部署存取的協助(示範步驟)Deploy Access-Denied Assistance (Demonstration Steps)

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

本主題如何設定存取的協助,並確認正常運作。This topic explains how to configure access-denied assistance, and verify that it is working properly.

本文件In this document

注意

本主題包含範例 Windows PowerShell cmdlet 可供您將部分所述的程序。This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. 如需詳細資訊,請查看使用 CmdletFor more information, see Using Cmdlets.

步驟 1:設定存取的協助Step 1: Configure access-denied assistance

您可以使用群組原則、設定存取的網域中的協助,或您可以設定協助排列每個檔案伺服器上使用「檔案伺服器資源管理員」主控台。You can configure access-denied assistance within a domain by using Group Policy, or you can configure the assistance individually on each file server by using the File Server Resource Manager console. 您也可以變更特定檔案伺服器上的共用資料夾的存取的訊息。You can also change the access-denied message for a specific shared folder on a file server.

您可以使用群組原則,如下所示設定網域存取的協助:You can configure access-denied assistance for the domain by using Group Policy as follows:

執行此步驟,使用 Windows PowerShellDo this step using Windows PowerShell

若要使用群組原則設定存取的協助To configure access-denied assistance by using Group Policy

  1. 開放群組原則管理。Open Group Policy Management. 在伺服器管理員中,按一下工具,然後按群組原則管理In Server Manager, click Tools, and then click Group Policy Management.

  2. 適當的群組原則,以滑鼠右鍵按一下,然後按一下編輯Right-click the appropriate Group Policy, and then click Edit.

  3. 按一下電腦設定,按一下 [原則,按一下 [系統管理範本],按一下系統,,然後按一下 [ Access-Denied 協助Click Computer Configuration, click Policies, click Administrative Templates, click System, and then click Access-Denied Assistance.

  4. 以滑鼠右鍵按一下自訂訊息存取錯誤的,然後按一下 [編輯Right-click Customize message for Access Denied errors, and then click Edit.

  5. 選取 [啟用選項。Select the Enabled option.

  6. 設定下列選項:Configure the following options:

    1. 無法存取的使用者顯示以下訊息方塊中,輸入訊息使用者將會看到他們時無法檔案或資料夾的存取。In the Display the following message to users who are denied access box, type a message that users will see when they are denied access to a file or folder.

      您可以新增巨集的訊息,會將自訂的文字。You can add macros to the message that will insert customized text. 巨集包括:The macros include:

      • [原始檔案路徑]的原始的檔案路徑存取的使用者。[Original File Path] The original file path that was accessed by the user.

      • [原始的檔案路徑資料夾]上層資料夾的存取的使用者的原始檔案路徑。[Original File Path Folder] The parent folder of the original file path that was accessed by the user.

      • [管理電子郵件]系統管理員的電子郵件收件者的清單。[Admin Email] The administrator email recipient list.

      • [資料擁有者電子郵件]資料擁有者的電子郵件收件者清單。[Data Owner Email] The data owner email recipient list.

    2. 選取 [讓使用者要求協助核取方塊。Select the Enable users to request assistance check box.

    3. 保留其他預設設定。Leave the remaining default settings.

方案指南Windows PowerShell 相當於命令 * * Windows PowerShell equivalent commands*

下列 Windows PowerShell cmdlet 執行上述程序相同的功能。The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. 輸入每個 cmdlet 上一行,,即使它們可能會出現換透過以下幾個行因為格式設定的限制。Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

