使用群組原則設定的網域成員 Client 電腦Use Group Policy to Configure Domain Member Client Computers

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

您可以使用下列程序,設定的網域成員 client 電腦分散式快取模式或裝載快取模式,並設定 Windows 防火牆進階安全性允許 BranchCache 資料傳輸與在組織中建立的所有電腦群組原則物件。You can use these procedures to create a Group Policy Object for all of the computers in your organization, to configure domain member client computers with distributed cache mode or hosted cache mode, and to configure Windows Firewall with Advanced Security to allow BranchCache traffic.

本章節包含下列程序。This section contains the following procedures.

  1. 建立群組原則物件和設定 BranchCache 模式To create a Group Policy Object and configure BranchCache modes

  2. 設定 Windows 防火牆使用進階安全性輸入流量規則To configure Windows Firewall with Advanced Security Inbound Traffic Rules

  3. 設定 Windows 防火牆使用進階安全性輸出交通規則To configure Windows Firewall with Advanced Security Outbound Traffic Rules

提示

下列程序,要求您的預設網域原則中建立群組原則物件,但是您可以建立物件 (組織單位) 組織單位或其他容器的是適用於您的部署。In the following procedure, you are instructed to create a Group Policy Object in the Default Domain Policy, however you can create the object in an organizational unit (OU) or other container that is appropriate for your deployment.

您必須成員的網域系統管理員,或相當於執行這些程序。You must be a member of Domain Admins, or equivalent to perform these procedures.

建立群組原則物件和設定 BranchCache 模式To create a Group Policy Object and configure BranchCache modes

  1. 安裝的電腦上的 Active Directory Domain Services 伺服器角色是,在伺服器管理員中,按一下 [工具,然後按群組原則管理On a computer upon which the Active Directory Domain Services server role is installed, in Server Manager, click Tools, and then click Group Policy Management. 群組原則管理主控台開啟。The Group Policy Management console opens.

  2. 在群組原則管理主控台中,展開下列路徑:樹系: example.com網域example.com群組原則物件,其中example.com BranchCache client 電腦帳號您想要設定的網域名稱。In the Group Policy Management console, expand the following path: Forest: example.com, Domains, example.com, Group Policy Objects, where example.com is the name of the domain where the BranchCache client computer accounts that you want to configure are located.

  3. 以滑鼠右鍵按一下群組原則物件,然後按一下 [新增]Right-click Group Policy Objects, and then click New. 新的 GPO對話方塊。The New GPO dialog box opens. 名稱,輸入名稱的新群組原則物件 (GPO)。In Name, type a name for the new Group Policy Object (GPO). 如果您想要的物件 BranchCache Client 電腦的名稱,例如,輸入BranchCache Client 電腦For example, if you want to name the object BranchCache Client Computers, type BranchCache Client Computers. 按一下[確定]Click OK.

  4. 在群組原則管理主控台中,確定群組原則物件已選取,然後在詳細資料窗格中您剛建立 GPO 上按一下滑鼠右鍵。In the Group Policy Management console, ensure that Group Policy Objects is selected, and in the details pane right-click the GPO that you just created. 例如,如果您 GPO BranchCache Client 電腦,以滑鼠右鍵按一下BranchCache Client 電腦For example, if you named your GPO BranchCache Client Computers, right-click BranchCache Client Computers. 按一下編輯Click Edit. 群組原則編輯器] 管理主控台開啟。The Group Policy Management Editor console opens.

  5. 在群組原則編輯器] 管理主控台中,展開下列路徑:電腦設定原則系統管理範本: 原則 (ADMX 擷取定義檔案) 從本機電腦網路BranchCacheIn the Group Policy Management Editor console, expand the following path: Computer Configuration, Policies, Administrative Templates: Policy definitions (ADMX files) retrieved from the local computer, Network, BranchCache.

  6. 按一下BranchCache,然後在詳細資料窗格中,按兩下上 BranchCache 關閉Click BranchCache, and then in the details pane, double-click Turn on BranchCache. 原則設定對話方塊。The policy setting dialog box opens.

  7. 上 BranchCache 關閉對話方塊中,按一下 [啟用,,然後按一下 [ [確定]In the Turn on BranchCache dialog box, click Enabled, and then click OK.

  8. 若要讓 BranchCache 分散式快取模式中的詳細資料窗格中,按兩下 [設定 BranchCache 分散式快取模式To enable BranchCache distributed cache mode, in the details pane, double-click Set BranchCache Distributed Cache mode. 原則設定對話方塊。The policy setting dialog box opens.

  9. 設定 BranchCache 散發快取模式對話方塊中,按一下啟用,然後按一下 [ [確定]In the Set BranchCache Distributed Cache mode dialog box, click Enabled, and then click OK.

  10. 如果您有一或多個分公司位置您要部署 BranchCache 裝載快取模式,以及您已部署裝載快取伺服器這些辦公室中的,按兩下 [讓自動裝載快取探索服務連接點的If you have one or more branch offices where you are deploying BranchCache in hosted cache mode, and you have deployed hosted cache servers in those offices, double-click Enable Automatic Hosted Cache Discovery by Service Connection Point. 原則設定對話方塊。The policy setting dialog box opens.

  11. 讓自動裝載快取探索服務連接點,對話方塊中,按啟用,,然後按一下 [ [確定]In the Enable Automatic Hosted Cache Discovery by Service Connection Point dialog box, click Enabled, and then click OK.

    注意

    支援兩設定 BranchCache 分散式快取模式可讓自動裝載快取探索服務連接點,原則設定,client 電腦操作 BranchCache 分散式快取模式除非它們找到裝載快取伺服器分公司操作裝載快取模式中的時間點。When you enable both the Set BranchCache Distributed Cache mode and the Enable Automatic Hosted Cache Discovery by Service Connection Point policy settings, client computers operate in BranchCache distributed cache mode unless they find a hosted cache server in the branch office, at which point they operate in hosted cache mode.

