BO CO THC TP CNG NHN

Chuyn qun tr mng Windows Server 2003

SV thc hin :Trn Hong Trung TnLp :06T3 GV hng dn : Nguyn Vn Nguyn

GROUP POLICY OBJECT -DEPLOY SOFTWARE

Chun b:

Khi ng Windows Server 2003 Domain Controller.To OU tn: ITTITrong OU ITTI,to 2 OU:Nhansu v Ketoan.Trong OU Ketoan to 2 Users:KT1 v KT2.Trong OU Nhansu to 2 Users:NS1 v NS2.Cho Group Users quyn Allow Logon Locally Cp nht Policy mi :Gpupdate /force.

I.To Group Policy1.Lm mt Control Panel i vi cc User nm trong OU k ton. B1:Logon Administrator ->vo Active Directory Users and Computer ->click chut phi trn OU Ketoan->Properties->chn tab Group Policy->New->i tn New Group Policy Objects thnh Mat Control Panel->Edit

B2:chn Users Configuration->Administrative Templates ->Control Panel->click chut phi trn Prohibit access to the Control Panel ->Properties->Enable->Apply->OK->ng ca s Group Policy->OK.

2.Lm mt biu tng Recycle Bin trn Desktop i vi cc Users nm trong OU Nhansu.B1: Logoff KT1->Logon Administrator->vo Active Directory Users and Computer->click chut phi trn OU Nhansu->Properties->chn tab Group Policy->New->i tn New Group Policy Objects thnh Mat Recycle Bin->Edit

B2:chn Users Configuration->Administrative Templates->Desktop->click chut phi trn Remove Recycle Bin Icon from Desktop ( ca s bn phi) ->Properties->Enable->Apply->OK->ng ca s Group Policy->OK.

B3: ng tt c cc ca s-> Cp nht Policy (gpupdate /force)B4: Logoff Administrator->Logon NS1 (Biu tng Recycle Bin trn desktop mt).

3.Lm mt biu tng My Netwwork Place cho cc users nm trong OU ITTI B1: Logon Administrator->vo Active Directory Users and Computer->click chut phi trn OU ITTI-> Properties->chn tab Group Policy->New->i tn New Group Policy Objects thnh Mat My Netwwork Place trn Desktop ->Edit

B2: chn Users Configuration->Administrative Templates->Desktop->click chut phi trn Hide My Network Place icon on desktop ( ca s bn phi) ->Properties->Enable->Apply->OK->ng ca s Group Policy->OK.

B3: ng tt c cc ca s-> Cp nht Policy (gpupdate /force)B4: Logoff Administrator->Logon KT1 (Biu tng My Network Place trn desktop mt v ng thi Control Panel ca KT1 cng mt lun).B5: Logoff KT1->Logon NS1 (Biu tng My Network Place v Recycle trn desktop ca NS1 mt ).

4. B chc nng k tha cho OU Ketoan (Block Policy Inheritance)B1: Logon Administrator->vo Active Directory Users and Computer->click chut phi trn OU Ketoan-> Properties->chn tab Group Policy->nh du chn vo Block Policy Inheritance->Apply->OKB2: Logoff Administrator->Logon KT1 (Biu tng My Network Place c trn desktop,nhng Control Panel th khng)B3:Logoff KT1->Logon NS1(Biu tng My Network Place v Recycle Bin b mt trn Desktop )

5.Override Block Inheritance (bt buc cc OU con phi tha hng Policy t OU cha)B1: Logon Administrator->vo Active Directory Users and Computer->click chut phi trn OU ITTI-> Properties->chn tab Group Policy->Option ->nh du chn No Override: prevents other Group Policy Objects from overriding policy set in this one ->OK->OK.

B2: ng tt c cc ca s-> Cp nht Policy (gpupdate /force)B3: Logoff Administrator->Logon KT1 (Biu tng My Network Place trn desktop mt).

