¡¡¡¡
ʹ¹ÜÀíÔ±ÕÊ»§¸ü°²È«µÄÖ¸µ¼ÔÔò¸ÅÊö¡¡¡¡¡¡¡¡Ã¿´Î°²×°Ð嵀 Active Directory? Ŀ¼·þÎñÖ®ºó£¬¾Í»áΪÿ¸öÓò´´½¨Ò»¸ö¹ÜÀíÔ±ÕÊ»§¡£ ĬÈÏÇé¿öÏ£¬²»ÄÜɾ³ý»òËø¶¨´ËÕÊ»§¡£ ÔÚ Microsoft? Windows Server? 2003 ÖУ¬¿ÉÒÔ½ûÓùÜÀíÔ±ÕÊ»§£¬µ«ÒÔ°²È«Ä£Ê½Æô¶¯¼ÆËã»úʱ£¬»á×Ô¶¯ÖØÐÂÆôÓôËÕÊ»§¡£¡¡¡¡¡¡¡¡Æóͼ¹¥»÷¼ÆËã»úµÄ¶ñÒâÓû§Í¨³£ÏȲéÕÒÓÐЧÕÊ»§£¬È»ºó³¢ÊÔÉý¼¶´ËÕÊ»§µÄȨÏÞ¡£ ÁíÍ⣬Ëû¿ÉÄÜ»¹ÀûÓò²âÃÜÂë¼¼ÊõÇÔÈ¡¹ÜÀíÔ±ÕÊ»§ÃÜÂë¡£ ÓÉÓÚ´ËÕÊ»§¾ßÓÐÐí¶àȨÏÞÇÒ²»Äܱ»Ëø¶¨£¬¶ñÒâÓû§ÒÔ´ËÕÊ»§Îª¹¥»÷¶ÔÏó¡£ Ëû¿ÉÄÜ»¹ÊÔͼÒýÓÕ¹ÜÀíÔ±Ö´ÐÐijЩ½«ÊÚÓè¹¥»÷ÕßȨÏ޵ĶñÒâ´úÂë¡£¡¡¡¡¡¡¡¡
Çø·ÖÓò¹ÜÀíÔ±½ÇÉ«ºÍÆóÒµ¹ÜÀíÔ±½ÇÉ«¡¡¡¡¡¡¡¡ÓÉÓÚÆóÒµ¹ÜÀíÔ±½ÇÉ«ÔÚĿ¼ÁÖ»·¾³Ï¾ßÓÐ×îÖÕȨÏÞ£¬Äú±ØÐëÖ´ÐÐÒÔÏÂÁ½¸ö²Ù×÷Ö®Ò»£¬ÒÔÈ·±£ºÜºÃµØ¿ØÖÆËüµÄʹÓᣠÄú¿ÉÒÔ´´½¨²¢Ñ¡ÔñÒ»¸öÊܵ½ÍêÉƱ£»¤µÄÕÊ»§×÷Ϊ Enterprise Admins µÄ³ÉÔ±£¬»òÕßÑ¡Ôñ²»Ê¹ÓÃÕâЩƾ¾ÝÉèÖÃÕÊ»§£¬¶øÊǽöÔÚÐèÒªÕâЩÌØȨµÄÊÚȨÈÎÎñÒªÇó´´½¨´ËÀàÕÊ»§Ê±²Å´´½¨¡£ ÔÚ´ËÕÊ»§Íê³ÉÈÎÎñÖ®ºó£¬ÄúÓ¦¸ÃÁ¢¼´É¾³ýÁÙʱ Enterprise Admins ÕÊ»§¡£¡¡¡¡¡¡¡¡
Çø·ÖÓû§ÕÊ»§ºÍ¹ÜÀíÔ±ÕÊ»§¡¡¡¡¡¡¡¡¶ÔÓÚµ£ÈιÜÀíÔ±½ÇÉ«µÄÿ¸öÓû§£¬ÄúÓ¦¸Ã´´½¨Á½¸öÕÊ»§£º Ò»¸öÆÕͨÓû§ÕÊ»§£¬Ö´ÐеäÐÍÈÕ³£ÈÎÎñ£¨ÀýÈçµç×ÓÓʼþºÍÆäËû³ÌÐò£©£»Ò»¸ö¹ÜÀíÕÊ»§£¬½öÖ´ÐйÜÀíÈÎÎñ¡£ Äú²»Ó¦Ê¹ÓùÜÀíÕÊ»§À´·¢Ë͵ç×ÓÓʼþ¡¢ÔËÐбê×¼³ÌÐò»òä¯ÀÀ Internet¡£ ÿ¸öÕÊ»§±ØÐëÓµÓÐΨһµÄÃÜÂë¡£ ÕâЩ¼òµ¥µÄ·À·¶´ëÊ©´ó´óµØ½µµÍÁËÕÊ»§±»¹¥»÷µÄ·çÏÕ£¬²¢Ëõ¶ÌÁ˹ÜÀíÕÊ»§µÇ¼µ½¼ÆËã»ú»òÓòËùÐèµÄʱ¼ä¡£¡¡¡¡¡¡¡¡
ʹÓà Secondary Logon ·þÎñ¡¡¡¡¡¡¡¡ÔÚ Microsoft Windows? 2000, Windows XP Professional ºÍ Windows Server 2003 ÖУ¬Äú¿ÉÒÔ×÷ΪÓ뵱ǰµÇ¼µÄÓû§²»Í¬µÄÓû§ÔËÐгÌÐò¡£ ÔÚ windows 2000 ÖУ¬Run as ·þÎñÌṩ´Ë¹¦ÄÜ£¬ÔÚ Windows XP ºÍ Windows Server 2003 ÖУ¬Ëü³ÆΪ Secondary Logon ·þÎñ¡£ Run as ºÍ Secondary Logon ·þÎñÊÇÃû³Æ²»Í¬µÄÏàͬ·þÎñ¡£¡¡¡¡¡¡¡¡Secondary Logon ÔÊÐí¹ÜÀíԱʹÓ÷ǹÜÀíÕÊ»§µÇ¼µ½¼ÆËã»ú£¬ÎÞÐë×¢Ïú£¬Ö»ÐèÔÚ¹ÜÀí»·¾³ÖÐÔËÐÐÊÜÐÅÈεĹÜÀí³ÌÐò¼´¿ÉÖ´ÐйÜÀíÈÎÎñ¡£¡¡¡¡¡¡¡¡Secondary Logon ·þÎñ½â¾öÁËÔËÐпÉÄÜÒ×ÊܶñÒâ´úÂë¹¥»÷µÄ³ÌÐòµÄ¹ÜÀíÔ±Ìá³öµÄ°²È«·çÏÕÎÊÌ⣻ÀýÈ磬ʹÓùÜÀíȨÏ޵Ǽ¡¢·ÃÎʲ»ÊÜÐÅÈεÄÍøÕ¾µÄÓû§¡£¡¡¡¡¡¡¡¡Secondary Logon Ö÷ÒªÊÊÓÃÓÚϵͳ¹ÜÀíÔ±£»µ«ÊÇ£¬ÈκÎÓµÓжà¸öÕÊ»§¡¢ÐèÒªÔÚ²»Í¬ÕÊ»§»·¾³ÖÐÎÞÐè×¢Ïú¼´¿ÉÆô¶¯³ÌÐòµÄÓû§Ò²¿ÉÒÔʹÓÃËü¡£¡¡¡¡¡¡¡¡Secondary Logon ·þÎñÉèÖÃΪ×Ô¶¯Æô¶¯£¬Ê¹ÓÃÔËÐз½Ê½¹¤¾ß×÷ΪÆäÓû§½çÃ棬ʹÓà runas.exe ×÷ΪÆäÃüÁîÐнçÃæ¡£ ͨ¹ýʹÓÃÔËÐз½Ê½£¬Äú¿ÉÒÔÔËÐгÌÐò (*.exe)¡¢±£´æµÄ Microsoft ¹ÜÀí¿ØÖÆ̨ (MMC) ¿ØÖÆ̨ (*.msc)¡¢³ÌÐò¿ì½Ý·½Ê½¼°¡°¿ØÖÆÃæ°å¡±ÖеÄÏîÄ¿¡£ ¼´Ê¹ÄúʹÓÃûÓйÜÀíȨÏ޵ıê×¼Óû§ÕÊ»§µÇ¼£¬Ö»ÒªÄúÔÚϵͳÌáʾÊäÈëÊʵ±µÄ¹ÜÀíÓû§ÕÊ»§ºÍÃÜÂëƾ¾ÝʱÊäÈëËüÃÇ£¬Äú¾Í¿ÉÒÔ×÷Ϊ¹ÜÀíÔ±ÔËÐÐÕâЩ³ÌÐò¡£¡¡¡¡¡¡¡¡Èç¹ûÄúÓµÓÐÆäËûÓòµÄ¹ÜÀíÕÊ»§µÄƾ¾Ý£¬ÔËÐз½Ê½ÔÊÐíÄú¹ÜÀíÆäËûÓò»òĿ¼ÁÖÖеķþÎñÆ÷¡£¡¡¡¡¡¡¡¡×¢£º²»ÄÜʹÓÃÔËÐз½Ê½Æô¶¯Ä³Ð©ÏîÄ¿£¬ÀýÈç×ÀÃæÉϵĴòÓ¡»úÎļþ¼Ð¡¢ÎҵĵçÄÔºÍÍøÉÏÁÚ¾Ó¡£¡¡¡¡¡¡¡¡
ʹÓÃÔËÐз½Ê½¡¡¡¡¡¡¡¡¿ÉÒÔͨ¹ý¶àÖÖ·½·¨À´Ê¹ÓÃÔËÐз½Ê½£º¡¡¡¡¡¡¡¡Ê¹ÓÃÔËÐз½Ê½À´Æô¶¯Ê¹ÓÃÓò¹ÜÀíÔ±ÕÊ»§Æ¾¾ÝµÄÃüÁî½âÊÍÆ÷¡¡¡¡¡¡¡¡1.µ¥»÷¡°¿ªÊ¼¡±£¬È»ºóµ¥»÷¡°ÔËÐС±¡£¡¡¡¡¡¡¡¡2.ÔÚ¡°ÔËÐС±¶Ô»°¿òÖУ¬¼üÈë runas /user:<domain_name>\administrator cmd£¨ÆäÖÐ <domain_name> ÊÇÄúµÄÓòÃû£©£¬È»ºóµ¥»÷¡°È·¶¨¡±¡£¡¡¡¡¡¡¡¡3.µ±ÏµÍ³ÌáʾÊäÈë domain_name\administrator ÕÊ»§µÄÃÜÂëʱ£¬¼üÈë¹ÜÀíÔ±ÕÊ»§µÄÃÜÂ룬Ȼºó°´ ENTER ¼ü¡£¡¡¡¡¡¡¡¡4.Ò»¸öпØÖÆ̨´°¿Ú´ò¿ª£¬±íʾÕýÔÚ¹ÜÀí»·¾³ÖÐÔËÐС£ ´Ë¿ØÖÆ̨±êÌâ±êʶΪ×÷Ϊdomain_name\administrator ÔËÐС£¡¡¡¡¡¡¡¡
