You are on page 1of 100

QUN TR MNG II

QTM-II

CAO NG NGH CNC NG AN


January 21, 2012
Authored by: Mr-Ba Duy

QUN TR MNG II
QTM-II

MC LC

QUN TR MNG II | 1/21/2012

CHNG I: ROUTING ....................................................................................................................................2


CHNG II: VIRTUAL PRIVATE NETWORK (VPN) .................................................................................. 10
PHN 1: VPN CLIENT TO GATEWAY ..................................................................................................... 10
PHN 2: VPN GATEWAY TO GATEWAY................................................................................................ 18
CHNG III: NETWORK ADDRESS TRANSLATION (NAT) ..................................................................... 29
CHNG IV: STAND-ALONE CA................................................................................................................ 35
CHNG V: ENTERPRISE-CA..................................................................................................................... 49
CHNG VI: NNG CP WINDOWS SERVER 2003 LN WINDOWS SERVER 2008 .............................. 59
CHNG VII: S DNG CNG SERVERMANAGER TRN WINDOWS SERVER 2008 .......................... 63
CHNG VIII: WINDOWS SERVER CORE 2008 R2 ................................................................................... 67
CHUONG IX: TERMINAL SERVICES .......................................................................................................... 75
CHUONG X: INTERNET INFORMATION SERVICES ................................................................................. 82
CHNG XI: WINDOWS FIREWALL WITH ADVANCE ........................................................................... 87
SECURITY ON WINDOWS SERVER 2008 ................................................................................................... 87
CHNG XII: WINDOWS SERVER BACKUP FEATURE ........................................................................... 96

CHNG I: ROUTING
I.Gii thiu
Bi lab bao gm nhng ni dung chnh nh sau:
1. Static Route
2. RIP
3. Packet Filter
II. M hnh

III.Chun b
- Bi lab s dng 4 my Window Server 2003
- t IP cho cc my theo bng sau:
INTERFACE
PC01

PC02

PC03

PC04

IP

172.16.1.2

172.16.1.1

10.0.0.1

10.0.0.2

SM

255.255.255.0

DG

172.16.1.1

255.255.255.0

255.255.255.0

B TRNG

B TRNG

255.255.255.0

CROSS

INTERFACE

B TRNG
PC01

B TRNG

B TRNG

PC02

PC03

192.168.2.1

192.168.2.2

255.255.255.0

255.255.255.0

DG

B TRNG

B TRNG

DNS

B TRNG

B TRNG

IP
SM
LAN

DISABLE

B TRNG
PC04

DISABLE
QUN TR MNG II | 1/21/2012

DNS

10.0.0.1

- Tt firewall trn 4 my
- Pc01 ping pc02: ping OK
- Pc02 ping pc03: ping OK
- Pc03 ping pc04: ping OK
- Pc04 ci IIS, to mt trang web index.html vi ni dung ty
IV. Thc hin
1. Static
Thc hin trn PC02 v PC03
2

QUN TR MNG II | 1/21/2012

B1: M Routing And remote access trong


administrator tools -> click phi tn PC -> Chn
Configure and Enable Routing and remote access

B2: Mn hnh Welcome -> chn next

B3: Chn Custom Configuration -> Next

B4: Chn Lan Routing

B5: Finish

B6:Chn Start services -> Finish

Thc hin trn PC02


B1: M theo ng dn trong hnh -> chut phi ln
Static routes -> chn new static route

B2: in thng s IP nh trong hnh - > OK

Thc hin trn PC03


B2: in thng s IP nh trong hnh - > OK
QUN TR MNG II | 1/21/2012

B1: M theo ng dn trong hnh - > chut phi ln


static Routes

Kim tra:
- PC01 (172.16.1.2) ping PC04 (10.0.0.2): Ping OK
- PC04 (10.0.0.2) ping pc01 (172.16.1.2): Ping OK
Ti PC02 -> m command line -> nh lnh Route Printf -> Quan st thy cn ng 10.0.0.0 c hc.

QUN TR MNG II | 1/21/2012

M routing and remote access -> m static routes -> chn cc static routes to - > nhn phm
delete
M comand line - > nh lnh router printf -> quan st thy khng cn ng 10.0.0.0 na

2.Rip
Thc hin ln lt trn PC02 v PC03
B1: M theo ng dn trong hnh -> chut phi B2: Chn Rip version 2 for Internet Protocol -> OK
ln General -> chn New routing protocol...

B4: Chn LAN -> OK

B5: Chn OK

B6: Chut phi ln Rip - > new interface...

QUN TR MNG II | 1/21/2012

B3: Chut phi ln Rip -> chn new Interface

B7: Chn CROSS -> OK

Kim tra:
QUN TR MNG II | 1/21/2012

Pc01 ping pc04: ping OK

B8: OK

B9: Chut phi ln static router -> chn Show IP


routing Table

Quan st thy routing table

QUN TR MNG II | 1/21/2012

4.Packet Filter
B1: PC01 m IE truy cp http://10.0.0.2 -> truy cp thnh cng

B2: PC01 m command line -> nh lnh Netstat a -> Quan st thy PC01 ang to kt ni n PC04
bng port 80 (web/http)

QUN TR MNG II | 1/21/2012

B3: PC03 M routing and remote acccess -> General > Chut phi ln LAN -> chn Properties

B4: Trong tab general -> chn Inbound Filter ->


new

B5: Khai bo thng s nh trong hnh

B6: Chn Drop all packets except those that meet


criteria below -> OK -> ng cc ca s cn li

Kim tra:
-

PC01 m IE truy cp http://10.0.0.2 -> truy thnh cng


PC01 dng lnh ping th PC04 -> khng th ping c
CHNG II: VIRTUAL PRIVATE NETWORK (VPN)

PHN 1: VPN CLIENT TO GATEWAY


I.Gii thiu
Bi lab bao gm nhng ni dung chnh sau:
1. Cu hnh VPN Server bng giao thc PPTP
2. To user VPN client kt ni vo VPN Server
3. Cu hnh VPN Client
4. Cu hnh VPN Server bng giao thc L2TP

QUN TR MNG II | 1/21/2012

II.M hnh trin khai

III.Chun b
Bi lab s dng 3 my Window server 2003
t IP cho cc my theo bng sau:
INTERFACE

PC01

PC02

PC03

10

IP

172.16.1.2

172.16.1.1

SM

255.255.255.0

255.255.255.0

CROSS

DISABLE
DG

172.16.1.1

B TRNG

DNS

B TRNG

B TRNG

PC01

PC02

PC03

192.168.2.1

192.168.2.2

255.255.255.0

255.255.255.0

INTERFACE
IP
SM
LAN

DISABLE
DG

B TRNG

B TRNG

DNS

B TRNG

B TRNG

Tt firewall trn 3 my

QUN TR MNG II | 1/21/2012

III.Thc hin
1.Cu hnh VPN server bng giao thc PPTP
My PC02:
B1: Logon administrator. Vo start -> Programs ->
Administrator Tools -> Routing and Remote Access,
chut phi ln PC02, chn Configuration and Enable
Routing and Remote Acccess

B3: Mn hnh Configuration, chn custom


configuration -> next

11

B2: Mn hnh welcome -> next

B4: Mn hnh custom configuration, nh du


chn vo 3 : VPN access v LAN routing -> next
-> finish

B6: Qua tab IP chn static address pool bn di


nhn Add.

QUN TR MNG II | 1/21/2012

B5: Chut phi vo PC02, chn Propertie

12

B7: Mn hnh new Address Rang, nhp vo dy a ch


nh sau:
Start IP address: 10.10.10.1
End IP address: 10.10.10.254
Ok -> Apply -> Ok

2.To user VPN client kt ni vo VPN Server (my pc02)


B1: M Local users and group, to user sau:
B2: Chut phi ln user u1, chn properties. Qua
tab dial in, bn di mc remote access
user name: u1
permission (dial-in or VPN), nh du chn vo
alow access -> ok
passsword: p@ssword1
Lu : B du check ty chn user must
change password at log on

QUN TR MNG II | 1/21/2012

3.Cu hnh VPN Client.


