resources:courses:gws_c1
差别
这里会显示出您选择的修订版和当前版本之间的差别。
| 两侧同时换到之前的修订记录前一修订版后一修订版 | 前一修订版 | ||
| resources:courses:gws_c1 [2025/01/20 22:55] – 移除 - 外部编辑 (未知日期) 127.0.0.1 | resources:courses:gws_c1 [2025/01/20 22:56] (当前版本) – jackiez | ||
|---|---|---|---|
| 行 1: | 行 1: | ||
| + | # 第一章 GWS介绍 | ||
| + | 首先要申请一个14天的试用版来学习,有多个版本可以试用,如 | ||
| + | * Individual | ||
| + | * Business | ||
| + | * Business Starter | ||
| + | * Business Standard | ||
| + | * Business Plus | ||
| + | * Enterprise | ||
| + | 参考链接:[[https:// | ||
| + | 1.因为Enterprise版本要联系谷歌销售,所以我只申请了功能次高的Business Plus | ||
| + | {{: | ||
| + | 2.输入基本信息,选择试用14天,然后输入信用卡,验证手机输入验证码后即可开始使用。 | ||
| + | {{: | ||
| + | 3.然后是域所有权验证,在Xserver管理面板,添加DNS记录(一条TXT,一条CNAME) | ||
| + | 不到1分钟,就显示通过验证 | ||
| + | {{: | ||
| + | 4.为了从Xserver的Webmail切换到Gmail,需要替换MX记录 | ||
| + | 原MX记录的值就是trident365.com, | ||
| + | {{: | ||
| + | ## 练习1 创建OU,添加用户 | ||
| + | {{: | ||
| + | 首先创建3个OU,分别是 | ||
| + | * Executive | ||
| + | * Employees | ||
| + | * Contractors | ||
| + | 路径是Admin Console> | ||
| + | 然后点击Create organizational Unit | ||
| + | 为方便起见,将界面语言设置为英文。 | ||
| + | {{: | ||
| + | 然后是批量添加用户,下载空白csv模板,输入必须信息,注意密码设置要求8位以上。 | ||
| + | {{: | ||
| + | 很快就完成了 | ||
| + | {{: | ||
| + | ## 练习2 登录Admin Console | ||
| + | 过于简单,略 | ||
| + | ## 练习3 确认DNS记录 | ||
| + | Admin> | ||
| + | 如果是从Google Domains处购买的域名,则可以设置Advanced DNS Settings,但我不是,所以不需要。 | ||
| + | 添加SPF记录(TXT) | ||
| + | 参考链接:[[https:// | ||
| + | ## GWS各功能介绍 | ||
| + | - Users: 添加和管理用户 | ||
| + | - Domains: 验证域名,添加域名别名等 | ||
| + | - Billing 添加支付方式(如信用卡,查看订单,管理订阅,分发Licenses等) | ||
| + | - Groups: 创建组和邮件列表 | ||
| + | - Apps: 管理GWS的应用,如Gmail和Calendar | ||
| + | - Devices: 保护组织管理下的设备 | ||
| + | - Account: DIY组织的详情,设置沟通优先选, | ||
| + | - Organizational Unit (OU): | ||
| + | - Security: 管理安全设定,如强制2步验证,监视,强制密码等 | ||
| + | - Reports: 查看报告和监查日志,监视用户和管理员活动 | ||
| + | - Building and Resources: 管理和监视建筑,房间和资源 | ||
| + | - Rules: 创建规则和报警 | ||
| + | - Admin roles: | ||
| + | - Data migration: 数据迁移服务,如导入邮件,日程,联系方式等 | ||
| + | - Support: | ||
| + | |||
| + | ## 练习4: 查看公司Profile | ||
| + | Admin> | ||
| + | 再点击Profile Settings, | ||
| + | {{: | ||
| + | 比如Support Message会显示在用户登录User Dashboard时,帮助用户获得IT支持。 | ||
| + | 还可以设置各用户的默认语言和地区/ | ||
| + | 再点击Preferences, | ||
| + | 用于设置各新功能和产品的可用时间, | ||
| + | - New features, | ||
| + | - New products, | ||
| + | - Communication preferences, | ||
| + | {{: | ||
| + | 在Personalization里设置个性化,如公司Logo,已经换上了网站Logo。 | ||
| + | 在Supplemental data storage里设置备用数据存储位置,只有一个可选项,俄罗斯。 | ||
| + | 这个可以为各OU单位设置,也可以为全公司设置。 | ||
| + | 这里有谷歌数据中心的清单 [[https:// | ||
| + | 日本只有一个,在印西市(去往成田机场方向的路上,在千叶) | ||
| + | Conflicting accounts management, | ||
| + | {{: | ||
| + | Legal and Compliance | ||
| + | 可以查看关于GWS合规性的一些链接,类似于SaaS评估时查看的那些东西。 | ||
| + | 还可以设置组织的Privacy代表,Data Protection代表,合规专员,以及对于CDPA(Cloud data processing Addendum)和GDPR的遵守情况。 | ||
