Dao Tao Admin - CDDL 2109

8/6/2019 Dao Tao Admin - CDDL 2109

1/85

CNG TY THNG TIN VIN THNG IN LC

TRUNG TM CNG NGH THNG TIN

-----------------------------------

TI LIU O TOQUN TR H THNG MNG

TRNG CAO NG IN LC

TP.HCM, 2010


2/85

Trung tm Cng ngh Thng tin EVNIT

MC LCMC LC .................................................................................................................................................2

CHNG 1. GII THIU V CI T WINDOWS SERVER 2008 ...................................................4

I. Tng quan h iu hnh win 2008 ...........................................................................................................4

II. Chun b ci t win 2008 ......................................................................................................................4

a. Ci t win 2008.................................................................................................4

b. Ci t h iu hnh...........................................................................................4

III. Dch v DHPC ......................................................................................................................................7

1. Ci t DHCP Server...........................................................................................7

b. Cu hnh DHCP Server v thit lp a ch IP ng trn my client..................18

c. Cu hnh a ch IP ng trn my Client..........................................................22

d. Sao lu v phc hi DHCP Server.....................................................................23

IV. Dch v DNS ......................................................................................................................................25

1. Ci t DNS Server...........................................................................................25

b. Ci t DNS Server...........................................................................................25

V. Cu hnh DNS Server ...........................................................................................................................28

VI. B sung cc bn ghi DNS vo DNS Server ........................................................................................35

VII. Dch v Hyper-V ...............................................................................................................................39

CHNG 2. ACTIVE DIRECTORY .....................................................................................................44

I. M hnh WORKGROUP M hnh Domain ........................................................................................44

Active Directory...................................................................................................44

II. Ci t Active Directory .......................................................................................................................46

1. Chun b trc khi ci t.................................................................................46

b. Ci t Domain Controller (DC)........................................................................46

III. Qun l User .......................................................................................................................................59

1. To mi ti khon ngi dng..........................................................................59

2. Thit lp thi gian user c php ng nhp vo domain.........................62

c. Thit lp user ng nhp s dng my tnh .....................................................63

d. To Group v a user vo Group ...............................................................66

e. To Organization Unit (OU)...............................................................................71

Ti liu o to Qun tr Trang 2


3/85

Trung tm Cng ngh Thng tin EVNIT I. Chia s d liu .......................................................................................................................74

II. Phn quyn User ..................................................................................................................................75

CHNG 4. DCH V PROXY (ISA SERVER) ..................................................................................79

I. Cu hnh ngi dng c quyn VPN .................................................................................................79

II. Cu hnh VPN trn my Client .............................................................................................................80



4/85


CHNG 1. GII THIU V CI T WINDOWS SERVER 2008

I. Tng quan h iu hnh win 2008Windows Server 2008 Standard

Windows Server 2008 Standard l h iu hnh mnh m cho my ch, c tch hpnhiu tnh nng nhm ci thin bo mt, qun l, v gim chi ph c s h tng.Windows Server 2008 Standard h tr:

32GB Ram trn h thng 64-bit (4GB trn h thng 32-bit) 4 b vi x l a nhn 250 kt ni dch v truy cp mng (Network Access Services - NAS) 50 kt ni my ch chnh sch mng (Network Policy Server - NPS) 250 kt ni my phc v thit b u cui (Terminal Server) o ha Hyper-V vi mt gii php min ph

II. Chun b ci t win 2008Chun b ci t Windows Server 2008Phn cng / Cu hnh Ti thiu ngh Ti u

B nh RAM 512MB 1GB 2GBB vi x l 1Ghz 2Ghz 3Ghz cng (trng) 10GB 40GB 80GB

a. Ci t win 2008Ton b vic ci t Windows Server 2008 ch qua ba phn:

Ci t h iu hnh, bao gm c xc nhn m kha hp l Khi to cu hnh Initial Configuration Tasks Ci t Server Manager

b. Ci t h iu hnhLm theo cc bc sau ci t h iu hnh:

1. Cho a ci t Windows Server 2008 vo v khi ng my ch t a ci.2. Khi c yu cu chn ngn ng, thi gian, n v tin t v thng tin bn phm,

bn hy a ra la chn thch hp ri click Next.

Thit lp ngn ng, thi gian v n v tin t, thng tin bn phm.