II.Folder Redirection

B1: My Domain Controller logon Administrator-> Vo C:\ to folder tn My Docs share cho group Everyone quyn Full Control

B2: Vo Active Directory Users and Computer->click chut phi trn OU Nhansu-> Properties->chn tab Group Policy->New->t tn Policy l Folder Redirect->Edit

B3: Vo User Configuration->Windows Setting->Folder Redirection->Click chut phi trn My Documents-> Properties

B4: Trong tab Target phn Settings chn Basic: redirect everyone->trong hp thoi Root Path g \\pcxx\MyDocs ->Apply->OK-ng cc ca s ang c-> cp nht Policy(gpupdate /force)Lu : pcxx :tn my Domain Controller,My Docs :tn th muc share

B5: Logoff Administrator->Logon NS1->click chut phi My Documents->Properties->Trong target thy : \\pcxx\My Docs\NS1\My Documents

B6: Logoff NS1->Logon Administrator->Vo C:\My Docs (thy trong My Docs h thng t to ra th mc ns1 ch My Documents ca Users NS1)

III.Logon/Logoff Scripts

B1: Logon Administrator->Active Directory Users and Computers->click chut ln OU ITTI->Properties->Group Policy->New t tn Policy l: Logon/Logoff->Edit

->Vo User Configuration-> Windows Setting-> Scripts(Logon/Logoff)->click chut phi trn Logon-> Properties->Show Files

->Click chut phi trn ca s ang c->New-> Text Document->t tn file l:Logon.vbs-> click chut phi Logon.vbs->Edit->g ni dung sau: MsgboxHello->Save li

->ng ca s cha file Logon.vbs->trong hp thoi Logon Properties->chn Add->trong hp thoi Add a Script->chn Browse->chn file Logon.vbs->Open->OK->Apply->OK->ng cc ca s li->cp nht Policy(gpupdate /force).

B2: Log off Administrator->Logon KT1 (khi logon vo thy xut hin hp thoi c ni dung l Hello)

B3: Logon Administrator->Active Directory Users and Computers->click chut ln OU ITTI->Properties->Group Policy->chn Logon/Logoff->Edit->vo User Configuration-> Windows Setting-> Scripts(Logon/Logoff)->click chut phi trn Logoff-> Properties->Show Files

->Click chut phi trn ca s ang c->New-> Text Document->t tn file l:Logoff.vbs-> click chut phi Logoff.vbs->Edit->g ni dung sau: MsgboxGoodbye->Save li

->ng ca s cha file Logoff.vbs->trong hp thoi Logoff Properties->chn Add->trong hp thoi Add a Script->chn Browse->chn file Logoff.vbs->Open->OK->Apply->OK->ng cc ca s li->cp nht Policy(gpupdate /force).

Log off Administrator->Logon KT1-> thy hp thoi Hello->Logoff KT1 ->thy hp thoi Goodbye.

IV.Deploy software

Mc ch:Dng Group policy ci phn mm cho cc my client dng file .MSI hay file .ZAPNhng a s cc phn mm khng phi file .MSI hay .ZAP. y ta s dng cch ng gi mt third party software thnh file . MSI v trin khai ci cho user.

B1:Ci Tool SWIADMLE.MSI

B2:Sau khi ci xong vo menu start program Veritas software Veritas discover s xut hin mn hnh sau ->next

B3:Nhp vo tn chng trnh cn to file MSI (v d l FirefoxSetup )v ng dn lu file MSI sau khi to xong (v d l C:\WinRar\Firefox Setup.Msi) ->next

B4:Chn a chng trnh lu file tm sau khi lm vic xong s t xo i (chn C: ) ->next

B5:Add chn a C: (a h iu hnh) chng trnh scan registry hin ti ca my ->next

B6:Tip tc n next.

B7: Chng trnh tin hnh scan file v registry ca h thng hin ti, qu trnh ny kh lu khong vi pht.