ʹÓÃÔËÐз½Ê½À´ÔËÐС°¿ØÖÆÃæ°å¡±ÖеÄÏîÄ¿¡¡¡¡¡¡¡¡1.ÔÚ Windows XP »ò Windows Server 2003 ÖУ¬ÒÀ´Îµ¥»÷¡°¿ªÊ¼¡±¡¢¡°¿ØÖÆÃæ°å¡±¡£¡¡¡¡¡¡¡¡2.°´×¡ SHIFT ¼ü£¬Í¬Ê±ÓÒ¼üµ¥»÷ÄúÒªÔÚ¹ÜÀí»·¾³ÖÐÔËÐеŤ¾ß»ò³ÌÐò£¨ÀýÈ磬¡°Ìí¼ÓÓ²¼þ¡±£©¡£¡¡¡¡¡¡¡¡3.ÔÚ¿ì½Ý·½Ê½²Ëµ¥ÉÏ£¬µ¥»÷¡°ÔËÐз½Ê½¡±¡£¡¡¡¡¡¡¡¡4.ÔÚ¡°ÔËÐÐÉí·Ý¡±¶Ô»°¿òÖУ¬µ¥»÷¡°ÏÂÁÐÓû§¡±£¬È»ºó¼üÈëÏàÓ¦µÄÓòÃû¡¢¹ÜÀíÔ±ÕÊ»§ÃûºÍÃÜÂ룻ÀýÈ磺¡¡¡¡¡¡¡¡CORPDOMAIN\Administrator¡¡¡¡¡¡¡¡P@ssw0rd¡¡¡¡¡¡¡¡5.µ¥»÷¡°È·¶¨¡±¡£´Ë³ÌÐòÔÚ¹ÜÀí»·¾³ÖÐÔËÐС£¡¡¡¡¡¡¡¡Ê¹ÓÃÔËÐз½Ê½À´´ò¿ª¡°¿ªÊ¼¡±²Ëµ¥ÖеijÌÐò£¨ÀýÈç Active Directory Óû§ºÍ¼ÆËã»ú£©¡¡¡¡¡¡¡¡1.ÔÚ Windows Server 2003 ÖУ¬µ¥»÷¡°¿ªÊ¼¡±£¬Ö¸Ïò¡°¹ÜÀí¹¤¾ß¡±£¬È»ºóÓÒ¼üµ¥»÷¡°Active Directory Óû§ºÍ¼ÆËã»ú¡±¡£¡¡¡¡¡¡¡¡2.ÔÚ¿ì½Ý·½Ê½²Ëµ¥ÉÏ£¬µ¥»÷¡°ÔËÐз½Ê½¡±¡£¡¡¡¡¡¡¡¡Äú»¹¿ÉÒÔʹÓÿÉÖ´ÐÐÃüÁîÐÐʵÓóÌÐò runas.exe À´ÔËÐгÌÐò£¬²¢´ÓÃüÁîÐÐÆô¶¯¹ÜÀí¿ØÖÆ̨¡£¡¡¡¡¡¡¡¡ÔÚ±¾µØ¼ÆËã»úÉÏ×÷Ϊ¹ÜÀíÔ±Æô¶¯ÃüÁîÌáʾ·ûʵÀý¡¡¡¡¡¡¡¡1.µ¥»÷¡°¿ªÊ¼¡±£¬È»ºóµ¥»÷¡°ÔËÐС±¡£¡¡¡¡¡¡¡¡2.ÔÚ¡°ÔËÐС±¶Ô»°¿òÖУ¬¼üÈë runas /user:<localcomputername>\administrator cmd ¡£¡¡¡¡¡¡¡¡3.µ¥»÷¡°È·¶¨¡±¡£¡¡¡¡¡¡¡¡4.³öÏÖÌáʾʱ£¬ÔÚÃüÁîÌáʾ·û´°¿ÚÖмüÈë¹ÜÀíÔ±ÃÜÂ룬Ȼºó°´ ENTER ¼ü¡£¡¡¡¡¡¡¡¡ÔÚcorpdomainÓòÖÐʹÓóÆΪ domainadminµÄÓò¹ÜÀíÔ±ÕÊ»§Æô¶¯¡°¼ÆËã»ú¹ÜÀí¡±¹ÜÀíµ¥ÔªÊµÀý¡¡¡¡¡¡¡¡1.µ¥»÷¡°¿ªÊ¼¡±£¬È»ºóµ¥»÷¡°ÔËÐС±¡£¡¡¡¡¡¡¡¡2.ÔÚ¡°ÔËÐС±¶Ô»°¿òÖУ¬¼üÈë runas /user:<corpdomain>\<domainadmin> "mmc %windir%\system32\compmgmt.msc"¡¡¡¡¡¡¡¡3.µ¥»÷¡°È·¶¨¡±¡£¡¡¡¡¡¡¡¡4.³öÏÖÌáʾʱ£¬ÔÚÃüÁîÌáʾ·û´°¿ÚÖмüÈëÕÊ»§ÃÜÂ룬Ȼºó°´ ENTER ¼ü¡£¡¡¡¡¡¡¡¡Äú»¹¿ÉÒÔʹÓà runas.exe À´ÔËÐгÌÐò£¬²¢Ê¹ÓÃÖÇÄÜ¿¨Æ¾¾Ý´ÓÃüÁîÐÐÆô¶¯¹ÜÀí¿ØÖÆ̨¡£¡¡¡¡¡¡¡¡Ê¹ÓÃÖÇÄÜ¿¨Æ¾¾ÝÔÚ±¾µØ¼ÆËã»úÉÏ×÷Ϊ¹ÜÀíÔ±Æô¶¯ÃüÁîÌáʾ·ûʵÀý¡¡¡¡¡¡¡¡1.µ¥»÷¡°¿ªÊ¼¡±£¬È»ºóµ¥»÷¡°ÔËÐС±¡£¡¡¡¡¡¡¡¡2.ÔÚ¡°ÔËÐС±¶Ô»°¿òÖУ¬¼üÈë runas /smartcard /user:<localcomputername>\administrator cmd¡¡¡¡¡¡¡¡3.µ¥»÷¡°È·¶¨¡±¡£¡¡¡¡¡¡¡¡4.³öÏÖÌáʾʱ£¬ÔÚÃüÁîÌáʾ·û´°¿ÚÖмüÈëÖÇÄÜ¿¨µÄ PIN ºÅ£¬È»ºó°´ ENTER ¼ü¡£¡¡¡¡¡¡¡¡×¢£º²»ÄÜÊäÈëÃÜÂë×÷Ϊ runas.exe µÄÃüÁîÐвÎÊý£¬ÒòΪÕâÑù²»°²È«¡£¡¡¡¡¡¡¡¡
ÔËÐÐÓÃÓÚ¹ÜÀíµÄµ¥¶ÀµÄ¡°Öն˷þÎñ¡±»á»°¡¡¡¡¡¡¡¡ÔËÐз½Ê½ÊǹÜÀíÔ±ÔÚ¸ü¸ÄÆä±¾µØ¼ÆËã»úʱ×î³£Óõķ½·¨£¬Ò²¿ÉÄÜÊÇÖ´ÐÐijЩҵÎñÏß³ÌÐòµÄ×î³£Ó÷½·¨¡£ ¶ÔÓÚ IT ¹ÜÀíÈÎÎñ£¬Äú¿ÉÒÔʹÓÃÖն˷þÎñÀ´Á¬½Óµ½ÄúÐèÒª¹ÜÀíµÄ·þÎñÆ÷¡£ ´Ë·½·¨´ó´ó¼ò»¯Á˹ÜÀí¶ą̀Զ³Ì·þÎñÆ÷µÄ¹¤×÷£¬ÎÞÐèÎïÀí·ÃÎÊÿ̨Զ³Ì·þÎñÆ÷£¬¶øÇÒ²»ÐèÒªÄú¾ß±¸ÔÚ·þÎñÆ÷ÉϽ»»¥Ê½µÇ¼µÄȨÏÞ¡£ ҪʹÓô˷½·¨£¬ÇëʹÓÃÆÕͨÓû§ÕÊ»§Æ¾¾ÝµÇ¼£¬È»ºó×÷ΪÓò¹ÜÀíÔ±ÔËÐС°Öն˷þÎñ¡±»á»°¡£ ÄúÖ»ÄÜÔÚ¡°Öն˷þÎñ¡±»á»°´°¿ÚÖÐÖ´ÐÐÓò¹ÜÀíÈÎÎñ¡£¡¡¡¡¡¡¡¡
ÖØÃüÃûĬÈϹÜÀíÔ±ÕÊ»§¡¡¡¡¡¡¡¡µ±ÄúÖØÃüÃûĬÈϹÜÀíÔ±ÕÊ»§Ê±£¬Ã»ÓÐÃ÷ÏÔָʾ´ËÕÊ»§¾ßÓÐÌáÉýµÄÌØȨ¡£ ËäÈ»¹¥»÷ÕßÈÔÐèҪͨ¹ýÃÜÂëʹÓÃĬÈϹÜÀíÔ±ÕÊ»§£¬µ«ÊÇÒÑÃüÃûµÄĬÈϹÜÀíÔ±ÕÊ»§Ó¦¸ÃÌí¼ÓÒ»µÀ¸½¼ÓµÄ±£»¤²ã£¬ÒÔ·ÀÖ¹ÔâÊÜÌØȨÌáÉýµÄ¹¥»÷¡£ Ò»ÖÖ·½·¨ÊÇʹÓüÙÏëÐÕºÍÃû£¬²¢ÓëÆäËûÓû§ÃûµÄ¸ñʽÏàͬ¡£¡¡¡¡¡¡¡¡×¢£ºÖØÃüÃûĬÈϹÜÀíÔ±ÕÊ»§Ö»ÄÜ×èֹijЩÀàÐ͵Ĺ¥»÷¡£ ÓÉÓÚ´ËÕÊ»§µÄ°²È« ID ʼÖÕÏàͬ£¬¹¥»÷ÕßÅжÏÄĸöÕÊ»§ÊÇĬÈϹÜÀíÔ±ÕÊ»§Ïà¶Ô±È½ÏÈÝÒס£ ÁíÍ⣬¹¤¾ß¿ÉÒÔö¾Ù×é³ÉÔ±£¬²¢Ê¼ÖÕÏÈÁгöÔʼ¹ÜÀíÔ±ÕÊ»§¡£ ΪÁË×îºÃµØ·ÀÖ¹¶ÔÄúµÄÄÚÖùÜÀíÔ±ÕÊ»§½øÐй¥»÷£¬Çë´´½¨ÐµĹÜÀíÕÊ»§£¬È»ºó½ûÓÃÄÚÖÃÕÊ»§¡£¡¡¡¡¡¡¡¡