5/85


3. Ty chn Install Now xut hin. Nu cha chc chn v yu cu phncng, bn c th click vo lin ktWhat to Know Before Installing Windows bit thm chi tit.

4. Nhp kha kch hot sn phm (product key) v nh du kim vo Automatically Activate Windows When Im Online. Click Next.

Nhp kha kch hot sn phm hp l.5. Nu cha nhp kha sn phm mc trc, by gi bn s phi la chn n b

Windows Server 2008 sp ci t v nh du kim vo I Have Selected an Edition of Windows That I Purchased . Nu bn nhp kha sn phm hp l,trnh ci t s t ng nhn din c n bn Windows Server 2008 bn sp ct. Click Next.

La chn bn Windows Server 2008 ci t.6. c cc iu khon quy nh v chp nhn bng cch nh du kim. Click

Next.7. ca s mi xut hin, do bn khi ng my t a ci nn ty chn Upgrade

(nng cp) b v hiu. Click Custom (Advanced).



6/85


Ty chn Upgrade b v hiu khi bn khi ng my t a ci.Lu :Nu bn mun tin hnh ci t nng cp, bn cn chy trnh ci t trongmi trng Windows.

8. Trn ca s tip theo, bn cn la chn v tr ci t Windows. Nu c driver cacc thit b lu tr bn th ba, cn ci t ngay bng cch click lin kt Load Driver .

Ti driver ca cc thit b lu tr bn th ba v chn ni ci t.Lc ny, Windows s bt u c ci t vo h thng. Bn c th thy tng bc tin trnh hon tt th hin bng phn trm. Trong qu trnh ci t, my chs phi khi ng li nhiu ln. Trnh ci t s hon thnh nhng tc v sau y- Sao chp tp tin- M rng tp tin- Ci t chc nng- Ci t cp nht- Hon thnh

9. Khi qu trnh ci t hon tt, hy thay i mt khu ti khon qun tradministrator trc khi ng nhp. Sau khi mt khu c thay i v bn ng nhp vo h iu hnh, nh vy l bn xong phn 1 ca vic ci t.



7/85


III. Dch v DHPCDHCP (Dynamic Host Configuration Protocol) Server l my ch c dng cp phta ch IP ng cho cc my client trong h thng mng.V cch thc hot ng,DHCP Server s dng dch v cng tn lng nghe yu cuxin cp pht a ch IP c gi t my client.Sau khi nhn yu cu,DHCP Server schn ra mt a ch IP trong dy a ch ca mnh v gi v cho my client.ng thiDHCP Server cng gi n my trm cc thng tin lin quan n a ch IP nh subnetmask,a ch IP ca cc DNS Server,default gateway.

1. Ci t DHCP Server.Vo Server Manager Roles Add RolesTi bng Before You Begin chn Next.

Ti bng Select Server Roles chn DHCP Server .Bn bn gc phi h thng cng c ch thch v DHCP.y l trung tm cu hnh ,qun l,cp pht a ch IP cho ccmy client.



8/85


Chn Next.Ti bng DHCP Server gii thiu v dch v DHCP Server,v c mt vi ch trc khi ci t mc Thing to Note



9/85


Chn Next .Ti bng Select Network Connection Bindings ,chn kt ni s c dng lng nghe yu cu gi t my client.i vi HEPC, IP Address s l 10.145.0.1



10/85


Chn Next.Ti bng Specify IPv4 DNS Server Settings nhp tn domain mc Parentdomain v nhp a ch IP ca DNS Server mc Preferred DNS Server IPv4Address .Bn c th chn Validate h thng kim tra v xc thc.i vi HEPC:

- Parent Domain: hepc.evn.com.vn- Preferred DNS: 10.145.0.1- Alternate DNS: 10.145.0.2



11/85


Chn Next.Ti bng Specify IPv4 WINS Server Settings chn WINS is not required for applications on this network.Nu h thng mng ca bn vn cn dng WINS Server thchn WINS is require for applications on this network v nhp thng tin a ch IP choDNS Server.