MY PC03:
B1: Vo start -> Setting -> network connections,
chn new connection wizard. Mn hnh welcome,
nhn Next.

13

B2: Mn hnh network Connection type -> chn


connect to the network at my workplace -> Next.

B4: Mc Internet address, nhp vo IP LAN ca


PC02: 192.168.1.1. Mc Destination Name, t tn
cho kt ni, vd: VPN connection

B5: Mn hnh Connection Availability -> nh du


chn my use only -> next -> finish

B6: Nhp user name v password ca u1

QUN TR MNG II | 1/21/2012

B3: Mn hnh How do you want to connect, chn


Virtual private network connection -> next

14

B7: Kt ni thnh cng. Kim tra: m cmd g lnh


IPCONFIG /ALL, thy nhn IP t VPN server

B8: Ln lt ping n cc a ch trong mng ni


b:
Ping 172.16.1.1
Ping 172.16.1.2
Ping thnh cng

QUN TR MNG II | 1/21/2012

- Nhn st: My PC03 c VPN server cp 1 a ch ip nm trong dy 10.10.10.1 n 10.10.10.254.


My PC03 v PC01 lin lc c vi nhau.

15

B9: Chut phi vo connection VPN connection,


chn Status. Qua tab detail, thy mc device name:
PPTP. Nh vy VPN ang kt ni bng giao thc
PPTP

B2: Qua tab security, nh du chn vo th mc


Allow custom Ipsec policy for L2TP connection, chn
mc pre-shared key, nhp vo 123456 -> Apply ->
OK.

QUN TR MNG II | 1/21/2012

4.Cu hnh VPN Server bng giao thc L2TP


MY PC02
B1: M routing and remote access chut phi vo
PC02 chn properties

16

B3: Chut phi vo PC02, chn all task -> restart

MY PC03
- M Network connection, chut phi vo VPN
Connection, chn Properties
- Qua tab Networking, mc Type of VPN, chn
L2TP IPSec VPN -> OK.

QUN TR MNG II | 1/21/2012

- Qua tab security, chn ipsec setting...

17

- Mc IPSec Setting, chn User preshared key for


authencation, mc key nhp vo 123456 -> ok -> ok.

- Kim tra Status, lc ny VPN kt ni bng giao


thc L2TP.

VIRTUAL PRIVATE NETWORK (VPN)

QUN TR MNG II | 1/21/2012

PHN 2: VPN GATEWAY TO GATEW AY


I.Gii thiu
Bi lab bao gm nhng ni dung chnh nh sau:
1. Cu hnh VPN Server bng giao thc PPTP
2. Cu hnh VPN Server bng gio thc L2TP
II.M hnh

18

III.Chun b
- Bi lab s dng 4 my windows server 2003
- t IP cho cc my theo bng sau:
INTERFACE

PC01

PC02

PC03

PC04

IP

172.16.1.2

172.16.1.1

172.16.2.1

172.16.2.2

SM

255.255.255.0

255.255.255.0

255.255.255.0

255.255.255.0

DG

172.16.1.1

B TRNG

B TRNG

172.16.2.1

DNS

B TRNG

B TRNG

B TRNG

B TRNG

CROSS

INTERFACE

PC01
IP

SM
LAN

DISABLE

PC02

PC03

192.168.1.2

192.168.1.3

255.255.255.0

255.255.255.0

DG

B TRNG

B TRNG

DNS

B TRNG

B TRNG

PC04

DISABLE

QUN TR MNG II | 1/21/2012

M services.msc, tt window firewall trn 4 my


Trn my PC02, to user: hanoi, password: hanoi. Chut phi vo user hanoi, chn Properties -> Qua tab
Dial in, bn di mc Remote Access permission (Dial-in or VPN), nh du chn vo allow access
-> OK.
Tng t trn my PC03, to user: saigon, pass: saigon. Chut phi vo user saigon, chn Properties ->
qua tab Dial-in, bn di mc remote access permission (Dial-in or VPN), nh du chn vo allow
access -> OK.
IV.Thc hin
1. Cu hnh VPN Server bng giao thc PPTP
a.My PC02:

19

B2: Mn hnh Welcome to -> next

B3: Mn hnh Configuration, chn Custom


Configuration - > Next

B4: Mn hnh custom Configuration, nh du


chn vo 3 : VPN access, Demand-dialconnections v LAN routing -> next -> finish

B5: Chut phi vo Network Interface, chn New


Demand-dial interface...

B6:Mn hnh Welcome -> Next. Trong ca s


interface Name, g hanoi vo interface Name > Next
Lu : interface name bn cnh ny l username
bn kia

20

QUN TR MNG II | 1/21/2012

B1: Log on Administrator. Vo start - > programs ->


Administrator Tools -> Routing and remote access,
chut phi ln PC02, chn Configura and enable
routing and remote access

QUN TR MNG II | 1/21/2012

21

B6: Mn hnh connection type -> nh du chn vo


connect using virtual private networking (VPN) ->
Next.

B7: Mn hnh VPN type, chn point to point


tunneling Protocol (PPTP) -> Next.

B8:Mn hnh destination Address -> g a ch card


LAN, ca my PC03 vo Hostname Or IP Address

B9: Mn hnh Protocols and security, gi nguyn


nh mc nh -> next.

B10: Mn hnh static routing for remote networks ->


Add

B11: Mn hnh static route, cu hnh nh sau:


Destination: 172.16.2.0
Network mask: 255.255.255.0
Metric: 1
OK.

B12: Mn hnh dial out credentials, nhp vo nhng


thng tin sau:

B13: Quay li mn hnh routing nad remote access,


chut phi vo pc02, chn properties
QUN TR MNG II | 1/21/2012

User name: saigon


Domain: trng
Password: saigon
Confirm password: saigon
Sau nhn next -> finish

22

B14: Qua tab IP, chn static address pool. Nhn Add

B15: Trong ca s new address range nhp vo dy


IP sau:
Start IP address: 10.10.10.1
End IP address: 10.10.10.254
OK -> OK

QUN TR MNG II | 1/21/2012

B16:Mn hnh Routing and remote access, chut phi


ln PC02 -> All tasks -> restart

b.My PC03: Lp li cc bc ca phn a. Cu hnh VPN server trn my PC02 cho my PC03, thay
i cc thng tin sau:

23

- Ti bc khai bo Interface, Interface Name: saigon


- Ti bc khai bao1Destination Address, nhp vo IP card LAN ca my PC02: 192.168.1.2
- Ti bc khai bo Dial in out credentials:
User name: hanoi
Domain: ( trng)
Password: hanoi
- Ti bc to static address pool:
Start IP address: 10.10.20.1
End IP address: 10.10.20.254
c.Kim tra:
My PC04:
- Log on Administrator -> vo CMD, g lnh ping
<a ch IP my PC04> (v d: ping 172.16.1.2) -> s
thy reply

MY PC03:

QUN TR MNG II | 1/21/2012

- Quan st trn Routing and remote access, connection saigon, s thy connected

- Qua mc Ports, s thy kt ni dng PPTP v status l Active

24

- Kt ni VPN Client. Ti CP04 v PC01 (Thao tc lm ging bi trc)

- Nhn xt: 2 site saigon v hanoi kt ni thnh cng

QUN TR MNG II | 1/21/2012

2.Cu hinh2VPN server bng giao thc L2TP


a.My PC02
B1: Chut phi vo connection hanoi, chn Properties

25

- Qua tab networking, mc type of VPN, chn


L2TP IPSec VPN -> OK.

QUN TR MNG II | 1/21/2012

- Qua tab Security, chn IPSec setting...

- Chn ty chn: Use Preshared key for authencation, khung key: nhp vo 123456 -> OK -> OK.