Set-GPRegistryValue -Name "Name of GPO" -key "HKLM\Software\Policies\Microsoft\Windows\ADR\AccessDenied" -ValueName AllowEmailRequests -Type DWORD -value 1  
Set-GPRegistryValue -Name "Name of GPO" -key "HKLM\Software\Policies\Microsoft\Windows\ADR\AccessDenied" -ValueName GenerateLog -Type DWORD -value 1  
Set-GPRegistryValue -Name "Name of GPO" -key "HKLM\Software\Policies\Microsoft\Windows\ADR\AccessDenied" -ValueName IncludeDeviceClaims -Type DWORD -value 1  
Set-GPRegistryValue -Name "Name of GPO" -key "HKLM\Software\Policies\Microsoft\Windows\ADR\AccessDenied" -ValueName IncludeUserClaims -Type DWORD -value 1  
Set-GPRegistryValue -Name "Name of GPO" -key "HKLM\Software\Policies\Microsoft\Windows\ADR\AccessDenied" -ValueName PutAdminOnTo -Type DWORD -value 1  
Set-GPRegistryValue -Name "Name of GPO" -key "HKLM\Software\Policies\Microsoft\Windows\ADR\AccessDenied" -ValueName PutDataOwnerOnTo -Type DWORD -value 1  
Set-GPRegistryValue -Name "Name of GPO" -key "HKLM\Software\Policies\Microsoft\Windows\ADR\AccessDenied" -ValueName ErrorMessage -Type MultiString -value "Type the text that the user will see in the error message dialog box."  
Set-GPRegistryValue -Name "Name of GPO" -key "HKLM\Software\Policies\Microsoft\Windows\ADR\AccessDenied" -ValueName Enabled -Type DWORD -value 1 

或者,您可以設定存取的協助排列每個檔案伺服器上使用「檔案伺服器資源管理員」主控台。Alternatively, you can configure access-denied assistance individually on each file server by using the File Server Resource Manager console.

執行此步驟,使用 Windows PowerShellDo this step using Windows PowerShell

使用檔案伺服器資源管理員進行存取的協助To configure access-denied assistance by using File Server Resource Manager

  1. 打開檔案伺服器資源管理員。Open File Server Resource Manager. 在伺服器管理員中,按一下工具,然後按檔案伺服器資源管理員In Server Manager, click Tools, and then click File Server Resource Manager.

  2. 以滑鼠右鍵按一下(本機)檔案伺服器資源管理員,然後按一下 [設定選項Right-click File Server Resource Manager (Local), and then click Configure Options.

  3. 按一下Access-Denied 協助索引標籤。Click the Access-Denied Assistance tab.

  4. 選取 [可以存取的協助核取方塊。Select the Enable access-denied assistance check box.

  5. 無法檔案或資料夾的存取的使用者顯示以下訊息方塊中,輸入訊息使用者將會看到他們時無法檔案或資料夾的存取。In the Display the following message to users who are denied access to a folder or file box, type a message that users will see when they are denied access to a file or folder.

    您可以新增巨集的訊息,會將自訂的文字。You can add macros to the message that will insert customized text. 巨集包括:The macros include:

    • [原始檔案路徑]的原始的檔案路徑存取的使用者。[Original File Path] The original file path that was accessed by the user.

    • [原始的檔案路徑資料夾]上層資料夾的存取的使用者的原始檔案路徑。[Original File Path Folder] The parent folder of the original file path that was accessed by the user.

    • [管理電子郵件]系統管理員的電子郵件收件者的清單。[Admin Email] The administrator email recipient list.

    • [資料擁有者電子郵件]資料擁有者的電子郵件收件者清單。[Data Owner Email] The data owner email recipient list.

  6. 按一下設定電子郵件要求,請選取可讓使用者要求協助核取方塊,並再按[確定]Click Configure email requests, select the Enable users to request assistance check box, and then click OK.

  7. 按一下預覽如果您想要查看的錯誤訊息給使用者。Click Preview if you want to see how the error message will look to the user.

  8. 按一下[確定]Click OK.