12/85


Chn Next.Ti bng Add or Edit DHCP Scopes chn Add.Ti y bn in cc thng tiIP vo .V nh chn Active this scope kch hot cc thit lp va ri.i vi HEPC:

- Scope name: HEPC-DHCP - Start IP: 10.145.4.11- End IP: 10.145.4.249- Subnet Mask: 255.255.248.0- Default Gateway: 10.145.4.2 (y l a ch IP ca ISA Server, khi kt ni

WAN th phi sa li Gateway ny l IP ca Router)



13/85


Nu bn mun thit lp tip dy IP DHCP Server cp pht th chn Add v tip tcnhp thng s vo.



14/85


Chn Next.Ti bng Configure DHCPv6 Stateless Mode chn Disable DHCPv6Stateless mode for this server .Nu mun cu hnh DHCP Server h tr DHCPv6 tngng vi IPv6 th chn Enable DHCPv6 Stateless mode for this server



15/85


Chn Next.Ti bng Authorize DHCP Server chn ti khon cp php cho DHCPServer trong Active Directory Services. y ti chn ti khon Administrator.



16/85


Chn Next.Ti bng Confirm Installation Selections l thng tin nhng thit lp trckhi ci t DHCP Server.



17/85


Chn Install tin hnh ci t.i cho qu trnh ci t hon tt.



18/85


Ti bng Installation Results thy dch v DHCP c ci t hon ttInstallation succeeded .Chn Close kt thc ci t

b. Cu hnh DHCP Server v thit lp a ch IP ng trn my client.VoStart Administrative Tools DHCPChn IPv4.Nhp chut phi voScope [10.0.0.1] EVN-DHCPv chnProperties. i vi HEPC, chn Scope [10.145.0.1]



19/85


Ti tabGeneralbn c th thay i Scope name,thit lp li di IP v gii hn thi giana ch IP tn ti trn my client HEPC:

- Start IP: 10.145.4.11- End IP: 10.145.4.249



20/85


thay i gateway.ChnScope Options.Ti khung bn phi,nhp chut phi vo003Router v chnProperties.



21/85


Ti bngScope Optionsbn c th thay i gateway bng cch chnAddvxa b bng cch chnRemove. HEPC:

- Gateway: 10.145.4.2- DNS Server: 10.145.0.1; 10.145.0.2- DNS Domain Name: hepc.evn.com.vn

Sau chnOK . thay i tn min,voServer Optionsv chn015 DNS Domain Namev chnProperties.

Ti mcString valueg tn min mi vo chnOK



22/85


c. Cu hnh a ch IP ng trn my ClientChnObtain an IP address automaticallyvObtain DNS server addressautomatically



23/85


Th ping ti server .

d. Sao lu v phc hi DHCP Server.Sau khi hon thnh cc bc cu hnh,bn nn backup nhm hn ch ri ro. Nhp chut phi ln DHCP Server v chn Backup



24/85


Chn th mc dng lu tr d liu backup. y mc nh l system32\dhcp\backu

Trong mt s trng hp,DHCP Server c th b li,mt d liu do mt s nguyn nhnnh h iu hnh gp s c,dch v DHCP gp li v khng th khi ng,cc xung



25/85


ny sinh lm DHCP Server ngng hot ng.Khi bn cn restore DHCPServer.y l tnh nng tit kim thi gian v m bo chnh xc. Nhp chut phi ln DHCP Server v chn Restore.Ti bng Browse For Folder chn th mc cha d liu backup.Mc nh nm trongsystem32\dhcp\backup

IV. Dch v DNS1. Ci t DNS Server

DNS (Domain Name System) Server l my ch c dng phn gii domain thnha ch IP v ngc li.V d evn.vn 10.0.0.1V cch thc hot ng,DNS Server lu tr mt c s d liu bao gm cc bn ghi DNv dch v lng nghe cc yu cu.Khi my client gi yu cu phn gii n,DNS Server tin hnh tra cu trong c s d liu v gi kt qu tng ng v my client.

b. Ci t DNS ServerVo Server Manager Roles Add Roles.Ti bng Select Server Roles .Chn DNS Server

Chn Next.Ti bng DNS Server gii thiu v DNS Server cng nh mt s ch trkhi ci t ti mc Thing to Note



26/85


Chn Next.Ti bng Confirm Installation Selections xc nhn vic ci t.



27/85


Chn Install.i qu trnh ci t hon tt.



28/85


Chn Close hon tt ci t.

