下載詳細資料: 更新 Windows(R) XP SP3 以啟用 RemoteApp(TM):
"更新 Windows(R) XP SP3 以啟用 RemoteApp(TM)
簡述
此套件可讓您使用 Windows Virtual PC,在 Windows 7 的電腦執行許多 Windows XP 產能應用程式
- 已使用 Google 工具列寄出"
2011/01/28
郵件回收如何運作 - Outlook - Microsoft Office
郵件回收如何運作 - Outlook - Microsoft Office: "我的回收會成功嗎?
回收成功與否取決於收件者的 Outlook 設定。下列四個案例說明各種情況會發生的結果,並包括一個額外的案例,說明關於回收傳送到 Microsoft Exchange Server 公用資料夾的郵件。
動作 結果
您傳送電子郵件給某人。您回收原始郵件並以新郵件取代原始郵件。
在收件者的電腦上,已選取 [追蹤選項] 的 [當有邀請或回覆來到時自動處理]。
收件者的 [收件匣] 中會收到原始郵件與回收郵件。
假設原始郵件尚未被讀取,則會刪除原始郵件,並會通知收件者關於寄件者已從他或她的信箱刪除郵件。
附註 如果原始郵件已標示為已讀取 (在 [讀取窗格] 檢視並不構成此案例中的讀取),當處理回收郵件時,會通知收件者關於寄件者想刪除該郵件,但是該郵件仍在收件者的 Outlook 資料夾中。
您傳送電子郵件給某人。您回收原始郵件並以新郵件取代原始郵件。
在收件者的電腦上,沒有選取 [追蹤選項] 的 [當有邀請或回覆來到時自動處理]。
收件者的 [收件匣] 中會收到原始郵件與回收郵件。
在收件者的電腦上,會發生下列其中一種情形:
* 如果收件者先開啟回收郵件,則會刪除原始郵件,並會通知收件者關於寄件者已從他或她的信箱刪除郵件。
* 如果收件者先開啟原始郵件,則回收失敗,可以閱讀舊與新的郵件。
附註 如果原始郵件已標示為已讀取 (在 [讀取窗格] 檢視並不構成此案例中的讀取),當處理回收郵件時,會通知收件者關於寄件者想刪除該郵件,但是該郵件仍在收件者的 Outlook 資料夾中。
您傳送電子郵件給某人。您回收原始郵件並以新郵件取代原始郵件。
在收件者的電腦中,原始郵件依照規則或是被收件者移至另一資料夾,而回收郵件仍然在 [收件匣] 中 (或是它已移至另一個資料夾)。
只要回收郵件與原始郵件在不同的資料夾中,收件者就會收到一封郵件說明回收嘗試失敗。不論 Outlook 的設定與郵件的讀取狀態為何,都會產生這種情況。
收件者可以閱讀原始郵件與新郵件。
附註 如果收件者已閱讀原始郵件,並將它標示為未讀取,Outlook 會將它視為從未被讀取過,並成功地回收它。
您傳送電子郵件給某人。您回收原始郵件並以新郵件取代原始郵件。
在收件者的電腦上,這兩封郵件不論是依規則或是被收件者移到相同的資料夾。行為結果類似未設定 Outlook 自動處理郵件時的情況。
在收件者的電腦上,會發生下列其中一種情形:
* 如果收件者先開啟回收郵件,則會刪除原始郵件,並會通知收件者關於寄件者已從他或她的信箱刪除郵件。
* 如果收件者先開啟原始郵件,則回收失敗,可以閱讀舊與新的郵件。
附註 如果收件者已閱讀原始郵件,並將它標示為未讀取,Outlook 會將它視為從未被讀取過,並成功地回收它。
您傳送電子郵件給公用資料夾。您回收原始郵件並以新郵件取代原始郵件。
會發生下列其中一種狀況:
* 如果收件者閱讀已建立的回收郵件,並擁有公用資料夾所有項目的讀取權限,而且尚未閱讀原始郵件,則回收會成功,只會剩下新郵件。而寄件者會收到表示回收已成功的郵件。
* 如果收件者已將原始郵件標示為已讀取,會通知他或她回收已失敗,而且只會刪除回收郵件。
如果擁有其他公用資料夾權限的使用者開啟回收郵件,則回收會失敗,而使用者會收到一封郵件說明回收已失敗。舊與新的郵件仍然會在公用資料夾中。
附註
* 如果收件者已閱讀原始郵件,並將它標示為未讀取,Outlook 會將它視為從未被讀取過,並成功地回收它。
* 在公用資料夾中是讀者的權限,而非寄件者的權限,可以決定回收的成功或失敗。
- 已使用 Google 工具列寄出"
回收成功與否取決於收件者的 Outlook 設定。下列四個案例說明各種情況會發生的結果,並包括一個額外的案例,說明關於回收傳送到 Microsoft Exchange Server 公用資料夾的郵件。
動作 結果
您傳送電子郵件給某人。您回收原始郵件並以新郵件取代原始郵件。
在收件者的電腦上,已選取 [追蹤選項] 的 [當有邀請或回覆來到時自動處理]。
收件者的 [收件匣] 中會收到原始郵件與回收郵件。
假設原始郵件尚未被讀取,則會刪除原始郵件,並會通知收件者關於寄件者已從他或她的信箱刪除郵件。
附註 如果原始郵件已標示為已讀取 (在 [讀取窗格] 檢視並不構成此案例中的讀取),當處理回收郵件時,會通知收件者關於寄件者想刪除該郵件,但是該郵件仍在收件者的 Outlook 資料夾中。
您傳送電子郵件給某人。您回收原始郵件並以新郵件取代原始郵件。
在收件者的電腦上,沒有選取 [追蹤選項] 的 [當有邀請或回覆來到時自動處理]。
收件者的 [收件匣] 中會收到原始郵件與回收郵件。
在收件者的電腦上,會發生下列其中一種情形:
* 如果收件者先開啟回收郵件,則會刪除原始郵件,並會通知收件者關於寄件者已從他或她的信箱刪除郵件。
* 如果收件者先開啟原始郵件,則回收失敗,可以閱讀舊與新的郵件。
附註 如果原始郵件已標示為已讀取 (在 [讀取窗格] 檢視並不構成此案例中的讀取),當處理回收郵件時,會通知收件者關於寄件者想刪除該郵件,但是該郵件仍在收件者的 Outlook 資料夾中。
您傳送電子郵件給某人。您回收原始郵件並以新郵件取代原始郵件。
在收件者的電腦中,原始郵件依照規則或是被收件者移至另一資料夾,而回收郵件仍然在 [收件匣] 中 (或是它已移至另一個資料夾)。
只要回收郵件與原始郵件在不同的資料夾中,收件者就會收到一封郵件說明回收嘗試失敗。不論 Outlook 的設定與郵件的讀取狀態為何,都會產生這種情況。