方案指南Windows PowerShell 相當於命令 * * Windows PowerShell equivalent commands*

下列 Windows PowerShell cmdlet 執行上述程序相同的功能。The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. 輸入每個 cmdlet 上一行,,即使它們可能會出現換透過以下幾個行因為格式設定的限制。Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

Set-FSRMAdrSetting -Event "AccessDenied" -DisplayMessage "Type the text that the user will see in the error message dialog box." -Enabled:$true -AllowRequests:$true  

設定存取的協助之後,您必須所有的檔案類型的可以使用群組原則。After you configure the access-denied assistance, you must enable it for all file types by using Group Policy.

執行此步驟,使用 Windows PowerShellDo this step using Windows PowerShell

若要使用群組原則的所有檔案類型的設定存取的協助To configure access-denied assistance for all file types by using Group Policy

  1. 開放群組原則管理。Open Group Policy Management. 在伺服器管理員中,按一下工具,然後按群組原則管理In Server Manager, click Tools, and then click Group Policy Management.

  2. 適當的群組原則,以滑鼠右鍵按一下,然後按一下編輯Right-click the appropriate Group Policy, and then click Edit.

  3. 按一下電腦設定,按一下 [原則,按一下 [系統管理範本],按一下系統,,然後按一下 [ Access-Denied 協助Click Computer Configuration, click Policies, click Administrative Templates, click System, and then click Access-Denied Assistance.

  4. 以滑鼠右鍵按一下的所有檔案類型,可以存取的協助 client,然後按一下 [編輯Right-click Enable access-denied assistance on client for all file types, and then click Edit.

  5. 按一下啟用,然後按[確定]Click Enabled, and then click OK.

方案指南Windows PowerShell 相當於命令 * * Windows PowerShell equivalent commands*

下列 Windows PowerShell cmdlet 執行上述程序相同的功能。The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. 輸入每個 cmdlet 上一行,,即使它們可能會出現換透過以下幾個行因為格式設定的限制。Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

Set-GPRegistryValue -Name "Name of GPO" -key "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explore" -ValueName EnableShellExecuteFileStreamCheck -Type DWORD -value 1  

您也可以使用 [檔案伺服器資源管理員」主控台檔案伺服器上指定的每個共用資料夾不同存取的訊息。You can also specify a separate access-denied message for each shared folder on a file server by using the File Server Resource Manager console.

執行此步驟,使用 Windows PowerShellDo this step using Windows PowerShell

若要指定的共用資料夾不同存取的訊息使用檔案伺服器資源管理員To specify a separate access-denied message for a shared folder by using File Server Resource Manager

  1. 打開檔案伺服器資源管理員。Open File Server Resource Manager. 在伺服器管理員中,按一下工具,然後按檔案伺服器資源管理員In Server Manager, click Tools, and then click File Server Resource Manager.

  2. 展開(本機)檔案伺服器資源管理員,然後按一下 [管理分類Expand File Server Resource Manager (Local), and then click Classification Management.

  3. 以滑鼠右鍵按一下分類屬性,然後按一下 [設定資料夾管理屬性Right-click Classification Properties, and then click Set Folder Management Properties.

  4. 屬性方塊中,按一下 [ Access-Denied 協助訊息,然後按一下 [新增In the Property box, click Access-Denied Assistance Message, and then click Add.

  5. 按一下瀏覽],然後選擇 [應該會有自訂存取的郵件資料夾。Click Browse, and then choose the folder that should have the custom access-denied message.

  6. 方塊中輸入時,他們無法存取該資料夾中的資源必須向使用者的訊息。In the Value box, type the message that should be presented to the users when they cannot access a resource within that folder.

    您可以新增巨集的訊息,會將自訂的文字。You can add macros to the message that will insert customized text. 巨集包括:The macros include:

    • [原始檔案路徑]的原始的檔案路徑存取的使用者。[Original File Path] The original file path that was accessed by the user.

    • [原始的檔案路徑資料夾]上層資料夾的存取的使用者的原始檔案路徑。[Original File Path Folder] The parent folder of the original file path that was accessed by the user.

    • [管理電子郵件]系統管理員的電子郵件收件者的清單。[Admin Email] The administrator email recipient list.

