TH Quan Tri Mang.doc

7/30/2019 TH Quan Tri Mang.doc

1/218

Thc Hnh Qun Tr Mng GVHD: KS ng Duy Thng

THC HNH QUN TR MNG

Bi 1: CI T WINDOWS SERVER 20081. Gii thiu

Window Server 2008 l h iu hnh Windows Server tn tin nht cho ti

thi im ny, c thit k nhm tng sc mnh cho cc mng, ng dng v dchv Web th h mi. Vi Windows Server 2008, bn c th pht trin, cung cp vqun l cc tri nghim ngi dng v ng dng phong ph, em ti mt h tngmng c tnh bo mt cao, v tng cng hiu qu v mt cng ngh v gi tr trong

phm vi t chc ca mnh. Windows Server 2008 k tha nhng thnh cng v thmnh ca cc h iu hnh Windows Server th h trc, ng thi em ti tnhnng mi c gi tr v nhng ci tin mnh m cho h iu hnh c s ny. Cng cWeb mi, cng ngh o ha, tnh bo mt tng cng v cc tin ch qun l giptit kim thi gian, gim bt cc chi ph, v em ti mt nn tng vng chc cho htng Cng ngh Thng tin (CNTT) ca bn.

Cc phin bn ca windows server 2008 gm c:+ Windows Server 2008 Standard (Bn tiu chun)+ Windows Server 2008 Enterprise (Bn dng cho Doanh nghip)+ Windows Server 2008 Datacenter (Bn dng cho Trung tm d liu)+ Windows Web Server 2008 (Bn dng cho Web)+ Windows Server 2008 dnh cho cc h thng da trn nn tng Itanium+ Windows Server 2008 Standard without Hyper-V (Bn tiu chun, khng c

Hyper- V)+ Windows Server 2008 Datacenter without Hyper-v (Bn dng cho Trung

tm d liu, khng c Hyper-V)

2. Yu cu h thng

ci t Windows Server 2008, bn cn m bo cu hnh phn cng camnh tha mn cc yu cu sau :

THNH PHN YU CU

B vi x lTi thiu: 1Ghz (x86) hoc 1.4Ghz (x64)

Khuyn dng: >= 2Ghz

B nh RAMTi thiu 512MB

Khuyn dng: >=@GB

Ti u: 2GB RAM(full installation) hoc 1GBRAM(Server Core installation)

Dung lng a cn trngTi thiu: 10GB

Khuyn dng: >=40GB

a ci t DVD-ROM

SVTH:Nguyn ng Khoa 1


2/218


Mn hnh Super VGA(800x600) hoc phn gii cao hn

3. Cc bc ci t

Windows Server 2008 h tr hai hnh thc ci t : Full Installation v ServerCore Installation. y, chng ta chn hnh thc ci t th nht. Cc bc ci tWindows Server 2008 Enterprise nh sau :

1/- Khi ng my tnh t a DVD Windows Server 2008 Enterprise. La chnngn ng dng ci t cng nhng thng tin lin quan v bm nt Next.

La chn ngn ng ci t v thng tin lin quan

2/- Bm nt Install now bt u ci t. Nu mun phc hi h thng, bnkch vo ty chn Repair your computer.



3/218


Ci t hoc phc hi h thng

3/- Nhp product key ca phin bn Windows Server 2008 Enterprise ny. Nucha mun kch hot (active) Windows v mc ch kim tra hoc dng th, bn bdu chn mc Automatically activate Windows then Im online v bm nt Next.

Nhp product key

4/- Chn kiu ci t Windows Server 2008 Enterprise (Full Installation),ng thi nh du chn mc I have selected the edition of Windows that Ipurchased v bm nt Next.



4/218


Chn kiu ci t Enterprise

5/- Trong mn hnh License, bn c k cc iu khon ca Microsoft. Nung , bn nh du vo ty chn I accept the license terms v bm nt Next.

ng vi cc iu khon ca Microsoft6/- Trong mn hnh Type of installation, bn la chn kiu ci t thch hp.

Nu mun ci t mt phin bn mi, bn la chn Custom (advanced). nngcp, bn cn chy chng trnh ci t ngay trn h iu hnh Windows hin thi vchn Upgrade.



5/218


La chn kiu ci t thch hp

7/- Trong mn hnh Where install Windows, nu a cng ca bn c trnhci t t ng nhn ra, bn to cc phn vng ca mnh bng cch s dng cc chcnng New, Format. Ngc li, nu a cng ca bn khng xut hin, rt c thdriver dnh cho thit b ca bn cha c tch hp sn trn Windows. Trong trnghp ny, bn cn s dng chng nng Load Driver ci t driver cn thit.

Bm nt Next ngay khi to xong cc phn vng ca mnh.

To cc phn vng

8/- n bc ny, Windows Server 2008 c y cc thng tin chun b.Do , tin hnh ci t s din ra.



6/218


Tin trnh ci t ang din ra

9/- Trong qu trnh ci t, h thng s khi ng li kh nhiu ln thchin cc thao tc cu hnh cn thit.

Khi tin hnh ci t hon thnh, h thng t ng ng nhp vi ti khonAdministrator. V mt khu mc nh ca Administrator khi ci t l rng, nntrong ln ng nhp u tin, h thng yu cu bn thay i mt khu ngay lp tc.

H thng yu cu thay i mt khu AdministratorBn bm OK, nhp mt khu mi v bm phm Enter.



7/218


Nhp mt khu mi cho Administrator

Khi thng bo "Your password has been changed" xut hin, bn bm ntOK ng nhp vo Windows Server 2008.

Ngay khi bn ng nhp thnh cng, h thng hin th mn hnh yu cu thchin cc thao tc cu hnh ban u cho Windows (Initial Configuration Tasks). Trong bao gm :

Set time zone : thit lp time zone cho server.

Configure networking : thit lp cc thng s kt ni mng bng cch m ca sNetwork Connections v tng tc vi cc kt ni hin c trn server.

Provide computer name and domain : m hp hi thoi System Properties thay i tn my tnh v kt ni vo domain.

Enable automatic updating and feedback : kch hot tnh nng ny cho

php bn cu hnh Windows automatic updating, Windows Error Reporting vCustomer Experience Improvement Program.



8/218


Mn hnh Initial Configuration Task

Kch hot tnh nng automatic updating and feedback

Download and install updates : cho php bn cu hnh h thng downloadv ci t cc gi cp nht.

Add roles: cho php bn trin khai cc dch v my ch trn server ny.Nhng dch v bao gm Active Directory Domain Services, DHCP Server, DNS

Server, Print Services, Add features : cng c ny thay th cho chc nng Add/Remove Windows

Components trong Control Panel ca cc phin bn Windows trc . Addfeatures em n s n gin v nhanh chng trong vic b sung cc thnh phn caWindows.

Enable Remote Deasktop : cho php bn cu hnh chc nng remote desktop trnserver.



9/218


S dng tnh nng add features

Configure Windows Firewall : bt hoc tt v thc hin cc thao tc cu hnhm rng trn Windows Firewall.

Ngay khi bn kt thc cc bc cu hnh v ng mn hnh InitialConfiguration Tasks, mn hnh Server Manager t ng c kch hot. Ti y,

bn c th thc hin hu ht cc thao tc cu hnh trn server.

Mn hnh chnh ca Server Manager



10/218


Bi 2: NNG CP WINDOWS SERVER 2003 LN WINDOWSSERVER 2008

4. Yu cu h thng

H thng mng windows server 2003 ang hot ng tt.c y cc service angchy

Trong Acive directory hin nay c 2 user sv1, sv2

Backup li h thng trc khi lm

a DVD cha Win 2k8

Up raise functional level h thng win 2k3 khi mix mode

Xem version Win server 2k3 ( Standar hay Enterprise ) phin bo bao nhiu bit .

B vi x lTi thiu: 1Ghz (x86) hoc 1,4Ghz (x64)

ngh: 2Ghz hoc cao hn

Ch : b vi x l Intel Itanium 2 cngcn thit cho Windows Server 2008 chocc h thng Itanium-Based

B nhTi thiu: 512MB RAM

ngh: 2GB RAM hoc cao hn

Ti a (32-bit): 4GB (Standard) hoc64GB (Enterprise v Datacenter)

64-bit: 32GB (Standard) hoc 2TB(Enterprise, Datacenter v Itanium-BasedSystems

cngTi thiu: 10GB

ngh: 40GB hoc cao hn

Ch : cn thm 16GB RAM h thngchy cc chc nng nh paging,hibernation v dump file

Card mn hnh Super VGA (800600) hoc phn giicao hn.



11/218


5. Nng cp

Bc 1: Kim tra h thng

Bc 2 : raise functional level ln win2k3 cho h thng



12/218


B> adprep H thng cho ph hp vi Win2k8

Bc 1 : Cho DVD 2k8 vo DVD

Bc 2: Start > run >CMD enter

Bc 3 : nh vo D:\sources\adprep\adprep.exe /forestprep (D:\ l dia DVD)-> xut hin thng bo, tip tc nhn ch C v enter



13/218


Bc 4: nh tip D:\sources\adprep\adprep.exe /domainprep



14/218


Bc 5 : nh tip D:\sources\adprep\adprep.exe /domainprep /gpprep

Bc 6 : tt ca s CMD, vo DVD chy file setup.exe



15/218




16/218


Chn ng loi version ca WIn2k3 ci trc. Win2k3 l Enterprise th chnl Enterprise



17/218




18/218




19/218




20/218


Sau khi UpGrade thnh Cng chng ta th login vo h thng kim tra xem cccu hnh OU v user c thay i g khng



21/218




22/218


Vo Active directory computer kim tra li OU v User ca Winserver 2k3 ccn khng



23/218




24/218




25/218


Bi 3: CNG C QUN TR SERVER MANAGER

1. Gii thiu v Server Manager

C th ni rng cng c ny l kt qu ca s kt hp han ho cc cng cqun l trn nhng phin bn Windows trc .

Theo mc nh, Server Manager s t ng khi ng ngay sau khi bn ngnhp vo h thng. Nu ng ca s ny, bn c th thc hin mt trong nhngcch sau m li :

Kch chut phi vo biu tng Computer trn desktop, chn Manage.

T menu Start, chn Programs/Administrative Tools/Server Manager.

T menu Start, chn Control Panel/Administrative Tools/Server

Manager.

Kch chn biu tng Server Manager trn Quick Launch ca Taskbar.

Mn hnh chnh ca Server Manager

2. Cc thnh phn trong Server Manager

Khi lm vic vi Server Manager, bn s tng tc vi 5 thnh phn chnh :

Roles cho php b sung v loi b cc dch v ca server. Ti y bn cngc th qun l chi tit d liu tng ng vi mi dch v.