26

B2: Quay li mn hnh Routing and remote access,


chut phi vo PC02, chn Properties

B3: Qua tab security, bn di nh du chn vo


mc allow custom IPSec policy for L2TP
Connection.
Mc preshared key: Nhp vo 123456 -> Apply ->
OK

QUN TR MNG II | 1/21/2012

B4: Mn hnh routing and remote access, chut phi


ln PC02 -> All tasks -> restart

b.My PC03: Thc hin li thao tc nh trn PC02


c.Kim tra:
27

a. My PC04:
- Logon Administrator -> vo CMD, g lnh ping
<a ch IP my PC04> (v d: ping 172.16.2.2) > s thy reply

b.My PC03:
- Quan st trn Routing and Remote access, connection hanoi, s thy Connected

QUN TR MNG II | 1/21/2012

- Qua mc Ports, s thy kt ni dng L2TP v Status l Active

28

CHNG III: NETWORK ADDRESS TRANSLATION (NAT)


I. Gii thiu
Bi lab bao gm nhng ni dung chnh:
1. NAT Outbound
2. NAT Inbound
II.M hnh

III.Chun b
- M hnh bi lab s dng 3 my Windows server 2003
PC01: Disable card LAN
PC03 Disabls card CORSS
- C 3 my tt firewall
t IP theo bng sau y:
INTERFACE
PC01
172.16.1.1

172.16.1.2

SM

255.255.255.0

255.255.255.0

DG

172.16.1.2

B TRNG

DNS

8.8.8.8

B TRNG

PC01

PC02

PC03

192.168.X.2

192.168.X.3

255.255.255.0

255.255.255.0

192.168.X.1

192.168.X.1

QUN TR MNG II | 1/21/2012

INTERFACE
IP
SM
DG
Trong X l a ch ca mng Internet
- PC01 ci t web server
IV.Thc hin
29

PC03

IP
CROSS

CROSS

PC02

DISABLE

DISABLE

B2: Chn next

B3: Chn Custom configuration -> next

B4: Chn NAT -> Next

B5: Finish

B6: Start services

QUN TR MNG II | 1/21/2012

1. NAT Outbound
- Thc hin trn PC02
B1:M routing and remote access -> Chut phi ln
PC02 -> Chn Configure and Enable routing and
access

30

QUN TR MNG II | 1/21/2012

31

B7: Chut phi ln NAT/Basic Firewall -> Chn new


interface

B8: Chn Cross -> OK

B9: Chn Private interface connected to private


network -> OK.

B10: Chut phi ln NAT -> Chn new Interface

B11: Chn card LAN -> OK

B12: Chn Public interface connected to the


interface v enable NAT on this interface -> OK.

Kim tra:
QUN TR MNG II | 1/21/2012

- PC01 truy cp internet -> truy thnh cng

32

- PC02 m routing and remote access - > chn NAT/Basic Firewall -> Chut phi ln card LAN chn Show
Mappings.

- Quan st Mapping thy PC01 (172.16.1.1) c NAT ra ngoi thng qua PC02 (192.168.3.2)

QUN TR MNG II | 1/21/2012

3.NAT inbound
- Thc hin trn PC02
- M IE truy cp th trang web ca PC01: http://172.16.1.1 -> truy cp thnh cng (lu : PC01 ci
Webserver)
B1: Trong phn NAT -> Chut phi ln LAN ->
B2: Qua tab Services and Ports -> chn web
chn Properties
services (HTTP) \ Edit.

33

B3: Trong phn Private address -> in IP ca PC01:


172.16.1.1 -> OK

B4: Chut phi ln PC02-> chn All Tasks restart

B5: Kim tra

QUN TR MNG II | 1/21/2012

- PC03 truy cp website ca PC01 bng IP card LAN ca PC02: http://192.168.x.2 -> truy cp thnh cng

34

- PC02 m Mapping ca card LAN quan st thy

CHNG IV: STAND-ALONE CA


I. Gii thiu

QUN TR MNG II | 1/21/2012

Bi lab bao gm nhng ni dung sau:


1. Ci t Stand alone CA
2. Admin chnh sa mail ca user
3. User xin Certificate
4. Admin cp pht Certificate cho user
5. User Install certificate
6. User gi mail c sign
7. User gi mail c encrypt
II.Chun b
Mt my windows server 2003
To 2 user: Ti, Teo.
Ci t Pop3 services vi domain dongan.local, to 2 mail box (teo@dongan.local, ti@dongan.local)
Cu hnh Outlook Express cho 2 user teo v ti, kim tra gi mail qua li thnh cng
III.Thc hin
1. Ci t Stand alone CA
B1:Vo Start -> setting -> control panel -> Add or
B2: nh du chn ASP.NET - > OK. Qu trnh
remove programs -> chn Add/remove windows
ci t c din ra - > Finish
components -> ko thanh trt chn mc Application
- Lu : Hon tt xong bc ci ASP.NET mi
server, sau nhn Detail
sang bc tip theo

35

B4: Chn Stand-alone-CA - > next

B5: Common name for this CA: DongAn -> Next

B6: Gi nguyn ng dn nh mc nh -> Next

B7:Hp thoi Active Server pages -> chn yes

B8: Qu trnh ci t thnh cng -> finish

QUN TR MNG II | 1/21/2012

B3: Quay tr li mn hnh Windows Components, chn


Certificate Services

36

2. Ci t v cu hnh POP3 Services


B1: Vo start -> setting -> Control panel -> Add or
remove programs -> chn Add/Remove windows
components -> ko thanh trt chn mail certificate,
sau nhn next -> ci t theo mc nh

QUN TR MNG II | 1/21/2012

B2: M POP3 Services trong Administrator Tools.


B3: Trong ca s Add domain, nhp tn domain
Chut phi ln tn mail services, chn new -> Domain name: dongan.local

37

B4: Chut phi ln dongan.local -> new -> mailbox

B5: Nhp vo tn mailbox l TEO, nh


dau61check vo Create associate user for this
mailbox, ng thi nhp vo password cho user ->
OK

B7: M Outlook express, trong ca s Your name,


dng display name, g vo Teo -> Next.

B8: Trong ca s Internet E-Mail Address, dng


E-Mail address g teo@dongan.local

38

QUN TR MNG II | 1/21/2012

B6: Lm tng t cho user TI

QUN TR MNG II | 1/21/2012

39

B9: Trong ca s E-Mail Services Names, dng


Incoming mail (POP3...) server v Outgoing mail
(SMTP) Server g vo a ch IP ca mail server - >
Next.

B10: Trong ca s Internet Mail Logon, trong


dng Account name g vo u1@dongan.local
Password g vo p@ssword1 - > next.

B11: Vo menu Tools -> Accounts

B11: Qua tab Mail -> Properties

B12: Chn Tab server -> Check vo My server


requires authencation -> chn OK -> Close

Thc hin tng t cu hnh cho user TI (ti@dongan.local)


Kim tra: Thc hin gi v nhn mail
B2: Nhp a ch ngi nhn l: ti@dongan.local
QUN TR MNG II | 1/21/2012

B1: To gi mail cho T -> trong ca s Outlook


Express ca To, click vo Create mail

40

QUN TR MNG II | 1/21/2012

B3: TI kim tra mail -> trong ca s Outlook Express,


Click vo Send/Rercv thy trong dng Inbox c 1
mail

3.Admin sa mail ca user


B1: Logon Teo -> m Outlook Express gi
mail cho t

41

B4: Click vo dng Inbox, c c ni dung mail


do To gi cho t

B2: Logon Administrator -> M file:


C:\Inetpup\Mailroot\mailbox\dongan.loca (file c phn
m rng *.mbx)

B3:Trong phn ni dung mail ca Teo gi cho


Ti, Thm mt dng vi ni dung bt k - >
save

QUN TR MNG II | 1/21/2012

Kim tra: Logon TI -> m Outlook Express > nhn mail ca TEO -> ni dung mail b
sa m t khng bit

42

4.User xin certificate


B1: Logon TEO -> m IE truy cp:
http://localhost/certsrv -> chn Request a certicate

B2: Chn E-Mail Protection certificate

B3: in thng s nh trong hnh -> Submit

B4: Chn Yes

B5: Thc hin tng t cc bc trn i vi User TI

QUN TR MNG II | 1/21/2012

5.Admin cp phi Certificate cho user


B1: Logon Administrator. M certificate Authority trong Administrative tools
B2: M phn Pending Request -> khung bn phi
chn 2 CA ca TEO v TI ang ch Issue -> chut
phi chn All tasks -> Issue

43

B3: M phn Issue certificate -> quan st thy c 2


CA va Issue

6.User Install Certificate


Thc hin trn c 2 user TI v TEO (Log on tng user)
B1: M IE truy cp http://localhost/certsrv ->
B2: Chn Email Protection certificate
Chn View the status of a pending...

