Shulou(Shulou.com)06/02 Report--

Server 08 R2 Classic case Video 1 Murray-remote Desktop

Starting from today, I also decided to put my own notes on my blog. I have not been in the habit of writing a blog. I have read other people's blogs. Most Daniel started writing to take notes. I use Youdao cloud notes all the time, and I have a lot of experience recorded in cloud notes, which is really convenient, but only for myself. Later, when I think about it, I still should record it as a blog. Because the original intention of the Internet is resource sharing and extensive communication, I should share the technology I have learned and communicate with each other. If there is something wrong, you are welcome to leave a message and correct it.

Starting with the notes from the beginning of the working period, it is very helpful for the friends who first come into contact with the work and those with a low starting point, and other Daniel will skip it.

The most basic method of ordinary server remote authorization is to open the remote service.

However, the authorization method is different for ordinary users of domain control (some special users do not need to do so):

Create a normal user on a domain control server (dc). Open the group policy management tool gpmc.msc on dc (gpedit.msc on pc).

Open it in turn:

Computer configuration-windows Settings-Security Settings-Local Policy-user Rights assignment-allow remote access

Rds uses rdp protocol and TCP 3389 port

Experimental topology diagram:

Add the ca role to the 0.2server, which is also the DC (domain controller)

Alice is joined to the domain (see my other blog post on how to join the domain).

The effect of the experiment

Alice connects to RDS via encryption

Bob connects to RDS through encryption on the external network (bob firewall is turned off)

All right, let's start building the environment:

The computer's gateways all point to 0.254, and the DNS all point to 0.2. Dc/ca 's computer dns:127.0.0.1

Configuration of 0.2

Install ca: add roles-- ad Certificate Service-- Select Certificate Authority and Certificate Authority web enrollment-Enterprise-Root-New Private key-ca name. By default, certificates issued by windows are two years old. If you want to change them, you can only change them by order.

Change the properties of the certificate-open the certificate authority and right-click ilync...

Firewall configuration (08server6)-replace the firewall with server2008-but with two network cards. -join Domain 1 Nic: in--192.168.0.254 gateway DNS is not needed. 2 Network card: out--61.100.100.100 gateway 61.100.100.1 DNS 8.8.8.8 install nat service, add roles-network policy and access service-routing and remote access service. Start-- administrative tools-- routing and remote services-- right-click "08server6" locally-- configure and enable-Network address translation-- complete. At this time, you can ping 61.100.100.110 on the firewall. If you want bob (win7) to access 0.3 remote desktops, you need to do mapping on the firewall. Routing and remote access service-select internet on the left side of ipv4--nat--, right click Properties-Server and Port-remote Desktop-ip address: 192.168.0.3

0.3 configuration (08server1)

Open it remotely, and if it is an ordinary user, you have to join the ordinary user to the domain. Admin does not need it.

Get the certificate-install the web server (IIS)-all the way by default-install. Start-- administrative tool-- iis-- click the server-server certificate-- select the creation domain certificate on the right (because this is a domain environment)-- name: 08server1.ilync.cn (liync.cn is a domain)-- Organization: ilync-- organizational unit: ilync-- next step, select, it will read directly to the enterprise ca-- name: 08server1.ilync.cn complete. Property to view the certificate path. (certificate revocation is done through this bundled certificate. If the certificate attribute is changed (change the certificate attribute on the ca server), it needs to be deleted and re-bundled)

Start-- remote Desktop Service-- remote Desktop session Host configuration-- Connect below-- right-click attribute (default is automatically generated certificate, which clients do not trust and need to be replaced)-- Select certificate "08server1.ilync.cn"-- High encryption level-- secure ssl g... Murray-application.

Connect at the client, and the remote desktop computer enters 08server1.ilync.cn.

Log in with encryption and there will be a small lock on it.

Bob configuration

Because you want to connect the name, you need to modify the host file on bob: 61.100.100.100 08server1.ilync.cn, but there will still be errors in the connection. One is that the certificate cannot be revoked, and the other is that the certificate is still not trusted.

To solve the problem that the certificate is still untrusted, you also need to obtain the certificate and map port 80 of the firewall to the company's ca server. Turn on the routing and remote access service on the firewall-- select internet on the left side of the ipv4--nat-- right-click the properties-- server and port-- web server-- IP address 192.168.0.2. In this case, bob can download ca from the web page. After the URL: HTTP://61.100.100.100/certsrv, run-- MMC-- file-- add / delete-- Certificate-- computer account-- complete the return to the console root node-- Certificate-- trusted...-- Certificate-- right-click import-- import the downloaded certificate into the certificate can not be revoked check. The revocation check is provided by the ca (0.2) that issued the certificate. Go back to the ca server, start-- administrative tools-- after the certificate properties on the certificate authority 86 ca have changed and the certificates on rds (0.3) have been rebound, the host file of bob needs to add another entry: 61.100.100.100 08DC .ilync.cn

Think about the benefits of trustworthy and untrusted certificates. What are the benefits of revocation without revocation?