26/218


Features cho php b sung v loi b cc thnh phn trn Windows Server2008. Chc nng ny tng t nh Add/Remove Windows Components trong cc

phin bn Windows trc .

Diagnostics tch hp cc thnh phn Event Viewer, Reliability andPerformance v Device Manager.

Configuration bao gm cc cng c Local Users And Group, TaskScheduler, Windows Firewall with Advanced Security, WMI Control vServices. WMI Control c dng qun l cc dch v Windows ManagementInstrumentation.

Storage tch hp hai cng c Windows Server Backup v DiskManagement.

Qun l chi tit trn Active Directory Users and Computer

3. Qun tr h thng vi Server Manager

3.1 Qun l cc dch v Server (Roles)

m cc ca s qun l cc dch v server, bn chn mc Roles khung bn trica mn hnh Server Manager. Trn Windows Server 2008 ni chung, bn c th trin khaitt c 16 dch v server, t Active Directory Domain Services n cc server nh DHCP,DNS, Web,

Lu : ngoi 16 dch v server c mt trn tt c cc phin bn Windows Server2008, Microsoft cn cung cp mt dch v server na, l Hyper-V. Hyper-V l cng ngh

o ha ch chy trn cc nn tng h iu hnh 64-bit.



27/218


ci t mt dch v server bt k, bn nh du chn vo tng ng trn hpthoi Select Server Roles. Tip theo, bm nt Install bt u. Trong tin trnh ci t, tytheo c im ring ca tng dch v server, bn s in thng tin v thc hin cc thao tccn thit hon thnh tin trnh.

Cc dch v Server trn Windows Server 2008

Sau khi ci t xong, thng tin v trng thi ca cc dch v server s hin th

trong khung Roles Summary thuc ca s Server Manager. Ti y bn cng c ththc hin cc thao tc b sung v loi b cc dch v server ny. Nu mun qun lchi tit d liu tng ng vi mi dch v server, bn kch chn dch v ngaydi mc Roles.

3.2 Qun l cc thnh phn (Features)

m ca s qun l cc thnh phn, bn chn mc Features khung bntri ca mn hnh Server Manager. Trn Windows Server 2008 bn c th tng tcvi tt c 35 thnh phn.

ci t mt thnh phn bt k, bn nh du chn vo tng ng trn hpthoi Select Features. Tip theo, bm nt Install bt u. Trong tin trnh ci t,ty theo c im ring ca tng thnh phn, bn s in thng tin v thc hin ccthao tc cn thit hon thnh tin trnh.



28/218


Cc thnh phn trn Windows Server 2008

Sau khi ci t xong, thng tin v trng thi ca cc thnh phn s hin thtrong khung Features Summary thuc ca s Server Manager. Ti y, bn cngc th thc hin cc thao tc b sung v loi b cc thnh phn ny.



29/218


Bi 4: ACTIVE DIRECTORY DOMAIN

6. Gii thiu v Windows Server 2008 Active Directory Domain Services

Windows Server 2008 Active Directory k tha nhng u im c khng nhtrn Windows Server 2003, ng thi b sung thm nhng tnh nng mi.

Active Directory Domain Services

Active Directory Domain Services (AD DS) l mt dch v server trn WindowsServer 2008, s dng thng tin lu tr trong Active Directory qun l cc i tngusers, groups, computers, Cc i tng ny c t chc theo mt cu trc phn cp,trong gm c :

Active Directory forest (forest l i tng c to ra t mt nhm gm 2 haynhiu domain tree c quan h tin cy vi nhau trust relationship).

Cc domain tree trong forest, v

Cc organizational unit (OU) trong mi domain.

Mt Active Directory forest



30/218


Cc OU trong mt domain

Nhng im mi ca AD DS trn Windows Server 2008 bao gm : Auditing c iu chnh cho php lu tr cc s kin lin quan n nhng i

tng trong Active Directory. Nh , bn c th bit c i tng c thay inhng g. ng thi, gi tr hin ti v gi tr trc khi thay i cng c ghi nhn li.

Password Policies c th c cu hnh cho nhng nhm ngi dng ring bittrong mt domain. Vi u im ny, chng ta khng cn phi s dng chung mt chnhsch nmt khu cho tt c ngi dng trong domain.

Read-Only Domain Controllerl mt Domain Controller vi c s d liu ActiveDirectory dng read-only. y l loi hnh dch v ph hp vi nhng h tng mng

m kh nng bo mt cha c m bo, chng hn nh cc vn phng chi nhnh.Read-only Domain Controller khng cho php cc domain controller cp chi nhnhthc hin nhng thay i, sau ng b ln Active Directory bng tao tc replication.

Restartable AD DS l c im cho php bn khi ng li AD DS trong khivn gi nguyn trng thi hot ng ca Domain Controller. T , bn c th honthnh nhng thao tc offline mt cch nhanh chng.

Active Directory Certificate Services (AD CS) l mt dch v c dng sinh ra v qun l cc certificate trn nhng h thng s dng cng ngh public key(kha cng khai). Bn c th s dng AD CS to ra cc my ch CA (CertificationAuthorities). Cc CA c tc dng nhn yu cu v certificate, sau x l v gicertificate v li cho i tng gi yu cu.

Active Directory Federation Services (AD FS) l mt dch v cung cp c chng nhp mt ca single sign-on (SSO), cho php bn ng nhp ch mt ln nhngc th dng nhiu ng dng Web c quan h vi nhau.

Active Directory Rights Management Services (AD RMS) l mt dch vc dng kt hp vi cc ng dng h tr AD RMS (AD RMS-enable applications)nhm bo v d liu quan trng (bo co ti chnh, thng tin khch hng, ) trc



31/218


nhng i tng ngi dng khng c php (unauthorized users). Vi AD RMS, bnc th xc nh nhng ai c th thc hin cc thao tc nh xem, sa cha, in n, trnd liu ca mnh.

Active Directory Lightweight Directory Services (AD LDS) l mt dch vth mc LDAP (Lightweight Directory Access Protocol) trn Windows Server 2008. AD

LDS cung cp mt c ch mm do nhm h tr cc ng dng directory-enabled (sdng th mc lu tr d liu). Dch v ny c chc nng tng t nh AD DS, nhngkhng i hi phi trin khai cc domain hoc Domain Controller.

7. Ci t Active Directory Domain Services

2.1 Yu cu trc khi ci t

Thit lp a ch IP cho card mng ca server. bc ny, bn cng in a ch IPca cc DNS Server trong h thng mng ca mnh. Nu Server ny l DomainController v DNS Server u tin, tin trnh ci t AD DS s bao gm c ci t DNSServer.

Nu mun b sung server ny vo mt forest tn ti trn Windows 2000 Server,Windows 2000 Advanced Server hoc Windows Server 2003, bn phi cp nht thng tinv forest bng lnh adprep /forestprep.

Nu mun b sung server ny vo mt domain tn ti trn Windows 2000 Server,Windows 2000 Advanced Server hoc Widows Server 2003, bn phi cp nht thng tinv domain v group policy bng lnh adprep /domainprep /gpprep.

Nu mun ci t mt Read-Only Domain Controller, bn cn phi chun b forest

bng lnh adprep /rodcprep. Xy dng cc DNS Server trong h thng mng ca mnh. Nu cha c, bn s ci

t DNS Server trong qu trnh ci t AD DS.

2.2 Cc bc ci t

Trong phn ny, bn s thc hnh ci t v cu hnh AD DS trn domain caWindows Server 2008. Cc bc thc hin :

1/- M ca s Server Manager. Trong khung Roles Summary bn phi, bn bmAdd Roles.



32/218


2/- Trong mn hnh Before You Begin, bn kim tra li h thng ca mnh xem thamn cc iu kin nh : t mt khu tt cho ti khon Administrator, cu hnh a chIP tnh cho card mng, download v cp nht cc gi security cho Windows. Sau khihon thnh bc kim tra,bm nt Next.

Mn hnh cnh bo trc khi ci t dch v

3/- Trong mn hnh Select Server Roles, chn Active Directory Domain Services vbm nt Next.

4/- Trong mn hnh Active Directory Domain Services, bn s c c hi tip cn vithng tin gii thiu tng quan v dch v cng tn. ng thi, bn cng nn c k phnch (Things of Note) nm r nhng khuyn co trong khi trin khai dch v ny, sau

bm nt Next.5/- Trong mn hnh Confirm Installation Selections, bn c k cc ch quan trng nh: h thng s khi ng li sau khi tin trnh ci t hon thnh; sau khi ci t AD DS,

bn cn chy file dcpromo.exe cu hnh h thng tr thnh Domain Controller. Sau, bn bm nut Install bt u tin trnh ci t.



33/218


Chn dch v AD DS

Xc nhn li cc thit lp thc hin trn dch v



34/218


6/- Trong mn hnh Installation Results, bn xem thng tin kt qu chc chn rng ADDS c ci t thnh cng. Sau , bn bm nt Close.

Tin trnh ci t dch v AD DS hon thnh

7/- Trong ca s Server Manager, bn chn Active Directory Domain Services.

8/- Trong khung Summary bn phi, bn chn Run the Active Directory DomainServices Installation Wizard (dcpromo.exe) ci t dch v DNS v cu hnh serverny tr thnh Domain Controller.

9/- Trong mn hnh Welcome Active Directory Domain Services Installation Wizard,bm nt Next.

10/- Trong mn hnh Choose a Deployment Configuration, bn chn Create a newdomain in a new forest cu hnh Domain Controller trn mt domain trong mtforest mi. Nu to forest trc , bn chn Existing forest, sau bm nt Next.



35/218


Ci t dch v DNS v cu hnh Domain Controller



36/218


To mt Domain Controller trn mt forest mi

11/- Trong mn hnh Name the Forest Root Domain, bn nhp tn domain vo mcFQDN of the forest root domain, chng hn thuvien-it.net. Sau khi nhp xong, bm ntNext.

Nhp tn domain mi



37/218


12/- Trong mn hnh Set Forest Funtional Level, bn chn la mt phin bn h iuhnh ph hp vi h thng mng ca mnh mc Forest functional level. Nu nhngDomain Controller ca bn u c ci Windows Server 2008, bn chn phin bn hiu hnh cng tn, sau bm nt Next.

13/- Trong mn hnh Additional Domain Controller Options, trnh ci t s t ng d

tm v nh du chn mc DNS server. Lu rng bn khng th cu hnh Read-OnlyDomain Controller trn Domain Controller u tin ny, bm nt Next.

Chn mt forest functional level ph hp



38/218


Chn mc DNS server ci t b sung

14/- Trong mn hnh Location for Database, Log Files, and SYSVOL, bn chp nhnnhng gi tr mc nh v bm nt Next.