| + | Custom URLs, | ||
| + | ## 测试1: | ||
| + | < | ||
| + | - Mail Exchanger (MX) record. | ||
| + | - CNAME (Alias) record. | ||
| + | - Google Site Verification record. | ||
| + | - **Sender Policy Framework (SPF) record.** | ||
| + | < | ||
| + | - **Verify that you own the domain that you want to associate with Google Workspace.** | ||
| + | - Configure MX records to point to Google. | ||
| + | - All these. | ||
| + | - Provide Google with proof of identity. | ||
| + | < | ||
| + | - At least 2 weeks | ||
| + | - **At least 1 week** | ||
| + | - At least 1 month | ||
| + | - At least 3 months | ||
| + | |||
| + | ## Provisioning | ||
| + | 有4种方式可以添加用户(每个用户都需要License) | ||
| + | - 手动添加 | ||
| + | - 批量添加(csv文件) | ||
| + | - 通过Admin SDK Directory API | ||
| + | - 通过Provisioning工具,如Google Cloud Directory Sync | ||
| + | |||
| + | ## 练习1 | ||
| + | 单独添加用户,因为试用版只能放10个用户,前面已批量添加过了,这次只记录下要点。 | ||
| + | 密码要求是8到100位之间,并且要求用户初次登录时要变更密码。 | ||
| + | ## 练习2 | ||
| + | 批量添加用户,之前已经实践过了,略。使用csv文件新建用户,一次是200名。 | ||
| + | ## Admin SDK and LDAP API | ||
| + | 可以将Google用户和权限与本地LDAP(如微软的AD)进行同步,而且这个同步是单向的。 | ||
| + | 对于重复性工作,要中以使用Admin SDK和API进行自动化。 | ||
| + | ## 测试2 | ||
| + | < | ||
| + | - Home Address | ||
| + | - Job Title | ||
| + | - Middle Name | ||
| + | - **Password** | ||
| + | - **Last Name** | ||
| + | < | ||
| + | - **Add all the new users at once from a .csv file.** | ||
| + | - Use GCDS to provision your new users. | ||
| + | - Add the new users manually | ||
| + | - Have them create their own accounts with the “Invite users” option. | ||
| + | < | ||
| + | - It provides a two-way sync that relies on object modified dates to determine which directory wins. | ||
| + | - GCDS is used for provisioning only. | ||
| + | - It updates the local LDAP directory with Google Workspace information. | ||
| + | - **It updates Google Workspace with information from the local LDAP directory.** | ||
| + | < | ||
| + | - None of these. | ||
| + | - **The admin can enter a password manually or allow the console to generate a temporary password for the new user.** | ||
| + | - Admins need to upload a default password to Google Workspace before adding any users. | ||
| + | - Google Workspace requires the admin to manually add passwords for every single user that is added to the domain. | ||
| + | |||
| + | < | ||
| + | - 10 characters | ||
| + | - 12 characters | ||
| + | - 6 characters | ||
| + | - **8 characters** | ||
| + | |||
| + | ## 练习1 创建Groups | ||
| + | 要求,仅CEO才可以向全公司发通知 | ||
| + | Admin> | ||
| + | {{: | ||
| + | 设置**Access Type**为Announcement only(其他只发不可回复的Group也可以这么选) | ||
| + | {{: | ||
| + | Access设定保持默认,只有Group Owners和Managers可以发布消息。 | ||
| + | {{: | ||
| + | 添加所有用户到该Group | ||
| + | {{: | ||
| + | 稍等片刻,显示所有用户(如果未来新增也会自动加入) | ||
| + | {{: | ||
| + | 再手动添加Sam,并把他的Role改为Manager,点SAVE保存。 | ||
| + | {{: | ||
| + | |||
| + | 继续创建另一个Group | ||
| + | {{: | ||