收件者可以閱讀原始郵件與新郵件。
附註 如果收件者已閱讀原始郵件,並將它標示為未讀取,Outlook 會將它視為從未被讀取過,並成功地回收它。
您傳送電子郵件給某人。您回收原始郵件並以新郵件取代原始郵件。
在收件者的電腦上,這兩封郵件不論是依規則或是被收件者移到相同的資料夾。行為結果類似未設定 Outlook 自動處理郵件時的情況。
在收件者的電腦上,會發生下列其中一種情形:
* 如果收件者先開啟回收郵件,則會刪除原始郵件,並會通知收件者關於寄件者已從他或她的信箱刪除郵件。
* 如果收件者先開啟原始郵件,則回收失敗,可以閱讀舊與新的郵件。
附註 如果收件者已閱讀原始郵件,並將它標示為未讀取,Outlook 會將它視為從未被讀取過,並成功地回收它。
您傳送電子郵件給公用資料夾。您回收原始郵件並以新郵件取代原始郵件。
會發生下列其中一種狀況:
* 如果收件者閱讀已建立的回收郵件,並擁有公用資料夾所有項目的讀取權限,而且尚未閱讀原始郵件,則回收會成功,只會剩下新郵件。而寄件者會收到表示回收已成功的郵件。
* 如果收件者已將原始郵件標示為已讀取,會通知他或她回收已失敗,而且只會刪除回收郵件。
如果擁有其他公用資料夾權限的使用者開啟回收郵件,則回收會失敗,而使用者會收到一封郵件說明回收已失敗。舊與新的郵件仍然會在公用資料夾中。
附註
* 如果收件者已閱讀原始郵件,並將它標示為未讀取,Outlook 會將它視為從未被讀取過,並成功地回收它。
* 在公用資料夾中是讀者的權限,而非寄件者的權限,可以決定回收的成功或失敗。
- 已使用 Google 工具列寄出"
2011/01/27
瞭解個人封存: Exchange 2010 說明
瞭解個人封存: Exchange 2010 說明:
"在 Microsoft Exchange Server 2010 中,您可以使用個人封存為使用者提供不同的儲存位置,用於儲存歷史郵件資料。透過這項功能,Outlook 2010 和 Outlook Web 應用程式 使用者就能完整存取其封存信箱。只要使用這些用戶端應用程式,使用者就能檢視封存信箱,並且在主要信箱和封存之間移動或複製郵件。個人封存會對使用者呈現一致的郵件資料檢視,並且消除使用者管理 .pst 檔的負擔。不再使用 .pst 檔可大幅降低組織暴露於上一節所述的風險。
建立及管理封存信箱會與一般信箱管理工作整合。建立主要使用者信箱時,也可以建立封存信箱,或者啟用現有信箱的封存信箱。您也可以輕鬆停用或移除封存信箱。使用者的封存信箱與使用者的主要信箱位於相同的信箱資料庫上。將使用者的主要信箱從信箱資料庫移到另一個信箱資料庫時,封存信箱會隨著主要信箱移動。
如需如何管理封存信箱的詳細資訊,請參閱管理個人封存。
- 已使用 Google 工具列寄出"
"在 Microsoft Exchange Server 2010 中,您可以使用個人封存為使用者提供不同的儲存位置,用於儲存歷史郵件資料。透過這項功能,Outlook 2010 和 Outlook Web 應用程式 使用者就能完整存取其封存信箱。只要使用這些用戶端應用程式,使用者就能檢視封存信箱,並且在主要信箱和封存之間移動或複製郵件。個人封存會對使用者呈現一致的郵件資料檢視,並且消除使用者管理 .pst 檔的負擔。不再使用 .pst 檔可大幅降低組織暴露於上一節所述的風險。
建立及管理封存信箱會與一般信箱管理工作整合。建立主要使用者信箱時,也可以建立封存信箱,或者啟用現有信箱的封存信箱。您也可以輕鬆停用或移除封存信箱。使用者的封存信箱與使用者的主要信箱位於相同的信箱資料庫上。將使用者的主要信箱從信箱資料庫移到另一個信箱資料庫時,封存信箱會隨著主要信箱移動。
如需如何管理封存信箱的詳細資訊,請參閱管理個人封存。
- 已使用 Google 工具列寄出"
2011/01/17
2011/01/14
2011/01/12
Microsoft System Center Essentials: System Requirements
Microsoft System Center Essentials: System Requirements:
"To use the Microsoft System Center Essentials 2010 server, you need:
Processor Speed
Dual core machine with 2.8 GHz or faster processors
RAM
4 GB RAM or more
Hard-Disk Space
20 GB of available hard disk space (1 GB on the system drive); 150 GB of available hard disk space if planning virtualization management
CD and DVD Drive
DVD-compatible drive
Monitor Resolution
1024 x 768 or higher-resolution monitor
Operating System
Microsoft Windows Server 2008 R2 Standard or Enterprise Edition, X64; or Windows Server 2008 Standard or Enterprise Edition, x86 or x64; or Windows Server 2003 Standard or Enterprise Edition, x86 or x64, with Service Pack 2 (SP2) or later; or Windows Small Business Server 2008, x64 only; or Windows Essentials Business Server 2008, x64 only
