎر ‪ DNS Server‬ﺛم ‪ +‬ﯾﺳﺎر‬
    ‫‪ DNS‬ﺛم اﺿﻐط ﺑﺎﻟزر اﻷﯾﻣن ﻋﻠﻰ‬
    ‫‪ DC1‬واﺧﺗر ‪ Properties‬وﻓﻲ ﻧﺎﻓذة‬
    ‫ﺗﺑوﯾﺑﺔ‬ ‫اﺿﻐط‬ ‫‪DC1‬‬ ‫‪Properties‬‬
    ‫‪ Forwarders‬اﻟﺷﻛل)‪ (561‬وﻫﻧﺎ اﺿﻐط‬
    ‫‪ Edit‬وادﺧل ﻋﻧﺎوﯾن ‪ DNS‬ﻟﻣﺧدم‬
    ‫اﻟﺷﻛل)‪(561‬‬ ‫اﻻﻧﺗرﻧت وﻟﺗﻛن ‪ 8.8.8.8‬و ‪8.8.4.4‬‬

    ‫‪164‬‬
    ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت ‪MCITP‬‬

    ‫اﻟﺷﻛل)‪ (562‬واﺿﻐط ‪ OK‬ﺛم ‪.OK‬‬

    ‫اﻟﺷﻛل)‪(563‬‬
    ‫اﻟﺷﻛل)‪(562‬‬

    ‫‪ -36‬إدارة ﺳﯾﺎﺳﺔ اﻟﻣﺟﻣوﻋﺔ ‪Group‬‬


    ‫‪:Policy Management‬‬
    ‫ﻗﺑل اﻟﺑدء ﯾﺟب إﻧﺷﺎء وﺣدة ﺗﻧظﯾﻣﯾﺔ ﻟﻛل‬
    ‫ﻗﺳم ﻓﻲ اﻟﺷرﻛﺔ وﻛل وﺣدة ﯾﺟب أن‬
    ‫ﺗﺣﺗوي ﻋﻠﻰ وﺣدﺗﯾن إﺣداﻫﺎ ﻟﻠﻣﺳﺗﺧدﻣﯾن‬
    ‫واﻷﺧرى ﻟﻠﺣواﺳﯾب وﻟذﻟك اﺿﻐط ‪ +‬ﯾﺳﺎر‬
    ‫‪Active‬‬ ‫‪Directory‬‬ ‫‪Domain‬‬
    ‫‪ Services‬ﺛم اﺿﻐط ‪ +‬ﯾﺳﺎر ‪Active‬‬
    ‫‪Directory Users and Computers‬‬
    ‫ﻋﻠﻰ‬ ‫اﻷﯾﻣن‬ ‫ﺑﺎﻟزر‬ ‫واﺿﻐط‬
    ‫واﺧﺗر‬ ‫‪course.local‬‬
    ‫‪New>Organizational‬‬ ‫‪Unit‬‬
    ‫اﻟﺷﻛل)‪ (563‬واﻛﺗب اﺳم وﺣدة ﺗﻧظﯾﻣﯾﺔ‬
    ‫‪Accounting‬‬ ‫وﻟﯾﻛن‬ ‫ﺟدﯾدة‬
    ‫اﻟﺷﻛل)‪ (564‬واﺿﻐط ‪.OK‬‬
    ‫اﻟﺷﻛل)‪(564‬‬
    ‫اﺿﻐط ﺑﺎﻟزر اﻷﯾﻣن ﻋﻠﻰ ‪Accounting‬‬

