目录

第2章 管理GWS

练习1

准备GWS的域名,这个在第一章已经完成了,跳过。

练习2

打开或关闭某个Service,主要有以下几类

  1. Google workspace,包括Gmail,Calendar,Drive,Docs等,属于核心服务
  2. Additional Google Service,如Blogger,Google Books等,不属于GWS的技术支持范围
  3. Marketplace apps,这些是第三方应用。

现在要针对所有用户,关闭Sites(谷歌网站)这个服务

然后再关闭Blogger服务,因为它不属于核心服务,所以要选择AdditionalGoogleService,然后找到Blogger,同样的方法OFF。

检查是否生效,从9个点处找到Sites,点击后发现无权访问。

有些服务依赖于其他服务,所有依赖的服务ON之后才能访问

练习2

针对某个OU进行前面关闭的Sites功能的ON操作

只选择Executive这个OU,然后选择Sites,ON(Override)即可
再关闭GoogleChat,有点奇怪的Chat没有3个点可以直接OFF,需要点开后再OFF

练习3

针对Groups,ON某一个服务
新开一个Edge浏览器的无痕浏览,然后以Ellie.gray的账号登录,确认她无法访问GoogleSites

创建一个新Group,

添加Ellie到该组,然后切换到Apps>Google Workspace>Service Status,Groups搜索,找到Access.Sites,然后在右侧找到Sites,选择TURN ON
再次访问Sites,发现已经可以打开了。

1.如果某个服务已经为整个组织ON了,那么在Group设定中不能把它OFF
2.一个Access Group可以包括任意OU的用户,也可以包含另一个Group(在Member里添加)

练习4

设置服务的发布通道(快慢)

测试1

For a domain that has implemented an organizational hierarchy, at what levels can Google Workspace services such as Sites and Gmail be turned on AND off? (Choose 2)

  1. At the domain level
  2. At the organization level
  3. At the OU level
  4. At the group level

What is the correct pathway in the admin console to getting to Google Workspace core services list?

  1. Admin Console > Apps > Additional Google services
  2. Admin Console > Apps > SAML apps
  3. Admin Console > Apps > Google Workspace
  4. Admin Console > Apps > Marketplace apps

All Additional Google services are turned ON by default.

  1. True
  2. False
有少数Additional Google Service是默认OFF的,如CS First和EarlyAccessApps

Which four of these apps are Google Workspace core services that are covered in the Google Workspace Terms of Service? (Choose 3)

  1. Sites
  2. Blogger
  3. Currents
  4. Google Drive
  5. Google Calendar

## 练习1
配置Gmail的通用用户设置

  1. 允许用户选择自己喜欢的主题
  2. 不允许邮件发送已读回执
  3. 允许用户代理访问邮箱
  4. 允许离线Gmail
  5. 不允许外包商代理访问邮箱或是使用离线Gmail



再选择Contractors的OU,关闭Gmail离线模式,也关闭邮件代理访问。

练习2

针对Executives的OU打开GWS同步功能
公司只允许对管理层开放GWSMO(GWS与Outlook的同步)。

Apps>Google Workspace>Gmail>End User Access,找到POP and IMAP access,对整个公司关闭IMAP和POP访问。

关闭Sync,然后只选择管理层,再打开Sync即可。
https://support.google.com/a/answer/4455451?hl=zh-Hans&ref_topic=22447&sjid=13335410792753334229-AP
如果公司有用户想使用Outlook而不是网页版,那么他们可以使用GWSMO。如果想把所有数据迁移至GWS,则可以使用迁移工具GWMMO。

练习3

配置合规性政策
IT经理想遵循Google的最佳实践,一个是在邮件末尾添加合规脚注(对外邮件),另一个是禁止用户收到包含视频,多媒体或是音乐附件的外部邮件。


附件设定如下:



确认效果:

测试2

Which of the following actions can be taken on a message when an attachment compliance rule is matched? (Choose 3)

  1. Modify message
  2. Reject message
  3. Deliver message
  4. Quarantine message

Which of these settings do the users control from their Gmail settings? (Choose 2)

  1. Create a personal email alias
  2. Name format (eg. First, Last)
  3. Add POP3 accounts to the user's inbox
  4. Display language for the Gmail interface

Which of the following settings cannot be set from the Gmail service settings?