To use the virtualization management features in System Center Essentials 2010, you need Windows Server 2008 R2 Standard or Enterprise Edition, X64; or Windows Server 2008 Standard or Enterprise Edition, x64
Virtual machine hosts are supported on the following systems:
*
Windows Server 2008 R2, x64 only
*
Windows Server 2008 Standard or Enterprise Edition,x64
*
Windows Server 2003 with SP1 or later, x86 or x64
Certifications
Certified for Windows Server 2008 R2
Prerequisites
*
Microsoft .NET Framework, version 3.5 with SP1 or later
*
Active Directory must be deployed in the environment
*
Customers using Microsoft SQL Standard may require a separate server and should refer to the documentation at www.microsoft.com/sce for additional guidance
Other Prerequisites
*
Internet functionality requires Internet access (fees may apply)
*
Actual requirements will vary based on your system configuration and the management packs and number of features you choose to install
- 已使用 Google 工具列寄出"
"To use the Microsoft System Center Essentials 2010 server, you need:
Processor Speed
Dual core machine with 2.8 GHz or faster processors
RAM
4 GB RAM or more
Hard-Disk Space
20 GB of available hard disk space (1 GB on the system drive); 150 GB of available hard disk space if planning virtualization management
CD and DVD Drive
DVD-compatible drive
Monitor Resolution
1024 x 768 or higher-resolution monitor
Operating System
Microsoft Windows Server 2008 R2 Standard or Enterprise Edition, X64; or Windows Server 2008 Standard or Enterprise Edition, x86 or x64; or Windows Server 2003 Standard or Enterprise Edition, x86 or x64, with Service Pack 2 (SP2) or later; or Windows Small Business Server 2008, x64 only; or Windows Essentials Business Server 2008, x64 only
To use the virtualization management features in System Center Essentials 2010, you need Windows Server 2008 R2 Standard or Enterprise Edition, X64; or Windows Server 2008 Standard or Enterprise Edition, x64
Virtual machine hosts are supported on the following systems:
*
Windows Server 2008 R2, x64 only
*
Windows Server 2008 Standard or Enterprise Edition,x64
*
Windows Server 2003 with SP1 or later, x86 or x64
Certifications
Certified for Windows Server 2008 R2
Prerequisites
*
Microsoft .NET Framework, version 3.5 with SP1 or later
*
Active Directory must be deployed in the environment
*
Customers using Microsoft SQL Standard may require a separate server and should refer to the documentation at www.microsoft.com/sce for additional guidance
Other Prerequisites
*