B4: Chn yes

QUN TR MNG II | 1/21/2012

B3:Chn Install this certificate

44

B5: Ci t Certificate thnh cng

QUN TR MNG II | 1/21/2012

7.User gi mail c sign


B1: Ti gui mail cho Teo chn sign

45

B2: Kim tra:


- Logon Admin -> vo th mc cha mail ca Teo -> sa ni dung mail.
- Logon Teo -> M Outlook Express -> nhn mail t Ti -> Chn Continue.

- Xut hin bng qung co: mail b sa -> Chn Open message c mail.

B2: Logon Admin -> M th mc cha mail ca Teo -> m file ca Teo -> Quan st thy ni dung mail
c m ha khng th c c -> thm 1 dng bt k vo ni dung mail v save li.

46

QUN TR MNG II | 1/21/2012

TI + TEO gi mail c sign cho nhau trao i Cert.


8.User gi mail c Encrypt
B1: Logon TI -> gi mail c sign v Encrypt cho TEO

QUN TR MNG II | 1/21/2012

B3: Logon TI nhn mail t TEO -> khng th c c ni dung mail do mail b sa.

47

48

QUN TR MNG II | 1/21/2012

CHNG V: ENTERPRISE-CA

QUN TR MNG II | 1/21/2012

I.Gii thiu
Bi lab bao gm nhng ni dung chnh nh sau:
1. Ci Enterprise CA
2. User xin v Install Certificate
3. User cu hnh Outlook Express gi mail cho chnh mnh c sign v Encrypt
4. Export Certificate
5. Import Certificate
II.Chun b
01 My Window server 2003 DC ( nng cp thnh Domain)
To user TEO/password: 123 v khi khai bo a ch Email: Teo@dongan.local trong properties ca
account Teo.

III.Thc hin
1.Ci Enterprise CA
B1: Vo start -> Setting -> Control panel
Add or remove Programs - > Chn
Add/remove Windows components -> ko
thanh trt chn mc Application server,
sau nhn detail....
49

B2: nh du chn ASP.NET -> OK. Qu trnh ci


t c din ra -> finish.

Lu : Hon tt xong bc ci ASP.NET mi


sang bc tip theo.

B4: Chn Enterprise root CA -> Next.

B5: Common name for this CA: dongan - > Next

B6: Chn Enterprise root CA -> Next

QUN TR MNG II | 1/21/2012

B3: Quay tr li mn hnh Windows Components,


chn Certificate Services

50

QUN TR MNG II | 1/21/2012

51

B7: Hp thoi Active Server Pages -> chn YES

B8: Qu trnh ci t thnh cng -> Finish.

2.User xin v Install certificate


- Logon TEO
B1: Logon TEO -> m IE truy cp
http://localhost/certsrv --> Chn Request a
certificate.

B2: Chn User Certificate

B5: Chn YES

B5: Chn Install this certificate -> YES

B6: Qu trnh ci t thnh cng

QUN TR MNG II | 1/21/2012

B3: Chn Submit

3.User cu hinh2Outlook Express gi mail cho chnh mnh c sign v Encrypt


52

- Logon TEO
B1: M Outlook Express - > To Account Name:
TEO -> NEXT

B2: Email Address: Teo@dongan.local -> Next.

B3: In & Out going mail server: Localhost -> Next

B4: Email username: Teo@dongan.local

QUN TR MNG II | 1/21/2012

passwd: 123 -> next.

B5: Gi mai cho chnh mnh c sign v encrypt

53

B6: Khng quan tm bo li -> chn Hide

B7: Mail c chuyn v Outlook v vn c c mail.

B2: Chn Certificate - > chn Add -> My Users


Account -> OK -> OK.

QUN TR MNG II | 1/21/2012

4.Export Certificate
B1: Logon TEO -> Start -> Run -> MMC -> Menu
file -> Add/remove Sanp - IN -> Add.

54

QUN TR MNG II | 1/21/2012

55

B3: M theo ng dn nh trong hnh -> Chut phi


ln Certificate TEO -> Chn All Task -> Export

B4: Chn Next

B5: Chn YES, Export the private key -> next

B4: Chn Next.

B6: Nhp vo Password: 123

B7: Lu li a C:\

QUN TR MNG II | 1/21/2012

5.Import Certificate.
B1: Logon TEO -> M MMC -> m theo ng dn trong hnh -> Chut phi ln Certificate TEO -> chn
delete -> YES.

56

QUN TR MNG II | 1/21/2012

B2: M Outlook Express -> chn OutLook -> M Email ca chnh mnh -> Khng th c c mail na.

B3: M MMC -> Add Snap-in Certificate vo -> m


Personal -> Chut phi ln Certificate -> All tasks ->
import

57

B4: Chn Next.

B6: in Password: 123 -> next

B7: Chn Next.

B8: Finish -> OK.

QUN TR MNG II | 1/21/2012

B5: Chn Browse -> Ch ng dn n ni certificate


export ra -> next.

58

- Kim tra:
M OutLook Express -> Outbox -> m mail gi cho chnh mnh -> c li c ni dung mail

QUN TR MNG II | 1/21/2012

CHNG VI: NNG CP W INDO WS SERVER 2003 LN W INDOWS SERVER 2008


I. Chun b
- 1 my winserver 2003 a nng domain
- Copy source Window server 2008 vo C:\
- To OU Ktoan v to 2 user u1, u2
- Chnh Passwor n gin
II. Thc Hin:
1.Kim tra h thng
Kim tra xem version ca Win server 2k3 l g ( Standar hay Enterprise ) phien bn bao nhiu bit . v khi
chng ta up ln 2k8 chng ta cng phi chn ng phin bn.
59

Bc 1: Kim tra h thng

Bc 2 : raise functional level ln win2k3 cho h


thng

QUN TR MNG II | 1/21/2012

2. Adprep H thng cho ph hp vi Win2k8


Bc 1 : Cho DVD 2k8 vo DVD
Bc 2: Start > run >CMD enter
Bc 3 : nh vo D:\sources\adprep\adprep.exe
/forestprep (D:\ l dia DVD) -> xut hin thng
bo, tip tc nhn ch C v enter

60

QUN TR MNG II | 1/21/2012

61

Bc 4: nh tip D:\sources\adprerp\adprep.exe
/domainprep

Bc 5 : nh tip D:\sources\adprerp\adprep.exe
/domainprep /gpprep

Bc 6 : tt ca s CMD, vo DVD chy file


setup.exe

Chn: Do not get the .

QUN TR MNG II | 1/21/2012

Sau khi UpGrade thnh Cng chng ta th login vo h thng kim tra xem cc cu hnh OU v user c
thay i g khng

Mi th vn nh lc u vi Winserver 2003 2 OU ketoan v kythuat cng vi 2 user u1 v u2 vn cn


Kt Lun:
62

- Cng vic Upgrade t server 2003 ln server 2008 khng qu kh.