  12. 使用下列程序防火牆電腦上設定 client 使用群組原則。Use the procedures below to configure firewall settings on client computers by using Group Policy.

設定 Windows 防火牆使用進階安全性輸入流量規則To configure Windows Firewall with Advanced Security Inbound Traffic Rules

  1. 在群組原則管理主控台中,展開下列路徑:樹系: example.com網域example.com群組原則物件,其中example.com BranchCache client 電腦帳號您想要設定的網域名稱。In the Group Policy Management console, expand the following path: Forest: example.com, Domains, example.com, Group Policy Objects, where example.com is the name of the domain where the BranchCache client computer accounts that you want to configure are located.

  2. 在群組原則管理主控台中,確定群組原則物件已選取,然後在詳細資料窗格中 BranchCache client 電腦您先前建立 GPO 上按一下滑鼠右鍵。In the Group Policy Management console, ensure that Group Policy Objects is selected, and in the details pane right-click the BranchCache client computers GPO that you created previously. 例如,如果您 GPO BranchCache Client 電腦,以滑鼠右鍵按一下BranchCache Client 電腦For example, if you named your GPO BranchCache Client Computers, right-click BranchCache Client Computers. 按一下編輯Click Edit. 群組原則編輯器] 管理主控台開啟。The Group Policy Management Editor console opens.

  3. 在群組原則編輯器] 管理主控台中,展開下列路徑:電腦設定原則Windows 設定的安全性設定Windows 防火牆使用進階安全性使用進階安全性-LDAP Windows 防火牆輸入規則In the Group Policy Management Editor console, expand the following path: Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security, Windows Firewall with Advanced Security - LDAP, Inbound Rules.

  4. 以滑鼠右鍵按一下輸入規則,然後按新規則Right-click Inbound Rules, and then click New Rule. [新增輸入規則精靈開啟。The New Inbound Rule Wizard opens.

  5. 規則類型,按一下 [預先定義的,展開清單中選擇,然後按一下 [ BranchCache-擷取內容 (使用 HTTP)In Rule Type, click Predefined, expand the list of choices, and then click BranchCache - Content Retrieval (Uses HTTP). 按一下下一步Click Next.

  6. 預先定義的規則,按一下 [In Predefined Rules, click Next.

  7. 動作,確保允許連接已選取,然後按一下 [完成]In Action, ensure that Allow the connection is selected, and then click Finish.

    重要

    您必須選取 [允許連接,才能接收此連接埠流量 BranchCache client 的。You must select Allow the connection for the BranchCache client to be able to receive traffic on this port.

  8. 若要建立 WS 探索防火牆例外,再以滑鼠右鍵按一下輸入規則,然後按一下 [新規則To create the WS-Discovery firewall exception, again right-click Inbound Rules, and then click New Rule. [新增輸入規則精靈開啟。The New Inbound Rule Wizard opens.

  9. 規則類型,按一下 [預先定義的,展開清單中選擇,然後按一下 [ BranchCache-等探索 (使用 WSD)In Rule Type, click Predefined, expand the list of choices, and then click BranchCache - Peer Discovery (Uses WSD). 按一下下一步Click Next.

  10. 預先定義的規則,按一下 [In Predefined Rules, click Next.

  11. 動作,確保允許連接已選取,然後按一下 [完成]In Action, ensure that Allow the connection is selected, and then click Finish.

    重要

    您必須選取 [允許連接,才能接收此連接埠流量 BranchCache client 的。You must select Allow the connection for the BranchCache client to be able to receive traffic on this port.

設定 Windows 防火牆使用進階安全性輸出交通規則To configure Windows Firewall with Advanced Security Outbound Traffic Rules

  1. 在群組原則編輯器] 管理主控台中,以滑鼠右鍵按一下輸出規則,然後按新規則In the Group Policy Management Editor console, right-click Outbound Rules, and then click New Rule. 新的輸出規則精靈開啟。The New Outbound Rule Wizard opens.

  2. 規則類型,按一下 [預先定義的,展開清單中選擇,然後按一下 [ BranchCache-擷取內容 (使用 HTTP)In Rule Type, click Predefined, expand the list of choices, and then click BranchCache - Content Retrieval (Uses HTTP). 按一下下一步Click Next.

  3. 預先定義的規則,按一下 [In Predefined Rules, click Next.

  4. 動作,確保允許連接已選取,然後按一下 [完成]In Action, ensure that Allow the connection is selected, and then click Finish.

    重要

    您必須選取 [允許連接以傳送此連接埠 BranchCache client 的。You must select Allow the connection for the BranchCache client to be able to send traffic on this port.

  5. 若要建立 WS 探索防火牆例外,再以滑鼠右鍵按一下輸出規則,然後按一下 [新規則To create the WS-Discovery firewall exception, again right-click Outbound Rules, and then click New Rule. 新的輸出規則精靈開啟。The New Outbound Rule Wizard opens.

  6. 規則類型,按一下 [預先定義的,展開清單中選擇,然後按一下 [ BranchCache-等探索 (使用 WSD)In Rule Type, click Predefined, expand the list of choices, and then click BranchCache - Peer Discovery (Uses WSD). 按一下下一步Click Next.

  7. 預先定義的規則,按一下 [In Predefined Rules, click Next.

  8. 動作,確保允許連接已選取,然後按一下 [完成]In Action, ensure that Allow the connection is selected, and then click Finish.

    重要

    您必須選取 [允許連接以傳送此連接埠 BranchCache client 的。You must select Allow the connection for the BranchCache client to be able to send traffic on this port.