  1. Default language
  2. Name format
  3. Allow users to delegate access to their mailbox
  4. Allow users to set Gmail themes

## 练习1
设置日历共享
公司想允许内部,但禁止外部共享日历,对外只能显示闲/忙

默认对外只显示闲/忙

再设定第二日历,对外只显示闲/忙

Primary日历每个用户只有一个,是创建事件的默认日历,也是分享给他人查看时默认显示的日历,无法删除。
而Secondary日历,通常用于组织特定类型的事件,如PJ会议,假期安排或个人兴趣爱好等,可以根据需要创建,删除,隐藏或分享Secondary日历,可以为不同Secondary日历设定不同的访问权限 。

练习2

设置日历资源
所有用户可以预订会议室,但是Boardroom只有Ellie可以预定,这类似于役员会议室只有高管可以预定一样。
试用的Business Plus版本好像无法查看练习步骤中的内容,这个练习跳过。

测试3

What are Calendar Resources? (Choose 2)

  1. Bookable conference rooms
  2. Contacts
  3. Bookable equipment
  4. Calendar dates

What can users control when it comes to their Calendar?

  1. Users control what they share externally from their secondary calendars
  2. Users control what they share externally from their primary calendar
  3. Users can create their own resources
  4. Users control what they share internally

Which Calendar settings can an administrator control for everyone in the organization? (Choose 2)

  1. Default level of internal sharing for primary calendar
  2. Calendar delegation to other users
  3. Highest level of external sharing for primary calendars
  4. Access to individual calendar labs
  5. Time zone selections for calendar display

What are recommended to be configured before adding resources to the organization? (Choose 2)

  1. Features
  2. Groups to provide access to each resource
  3. Locations
  4. Buildings

## 练习1
允许用户将资料分享给外部,但不允许发布到网上。内部分享,则是只要有Link就可以查看。

参考资料:
1.https://support.google.com/a/answer/60781
2.https://support.google.com/docs/topic/4671185

放开Link分享,主要基于2点考虑:

  1. 便于内部分享,但外部获得链接也无法打开,因为需要组织账户的登录
  2. 文档的链接不容易出现在搜索结果中(如果大家都用Notion的话,这个搜索结果有可能包含文档链接)
分享设置优先于共享Drive的外部分享设置,如果对公司全体禁用了外部分享,那么共享Drive的管理者(Manager)也不能开共享,即使他们可以改设定


设定白名单,会自动跳转到这里

练习2 迁移所有权

文档可以有许多Editor和Viewer,但同一时间只能有一个Owner。默认创建者是Owner,但可以转移。

虽然所有权交出去了,但原Owner仍然有编辑权限

2个人都会收到邮件通知

练习3

恢复被删除的文件
你可以恢复最远25天前删除的文件。
使用Tim的账号,新建一个表格文件,然后放入回收站,再清空

再用管理员账号,为Tim恢复数据


等了几分钟还没恢复,静观

练习4

允许文档的离线访问
对于海外出差的人来说,这个就类似于本地保存(DSFolder)

默认是打开的
参考资料:https://support.google.com/docs/answer/6388102
问题:Sam可以使用Firefox来访问他的离线文档吗?

  1. 不可以,必须使用Chrome或是Edge浏览器,且不要使用无痕浏览。

问题:Sam需要安装什么app

  1. 需要安装Google文档离线功能的Chrome扩展

问题:Sam需要采取哪些步骤

  1. 打开GoogleDrive
  2. 设置,离线设置

练习5

谷歌硬盘桌面版,允许用户自己安装。

练习6

创建共享Drive

使用Tim的账号创建共享Drive

然后添加共享对象

如果禁止同外部分享,则所有包含外部用户的Drive也会断开外部访问

练习7


在Drive and Docs>Mange shared drives处可以管理所有共享Drive,设定里可以允许Managers来修改设定。
这里取消勾选,然后保存。
再用Tim账号登录,发现已经变成灰色,不能更改了。

测试4

Your company allows external sharing of documents but your CEO is concerned about how documents are shared externally. As the administrator, which additional protections might you put in place? (Choose 2)

  1. Require a Google sign in when viewing a shared file
  2. Enable the feature that warns users when sharing outside the organization
  3. Allow users to share publicly
  4. Ensure users are only allowed to share with users in the global directory.