-Cc diu cn lu :
+ Backup h thng trc khi lm. nn ln 1 k hoach r rng
+ H thng ngun in n nh trnh tnh trng cup in
+ DVD ci t 2k8 phi tt cc File khng b hng do vt l
+ Lm th trn my o trc khi lm thit

CHNG VII: S DNG CNG C Q UN TR SERVERMANAGER TRN


WINDO WS SERVER 2008

QUN TR MNG II | 1/21/2012

I. Gii thiu Server Manager:


Server Manager l mt cng c cho php bn thc hin hu ht cc thao tc qun tr trn Windows
Server 2008,t cc dch v server nh Active Directory,DNS,DHCP... n cc thnh phn ca h thng
nh .NET Framwork 3.0,Network Load Balancing,Group Policy Management.....;t h thng
firewall,qun l user v group n cc dch v sao lu h thng,qun l a.C th ni rng,cng c ny l
kt qu ca s kt hp hon ho cc cng c qun l trn nhng phin bn Windows trc .
1. Khi ng Server Manager:
Theo mc nh,Server Manager s t khi ng ngay sau khi ng nhp vo h thng.Nu ng ca s
ny li,bn c th m n bng cc cch sau:
Nhp chut phi vo biu tng Computer trn desktop v chn Manager
T menu Start,chn Programs --> Administrative Tools --> Server Manager
T menu Start,chn Control Panel --> Aministrative Tools --> Server Management
Nhp chn biu tng Server Manager (gn Start ) trn Quick Lauch ca Taskbar
2. Giao din Server Manager:
V y l mn hnh chnh ca cng c qun tr Server Manager:

63

64

QUN TR MNG II | 1/21/2012

Roles : cho php b sung v loi b cc dch v server.Ti y bn c th qun l chi tit d liu tng
ng vi mi dch v.
Features : cho php b sung v loi b cc thnh phn trn Windows Server 2008.Chc nng ny
tng t nh Add/Remove Windows Components trong cc phin bn Windows trc.
Diagnostics : tch hp cc thnh phn Event Viewer, Reliability and Performance v Device
Manager.
Configuration bao gm cc cng c Local Users and Groups, Task Scheduler, Windows Firewall
with Advanced Security, WMI Control v Services. WMI Control c dng qun l cc dch v
Windows Management Instrumentation.
Storage tch hp 2 cng c l Windows Server Backup v Disk Management.
III. Ci t v qun l dch v (Roles)
ci t dch v, hay gi l cc Roles, bn
vo Server Manager, sau click vo Roles
khung bn tri v chn Add Roles khung bn
phi:

Ti khung Before You Begin bn click vo


Skip this page default nhng ln ci t
role khc khng phi n vi khung ny.

Click Next .
Ti khung Select Server Role bn chn mt role
cn ci t,sau click Next.
(Nh bn thy tt c 16 role trn Windows
Server 2008)

QUN TR MNG II | 1/21/2012

Trong qu trnh ci t,ty theo c im,tnh


nng ring ca tng dch v server ,bn s in
y thng tin v thc hin thao tc cn thit
hon tt ci t.
Sau khi ci t xong,thng tin ca cc dch v
s hin th trong khung Roles Summary trn
Server Manager.Ti y bn c th thao tc
b sung v loi b cc dch v server ny.Nu
mun qun l chi tit d liu tng ng vi
mi dch v server,click chn dch v di
Roles khung bn tri.
IV. Ci t cc thnh phn (Features)

65

ci t,thm cc thnh phn bn vo


ServerManager.Click Features khung bn
tri v click Add Features ti khung bn phi

Ti khung Select Features bn chn thnh


phn cn ci t ,sau click Next

QUN TR MNG II | 1/21/2012

Ti khung Confirm Installation Selection l


khung xc nhn,nu khng c g thay i click
Install bt u ci t

Sau khi ci t xong,thng tin ca cc thnh phn s hin th trong khung Features Summary trn
Server Manager.Bn c th thao tc ,b sung hay loi b cc thnh phn ti .
i vi phn Configuration chng ti s hng dn c th cc bn tng role khc nhau
66

CHNG VIII: W INDOWS S ERVER CORE 2008 R2


I- Gii Thiu
Bi lab bao gm nhng ni dung:
1. Ci t Server Core
2. Nng cp Domain Controller
3. S dng cng c CoreConfigurator qun l server
4. Join Domain v S dng Remote Server Administration cu hnh v qun l Server Core t xa.
II Chun B
- Bi lab s dng 2 my : PC01 , PC02
* PC01 : server 2k8 core.
* PC02 : Windows 7
- PC01 gn file 2k8R2.iso vo my o
III- Thc Hin
1.Ci t Server Core
Thc hin ti PC01
B1: Chn Next
B2: Chn Install Now

QUN TR MNG II | 1/21/2012

B3: Chn Windows Server 2k8 Enterprise


Edition (Core Installation) Next

67

B4: Chn In Accept Next

B6: Chn Next

B7: Chn OK

B8: Nhp password : P@ssword Enter

QUN TR MNG II | 1/21/2012

B5: Chn Custom (Advanced)

68

2. Nng cp Domain Controller


A. t IP , i tn my thnh PC01
B1: Xem tn hin ti: hostname
i tn: netdom renamecomputer %computername% /NewName:DC25
Restart PC: shutdown /r /t 0
Shutdown PC: shutdown /s /t 0

QUN TR MNG II | 1/21/2012

B2: Xem interface: netsh interface ipv4 show interface


i tn interface: netsh interface set interface name="local area connection" newname="LAN"
B3: Tt / Bt interface: netsh interface set interface "LAN" disable/enable
hoc: netsh interface set interface name="LAN" admin=disable/enable
B4: t IP: netsh interface ipv4 set address "LAN" static 192.168.1.25 255.255.255.0 192.168.1.1
hoc: netsh interface ipv4 set address name="2" source=static address=192.168.1.251
mask=255.255.255.0 gateway=192.168.1.1
B5: Tt / Bt firewal:Netsh Firewall Set OpMode Mode=Disable/Enable
B6: Kim tra ng truyn: ping ...
B. Nng cp DC
a. Nng cp DC:
Chnh preferred DNS:
Netsh interface ipv4 set dnsserver "LAN" static 192.168.1.101 primary
Kim:
ipconfig /all
To file vn bn Unattend.txt:
Copy Con C:\Unattend.txt
Nng cp:
dcpromo /unattend:unattend.txt
b. Quan st cc role:
oclist
c. Ci DHCP:
start /w ocsetup DHCPServerCore
(/W: Ch hin du nhc HH sau khi hon thnh cng vic)
Ch : DHCPServerCore: Case sensitive
d. Kim tra cc server authorize:
netsh dhcp show server
e. Authorize DHCP:
netsh dhcp add server FQDNcaserver IPcaserver
f. Config startup type ca DHCP service
69

70

QUN TR MNG II | 1/21/2012

Sc config dhcpserver start= auto Ch : trc auto phi c khong trng


g. Start DHCP:
Net start dhcpserver
C. JUST FOR REFERENCE BELOW:
a. Config DHCP:netsh hoc mmc DHCP (remote)
netsh dhcp server 192.168.1.22 add scope 192.168.1.0 255.255.255.0 Scope1
netsh dhcp server 192.168.1.22 scope 192.168.1.0 add iprange 192.168.1.100 192.168.1.199
netsh dhcp server 192.168.1.22 scope 192.168.1.0 set optionvalue 003 ipaddress 192.168.1.200
netsh dhcp server 192.168.1.22 scope 192.168.1.0 set optionvalue 006 ipaddress 192.168.1.22
b. Ci DNS:
start /w ocsetup DNS-Server-Core-Role
Config DNS:
dnscmd hoc dng mmc DNS (remote)
Sau khi h cp DC, c th phi thc hin thm lnh g b AD DS binaries & g DNS:
Restart
dcpromo /uninstallBinaries
c. G b DHCP:
start /w ocsetup DHCPServerCore /uninstall
d. Share ti nguyn
md C:\Data
net share DATA=C:\DATA /Grant:Everyone,Full
e. Enable Remote desktop admin:
netsh firewall set service remoteadmin enable
3. S dng cng c h tr coreconfigurator
Khi ci t h iu hnh Windows Server 2008 c thm la chn ci t Server Core. Server Core bao gm
nhng thnh phn li ca h iu hnh Windows Server 2008:
Active Directory Domain Services
Active Directory Lightweight Directory Services
DHCP Server
DNS Server
File Services
Print Server
Streaming Media Services
Web Server (IIS)
V mt s tnh nng c trng ca h iu hnh Windows Server 2008. Server Core n gin, gn
nh (sau khi ci t, chim khong 1GB cng) nn hot ng kh hiu qu.
Tuy nhin Server Core ch s dng giao din qun l l dng lnh (command line), mi thao tc u
phi thc hin qua cc lnh trn ca s lnh.
CoreConfigurator l mt cng c min ph c ci trn Server Core. CoreConfigurator vi giao din
GUI cho php cu hnh nhng thit lp c bn trn Server Core, gip ngi qun tr s dng Server Core
hiu qu hn. CoreConfigurator h tr cc thit lp sau:
Configuration of display resolution:
Cu hnh phn gii ca mn hnh.
Remote Desktop configuration
Cu hnh cho dch v Remote Desktop
Management of local user accounts
Qun l ti khon ngi dng: to, xa, nhm.
Firewall configuration: Cu hnh firewall