V. Cu hnh DNS Serveri vi DNS Server,thng thng bn nn xy dng ng thi hai h thng l DNSServer chnh (Primary) v DNS Server d phng (Secondary) dng chung mt c s dliu.Vi phng php ny,bn s hn ch kh nng dch v DNS b ngng khi c s cxy trn h thng.

1. Cu hnh DNS Server chnhVo Start Administrative Tools DNS. Nhp chut phi vo Forward Lookup Zones v chn New Zone



29/85


Ti bng Welcome to the New Zone Wizard ,chn Next.



30/85


Ti bng Zone Type chn Primary zone cu hnh DNS Server chnh.

Chn Next.Ti bng Zone Name g tn domain vo. HEPC: Zone name l: hecp.evn.com.vn

Chn Next.Ti bng Zone File , mc nh



31/85


Chn Next.Ti bng Dynamic Update bn c th ngn chn hoc cho php DNSServer chp nhn cc my client cp nht thng tin mt cch t ng.Ti s ngn chn m bo an ton cho h thng,chn Do not allow dynamic updates .

Chn Next.Ti bng Completing the New Zone Wizard bn xem li thng tin

Sau chn Finish hon tt.



32/85


Nh vy bn cu hnh chc nng forward ( phn gii tn thnh a ch IP).By gi cu hnh chc nng reverse (phn gii a ch IP thnh tn) Nhp chut phi vo Reverse Lookup Zones v chn New Zone.Ti bng Welcome to the New Zone Wizard chn Next.

Ti bng Zone Type chn Primary zone cu hnh chc nng reverse cho DNS Server

chnh.



33/85


Chn Next.Ti bng Reverse Lookup Zone Name chn kiu IP cn phn gii.y ti chn IPv4.

Chn Next.in Network ID v chn Next. HEPC: Network ID l: 10.145 (lu : s 0 th 3 trong hnh khng in)

Ti bng Zone File mc nh.



34/85


Chn Next.Ti bng Dynamic Update chn Do not allow dynamic updates

Chn Next v xem li thng tin thit lp,nu chnh xc chn Finish



35/85


VI. B sung cc bn ghi DNS vo DNS ServerSau khi hon thnh nhim v ci t v cu hnh DNS Server .Bn cn to c s d licho server ny bng cch b sung cc bn ghi DNS .Thng thng bn s tng tc v

ba loi ban ghi DNS ph bin l Host (A) ,Aliad(CNAME) Host (A): l bn ghi gm domain v a ch IP tng ng .V d evn.vn

192.168.1.1 Alias (CNAME): l bn ghi b danh,cho php nhiu domain cng nh x n mt

a ch IP,v d evn.vn evn.vn 10.0.0.1

Nu bn mun to cc record khc.Nhp chut phi vo zone v chn Other NewRecords..



36/85


y ti s hng dn thao tc ba loi DNS record thng dng.Vo Start Administrative Tools DNS Nhp chut phi vo zone v chn New Host ( A or AAAA)G tn host vo mc Name ,g a ch IP vo mc IP address. Nu bn mun to ra mt bn ghi DNS phn gii ngc tng ng th nh du chnCreate associated pointer (PTR) record.Sau chn Add Host



37/85


Xut hin thng bo thnh cng

Chn OK.Bng New Host tip tc xut hin,chn Done kt thc to bn ghi. to mt bn ghi Alias,nhp chut phi vo zone v chn New Alias (CNAME).Tng t nh trn,in cc thng tin vo.Ti mc Fully qualified domain name (FQDN) for target host .Nu bn khng nh ,chnBrowse tm tn my cn tht.



38/85


Sau khi in thng tin y .Chn OK hon tt.



39/85


Lu .V tn server,tn my client hay DNS Server ca cc bi lab l khngging nhau.V vy cc bn nn ch .Mc ch thay i tn lin tc cc bn c thhiu v nm bt nhanh hn.