| + | 这次有一个Owner是Sam,并且组标签勾选Security。Access设定保持默认,添加组成员 | ||
| + | Sam, | ||
| + | 再把Sam的角色从Owner降级为Manager | ||
| + | 退出当前账户,使用Sam的账户登录Gmail | ||
| + | 分别给everyone的组邮件和management的组邮件发送一份邮件 | ||
| + | {{: | ||
| + | {{: | ||
| + | 然后从9个点中打开Group服务,查看我的群组,点击每个群组查看刚才发的邮件。 | ||
| + | {{: | ||
| + | 然后再退出,并切换到Will的账户,查看收件箱。 | ||
| + | {{: | ||
| + | 同样,给2个组邮箱分别发邮件,因为Will没有权限(Sam是管理者权限),所以他只会收到错误通知。 | ||
| + | 但只收到了发给everyone群组的错误通知,**发给management的还没有回复。** | ||
| + | 再切换到Lars的账户登录,查看邮件,因为Lars是Managment群组的成员,所以他会收到Sam发的2封邮件,而Will发的他也收到了,因为群组权限Who can post里有整个组织,所以Will虽然不是组成员,也能发邮件到该组。 | ||
| + | {{: | ||
| + | 同时,再发邮件给2个群组,会收到Everyone群组的未达通知,因为只有CEO才有权限, | ||
| + | {{: | ||
| + | {{: | ||
| + | |||
| + | ## 测试3 | ||
| + | < | ||
| + | - Using the Groups for Business service at groups.google.com. | ||
| + | - From the admin console. | ||
| + | - Using GCDS. | ||
| + | - **Using Gmail.** | ||
| + | |||
| + | < | ||
| + | - Once you have created the group, use GCDS to update membership. | ||
| + | - **Check the 'Add all current and future users of** | ||
| + | - Add all members to the group individually. As new people join the organization you must manually add these. | ||
| + | - Once you have created the group, use the Admin SDK to update membership. | ||
| + | |||
| + | ## 测试4 | ||
| + | < | ||
| + | - Features (such as video, audio equipment) are associated with a Building. | ||
| + | - **Features (such as video, audio equipment) are associated with a Resource.** | ||
| + | - Resources are normally associated with a building so it is recommended that buildings are defined first and you choose the building when adding the resource. | ||
| + | - **Resources belong to a building so you cannot add a resource without a building definition.** | ||
| + | |||
| + | < | ||
| + | - From the Calendar service settings in the admin console. | ||
| + | - From the Buildings and Resources area in the admin console. | ||
| + | - From the admin console or Google Calendar. | ||
| + | - **From Google Calendar.** | ||
| + | |||
| + | |||
| + | < | ||
| + | - **Capacity.** | ||
| + | - Email address. | ||
| + | - Physical address. | ||
| + | - **Name.** | ||
| + | |||
| + | ## 练习1 | ||
| + | {{: | ||
| + | 为用户Samantha Morse添加别名邮箱,同事一般称呼他为Sam。可以添加多个别名邮箱。 | ||
| + | {{: | ||
| + | < | ||
| + | ## 练习2 | ||
| + | 重置用户密码。长期休假回来的用户,忘记了自己的密码,导致账户被锁,需要重置。 | ||
| + | {{: | ||
| + | 2选1,然后复制新密码, | ||
| + | {{: | ||
| + | UK52hnhDnqYR6bU* | ||
| + | < | ||
| + | 2.如果管理员设置了Self-Service重置密码,用户即使忘记密码也可以进行重置,但如果是SSO登录,比如使用Hennge One,则用户不能自己重置PW</ | ||
| + | {{: | ||
| + | ## 练习3 | ||
| + | 重命名用户 | ||
| + | 即变更PrimaryEmail的名字 | ||
| + | < | ||
| + | ## 练习4 | ||
| + | 封号操作,也不能给该用户发送会议邀请或是邮件。比如对于休假的人? | ||
| + | {{: | ||
| + | 如果只想查看被封号的用户,可以使用Filter筛选。 | ||
| + | {{: | ||
| + | 解封操作如下: | ||
| + | {{: | ||
| + | < | ||
| + | 如果用户违反了谷歌的服务条款,如滥用,则管理员也不能解封,需要联系技术支持。</ | ||