Your company wants to adopt the policy that new documents will be shared internally with everyone in the company. This way users won’t have to explicitly share new documents with others. What’s the recommended way to set this up?

  1. Have users save their docs to a Google Group that everyone belongs to
  2. Have users save their docs to a shared drive that everyone belongs to
  3. Change Link Sharing Defaults to “ON - Primary target audience with the link”
  4. Have users save their docs to a My Drive folder that is shared with everyone

From which places can you transfer file ownership from one user to another? (Choose 2)

  1. From the user's My Drive folder
  2. The user's profile in the admin console
  3. From the Drive and Docs service settings page
  4. When deleting a user from the admin console

A user left your company last month and you deleted their Google Workspace account 15 days ago. You have been contacted as the administrator and asked if you can recover the deleted user's documents. What should you do?

  1. Advise the requester that you cannot restore a deleted user's files.
  2. Advise the requestor that 14 days after account deletion, all data is purged so you cannot recover any documents
  3. Restore the user, transfer the files to a new owner, and delete the user again.
  4. Restore the files from the deleted user's account

Which of the following actions can you NOT take as administrator from the Managed shared drives area in the admin console?

  1. View drive contents
  2. Manage members
  3. Delete a shared drive
  4. Restore a deleted drive or files
  5. Manage shared drive sharing settings

## 练习1
设定MobileDevicePolicis
背景是公司要搞BYOD




练习2

登录一个MobileDevice
这个练习只适合于安卓手机,所以跳过(公司也全换成苹果手机了)

练习3

处理纷失或被入侵手机
这个也没有实操条件,略

测试5

What icon do you click on the admin console in order to access the Google Device Management toolset?

  1. Apps
  2. Company profile
  3. Mobile Management
  4. Devices

Which of the following features are only available in advanced management? (Choose 2)

  1. Android work profiles
  2. Device approvals
  3. Android app management
  4. Remote account wipe

How can you automatically manage a device that falls out of compliance with your organization's policies?

  1. Add a compliance rule
  2. Add a device management rule
  3. Add a data loss prevention (DLP) rule
  4. Any of the options here

An end user in your organization has lost their device. This is a personal device with a work profile. Based on this training, what would be your next step?

  1. Suspend the user
  2. Immediately get your user a new mobile device
  3. Wipe the device to remove the user's work profile
  4. Ask the user where they think they lost the device, and wait for them to find it

Google Vault

主要用于组织数据的Archive和E-Discovery和法令要求,它支持Gmail,Drive,Chat,Meet,Groups等

练习1




这是对高管们的Gmail,对一般用户,执行1年有效

练习2

在Vault中,Matter是一个容器,保存某一主题相关的所有数据,比如公司内调查,它包括

  1. Saved search queries
  2. A list of accounts with data on litigation hold
  3. A list of the accounts that can access the matter
  4. Export sets for the matter
  5. An audit trail for the matter

## 练习3


然后可以导出结果

类似的搜索条件,可以创建Hold

练习4

搜索和导出,上面已经做过了,略

测试6

How long are export files available for download?

  1. 15 days
  2. Indefinitely
  3. 30 days
  4. Until the matter is closed

What constraints/filters are available in the search form? (Choose 3)/q> - Organizational Unit (OU) - Data Type (Mail, Drive etc) - Domain - Specific Accounts When is a default retention rule applied to a message or a file? - Only when there are no applicable custom retention rules or holds in place - Always unless the user is on hold - Always unless a custom retention rule applies - Always, default retention rules take precedence over custom retention rules and holds What data types are supported by Vault? (Choose 3) - Contacts - Blogs - Groups - Drive - Meet ## 练习1 各类Reports,自行查看,略 ## 练习2 显示结果: ## 练习3 新建Email报警 查看预设Rules <note>有3类Rules,一类是Activity rules,但是在试用版中无法使用,另一类是Data Protection rules,同样的试用版中无法使用。</note> 但Reporting Rules可以创建 ## 练习4 Email日志搜索 Email Log search,工作中经常用,略 ## 测试7 待补充 ## 域名别名 它能给所有用户提供多一个邮件地址 ## 练习1 添加域名别名和新增域