VII. Dch v Hyper-V1. Gii thiu

Hyper-V trc y cn c gi l Windows Server Virtualization l cng ngh o haserver ca Microsoft, Hyper-V l mt trong nhng thnh phn quan trng ca WindowServer 2008. Hyper-V ch chy trn nn Windows 64 bit v CPU 64 bit c h tr cngngh o haHyper-V l mt gii php tt cho vic hp nht cc Server vt l hin khng s dng h phn cng c trang b bng cch trin khai thm cc Server o trn nn Server thcho php 1 Server m nhn cc cng vic ca nhiu Server nhm gim thiu chi ptrang b thm Server mi v cc chi ph duy tr hot ng ca Server nh in, khngian t Server v chi ph bo tr bo dng..., Hyper-V h tr cc Server o chy cc Hiu Hnh Windows 2000 Server, Windows Server 2003 32 bit v 64 bit, WindowsServer 2008 32 bit v 64 bit, ngoi ra Hyper-V cn h tr Vista, XP v c Linux.

2. Ci t Hyper-Vlu trc khi ci t bn cn kim tra trong BIOS Setup Enable chc nngVirtualization (tham kho ti liu hng dn i km Mainboard)

- M Server Manager -- Roles -- Add Role

- Chn Hyper-V Next



40/85


- Next

- Chn Card mng dng cho my oNext

- Nhn nt Install tin hnh ci t

- Qu trnh ci t hon tt, h thng yu cu Restart myClose

- Nhn Yes Restart my

3. Khai bo my tnh mi trong Hyper-V



41/85


- M Hyper-V - nh du check mc chn I have read and agreed th EULA, NhnAccept chp nhn cc thng tin bn quyn

- Click phi Microsoft Hyper-V Server -- Connect to Server

- Chn Local Computer -- OK

- Click phi ln tn Server -- New - Virtual Machine

- Next



42/85


- t tn cho my o, bn c th ch nh th mc lu my o bng cch nh du Storthe virtual machine in a different location, y ti chp nhn gi tr mc nh

- Qui nh dung lng RAM dnh cho my o (Tnh bng n v MB)

- Chn nhn hiu Card mng dng cho my o

- Qui nh cc thng tin v tn File, v tr lu v dung lng cng o

- Nhn Finish hon tt



43/85


- Click phi vo tn my o to, nhn Start bt my o

- Do cha ci t h iu hnh nn bn gp bo li khng th khi ng, ta bt u qutrnh ci t H iu hnh cho my o. Bn a DVD Source Windows vo DVD, y ti dng Windows Vista

- Chn Media - DVD Drive - Capture I: ( y I: l a DVD)

- Chn Action - Reset reset my o

- Bt u qu trnh ci t VistaTi y bn c th thao tc vi my o v hon tt vic ci t H iu hnh



44/85


CHNG 2. ACTIVE DIRECTORYI. M hnh WORKGROUP M hnh Domain

Active DirectoryActive Directory Domain Services (ADDS) l mt dch v trn Windows Server 2008,sdng thng tin lu tr trong Active Directory qun l cc i tngusers,group,computer.Cc i tng ny c t chc theo mt cu trc phn cp.Gmc cc kiu :

Active Directory forest ( forest l i tng c to ra t mt nhm gm 2 haynhiu domain tree c quan h tin cy vi nhau trust relationship)

Cc domain tree trong forest Cc Organization Unit (OU) trong mi Domain



45/85


Nhng im mi ca Active Directory Domain Services ca Windows Server 2008 : Auditing: lu tr cc s kin lin quan n nhng i tng trong Active

Directory.T c th bit c i tng thay i nhng g.V gi tr hin tav gi tr trc khi thay i cng c h thng ghi nhn li.

Password Policiesc th c cu hnh cho nhng i tng ring bit trong mtdomain.V th bn s khng phi s dng chung mt chnh sch mt khu cho tc cc ngi dng trong cng mt domain

Read-Only Domain Controllerl mt Domain Controller vi c s d liuActive Directory dng read-only.Dch v ny gip bn tm bo mt c ivi nhng ni m bo mt cha c m bo cao ,chng hn nh cc vn phng .Read-Only Domain Controller khng cho php cc domain controller cp thp hn thc hin nhng thay i ln Active Directory

Restartable AD DS: c im ny gip bn khi ng li AD DS trong khi vngi nguyn trng thi hot ng ca Domain Controller,gip bn hon thnh

nhng thao tc offline mt cch nhanh chng Active Directory Certificate Services (AD CS)l mt dch v c dng sinh ra v qun l cc certificate trn nhng h thng s dng cng ngh publickey .Bn c th s dng ADCS to ra cc my ch chng thc CA( Certification Authorities) .Cc CA c tc dng nhn yu cu v chng thc,sau x l v gi cc chng thc v li cho i tng gi yu cu.