    ‫‪165‬‬
    ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت ‪MCITP‬‬

    ‫واﺧﺗر ‪New>Organizational Unit‬‬


    ‫واﻛﺗب اﺳم وﺣدة ﺗﻧظﯾﻣﯾﺔ ﺟدﯾدة وﻟﯾﻛن‬
    ‫‪ Accounting Users‬واﺿﻐط ‪OK‬‬
    ‫وﻛرر اﻟﻌﻣﻠﯾﺔ ﻹﻧﺷﺎء وﺣدة ﺗﻧظﯾﻣﯾﺔ ﺟدﯾدة‬
    ‫‪ Accounting Comp‬اﻟﺷﻛل)‪.(565‬‬
    ‫اﺿﻐط ﺑﺎﻟزر اﻷﯾﺳر ﻋﻠﻰ ‪Computers‬‬
    ‫اﻟﺷﻛل)‪(565‬‬ ‫وﻗم ﺑﺳﺣب اﻟﺟﻬﺎز ‪ EX01‬إﻟﻰ اﻟوﺣدة‬
    ‫‪ Accounting Comp‬واﺿﻐط ﺑﺎﻟزر‬
    ‫‪Accounting‬‬ ‫اﻷﯾﻣن ﻋﻠﻰ اﻟوﺣدة‬
    ‫‪ Users‬واﺧﺗر ‪ New>User‬ﻹﻧﺷﺎء‬
    ‫‪Accuser01‬‬ ‫ﺟدﯾد‬ ‫ﻣﺳﺗﺧدم‬
    ‫اﻟﺷﻛل)‪ (566‬واﺿﻐط ‪ Next‬واﻛﺗب ﻛﻠﻣﺔ‬
    ‫اﻟﻣرور اﻟﺷﻛل)‪ (567‬واﺿﻐط ‪ Next‬ﺛم‬
    ‫‪ Finish‬وﻛرر اﻟﻌﻣﻠﯾﺔ ﻹﻧﺷﺎء ﻣﺳﺗﺧدم‬
    ‫آﺧر ‪.accuser02‬‬

    ‫اﻟﺷﻛل)‪(566‬‬
    ‫‪ -1-36‬ﻣﻧﻊ اﻟﻣﺳﺗﺧدﻣﯾن اﻟﺗﺎﺑﻌﯾن‬
    ‫ﻟﻠﻘﺳم ‪ Accounting‬ﻣن ﺗﻐﯾﯾر ﺻورة‬
    ‫ﺳطﺢ اﻟﻣﻛﺗب‪:‬‬
    ‫اﺿﻐط ‪ +‬ﯾﺳﺎر ‪ Features‬ﺛم ‪ +‬ﯾﺳﺎر‬
    ‫‪ Group Policy Management‬ﺛم ‪+‬‬
    ‫ﯾﺳﺎر ‪ Forest:course.local‬ﺛم ‪+‬‬
    ‫ﯾﺳﺎر‬ ‫‪+‬‬ ‫ﺛم‬ ‫‪Domains‬‬ ‫ﯾﺳﺎر‬
    ‫ﯾﺳﺎر‬ ‫‪+‬‬ ‫ﺛم‬ ‫‪course.local‬‬
    ‫اﻟﺷﻛل)‪(567‬‬ ‫‪ Accounting‬واﺿﻐط ﺑﺎﻟزر اﻷﺑﻣن ﻋﻠﻰ‬