Internet functionality requires Internet access (fees may apply)
*
Actual requirements will vary based on your system configuration and the management packs and number of features you choose to install
- 已使用 Google 工具列寄出"
RADIUS Server for 802.1X Wireless or Wired Connections
RADIUS Server for 802.1X Wireless or Wired Connections:
"When you deploy 802.1X wired or wireless access with Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) server, you must take the following steps:
* Install and configure network access servers (NASs) as RADIUS clients.
* Deploy components for authentication methods.
* Configure NPS as a RADIUS server.
Install and configure network access servers (RADIUS clients)
To deploy 802.1X wireless access, you must install and configure wireless access points. To deploy 802.1X wired access, you must install and configure 802.1X authenticating switches.
ImportantImportant
Client computers, such as wireless portable computers and other computers running client operating systems, are not RADIUS clients. RADIUS clients are network access servers—such as wireless access points, 802.1X-capable switches, virtual private network (VPN) servers, and dial-up servers—because they use the RADIUS protocol to communicate with RADIUS servers such as Network Policy Server (NPS) servers.
In both cases, these network access servers must meet the following requirements:
* Support for Institute of Electrical and Electronics Engineers (IEEE) standard 802.1X authentication
* Support for RADIUS authentication and RADIUS accounting
If you use billing or accounting applications that require session correlation, the following are required:
* Support for the Class attribute as defined by the Internet Engineering Task Force (IETF) in RFC 2865, 'Remote Authentication Dial-in User Service (RADIUS),' to allow session correlation for RADIUS authentication and accounting records. For session correlation, when you configure RADIUS accounting at your NPS server or proxy, you must log all accounting data that allow applications (such as billing applications) to query the database, correlate related fields, and return a cohesive view of each session in the query results. At a minimum, to provide session correlation, you must log the following NPS accounting data: NAS-IP-Address; NAS-Identifier (you need both NAS-IP-Address and NAS-Identifier because the access server can send either attribute); Class; Acct-Session-Id; Acct-Multi-Session-Id; Packet-Type; Acct-Status-Type; Acct-Interim-Interval; NAS-Port; and Event-Timestamp.