B8:Click Ok tin hnh ci Firefox (hay ci chng trnh no m mnh cn to file MSI)

B9: Chn file FirefoxSetup.exe ci

B10: Sau tin hnh ci t.B11:Sau khi ci xong vo menu start program Veritas software Veritas discover lc ny s xut hin mn hnh sau: chn option perform the After Snapshot now ->next

B12: Chng trnh s scan li file v Registry so sch vi file v registry trc khi ci winrar bc 9 B13: Sau khi scan xong n Ok to file FirefoxSetup.Msi B14. File FirefoxSetup.msi c to

B15: Sau share folder C:\Firefox B16: Dng Group Policy deploy FirefoxSetup.Msi cho cc my Client, vo start run g DSA.MSC B17: Click phi vo Ou Nhansu chn Properties-> tab Group policy->New->t tn Deploy Software->Edit

B18:Chn User Configuration\Software setting, click phi vo Software installation chn Properties

B19: G ng dn mng n foldel cha WinRar, chn Option Assign ->OK

B20:Click phi vo Software installation new Package B21: Chn file FirefoxSetup.msi ->Open

B22: S c kt qu sau. Vo start run g Gpupdate /force. Deploy software thnh cng.

B23: Ti my con logon vo NS1 ch 1 cht ta s thy phn mm c install . Sau trn my client c phn mm Firefox c ci t nh Deploy Software.

SECURITY TEMPLATE-AUDITI.Security Template

Mc ch: s dng cc khun mu chnh sch c sn v bo mtChun b:Khi ng my chn Windows Server cha nng Domain Controller.B1: Start->Run->g MMC vo hp Open->OKB2:Trong ca s Console1 ->chn menu File->chn Add/Remove Snap in->Add

->Trong mn hnh Add Stand-alone Snap in chn Security Tempaltes->Add->v chn Security Configuration and Analysis->Add ->Close->OK

->Trong mn hnh Console1,xut hin 2 templates->Click du + compatws (trong Security Template C:\WINDOWS\security\tempaltes)->Click chut phi trn compatws->chn Save As

->Trong ca s Save As,g SecurityTempaltes vo mc File name-Save

->click du + trn SecurityTemplates(mi to)->Account Policy\Password Policy->click chut phi trn Minimum Passwork Length->Properties->nh du chn vo Define this Policy ->OK->Click chut phi trn Security Tempaltes->Save

B3: Click chut phi trn Security Configuration and Analysis->Open database

->trong hp thoi File name,g My Templates->Open

->Trong mn hnh Import Template->chn Security Templates (Template va thit lp) ->Open

B4:Click chut phi trn Security Configuration and Analysis->Chn Analyze Computer now..

->Trong mn hnh Perform Analysis->OK

->H thng s phn tch s khc bit gia Security Policy ca h thng v Security Templates va thit lp.

->click du + trong Security Configuration and Analysis-> Account Policy-> Password Policy->Minimun Password length sa li thnh 8 v h thng pht hin s khc bit v hin du bo

B5:Click chut phi trn Security Configuration and Analysis->chn Configure Computer Now->OK->h thng s p t Template va thit lp.

B6:ng tt c cc ca s->h thng hi bn c Save Console1 khng->chn No->to 1 user u1 vi pass 123->h thng s thng bo li yu cu nhp li pass->OK

->nhp li pass cho u1 vi chiu di t nht l 8 k t.

II.Audit Policy(gim st h thng)1.Ghi nhn qu trnh Logon trn my LocalB1:Start->Programs->Administrative Tools->Domain Security Policy->Local Policy->Audit Policy

->click chut phi trn Audit Account Logon Events->Properties->chn du check Failure ->Apply->OK->ng ht cc ca s mn hnh li ->cp nht Policy(gpupdate /force)

B2: Start->Programs->Events Viewer->click chut phi trn Security->Clear All Events->thng bo xut hin yu cu c lu li nhng Security Audit khng,chn No->ng cc ca s li.