Ch nh v tr lu tr d liu ca Domain Controller

15/- Trong mn hnh Directory Services Restore Mode Administrator Password, bnnhp mt khu cho ti khon Administrator s dng trong ch restore. Mt khu



39/218


ny khc vi mt khu ca ti khon Administrator trong domain. Sau khi nhp xong,bm nt Next>.

16/- Trong mn hnh Summary, bn xem li nhng ty chn m mnh va thit lp. Saukhi chc chn cc bc cu hnh chnh xc, bn bm nt Next bt u tin trnh cit DNS Server v cu hnh Domain Controller.

Nhp mt khu cho Administrator



40/218


Xem li cc thng tin thit lp

17/- Trong mn hnh Completing the Active Directory Domain Services InstallationWizard, bn bm nt Finish hon thnh tin trnh ci t DNS Server v cu hnh mytnh ny ng vai tr Domain Controller.



41/218


Hon thnh tin trnh cu hnh Domain Controller

Sau bc ny, bn cn khi ng li h thng nhng thay i va thc hin trn ADDS c hiu lc.

8. Qun l Users, Group v Organizational Unit

3.1 Qun l User

to mt user trn domain, bn thc hin cc bc nh sau :

1/- M ca s Server Manager. Trong mc Roles, bn chn Active DirectoryDomain Services/Active Directory Users and Computers. Tip theo, kch chn mcUsers trong domain. Mt cch khc, bn cng c th n vi ca s Active DirectoryUsers and Computers bng cch vo menu Start/Programs/Administrative Tools.



42/218


Ca s Active Directory Users and Computers

2/- Kch chut phi ln mc Users hoc mt vng trng tng ng khungbn phi. Trong menu hin ra, bn chn New/User.

To mt user mi

3/- Trong mn hnh New Object User, bn nhp cc trng thng tin cnthit vo cc mc First Name, Last Name, Trong , quan trng nht l t kha



43/218


c nhp vo User logon name. T kha ny tng ng vi mt ngi dng trongh thng mng, do phi m bo tnh duy nht. Sau khi nhp xong, bm Next.

4/- Trong hp thoi yu cu nhp mt khu, bn g hai ln mt khu tng ngvi user ca mnh. Ch rng, mt khu ny phi tha mn cc chnh sch mt nhtrn Windows Server 2008, ngha l mt khu gm t nht 7 k t, ch hoa, ch

thng, s v k t c bit. Sau khi nhp xong, bm nt Next.

Nhp thng tin cho user mi

Nhp mt khu cho user mi

5/- Trong mn hnh tip theo, bn xem li thng tin v user sp to v bm nt

Finish hon thnh thao tc to user.



44/218


Xem li thng tin user sp to

6/- Ch nh thi gian user c php ng nhp vo mng bng cch nhp ichut ln user va to m hp thoi Properties.

7/- Theo mc nh, user c cho php ng nhp 24/24. Nu mun gii hnli thi gian theo chnh sch ca mnh, bn di chuyn n tab Account v bm nt

Logon Hours.8/- Trong hp thoi Logon Hours for, bn chn cc khong thi gian tng

ng v kch vo ty chn Logon Denied (mu trng) ngn cm user khng cphp truy cp. Sau khi thit lp xong, bm nt OK lu li nhng thay i.



45/218


Hp thoi Properties tng ng vi user

Gii hn thi gian user ng nhp vo h thng

9/- ch nh my tnh no user va to c php s dng, bn bm nt Log OnTo.



46/218


10/- Trong hp thoi Logon Workstations, bn kch chn mc The followingcomputers. Tip theo, nhp tn my tnh s cho php user ng nhp vo v bm ntAdd.

Ch nh my tnh m user c php ng nhp

11/- Bm nt OK lu li nhng thay i v ng hp thoi LogonWorkstations. Bm nt OKmt ln na ng hp thoi Properties.

3.2 Qun l Group

to mt group trn domain, bn thc hin cc bc nh sau :

1/- M ca s Server Manager. Trong mc Roles, chn Active DirectoryDomain Services/Active Directory Users and Computers. Tip theo, bn kch chn

mc Users trong domain.2/- Kch chut phi ln mc Users hoc mt vng trng tng ng khung

bn phi. Trong menu hin ra, bn chn New/Group.



47/218


To mt group mi

3/- Trong mn hnh New Object Group, bn nhp tn group vo mc Groupname v bm nt OK.

4/- b sung cc user vo group va to, bn nhp i chut ln group tngng m hp thoi Properties.

5/- Trong hp thoi Properties, trn tab Members, bm nt Add.

6/- Trong hp thoi Select Users, Contacts, Computers, or Groups, bn nhpuser vo mc Enter the object names to select v bm nt Check Names kimtra tnh chnh xc ca user va nhp. Trng hp khng nh tn user, bn bm vont Advanced tm kim v la chn t danh sch user ca h thng. Sau khi honthnh, bm nt OK.



48/218


Nhp tn cho group mi

B sung user vo group mi

7/- Nu tip tc b sung user vo group, bn lp li cc bc va nu trn.Sau khi kt thc, bn bm nt OK ng hp thoi Properties.



49/218


Kt qu b sung user vo group

Khi mun xa mt group, bn kch chut phi ln group tng ng, chn

Delete. Trong hp thoi xc nhn, bn bm nt Yes ng .

Xc nhn li thao tc xa group

3.3 Qun l Organizational Unit

to mt organizational unit (OU) trn domain, bn thc hin cc bc sau :

1/- M ca s Server Manager. Trong mc Roles, chn Active DirectoryDomain Services/Active Directory Users and Computers. Tip theo, bn kchchut phi ln domain, chn New/Organizational Unit.



50/218


To mt OU mi

2/- Trong mn hnh New Object Organizational Unit, bn nhp tn ca i

tng ny vo mc Name v bm ny OK.

Nhp tn cho OU mi



51/218


Lu : nu mun cho php thao tc xa c thc hin trn OU ny, bn bdu chn mc Protect container from accidental deletion.

3/- to cc i tng user, group, OU, computer, trong OU va to, bnkch chut phi ln i tng ny v chn chc nng tng ng.

4/- Nu mun di chuyn cc i tng nh user, group gia cc OU, bn kchchut phi ln i tng tng ng, chn Move v ch nh OU m mnh mun dichuyn i tng n.

Khi mun xa mt OU, bn kch chut phi ln OU tng ng, chn Delete.Trong hp thoi xc nhn, bn bm nt Yes ng .



52/218


Bi 5: READ-ONLY DOMAIN CONTROLLER

9. Gii thiu RODCWindows NT l h iu hnh iu hnh Windows Server dnh cho my ch

u tin ca Microsoft. Cng ging nh cc h iu hnh Windows Server mi hinnay, Windows NT cng h tr rt nhiu cho min, ch c mt im khc bit duy nhtl mt Domain Controller (trnh qun l min) trong mi min c kh nng ghi.Domain Controller ny c bit n vi tn gi Primary Domain Controller hayPDC, l Domain Controller duy nht m admin c th ghi thng tin vo. Sau PDCs cp nht cho cc Domain Controller khc trong min ny. Nhng DomainController c cp nht ny c gi l Backup Domain Controller, chng ch cc v cp nht bi Primary Domain Controller.

RODC ging vi nhng Domain Controller khc ngoi tr c s d liuActive Directory khng th ghi trc tip. Vic t mt RODC ti mt vn phng chi

nhnh cng khng lm nh hng ti lu lng phn hi ca Active Directory, tuynhin n li lm gim lu lng ti ca nhng my ch ngoi v ch c lu lngphn hi ni b c cho php.

RODC c th ci thin bo mt bi v mi nhn vin trong vn phng chinhnh khng th thc hin thay i c s d liu Active Directory. Ngoi ra, khngc thng tin ti khon no c lu tr trn RODC. iu ny cng c ngha l lulng phn hi qua lin kt WAN cng c gim i.

10. Yu cu trin khai

Trc khi bt u, bn cn phi ci t cho Forest Function Level l WindowsServer 2003 hoc cao hn. thc hin thao tc ny, bn hy m console ActiveDirectory Domains and Trusts sau phi chut ln danh sch Active DirectoryForest ri chn Properties. Nh trong hnh 1, Forest Functional Level hin th trongtab General ca hp thoi Properties.



53/218


Hnh 1: Xc nhn Forest Fuctional Level c ci t l

Windows Server 2003 hoc cao hn.

Nu Forest Functional Level khng ph hp bn s phi tng mc ca n lntrc khi bt u. Nh rng, thao tc ny s lm cho bn khng th s dng Domain

Controller ca Windows 2000 trong Forest na. tng Forest Functional Level, click OK ng hp thoi Properties sau bnhy phi chut vo danh sch Forest mt ln na v chn Raise Forest FunctionalLevel t Command Prompt. Trong mn hnh hin ra bn hy la chn ty chnWindows Server 2003 ri click vo nt Raise.

Thao tc tip theo l cp nht phn quyn cho cc Application Directory Partition(phn vng th mc ng dng) trong Forest nhng phn vng ny c th c

phn hi bi mi RODC ang hot ng nh mt my ch DNS.

cp nht Application Directory Partition, bn hy chn a ci t WindowsServer 2008 vo Domain Controller c ch nh nh gin ch Schema Masterca min. Sau copy folder\Sources\Adprep t a DVD vo mt folder trng trn cng ca my ch ny. Sau cng, m ca s Command Prompt v iu hng tifolderADPREP va to v chy lnh sau:

ADPREP /RODCPREP



54/218


Hnh 2: mn hnh kt qu khi chy lnh ADPREP /RODCPREP.

Tip theo chng ta s cu hnh cho my ch hot ng nh mt Read Only DomainController.

Trc tin bn cn phi ng nhp vo my ch ny bng ti khon thnh vin canhm Domain Admins. Sau chy lnh DCPROMO ti Run Prompt ca mych. Khi Windows s khi chy Active Directory Domain Services InstallationWizard. Wizard ny s thc hin kim tra nhanh m bo rng nhng ActiveDirectory Binary c ci t. Nhng Binary ny khng c ci t mc nhdo Wizard ny s t ng ci t chng.

Khi Windows hon thnh ci t Binary n s hin th mn hnh Welcome caWizard (hnh 3). Ti y bn hy click chn hp chn Active Directory Domain

Services Installation Wizard ri nhn Next.



55/218


Hnh 3: La chn hp chn Active Directory Domain Services Installation Wizard.

Khi nhn Next, Wizard s hi bn Domain Controller s h tr cho Forest vDomain no. Bn hy la chn ty chn b sung Domain Controller vo mtmin hin c trong Forest ang s dng.



56/218


Hnh 4: La chn ty chn b sung Domain Controller vo min ang s dng.

Click Next v Wizard s nhc nh bn nhp tn ca min d nh b sung DomainController vo. Bn cng s phi xc nhn mun s dng nhng giy php m hin

bn ang ng nhp khi bn thng cp my ch ny ti Domain Controller (hnh 5).Sau khi thc hin xong nhn nt Next.