* Support for accounting interim requests, which are sent periodically by some network access servers (NASs) during a user session, that can be logged. This type of request can be used when the Acct-Interim-Interval RADIUS attribute is configured to support periodic requests in the remote access profile on the NPS server. The NAS must support the use of accounting interim requests if you want the interim requests to be logged on the NPS server.
If you use virtual local area networks (VLANs), the NASs must support VLANs.
For wide area network (WAN) environments, network access servers should provide the following:
* Support for dynamic retransmit timeout (RTO) estimation or exponential backoff to handle congestion and delays in a WAN environment.
In addition, there are filtering features that the network access servers should support to provide enhanced security for the network. These filtering options include:
* DHCP filtering. The NASs must filter on IP ports to prevent the transmission of Dynamic Host Configuration Protocol (DHCP) broadcast messages if the client is a DHCP server. The network access servers must block the client from sending IP packets from port 68 to the network.
* DNS filtering. The NASs must filter on IP ports to prevent a client from performing as a DNS server. The NASs must block the client from sending IP packets from port 53 to the network.
If you are deploying wireless access points, support for Wi-Fi Protected Access (WPA) is preferred. WPA is supported by Windows Vista® and Windows XP with Service Pack 2. To deploy WPA, also use wireless network adapters that support WPA.
Deploy components for authentication methods
For 802.1X wireless and wired, you can use the following authentication methods:
* Extensible Authentication Protocol (EAP) with Transport Layer Security (TLS), also called EAP-TLS.
* Protected EAP (PEAP) with Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), also called PEAP-MS-CHAP v2.
* PEAP with EAP-TLS, also called PEAP-TLS.
For EAP-TLS and PEAP-TLS, you must deploy a public key infrastructure (PKI) by installing and configuring Active Directory® Certificate Services (AD CS) to issue certificates to domain member client computers and NPS servers. These certificates are used during the authentication process as proof of identity by both clients and NPS servers. If preferred, you can deploy smart cards rather than using client computer certificates. In this case, you must issue smart cards and smart card readers to organization employees.
For PEAP-MS-CHAP v2, you can deploy your own certification authority (CA) with AD CS to issue certificates to NPS servers or you can purchase server certificates from a public trusted root CA that clients trust, such as VeriSign.
For more information, see EAP Overview and PEAP Overview.
Configure NPS as a RADIUS server
When you configure NPS as a RADIUS server, you must configure RADIUS clients, network policy, and RADIUS accounting.
Configure RADIUS clients
There are two stages to configuring RADIUS clients:
* Configure the physical RADIUS client, such as the wireless access point or authenticating switch, with information that allows the network access server to communicate with NPS servers. This information includes configuring the IP address of your NPS server and the shared secret in the access point or switch user interface.
* In NPS, add a new RADIUS client. On the NPS server, add each access point or authenticating switch as a RADIUS client. NPS allows you to provide a friendly name for each RADIUS client, as well as the IP address of the RADIUS client and the shared secret.
For more information, see Add a New RADIUS Client.
Configure network policies
Network policies are sets of conditions, constraints, and settings that allow you to designate who is authorized to connect to the network and the circumstances under which they can connect.
For more information, see Network Policies.
Configure RADIUS accounting
RADIUS accounting allows you to record user authentication and accounting requests in a local log file or to a Microsoft® SQL Server® database on the local computer or a remote computer.
For more information, see RADIUS Accounting.
- 已使用 Google 工具列寄出"
"When you deploy 802.1X wired or wireless access with Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) server, you must take the following steps:
* Install and configure network access servers (NASs) as RADIUS clients.
* Deploy components for authentication methods.
* Configure NPS as a RADIUS server.
Install and configure network access servers (RADIUS clients)
To deploy 802.1X wireless access, you must install and configure wireless access points. To deploy 802.1X wired access, you must install and configure 802.1X authenticating switches.