IP configuration: Cu hnh IP
Computer name and domain/workgroup membership
Cu hnh tn my, tn nhm hoc tn domain.
Installation of Server Core features/roles:
Cho php ci t mt s tnh nng ca Server Core. Download (phin bn hin thi 1.1.2, khong 1.4
MB): tn l: CoreConfigurator.msi.

QUN TR MNG II | 1/21/2012

Ci t CoreConfigurator vi lnh msiexec.


Ch : C th dng chng trnh qun l file nh Total Commander vic la chn th mc, thc
hin lnh c thun tin hn. Khi s xut hin cc hp thoi ci t CoreConfigurator. Vic ci t
thc hin d dng v nhanh chng. Kt thc qu trnh ci t, CoreConfigurator c ci vo th mc
C:\Program Files\CoreConfigurator vi file chy l CoreConfigurator.exe. Chuyn vo th mc ny
chy file CoreConfigurator.exe. Giao din CoreConfigurator nh sau:

Giao din CoreConfigurator


Sau y l mt s thit lp chnh: Cu hnh Remote Desktop cu hnh Remote Desktop, trn giao din
ca CoreConfigurator, click nt RDP. Xut hin hp thoi Remote Desktop Settings:

71

Hp thoi Remote Desktop Settings


Trn hp thoi Remote Desktop Settings, chn Allow Remote Administration Connections, sau click
nt Save xc nhn. Trn giao din ca CoreConfigurator, click nt Firewall, xut hin hp thoi Filewall
Configuration:

QUN TR MNG II | 1/21/2012

Hp thoi Filewall Configuration


Trn hp thoi Filewall Configuration, chn Remote Desktop, sau click vo nt Disable selected rule
groups. Nh vy c th kt ni t Remote Desktop Connection n Server Core vi ti khon
Administrator. Ch : Firewall Configuration c th cho php cu hnh firewall hoc b firewall cho cc
dch v khc. Qun l ti khon qun l ti khon ngi dng trn Server Core, trn giao din ca
CoreConfigurator, click nt User&Groups. Xut hin hp thoi Account Management:

72

QUN TR MNG II | 1/21/2012

Hp thoi Account Management


Trn hp thoi Account Management c cc nt chn: Delete User: Xa mt ti khon. Password: Thay
i mt khu mt ti khon. New user: To mt ti khon mi. Thm Server Features and Roles thm
Server Features and Roles, trn giao din ca CoreConfigurator, click nt Features, xut hin hp thoi
Server Features and Roles:

73

Hp thoi Server Features and Roles


Trn hp thoi Server Features and Roles, la chn cc Feature hoc Role m bn mong mun, sau nhp
nt Configure. Trn y l cc la chn cn lu ca CoreConfigurator. Cc la chn khc bn c c th
t tm hiu.
4. Join Domain
Thc hin ti PC02
B1: Khai bo IP cho my win7 cng mng vi Server core.
B2: Cho my Win7 gia nhp domain Server core.
B3: Trn client, ci t cng c qun tr server.
- Kch hot b ci t Remote Server
Administration Tool bng cch ci gi nh hnh
di.

QUN TR MNG II | 1/21/2012

- Kch hot Remote Server Administrative Tool: Start \ Control Panel\ Program And Features \ Turn
On or Off Program and Features \ nh du chn cc cng c nh hnh minh ha \ OK

74

QUN TR MNG II | 1/21/2012

- Start \ Administrative Tools \ Active Directory Users and Computers: kt ni thnh cng n c s
d liu ca DC. (hoc - Start \ Run \ DSA.MSC)
Lu : chy c lnh trn th ta phi ng nhp vo domain bng Admin domain.

CHUONG IX: TERMINAL SERVICES


I.Gii thiu
- Terminal Services Remote Application l mt tnh nng mi trn Windwo server 2008. Cc chng trnh
ng dng s c ci t sn trn windows server 2008, cc my trm tuy khng ci t chng trnh ng
dng, nhng vn c th khai thc cc chng trnh ng dng trn my ch thng qua terminal Service
75

1. c im Cc my trm khng cn phi c cu hnh phn cng mnh v doanh nghip khng phi tn
nhiu chi ph v bn quyn phn mm khi s dng dch v ny. Tuy nhin doanh nghip vn phi mt chi
ph bn quyn cho CAL (Client Access License) v chi ph ny thp, c th chp nhn c
My trm kt ni n my ch thng qua Terminal Services nn my trm phi c ci t Remote
desktop connection (RDC) 6.0 tr ln. C th download ti: http://support.microsoft.com/kb/925876/en-us
II.Chun b (h thng gm)
Server: Window server 2008
To local user: sv1/123, sv2/123 v add vo group remote desktop users
Bt ch remote desktop trn my server
Change password administrator l 123
Client: Windows XP
III.Thc hin
1.Ci t Terminal services:
B1: Start \ Program \ Administrator tools \ server
B2: Chn Terminal server Click Next.
manager. Chut phi Roles \ Add Roles
- Click Next

B4: Anthencation Method \ Chn Do not Require


level authencation \ Next

QUN TR MNG II | 1/21/2012

B3: Chn Terminal server Click Next.

76

QUN TR MNG II | 1/21/2012

77

B5: Chn Licensing Mode \ Configure later \ Next

B5: Add user: SV1 v SV2 vo

B6: Click \ Next \ Install \ Close \Yes

B7: Kim tra Remote Connection c enable.


Bm phi chut computer -> chn Properties ->
Remote setting -> tab remote

- Menu Action -> Add RemoteApp Programs

B3: Trong mn hnh TS remote App -> Cun xung


cui mn hnh -> Bm phi chut vo application v
chn Create Installer Package.

B2: Mn hnh Wellcome -> Next


- Chn Program to add remoteApp Program list ->
Chn cc ng dng cho client -> Next -> Click
Finish

B4:Mn hnh wellcome click NEXT.


- mc nh cc thng s cu hnh. Chn Finish

78

QUN TR MNG II | 1/21/2012

2.Thm cc chng trnh ng dng RemoteApp:


B1: Start \ program \ Administrative Tools ->
Terminal services -> TS RemoteApp Manager

3.Chia s folder cha ng dng:


B1: - C:\Program file -> Chut phi ln Packaged
program -> Properties -> Share -> Everyone Allow
Read -> OK.

4. Kim tra trn my Client


My XP (Client ci gi RDC: WindowsXP-KB952155-x86-ENU) down ti:
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=7208
B1: Start -> Run -> nhp a ch IP Remote Server
B2:Hp thoi chng thc nhp sv1/123

QUN TR MNG II | 1/21/2012

V d: \\10.10.10.1 -> OK

79

B3: Chn ng dng cn dng double click

B4:Vo start / Program / Remote Program /


WordPad

B5: Chn Connect

B6: Khai bo SV1/123

B7: Kim tra ng dng va ci vo Start Program


thy c ng ng va ci -> Khi ng ng dng.