57/218


Hnh 5: Nhp tn ca min mun b sung Domain Controller vo.

Ca s tip theo s yu cu bn xc nhn min la chn. Ti y bn ch cn nhnNext.



58/218


Hnh 6: Xc nhn min mun b sung Domain Controller vo.

Bn cn phi ch mn hnh yu cu xc nh v tr m bn mun lu tr DomainController mi (hnh 6). iu ny c bit quan trng vi Read Only DomainController bi v chng thng t cc vn phng chi nhnh thng c t trong

Active Directory ring bit.

Hnh 7: La chn Active Directory Site cha Domain Controller.

Sau click Next v bn s c yu cu la chn nhng ty chn b sung cho

Domain Controller ny (hnh 8). Ngoi ty chn Read Only Domain Controller(phi chn), bn nn chn thm ty chn DNS Server v Global Catalog DomainController ny hot ng nhu mt my ch DNS v my ch Global Catalog.



59/218


Hnh 8: Nhng ty chn b sung cho Read Only Domain Controller.

Click tip vo nt Next bn s thy trang Specify the Password Replication Policy(hnh 9). Trang ny cho php kim sot nhng mt khu c phn hi ti Read OnlyDomain Controller. Bn c th t ln cu hnh hoc s dng nhng cu hnh mcnh. Nhn tip nt Next.



60/218


Hnh 9: Bn c th s dng cu hnh Password Replication Policymc nh.

Sau bn c th phn quyn cho ngi udngf v nhm ngi dng hon tt qutrnh ci t.

Mn hnh tip theo cho php bn la chn phn hi d liu qua mng t mt DomainController hoc xy dng c s d liu Active Directory t mt file. Vic to c sd liu Active Directory t mt file rt hu dng trong trng hp c s d liu lnv kt ni chm. Nu khng bn ch cn phn hi d liu ny qua mng. Ri nhn ntNext.



61/218


Hnh 10: La chn ngun phn hi d liu Active Directory.

Sau s xut hin mn hnh yu cu bn la chn mt i tng phn hi choDomain Controller. Tt nht bn nn Windows la chn i tng phn hi nukhng s dng Domain Controller nh mt i tng phn hi.

Khi click vo nt Next, bn s thy mn hnh hin th yu cu ch nh a ch lu trc s d liu Active Directory. Sau khi la chn nhn tip Next.

Sau bn s nhn c thng bo nhp mt khu cho Directory Services RestoreMode. Bn hy nhp mt khu ri nhn tip Next.

Sau danh sch ty chn c la chn trong qu trnh ci t s hin ln. Numi ci t chnh xc, bn hy click vo nt Next bt u qu trnh thng cpDomain Controller. Khi qu trnh hon thnh bn hy nhn nt Finish v khi ngli my ch.



62/218


Bi 6: BACKUP WINDOWS SERVER 2008

Ci t Windows Server Backup

Khi thm tnh nng Windows Server Backup Features v cc thnh phn cp di,bn cn ci t cc cng c sau:

Windows Server Backup Microsoft Management Console (MMC) snap-in Wbadmin command-line tool Windows PowerShell cmdlets for Windows Server Backup

ci t Windows Server Backup, c th s dng mt trong 3 phng php sau:

S dng Server Manager S dng Servermanagercmd.exe S dng PowerShell

ci t Windows Server Backup, ng nhp vo my tnh bng ti khonAdministrator hoc ti khon c cp quyn qun tr.

1. Ci t Windows Server Backup s dng Server Manager

- MServer Manager

- Kch Features

- Kch Add Features

http://www.quantrimang.com.vn/photos/image/082011/05/backup1.jpg


63/218


- Trong trang Add Features Wizard, cun chut xung di v chn Windows ServerBackup features. Nu bn cng mun s dng cc mu lnh PowerShell, chn thmCommand Line Tools. Bn khng cn vic thm ny nu ch mun s dng GUI hoccng c dng lnh WBADMIN. Kch Next.

- Trong trang Confirm Installation Selections, kch Install.

http://www.quantrimang.com.vn/photos/image/082011/05/backup3.jpghttp://www.quantrimang.com.vn/photos/image/082011/05/backup2.jpg


64/218


- Khng cn khi ng li server sau khi thit lp xong

2. Ci t Windows Server Backup s dng Servermanagercmd.exe

S dng lnh Servermanagercmd.exe l cch d dng, tuy nhin lnh ny c th bphn i trong cc phin bn Windows sau ny, do khng c s dng n qunhiu...

- M ca s lnh vi quyn qun tr cp cao (chut phi vo CMD v chn Run asAdministrator).

- Nhp: servermanagercmd -i Backup-Features

http://www.quantrimang.com.vn/photos/image/082011/05/backup5.jpghttp://www.quantrimang.com.vn/photos/image/082011/05/backup4.jpg


65/218


3. Ci t Windows Server Backup s dng PowerShell

Trong Windows Server 2008 R2, PowerShell c ci t mc nh. Tuy nhin, ci t cc role bng cng c ny, bn cn phi import vo module Server Manager.

- M mt ca s PowerShell vi quyn cp cao (chut phi vo PowerShell v chnRun as Administrator)

- Nhp: Import-Module servermanager

- Sau khi import, nhp:Add-WindowsFeature Backup-Features.

http://www.quantrimang.com.vn/photos/image/082011/05/backup6.jpg


66/218


Bi 7: WINDOWS SERVER 2008 SERVER CORE

1. Gii thiu

Ty chn ci t Server Core installation ca h iu hnh Microsoft WindowsServer 2008 l mt ty chn mi cho ci t trong Windows Server 2008. Tychn ny cho php ci t mt s Role cn thit cho h thng, bn c th qunl cc Server Core dch v trn bng giao din Command Line, ngoi ra,

bn c th qun l Server Core t xa bng cng c MMC hoc cc cng cRemote Administration c tch hp trong Windows Vista va Windows

Server 2008Ty chn Server Core installation ca Windows Server 2008 mang li cc lich di y:

Gim bt cng vic bo tr do Server Core ch ci t nhng dch v cn thitnh DHCP, File, Print, DNS, Media Services, AD LDS hay Active Directoryserver

Gim b mt tn cng do Server Core s dng giao din ti thiu, c t cc

dch v v ng dng chy trn Server Gim s qun l do c t ng dng v dch v c ci t trn Server

Gim khng gian a cn thit do Server Core ch yu cu khong 1GBkhng gian a trng ci t v xp x 2GB cho cc hot ng sau khi cit.Ty chn ny cn h tr cc role my ch sau y:- Active Directory Domain Services- Active Directory Lightweight Directory Services (AD LDS)

- Dynamic Host Configuration Protocol (DHCP) Server- DNS Server- File Services- Print Server- Streaming Media Services- Web Server (IIS)

Ngoi ra Server Core cn h tr cc Feature sau y:- Microsoft Failover Cluster- Network Load Balancing

- Subsystem for UNIX-based Applications- Windows Backup



67/218


- Multipath I/O- Removable Storage Management- Windows Bitlocker Drive Encryption- Simple Network Management Protocol (SNMP)- Windows Internet Naming Service (WINS)- Telnet client- Quality of Service (QoS)

Trong bi Lab ny, ti s trnh by mt s thao tc c bn ci t mt mytnh Server Core, nng cp Server ny thnh Domain Controller v DNSServer, gia nhp mt my tnh s dng Windows Server 2008 Server vodomain v s dng cc cng c tch hp trong Windows Server 2008 qunl Active Directoty v DNS t xa.

CHUN B:

- My tnh ci t Server Core- My tnh Member Server c ci t Windows Server 2008

THC HIN:

Khi ng t a DVD ci t Windows Server 2008

Chn cc thng s v ngn ng, nh dng ngy gi v bn phm



68/218


Nhn nt Install Now

B du Check Automatically activate Windows when Im online > Next



69/218


Nhn No

Chn Windows Server 2008 Enterprise (Server Core Installation) > I haveselectedthe edition of Windows that I purchased > Next



70/218


Chn I accept the license term

Chn Partition mun ci t Windows > Next



71/218


Qu trnh sao chp cc file cn thit v ci t bt u

Sau khi ci t, bn cn Restart my, nhn nt Restart Now



72/218


Sau khi Restart my, bn nhn Other User v nhp UserName: Administrator log on

H thng s yu cn i Password ln Logon ny > Nhn OK



73/218


Nhp Password mi l 123 khung New Password v Confirm New Password

H thng thng bo: Password c thay i > OK



74/218


Giao din Windows Server Core 2008:



75/218


2. T IP ADDRESS V I TN MY TNH

u tin bn cn xem ID ca Card mng bng lnh sau:

Quan st ID Card mng ct Idx l 2 bn cn t IP Address cho Cardmng ny. Sau nh lnh IPCONFIG v Ping 192.168.2.200 kim tra

nh lnh hostname xem tn hin ti ca my tnh, sau i tn my tnh



76/218


thnh DC25 theo cc lnh bn di, cui cng dng lnh shutdown restartmy tnh

Sau khi Restart, tt Firewall cc my tnh khc c th lin lc vi Serverny

3. NNG CP SERVER THNH DOMAIN CONTROLLER:



77/218


Chnh thng s Prefered DNS Server thnh IP chnh mnh (192.168.2.25)

Dng lnh IPCONFIG /ALL kim tra:

nh lnh CD\ chuyn ra th mc gc

Dng lnh Copy Con C:\Unattend.txt to 1 file vn bn tn l Unattend.txtc ni dung nh sau:

Code:



78/218


[DCINSTALL]

ReplicaOrNewDomain=Domain

TreeOrChild=Tree

CreateOrJoin=Create

NewDomainDNSName= dom25.com

DNSOnNetwork=yes

DomainNetbiosName=dom25

AutoConfigDNS=yes

SiteName= Default_First_Site_Name

AllowAnonymousAccess=no

DatabasePath=%systemroot%\ntds

LogPath=%systemroot%\ntds

SYSVOLPath=%systemroot%\sysvol

SafeModeAdminPassword=P@ssword

CriticalReplicationOnly=No

RebootOnSuccess=Yes

a. File ny cung cp y cc thng tin phc v cho qu trnh nng cp t ng(trong v d ny, ti nng cp Server ny thnh 1 Domain Controller, t tndomain l dom25.com, cu hnh t ng ci t v cu hnh DNS),

Thc hin nng cp bng lnh sau:



79/218


Qu trnh nng cp s t ng din ra, kt thc qu trnh, Server s t ngRestart, sau khi Restart. Server ny tr thnh Domain Controller ca

domain dom25.com4. JOIN DOMAIN

Thc hin trn Member Server

a. t a ch IP

Click phi vo My Network Places > Properties



80/218


Chn Manage network connections

Click phi vo biu tng Card mng > Properties

Chn Internet Protocol Version 4 (TCP/Ipv4) > Properties



81/218


t thng s IP nh hnh di > OK

Nhn Close



82/218


b. Join Domain:

Click phi My Computer > Properties

Chn Change Settings



83/218


Nhn nt Change

Chn Domain > Nhp tn domain: dom25.com



84/218


Nhp User Name: Administrator, Password:123 OK

Cng vic Join Domain din ra thnh cng

Nhn OK chp nhn Restart my



85/218


Nhn Close

Nhn Restart Now



86/218


Bi 8: DHCP SERVER

1. Gii Thiu Dch V DHCP:

- Mi thit b trn mng c dng b giao thc TCP/IP u phi c mt a ch IP hp l,phnbit. h tr cho vn theo di v cp pht cc a ch IP c chnh xc, t chcIETF(Internet Engineering Task Force) pht trin ra giao thc DHCP (Dynamic HostConfiguration Protocol).- Giao thc ny c m t trong cc RFC 1533, 1534, 1541 v 1542. Bn c th tm thyccRFC ny ti a ch http://www.ietf.org/rfc.html. c th lm mt DHCP Server, my tnhWindows Server 2008 phi p ng cc iu kin sau:

ci dch v DHCP. Mi interface phi c cu hnh bng mt a ch IP tnh. chun b sn danh sch cc a ch IP nh cp pht cho cc my client.

