TI LIU HNG DN

THC HNH XY DNG H THNG MNG

WINDOWS SERVER 2008
(LU HNH NI B ATHENA)

-1-

MC LC
LI CM N ................................................................................ Error! Bookmark not defined.
LI M U .................................................................................................................................4
CHNG I: TNG QUAN TI .............................................................................................. 5
I. GII THIU KHI QUT V CNG TY ...................... Error! Bookmark not defined.
1. GII THIU V DOANH NGHIP: ........................... Error! Bookmark not defined.
2. TR S V CC CHI NHNH: ................................. Error! Bookmark not defined.
II.
KHI QUT TI .....................................................................................................5
CHNG II: CC BC THC HIN TI .........................................................................6
I. Upgrade Domain Controller 2003 to Domain Controller 2008:..........................................6
1. Mc ch: .........................................................................................................................6
2. Cc bc thc hin: .........................................................................................................6
3. Cc bc thc hin: .........................................................................................................6
a. Nng cp Domain Functional Level: ...........................................................................6
b. Upgrade ln Windows Server 2008: ............................................................................7
c. Kim tra sau khi nng cp: ........................................................................................11
II.
Nng cp Domain Controller Domain Group Domain User Client Join Domain 12
1. Chun b:........................................................................................................................12
2. Cc bc thc hin: .......................................................................................................12
a. Nng cp Domain Controller:....................................................................................12
b. Join my workstation vo Domain: ...........................................................................18
c. To Domain Group: ...................................................................................................19
d. To Domain User: .....................................................................................................20
III.
Windows Deployment Services: ...................................................................................21
1. Mc ch: .......................................................................................................................21
2. Chun b:........................................................................................................................22
3. Cc bc thc hin: .......................................................................................................22
a. Ci t v cu hnh DHCP:........................................................................................22
b. Ci t v cu hnh WDS: .........................................................................................24
c. Thc hin ti my Client ........................................................................................... 29
IV.
Windows Server Backup ............................................................................................... 32
V. Network Access Protection ............................................................................................... 44
1. Mc ch: .......................................................................................................................44
2. Chun b:........................................................................................................................45
3. Cc bc thc hin ........................................................................................................45
a. Cu hnh Nap server: .................................................................................................45
b. Ci t v Cu hnh dch v DHCP ...........................................................................51
c. Cu hnh trn my Client ........................................................................................... 52
d. Cu hnh truy cp hn ch .........................................................................................55
VI.
VPN SSTP .....................................................................................................................58
1. Mc ch: .......................................................................................................................58
2. Ci t Stand Alone Root CA........................................................................................58
3. VPN Server xin v ci Certificate .................................................................................60
VII. Internet Information Service 7.0 ....................................................................................75
1. Cu hnh IIS Server .......................................................................................................75
VIII.
DFS ............................................................................................................................ 86
1. Gii thiu .......................................................................................................................86

-2-

2. Ci t DFS role service ................................................................................................ 87

IX.
AD RMS ........................................................................................................................94
1. Khi qut v AD RMS...................................................................................................94
2. Ci t IIS, Enterprise ...................................................................................................94
3. Ci Enterprise ................................................................................................................94
4. Ci t RMS ..................................................................................................................97
5. Kim tra trn my client .............................................................................................. 102
X. Terminal Services ............................................................................................................102
XI.
Network Load Balancing ............................................................................................. 111
1. Mc ch ......................................................................................................................111
2. Cu hnh Network Load Balacing ...............................................................................112
XII. Windows Server Core 2008 ......................................................................................... 115
1. Gii thiu ......................................................................................................................... 115
2.Ci t Windows server core 2008 ...................................................................................116
XIII.
Read Only Domain Controller .................................................................................121
1. Vn .......................................................................................................................... 121
2. Thc hin chia site .......................................................................................................122
Chng III: Quy M V Kh Nng ng Dng Thc T Ca Ti .........................................128
I. Quy M: ........................................................................................................................... 128
II. Kh Nng ng Dng Thc T: .......................................................................................... 128