| + | ## 练习5 | ||
| + | 删除一个用户。注意该用户的数据需要迁移。 | ||
| + | {{: | ||
| + | 具体选项如下: | ||
| + | {{: | ||
| + | < | ||
| + | ## 练习6 | ||
| + | 撤销删除操作。 | ||
| + | 添加User Filter,选择[Recently delete], | ||
| + | {{: | ||
| + | 选择Recover,然后选择最高组织级别。 | ||
| + | < | ||
| + | |||
| + | ## 测试5 | ||
| + | < | ||
| + | - Site-based licenses can be manually or automatically assigned by the administrator. | ||
| + | - **Site-based licenses are automatically assigned to all users in the organization.** | ||
| + | - They are manually assigned by the administrator. | ||
| + | |||
| + | < | ||
| + | - **Calendar.** | ||
| + | - Contacts | ||
| + | - **Email Address** | ||
| + | - Items in Trash | ||
| + | - Sites | ||
| + | |||
| + | <q>To allow a single user to receive email in their Gmail inbox addressed to multiple addresses you would add?</ | ||
| + | - A new account pointing to the existing user's inbox. | ||
| + | - **An email alias.** | ||
| + | - A domain alias. | ||
| + | - Any of the other options. | ||
| + | |||
| + | < | ||
| + | - **A suspended user cannot login to their account.** | ||
| + | - The user can log in and view their account but not add any new content (emails, docs, calendar events, etc..) | ||
| + | - **Email and new calendar invites are blocked on a suspended user's account.** | ||
| + | - A suspended user cannot log in to Google Workspace but they do continue to receive email and calendar invites. | ||
| + | |||
| + | < | ||
| + | - Only if the organization is using SSO. | ||
| + | - **Only if the administrator has enabled non-admin password recovery.** | ||
| + | - By default every user can recover their password from the Google Workspace sign in page. | ||
| + | - Never. Only administrators can recover a forgotten password. | ||
| + | |||
| + | ## 练习1 | ||
| + | 创建新OU,然后选择对应的用户到OU中,这个在最开始批量导入用户的时候已经完成了,所以不需要再练习了。 | ||
| + | < | ||
| + | ## 练习2 | ||
| + | 限制访问GWS服务 | ||
| + | 对于谷歌翻译,要求只对执行役员有效,则先对全员OFF,再对役员ON即可。 | ||
| + | {{: | ||
| + | {{: | ||
| + | ## 测试6 | ||
| + | < | ||
| + | - A user may belong to multiple OUs. | ||
| + | - **A Google Workspace account may contain multiple OUs.** | ||
| + | - **A user may belong to one OU only.** | ||
| + | - OUs are comprised of groups. | ||
| + | |||
| + | < | ||
| + | - Create a Google group, add the contractors to the group, and turn off Blogger for the group. | ||
| + | - Disable the Blogger service in the user profile for each contractor. | ||
| + | - **Move the contractors into an OU and turn off Blogger for that OU.** | ||
| + | - Restrict access to Blogger in the Blogger profile for each contractor. | ||
| + | |||
| + | < | ||
| + | - All settings for all OUs, no matter the hierarchy, start out the same. | ||
| + | - You must manually configure the settings for each new organizational unit you add to your account. | ||
| + | - **Each child OU inherits settings from its parent, which you can then customize.** | ||