- Dch v DHCP ny cho php chng ta cp ng cc thng s cu hnh mng cho cc mytrm(client). Cc h iu hnh ca Microsoft v cc h iu hnh khc nh Unix hoc Macintoshu h tr c ch nhn cc thng s ng, c ngha l trn cc h iu hnh ny phi c mtDHCP Client.- C ch s dng cc thng s mng c cp pht ng c u im hn so vi c ch khai

botnh cc thng s mng nh:Khc phc c tnh trng ng a ch IP v gim chi ph qun tr cho h thng mng. Gip cho cc nh cung cp dch v (ISP) tit kim c s lng a ch IP tht

(Public IP). Ph hp cho cc my tnh thng xuyn di chuyn qua li gia cc mng. Kt hp vi h thng mng khng dy (Wireless) cung cp cc im Hotspot nh:

nhga, sn bay, trng hc

2.Ci t DHCP

Bt u qu trnh ci t DHCP, bn c th click Add Roles t ca s Initial ConfigurationTasks hay t Server Manager Roles Add Roles



87/218


Thm mi mt Role trong Windows Server 2008

Khi bn Add Roles Wizard, bn c th click Next hin th trn mn hnh trong ca s cit sau. Tip theo, bn chn DHCP Server Role m bn mun thm vo v click Next



88/218


Chn DHCP Server Role

Nu bn khng c mt a ch IP tnh gn cho server ca mnh, bn s nhn c mtthng bo rng bn s khng th tip tc tin hnh qu trnh ci t DHCP vi mt a chIP ng. Do , n im ny, bn s bt u cp nht thng tin cho IP mng bao gm:thng tin v phm vi v thng tin v DNS. Nu bn ch mun ci t server DHCP vi

khng mt cu hnh no cho b ch bo hay cc thit t cn c, bn c th ch click Next mkhng cn bn tm g n cc cu hi c c trong tin trnh ci t.

Trn mt phng din khc, bn c th ty chn cu hnh Server DHCP ca mnh phn cit ny. Trong trng hp ny bn c th nm bt thi c cu hnh mt vi thit t c

bn cho IP v cu hnh phm vi DHCP ca bn trc.

.

Network connection binding

trn c ni ti mt ngh t "wizard", v ni dung ca n l: "Giao din bn mun cungcp trn dch v DHCP l g ?". Khng bit cc bn nh no, nhng y bn chn mcnh v click Next. Tip theo, bn nhp vo Parent Domain, Primary DNS Server, andAlternate DNS Server nh hnh bn di v click Next

https://vtcdn.com/sites/default/files/images/2008/9/15/2.jpg


89/218


Nhp tn domain v thng tin DNS

Bn chn NOT s dng WINS trn mng ca mnh v click Next.

Sau , bn iu chnh cu hnh phm vi mt DHCP cho Server DHCP mi, bn nn chncu hnh phm vi mt a ch IP ca 192.168.1.50-100 theo 25+ PC Client trn gii hnmng ca mnh. lm c iu ny, bn click Add thm vo mt phm vi mi.

Bn vit li tn Scope WBC-Local, cu hnh starting v ending IP addresses thnh192.168.1.50-192.168.1.100, subnet maskthnh 255.255.255.0, default gateway thnh192.168.1.1, type of subnet v activated phm vi ny.



90/218


Thm mi mt DHCP Scope

Quay tr li mn hnh Add Scope, click Next v thm vo mt "new scope" ( mt DHCPServer c ci t).

Chn Disable DHCPv6 stateless mode cho server ny v click Next. Sau , cu hnh DHCPInstallation Selections theo hnh nh di v click Install.



91/218


Confirm Installation Selections

Sau ch mt vi giy, DHCP Server c ci t v bm close hon tt

Windows Server 2008 DHCP Server Installation c ci t thnh cngTi click Close ng li ca s ci t, sau chng ta hy chuyn sang mc lm th

no c th qun l c DHCP Server mi ny.



92/218


Lm th no qun l Windows Server 2008 DHCP Server mi ca bn ?

Tng t nh qu trnh ci t, vic qun l Windows Server 2008 DHCP Server cng thtd dng. Hy quay tr li Windows Server 2008 Server Manager, bn di Roles, click lnmc mi l DHCP Server.

DHCP Server management trong Server Manager

Trong khi khng th qun l uc nhng phm vi ca DHCP Server v cc client ti y, cim bn c th lm l qun l cc s kin, dch v v nhng ti nguyn lin quan n s cit DHCP Server. Nh vy, y l mt v tr tt i n vic kim tra trng thi ca DHCPServer v nhng bin c g xy ra xung quanh n.

Tuy nhin, tht s nh hnh DHCP Server v quan st nhng g client thu c t ach IP, bn cn phi tin ti DHCP Server MMC. lm c iu ny, bn s vo Startvo Administrative Tools vo DHCP Server, nh y:

https://vtcdn.com/sites/default/files/images/2008/9/15/8.jpg


93/218


Starting the DHCP Server MMC

Khi m rng ngoi, MMC a ra rt nhiu cc c tnh. V y l nhng g chng ta thyc t n:

Windows Server 2008 DHCP Server MMC



94/218


DHCP Server MMC a ra IPv4 & IPv6 DHCP Server bao gm tt c thng tin v scopes,pools, leases, reservations, scope options, v server options.

Nu i su vo pool address v cc ty chn scope, c th nhn thy cc cu hnh m bn thit lp khi ng ci t DHCP Server. Phm vi a ch IP l , v v th DNS Server vcc cng vo l mc nh.

DHCP Server Address Pool

DHCP Server Scope Options



95/218


Chng ta s khng th bit c nhng g lm trn c thnh cng hay khng ngay sau khithit lp xong, v th chng ta cn kim tra tnh kh thi ca n. V sau y, l hng dn cc

bn kim tra s hot ng.

Lm th no kim tra Windows Server 2008 DHCP Server ca chng ta ?

kim tra, cn c mt Windows Vista PC Client trn cng h thng mng hin ti nhWindows Server 2008 DHCP server. an ton, khng nn c thit b khc trn h thngmng ny.

G IPCONFIG /RELEASE sau l IPCONFIG /RENEW v kim tra xem nhnc mt a ch IP t DHCP server mi ny cha. Bn c th xem hnh di y

Vista client nhn a ch IP t DHCP Server mi

y, bn ng thi tin n Windows 2008 Server ca bn v xc nhn Vista client mi c a vo danh sch ng vai tr nh mt client trn DHCP Server. Thc t hy kim tra

bng hnh nh bn c nhn thy di y:

Cui cng: Win 2008 DHCP Server c Vista client c lit k trong Address LeasesSVTH:Nguyn ng Khoa 95


96/218


Bi 9: DNS SERVER

1.Gii Thiu DNS Server:- DNS (Domain Name System) Server l my ch c dng phn gii domain thnh achIP v ngc li.- V cch thc hot ng, DNS Server lu tr mt c s d liu bao gm cc bn ghi DNSvdch v lng nghe cc yu cu.Khi my client gi yu cu phn gii n, DNS Server tinhnhtra cu trong c s d liu v gi kt qu tng ng v my client.

2.Ci t DNS Server:- Vo Server Manager vo Roles vo Add Roles.

- Ti bng Select Server Roles, chn DNS Server.



97/218


- Chn Next. Ti bng DNS Server gii thiu v DNS Server cng nh mt s ch trckhi ci t ti mc Things to Note.- Chn Next. Ti bng Confirm Installation Selections xc nhn vic ci t.- Chn Install. i qu trnh ci t hon tt.

- Chn Close hon tt ci t.

3. Cu hnh DNS Server:- i vi DNS Server,thng thng bn nn xy dng ng thi hai h thng l DNS Serverchnh (Primary) v DNS Server d phng (Secondary) dng chung mt c s d liu. Vi

phng php ny,bn s hn ch kh nng dch v DNS b ngng khi c s c xy trn h

thng.- Cu hnh DNS Server chnh:SVTH:Nguyn ng Khoa 97


98/218


- Vo Start vo Administrative Tools vo DNS.

- Nhp chut phi vo Forward Lookup Zones v chn New Zone.

- Ti bng Welcome to the New Zone Wizard ,chn Next.

- Ti bng Zone Type chn Primary zone cu hnh DNS Server chnh.



99/218


- Chn Next. Ti bng Zone Name g tn domain vo.

- Chn Next. Ti bng Zone File, mc nh. Chn Next.



100/218


- Ti bng Dynamic Update bn c th ngn chn hoc cho php DNS Server chp nhn ccmy client cp nht thng tin mt cch t ng. Ti s ngn chn m bo an ton cho hthng, chn Allow both nonsecure dynamic updates.

- Chn Next. Ti bng Completing the New Zone Wizard bn xem li thng tin.

- Sau chn Finish hon tt.