-3-

LI M U

c th p ng c nhng yu cu cn thit t nhng cng vic trong lnh vc

cng ngh thng tin th vic thng xuyn nghin cu, tm hiu, phn tch cc cng ngh
mi l yu t mang tnh cp thit i vi bt k k s cng ngh thng tin no.
Hin nay, a s cc h thng vn cn s dng h thng mng hot ng trong mi
trng domain trn nn Windows Server 2003 hoc thp hn. Hin nay th thi gian s
dng ca cc h iu hnh ny n hoc qua 10 nm, sp ht c s h tr t
microsoft(Windows Server 2000 l in hnh) v nguy c b tn cng t cc l hng l rt
cao. Nhng do hot ng ca cc h thng ny cn rt tt, n nh nn qun tr vin rt
ngi nng cp h thng mi do phi bt u cu hnh li tt c. V cc dch v mng ca
h thng mi c nhiu tin ch thun tin gip ngi qun tr c th qun l nhanh v d
dng hn. theo kp thi i v h thng ca mnh c th c h tr tt nht v
tng thch vi nhng sn phm mi nh SharePoint 2010, SQL 2010, Windows 7 ta
cn phi nng cp h thng sao cho ph hp.
tm hiu v qu trnh nng cp h thng t Windows Server 2003 ln Windows
Server 2008 v mt s dch v mng ca Window Server 2008, ti xin chn ti:
Nghin cu v trin khai cc dch v mng ca h thng windows server 2008.
Ni dung ti bao gm ba chng:
Chng I: Tng Quan Ti.
Chng II: Qu Trnh Thc Hin.
Chng III: Quy M V Kh Nng ng Dng Thc T Ca Ti.

-4-

CHNG I: TNG QUAN TI

I.

KHI QUT TI

Tn ti: Nghin cu v trin khai cc dch v mng ca h thng

windows server 2008.
Cc ni dung chnh ca ti ny l:
-

Nng cp Domain Controller 2003 ln Domain Controller 2008.

Nng cp Domain Controller - Domain Group - Domain User

Client tham gia vo Domain.

-

Windows Deployment Service.

Windows Backup Server.

Cu hnh Network Access Protection.

Cu hnh Secure Socket Tunneling Protocol.

Internet Information Service 7.0.

Distributed File System.

Rights Management Services.

Terminal Services.

Network Load Balancing.

Windows Server Core 2008.

Read Only Domain Controller.

-5-

CHNG II: CC BC THC HIN TI

I.

Upgrade Domain Controller 2003 to Domain Controller 2008:

1. Mc ch:
Nng cp h thng ang hot ng Windows Server 2003 ln Windows Server
2008. Gi nguyn ton b ti nguyn ang c trong h thng. v d: cc domain, OU,
user, GPO.
2. Cc bc thc hin:
Lu :
- Backup h thng hin ti, phng h s c.
Chun b:
-

1 Server Window Server 2003 ln Domain Controller.(Domain:

athena.edu.vn)
-

Chp source ci t Windows Server 2008 vo a C ca my DC-

2k3.
-

Chnh Password n gin

3. Cc bc thc hin:
a. Nng cp Domain Functional Level:
M Active Directory Users and Computers. Chut phi vo tn domain, chn
Raise Domain Functional Level. Chn Windows Server 2003 trong Select an
available domain functional level. Sau chn Raise, chn yes.

-6-

Trong Active Directory Users and Computers, ta to vi OU, User, Group sau khi
nng cp

b. Upgrade ln Windows Server 2008:

Bc 1: Vo cmd g cc lnh sau:
-> Lnh 1: cd c:\win2k8\sources\adprep

-7-

-> Lnh 2: Adprep/forestprep

Nhn C ri ENTER tip tc.

->Lnh 3: Adprep /domainprep /gpprep

Bc 2: chy file setup trong b source Windows Server 2008

B1: Chn Install now
B2: Chn Do not get latest updates for installation->Next->No

-8-

 B3: Chn Windows Server 2008 Enterprisev(Full Installation)->Next

-9-

 B4: Check mc I accept the licent term->Next

B5: Chn Upgrade

-10-

 B6: Next->Qu trnh ci t din ra.

c. Kim tra sau khi nng cp:
Vn cn cc OU v user

Kim tra password policy vn gi nguyn

-11-

II.

Nng cp Domain Controller Domain Group Domain User

Client Join Domain

1. Chun b:
-

1 my Windows Server 2008

1 my Client(Window XP, Window Vista, Win 7)

Chn Sources Windows Server 2008 vo a o

2. Cc bc thc hin:
a. Nng cp Domain Controller:

B1: Chnh IP (Start->Setting->Network Connection->Right Click Properties>Chn Internet Protocol Version 4 (TCP/IPV4) ).

-12-

 B2: Vo Start->Chn Run->G dcpromo->Enter.

B3: Check Use advanced mode installation -> Next

-13-

 B4: Next ->check Create a new domain in a new forest -> Next

-14-

 B5: in tn domain vo -> Next

-15-

 B6: Domain NetBios Name->Next

B7: Set Forest Functional level->Chn Windows Server 2008->Next

-16-

 B8: Ca s Additional Domain Controller Options ->Next->Yes

B9: Location of Database, Logs Files and SysVol->Yes

B10: Mn hnh Directory Services Restore Mode Administrator Password ->
Nhp Password v Confirm Password:P@ssword->Next

-17-

 B1: Mn hnh Sumary->Next

B12: H thng nng cp->Finish->Restart now

b. Join my workstation vo Domain:

-

Thc hin trn my Client Win XP: 192.168.2.2/24

B1: Chnh IP nh sau:

-18-

 B2: Chut phi My Computer -> Properties -> Computer Name-> Change->
Nhp tn Domain->Nhp User: Administrator v Password: @then@

->Bo join thnh cng

c. To Domain Group:
M Active Directory Users And Computers-> chut phi ln domain
athena.edu.vn->New->Group

-19-

d. To Domain User:
M Active Directory Users And Computers-> chut phi ln domain
athena.edu.vn->New->User

-20-

-> Nhp Password v Confirm password

III.