Active Directory Federation Services (AD FS)l mt dch v cung cp c chng nhp - single sign-on(SSO) ,cho php bn ng nhp ch mt ln nhng cth dng nhiu ng dng Web c quan h vi nhau

Active Directory Rights Management Services (ADRMS)l dch v c dng

kt hp vi cc ng dng h tr AD RMS (AD RMS enableapplication),nhm bo v d liu quan trng ( bo co ti chnh,thng tin khchhng,n hng,s sch k khai k ton .v..v.) trc nhng i tng ngi dng



46/85


khng c php (unauthorized users).Vi AD RMS,bn c th xc nhnhng ai c th thc hin cc thao tc nh xem,chnh sa,in n.trn d liu camnh

Active Directory Lightweght Directory Services (AD LDS) l mt dch v thmc LDAP (Lightweght Directory Access Protocol) trn Windows Server 2008.AD LDS cung cp mt c ch nhm h tr cc ng dng directory-enabled s dng th mc lu tr d liu) .Dch v ny c chc nng tng t nh ADDS,nhng khng i hi phi trin khai cc domain hoc Domain Controller

(Mt ng dng directory enabled l ng dng khng dng c s d liu,file hoc cccu trc lu tr khc,m thay vo l th mc lu tr d liu ca mnh.Cc ng dng dng ny c th l h thng qun l quan h khch hng,h thng qun l nhnlc.)

II. Ci t Active Directory1. Chun b trc khi ci t .1. Thit lp a ch IP cho card mng ca server hoc bn c th thit lp a ch IP

ca cc DNS Server trong h thng.Nu server ny l Domain Controller v DNSServer u tin,qu trnh ci t AD DS s bao gm c vic ci t DNS Server

2. Nu mun b sung server ny vo mt forest tn ti trn Windows Server 2000,Windows Server 2003 bn phi cp nht thng tin v forest bng lnhadprep /forestprep

3. Nu mun b sung server ny vo mt domain tn ti trn Windows Server 2000,Windows Server 2003 ,bn phi cp nhp thng tin v domain v group policy bng lnhadprep /domainprep /gpprep

4. Nu mun ci t mt Read-Only Domain Controller,bn phi chun b forest bng lnhadprep /rodcprep5. Xy dng cc DNS Server trong h thng mng nu c,trong qu trnh ci t AD

DS s c ci t DNS Server

b. Ci t Domain Controller (DC)Cng nh Windows Server 2003,th Windows Server 2008 trc khi nng cp ln DC phi cu hnhPreferred DNSv IP Loopback l 127.0.0.1 hoc v IP 10.0.0.1



47/85


Windows Server 2003, ci t thm cc dch v nh DHCP,DNS voAdd/Remove Windows Components. Windows Server 2008 c thay th bngcng c qun trServer Managervi cc Roles v Features.V mc nh WindowsServer 2008 cha ci t cc dch v nn bn phi ci t dch v AD DS trc khi lnDomain Controller.VoServer Manager Add Roles.Chn dch v Active Directory Domain Services



48/85


ChnNext.Ti bng Active Directory Domain Services gii thiu cho bn v dch vny v mt s lu khi ci t trong phnThings to Note



49/85


ChnNext tip tc.Ti bng Confirm Installation Selections s yu cu bn xc nhnln cui trc khi ci t.ChnInstall



50/85


i cho n khi hon tt qu trnh ci t dch v Active Directory Domain Services



51/85


ChnClose hon ttVoRun g dcpromov chnOK

i trong vi giy h thng kim tra ci t dch v AD DS cha.Ti bng Welcome to the Active Directory Domain Services Installation Wizard chnNext



52/85


Ti bng Operating System Compability s cho bn bit v tnh tng thch caWindows Server 2008.

ChnNext tip tc



53/85


Ti bng Choose a Deployment Configuration chnCreate a new domain in anew forest to mt domain mi trn mt forest mi

ChnNext tip tc.Ti bng Name the Forest Root Domain.Ti FQDN of theforest root domaing tn domain vo.Sau chnNextv ch vi giy h thngkim tra tn domain s dng cha .