101/218


Bi 10: WEB SERVER

1. Gii thiu:- IIS 7.0 l phin bn mi nht cho web server ca Microsoft. IIS c trong Windows Servert khiWindows 2000 Server vi t cch l mt thnh phn ca Windows v t Windows NT th lmtty chn. IIS 7.0 hin c cung cp trong Windows Vista v Windows Server 2008, hiu

hnh my ch c d nh s pht hnh vo u nm 2008. IIS 7.0 l mt phin bn cxemxt mt cch t m trong thit k t kinh nghim ca cc phin bn trc. Phin bn 7.0 rai tomt nn tng linh hot v an ton nht cho vic cu hnh web v cc ng dng.- IIS 7.0 c thit k tr thnh mt nn tng Web v ng dng linh ng v an ton nhtchoMicrosoft. Microsoft thit k li IIS t nhng nn tng c trc v trong sut qutrnh

pht trin, nhm thit k IIS tp trung vo 5 lnh vc ln:

Bo mt Kh nng m rng



102/218


Cu hnh v trin khai Qun tr v chun on Hiu sut

2. Ci t v cu hnh IIS:a. Ci t:

-Chn Server Manager ti ng dn : Start MenuServer Manager (hoc c th chn : Start Menu Administrative Tools Server Manager).



103/218


- Trong Roles chn Add Roles

- Tick chn Web Server (IIS) mc Roles. ChnNext.

-IIS services ci t cc dch v cn thit cho ng dng ca bn (ASP.NET c tickchn thm)

- Nhn install bt u qu trnh ci t.

- Kim tra dch v web va ci t lm vic, ta vo trnh duyt g http://localhost.

http://localhost/http://localhost/


104/218


b. Thm mt website:- u tin ta to th mc cha trang web mi

- Vo Server Manager chn Roles - Web Server (IIS) - Internet Information Server-Pha bng Connections , chn sites - Add Web Site.



105/218


- in thng tin cn thit v trang web (tn, ng dn, v.v..).- Khi chn ok s xut hin 1 thng bo rng binding *:80 c ng k bi 1 sitekhc.- Lc ny ta cn stop trang Default Web Site mc nh li v start trang web va tolnLab- Kim tra trang web va to hot ng, ta cng vo browser g http://localhost.



106/218


3. Ci t dch v qun tr t xa ca IIS:

a. Ci t:- Vo Server Manager Trong Roles mc Role Services chn Add Role Service.

- Tick chn Management Service.

-Ci t hon tt.



107/218


b. Kch hot dch v:- Vo Start - All Programs Administrative Tools - Internet InformationServices (IIS) Manager.-Chn Managerment Service.

- Tick chn Enable remote connections v start dch v.



108/218


-Click Yes save v chnh thc start dch v.

- Lc ny ngi qun tr c th ng nhp vo h thng t xa thng qua dch v trn .



109/218


Bi 11: FTP SERVER

FTP File Transfer Protocol : Giao thc truyn file. FTP l mt giao thc truyn filetrn mng da trn chun TCP nn rt ng tin cy!

- File Transfer Protocol (FTP)- Giao thc truyn ti file, thng c gi l FTP, l cng c qun l files gia ccmy. FTPcho php truyn v ti files, qun l th mc, v ly mail. FTPkhngc thit k truy nhp v thi hnh files, nhng n l cng c tuyt vi truyn ti files.

- FTPdng 2 knh TCP. TCPcng 20l knh d liu, v cng 21 l knhlnh. FTPkhc vi tt c ng dngTCP/IPl phi dng 2 knh, cho php gi lptruyn ti lnh v d liu ca FTP. N cng khc cc giao thc khc mt chc nng

quan trng : FTP truyn ti files Foreground, so vi giao thc khc Background.Hay ni cch khc, FPTkhng dng Spoolers hay Queues, do vy vic truyn tithc hin bng thi gian thc.

- Trong FTP, c 2 knh tn ti gia 2 my gi l Protocol Interpreter, hay PI,v Data Transfer Process, hay DTP. Cu trc truyn ti PIdng knh lnh 21 TCP,v truyn ti d liu DTPtrn knh d liu 20 TCP.

- FTP gn ging Telnettrong cch dng chng trnh my ch chy lin tc vngt qung chng trnh chy trn my khch. Trn h thng UNIX, cc chngtrnh c goi l ftpdv ftp.

- Lnh ca FTP- Trc khi xem lm th no dng FTP truyn files, bn nn xem cc lnh cagiao thc ny.

- Tng t lnh ca Telnet, nhiu lnh ch dng cho giao thc v khng dng chongi dng (mc dAdministrators i khi dng lnh FTP g ri v chn on).

- Lnh ni b ca FTPgm 4 k t ASCIIcch nhau bi newline character. Nhiulnh cn phi c tham s. Mt li ch chnh dng k t ASCIIcho lnh l ngidng c th quan st cc lnh chy v hiu c n. N gip ch cho qu trnh gri. N cng m rng kin thc v giao tip trc tip vi FTP server component

(ftpd).- Thng tin dng lnh :

http://quantrimang.edu.vn/wp-content/uploads/2012/08/LB-Topology_FTP_Servers.png


110/218


ascii: chuyn sang ch truyn file theo dng vn bn binary: chuyn sang ch truyn file theo dng nh phn cd [directory]: chuyn vo th mc directory cdup : chuyn ln th mc cp trn mt cp

cdup : chuyn ln th mc cp trn mt cp close : ngt kt ni vi my ch del [remote-file]: xa 1 file trn my ch dir [remote-directory|file]: lit k ni dung ca th mc hoc danh sch cc

file trn my ch help [command] : cho bit hng dn v lnh command lcd [local-directory]: t li th mc lm vic trn client l local-directory ls [remote-directory|file] [-la]:lit k ni dung ca th mc hoc danh sch

cc file trn my ch; tham s -la s lit k tt c c km theo m t v quyn mdelete [remote-files]: xa nhiu file trn my ch

mget [remote-files]: download cc files trn my ch v mkdir: to th mc c tn directory-name mput [local-files]: upload cc files ln my ch open host [port]: kt ni n my ch FTP c hostname l host v ang chy

dch v FTP cng port put [remote-file]: upload local-file ln my ch vi tn mi l remote-file nu

c pwd: cho bit th mc ang lm vic hin thi quit: thot recv [local-file]: nhn remote-file trn my ch v lu trn my tnh vi tn

local-file nu c rename [from] [to]: i tn file hoc th mc from thnh to rmdir directory-name : xa th mc c tn directory-name send local-file [remote-file]: gi local-file t my tnh ln my ch vi tn mi

l remote-file nu c status: cho bit trng thi ca phin lm vic hin ti syst: cho bit h iu hnh ca my ch user user-name [password] [account]: login vo vi tn l user-name, mt

khu l password, ti khon l account

- FTPcng dng cc m n gin bo tnh trng truyn ti. Mi return code l sc 3 ch s, s u tin bo thi hnh thnh cng (s u tin l 1, 2, hay 3) hoctht bi (s u tin l 4 hay 5). S th 2 v 3 din gii chi tit thm tnh trng.

QuoteFirst Digit Description

1 Action initiated. Expect another reply before sending a new command.2 Action completed. Can send a new command.3 Command accepted but on hold due to lack of information.4 Command not accepted or completed. Temporary error condition exists.

Command can be reissued.5 Command not accepted or completed.



111/218


Reissuing the command will result in the same error (dont reissue)..Reissuing the command will result in the same error (dont reissue).

QuoteSecond Digit Description

0 Syntax error or illegal command

1 Reply to request for information2 Reply that refers to connection management3 Reply for authentication command4 Not used5 Reply for status of server

- FTPcho php truyn files nhiu dng khc nhau, ty thuc h thng. H thngchnh (bao gm h thng UNIX) ch c 2 ch : textv binary. Nhiu h thngmainframe h tr EBCDIC, nhiu trang c nhng dng t nh ngha tng tc truyn ti trong mng ni b (c th dng 32- hoc 64-bit words).

- Truyn ti dng Textdng k t ASCIIphn cch bi k t carriage-return v newline characters, trong khi truyn ti binarytruyn cc k t khng cnh dng. Binary mode nhanh hn text v cho php truyn tt c gi trcaASCII(cn thit cho cc file non-text). Trn nhiu h thng, FTPbt u textmode, mc d nhiu nh qun tr h thng thit lp FTP binary mode mc nhcho s tin li ca ngi dng.

- Trc khi truyn ti files bng FTP, phi chc chn dng ng dng truyn.Truyn ti binary file bngASCII mode s thnh mt ng rc Hi nh qun tr hthng nu cha r mode, hoc xem kt qu tr li ca FTP bit mode.

Ci t:Hon ton khng phi b mt ln rng Microsoft cha tng c sn phm FTP servertt nht, khi so vi cc i th cnh tranh khc trong lnh vc thng mi my chFTP. Mc d Microsoft lun c FTP Server trong hu ht tt c cc phin bn trcca IIS v Windows Server, nhng h lun thiu rt nhiu cc tnh nng my chFTP nng cao. Tuy nhin lc ny Microsoft vt qua c rt nhiu vn ,vi phin bn mi ca FTP Publishing Service, phin bn c pht hnh chnhthc khi Windows Server 2008 c ra mt. Dch v mi ny c vit li tonb, ging nh IIS 7.0 v n ch cung cp cho IIS 7.0.

Ti sao li c hai my ch FTP v s khc nhau gia n l g?

u tin n l mt nng cp minor v kh ging vi FTP Service c trong IIS6.0.

Th hai FTP Service l mt phin bn mi c ci thin, c cung cpnh mt bn download v ch cho IIS 7.0.

Bi ny ca chng ti s tp trung vo phin bn mi c ci thin ca FTPPublishing Service ny.

FTP Service mi c nhiu tnh nng cho php cc nh thit k web d dng publishcc ni dung v n cng cung cp nhiu ty chn bo mt v trin khai hn i vi



112/218


cc qun tr vin. N cng c sn cho Windows Server 2008 c hai phin bn 32-bit v 64-bit.

Nhng im mi

FTP Publishing Server mi gm c rt nhiu tnh nng v cc ci thin. Di y

chng ti s ch ra mt s ch mi chnh v m t mt trong s cc nng caomi ny.

S tch hp vi IIS 7.0FTP service mi ny c tch hp mnh vi giao din qun tr hon ton miv kho lu tr cu hnh ca IIS 7.0

H tr cho cc chun Internet miFTP service mi h tr FTP trn SSL, cng c bit n nh FTPS hoc

FTP/SSL v s dng chng ch kha cng (SSL/TLS). Bn khng nn nhm ln

n vi SFTP hoc FTP trn SSH, y hon ton l mt chun khc hin khngh tr bi Microsoft FTP Publishing Service. N cng h tr cc ci thin khcnh UTF8 v IPv6.

Chia s hostingFTP service mi c ci thin v c tch hp hon ton vo IIS 7.0, n cth cu hnh FTP v cc ni dung web t cng mt site bng cch add mt FTPbinding (kt ni FTP) vo mt website ang tn ti. Dch v FTP cng c s htr cho hostname o, dch v ny lm cho n c th hosting nhiu site FTP trncng mt a ch IP. N cng ci thin c s cch ly ngi dng dng thng qua

cc th mc o.