    • [資料擁有者電子郵件]資料擁有者的電子郵件收件者清單。[Data Owner Email] The data owner email recipient list.

  7. 按一下[確定],然後按關閉Click OK, and then click Close.

方案指南Windows PowerShell 相當於命令 * * Windows PowerShell equivalent commands*

下列 Windows PowerShell cmdlet 執行上述程序相同的功能。The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. 輸入每個 cmdlet 上一行,,即使它們可能會出現換透過以下幾個行因為格式設定的限制。Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

Set-FSRMMgmtProperty -Namespace "folder path" -Name "AccessDeniedMessage_MS" -Value "Type the text that the user will see in the error message dialog box."  

步驟 2:設定電子郵件通知設定Step 2: Configure the email notification settings

您必須設定電子郵件通知設定,將會傳送訊息存取的協助每個檔案伺服器上。You must configure the email notification settings on each file server that will send the access-denied assistance messages.

執行此步驟,使用 Windows PowerShellDo this step using Windows PowerShell

  1. 打開檔案伺服器資源管理員。Open File Server Resource Manager. 在伺服器管理員中,按一下工具,然後按檔案伺服器資源管理員In Server Manager, click Tools, and then click File Server Resource Manager.

  2. 以滑鼠右鍵按一下(本機)檔案伺服器資源管理員,然後按一下 [設定選項Right-click File Server Resource Manager (Local), and then click Configure Options.

  3. 按一下的電子郵件通知索引標籤。Click the Email Notifications tab.

  4. 下列設定:Configure the following settings:

    • SMTP 伺服器名稱或 IP 位址方塊中,輸入您的組織 SMTP 伺服器的 IP 位址的名稱。In the SMTP server name or IP address box, type the name of IP address of the SMTP server in your organization.

    • 預設的系統管理員收件者預設 '電子郵件地址從]方塊中,輸入檔案伺服器管理員中的電子郵件地址。In the Default administrator recipients and Default 'From' e-mail address boxes, type the email address of the file server administrator.

  5. 按一下傳送測試電子郵件]以確保電子郵件通知設定正確。Click Send Test E-mail to ensure that the email notifications are configured correctly.

  6. 按一下[確定]Click OK.

方案指南Windows PowerShell 相當於命令 * * Windows PowerShell equivalent commands*

下列 Windows PowerShell cmdlet 執行上述程序相同的功能。The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. 輸入每個 cmdlet 上一行,,即使它們可能會出現換透過以下幾個行因為格式設定的限制。Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

set-FSRMSetting -SMTPServer "server1" -AdminEmailAddress "fileadmin@contoso.com" -FromEmailAddress "fileadmin@contoso.com"  

步驟 3:確認已正確設定存取的協助Step 3: Verify that access-denied assistance is configured correctly

您可以檢查存取的協助正確設定所需執行的 Windows 8 嘗試存取共用或中的檔案共用它們不擁有的存取權的使用者。You can verify that the access-denied assistance is configured correctly by having a user who is running Windows 8 try to access a share or a file in that share that they do not have access to. 訊息存取的出現時,使用者應該會看到要求協助按鈕。When the access-denied message appears, the user should see a Request Assistance button. 按一下要求協助按鈕後,使用者可以指定存取的原因,然後資料夾擁有者或檔案伺服器管理員傳送電子郵件。After clicking the Request Assistance button, the user can specify a reason for access and then send an email to the folder owner or file server administrator. 資料夾擁有者或檔案伺服器管理員可確認您的電子郵件貨送到時包含適當的詳細資訊。The folder owner or file server administrator can verify for you that the email arrived and contains the appropriate details.

重要

如果您想要存取的協助確認所遇到的使用者身分執行的 Windows Server 2012,您必須先連接檔案共用安裝桌面體驗。If you want to verify access-denied assistance by having a user who is running Windows Server 2012 , you must install the Desktop Experience before connecting to the file share.

也了See also