B3: Logoff Admin->Logon user u1 v c tnh nh sai pass vi ln.B4:Logon Admin->Start-> Programs->Events Viewer->chn Security->xut hin mt s ghi nhn qu trnh logon sai

2.Ghi nhn qu trnh truy cp mt Folder

Chun b: Khi ng my Windows Server 2003 nng cp ln Domain ControllerTo OU Nhansu, trong c user NS1Cho group Users quyn Allow Logon LocallyVo C:\to th mc Tailieuketoan

Mc ch: Ghi nhn hnh ng truy cp tht bi vo Folder Tailieuketoan

B1:Click chut phi trn th mc Tailieuketoan->Properties->chn tab Security ->Advanced->b du check Allow inheritable.. ->Apply->OK->chn group Users->Remove

Chn Advanced->chn tab Audting->Add->chn Group Authenticated Users->trong hp thoi Audting->nh du chn Failed vo List Folder/Read Data ->OK->Apply ->OK->OK

B2:Start->Programs->Domain Controller Security Policy->Audit Policy

->click chut phi trn Audit Object Access->chn Failure->Apply ->OK->ng tt c cc ca s li->cp nht Policy (gpupdate /force)

B3: Start->Programs->Events Viewer->click chut phi trn Security ->Clear All Events->thng bo xut hin yu cu c lu li nhng Security Audit khng,chn No.

B4:Logoff Admin->Logon NS1->vo th mc Tailieuketoan->h thng s thng bo li.

B5: Logoff NS1->Logon Admin-> Start->Programs->Events Viewer-> chn Security

->click chut phi trn 1 Failure Audit ca user NS1->xut hin bn chi tit ngy gi user NS1 truy cp vo th mc

BACK UP SHADOW COPYI.Back up1.Backup d liu(sao lu d liu)B1:Khi ng my Windows Server 2003->logon Admin->vo C:to th mc Dulieu->trong th mc to cc file t1.txt,t2.txt,t3.txt->nhp ni dung ty cho c 3 file.B2:vo E:\to th mc Backup.

B3:Start->Programs->Accessories->System Tool->Backup

Trong ca s Wellcome->b trng du chn Always Start in wizard mode->click chn Advanced Mode

Ti ca s Backup Utility->chn tab Backup->click vo du+ ti C: ->nh du chn vo Dulieu->ti Backup media or file name->chn Browse->ch ng dn n E:\Backup->lu file Backup vi tn bk1.bkf->chn Start Backup

->Trong hp thoi Backup Job Information ->chn Start Backup

->h thng bt u qu trnh backup d liu sau khi hon tt ti hp thoi Backup Progress chn Close->ng ht ca s vo E:\Backup\bk1.bkf->chn Start Backup dn E:\Backup\dif.bkf

B4:vo C:\Dulieu->click chut phi trn t1.txt ->Properties->tab General->AdvancedLu :trong Advanced Attributes khng c du chn ti mc File is ready for archiving->cancel

B5:Trong C:\Dulieu->m file t1.txt nhp thm ni dung v lu li ->click chut phi trn t1.txt->Properties->tab General ->Advanced.Lu :trong Advanced Attributes c du chn ti mc File is ready for archiving->cancel

B6:m chng trnh Backup->chn tab Backup->click du+ti C:->nh du chn Dulieu->ti mc Backup media or file name->g ng dn E:\Backup\dif.bkf->Start Backup

->trong ca s Backup Job Information->chn Advanced

->Trong ca s Advanced Backup Opyions->click du mi tn ti mc Backup Type->chn Differential->OK->Start Backup-> Sau khi hon tt ->Trong ca s Backup Progress->Close

B7:Trong ca s Backup Utility->chn tab Restore and manage Media->click du+ti mc dif.bkf->Click du+ ti C:->chn DulieuLu :ch file t1.txt c BackupB8:ng ht ca s vo C:\Dulieu,click chut phi trn t1.txt->Properties->tab General ->Advanced.Lu : c du chn ti mc File is ready for archiving->cancelB9:m file t2.txt ->nhp thm ni dung v lu li-> click chut phi trn t1.txt->Properties->tab General ->Advanced. Lu : c du chn ti mc File is ready for archiving->cancel

