現今網路中,電腦設備的管控與防止網路非法入侵,越來越受重視,大多數的網路管理方法,只單對電腦IP/MAC address管理或是只有處理使用者認證,因為欠缺一個整合的管理機制,網路管理者無法即時得知使用者上線狀況與其IP/MAC address。 因此,本論文以建立一個整合Active Directory目錄認證與IP/MAC Address為目標,能夠達到有效的管理使用者使用電腦網路資源的行為,即時管控使用者在使用電腦的行為,不讓非法的使用者擅自使用電腦。而當使用者嘗試猜測其他使用者密碼時,減少使用者猜測密碼次數,如果達到我們猜測密碼次數,我們將認定為非法使用者,並封鎖其IP Address,以達到管理人員管控系統之目的。 The computer management and Intrusion detection are more important in recent years. Most of the network managements are focus on either managing IP/MAC address or authentication, network administrator cannot bind users’ on-line status with its IP/MAC address in real time. In this thesis, we proposed an integrated Active Directory authentication to manage users’ behaviors including the IP/MAC address of computer. By using the proposed mechanism, if it can prevent the unauthenticated user logon computers. To catch the illegal user who is guessing password early is another concern of this thesis that. The network supervisor will block his host if the limited number of guessing password is over.