B8: Qu trnh kt ni din ra v ng dng cn dng


s m ra
QUN TR MNG II | 1/21/2012

- Nhp vo IP my server - > Connect

80

5.Trin khai cc ng dng RemoteApp thng qua TS Web access


a.Ci t TS Web Access trn terminal services -> Add role Services
B1: Server Manager -> Terminal Server -< Add role B2: Chn TS Web Access -> Next
Services

QUN TR MNG II | 1/21/2012

B3: Chn Add Require role services

81

B4: cc thng s mc nh -> Next -> Chn


Install

B5: Start -> Programs -> administrator tools ->


terminal services RemoteApp manager. Bm chut
phi cc ng dng mun hin th -> chn show in TS
Web Access.

b.Kim tra trn Terminal Client


B1: - M internet Explorer -> khung address
nhp vo a ch Terminal Server
http://10.10.10.1/ts -> Enter

B2: - Sau khi ng nhp thnh cng -> La chn cc


ng dng cn dng

CHUONG X: INTERNET INFORMATION SERVICES


I.Gii thiu
- IIS 7.0 l phin bn mi nht cho web server ca Microsoft. IIS c trong Windows Server t khi Windows
2000 Server vi t cch l mt thnh phn ca Windows v t Windows NT th l mt ty chn. IIS 7.0
hin c cung cp trong Windows Vista v Windows Server 2008, h iu hnh my ch c d nh s
pht hnh vo u nm 2008. IIS 7.0 l mt phin bn c xem xt mt cch t m trong thit k t kinh
82

QUN TR MNG II | 1/21/2012

- Hp thoi khai bo username v password xut


hin. Nhp sv1/123

nghim ca cc phin bn trc. Phin bn 7.0 ra i to mt nn tng linh hot v an ton nht cho vic
cu hnh web v cc ng dng.
- IIS 7.0 c thit k tr thnh mt nn tng Web v ng dng linh ng v an ton nht cho
Microsoft. Microsoft thit k li IIS t nhng nn tng c trc v trong sut qu trnh
pht trin, nhm thit k IIS tp trung vo 5 lnh vc ln:
Bo mt
Kh nng m rng
Cu hnh v trin khai
Qun tr v chun on
Hiu sut
II. Ci t v cu hnh IIS
1.Ci t
B1: - Chn Server Manager ti ng dn : Start
B2: Khi chn thm dch v c th bn s gp thng
Menu Server Manager (hoc c th chn :
bo nhc nh cn ci t 1 s dch v ph km
Start Menu Administrative Tools Server
theo.
Manager).
- Click Next -> Install -> Close
- Trong Roles chn Add Roles . Tick chn

QUN TR MNG II | 1/21/2012

Web Server (IIS) mc Roles. Chn Next.

83

B3: Kim tra dch v web va ci t lm vic, ta


vo trnh duyt g http://localhost.

2. Thm mt website:
B1: - u tin ta to th mc cha trang web mi.

B2: - Vo Server Manager chn Roles - Web


Server (IIS) - Internet Information Server

B3: - in thng tin cn thit v trang web (tn,


ng dn, v.v..).

B4: - Khi chn OK s xut hin 1 thng bo rng


binding *:80 c ng k bi 1 site khc.
Chn YES

84

QUN TR MNG II | 1/21/2012

- Pha bng Connections , chn sites - Add


Web Site.

B5: Lc ny ta cn stop trang Default Web Site


mc nh li v start trang web va to ln.

B6: Kim tra trang web va to hot ng, ta cng


vo browser g http://localhost.

QUN TR MNG II | 1/21/2012

3. Ci t dch v qun tr t xa ca IIS:


a. Ci t:
B1: - Vo Server Manager Trong Roles mc Role Services chn Add Role Service.
- Tick

85

B2: - Tick chn Management Service.


- Click Next -> Install -> Close.

QUN TR MNG II | 1/21/2012

b. Kch hot dch v:

86

B1: - Vo Start - All Programs


Administrative Tools - Internet
Information
Services (IIS) Manager.
- Chn Managerment Service.

B2: Double v chn Enable remote


connections v start dch v.
- Sau chn YES v chnh thc start dch
v.

QUN TR MNG II | 1/21/2012

- Lc ny ngi qun tr c th ng nhp vo h thng t xa thng qua dch v trn

CHNG XI: WINDOWS FIREWALL WITH ADVANCE


SECURITY ON WINDOWS SERVER 20 08
I. TNG QUT
Windows Firewall with Advanced Security trn Windows Server 2008 l mt s kt hp gia personal
firewall (host firewall) v Ipsec,cho php bn cu hnh lc cc kt ni vo v ra trn h thng.
Khng ging nh nhng firewall cc phin bn Windows trc ch s dng Windows Firewall trong
Control Panel thc hin cc thao tc cu hnh mc gii hn. Trong Windows Server 2008 b sung
mt thnh phn mi c tn gi l Windows Firewall with Advance Security. Cng c ny cho php bn d
dng thc hin cc thao tc cu hnh a dng v cao cp trn
87

QUN TR MNG II | 1/21/2012

firewall,nhng im mi ng ch l:
1. iu khin kt ni ra vo trn h thng (inbound v outbound)
2. Tch hp cht ch vi Server Manager.Khi bn s dng Server Manager ci t
dch v,firewall s c cu hnh mt cch t ng ph hp vi cc dch v va
ci t.
3. Nhng ci tin trong qun l v cu hnh cc chnh sch trn IPsec.ng thi ,IPsec
cng c thay bng mt khi nim mi , l Connection Security Rules.
4. Nhng ci tin trong hot ng
Windows Firewall with Advance Security s dng hai loi rule cu hnh :
1. Firewall rules : dng xc nh kt ni no c cho php hoc b cm
2. Connection Security rules : phc v cho mc ch bo mt ng truyn gia my tnh ny vi
cc my tnh khc.
Sau khi hon thnh vic xy dng cc rule,bn s da vo cc firewall profile p dng
rule cho my tnh.Firewall profile l khi nim dng ch v tr m my tnh kt ni.Trn Windows
Server 2008 c ba loi firewall profile sau:
1. Domain : p dng khi mt my tnh c kt ni vo domain
2. Private : p dng khi mt my tnh tr thnh thnh vin ca mng ni b nhng cha kt ni
vo domain.
3.Public: p dng khi mt my tnh kt ni vo cc h thng mng cng cng chng hn nh
Internet.
II.LM QUEN VI GIAO DIN
B1: m Windows Firewall with Advance Security vo Start -> Administrator - > tools Windows
firewall with Advance security

88

B2: trong bng windows firewall with


advance security on local computer cung cp
thng tin v cc firewall profile nh domain,
Private v Public. y l nhng thit lp mc
nh
- khung bn tri c cc chc nng nh
Inbound rule, Outbound Rule, Connection
Security rule v monitoring
- khung Action bn phi Import Policy,
Export Policy a cc chnh sch vo v
a ra.
- Chng ta s kho st mt s thuc tnh mc
nh ca Windows firewall advance security.
khung action bn phi chn Properties.

B3: Tab Profile


- Firewall state: Cho php thay i gia hai trng thi ca firewall l On hoc Off
- Inbound connections: iu khin cc kt ni my tnh ny. Gi tr mc nh l Block(default) s kha
tt c cc kt ni khng tha mn mt trong cc rule c nh ngha trn firewall. Ngoi ra cn c 2
ty chn khc l Allow v block all connection. Allow l cho php tt c cc kt ni n v block all
connections chn cc kt ni n.
- Outbound connections: iu khin cc my tnh i ra t my tnh ny. Gi tr mc nhl Allow
(Default), cho php thc hin cc kt ni n nhng h thng khc. Nu s dng ty chn Block, bn s
cm my tnh ny thit lp cc kt ni trong mng. Do bn nn gi nguyn gi tr mc nh m
bo my tnh ca mnh c th lm vic tt
- Settings: Chn Customize thc hin mt s thit lp b sung cho firewall.
- Logging: Chn Customize thay i cc thit lp mc nh ca h thng file log
QUN TR MNG II | 1/21/2012

B4: tab Private profile v tab public profile tng t nh domain profile. y l cc thit lp
dnh cho nhng my tnh khng thuc domain

89

B5: Tab Ipsec Settings:


- Ipsec defaults bao gm nhng thit lp mc
nh s c p dng khi bn to ra mt
Connection Security Rule mi. thay i bn
chn Customize. Lu l bn c th hiu
chnh cc thit lp ny trong qu trnh to mi
mt Connection Security Rule
- Ipsec exemption gip bn d thay i gi tr
mc nh thnh YES, bn s d dng s dng
cng c nh ping, tracert ... d tm nguyn
nhn v s l s c.