ÔÚÓòÖÐÖØÃüÃûĬÈϹÜÀíÔ±ÕÊ»§¡¡¡¡¡¡¡¡1.×÷Ϊ Domain Admins ×é³ÉÔ±£¨µ«²»ÊÇÄÚÖùÜÀíÔ±ÕÊ»§£©µÇ¼£¬È»ºó´ò¿ª¡°Active Directory Óû§ºÍ¼ÆËã»ú¡±¡£¡¡¡¡¡¡¡¡2.ÔÚ¿ØÖÆ̨Ê÷ÖУ¬µ¥»÷¡°Óû§¡±¡£¡¡¡¡¡¡¡¡3.ÔÚÏêϸÐÅÏ¢´°¸ñÖУ¬ÓÒ¼üµ¥»÷¡°¹ÜÀíÔ±¡±£¬È»ºóµ¥»÷¡°ÖØÃüÃû¡±¡£¡¡¡¡¡¡¡¡4.¼üÈë¼ÙÏëµÄÃûºÍÐÕ£¬È»ºó°´ ENTER ¼ü¡£¡¡¡¡¡¡¡¡5.ÔÚ¡°ÖØÃüÃûÓû§¡±¶Ô»°¿òÖУ¬¸Ä±ä¡°È«Ãû¡±¡¢¡°Ãû¡±¡¢¡°ÐÕ¡±¡¢¡°ÏÔʾÃû¡±¡¢¡°Óû§µÇ¼Ãû¡±ÒÔ¼°¡°Óû§µÇ¼Ãû¡±£¨Windows 2000 Ç°°æ±¾£©Ê¹Ö®Æ¥Åä¼ÙÏëµÄÕÊ»§Ãû£¬È»ºóµ¥»÷¡°È·¶¨¡±¡£¡¡¡¡¡¡¡¡6.ÔÚÏêϸÐÅÏ¢´°¸ñÖУ¬ÓÒ¼üµ¥»÷н¨µÄÓû§Ãû£¬È»ºóµ¥»÷¡°ÊôÐÔ¡±¡£¡¡¡¡¡¡¡¡7.µ¥»÷¡°³£¹æ¡±Ñ¡Ï¡£ ÔÚ¡°ËµÃ÷¡±¿òÖУ¬É¾³ý¹ÜÀí¼ÆËã»ú/ÓòµÄÄÚÖÃÕÊ»§£¬È»ºó¼üÈëÓëÆäËûÓû§ÕÊ»§ÀàËƵÄ˵Ã÷£¨¶ÔÓÚÐí¶à×éÖ¯£¬´ËֵΪ¿Õ£©¡£¡¡¡¡¡¡¡¡8.µ¥»÷¡°È·¶¨¡±¡£¡¡¡¡¡¡¡¡
ÖØÃüÃûĬÈϵı¾µØ¹ÜÀíÔ±ÕÊ»§¡¡¡¡¡¡¡¡1.×÷Ϊ±¾µØ¹ÜÀíÔ±×é³ÉÔ±£¨µ«²»ÊÇÄÚÖùÜÀíÔ±ÕÊ»§£©µÇ¼£¬È»ºóÔÚ¼ÆËã»ú¹ÜÀí¿ØÖÆ̨Öдò¿ª±¾µØÓû§ºÍ×é¹ÜÀíµ¥Ôª¹¤¾ß¡£¡¡¡¡¡¡¡¡2.ÔÚ¿ØÖÆ̨Ê÷ÖУ¬Õ¹¿ª¡°±¾µØÓû§ºÍ×顱£¬È»ºóµ¥»÷¡°Óû§¡±¡£¡¡¡¡¡¡¡¡3.ÔÚÏêϸÐÅÏ¢´°¸ñÖУ¬ÓÒ¼üµ¥»÷¡°¹ÜÀíÔ±¡±£¬È»ºóµ¥»÷¡°ÖØÃüÃû¡±¡£¡¡¡¡¡¡¡¡4.¼üÈë¼ÙÏëµÄÃûºÍÐÕ£¬È»ºó°´ ENTER ¼ü¡£¡¡¡¡¡¡¡¡5.ÔÚÏêϸÐÅÏ¢´°¸ñÖУ¬ÓÒ¼üµ¥»÷н¨µÄÓû§Ãû£¬È»ºóµ¥»÷¡°ÊôÐÔ¡±¡£¡¡¡¡¡¡¡¡6.µ¥»÷¡°³£¹æ¡±Ñ¡Ï¡£ ÔÚ¡°È«Ãû¡±¿òÖУ¬¼üÈëеÄÈ«Ãû¡£ ÔÚ¡°ËµÃ÷¡±¿òÖУ¬É¾³ý¹ÜÀí¼ÆËã»ú/ÓòµÄÄÚÖÃÕÊ»§£¬È»ºó¼üÈëÓëÆäËûÓû§ÕÊ»§ÀàËƵÄ˵Ã÷£¨¶ÔÓÚÐí¶à×éÖ¯£¬´ËֵΪ¿Õ£©¡£¡¡¡¡¡¡¡¡7.µ¥»÷¡°È·¶¨¡±¡£¡¡¡¡¡¡¡¡×¢£ºÁíÍ⣬Äú»¹¿ÉÒÔʹÓÃ×é²ßÂÔ¶ÔÏó (GPO) ÉèÖÃÔÚ¶ą̀¼ÆËã»úÉÏÖØÃüÃûĬÈϹÜÀíÔ±ÕÊ»§¡£ µ«ÊÇ£¬´ËÉèÖò»ÔÊÐíÄúÐÞ¸ÄĬÈÏ˵Ã÷¡£ ÓйØÏêϸÐÅÏ¢£¬Çë²ÎÔÄ http://support.microsoft.com/default.ASPx?scid=kb;en-us;816109 ÉϵÄ֪ʶ¿âÎÄÕÂÈçºÎÔÚ Windows Server 2003 ÖÐÖØÃüÃû¹ÜÀíÔ±ÕÊ»§ºÍÀ´±öÕÊ»§¡£¡¡¡¡¡¡¡¡
´´½¨Ðé¼Ù¹ÜÀíÔ±ÕÊ»§¡¡¡¡¡¡¡¡´´½¨Ðé¼Ù¹ÜÀíÔ±ÕÊ»§½«Ôö¼ÓÒ»¸ö¸½¼ÓµÄ±£»¤²ã¡£ ÕâÑù¿ÉÒÔÒýÓÕÆóͼ¶Ô¹ÜÀíÔ±ÕÊ»§ÊµÊ©ÃÜÂë¹¥»÷µÄ¹¥»÷ÕßÈ¥¹¥»÷ûÓÐÌØȨµÄÕÊ»§£¬Òò´Ë¹¥»÷ÕߺÜÄÑ·¢ÏÖÄúµÄÒÑÃüÃûµÄ¹ÜÀíÔ±ÕÊ»§¡£ ÁíÒ»Öֺð취ÊÇ£¬Í¨¹ýÈ·±£´ËÐé¼ÙÕÊ»§²»±»Ëø¶¨£¬²¢Îª´ËÕÊ»§ÉèÖÃÇ¿ÃÜÂ룬ÑÓ»º¹¥»÷Õß½øÐй¥»÷¡£ ÔÚ´´½¨Ðé¼ÙÕÊ»§Ö®ºó£¬ÄúÓ¦¸ÃÈ·±£´ËÕÊ»§²»ÊÇÓÐÌØȨµÄ°²È«×é³ÉÔ±£¬È»ºó¼àÊÓ´ËÕÊ»§µÄʹÓ㬲鿴ÊÇ·ñ³öÏֵǼʧ°ÜµÈÒâÍâ»î¶¯¡£ ÓйØÏêϸÐÅÏ¢£¬Çë²ÎÔÄ www.microsoft.com/technet/security/topics/networksecurity/sec_ad_admin_groups.mspx ÉϵÄ֪ʶ¿âÎÄÕ Securing Active Directory Administrative Groups and Accounts¡£¡¡¡¡¡¡¡¡
ÔÚÓòÖд´½¨Ðé¼Ù¹ÜÀíÔ±ÕÊ»§¡¡¡¡¡¡¡¡1.×÷Ϊ Domain Admins ×é³ÉÔ±µÇ¼£¬È»ºó´ò¿ª¡°Active Directory Óû§ºÍ¼ÆËã»ú¡±¡£¡¡¡¡¡¡¡¡2.ÓÒ¼üµ¥»÷¡°Users¡±ÈÝÆ÷£¬Ö¸Ïò¡°Ð½¨¡±£¬È»ºóµ¥»÷¡°Óû§¡±¡£¡¡¡¡¡¡¡¡3.ÔÚ¡°Ãû¡±ºÍ¡°Óû§µÇ¼Ãû¡±ÖмüÈë Administrator£¬È»ºóµ¥»÷¡°ÏÂÒ»²½¡±¡£¡¡¡¡¡¡¡¡4.¼üÈ벢ȷÈÏÃÜÂë¡£¡¡¡¡¡¡¡¡5.Çå³ý¡°Óû§Ï´εǼʱÐë¸ü¸ÄÃÜÂ롱¸´Ñ¡¿ò£¬È»ºóµ¥»÷¡°ÏÂÒ»²½¡±¡£¡¡¡¡¡¡¡¡6.ÑéÖ¤Ðé¼ÙÕÊ»§ÐÅÏ¢ÊÇ·ñÕýÈ·£¬È»ºóµ¥»÷¡°Íê³É¡±¡£¡¡¡¡¡¡¡¡7.ÔÚÏêϸÐÅÏ¢´°¸ñÖУ¬ÓÒ¼üµ¥»÷¡°¹ÜÀíÔ±¡±£¬È»ºóµ¥»÷¡°ÊôÐÔ¡±¡£¡¡¡¡¡¡¡¡8.µ¥»÷¡°³£¹æ¡±Ñ¡Ï¡£ ÔÚ¡°ËµÃ÷¡±¿òÖУ¬¼üÈë¹ÜÀí¼ÆËã»ú/ÓòµÄÄÚÖÃÕÊ»§£¬È»ºóµ¥»÷¡°È·¶¨¡±¡£¡¡¡¡¡¡¡¡
´´½¨Ðé¼ÙµÄ±¾µØ¹ÜÀíÔ±ÕÊ»§¡¡¡¡¡¡¡¡1.×÷Ϊ±¾µØ¹ÜÀíÔ±×é³ÉÔ±µÇ¼£¬È»ºóÔÚ¼ÆËã»ú¹ÜÀí¿ØÖÆ̨Öдò¿ª±¾µØÓû§ºÍ×é¹ÜÀíµ¥Ôª¹¤¾ß¡£¡¡¡¡¡¡¡¡2.ÔÚ¿ØÖÆ̨Ê÷ÖУ¬Õ¹¿ª¡°±¾µØÓû§ºÍ×顱¡£¡¡¡¡¡¡¡¡3.ÓÒ¼üµ¥»÷¡°Users¡±ÈÝÆ÷£¬È»ºóµ¥»÷¡°Ð½¨Óû§¡±¡£¡¡¡¡¡¡¡¡4.ÔÚ¡°Óû§Ãû¡±¿òÖУ¬¼üÈë Administrator¡£ ÔÚ¡°ËµÃ÷¡±¿òÖУ¬¼üÈë¹ÜÀí¼ÆËã»ú/ÓòµÄÄÚÖÃÕÊ»§¡£¡¡¡¡¡¡¡¡5.¼üÈ벢ȷÈÏÃÜÂë¡£¡¡¡¡¡¡¡¡6.Çå³ý¡°Óû§Ï´εǼʱÐë¸ü¸ÄÃÜÂ롱¸´Ñ¡¿ò¡£¡¡¡¡¡¡¡¡7.µ¥»÷¡°´´½¨¡±¡£¡¡¡¡¡¡¡¡
