网络注意事项和用户帐户Network Considerations and User Accounts

MultiPoint 服务可以在各种网络环境中部署,并且可以支持本地用户帐户和域用户帐户。MultiPoint Services can be deployed in a variety of network environments, and it can support local user accounts and domain user accounts. 通常,MultiPoint 服务用户帐户将在以下网络环境之一中进行管理:Generally, MultiPoint Services user accounts will be managed in one of the following network environments:

  • 使用本地用户帐户运行 MultiPoint 服务的单台计算机A single computer running MultiPoint Services with local user accounts

  • 多台运行 MultiPoint 服务的计算机,每台计算机都有一个本地用户帐户Multiple computers running MultiPoint Services, each with a local user account

  • 多台运行 MultiPoint 服务的计算机,以及使用域用户帐户的计算机Multiple computers running MultiPoint Services and that are using domain user accounts

按照定义,只能从创建本地用户帐户的计算机对其进行访问。By definition, local user accounts can only be accessed from the computer on which they were created. 本地用户帐户是在运行 MultiPoint 服务的特定计算机上创建的用户帐户。Local user accounts are user accounts that are created on a specific computer that is running MultiPoint Services. 与此相反,域用户帐户是位于域控制器上的用户帐户,并且可以从任何连接到域的计算机进行访问。In contrast, domain user accounts are user accounts that reside on a domain controller, and they can be accessed from any computer that is connected to the domain. 确定要使用哪种类型的网络环境时,请考虑以下事项:When you are deciding which type of network environment to use, consider the following:

  • 是否在服务器之间共享资源?Will resources be shared among servers?

  • 用户是否要在服务器之间切换?Will users be switching between servers?

  • 用户是否要访问需要身份验证的数据库服务器?Will users access database servers that require authentication?

  • 用户是否需要访问需要进行身份验证的内部 web 服务器?Will users access internal web servers that require authentication?

  • 是否存在现有 Active Directory 域基础结构?Is there an existing Active Directory domain infrastructure in place?

  • 谁将使用 MultiPoint 管理器控制台来管理用户桌面、查看缩略图、添加用户、限制网站等等?Who will be using the MultiPoint Manager console to manage user desktops, view thumbnails, add users, limit websites, and so on? 此人是否会管理多台服务器?Will this person be managing more than one server? 此人必须具有服务器的管理权限。This person must have administrative privileges on the servers.

以下部分介绍了这些网络环境中的用户帐户管理。The following sections address user account management in these networking environments.

具有本地用户帐户的单点服务器Single MultiPoint Server with local user accounts

在运行 MultiPoint 服务的单台计算机的环境中,不要求有网络。In environments with a single computer that is running MultiPoint Services, there is no requirement to have a network. 但是,若要利用 Internet 资源,网络要求可以是路由器的基本要求,并与 Internet 服务提供商 (ISP) 的连接。However, to take advantage of Internet resources, the networking requirements may be as basic as a router and a connection to an Internet service provider (ISP). 默认情况下,配置了与 MultiPoint 服务上的网络适配器关联的网络连接,以通过 DHCP 自动获得 IP 地址和 DNS 服务器地址。Network connections that are associated with a network adapter on MultiPoint Services are configured, by default, to obtain an IP address and DNS server address automatically through DHCP. 通常将 Internet 路由器配置为 DHCP 服务器,并向连接到内部网络上的计算机的计算机提供专用 IP 地址。Internet routers are typically configured as DHCP servers, and they provide private IP addresses to computers that connect to them on the internal network. 因此,运行 MultiPoint 服务的一台计算机可以连接到路由器的内部接口,获取自动 IP 信息,并通过管理员无需大量精力或配置即可连接到 Internet。Therefore, a single computer running MultiPoint Services may be able to connect to the internal interface of the router, obtain automatic IP information, and connect to the Internet without significant effort or configuration by an administrator.

管理这种环境中的用户的常见方法是为将访问系统的每个用户创建一个本地用户帐户。A common way to manage users in this kind of environment is to create a local user account for each person who will access the system. 在该计算机上拥有本地用户帐户的任何人都可以从与系统关联的任何工作站登录到 MultiPoint 服务。Anyone who has a local user account on that computer can log on to MultiPoint Services from any station that is associated with the system. 可以从 MultiPoint 管理器创建和管理本地用户帐户。Local user accounts can be created and managed from MultiPoint Manager.

具有本地用户帐户的多个 MultiPoint Server 系统Multiple MultiPoint Server systems with local user accounts

假设本地用户帐户只能从创建它们的计算机访问,当你在一个环境中部署多个 MultiPoint 服务系统时,你可以通过以下两种方式之一来管理本地用户帐户:Given that local user accounts are only accessible from the computer on which they were created, when you deploy multiple MultiPoint Services systems in an environment, you can manage local user accounts in one of two ways:

  • 你可以在运行 MultiPoint 服务的特定计算机上为特定个人创建用户帐户。You can create user accounts for specific individuals on specific computers running MultiPoint Services.

  • 在运行 MultiPoint 服务的每台计算机上,可以使用 MultiPoint 管理器为每个用户创建帐户。You can use MultiPoint Manager to create accounts for every user on every computer running MultiPoint Services.