Kh nng m rngDch v FTP mi ny c h tr kh nng m rng (API), tnh nng ny lm chon tr nn d dng hn i vi cc hng phn mm trong vic vit cc ty chnhcho vic chng thc FTP.

LoggingVic logging ca FTP c ci thin v nng cao gp tt c lu lngFTP vo cc file bn ghi

Cc tnh nng khc phc s cIIS 7.0 c mt s tnh nng khc phc s c mi, nh Event Tracing choWindows (ETW), dch v FTP h tr tnh nng ny cng vi vic cung cp ccthng bo x l li chi tit v cc thng bo n ngi dng cc b, cng l mtty chn mi cho IIS 7.0.

Cc iu kin tin quyt cho vic ci t

FTP Publishing Service mi hin c cung cp mt cch min ph di dng mt

modul c th download t IIS.net DownloadCenter.



113/218


Mt s iu kin tin quyt cn cho phi bo m trc khi tip tc ci t FTPPublishing Service.

Bn phi ang s dng Windows Server 2008 IIS 7.0 phi c ci t Nu bn mun qun l cc dch v FTP mi bng giao din IIS 7.0 th phi

ci t IIS Management Console. Phi ng nhp vi quyn qun tr vin Cu hnh chia s ca IIS 7.0 phi c v hiu ha trn mi nt trc khi ci

t dch v mi ny, v n c th c kch hot tr li sau khi dch v ny cci t xong.

Dch v FTP c trong Windows Server 2008 phi c g b trc khi cit dch v FTP mi ny

Ci t

Trong hng dn tng bc ny chng ti s gii thiu cho cc bn cch ci tdch v FTP trn mt my ch Windows Server 2008 mi. Lu chng ti ch giithiu n phn ci t FTP ch khng cp n cc dch v ca IIS 7.0.

Download phin bn FTP Service mi t lin kt trn

Chy chng trnh download vi quyn qun tr vin ci t hoc cit bng mt trong hai lnh di y:- x86 version: msiexec /i ftp7_x86_rtw.msi- x64 version: msiexec /i ftp7_x64_rtw.msi

Cc bc ny rt quan trng v User Account Control (UAC) thng ngnchn bn thc hin vic truy cp file applicationHost.config.

Khi chng trnh ci t bt u, bn kch Next:



114/218


Hnh A: Ci t bt u

Chp nhn EULA v kch Next:

Hnh B: EULA

Chn cc ty chn bn mun ci t v kch Next:



115/218


Hnh C: Chn cc tnh nng ci t

Cc tnh nng ci t c m t:

Common filesCung cp cc file chung cho Microsoft FTP Service for IIS 7.0, nh file lc cu hnh FTP, cc file ny c yu cu trn tt c cc my ch FTP ang s

dng nt cu hnh chia s. FTP Publishing Service

FTP Publishing Service, thnh phn li cn thit cho FTP lm vic v yu cuProcess Model ca tnh nng Windows Process Activation Service c ci t.

Managed Code SupportH tr cho cc tnh nng m c sn. Tnh nng ny c yu cu khi cc tnhnng m c sn nh ASP.NET users hoc IIS Manager Users, s c s dngvi FTP. Tnh nng ny mang tnh ty chn v s khng lm vic khi chy

Windows Server 2008 trong ch Server Core.

Administration FeaturesH tr vic qun tr bng IIS Manager, giao din ngi dng (UI).Tnh nng nyyu cu phi c the IIS Manager v .NET 2.0 Framework c ci t.

Bt u ci t, kch Install:



116/218


Hnh D: Bt u ci t

Kch Read notes xem readme v kch Finish:

Hnh E: Ci t kt thc

Xc nhn FTP Service c ci t bng cch kim tra xem Microsoft FTPService c ang chy khng v trong IIS Manager kim tra phn FTP mi vi tt c

cc thnh phn qun l cho FTP Service.



117/218


Hnh F: Phn FTP trong IIS Manager

Mc nh my ch FTP s kha v khng chp nhn cc yu cu FTP.

T bn trong IIS Manager bn hon ton c th d dng publish mt FTP mi hocadd mt FTP Publishing vo website tn ti.

Vi mc ch bo mt ngi dng, FTP Service h tr s nc danh, th khng

c khuyn khch v cng c hai cch chng thc ngi dng FTP ca bn: Windows Authentication

Ngi dng c t trong Active Directory hoc khu vc lu tr ngi dng nib trong my ch FTP chuyn dng.

IIS Manager Authenticationy l mt tnh nng mi, ni IIS Manager c s dng cho qun tr vin ngidng v tt c ngi dng c add bng IIS Manager, vic chng thc cqun l bi b cung cp IISManagerAuth mi.



118/218


Bi 13: FILE SERVICES1. Tng quan dch v File Services:

- File Services l mt dch v mt role my ch trn Windows Server 2008, cung cpcho ngi qun tr cc k thut qun l dung lng lu tr (storage),c ch backup d liu

bng phng thc to bn sao ca d liu server khc (replication) , qun l ti nguyn ,chia s, h trowjcacs my tnh *NIX truy cp ti nguyn h thng Windows . Vi dch vny bn d dng trin khai cc chc nng . File Services Resource Manager : cu hnh quota, to file screen v lp lch to ra

storage report. Distributed File Systems : trin khai h thng file phn tn . Services for Network File System : trin khai cc dch v cho php chia s file

gia Windows Server 2008 vi cc h thng *NIX Windows Search Service : Trin khai dch v cho php my client tng tc tm kim

file trn server Window Server 2003 File Services: trin khai File Services dnh cho cc my tnh

chy h iu hnh Windows Server 20032. Tng quan File Server Resource Manager:

- File Server Resource Manager l tp hp cc cng c cho php ngi qun tr c

th hiu, iu khin v qun l d liu trn cc server chy h iu hnh Windows Server2008 mt cch hiu qu. Vi cng c ny , bn c th cu hnh quota trn c a v th



119/218


mc, ngn cm sao chp nhng nh dng m bn ch nh, ng thi xut ra cc bo cogim st hot ng ca ngi dng trn khng gian lu tr .

-Vi File Server Resource Manager , bn c th thc hin c cc cng vic sau To quota trn a hoc th mc gii hn dung lng cp cho ngi s dng.,

ng thi gi mail hoc thng tin cnh bo khi ngi dung t n hoc vt qu giihn quota cho php .

T ng sinh ra v cp pht quota cho tt c cc th mc con tn ti hoc nhngth mc con mi to ra trn mt a hoc mt th mc .

To cc file screen ch nh th loi file m ngi d dng c th lu tr, ngthi gi thng tin cnh bo khi ngi s dng c gng cc th loi file khng ccho php.

nh ngha cc teamplate cho quota v file screen d dng v nhanh chng p dngvi nhng a v th mc mi .

Xut ra cc bo co, gim st tnh trng s dng lng a nh k hoc theo nhu cu.

3. Ci t dch v File Server Resource Manager:- Vo Server ManagerRoles Add Roles Next.



120/218


-Vo hp thoi Server Roles chn File Services chn Next.

-Hp thoi Select Role Servies bm chn File Sever Resource Manage Next

-Hp thoi Configure Storage Usage Monitoring chn a bn cn theo di v xut boco.



121/218


- Hp thoi Set Report Option cho php chn ni ct report v cu hnh cch thc gi reportqua mail cho bn Next .

-Hp thoi Confirm Installation Selections xem li thng tin cu hnh cui chn Install cit dch v .



122/218


- Ci t hon tt chn Close thot .

-Sau vo Admin tools hoc Server Manager File server resource manager kim trakt qu ci t .



123/218


4. Cu hnh dch v :a. Cu hnh cc option ca File Server Resource Manager

- Chut phi File Server sresource manager Configure Options .



124/218


- Tab Email Notifications. Trong tab ny s cu hnh v mail nhn report bao gm ach : SMTP server Email s nhn (Default administrator recipients) V gi vi a ch no (Default Frome-mail address)

- tab Nofication Limts cho php gii hn thng tin gi v mail mc nh tt c l 60 .

- tab Storage Reports cho php tinh chnh cc tham s s gi v theo Report .



125/218


- tab Report Locations cho php thay i ng dn cha cc file report :

-File screen audit kch hot chc nng ghi nhn li cc thng bo cc hnh ng khi chcnng file screen hot ng .



126/218


b. Cu hnh Quota:- Vo File Server Resource ManagerQuota Management chut Quotas Create

Quota .

- Hp thoi Create Quota.Nhn browse chn th mc, a mun quota Quota path.



127/218


Ban u mc nh s c nhng quota templates sn cho chng ta s dng mc Deriveproperties from th quota templatebn c th ty chn s dng hoc chn Define customquota properties chng ta t to nh ngha quota ring , y chng ta s to quotaring stick Define custom quota properties Custom Properties Custom Properties

- Hp thoi Quota Properties ...+Space Limit: Limit:dung lng gii hn cho php user dung khi s xy ra hai hnh ng Hard Quota khi t ti limit cm user chp thm d liu

Soft quota khi t gii hn vn cho php user chp thm d liu nhng s creport ghi nhn .

+Sau khi cu hnh xong OK v li trang Creat Quota



128/218


- Kim tra li thng s Create quota

-Lc ny hp thoi Save custom properties as a template .Hp thoi hi chng ta c lu quota ny nh mt template hay khng nu khng save nh mc nh OK hon tt.

c. Cu hnh screen :

-Bc u tin l to mt file group cha cc kiu file bn mun cm thao tc-Chut phi File GroupCreate File Group



129/218


-Hp thoi Create Group Properties hin ra. in tn ca file group.in ui file vomc Files to include (nhng kiu file chp nhn) hoc mc Files to exclude (nhng kiu fileloi tr) ri Add. y hi kh hiu nh, thc ra ch n gin l bn mun cm kiu file th mc Files toinclude cn khng mun cm, loi tr kiu file no th mc Files to exclude .

-Bm OK hon tt .



130/218


-By gi chng ta s quay tr li vn chnh l to File sreenChut phi Files Screen Create File Screen

-Chn th mc a cn p screen ri stick Define custom file screen propertiesCustom Properties .



131/218


-Chng ta c hai hnh ng chnh l Active Screening tc dng khng cho user savenhng file nh ngha v hai l Pasive Screening cho php user dung nh bnh thngnhng s ghi nhn log .Sau chng ta chn file Group mi va nh ngha hoc c th tothm bng cch nhn nt OKCreate

d. Lm vic vi report :



132/218


Export ra file report v nhng ghi nhn h thng :- Chut phi Storage Reports Management Generate Reports Now.

-Hp thoi Storage Reports Task Properties .Gm 3 bc : Add th mc, a cn xut thng tin log Chn loi report s xut mc Report data Chn loi file report s xut ra mc Report formats Cui cng l OK xut report

To lch s t ng xut report :- Chut phi Storage Reports Management Schedele a New Report Task



133/218


- tab Settings chn th mc , a s to report .Chn cc loi s xut report sau l chnkiu file report s xut ra .