´´½¨´ÎÒª¹ÜÀíÔ±ÕÊ»§²¢½ûÓÃÄÚÖÃÕÊ»§¡¡¡¡¡¡¡¡¼´Ê¹Äú²»Ê¹ÓùÜÀíµÄÖն˷þÎñ£¬»òÔÊÐí·Ç¹ÜÀíÓû§·ÃÎÊÄúµÄ·þÎñÆ÷£¬×îºÃµÄ×ö·¨ÊÇ´´½¨ÆäËûÓû§×÷Ϊ¹ÜÀí·þÎñÆ÷µÄ´ÎÒª¹ÜÀíÔ±ÕÊ»§¡£ ÄúÓ¦¸Ã½«´ËÓû§ÉèÖÃΪ¹ÜÀíÔ±×é³ÉÔ±¡£ ÔÚ´´½¨´ÎÒªÕÊ»§Ö®ºó£¬Äú¿ÉÒÔ½ûÓÃÄÚÖùÜÀíÔ±ÕÊ»§¡£¡¡¡¡¡¡¡¡
´´½¨´ÎÒª¹ÜÀíÔ±ÕÊ»§¡¡¡¡¡¡¡¡1.×÷Ϊ¹ÜÀíÔ±µÇ¼£¬È»ºó´ò¿ª¡°Active Directory Óû§ºÍ¼ÆËã»ú¡±¡£¡¡¡¡¡¡¡¡2.ÓÒ¼üµ¥»÷¡°Users¡±ÈÝÆ÷£¬Ö¸Ïò¡°Ð½¨¡±£¬È»ºóµ¥»÷¡°Óû§¡±¡£¡¡¡¡¡¡¡¡3.ÔÚ¡°Ãû¡±ºÍ¡°Óû§µÇ¼Ãû¡±ÖмüÈë<Óû§Ãû>£¬È»ºóµ¥»÷¡°ÏÂÒ»²½¡±¡£¡¡¡¡¡¡¡¡4.¼üÈ벢ȷÈÏÇ¿ÃÜÂë¡£¡¡¡¡¡¡¡¡5.Çå³ý¡°Óû§Ï´εǼʱÐë¸ü¸ÄÃÜÂ롱¸´Ñ¡¿ò£¬È»ºóµ¥»÷¡°ÏÂÒ»²½¡±¡£¡¡¡¡¡¡¡¡6.ÑéÖ¤ÕÊ»§ÐÅÏ¢ÊÇ·ñÕýÈ·£¬È»ºóµ¥»÷¡°Íê³É¡±¡£¡¡¡¡¡¡¡¡7.ÔÚÏêϸÐÅÏ¢´°¸ñÖУ¬ÓÒ¼üµ¥»÷¡°Óû§Ãû¡±£¬È»ºóµ¥»÷¡°ÊôÐÔ¡±¡£¡¡¡¡¡¡¡¡8.µ¥»÷¡°³ÉÔ±ÊôÓÚ¡±Ñ¡Ï£¬µ¥»÷¡°Ìí¼Ó¡±£¬¼üÈë administrators£¬µ¥»÷¡°¼ì²éÃû³Æ¡±£¬È»ºóµ¥»÷¡°È·¶¨¡±¡£¡¡¡¡¡¡¡¡9.Ôٴε¥»÷¡°È·¶¨¡±¹Ø±Õ¡°ÊôÐÔ¡±Ò³¡£¡¡¡¡¡¡¡¡
½ûÓÃÄÚÖùÜÀíÔ±ÕÊ»§¡¡¡¡¡¡¡¡1.×÷ΪÄú¸Õ´´½¨µÄ´ÎÒª¹ÜÀíÔ±ÕÊ»§µÇ¼£¬È»ºó´ò¿ª¡°Active Directory Óû§ºÍ¼ÆËã»ú¡±¡¡¡¡¡¡¡¡2.µ¥»÷¡°Users¡±ÈÝÆ÷£¬ÓÒ¼üµ¥»÷ÄÚÖùÜÀíÔ±ÕÊ»§Ãû³Æ£¬È»ºóµ¥»÷¡°ÊôÐÔ¡±¡£¡¡¡¡¡¡¡¡3.µ¥»÷¡°ÕÊ»§¡±Ñ¡Ï¡£¡¡¡¡¡¡¡¡4.ÔÚ¡°ÕÊ»§Ñ¡ÏÏ£¬ÏòϹö¶¯£¬È»ºóÑ¡Ôñ¡°ÕÊ»§ÒÑÍ£Óᱸ´Ñ¡¿ò¡£¡¡¡¡¡¡¡¡5.µ¥»÷¡°È·¶¨¡±¡£¡¡¡¡¡¡¡¡¾¯¸æ£ºÔÚ½ûÓÃÄÚÖùÜÀíÔ±ÕÊ»§Ê±£¬Äú±ØÐëÈ·¶¨ÊÇ·ñ´æÔÚ¾ßÓÐÏàÓ¦µÄ¹ÜÀíÔ±ÌØȨµÄÆäËûÕÊ»§¡£ Èç¹ûÄúÔÚûÓÐÈ·¶¨ÊÇ·ñÓÐÆäËûÕÊ»§µÄÇé¿öϽûÓÃÄÚÖùÜÀíÔ±ÕÊ»§£¬Äú¿ÉÄÜ»áʧȥ¶ÔÓòµÄ¹ÜÀíȨ£¬Äú¿ÉÄÜÐèÒªÖ´ÐÐϵͳ»¹Ô»òÖØа²×°ÏµÍ³²ÅÄÜÖØлñµÃ¹ÜÀíȨ¡£¡¡¡¡¡¡¡¡
ΪԶ³Ì¹ÜÀíÔ±µÇ¼ÆôÓÃÕÊ»§Ëø¶¨¡¡¡¡¡¡¡¡×èÖ¹¹¥»÷ÕßʹÓÃÄÚÖùÜÀíÔ±ÕÊ»§ºÍÃÜÂëƾ¾ÝµÄÒ»ÖÖ·½·¨ÊÇ£¬¸ù¾ÝÕÊ»§²ßÂÔ£¬ÔÊÐí¹ÜÀíÔ±ÕÊ»§ÔÚ·¢ÉúÌض¨´ÎÊýµÄµÇ¼ʧ°ÜÖ®ºó±»Ëø¶¨ÔÚÍøÂçÖ®Íâ¡£ ĬÈÏÇé¿öÏ£¬²»ÄÜËø¶¨ÄÚÖùÜÀíÔ±ÕÊ»§£»µ«ÊÇ£¬Äú¿ÉÒÔʹÓà passprop.exe£¨Microsoft Windows 2000 Server Resource Kit ÖеÄÃüÁîÐгÌÐò£©ÎªÊ¹ÓùÜÀíÔ±ÕÊ»§µÄÔ¶³ÌµÇ¼ÆôÓÃÕÊ»§Ëø¶¨¡£ ÔÚʹÓà /ADMINLOCKOUT ¿ª¹ØÔËÐÐ passprop ʵÓóÌÐòʱ£¬ÄúÓ¦¸ÃÈ·±£¹ÜÀíÔ±ÕÊ»§ÊÜÕÊ»§Ëø¶¨²ßÂÔÔ¼Êø¡£ ÔÚ Windows 2000 Server ÖУ¬Õâ½öÊÊÓÃÓÚÔ¶³ÌµÇ¼£¬ÒòΪÎÞ·¨ÔÚ±¾µØ¼ÆËã»úÉÏËø¶¨ÄÚÖùÜÀíÔ±ÕÊ»§£¬´Ë³ÌÐòÔÊÐíÄú±£»¤¹ÜÀíÔ±ÕÊ»§ÃâÊÜÍøÂç¹¥»÷£¬µ«ÊÇÈÔÔÊÐí½»»¥Ê½·ÃÎÊ¡£¡¡¡¡¡¡¡¡¾¯¸æ£ºÔÚ Windows Server 2003 ÖУ¬passprop ÔÊÐíÄúͨ¹ý½»»¥Ê½µÇ¼ºÍÔ¶³ÌµÇ¼À´Ëø¶¨ÄÚÖùÜÀíÔ±ÕÊ»§¡£¡¡¡¡¡¡¡¡Äú¿ÉÒÔʹÓà passprop ¸½´øµÄÏÂÁÐÕÊ»§Ëø¶¨¿ª¹Ø£º¡¡¡¡¡¡¡¡passprop [/adminlockout] [/noadminlockout]¡¡¡¡¡¡¡¡/adminlockout ¿ª¹ØÓÃÓÚËø¶¨¹ÜÀíÔ±¡£¡¡¡¡¡¡¡¡/noadminlockout ¿ª¹ØÓÃÓÚÈ¡ÏûËø¶¨¹ÜÀíÔ±¡£¡¡¡¡¡¡¡¡×¢£ºÔÚÆôÓôËÉèÖÃʱ£¬¹ÜÀíÔ±ÕÊ»§½«±»Ëø¶¨£¬ÈκÎÈ˶¼ÎÞ·¨Ê¹ÓùÜÀíÔ±ÕÊ»§½øÐÐÔ¶³Ì¹ÜÀí¡£¡¡¡¡¡¡¡¡
´´½¨Ç¿¹ÜÀíÔ±ÃÜÂë¡¡¡¡¡¡¡¡Ê¹ÓÃÄÚÖùÜÀíÔ±ÕÊ»§µÄÇ¿ÃÜÂë¡£ Ç¿ÃÜÂë¿ÉÒÔ×î´ó³Ì¶ÈµØ¼õÉٲ²âÃÜÂë²¢»ñµÃ¹ÜÀíÔ±ÕÊ»§Æ¾¾ÝµÄ¹¥»÷ÕߵĹ¥»÷¡£ Ç¿¹ÜÀíÔ±ÕÊ»§ÃÜÂëÓ¦¸Ã£º¡¡¡¡¡¡¡¡ÖÁÉÙ°üº¬ 15 ¸ö×Ö·û¡£¡¡¡¡¡¡¡¡²»°üº¬ÕÊ»§Ãû¡¢Êµ¼ÊÐÕÃû»ò¹«Ë¾Ãû³Æ¡£¡¡¡¡¡¡¡¡²»°üº¬×ÖµäÖеÄÍêÕûµ¥´Ê¡¢ÈκÎÓïÑÔÖеÄÙµÓï»òÐл°¡£¡¡¡¡¡¡¡¡ÒªÃ÷ÏÔ²»Í¬ÓÚÒÔÇ°µÄÃÜÂë¡£ µÝÔöµÄÃÜÂ루PassWord1¡¢Password2¡¢Password3...£©²»ÊÇÇ¿ÃÜÂë¡£¡¡¡¡¡¡¡¡°üº¬À´×ÔϱíÖÐÁгöµÄÎå×éÖÐÈý×éÒÔÉϵÄ×Ö·û¡£¡¡¡¡¡¡¡¡±í 3.1 Ç¿¹ÜÀíÔ±ÃÜÂëµÄ×Ö·ûÀàÐÍ¡¡¡¡¡¡¡¡×Ö·ûÀàÐÍ¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡ ʾÀý¡¡¡¡¡¡¡¡´óд×Öĸ¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡A¡¢B¡¢C...¡¡¡¡¡¡¡¡Ð¡Ð´×Öĸ¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡a¡¢b¡¢c...¡¡¡¡¡¡¡¡Êý×Ö¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡0¡¢1¡¢2¡¢3...¡¡¡¡¡¡¡¡·Ç×ÖĸÊý×Ö¼üÅÌ·ûºÅ¡¡¡¡¡¡` ~ ! @ # $ % ^ & * ( ) _ + - = { } [ ] \ : " ; ' < > ? , . /¡¡¡¡¡¡¡¡Unicode ×Ö·û¡¡¡¡¡¡¡¡¡¡¡¡€¡¢G¡¢?¡¢?¡¡¡¡¡¡¡¡