| + | - All settings are the same for each level within the organizational hierarchy. | ||
| + | |||
| + | ## 练习1 | ||
| + | {{: | ||
| + | 打开联系人分享,默认是开启的,另外谷歌账户基本信息分享,有2个选项,一个是包含,另一个是不包含组织基本信息。 | ||
| + | 更详细的设定可以点开查看。 | ||
| + | {{: | ||
| + | 如果关闭Directory,则公司内找人不会显示详细Profile,甚为不便。 | ||
| + | ## 练习2 | ||
| + | 更新用户的Profile | ||
| + | {{: | ||
| + | 想要让用户可以自行更新Profile,点击Allow users to edit profile | ||
| + | {{: | ||
| + | 具体项目在这里 | ||
| + | {{: | ||
| + | ## 练习3 | ||
| + | 只有一个域名的环境下,组织只有一个Directory,即Global Address List,但对于多域名环境,可以限制用户查看Directory的范围。 | ||
| + | 创建Contractors的OU,添加用户Mark,创建Group,名为HR Project | ||
| + | {{: | ||
| + | {{: | ||
| + | 把Mark加入Group, | ||
| + | {{: | ||
| + | {{: | ||
| + | 在可视化设定里,添加新的自定义Directory,命名为HR Project,选择HR Project,保存 | ||
| + | 这样Mark只能看到自己Directory的信息。 | ||
| + | ## 测试7 | ||
| + | < | ||
| + | - **In the users OU.** | ||
| + | - In the user's domain settings. | ||
| + | - In a custom directory group in which the user is a member. | ||
| + | - On the user's profile page. | ||
| + | |||
| + | < | ||
| + | - Create Google Workspace accounts in your organization for these contacts and configure a forwarding rule for each account. | ||
| + | - Place these external email addresses into a Google Group and ask your users to email the group. | ||
| + | - Ask your users to add this shared contact information to their personal contacts list. | ||
| + | - **Use the Domain Shared Contacts API to add these external users to your directory.** | ||
| + | |||
| + | < | ||
| + | - Job title. | ||
| + | - Work location. | ||
| + | - **Employee ID.** | ||
| + | - Birthday. | ||
| + | |||
| + | <q>A user can change all the settings below from their About me page but which are editable by default? (Choose 2)</ | ||
| + | - **Work Location** | ||
| + | - Name | ||
| + | - Gender | ||
| + | - Photo | ||
| + | - **Birthday** | ||
| + | |||
| + | ## 练习1 | ||
| + | 创建新的超级管理员,选择用户Alex, | ||
| + | {{: | ||
| + | 选择Google预置的Supepr Admin | ||
| + | {{: | ||
| + | 再查看 | ||
| + | {{: | ||
| + | {{: | ||
| + | 接下来查看Help Desk Admin | ||
| + | {{: | ||
| + | 发现只有Read和ResetPW这两种权限。 | ||
| + | < | ||
| + | ## 练习2 | ||
| + | 创建自定义Role | ||
| + | {{: | ||
| + | 只勾选Services下的Report功能 | ||
| + | {{: | ||
| + | 创建完后,为Lars分配该Role。 | ||
| + | ## 测试8 | ||
| + | < | ||
| + | - **Create a new role and choose the required privileges.** | ||
| + | - Duplicate an existing role and edit the privileges. | ||
| + | - Choose the custom administrator option when manually adding the user. | ||
| + | - Create a new role based on a role template. | ||
| + | |||
| + | < | ||
| + | - **True** | ||
| + | - False | ||
| + | |||
| + | < | ||
| + | - True | ||
| + | - **False** | ||
| + | |||
| + | < | ||
| + | - **Admin roles and privileges** | ||
| + | - License | ||
| + | - Security | ||
| + | - Groups | ||