ImportantImportant
Client computers, such as wireless portable computers and other computers running client operating systems, are not RADIUS clients. RADIUS clients are network access servers—such as wireless access points, 802.1X-capable switches, virtual private network (VPN) servers, and dial-up servers—because they use the RADIUS protocol to communicate with RADIUS servers such as Network Policy Server (NPS) servers.
In both cases, these network access servers must meet the following requirements:
* Support for Institute of Electrical and Electronics Engineers (IEEE) standard 802.1X authentication
* Support for RADIUS authentication and RADIUS accounting
If you use billing or accounting applications that require session correlation, the following are required:
* Support for the Class attribute as defined by the Internet Engineering Task Force (IETF) in RFC 2865, 'Remote Authentication Dial-in User Service (RADIUS),' to allow session correlation for RADIUS authentication and accounting records. For session correlation, when you configure RADIUS accounting at your NPS server or proxy, you must log all accounting data that allow applications (such as billing applications) to query the database, correlate related fields, and return a cohesive view of each session in the query results. At a minimum, to provide session correlation, you must log the following NPS accounting data: NAS-IP-Address; NAS-Identifier (you need both NAS-IP-Address and NAS-Identifier because the access server can send either attribute); Class; Acct-Session-Id; Acct-Multi-Session-Id; Packet-Type; Acct-Status-Type; Acct-Interim-Interval; NAS-Port; and Event-Timestamp.
* Support for accounting interim requests, which are sent periodically by some network access servers (NASs) during a user session, that can be logged. This type of request can be used when the Acct-Interim-Interval RADIUS attribute is configured to support periodic requests in the remote access profile on the NPS server. The NAS must support the use of accounting interim requests if you want the interim requests to be logged on the NPS server.
If you use virtual local area networks (VLANs), the NASs must support VLANs.
For wide area network (WAN) environments, network access servers should provide the following:
* Support for dynamic retransmit timeout (RTO) estimation or exponential backoff to handle congestion and delays in a WAN environment.
In addition, there are filtering features that the network access servers should support to provide enhanced security for the network. These filtering options include:
* DHCP filtering. The NASs must filter on IP ports to prevent the transmission of Dynamic Host Configuration Protocol (DHCP) broadcast messages if the client is a DHCP server. The network access servers must block the client from sending IP packets from port 68 to the network.
* DNS filtering. The NASs must filter on IP ports to prevent a client from performing as a DNS server. The NASs must block the client from sending IP packets from port 53 to the network.
If you are deploying wireless access points, support for Wi-Fi Protected Access (WPA) is preferred. WPA is supported by Windows Vista® and Windows XP with Service Pack 2. To deploy WPA, also use wireless network adapters that support WPA.
Deploy components for authentication methods
For 802.1X wireless and wired, you can use the following authentication methods:
* Extensible Authentication Protocol (EAP) with Transport Layer Security (TLS), also called EAP-TLS.
* Protected EAP (PEAP) with Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), also called PEAP-MS-CHAP v2.
* PEAP with EAP-TLS, also called PEAP-TLS.
For EAP-TLS and PEAP-TLS, you must deploy a public key infrastructure (PKI) by installing and configuring Active Directory® Certificate Services (AD CS) to issue certificates to domain member client computers and NPS servers. These certificates are used during the authentication process as proof of identity by both clients and NPS servers. If preferred, you can deploy smart cards rather than using client computer certificates. In this case, you must issue smart cards and smart card readers to organization employees.
For PEAP-MS-CHAP v2, you can deploy your own certification authority (CA) with AD CS to issue certificates to NPS servers or you can purchase server certificates from a public trusted root CA that clients trust, such as VeriSign.
For more information, see EAP Overview and PEAP Overview.
Configure NPS as a RADIUS server
When you configure NPS as a RADIUS server, you must configure RADIUS clients, network policy, and RADIUS accounting.
Configure RADIUS clients
There are two stages to configuring RADIUS clients:
* Configure the physical RADIUS client, such as the wireless access point or authenticating switch, with information that allows the network access server to communicate with NPS servers. This information includes configuring the IP address of your NPS server and the shared secret in the access point or switch user interface.
