中华人民 发表于 2008-12-14 11:24:04

安装和管理Win

<P>  2008的终端有2大特性:TS Gateway和TS Remote APP(包括Web Access),这篇文章介绍前者。由于这是我第一次写这种Step by step的文章(平时这类文章看得不少,写得太少),因此在文章内容的尺寸把握上肯定会有不准,还望指教。也希望我在技术方面能变得勤劳一些所以,多写些雄文,也多向conan、kejia等诸位兄弟们学习。如果文章里面有任何的问题不清楚,欢迎讨论。</P>

<P>  实验环境:</P>

<P>  DC:192.168.1.3------Win 2008 DC/TS Gateway Server/Terminal Server</P>

<P>  NY:192.168.1.2------Win Vista Client</P>

<P>  1.添加角色:Terminal Service和IIS(IIS是为了做Web Access用的,这里并没有用到)</P>

<P>  <IMG height=96 alt=clip_image001 src="/bbs/attachments/computer/20081214/200812141114095377801.png" width=244></P>

<P>  <IMG height=128 alt=clip_image002 src="/bbs/attachments/computer/20081214/20081214111411577802.png" width=244></P>

<P>  2在DC上面.创建一个TS Gateway服务器的证书:dc.cer</P>

<P>  <IMG height=354 alt=image5 src="/bbs/attachments/computer/20081214/20081214111416277803.jpg" width=433></P>

<P>  <IMG height=302 alt=image src="/bbs/attachments/computer/20081214/20081214111416277804.png" width=437></P>

<P></p><p align='center'><b> 下一页 </b></p> <

                </P>

<P>  3.在DC的证书机构中导入这张证书</P>

<P>  <IMG height=314 alt=image7 src="/bbs/attachments/computer/20081214/200812141114115677805.jpg" width=447></P>

<P>  4.为客户端计算机也导入这张证书(如果是生产环境可以用组策略把证书分发下去)</P>

<P>  <IMG height=271 alt=clip_image008 src="/bbs/attachments/computer/20081214/200812141114115677806.png" width=486></P>

<P>  <IMG height=297 alt=clip_image009 src="/bbs/attachments/computer/20081214/200812141114117177807.png" width=345></P>

<P>  至此用证书做加密的过程已完成,接下去对服务器进行设置</P>

<P>  5.在DC上创建CAP:CAP中定义的组就是指使用Ts Gateway时做验证使用</P>

<P>  <IMG height=297 alt=clip_image010 src="/bbs/attachments/computer/20081214/200812141114117177808.png" width=425></P>

<P>  <IMG height=353 alt=clip_image011 src="/bbs/attachments/computer/20081214/200812141114173477809.png" width=425></P>

<P></p><p align='center'><b>上一页 下一页 </b></p> <

                </P>

<P>  <IMG height=306 alt=clip_image012 src="/bbs/attachments/computer/20081214/2008121411143390778010.png" width=449></P>

<P>  此时打开ADUC创建一个组叫Remote application group,这个组的账户在使用Ts Gateway时做验证使用</P>

<P>  <IMG height=315 alt=clip_image013 src="/bbs/attachments/computer/20081214/200812141114562778011.png" width=372></P>

<P>  <IMG height=312 alt=clip_image014 src="/bbs/attachments/computer/20081214/2008121411145609778012.png" width=374></P>

<P>  6.在DC上创建一组TS Gateway Managed Computer Group,这个组主要是添加那些域</P>

<P>  里面能够使用TS Gateway服务的计算机</P>

<P>  <IMG alt=image src="/bbs/attachments/computer/20081214/2008121411146156778013.png" border=0></P>

<P>  <IMG height=427 alt=clip_image019 src="/bbs/attachments/computer/20081214/2008121411146218778014.png" width=386></P>

<P>  <IMG height=425 alt=clip_image020 src="/bbs/attachments/computer/20081214/2008121411146265778015.png" width=385></P>

<P></p><p align='center'><b>上一页 下一页 </b></p> <

                </P>

<P>  7.在DC上创建RAP</P>

<P>  <IMG height=300 alt=clip_image015 src="/bbs/attachments/computer/20081214/2008121411146312778016.png" width=466></P>

<P>  把刚刚创建的remote application group添加进来</P>

<P>  <IMG height=379 alt=clip_image016 src="/bbs/attachments/computer/20081214/2008121411146359778017.png" width=454></P>

<P>  <IMG height=381 alt=image src="/bbs/attachments/computer/20081214/2008121411146406778018.png" width=458></P>

<P>  至此CAP和RAP已经创建完毕,我们可以检查一下创建的2条策略</P>

<P>  <IMG height=284 alt=clip_image021 src="/bbs/attachments/computer/20081214/2008121411146468778019.png" width=481></P>

<P>  <IMG height=285 alt=clip_image022 src="/bbs/attachments/computer/20081214/2008121411146515778020.png" width=483></P>

<P>  7.在DC上的Windows高级防火墙创建2条规则:一条允许3389仅DC本机能够访问(由于DC即是Terminal Server又是Terminal Gateway,所以这条策略不创建也无妨),另外一条规则禁用所有3389访问</P>

<P>  <IMG height=183 alt=clip_image023 src="/bbs/attachments/computer/20081214/2008121411146562778021.png" width=499></P>

<P></p><p align='center'><b>上一页 下一页 </b></p> <

                </P>

<P>  8.激动人心的时间到了,先到client上面直接连接DC,由于DC上面限制所有3389的连接除了DC本机</P>

<P>  <IMG height=399 alt=clip_image024 src="/bbs/attachments/computer/20081214/2008121411146609778022.png" width=466></P>

<P>  9.添加TS Gateway</P>

<P>  <IMG height=378 alt=image src="/bbs/attachments/computer/20081214/2008121411146656778023.png" width=425></P>

<P>  经过2遍的密码验证:第一遍是正常的终端连接用户验证,第二遍是验证Ts Gateway的使用权限,对应的组是“remote application group”</P>

<P>  <IMG height=372 alt=clip_image026 src="/bbs/attachments/computer/20081214/2008121411146703778024.png" width=425></P>

<P>  <IMG height=276 alt=clip_image027 src="/bbs/attachments/computer/20081214/2008121411146750778025.png" width=422></P>

<P>  大功告成</P>

<P>  <IMG alt=clip_image028 src="/bbs/attachments/computer/20081214/2008121411146796778026.png" border=0></P></p><p align='center'><b>上一页 </b></p> <
页: [1]
查看完整版本: 安装和管理Win