ʹÓÃÃÜÂë¶ÌÓï¶ø²»ÊÇÃÜÂë¡¡¡¡¡¡¡¡´´½¨²»±ØдϵÄÇ¿ÃÜÂëµÄ×î¼òµ¥·½·¨ÊÇʹÓÃÃÜÂë¶ÌÓï¡£ ʵÖÊÉÏ£¬ÃÜÂë¶ÌÓïÊÇÈÝÒ׼ǵľä×Ó£¬ÀýÈç¡°My son Aiden is three years older than my daughter Anna¡±¡£ ʹÓô˾äÖÐÿ¸öµ¥´ÊµÄÊ××Öĸ£¬Äú¿ÉÒÔ´´½¨Ò»¸öºÜºÃµÄÇ¿ÃÜÂë¡£ ÀýÈ磬¡°msaityotmda¡±¡£ ²»¹ý£¬Äú»¹¿ÉÒÔʹÓôóСд×Öĸ¡¢Êý×ֺͿ´ËÆ×ÖĸµÄÌØÊâ×Ö·ûµÄ×éºÏʹ´ËÃÜÂë¸üÄÑÒÔÆƽ⡣ ÀýÈ磬ʹÓÃͬÑùÒ×ÓÚ¼ÇÒäµÄ¾ä×ÓºÍÉÙÐí¼¼ÇÉ£¬ÃÜÂë±ã³ÉÁË M$"8ni3y0tmd@¡£¡¡¡¡¡¡¡¡ËäÈ»ÃÜÂë¶ÌÓïÒ×ÊÜ×ֵ乥»÷£¬µ«´ó¶àÊýÉÌÒµÃÜÂëÆƽâÈí¼þ²»Äܼì²é³¬¹ý 14 ¸ö×Ö·ûµÄÃÜÂë¡£ Èç¹ûÓû§Ê¹Óýϳ¤µÄÃÜÂë¶ÌÓËûÃǵÄÃÜÂ벻̫¿ÉÄܻᱻÆƽ⣬Ó봫ͳǿÃÜÂëÏà±È£¬´ËÃÜÂë¶ÌÓï¸üÒ×ÓÚ±»ËûÃǼÇס¡£ Èç¹ûÃÜÂë¶ÌÓïÒ×ÓÚ¼ÇÒ䣬Óû§¼¸ºõ²»ÐèÒª¼ÇÏÂÃÜÂë¡£ Ç¿ÃÜÂë¶ÌÓïµÄºÜºÃµÄʾÀý£º¡¡¡¡¡¡¡¡I @te 4 tacos for lunch tod@y!¡¡¡¡¡¡¡¡I re@lly want to buy 11 Dogs!¡¡¡¡¡¡¡¡ÕâЩʾÀýÊÇÒ»¸ö³¬³¤µÄÃÜÂë¶ÌÓ°üº¬ 20 ¶à¸ö×Ö·û£¬ÆäÖаüÀ¨À´×Ô¿ÉÄܵÄÎå×éÖеÄËÄ×éµÄ×Ö·û¡£ ËüÃDz»ÊÇÖÚËùÖÜÖªµÄ¶ÌÓµ«ÊÇËüÃÇÔ¶Ô¶±È°üº¬Óɲ»Ïà¹ØµÄ×Ö·û¡¢·ûºÅºÍûÓÐʵ¼ÊÒâÒåµÄ±êµã·ûºÅ×é³ÉµÄ×ÖĸÊý×Ö×Ö·û×éºÏµÄ 15 ×Ö·ûÃÜÂëÈÝÒ×¼ÇÒä¡£¡¡¡¡¡¡¡¡
²»ÒªÊ¹ÓÿյĻòÈõ¹ÜÀíÔ±ÃÜÂë¡¡¡¡¡¡¡¡ËäÈ»ÕâÑù»á´øÀ´ÑÏÖصݲȫ·çÏÕ£¬µ«Ä³Ð©×éÖ¯ÈÔΪ¹ÜÀíÔ±ÕÊ»§ÉèÖÃÈõÃÜÂë»ò¿ÕÃÜÂë¡£ ¿ÕÃÜÂë»òÈõÃÜÂë´ú±íÍøÂçÉÏ×î³£¼ûµÄ°²È«Â©¶´Ö®Ò»£¬ÎªÈëÇÖÕßÌṩÁËÒ»¸ö×îÈÝÒ×¹¥»÷µÄ·ÃÎʵ㡣¡¡¡¡¡¡¡¡Èç¹ûÄúΪ¹ÜÀíÔ±ÕÊ»§ÉèÖÿÕÃÜÂë»òÈõÃÜÂ룬¶ñÒâÓû§Ê¹Óûù±¾µÄ×Ö·û×éºÏ¾Í¿ÉÒÔ·ÃÎÊÄúµÄ¼ÆËã»ú£¬ÀýÈçÔÚ¡°Óû§Ãû¡±¿òÖÐÊäÈë¡°Administrator¡±£¬ÔÚ¡°ÃÜÂ롱¿òÖв»ÊäÈëÈκÎÄÚÈÝ»òÊäÈë¡°administrator¡±¡£ ¿ÕÃÜÂëºÍÈõÃÜÂëΪÆóͼÆƽâÃÜÂëµÄ¹¥»÷Õߴ󿪷½±ãÖ®ÃÅ£¬Ò×ÊÜ×ֵ乥»÷£¬¹¥»÷Õß¿ÉÒÔÓÐÌõ²»ÎɵØÖðÒ»³¢ÊÔÿ¸öµ¥´Ê£¬²¢¿ÉÒÔʹÓó£¼û×Ö·ûÐòÁУ¨ÀýÈçÏßÐÔ×éºÏµÄ A-Z ºÍ 0-9£©½øÐÐÇ¿Á¦¹¥»÷¡£¡¡¡¡¡¡¡¡ËäÈ»Á¼ºÃµÄÃÜÂëÎÞ·¨±£Ö¤ÈëÇÖÕß²»ÄÜ·ÃÎÊÄúµÄÍøÂ磬µ«ÊÇËüÌṩÁ˵ÚÒ»µÀ¼á¹Ì·ÀÏß¡£¡¡¡¡¡¡¡¡
Ç¿ÖÆʹÓÃÇ¿ÃÜÂë¡¡¡¡¡¡¡¡ÄúÓ¦¸ÃÈ·±£Äú×éÖ¯µÄÍøÂç¹ÜÀíԱʹÓÃÇ¿ÃÜÂë¡£ ÔÚ Windows 2000 Server ºÍ Windows Server 2003 ÖУ¬Äú¿ÉÒÔʹÓÃ×é²ßÂÔÀ´Ç¿ÖÆʹÓÃÇ¿ÃÜÂë¡£¡¡¡¡¡¡¡¡ÓйØÇ¿ÃÜÂëºÍ°²È«ÃÜÂëµÄÏêϸÐÅÏ¢£¬Çë²ÎÔÄ www.microsoft.com/smallbusiness/gtm/securityguidance/articles/enforce_strong_passwords.mspx É쵀 Enforcing Strong Password Usage Throughout Your Organization °×ƤÊéºÍ www.microsoft.com/smallbusiness/gtm/securityguidance/articles/select_sec_passwords.mspx É쵀 Selecting Secure Passwords °×ƤÊé¡£¡¡¡¡¡¡¡¡
¶¨ÆÚ¸ü¸Ä¹ÜÀíÔ±ÃÜÂë¡¡¡¡¡¡¡¡ÄúÓ¦¸Ã¶¨ÆÚ¸ü¸ÄÄúµÄÌØȨÕÊ»§ÃÜÂë¡£ ¸ù¾ÝÕÊ»§Ð¹ÃܶÔÄúµÄ×éÖ¯µÄÓ°Ï죬ȷ¶¨Ã¿´Î¸ü¸ÄÖ®¼äµÄʱ¼ä¼ä¸ô¡£ ÓйØÈçºÎÈ·¶¨´ËÓ°ÏìµÄÖ¸µ¼ÔÔò£¬Çë²ÎÔÄ www.microsoft.com/technet/security/guidance/secrisk/default.mspx É쵀 The Security Risk Management Guide¡£¡¡¡¡¡¡¡¡ÄúÓ¦¸Ã¶¨ÆÚ¸ü¸ÄÄúµÄ±¾µØ¹ÜÀíÔ±ÕÊ»§µÄÃÜÂë¡£ Äú¿ÉÒÔʹÓà Microsoft Windows 2000 Server Resource Kit Öаüº¬µÄ cusrmgr.exe ¹¤¾ßÀ´¶Ô·þÎñÆ÷ºÍ¹¤×÷Õ¾×Ô¶¯½øÐд˲Ù×÷¡£ ÓйØÈçºÎʹÓà cusrmgr.exe µÄÏêϸÐÅÏ¢£¬Çë²ÎÔÄ http://support.microsoft.com/kb/272530 ÉϵÄ֪ʶ¿âÎÄÕ How to Use the Cusrmgr.exe Tool to Change Administrator Account Password on Multiple Computers¡£¡¡¡¡¡¡¡¡ÁíÍ⣬ÄúÓ¦¸Ã¶¨ÆÚÔÚÓò¿ØÖÆÆ÷Éϸü¸ÄĿ¼·þÎñ»¹Ôģʽ (DSRM) ¹ÜÀíÔ±ÃÜÂë¡£ Windows 2000 ʹÓà setpwd ʵÓóÌÐòÖØÖà DSRM ÃÜÂë¡£ ÔÚ Windows Server 2003 ÖУ¬Ntdsutil ¹¤¾ßÌṩ´Ë¹¦ÄÜ¡£ Äú¿ÉÒÔÔ¶³ÌʹÓÃÕâÁ½ÖÖ¹¤¾ß¡£¡¡¡¡¡¡¡¡