* In NPS, add a new RADIUS client. On the NPS server, add each access point or authenticating switch as a RADIUS client. NPS allows you to provide a friendly name for each RADIUS client, as well as the IP address of the RADIUS client and the shared secret.
For more information, see Add a New RADIUS Client.
Configure network policies
Network policies are sets of conditions, constraints, and settings that allow you to designate who is authorized to connect to the network and the circumstances under which they can connect.
For more information, see Network Policies.
Configure RADIUS accounting
RADIUS accounting allows you to record user authentication and accounting requests in a local log file or to a Microsoft® SQL Server® database on the local computer or a remote computer.
For more information, see RADIUS Accounting.
- 已使用 Google 工具列寄出"
Configuring Server 2008 for RADIUS Authentication - Matt Williamson's Blog
Configuring Server 2008 for RADIUS Authentication - Matt Williamson's Blog:
"I like connecting to my network using my pfSense firewall's built-in VPN server. Following these steps, I can configure Windows Server 2008 to provide the authentication credentials for pfSense via RADIUS. I figured this out using this great guide that I referenced for Windows Server 2003...
Enable 'reversible password encryption' for your domain users.
Globally:
1.
Admin Tools - Group Policy Management
2.
Choose your forest, domain and then right click your Default Domain Policy and choose Edit.
3.
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> Store passwords using reversible encryption = Enabled.
Per User:
1.
I prefer doing it globally, but you can do it on a per user basis by opening your domain user's properties and checking 'Store password using reversible encryption' on the Account tab.
*Restart the domain controller after these Group Policy changes.
Enable Windows Server 2008 Network Policy Server (NPS)
1.
Add the 'Network Policy and Access Services' role to your domain controller.
2.
Enable these role services during installation:
Network Policy Server
Routing & Remote Access Services
Remote Access Service
Routing
Verify the RADIUS Port Numbers
1.
Server Manager -> Roles -> Network Policy and Access -> Right-click NPS (Local) -> Properties -> Ports Tab.
2.
Verify the defaults for Authentication are 1812,1645.
3.
Verify the defaults for Accounting are 1813, 1646.
4.
The 18 set is for a secure connection, or vice-versa. You can change things to match your RADIUS client, but the defaults should be fine.
Add a new RADIUS Client
1.
NPS (Local) -> RADIUS Clients and Servers -> RADIUS Clients -> Right-click Add new Client.
2.
Add a name, the ip address of your client and create a shared secret.
Add a new Network Policy
1.
NPS (Local) -> Policies -> Right-click Network Policies -> Add new.
2.
Enter a name and leave Type of network access server as Unspecified. Click Next.
3.
Add a condition. Choose Windows Groups. Add a Group ('Domain Users' for example). Click OK, then Next.
4.
Choose Access Granted. Click Next.
5.
Leave the default Authentication Methods. Click Next.
6.
Leave the Default Constraints. (Although they look like some cool new features you may want to use.) Click Next.
7.
Leave the Default Settings. Click Next.
8.
Click Finish.
Granting or Denying Access to Users
1.
Right click a domain user -> Properties -> Dial-in tab.
2.
You can Grant or Deny here, but I just leave the NPS Policy we setup earlier to allow all domain users through.
Configure your RADIUS Client
1.
In this case, I enable a PPTP VPN server on my pfSense firewall and point it to my domain controller/NPS services machine where we just configured everything. Input the shared secret and then login from anywhere!
- 已使用 Google 工具列寄出"
"I like connecting to my network using my pfSense firewall's built-in VPN server. Following these steps, I can configure Windows Server 2008 to provide the authentication credentials for pfSense via RADIUS. I figured this out using this great guide that I referenced for Windows Server 2003...
Enable 'reversible password encryption' for your domain users.
Globally:
1.
Admin Tools - Group Policy Management
2.
Choose your forest, domain and then right click your Default Domain Policy and choose Edit.
3.
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> Store passwords using reversible encryption = Enabled.
Per User:
1.
I prefer doing it globally, but you can do it on a per user basis by opening your domain user's properties and checking 'Store password using reversible encryption' on the Account tab.
*Restart the domain controller after these Group Policy changes.
Enable Windows Server 2008 Network Policy Server (NPS)
1.