54/85


Ti bng Set Forest Functional Level,chn phin bn Windows Server 2008 tn dnght tnh nng .Sau chnNext



55/85


Ti bng Additional Domain Controller Options,h thng kim tra xem thdch v DNS Server c cha,v t ng nh du ci t DNS Server.Lu l bnkhng th ci t Read-only domain controller trn DC u tin ny

ChnNext.Ti bng Location for Database,Log File,and SYSVOL cho php bn thitlp ng dn ca database,log file v sysvol.Hy mc nh trongC:\Windows



56/85


ChnNext tip tc.Ti bng Directory Services Restore Mode Administrator Password,thit lp password.Lu ,password ny khng phi l password ca ti khonAdministrator trong domain v password phi theo kiu complexity (gm cc k ta,A,@,1.) y ti s g password lpass@word1



57/85


ChnNext.Ti bng Summary cho bn bit thng tin m bn thit lp trn.Nu ng v y ,chnNext thc hin vic ci t

H thng ang tin hnh ci t



58/85


Sau khi ci t hon tt ,chnFinish kt thc

Khi ng li thay i c hiu lcKim tra h thng.



59/85


III. Qun l User1. To mi ti khon ngi dng.

Sau khi to mt Domain Controller.Tip theo l to user trn domain.M Server Manager.Click RolesActive Directory Domain ServicesActiveDirectory Users and Computers.Sau click vo domain. Nhp chut phi vo User v chn NewUser



60/85


Ti bng New Object User bn in y cc thng tin vo mc First name,Lastname,Full name.Lu : ti mc User logon name.y chnh l tn ti khon ca bn dng ng nhpvo h domain.V th phi nh chnh xc,v phi m bo tnh duy nht.

Chn Next tip tc.Xut hin bng thit lp password.y l mt khu ca bn nvi tn ti khon to trn,dng ng nhp vo domain.Lu l password phi tha mn cc chnh sch mc nh ca Windows Server 2008.Password t nht l 7 k t v phi c cc thnh phn sau :

1. Cc k t thng : a,b,c,d,e..2. Cc k t in hoa : A,B,C,D,E.3. Cc ch s : 1,2,3,4,5.4. Cc k t c bit : @,!,$,&,#....

y ti s thit lp password l pass@word1Lu 4 dng di :

User must change password at next logon : bt buc user phi thay i password ln ng nhp k tip

User cannot change password : user khng c quyn thay i password Password never expires : password khng c thi hn qui nh Account is disabled : v hiu ha ti khon.

y ti s chn User must change password at next logon m bo tnh ring t chuser.



61/85


Chn Next tip tc. bng tip theo l thng tin v user chun b c to.

Chn Finish kt thc.Tip theo,kim tra th user c to .Click p vo User v kim tra



62/85


2. Thit lp thi gian user c php ng nhp vo domain. Nhp chut phi vo user va to v chn Properties



63/85


Theo mc nh,user c php ng nhp 24/24. thit lp li,chuyn qua tabAccount v chn Logon Hours..Ti y bn c th thit lp thi gian ng nhp cho useChn khong thi gian v click vo Logon Denied chn thi gian truy cp ca user

Hnh trn,ti thit lp user ny ch truy cp c vo 8h sng n 19h vo cc ngth 2 cho n th 7.Sau chn OK hon tt.

c. Thit lp user ng nhp s dng my tnhV l do bo mt,khng phi user no cng c ng nhp vo cc my tnh mt cchty . thit lp tnh ring t v ch nh my tnh no user c php s dng.Vo tabAccount.Chn Log On To.Chn The following computers ,sau g tn my tnh muser c php ng nhp.Sau chn Add.Nu bn mun b th click vo tn my tnhv chn Remove.Hoc mun sa tn th click vo tn my tnh v chn Edit.



64/85


Chn OK xc nhn.Ti tab Account cn c cc mc :Unlock Account : khi bn mun m kha ti khon th chn nyAccount Options : thit lp cc chnh sch v ti khon.Account Expire : thi gian mt account tn ti.Nu bn chn End of v chn thi gia bn cnh th n thi gian account s ht hn v s mt.

Ti tab General cho php bn in y v chi tit v thng tin ca user .