In a domain environment

The server publishes an application on the server's d disk through remoteapp, and the client connects to the folder remotely to use the program, which is also saved on the server. Remoteapp-- open remoteapp, add remoteapp program-select program qq-- complete-right click qq-- under remoteapp program to create .rdp file-select d where you want to save the program

Workgroup environment

The client can access the qq on the server through web and add remote desktop services-- web access to remote desktops-- installation on the server. Remote Desktop Management has a web access-- open

Windows server 2008 R2 classic case video-remote Desktop 2 Comprehensive experiment

Experimental environment:

Dmz-- is a buffer between the non-security system and the security system to solve the problem that the users of the external network can not access the internal network server after installing the firewall. The buffer is located in a small network area between the enterprise's internal network and the external network. Some server facilities that must be disclosed, such as enterprise Web servers, FTP servers and forums, can be placed in this small network area. On the other hand, through such a DMZ area, the internal network is more effectively protected. Because of this kind of network deployment, compared with the general firewall scheme, there is another hurdle for those who come from the external network.

Environment interpretation-rds1 (qq), dc/ca, rds2 (yy) all provide services for the public network in the domain. Rds g and rds web face the public network directly in the dmz area, and can access DNS and Alice of the public network.

Experimental effect: Alice accesses the application presented by the rds web server through web. When Alice uses the program, rds1 and res2 run in the background and present the running results to Alice through the rds wed server.

Windows common commands

Cleanmgr- Open disk cleanup tool

Compmgmt.msc--- computer management

Conf-- starts netmeeting

Charmap-- startup character mapping table

Calc-- starts the calculator

Chkdsk.exe--Chkdsk disk check

Ncpa.cpl- network connection

Certmgr.msc- Certificate Management Utility

Cliconfg-SQL SERVER client Network Utility

Clipbrd-- Clipboard Viewer

Ciadv.msc--- Index Service Program

Dvdplay--DVD player

Diskmgmt.msc--- disk Management Utility

Dfrg.msc- disk Defragmenter

Devmgmt.msc--- device Manager

Drwtsn32--- Systems Doctor

Dxdiag--- checks DirectX information

Dcomcnfg- opens the system component service

Ddeshare- opens DDE sharing settings

Explorer- opens Explorer

Eventvwr- event Viewer

Eudcedit- word-making program

Fsmgmt.msc-- shared folder Manager

Gpedit.msc-- Group Policy

Getmac production watch network card information

Sysdm.cpl system Properties

Ipconfig / all View ip details

Ipconfig / release releases ip

Ipconfig / renew regain ip

Logoff- logout command

Lusrmgr.msc- native users and groups

Mstsc- remote Desktop connection

Msconfig.exe--- system configuration Utility

Mem.exe-- shows the memory usage (if the direct run is invalid, you can run cmd first and enter mem.exe > d:a.txt at the command prompt, that is, the mspaint-- drawing board.

Mplayer2- Media player

Magnify-- magnifying glass utility

Mmc--- opens the console

Mobsync-- synchronization command

Notepad--, open your notepad.

Net user * (user name) * * (password) / add add user

Net user username / dell Delete user

Net start messenger- starts messenger service

Net stop messenger-- stops messenger service

Net stop messenger-- stops messenger service

Net start messenger- starts messenger service

Notepad--, open your notepad.

Tools Wizard for nslookup- Network Management

Ntbackup- system backup and restore

Narrator- screen "narrator"

Ntmsmgr.msc- Mobile Storage Manager

Ntmsoprq.msc--- mobile storage administrator operation request

The netstat-an- (TC) command checks the interface

Nslookup-IP address detector

Oobe/msoobe / a-check if windows is activated

Osk---, open the on-screen keyboard.

Odbcad32-ODBC data Source Manager

Progman-- Program Manager

Perfmon.msc- computer performance Monitoring Program

Packager- object wrapper

Rononce-p-15 seconds shutdown

Regsvr32 / u. DLL-stop the dll file (change the number to the name of the dll file you want to stop)

Regedt32- Registry Editor

Rsop.msc- Group Policy result set

Regedit.exe- registry

Regsvr32 / u zipfldr.dll--- cancels ZIP support

Sndrec32- tape recorder

Services.msc--- Local Service Settings

Syncapp-- creates a briefcase

Sysedit-- system configuration Editor

Sigverif- file signature verifier

Slmgr.vbs-dli-- to view the detailed version number of Windows 7

/-ipk (Product Key) installation product key

/-dlv displays license information

/-ato activates Windows

/-the expiration date of the current license for xpr

/-cpky clears the product key from the registry (to prevent leaks)

/-ilc (License file) installation license

/-upk uninstall product key

/-skms (name [: Port]) volume authorization

There are too many options for this command

Sndrec32- tape recorder

Shrpubw-- creates a shared folder

Secpol.msc-- Local Security Policy

Syskey--- system encryption

Sndvol32- volume control program

Sfc.exe-- system File Checker

Sfc / scannow---windows file protection (scan for errors and restore)

Tsshutdn-60 second countdown shutdown command

Taskmgr-- Task Manager

Utilman-- accessibility Manager

Winchat- has its own local area network chat

Winmsd--- system Information

Winver--- checks the Windows version

Wmimgmt.msc- Open windows Management Architecture (WMI)

Wupdmgr--windows update program (do not open it if it is not a genuine system)

Wscript.exe--windows script hosting Settings

Write---- WordPad

Wiaacmgr- Scanner and camera Wizard

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.