Add the 'Network Policy and Access Services' role to your domain controller.
2.
Enable these role services during installation:
Network Policy Server
Routing & Remote Access Services
Remote Access Service
Routing
Verify the RADIUS Port Numbers
1.
Server Manager -> Roles -> Network Policy and Access -> Right-click NPS (Local) -> Properties -> Ports Tab.
2.
Verify the defaults for Authentication are 1812,1645.
3.
Verify the defaults for Accounting are 1813, 1646.
4.
The 18 set is for a secure connection, or vice-versa. You can change things to match your RADIUS client, but the defaults should be fine.
Add a new RADIUS Client
1.
NPS (Local) -> RADIUS Clients and Servers -> RADIUS Clients -> Right-click Add new Client.
2.
Add a name, the ip address of your client and create a shared secret.
Add a new Network Policy
1.
NPS (Local) -> Policies -> Right-click Network Policies -> Add new.
2.
Enter a name and leave Type of network access server as Unspecified. Click Next.
3.
Add a condition. Choose Windows Groups. Add a Group ('Domain Users' for example). Click OK, then Next.
4.
Choose Access Granted. Click Next.
5.
Leave the default Authentication Methods. Click Next.
6.
Leave the Default Constraints. (Although they look like some cool new features you may want to use.) Click Next.
7.
Leave the Default Settings. Click Next.
8.
Click Finish.
Granting or Denying Access to Users
1.
Right click a domain user -> Properties -> Dial-in tab.
2.
You can Grant or Deny here, but I just leave the NPS Policy we setup earlier to allow all domain users through.
Configure your RADIUS Client
1.
In this case, I enable a PPTP VPN server on my pfSense firewall and point it to my domain controller/NPS services machine where we just configured everything. Input the shared secret and then login from anywhere!
- 已使用 Google 工具列寄出"
RADIUS Server
RADIUS Server:
"Network Policy Server (NPS) can be used as a Remote Authentication Dial-In User Service (RADIUS) server to perform authentication, authorization, and accounting for RADIUS clients. A RADIUS client can be an access server, such as a dial-up server or wireless access point, or a RADIUS proxy. When NPS is used as a RADIUS server, it provides the following:
* A central authentication and authorization service for all access requests that are sent by RADIUS clients.
NPS uses a Microsoft® Windows NT® Server 4.0 domain, an Active Directory® Domain Services (AD DS) domain, or the local Security Accounts Manager (SAM) user accounts database to authenticate user credentials for connection attempts. NPS uses the dial-in properties of the user account and network policies to authorize a connection.
* A central accounting recording service for all accounting requests that are sent by RADIUS clients.
Accounting requests are stored in a local log file or a Microsoft® SQL Server™ database for analysis.
- 已使用 Google 工具列寄出"
"Network Policy Server (NPS) can be used as a Remote Authentication Dial-In User Service (RADIUS) server to perform authentication, authorization, and accounting for RADIUS clients. A RADIUS client can be an access server, such as a dial-up server or wireless access point, or a RADIUS proxy. When NPS is used as a RADIUS server, it provides the following:
* A central authentication and authorization service for all access requests that are sent by RADIUS clients.
NPS uses a Microsoft® Windows NT® Server 4.0 domain, an Active Directory® Domain Services (AD DS) domain, or the local Security Accounts Manager (SAM) user accounts database to authenticate user credentials for connection attempts. NPS uses the dial-in properties of the user account and network policies to authorize a connection.
* A central accounting recording service for all accounting requests that are sent by RADIUS clients.
Accounting requests are stored in a local log file or a Microsoft® SQL Server™ database for analysis.
- 已使用 Google 工具列寄出"
2011/01/11
2011/01/07
NAS RAID 網路測試
100Mbps 網路 傳輸約 10MB/s
不論用單獨HDD 或是 RAID 0
使用1000Mbps網路傳輸約 60MB/s
使用cifs or iscsi 傳輸速率差不多
所以差一點在網路
不論用單獨HDD 或是 RAID 0
使用1000Mbps網路傳輸約 60MB/s
使用cifs or iscsi 傳輸速率差不多
所以差一點在網路
訂閱:
文章 (Atom)