QUN TR MNG II | 1/21/2012

III.FIREWALL RULE
Windows firewall with Advance security bao gm 2 loi firewall rule l Inbound rules v Oubound
rules. Cc firewall rule ny cho php bn to ra cc rule nhm iu khin cc kt ni n v i t
my tnh chy h i hnh Window server 2008
Trong mn hnh lm vic ca window firewall with advance security, click chn Inbound rules. Bn
s thy xut hin mt danh sch firewall rule trn h thng, trong khung gia

90

QUN TR MNG II | 1/21/2012

Cc firewall rule ny c to ra mt cch t ng khi bn ci t cc dch v cng nh b sung cc


thnh phn vo server. Lu : trong danh sch trn cha c mt firewall no c kh nng cho php
cc kt ni t my tnh khc n my tnh ny.
Vi Outbound Rules cng tng t

91

92

QUN TR MNG II | 1/21/2012

Bn cng c th sp xp v xem tng loi firewall rule p dung cho firewall profile bng cch nhp chut
phi vo Inbound rule hoc Outbound rules v lc theo cc iu kin nh profile, state, group. Sau chn
filter by...
- Nu mun xem chi tit ca mt firewall rule, click p vo rule .

QUN TR MNG II | 1/21/2012

- Trn tab General, bn xem v thay i trng thi ca firewall rule bng cch nh du hoc b chn mc
Enabled. ng thi mc action, chn mt trong 3 ch Allow the connections allow only secure
connections v Block the connections cho php hoc chn kt ni tng ng.
- Trn tab Programs and Services, bn c th thc hin cc thao tc nhm cho php hoc cm truy cp
n cc dch v hoc ng dng tng c ci t trn h thng. thit lp ng dng hoc dch v c th,
s dng cc chc nng Browse hoc Settings.
- Trn tab computer, bn c th thit lp nhm user hoc computer m firewall rule ny s p dng vic
ny c thc hin bng cch nh du chn vo mt trong hai mc Only allow connection from these
computers v Only allow connection from these users. Sau s dng chc nng Add b sung user v
computer tuong ng.
Lu : xc thc user v computer, bn cn thit lp Allow secure connection mc action ca tab
General. ng thi user v computer phi thuc domain v Ipsec phi c cu hnh trn cc h thng
tham gia vo qu trnh xc thc.
- Trn tab Protocols and Ports, thit lp giao thc v port m firewall rule s p dng.
Protocol type: Bn chn mt giao thc tng ng trong danh sch nh UDP,TCP,ICMP...
Protocol number: Bn nn s dng gi tr mc nh ca h thng. Tt nhin bn cng c th din gi
tr thch hp vi giao thc ca mnh
Local port: Bn thit lp port ca server ng vi firewall rule. Nn to mt Inbound rule, port ny s
c my ch dng lng nghe cc yu cu truy cp n. Nu to mt outbound rule, port ny s
c server s dng thit lp kt ni n cc my tnh khc.
93

B3:Chn Next tip tc. Tai bng program bn c


th chn all program p dng cho tt c chng
trnh hoc chn chng trnh c th nu chn this
program path. Sau browse v ti chng trnh .

B4: Chn Next tip tc. Ti bng Protocol and


ports, chn giao thc ph hp mc Protocol type.
ng thi hai mc local port v remote port, chn
cc port ph hp v in gi tr port tng ng ngay
di.

94

QUN TR MNG II | 1/21/2012

Remote port: Bn thit lp port ca my tnh khc m firewall rule ny s p dng (remote
machine). Nu to mt outbound rule, y s l port trn my tnh xa m server ny s kt ni n
(destination port). Nu to mt inbound rule, y chnh l port m my tnh xa s dng kt ni
n server ny. (source port)
Internet Control Message Protocol (ICMP) settings: Nu bn mun thit lp trn giao thc ICMP,
chn Customize
- Trn tab Scope cho php bn thit lp cc gi tr trong mc Local IP Address v Remote IP address
firewall rule ny p dng
Local IP address l a ch IP m server ny hoc dng lng nghe kt ni t my tnh khc dn
vi inbound rule, hoc dng lm a ch IP ngun cho mnh thit lp kt ni n cc my tnh
khc vi outbound rule
Remote IP address l a ch IP ca my tnh xa m server ny s kt ni n vi outbound rule,
hoc y s l a ch IP ngun m my tnh xa s s dng kt ni n server ny vi inbound
rule.
- Trn tab Advance bn c th thit lp cc profile v cc loi kt ni (interface type) s s dng trong
firewall rule ny. Bn c th thit lp tt c cc profile hoc mt s profile ph hp. Nu mun cu hnh cc
loi kt ni ny chn Customize mc Interface type v la chn tng ng.
IV.TO MT FIREWALL RULE
To mt firewall rule cho Inbound (Vi outbound bn lm tng t)
B1: Nhp chut phi vo Inbound rules v chn new B2:Ti bng rule type chn custom chnh c
rule
ty chn

QUN TR MNG II | 1/21/2012

95

B5: chn Next tip tc. Ti bng Scope chn kt


ni ph hp

B6:Chn next tip tc. Ti bng action, chn


allow the connection cho php kt ni n. Allow
the connection if it is secure cho kt ni n
nhng m bo iu kin bo mt. Chn block the
connection ngn chn kt ni.

B7: Chn Next tip tc. Ti bng profile chn


kiu profile bn mun p dng rule.

B8:Chn Next. Ti bng name g tn rule v nhp


thng tin ch thch v rule mc Descripton

B9: chn Finish kt thc, Lc ny xut hin Inbound rule mi

I.Gii thiu
Bi lab bao gm nhng ni dung chnh sau:
- Ci t Windows Server Backup Features
II.Chun b
- 01 my ci Window server 2008 Enterprise.
III.Thc hin
1. Ci t Windows Server Backup Feature
B1: Khi ng server manager -> Features -> Add
Features

QUN TR MNG II | 1/21/2012

CHNG XII: WINDOWS SERVER BACKUP FEATURE

B2:Check vo mc Window Server Backup


Features -> Click Next -> Install -> Close

96

QUN TR MNG II | 1/21/2012

B3: Ti Server Manager.Click vo Storage


Windows Server Backup. Ti khung Action bn
phi,click Backup Schedule

B4: Khi bng Getting started hin ra,chn Next.

B5: bng Select backup configuration chn kiu


cn backup.

B6: Ti bng Select backup items .Chn a cn


backup. y s chn C v a ny cha d liu
ca h iu hnh Windows Server 2008

- Full Server : backup ton b d liu trn server.


- Custom : cho php ty chn a cn backup.
y chn Custom.Sau chn Next

97

B7: Tip tc nhn Next .Ti bng Specify backup


time, chn thi gian:
- Once a day : backup 1 ln trong ngy vo lc
- More than once a day : chn backup nhiu ln trong
mt ngy.
Bn chn thi gian cn backup v chn Add .Nu
mun xa thi gian th chn Remove. Sau
khi chn xong,tip tc nhn Next.

B9:Chn Finish

QUN TR MNG II | 1/21/2012

B8: Ti bng Select destination disk,nh du chn


a m bn mun backup n v chn Next.

98

QUN TR MNG II | 1/21/2012

B10: Chnh thi gian cho trng khp vi thi gian Backup v kim tra

--HT--99

You might also like