×Ô¶¯É¨ÃèÈõÃÜÂë¡¡¡¡¡¡¡¡ÈõÃÜÂëºÍ¿ÕÃÜÂëÃ÷ÏÔΣ¼°×éÖ¯µÄÍøÂçµÄ×ÜÌ尲ȫ¡£ ×éÖ¯Ó¦¸Ã¿ª·¢»ò¹ºÂò×Ô¶¯É¨Ãè»ò²âÊÔ¿ÕÃÜÂëºÍÈõÃÜÂëµÄÈí¼þ¡£¡¡¡¡¡¡¡¡´ËÀ๤¾ßʹÓÃÁ½ÖÖ»ù±¾·½·¨£º¡¡¡¡¡¡¡¡Áª»úʹÓó£¼ûÈõÃÜÂë³¢ÊÔ¶à´ÎµÇ¼ÍøÂç¡£ Microsoft Baseline Security Analyzer (MBSA) ÊÇ´ËÀ๤¾ßµÄÒ»¸öʵÀý¡£ ½¨Ò鲻ҪʹÓô˷½·¨£¬ÒòΪÁª»ú·½·¨¿ÉÄܵ¼ÖÂÔÚÆôÓÃÕÊ»§Ëø¶¨Ê±¾Ü¾ø·þÎñ¡£¡¡¡¡¡¡¡¡ÍÑ»úÃÜÂëɨÃè¡£ ¿ÉÒÔʹÓÃijЩµÚÈý·½ÍÑ»úɨÃ蹤¾ß£¬ËüÃÇÔÊÐí¹ÜÀíԱʶ±ð²¢ÐÞ²¹ÓÉÓÚÈõÃÜÂë»òÈÝÒײ²âµÄÃÜÂë¶øµ¼Öµİ²È«Â©¶´£¬´Ó¶ø¿ÉÒÔ°ïÖú½µµÍ×éÖ¯µÄ°²È«·çÏÕ¡£ ͨ³££¬ÕâЩ¹¤¾ßÏÈɨÃèÈõÃÜÂ룬ȻºóÌṩÃÜÂëÖÊÁ¿ÆÀ·Ö¡¢±¨¸æºÍÐÞ²¹¹¦ÄÜ¡£ ½¨ÒéʹÓô˷½·¨À´²âÊÔÈõÃÜÂë¡£¡¡¡¡¡¡¡¡ÔÚʶ±ðʹÓÿÕÃÜÂë»òÈõÃÜÂëµÄÕÊ»§Ö®ºó£¬Ê¼þÏìÓ¦Ó¦¸Ã×ñÑÄú×éÖ¯Öƶ¨µÄʼþÏìÓ¦ÐÒé¡£ ʼþÏìÓ¦ÐÒéµÄijЩʵÀý£º¡¡¡¡¡¡¡¡×Ô¶¯ÏµÍ³½«ÕÊ»§ÃÜÂëÖØÖÃΪǿÃÜÂë¡£¡¡¡¡¡¡¡¡×Ô¶¯ÏµÍ³½«µç×ÓÓʼþ·¢Ë͸ø·þÎñÆ÷µÄËùÓÐÕßÒÔÇëÇóÖØÖÃÃÜÂë¡£¡¡¡¡¡¡¡¡ÑÓ³ÙµÄÏìÓ¦¿ÉÄÜ»áÑÓ³¤·þÎñÆ÷°²È«Â©¶´´æÔÚµÄʱ¼ä¡£¡¡¡¡¡¡¡¡Ê¹Óà Microsoft Baseline Security Analyzer ɨÃèÃÜÂë¡¡¡¡¡¡¡¡Äú¿ÉÒÔʹÓà www.microsoft.com/technet/security/tools/mbsahome.mspx ÉÏÌṩµÄ Microsoft Baseline Security Analyzer (MBSA) ¹¤¾ß£¬É¨ÃèÍøÂçÉϵÄÿ̨¼ÆËã»ú²¢ËÑË÷ÈõÃÜÂë¡£¡¡¡¡¡¡¡¡ÔÚÆäËû°²È«²âÊÔ¹ý³ÌÖУ¬MBSA ¿ÉÒÔö¾ÙËùÓÐÓû§ÕÊ»§²¢¼ì²éÏÂÁÐÃÜÂëÈõµã£º¡¡¡¡¡¡¡¡ÃÜÂëΪ¿Õ¡¡¡¡¡¡¡¡ÃÜÂëÓëÓû§ÕÊ»§Ãû³ÆÏàͬ¡¡¡¡¡¡¡¡ÃÜÂëÓë¼ÆËã»úÃûÏàͬ¡¡¡¡¡¡¡¡ÃÜÂëʹÓõ¥´Ê¡°password¡±¡¡¡¡¡¡¡¡ÃÜÂëʹÓõ¥´Ê¡°admin¡±»ò¡°administrator¡±¡¡¡¡¡¡¡¡´ËɨÃè½áÊøÖ®ºó£¬´Ë¹¤¾ß»¹Í¨ÖªÄúÈκÎÒѽûÓõĻòµ±Ç°Ëø¶¨µÄÕÊ»§¡£¡¡¡¡¡¡¡¡ÎªÁËÍê³É´Ë²âÊÔ£¬MBSA ³¢ÊÔʹÓÃÕâЩÃÜÂëÀ´¸ü¸ÄÄ¿±ê¼ÆËã»úµÄÃÜÂë¡£ MBSA ²»»áÖØÖûòÓÀ¾Ã¸ü¸ÄÃÜÂ룬µ«ÊÇÈç¹ûÄúµÄÃÜÂë²»ÊÇÇ¿ÃÜÂ룬Ëü»á¾¯¸æÄú´æÔÚ°²È«·çÏÕ¡£¡¡¡¡¡¡¡¡
½öÔÚÊÜÐÅÈμÆËã»úÉÏʹÓùÜÀíƾ¾Ý¡¡¡¡¡¡¡¡È·±£Äú×éÖ¯µÄ¹ÜÀíÔ±´Ó²»Ê¹ÓÃÆä¹ÜÀíƾ¾ÝÀ´µÇ¼µ½ËûÃÇûÓжÔÆäÍêÈ«¿ØÖƵÄȨÏ޵ļÆËã»ú¡£ »÷¼ü¼Ç¼³ÌÐò»òÆÁĻɨÃè³ÌÐò¿ÉÄÜ»áÔÚ¼ÆËã»úÉÏÔËÐУ¬²¢²¶»ñ¹ÜÀíÔ±µÄÃÜÂëƾ¾Ý¡£¡¡¡¡¡¡¡¡»÷¼ü¼Ç¼³ÌÐòÊÇÒ»ÖÖÎÞÌáʾ°²×°µÄ¼äµýÈí¼þ³ÌÐò£¬ÔËÐÐÔÚÓû§¼ÆËã»úµÄºǫ́ÉÏ¡£ ¼äµýÈí¼þ³ÌÐòÔ±½«»÷¼ü¼Ç¼³ÌÐòÉè¼ÆΪÔÚδ¾Óû§Í¬Òâ»òÓû§²»ÖªµÀµÄÇé¿öÏÂÃØÃܵؼǼËùÓл÷¼ü¡£ ´ËÐÅÏ¢½«±»´æ´¢ÒÔ¹©½«À´¼ìË÷£¬»ò±»´«Êä¸ø»÷¼ü¼Ç¼³ÌÐòµÄ¿ª·¢ÕßÒÔ½øÐмì²é¡£ »÷¼ü¼Ç¼³ÌÐò¿ÉÒԼǼËùÓл÷¼ü£¬°üÀ¨ÃÜÂë»òÐÅÓÿ¨ºÅÂëµÈ¸öÈËÐÅÏ¢¡£ ËüÃÇ»¹¿ÉÒԼǼËùÓдø¸½¼þµÄµç×ÓÓʼþ»òÔÚÏßÁÄÌì»á»°¡£¡¡¡¡¡¡¡¡Í¨¹ý¼ì²éÏÔʾÆÁÉϵÄʵ¼ÊÉϲ»ÓÃÓÚÊý¾Ý´«Êä»ò³ÌÐò¼ì²éµÄÄÚÈÝ£¬È»ºóÒÔÒ»ÖÖÒ׶ÁµÄͼÐÎÓû§½çÃæ (GUI) ¸ñʽÏÔʾ´ËÄÚÈÝ£¬ÆÁĻɨÃè³ÌÐò¿ÉÒÔ´Ó¼ÆËã»ú»ò³ÌÐò²¶»ñ×Ö·ûÊý¾Ý¡£ ½ÏеÄÆÁĻɨÃè³ÌÐòÒÔ Html ¸ñʽÏÔʾÐÅÏ¢£¬ÒÔ±ãʹÓÃä¯ÀÀÆ÷ä¯ÀÀ´ËÐÅÏ¢¡£¡¡¡¡¡¡¡¡
¶¨ÆÚÉóºËÕÊ»§ºÍÃÜÂë¡¡¡¡¡¡¡¡¶¨ÆÚÉóºËÓÐÖúÓÚÈ·±£Óò°²È«µÄÍêÕûÐԺͷÀÖ¹ÌØȨÌáÉý¡£ ÌØȨÌáÉý¿ÉÒÔΪÓû§ÕÊ»§Ìṩδ¾ÊÚȨµÄ¹ÜÀíÌØȨ¡£ ³ý·ÇÄú±£»¤¹ÜÀí¹¦ÄÜ£¬·ñÔò¹¥»÷Õß¿ÉÒÔÔì³É°²È«Â©¶´²¢±Ü¿ª°²È«´ëÊ©¡£ ÀýÈ磬¾ßÓйÜÀíȨÏ޵Ĺ¥»÷Õß¿ÉÒÔ´´½¨¼ÙµÄÓû§ÕÊ»§£¬ÔÚδ¾Ðí¿ÉµÄÇé¿öϽ«ÕÊ»§Ìí¼Óµ½³ÉÔ±×飬ÌáÉýÏÖÓÐÕÊ»§µÄÌØȨ£¬Ìí¼Ó»òÐ޸IJßÂÔ£¬ÒÔ¼°½ûÓð²È«ÉèÖᣡ¡¡¡¡¡¡¡ÄúÓ¦¸Ã¶¨ÆÚÉóºËËùÓÐÓò¼¶¹ÜÀíÓû§ºÍ×飬ÒÔ¼°Ãô¸Ð·þÎñÆ÷ÉϵÄËùÓб¾µØ¹ÜÀíÓû§ºÍ×é¡£ ÓÉÓÚ¹ÜÀíÔ±¿ÉÄÜÓÐÄÜÁ¦£¨µ«²»ÊÇȨÁ¦£©¶ÔËûÃÇ×Ô¼ºµÄ¹ÜÀíÕÊ»§½øÐÐÐ޸ģ¬×éÖ¯±ØÐëÈ·±£ÕÊ»§×ñÑÓò¼¶¹ÜÀíÓû§µÄ°²È«²ßÂÔ¡£ Îñ±ØÒªÉóºËÕâЩÌØȨƾ¾Ý²¢ÈÏʶµ½ÉóºË²¢²»½ö½öÊǼì²éÃÜÂ볤¶È¡£ ÉóºËÒ²ÊÇÒ»ÖÖ²éÃ÷¹ÜÀíÕÊ»§ÒÑÖ´ÐеÄÈÎÎñµÄÓÐÓù¤¾ß¡£ ÔÚÅäÖúÍÆôÓÃÉóºËÖ®ºó£¬Ê¹ÓÃʼþ²é¿´Æ÷²é¿´´´½¨µÄ°²È«ÈÕÖ¾¡£ ¶¨ÆÚÉóºË»¹¿ÉÒÔ¼ì²âδʹÓõÄÓò¼¶¹ÜÀíÕÊ»§¡£ ·Ç»î¶¯µÄÓò¼¶¹ÜÀíÕÊ»§»áΪÍøÂç»·¾³´øÀ´°²È«Â©¶´£¬ÌرðÊÇÔÚ¹¥»÷ÕßÔÚÄú²»Öª²»¾õµÄÇé¿ö϶ÔËûÃǽøÐй¥»÷ʱ¡£ ÄúÓ¦¸Ãɾ³ýÈκÎδʹÓõÄÓò¼¶¹ÜÀíÔ±ÕÊ»§»ò×é¡£¡¡¡¡¡¡¡¡
