Research on Automatic Process Design of Domain and Group Policy Audit

• Main Authors: LIN, SHIH-YAO, 林士曜
• Other Authors: CHEN, CHI-YUAN
• Format: Others
• Language: zh-TW
• Published: 2019
• Online Access: http://ndltd.ncl.edu.tw/handle/qrmbx4

碩士 === 國立宜蘭大學 === 多媒體網路通訊數位學習碩士在職專班 === 107 === Active Directory Directory Service (AD) is Microsoft Windows Server with centralized directory management services (Directory Services), which is quite popular in today's enterprises and state agencies. Active Directory (AD) is a widely used management tool in many enterprises. Under the tree structure of the domain, computers, printers, shared resources, and even objects such as users on the internal network can be managed through AD. However, there are still some things to be aware of in the construction of AD. For example, in order to meet the different application requirements of enterprises, sometimes the Domain Controller (DC) responsible for managing the operation of the domain must also go through the appropriate Adjust the school to provide normal services. One of the powerful features is the Group Policy Object (GPO). The group principle is one of the most important functions in AD. It is also a very important management mechanism for the Windows Server platform. It uses the group principle to manage user accounts. And the login permission is one of the most commonly used functions of the enterprise. However, the management using the group principle cannot fully see the full effect of the effective state, so that the failed user or Domain User cannot be controlled. Therefore, this study explores the process of design improvement based on this issue. This study introduces and discusses the operation of AD functions and group principles, introduces the group principle delivery mechanism and process description, cooperates with the relevant management instructions of the group principle, and designs a complete process, which can be provided to the system administrators within the enterprise. It is possible to audit whether the group principle works effectively, achieve the powerful functions of the security control and play the group principle, and also save the time for the manager to check the GPO effective status one by one.