例如,如果你计划将用户分配到运行 MultiPoint 服务的特定计算机,你可以在计算机 A (user01、user02、user03 和 user04) 上创建四个本地用户帐户,在计算机 B 上创建四个本地用户帐户 (user05,user06,user07,,和 user08) 。For example, if you plan to assign users to a specific computer running MultiPoint Services, you might create four local user accounts on Computer A (user01, user02, user03, and user04) and four local user accounts on Computer B (user05, user06, user07, and user08). 在此方案中,用户 01 - 04 可以从连接到计算机 A 的任何工作站登录到计算机 a; 但是,这些用户无法登录到计算机 B。这同样适用于用户 05 - 08,他们将只能登录到计算机 B,而不能登录到计算机 a。具体取决于特定的部署环境,这可以是可接受的,甚至是理想的。In this scenario, users 01-04 can log on to Computer A from any station that is connected to it; however, they cannot log on to Computer B. The same is true for users 05-08, who would be able to log on only to Computer B, but not to Computer A. Depending on the specific deployment environment, this can be acceptable or even desirable.

但是,如果每个用户都必须能够登录到运行 MultiPoint 服务的任何计算机,则必须在运行 MultiPoint 服务的每台计算机上为每个用户创建一个本地用户帐户。However, if every user must be able to log on to any of the computers running MultiPoint Services, a local user account must be created for each user on each computer that is running MultiPoint Services. 选择以这种方式管理用户会带来某些复杂性。Choosing to manage users in this manner introduces certain complexities. 例如,如果 user01 在星期一登录到计算机 A,并将文件保存在 Documents 文件夹中,然后用户在星期二登录到计算机 B,则在计算机 B 上的 "文档" 文件夹中保存的文件将无法访问。For example, if user01 logs on to Computer A on Monday and saves a file in the Documents folder, and then the user logs on to Computer B on Tuesday, the file that was saved in the Documents folder on Computer A will not be accessible on Computer B.

此外,如果用户在计算机 A 和计算机 B 上拥有帐户,则无法自动同步帐户的密码。Additionally, if a user has accounts on Computer A and Computer B, there is no way to automatically synchronize the passwords for the accounts. 这可能会导致用户登录时遇到困难,因为帐户密码在一台计算机上发生更改,而不是在另一台计算机上更改。This can result in users having difficulty logging on should the account password be changed on one computer, but not the other. 可以通过将每个用户分配到运行 MultiPoint 服务的一台计算机,简化此类网络环境中的用户帐户管理。You can simplify user account management in this kind of network environment by assigning each user to a single computer that is running MultiPoint Services. 这样,用户便可以登录到与该计算机相关联的任何工作站并访问相应的文件。This way, the user can log on to any of the stations that are associated with that computer and access the appropriate files.

具有域帐户的多个 MultiPoint 服务系统Multiple MultiPoint Services systems with domain accounts

域环境在包含多个服务器的大型网络环境中很常见。Domain environments are common in large network environments that include multiple servers. 例如,你可以将运行 MultiPoint 服务角色的一台或多台计算机加入到域,然后使用 Microsoft Active Directory 来管理可从域中的任何计算机访问的用户帐户。For example, you might join one or more computers running the MultiPoint Services role to a domain, and then use Microsoft Active Directory to manage user accounts that can be accessed from any computer in the domain. 这样,便可以从任何已加入域的 MultiPoint 服务系统中的任何工作站创建和访问单个域用户帐户。This allows for individual domain user accounts to be created and accessed from any station in any MultiPoint Services system that is joined to the domain.

在域环境中部署 MultiPoint 服务时,需要考虑以下几个因素:When you deploy MultiPoint Services in a domain environment, there are several factors to consider:

  • 如果使用域帐户,则不能从 MultiPoint 管理器对其进行管理。If domain accounts are used, they cannot be managed from MultiPoint Manager.

  • 默认情况下,MultiPoint 服务配置为允许每个用户一次只登录一个工作站。By default, MultiPoint Services is configured to give each user permission to log on to only one station at a time. 如果你决定允许用户使用单个帐户同时登录到多个工作站,则可以使用 MultiPoint 管理器中的 "编辑服务器设置" 选项。If you decide to allow users to log on to multiple stations at the same time using a single account, you can use the Edit Server Settings option in MultiPoint Manager.

  • 域控制器的位置可能会影响用户能够在域中进行身份验证并找到资源的速度和可靠性。The location of domain controllers may affect the speed and reliability with which users will be able to authenticate with the domain and locate resources.

多个工作站的单个用户帐户Single user account for multiple stations

MultiPoint 服务能够使用单个用户帐户同时登录同一计算机上的多个工作站。MultiPoint Services has the ability to log on to multiple stations on the same computer simultaneously using a single user account. 此功能在用户未获得唯一用户名的环境中很有用,其中使用单个用户帐户可以简化 MultiPoint 服务系统的管理。This feature is useful in environments where users are not given unique user names, and where using a single user account can simplify the management of the MultiPoint Services system.