B10: m chng trnh Backup->chn tab Backup->click vo du+ ti C:->nh du chn vo Dulieu->ti Backup media or file name->g ng dn n E:\Backup\inc.bkf->chn Start Backup->trong ca s Backup Job Information->chn Advanced->->Trong ca s Advanced Backup Opyions->click du mi tn ti mc Backup Type->chn Incemetal->OK->Start Backup->Sau khi hon tt->Trong ca s Backup Progress->Close

B11: Trong ca s Backup Utility->chn tab Restore and manage Media->click du+ti mc dif.bkf->Click du+ ti C:->chn DulieuLu :c 2 file t1.txt v t2.txt c BackupB12:ng ht ca s vo C:\Dulieu,click chut phi trn t1.txt->Properties->tab General ->Advanced.Lu : khng c du chn ti mc File is ready for archiving->cancelClick chut phi trn t2.txt->Properties->tab General ->Advanced.Lu : khng c du chn ti mc File is ready for archiving->cancel

2.Restore d liu(Phc hi d liu)

Chun b:B1:vo C xa th mc DulieuB2:m chng trnh Backup->chn Menu Tools->Options->tab Restore->nh u chn vo mc Replace the file on disk only if the file is older->OKB3:trong ca s Backup Utility->vo tab Restore and Manager Media->click du+ ti mc file->bk1.bkf->click du + ti C:->nh du Dulieu->chn Start Restore->ti ca s Restore Progress chn Close->Vo C:-> c th mc Dulieu->trong c t1.txt,t2.txt,t3.txt Lu :ni dung t1.txt v t2.txt cha y .

B4: m chng trnh Backup-> vo tab Restore and Manager Media->click du+ ti mc file->dif.bkf->click du + ti C:->nh du Dulieu->chn Start Restore->ti ca s Restore Progress sau khi xong chn Close->Vo C:\ Dulieu->xong m t1.txt c ni dung y -> m t2.txt ni dung cha y .B5: m chng trnh Backup-> vo tab Restore and Manager Media->click du+ ti mc file->inc.bkf->click du + ti C:->nh du Dulieu->chn Start Restore->ti ca s Restore Progress sau khi xong chn Close->Vo C:\ Dulieu->xong m t2.txt c ni dung y .

3.Backup-Restore system State Data(Sao lu v phc hi h thng)B1:to 2 user u1 v u2B2: m chng trnh Backup-> tab Backup media or file name->g ng dn n E:\Backup\ssd.bkf->chn Start Backup-> ti ca s Backup Job Information-> Start Backup->sau khi xong bm Close

B3:Xa u1 v u2B4: m chng trnh Backup-> vo tab Restore and Manager Media->click du+ ti mc file->ssd.bkf->nh du chn ti System State -> Start Restore->ti ca s warning chn Ok->C s Confirm chn OK->sau khi hon thanh chn Close->h thng yu cu restart my YesB5: Sau khi restart->logon Admin->kim tra c user u1 v u2.

II.Shadow Copy

Chun b: Bi lab yu cu s dng 2 my:

My 1 s dng Windows Server 2003,t password cho Admin:P@sswordMy 2 s dng Windows XP

B1:My 1 to th mc E:\Data->share Data cho Group Everyone v Security Permission cho Users la Modify ->vo Data to file t1.txt->g ni dung v lu liB2:My 1 click chut phi ln E:->Properties->tab Shadow Copies->trong Shadow Copies,chn:\ ->Enable->Create Now->OK->OK

B3: My 1 vo C:\Windows \System32\clients->share th mc twclient B4: My 2 vo Start->Run->g\\a ch my 1(\\192.168.1.1) truy cp vo my 1 bng Username: administratorPassword:P@ssword->vo th mc twclient\x86->chy file twcli32 ci Previous Versions Client->sau khi ci xong chng trnh Previous Versions Client->Finish->ng cc ca s ang c. B5:My 2 truy cp vo my 1->vo th mc Data->m t1.txt->g thm ni dung v lu li->ng ca s t1->click chut phi trn t1.txt->Properties->tab Previous Versions->chn t1->Restore->Yes->OK->OK->M file t1.txtLu : Ni dung t1.txt tr li nh ban u