½ûÖ¹ÕÊ»§Î¯ÅÉ¡¡¡¡¡¡¡¡ÄúÓ¦¸Ã½«ËùÓÐÓò¼¶¹ÜÀíÔ±Óû§ÕÊ»§±êΪ¡°Ãô¸ÐÕÊ»§£¬²»Äܱ»Î¯ÅÉ¡±¡£ ´Ë²Ù×÷ÓÐÖúÓÚ·Àֹͨ¹ý±êΪ¡°¿ÉίÅÉÆäËûÕÊ»§¡±µÄ·þÎñÆ÷Ä£Äâƾ¾Ý¡£¡¡¡¡¡¡¡¡µ±ÍøÂç·þÎñ½ÓÊÜÓû§ÇëÇó²¢¼Ù¶¨ÒªÆô¶¯ÓëÁíÒ»¸öÍøÂç·þÎñµÄÐÂÁ¬½ÓµÄÓû§Éí·Ýʱ£¬½øÐÐίÅÉÉí·ÝÑéÖ¤¡£ ίÅÉÉí·ÝÑéÖ¤¶ÔÓÚÔÚ¶ą̀¼ÆËã»úÉÏʹÓõ¥Ò»µÇ¼¹¦ÄܵĶà²ãÓ¦ÓóÌÐò·Ç³£ÓÐÓᣠÀýÈ磬Óò¿ØÖÆÆ÷×Ô¶¯ÊÜÐÅÈÎÒÔ½øÐÐίÅÉ¡£ Èç¹ûÄúÔÚÎļþ·þÎñÆ÷ÉÏÆôÓüÓÃÜÎļþϵͳ (EFS)£¬±ØÐëÐÅÈδ˷þÎñÆ÷ÒÔ½øÐÐίÅÉ£¬ÒÔ±ã´ú±íÓû§´æ´¢¼ÓÃÜÎļþ¡£ ίÅÉÉí·ÝÑéÖ¤¶ÔÓÚ Internet ÐÅÏ¢·þÎñ (IIS) Ö§³ÖÔÚÆäËû¼ÆËã»úÉÏÔËÐеÄÊý¾Ý¿âµÄ Web ½Ó¿ÚµÄ³ÌÐòÒ²·Ç³£ÖØÒª£¬ÀýÈç Microsoft Exchange Server ÖлòÆóÒµÖ¤Êé°ä·¢»ú¹¹µÄ Web ×¢²áÖ§³ÖÒ³Ã棨Èç¹ûµ¥¶ÀµÄ Web ·þÎñÆ÷ÍйÜÕâЩҳ£©ÖÐµÄ Microsoft Outlook? Web Access (OWA)¡£¡¡¡¡¡¡¡¡ÄúÓ¦¸Ã¾Ü¾ø¶Ô²»°²È«µÄ¼ÆËã»úÉÏ Active Directory ÖеļÆËã»úÕÊ»§½øÐÐίÅÉÉí·ÝÑéÖ¤µÄȨÏÞ£¬²¢¾Ü¾øÓò¹ÜÀíÔ±ÕÊ»§µÄȨÏÞ¡£ Óò¹ÜÀíÔ±ÕÊ»§ÓÐȨ·ÃÎÊÃô¸Ð×ÊÔ´£¬Ò»µ©Ãô¸Ð×ÊÔ´±»Ð¹Â©£¬¾Í»á¶ÔÄúµÄ×éÖ¯´øÀ´ÑÏÖصķçÏÕ¡£ ÓйØÏêϸÐÅÏ¢£¬Çë²ÎÔÄ www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dsscc_aut_vwcs.asp ÉÏ Windows Server 2003 Deployment Kit ÖÐµÄ Enabling Delegated Authentication Ö÷Ìâ¡£¡¡¡¡¡¡¡¡
¿ØÖƹÜÀíµÇ¼¹ý³Ì¡¡¡¡¡¡¡¡Administrators ×é¡¢Enterprise Admins ×é¼° Domain Admins ×éµÄ³ÉÔ±´ú±íÁËÿ¸öµ¥¶ÀµÄÓòÖÐȨÏÞ×î¸ßµÄÕÊ»§¡£ Òª×î´ó³Ì¶ÈµØ½µµÍ°²È«·çÏÕ£¬ÇëÖ´Ðб¾Ö¸ÄϵĺóÐø²¿·ÖÖÐÃèÊöµÄ²½Ö裬ÒÔÇ¿ÖÆʹÓÃÇ¿¹ÜÀíƾ¾Ý¡£¡¡¡¡¡¡¡¡
ÒªÇóʹÓÃÖÇÄÜ¿¨½øÐйÜÀíµÇ¼¡¡¡¡¡¡¡¡ÒªÖ´ÐÐËùÓйÜÀí¹¦ÄÜ£¬Óò¹ÜÀíÔ±Ó¦¸ÃʹÓöþÔªÉí·ÝÑéÖ¤¡£ ¶þÔªÉí·ÝÑéÖ¤ÐèÒªÁ½ÖÖ¶«Î÷£º¡¡¡¡¡¡¡¡Óû§¾ßÓеĶ«Î÷£¬ÀýÈçÖÇÄÜ¿¨¡¡¡¡¡¡¡¡Óû§ÖªµÀµÄ¶«Î÷£¬ÀýÈç¸öÈ˱êʶºÅ (PIN)¡¡¡¡¡¡¡¡ÒªÇóʹÓÃÕâÁ½ÖÖ¶«Î÷¿ÉÒÔ½µµÍͨ¹ý¹²Ïí¡¢µÁÈ¡»ò¸´ÖÆһԪƾ¾Ý£¨ÀýÈçÓû§ÃûºÍÃÜÂ룩δ¾ÊÚȨ·ÃÎʵķçÏÕ¡£¡¡¡¡¡¡¡¡ÔÚÄú±£»¤Óò¹ÜÀíÔ±ÕÊ»§Ê±£¬¶þÔªÉí·ÝÑéÖ¤ÊÇÒ»¸öÖØÒª»·½Ú£¬ÒòΪ³£¹æµÄÓû§ÃûºÍÃÜÂëÊÇÈÎÒâÎı¾Æ¾¾Ý£¬Í¨³£ÓÉ×ÔÈ»ÓïÑÔ×Ö·û¼¯×é³É¡£ Òò´Ë£¬¶ñÒâÓû§ÔÚÏÂÁÐÇé¿öÏ¿ÉÒÔµÁÈ¡¡¢¹²Ïí»ò¸´ÖÆËüÃÇ£º¡¡¡¡¡¡¡¡ÊÜÐÅÈεÄÓû§Óëδ¾ÊÚȨµÄÓû§¹²ÏíÃÜÂ룬»òÒÔ²»°²È«µÄ·½Ê½¼Ç¼ÃÜÂ루ÀýÈ磬½«¼Ç¼ÃÜÂëµÄ±ã¼ãÕ³ÌùÔÚÏÔʾÆ÷ÉÏ£©¡£¡¡¡¡¡¡¡¡ÒÔ´¿Îı¾¸ñʽ·¢ËÍÃÜÂë¡£¡¡¡¡¡¡¡¡ÔڵǼʱ£¬Ê¹ÓÃÓ²¼þ»òÈí¼þÉ豸²¶»ñͨ¹ý¼üÅÌÊäÈëµÄÄÚÈÝ¡£¡¡¡¡¡¡¡¡Èç¹ûÄúÒªÇóÄúµÄ¹ÜÀíԱʹÓÃÖÇÄÜ¿¨½øÐн»»¥Ê½µÇ¼£¬Õ⽫ǿÖƹÜÀíÓû§Ê¹ÓÃÆä×Ô¼ºµÄÖÇÄÜ¿¨µÇ¼£¬²¢È·±£Ê¹ÓÃËæ»úÉú³ÉµÄ¡¢¼ÓÃÜÐÔÇ¿µÄÓû§ÕÊ»§ÃÜÂë¡£ ÕâЩǿÃÜÂëÓÐÖúÓÚ·ÀÖ¹µÁÈ¡ÈõÃÜÂëÒÔ»ñµÃ¹ÜÀíȨÏÞ¡£¡¡¡¡¡¡¡¡Èç¹ûÄúΪÿ¸ö¹ÜÀíÓû§ÕÊ»§ÆôÓá°½»»¥Ê½µÇ¼±ØÐëʹÓÃÖÇÄÜ¿¨¡±ÕÊ»§Ñ¡ÏÄú¿ÉÒÔÇ¿ÖÆʹÓÃÖÇÄÜ¿¨¡£¡¡¡¡¡¡¡¡ÖÇÄÜ¿¨ PIN ÊǸ÷¸ö¿¨ËùÓÐÕßÉèÖò¢´æ´¢ÔÚ¿¨ÉϵļÓÃÜ´úÂë¡£ ´Ë PIN ÊÇÓû§ÔÚʹÓÃÖÇÄÜ¿¨½øÐÐÉí·ÝÑé֤ʱ±ØÐëÌṩµÄ×Ö·û´®£¬ÒÔ±ã¿ÉÒÔʹÓÃ˽Կ¡£ ÖÇÄÜ¿¨ÉϵÄÿ¸ö˽Կ¾ùÊÇΨһµÄ£¬Õâ±£Ö¤ÁËÉí·ÝÑéÖ¤µÄµ¥Ò»ÐÔ¡£¡¡¡¡¡¡¡¡ÔÚÓò¹ÜÀíÔ±½øÐн»»¥Ê½µÇ¼ʱ£¬ÖÇÄÜ¿¨Éí·ÝÑéÖ¤ÓÈΪÖØÒª¡£ ÖÇÄÜ¿¨¿ÉÒÔʹ¸ºÔð¶ą̀¾ùÐèÒªÉí·ÝÑéÖ¤µÄ·þÎñÆ÷µÄÓò¹ÜÀíÔ±µÄ¹¤×÷¸ü¼ÓÇáËÉ¡£ Äú¿ÉÒÔʹÓþßÓй²Í¬µÄ PIN µÄΨһÖÇÄÜ¿¨À´±£»¤·þÎñÆ÷£¬¶ø²»ÐèÒª¹ÜÀíԱΪÿ̨·þÎñÆ÷£¨Ëû±ØÐë¶ÔÆä½øÐÐÉí·ÝÑéÖ¤£©ÉèÖõ¥¶ÀµÄÃÜÂë¡£¡¡¡¡¡¡¡¡×¢£ºWindows 2000 Server Ö§³ÖʹÓÃÖÇÄÜ¿¨½øÐÐÔ¶³Ì·ÃÎÊ£»µ«ÊÇ£¬ÒªÇó Windows Server 2003 Ö§³ÖʹÓÃÓò¼¶ÕÊ»§µÄÖÇÄÜ¿¨¡£ »¹ÒªÇó Windows Server 