    ‫‪166‬‬
    MCITP ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت‬

    Create ‫ واﺧﺗر‬Accounting Users


    a GPO in this domain, and link
    (568)‫ اﻟﺷﻛل‬it here

    (569)‫اﻟﺷﻛل‬

    (568)‫اﻟﺷﻛل‬
    Prohibit users from ‫واﻛﺗب‬
    Name ‫ أﺳﻔل‬changing wallpaper
    (569)‫ اﻟﺷﻛل‬New GPO ‫ﻓﻲ ﻧﺎﻓذة‬
    ‫ ﻟﻧﺟد أﻧﻪ ﺗم إﻧﺷﺎء اﺧﺗﺻﺎر‬OK ‫واﺿﻐط‬
    Accounting ‫ﻟﻬذﻩ اﻟﺑوﻟﯾﺳﻲ أﺳﻔل‬
    Group ‫ وﺗم إﻧﺷﺎء اﻟﺑوﻟﯾﺳﻲ ﻓﻲ‬Users
    .(570)‫ اﻟﺷﻛل‬Policy Objects
    Prohibit ‫اﺿﻐط ﻋﻠﻰ اﺣﺗﺻﺎر اﻟﺑوﻟﯾﺳﻲ‬
    users from changing wallpaper
    ‫ ﻟﺗﻔﺗﺢ اﻟﻧﺎﻓذة‬Edit ‫ﺑﺎﻟزر اﻷﯾﻣن واﺧﺗر‬
    Group Policy Management
    ‫ أﺳﻔل‬Policies ‫ ﯾﺳﺎر‬+ ‫ اﺿﻐط‬Editor
    ‫ ﯾﺳﺎر‬+ ‫ ﺛم‬User Configuration
    + ‫ ﺛم‬Administrative Templates
    (570)‫اﻟﺷﻛل‬
    ‫ واﺿﻐط ﺑﺎﻟزر‬Control Panel ‫ﯾﺳﺎر‬

    167
    ‫ھﻧدﺳﺔ اﻟﺷﺑﻛﺎت ‪MCITP‬‬

    ‫اﻷﯾﺳر ﻋﻠﻰ ‪ Display‬اﻟﺷﻛل)‪(571‬‬

    ‫اﻟﺷﻛل)‪(572‬‬
    ‫اﻟﺷﻛل)‪(571‬‬
    ‫‪Prevent‬‬ ‫ﺛم اﻧﻘر ﻧﻘ ار ﻣﺿﺎﻋﻔﺎ ﻋﻠﻰ‬
    ‫‪ changing wallpaper‬ﻟﺗﻔﺗﺢ ﻧﺎﻓذة‬
    ‫‪Prevent‬‬ ‫‪changing‬‬ ‫‪wallpaper‬‬
    ‫‪Enabled‬‬ ‫اﺧﺗر‬ ‫‪properties‬‬
    ‫اﻟﺷﻛل)‪ (572‬واﺿﻐط ‪ OK‬وﯾﺑﻘﻰ ﺧطوة‬
    ‫ﻧﺷر اﻟﺑوﻟﯾﺳﻲ وﻟذﻟك ﻣن ‪ Start‬اﺿﻐط‬
    ‫‪ Command Prompt‬ﻟﺗﻔﺗﺢ ﻧﺎﻓذة‬
    ‫اﻟﺷﻛل)‪(573‬‬ ‫‪ Command Prompt‬واﻛﺗب \‪cd‬‬
    ‫واﺿﻐط ‪ Enter‬ﺛم اﻛﺗب ‪gpupdate‬‬
    ‫اﻟﺷﻛل)‪ (573‬واﺿﻐط ‪.Enter‬‬
    ‫ﻧرﯾد اﻵن ﺗطﺑﯾق ﻫذﻩ اﻟﺑوﻟﯾﺳﻲ ﻋﻠﻰ وﺣدة‬
    ‫ﺗﻧطﯾﻣﯾﺔ أﺧرى ﻫﻲ اﻟوﺣدة ‪ Sales‬وﻟذﻟك‬
    ‫اﺿﻐط ﺑﺎﻟزر اﻷﯾﻣن ﻋﻠﻰ ‪ Sales‬واﺧﺗر‬
    ‫‪ Link an Existing GPO‬ﻟﺗﻔﺗﺢ اﻟﻧﺎﻓذة‬
    ‫‪ Select GPO‬واﺧﺗر ‪Prohibit users‬‬
    ‫‪from‬‬ ‫‪changing‬‬ ‫‪wallpaper‬‬
    ‫اﻟﺷﻛل)‪(574‬‬ ‫اﻟﺷﻛل)‪ (574‬واﺿﻐط ‪.OK‬‬

    ‫‪168‬‬

    ‫‪View publication stats‬‬

    You might also like