Tip theo l tab Delivery chng ta s nhp email nhn report ny .



134/218


-Qua tab Schedule Create Schedule New sau thit lp ngy gi to report cho citask ngy OK OK .



135/218


Bi 15: GROUP POLYCI

1. Starter GPOs l g?

Starter GPO. Vi Starter GPO bn c th c kh nng lu cc mu c bn s dng

khi to mi cc i tng Group Policy (GPO). Cc mu ny c th c export

sang cc mi trng min khc, cho php bn c c kh nng linh hot cao.

Khi m GPMC 2.0 bn c th s thy mt mc cha mi (trng rng) c tn "Starter

GPOs". Mc ny c th gi nhng g m ti gi l cc mu nhm mc ch to

cc GPO mi - vi hn ch rng ch c cc thit lp Administrative Templatesc cung cp - t Computer Configuration v User Configuration. Cc thit lp

nh Software Settings (ci t phn mm) v Windows Settings (cc kch bn,

chnh sch ti khon, quyn ngi dng, cc chnh sch hn ch phn mm,...). khng

c trong Starter GPOs, xem trong hnh 1.



136/218


Hnh 1: Cc thit lp t AdministrativeTemplates



137/218


Khi to cc GPO mi, bn c th chn s dng Starter GPO nh mt Source Starter GPO

(hay cn gi l mu) d dng cho vic to a GPO vi cng mt cu hnh c s, xem

hnh 2.

Hnh 2: Source Starter GPO

Mt GPO mi s gm c tt c cc thit lp chnh sch Administrative Templates t Starter GPO,

chng s c s dng nh mt mu trong sut qu trnh to v cc tnh nng b sung m thng

thng chng ta c bn trong cc GPO (nh cc thit lp bo mt Security Settings, ). Mi th

ngoi cc thit lp chnh sch Administrative Templates sau phi c to t nhiu bc phc

hp khc nh phin bn hin nay vn ang phi lm. y im gi tr ca cc mu Advanced

Group Policy Management (AGPM). Mc d vy, sn phm khng nm trong phm vi ca bi

ny nn chng ti s gii thiu cho cc bn vo mt dp khc trong cc bi khc.



138/218


Th mc mi trong SYSVOL

Nu y l ln u tin bn mun kim tra hoc s dng Starter GPOs, bn s phi kch hot tnh

nng trong cc min c lin quan n n. Vn ny c thc hin bng cch kch chut vo nt

Create Starter GPOs Folder hoc ch cn kch chut phi vo mc Starter GPOs vchn

New, xem hnh 3. Ty chn sau s to cho bn mt th mc Starter GPOs.

Hnh 3: S dng ln u tinHp thoi New Starter GPO s xut hin, yu cu bn nhp vo tn v ch thch, xem hnh 4

Hnh 4: To mt Starter GPO miSVTH:Nguyn ng Khoa 138


139/218


Lu rng, bt c th g bn nh vo trong trng Comment s c k tha n bt c

GPO no c to vi Starter GPO ny nh mt ti nguyn gc. Vn bn s c ghi li

vi t cch l comment ca GPO. Khi bn kch hot ln u tin Starter GPOs trong min,

s c mt th mc c tn "StarterGPOs" c to ra bn trong th mc SYSVOL vi ng

dn di y: \\domain.com\SYSVOL\domain.com\StarterGPOs y l ni tt c tr othut c thc hin (xem hnh 5)

Hnh 5: Th mc StarterGPOs trong SYSVOL

Vi mi Starter GPO mi to, bn s thy mt th mc mi bn trong th mc ny - mi

th mc ny s c mt GUID duy nht (ging nh cc GPO thng thng). V vy khi bn

to mt GPO mi vi Starter GPO ng vai tr ngun th qu trnh COPY n gin s c

thc hin bn di kch bn. Cc th mc con v cc file bn di th mc Starter GPOs

GUID c copy vo th mc \\domain.com\SYSVOL\domain.com\Policies\

[SomeNewGUID] (mt GUID duy nht to trong qu trnh), n lc ny bn hy chun btrin khai mt GPO mi.



140/218


Hnh 6: Chun b to mt GPO mi, nhng khng to t bt k ng hn nno

Khi kch chut phi vo Starter GPO, xem hnh 6, bn c th chn to New GPO From

Starter GPO. Khi s xut hin hu ht cc hp thoi ging nhau khi bn chn to mt

GPO mi t mc Group Policy Objects (xem hnh 4) - hoc khi kch chut phi vo mt

n v t chc - Organizational Unit (OU), hoc bn thn min v chn ty chn: Create

a GPO in this domain, and Link it here... ch lc ny hp chn Source Starter GPO mi

b v hiu.



141/218


Hnh 7: Source Starter GPO chuyn sang muxm



142/218


Cabinet v nhng th bn trong

C nhng th rt th v m bn c th export cc mu GPO (Starter GPOs) sang file

Cabinet (.CAB) v sau import cabinet ny vo mt mi trng khc hon tonc lp vi domain/forest ngun!

Chnh v vy lc ny bn c th to mt Starter GPO hon ho, export n (xem nt Save as

Cabinet trong hnh 8) v sau mang n ra bn ngoi, chia s n vi cc bn ca

bn, trn Website ca bn, trin khai n trn tt c cc h thng m bn c th gi quyn

kim sot,. Sau qu trnh import c thc hin rt d dng (xem nt Load

Cabinet trong hnh 8), bn hy chun b to cc GPO mi vi Starter GPO ng vai trc s.

Hnh 8: Ti v Lu file Cabinet



143/218


Nu bn cng t m nh ti, th c th rt mt vi tt c nhng g bn trong file .CAB. Hycho

php ti gii p mi bn tm ca bn: mi file s gm c ti thiu 2 (nu khng c cu hnh) n6 file nn, ph thuc vo nhng thit lp g bn cu hnh trong Starter GPO ring

Tn file Ni dung

StarterGPO.tmplx Gm c GUID, thng tin phin bn, tn,

m t(nh dng XML)

File ny lun lun nm trong file CAB

Report.html Bo co cc thit lp c to ra v bao gm

nh mt di dang file HTML cho mi

export. c thc hin nhm to tham

chiu d dng v ti liu xem xt.File ny lun lun nm trong file CAB

Machine_Registry.pol Mt phn Computer Configuration (CC) ca

GPO

File ny ch c hin din nu c bt k thit

lp no ca CC c hin din trong Starter

GPO.User_Registry.pol Mt phn User Configuration (UC) ca GPO

File ny ch c hin din nu bt k thit

lp no ca UC c hin din trong Starter

GPO.

Machine_Comment.cmtx Gm c cc comment (ch thch) c

to trn cc thit lp bn trong phn CC ca

Starter GPO (nh dng XML).

File ny ch c hin din nu c ti thiu

mt thit lp CC c ch thch c lin kt

vi n.

User_Comment.cmtx Gm c cc comment (ch thch) c to

trn cc thit lp bn trong phn UC ca



144/218


Starter GPO (nh dng XML).

File ny ch c hin din nu c ti thiu

mt thit lp UC c ch thch c lin kt

vi n.

Bng 1

Mt hn ch i vi vic export Cabinet l bn ch c th export mt Starter GPO trn mt

file Cabinet. V vy th tc ny khng c tip qun t mt th tc backup thng thng,

vn ny s c gii thiu trong phn tip theo.

Cc Backup Starter GPO tch bit

Bn phi to mt qu trnh backup tch bit cho cc Starter GPO. iu ny l bi v chng

khng c backup thng qua phng php GPMC "Backup All" m bn c th thc hin

vi cc GPO thng thng nhng chng c mt th tc backup ring. Nu bn kch

chut phi vo mc Starter GPOs bn s thy mt ty chn Back Up All. Ty

chn ny s backup tt c cc Starter GPO (xem hnh 9).

Hnh 9: Backup tt c Starter GPO cng mt lc



145/218


Nu bn ch kch chut phi vo Starter GPO trong panel bn phi ca GPMC th s thy tychn

Back Up. Ty chn ny s to mt backup ch cho ring Starter GPO ny.

Hnh 10: Chn mt backup ccb

y nhim quyn hn

Cng nh nhiu tnh nng khc ca Windows, bn c th y nhim cc iu khon cho php

i vi mt ngi dng hay nhm no . Trong trng hp ny, bn c th y nhim cc

cho php to Starter GPO trong min. Vn ny c thc hin t tab Delegation,

y l mt tab ch thy khi mc Starter GPOs c chn trong cy menu bn tri, bn

trong GPMC (xem hnh 11).



146/218


Hnh 11: Tab Delegation cho Starter GPOs

Tab ny phn nh cc iu khon bo mt NTFS tn cc StarterGPOs- th mc bndi

SYSVOL (xem phn trn); ch c ngi dng hay cc nhm c y quyn mi hin trong y.

Group Policy Preference

Quay li vo thng 10 nm 2006, Microsoft thu nhn c cng ty DesktopStandard.

Mt trong nhng sn phm ni ting ca h, PolicyMaker, hin c a vo

trong dng sn phm ca Microsoft vi t cch l mt thnh phn ca Windows Server

2008 v c Remote Server Administration Toolkit (RSAT), thnh phn m chng ti

mun gii thiu n cc bn trong phn sau.

Phn mm PolicyMaker c kh nng iu khin v cu hnh mt cch d dng hn, t

mt im trung tm, hn nhng g Group Policies thng thng c th. Mt s thit lp

u tin (Preference) qu thc chng lp vi cc thit lp chnh sch thc, tuy nhin



147/218


trong trng hp bn li c s la chn gia mt chnh sch v mt s u tin

(Preference). V vy bn c th t ra cu hi: S khc nhau y l g? Mt chnh sch

l mt ci g m bn p buc v n khng th b thay i bi ngi dng cn mt

u tin (Preference) l mt vic thit lp m bn thch ngi dng m nhn nhng

ngi dng lc ny c th thay i n.

Preference c th c thit lp ch p dng mt ln hoc p dng mi ln

Group Policy c refresh (mc nh c 90 n 120 pht mt ln trn cc my

khch). Chng ta s quay li nhng vn su hn trong hot ng ny phn tip

theo ca lot bi ny.

Trong hnh 1 bn s thy mt ci nhn hon ton mi t cng c Group PolicyManagement Editor, lu chnh sch ca chng ti c tn gi GP Preferences

c phn thnh Computer Configuration v User Configuration nh thng l,

nhng mi mt nt li c phn thnh hai nt cp thp: Policies (mu ), y

l mt thnh phn c trong Group Policy trc y m chng ta bit,

Preferences (mu

Documents

TH Quan Tri Mang.doc