2003 ͨ¹ý Secondary Logon ·þÎñµÄ runas ÃüÁîʹÓÃÖÇÄÜ¿¨Æ¾¾Ý¡£¡¡¡¡¡¡¡¡Óò¹ÜÀíԱʹÓÃÖÇÄÜ¿¨£¬²ÉÓñ¾Ö¸ÄϽéÉܵÄÔÔòºÍ×ö·¨£¬¿ÉÒÔ°ïÖú×éÖ¯ÏÔÖøÌá¸ßÆäÍøÂç×ʲúµÄ°²È«¡£¡¡¡¡¡¡¡¡ÓйØʹÓÃÖÇÄÜ¿¨½øÐÐÉí·ÝÑéÖ¤µÄÏêϸÐÅÏ¢£¬Çë²ÎÔÄÏÂÁÐ×ÊÔ´£º¡¡¡¡¡¡¡¡Microsoft TechNet ÍøÕ¾ www.microsoft.com/technet/security/topics/smrtcard/smrtcdcb/default.mspx É쵀 The Smart Card Deployment Cookbook¡£¡¡¡¡¡¡¡¡www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/f65c054e-4cb3-4a6e-84f6-8a9787819df5.mspx É쵀 Planning a Smart Card Deployment¡£¡¡¡¡¡¡¡¡
¹²ÏíÃô¸Ð¹ÜÀíÕÊ»§µÄµÇ¼ƾ¾Ý¡¡¡¡¡¡¡¡¶ÔÓÚÿ¸öÄúÈÏΪÃô¸ÐµÄÕÊ»§£¨ÀýÈ磬Ŀ¼ÁÖ¸ùÓòÖÐ Enterprise Admins »ò Domain Admins ×éµÄÒ»¸ö³ÉÔ±£©£¬Ö¸ÅÉÁ½¸öÓû§¹²Ïí´ËÕÊ»§£¬ÒÔ±ãÕâÁ½¸öÓû§³É¹¦Ê¹ÓôËÕÊ»§µÇ¼¡£ Èç¹ûÄú¹²ÏíÕâЩÕÊ»§£¬½«Ìṩ¹ÌÓС¢Ö±¹ÛµÄÉóºË£º Ò»¸öÓû§¿ÉÒÔ¼àÊÓÁíÒ»¸öÓû§Ö´ÐеIJÙ×÷¡£ ÁíÍ⣬ÕâÑù»¹»á·ÀÖ¹µ¥¸öÓû§×÷Ϊ¹ÜÀíÔ±ÃØÃܵǼ·ÃÎʼÆËã»ú£¬ÒÔÃâ¶ñÒâ¹ÜÀíÔ±ÔÚ±»Ð²ÆȵÄÇé¿öÏÂÍþвµ½¼ÆËã»úµÄ°²È«¡£¡¡¡¡¡¡¡¡Äú¿ÉÒÔ²ÉÓÃʹÓòð·ÖµÄÃÜÂë»òÖÇÄÜ¿¨¼° PIN µÄ¹²Ïí¹ÜÀíÕÊ»§¡£ Èç¹ûÄúʹÓùÜÀíÕÊ»§µÄ»ùÓÚÃÜÂëµÄƾ¾Ý£¬²ð·Ö¹²ÏíÕÊ»§µÄÁ½¸öÓû§µÄÃÜÂ룬ÒÔ±ãÿ¸öÓû§Ö»ÖªµÀÒ»°ëÃÜÂë¡£ ÿ¸öÓû§¾ù¸ºÔð±£»¤Ò»°ëÃÜÂë¡£ ÀýÈ磬Äú¿ÉÒÔ´´½¨Ò»¸ö³ÆΪ Admin1 µÄ¹ÜÀíÕÊ»§£¬Ö¸ÅÉÁ½¸öÊÜÐÅÈÎÓû§£¨Jane ºÍ Bob£©¹²Ïí´ËÕÊ»§¡£ ÿ¸öÓû§¾ù±£»¤Ò»°ëÃÜÂë¡£ Èç¹ûÆäÖÐÒ»¸öÓû§µÇ¼²¢Ê¹ÓôËÕÊ»§£¬ÁíÒ»¸öÓû§±ØÐëÊäÈëÁíÒ»°ëÃÜÂë¡£¡¡¡¡¡¡¡¡¹²Ïí¹ÜÀíÕÊ»§Ñ¡ÏîµÄȱµãÊÇÉóºËµÄÕû¸ö¹ý³ÌÖÐȱ·¦ÔðÈΡ£ ×éÖ¯ÐèÒªÊʵ±µØ²ÉȡijЩÆäËû¿ØÖÆ´ëÊ©£¨ÀýÈçÉãÏñ»ú¼àÊÓ£©£¬ÒÔÈ·±£Óû§Ã»ÓÐÀÄÓÃÕâЩ¹²ÏíÌØȨ¡£¡¡¡¡¡¡¡¡Èç¹ûÄúʹÓùÜÀíÕÊ»§µÄ»ùÓÚÖÇÄÜ¿¨µÄƾ¾Ý£¬²ð·Ö¹²ÏíÕÊ»§µÄÁ½¸öÓû§µÄÖÇÄÜ¿¨¼°Æä PIN µÄËùÓÐȨ£¬ÒÔ±ãÒ»¸öÓû§±£ÁôÖÇÄÜ¿¨µÄʵ¼ÊËùÓÐȨ£¬ÁíÒ»¸öÓû§±£»¤ PIN¡£ ÕâÑù£¬Á½¸öÓû§±ØÐëµÇ¼µ½´ËÕÊ»§¡£¡¡¡¡¡¡¡¡
ÏÞÖÆÓò¹ÜÀíÔ±¿ÉÒԵǼµÄ·½Ê½ºÍλÖá¡¡¡¡¡¡¡×éÖ¯Ó¦¸ÃÏÞÖÆÓò¼¶¹ÜÀíÔ±¿ÉÒԵǼµÄ·½Ê½ºÍλÖᣠÈç¹û¹ÜÀíÔ±µÄÈÎÎñ»ò½ÇÉ«ÐèÒª£¬ËûÃÇ¿ÉÒÔ½»»¥Ê½µÇ¼µ½ËûÃǾßÓжÔÆäµÄÌØȨµÄÓò¿ØÖÆÆ÷£¬µ«ÊÇÄúÓ¦¸ÃÈÔÐèÒª½øÐжþÔªÉí·ÝÑéÖ¤¡£¡¡¡¡¡¡¡¡ÔÚÒÔÏÂÇé¿öÏ£¬ÄúÓ¦¸Ã½ûÖ¹Óò¹ÜÀíÔ±µÇ¼µ½ÉÐδרÃÅÔÊÐíÓò¹ÜÀíԱʹÓõÄÈκμÆËã»ú£º¡¡¡¡¡¡¡¡½øÐн»»¥Ê½µÇ¼ʱ¡¡¡¡¡¡¡¡Ê¹ÓÃÔ¶³Ì×ÀÃæʱ¡¡¡¡¡¡¡¡×÷Ϊ·þÎñµÇ¼ʱ¡¡¡¡¡¡¡¡×÷ΪÅú×÷ÒµµÇ¼ʱ¡¡¡¡¡¡¡¡ÓÉÓÚÆä¹ÌÓеÄȨÏÞºÍȨÁ¦£¬¼ÆËã»úÉϵĹÜÀíÕÊ»§ÊǼÆËã»úÉÏ´æÔÚµÄ×îÓÐÓá¢Í¬Ê±Ò²ÊÇ×îΣÏÕµÄÕÊ»§¡£¡¡¡¡¡¡¡¡×éÖ¯ÔÚ±£»¤Óò¼¶¹ÜÀíÔ±ÕÊ»§µÄ°²È«Ê±±ØÐëÌرðСÐĽ÷É÷£¬ÒòΪÄܹ»ÆÆ»µÓò¹ÜÀíÔ±ÕÊ»§µÄÈëÇÖÕß¿ÉÒÔ»ñµÃÓòºÍÁÖÖÐÿ̨¼ÆËã»úµÄ¹ã·ºµÄ·ÃÎÊȨÏÞ¡£ Microsoft ²ÉÈ¡ÁËÐí¶à´ëÊ©À´±£»¤ÆäÆóÒµÍøÂçÉÏÓò¹ÜÀíÔ±ÕÊ»§µÄ°²È«£¬²¢¼«Á¦Ö÷ÕÅÆäËû×éÖ¯Ò²ÕâÑù×ö¡£¡¡¡¡¡¡¡¡µ±¹ÜÀíÍøÂçʱ£¬ÄúÓ¦¸ÃʹÓñ¾Ö¸ÄÏÃèÊöµÄ×î¼Ñ×ö·¨²¢×ñÊØÆäÔÔò£¬ÒÔ½µµÍδ¾ÊÚȨµÄÓû§»ñÈ¡ÄúµÄÃô¸ÐÍøÂç×ʲúºÍ Active Directory? Ŀ¼·þÎñÊý¾ÝµÄ¹ÜÀí·ÃÎÊȨÏ޵ķçÏÕ¡£¡¡¡¡¡¡¡¡¶ÔÓÚÏ£Íû±£»¤ÆäÍøÂç×ʲú°²È«µÄ×éÖ¯À´Ëµ£¬Ê¹¹ÜÀíÔ±ÕÊ»§¾¡¿ÉÄÜ°²È«ÊÇÒ»ÏîÖØÒª¾Ù´ë¡£¡¡¡¡¡¡¡¡
ºóÐø²½Öè¡¡¡¡¡¡¡¡Èç¹û×éÖ¯ÉÐδΪ¹ÜÀíÔ±ÕÊ»§°²È«²¿Êð¼Æ»®£¬´Ë¹æÔòÖ¸ÄϽ«Îª×éÖ¯¹æ»®´ËÀà¼Æ»®Ìṩ»ù´¡¡£¡¡¡¡¡¡¡¡×éÖ¯¹æ»®±£»¤¹ÜÀíÔ±ÕÊ»§µÄ°²È«Ê±Ó¦¸Ã²ÉÈ¡µÄÖ÷Òª´ëÊ©°üÀ¨£º¡¡¡¡¡¡¡¡¶¨Òå¹ý³Ì£¬½µµÍ¹ÜÀíÔ±ÕÊ»§ÔâÊÜÆÆ»µµÄ·çÏÕ¡£¡¡¡¡¡¡¡¡È·¶¨²ßÂÔ£¬Ôö¼Ó Active Directory ÖйÜÀíÕÊ»§µÄ°²È«ÐÔ¡£¡¡¡¡¡¡¡¡Ê¹ÓÃ×îСÌØȨÕâÒ»ÔÔò¡£¡¡¡¡¡¡¡¡Çø·ÖÓò¹ÜÀíÔ±ºÍÆóÒµ¹ÜÀíÔ±½ÇÉ«¡£¡¡¡¡¡¡¡¡Ê¹Óà Secondary Logon ·þÎñÇø·ÖÓû§ºÍ¹ÜÀíÔ±ÕÊ»§¡£¡¡¡¡¡¡¡¡×ñÑ×î¼Ñ×ö·¨Ö¸µ¼ÔÔò£¬±£»¤¹ÜÀíÔ±ÕÊ»§°²È«¡£
[1] [2]
£¨³ö´¦£ºhttp://www.sheup.com£©
[1] [2]