65/85


Ti tab Address cho php bn in thng tin v a ch ca user



66/85


cc tab cn li ti s trnh by mt bi khc.Sau khi thit lp thng tin v user .Ti bng Properties .Chn OK xc nhn thayi . xa user ,nhp chut phi vo user v chn Delete.

d. To Group v a user vo Group to mt group mi.Nhp chut phi vo User v chn NewGroup.



67/85


Ti Group name g tn group.Sau chn OK

Kim tra li group c to bng cch click vo User



68/85


a user vo group ICT24H ,nhp chut phi vo group v chn Properties.Ti tabMember.Chn Add..Ti Enter the object name to select bn g tn user mun a vo group.Lu tn user phi l tn bn in ti mc User logon name phn to user.Sau khi g tn user bn chn Check Names kim tra.

V kt qu l tn ti user ny trn domain



69/85


Ti s th g tn mt user khc.Chng hn Nguyen Van A sau chn Check Names kim tra.H thng s thng bo An object name Nguyen Van A cannnot be foundTn Nguyen Van A khng tn ti trn domain

Hoc bn cng c th tm kim nng cao bng cch chn Advance..Sau khi thm user vo group.Chn OK xc nhn



70/85


tab Managed By ,bn c th in tn user qun l group bng cch chn Change v gtn vo Name .

Chn OK xc nhn.



71/85


e. To Organization Unit (OU) to mt OU trn domain ,nhp chut phi vo domain,chn NewOrganizationalUnit

G tn OU vo Name .Nu bn mun cho php thao tc xa c thc hin trn OUny th b chn vo mc Protect container from accidental deletion

Chn OK hon tt.



72/85


By gi ti s a group ICT24H vo OU Network. Nhp chut phi vo group ICT24H v chn Move

Sau chn OU Network v chn OK.

Kim tra OU Network thy group ICT24H .



73/85


Nu bn mun xa user,group hay OU th nhp chut phi ln i tng v chn Deletev chn Yes



74/85


CHNG 3. TO V QUN L TH MC DNG CHUNGI. Chia s d liu

Chn th mc cn chia s, trong v d l th mccommontrn a D:\.Click phi vo th mc, chn Propertieschn Tab Sharing bm vo Advanced

Sharing

Trong ca s Advanced Sharing, chn Permissions



75/85


Chn Full Control cho user EveryoneOK OK OK

II. Phn quyn UserChn th mc cn phn quyn, v d th mc Common.Click phi vo th mc, chn Propertieschn Tab Security chn Advanced.Trong ca s Advanced s lit k ton b permissions ca th mc ny i vi tn

user.



76/85


thay i, thm, sa, xa quyn ca ngi dng trn th mc, chn ChangPermissions



77/85


sa quyn ca ngi dng/nhm ngi dng, chn vo ngi dng/nhmngi dng , sau chn Edit.

Chn nhng quyn p dng vi ngi dng/nhm ngi dng ny. Sau OK OK OK.



78/85


Tng t vi thm quyn v ngi dng/nhm ngi dng, chn Addin votn ngi dng/nhm ngi dngOK.

Gn cc quyn ca ngi dng/nhm ngi dng



79/85


CHNG 4. DCH V PROXY (ISA SERVER)I. Cu hnh ngi dng c quyn VPN

Start Administrative Tools Active Directory Users and ComputersChn user hay group cho php VPN, click phi chn PropertiesTab Dial inTrong phn Network Access Permission, chn Allow AccessOK OK.



80/85


II. Cu hnh VPN trn my ClientChn Control Panel Network Connections. Trong ca s mi m, chn Create

New Connection.



81/85




82/85


Chn Connect to the netwok at my workplace

Chn Virtual Private Network connection

Trong khung Company Name, chn tn i din cho kt ni VPN



83/85


Chn Do not dial the initial connection (nu c)

in vo a ch IP ca trng l:118.69.76.199



84/85


Next Next Finish thit lp kt ni t Internet vo trng, thc hin cc bc nh sau:Vo Control Panel chn Network ConnectionTrong ca s Network Connection, chn kt ni HEPC



85/85


Trong ca s kt ni, in username, passwordchn Connect kt nithnh cng.

Lu : nu h thng hi Domain th in vo tn domain l:HEPC

Documents

Dao Tao Admin - CDDL 2109