Windows Deployment Services:

1. Mc ch:

-21-

Trin khai ci t h iu hnh cho cc my trm (client) ng thi

join cc my trm vo Domain mt cch t ng t my ch (server) vi mt

dch v c tch hp sn trn windows server 2008 l Windows Deployment
Service (WDS).
2. Chun b:
-

My PC01: Windows Server 2008 ln domain: Athena.edu.vn

IP: 192.168.21.1/24
PDNS: 192.168.2.1
-

My PC02: Window Client: XP,Vista,Win7Chnh ch card

mng nhn IP ng.

3. Cc bc thc hin:
a. Ci t v cu hnh DHCP:
-

Thc hin ti PC01.

Vo Admin Tools-> Server Manager -> Roles-> Add Roles-> Next-> Chn
DHCP Server->Next-> Next

-22-

 Ca s Nextwork Connection Bindings chn Card 192.168.2.1-> Next->

Mn hnh Ipv4 DNS Setting chn Next->Ipv4 WINS Setting do khng s
dng nn gi tr mc nh chn Next-> Trong mn hnh DHCP Scope
nhp Add thm mt Scope nh sau:

-23-

 Do khng s dng Ipv6 nn mn hnh DHCPv6 Stateless Mode chn

Disable DHCPv6 stateless mode for this server ->Next
Mn hnh Authorize DHCP Server gi nguyn mc nh xc thc cho
DHCP Server->Next
Mn hnh Confirmation cho bit khi qut ni dung cu hnh DHCP Server
-> Install
b. Ci t v cu hnh WDS:
Vo Admin Tools-> Server Manager -> Roles-> Add Roles-> Next->
Chn Windows Deployment Services->Next-> Next Mn hnh Role
Services gi nguyn mc nh chn Next-> Install.

-24-

 M Windows Deployment Services-> nhp phi server chn Configure

Server->Next. WDS to mt th mc cha ton b file cn thit ci t
cho cc Client y l th mc RemoteInstall trong C:\-> Next->Yes.
Do my ny ta va ci DHCP Server va ci WDS Server nn trong mn
hnh DHCP Option 60 chn 2 mc:

Mn hnh PXE Server Initial Setting->Respond to all (known and unknow)

client computer->Finnish
Mn hnh Configure Complete b chn Add Images to the Windows
Deployment Server now -> Finish
Chn sources Windows Server 2008 vo a o. Tin hnh ci t
Windows Server 2008 cho my client.
Khai bo Sources Windows
-

Nhp phi Install Images -> Add Install Image copy source ci

t Windows Server 2008 ln WDS Server-> Next

-25-

Trong Mn hnh Image Group t tn nh sau:

Chn file install.wim trong th mc source -> Next-> Chn phin

bn Window Longhom Serverenterprise-> Next-> Next-> ch Windows add

file Image ny vo->Finish

Khai bo file Boot

-

Nhp phi Bootl Images -> Add Bootl Image thm file boot ca

Windows Server 2008 -> Chn browse ng dn Win2k8\source\boot.wim

-> Next-> ch Windows add file ->Finish
n y c bn cu hnh xong WDS tuy nhin trong qu trnh ci t
Windows s yu cu nhp mt s thng tin nh ngy gi, tn my, tn
ngi s dng ci t ng ta to mt Answer File, y ta da vo
mt file mu sau chnh cha li, file ny co tn l unattend.xml, file c
ni dung nh sau:

<?xml version="1.0" ?>

<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-Setup"
publicKeyToken="31bf3856ad364e35" language="neutral"
versionScope="nonSxS" processorArchitecture="x86">
<WindowsDeploymentServices>
<Login>
<WillShowUI>OnError</WillShowUI>
<Credentials>
<Username>Administrator</Username>
<Domain>athena.edu.vn</Domain>
<Password>P@ssword</Password>
</Credentials>
</Login>
<ImageSelection>

-26-

<WillShowUI>OnError</WillShowUI>
<InstallImage>
<ImageName>Windows Longhorn SERVERENTERPRISE</ImageName>
<ImageGroup>Deploy Windows server 2008</ImageGroup>
<FileName>Install.wim</FileName>
</InstallImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>1</PartitionID>
</InstallTo>
</ImageSelection>
</WindowsDeploymentServices>
<DiskConfiguration>
<WillShowUI>OnError</WillShowUI>
<Disk>
<DiskID>0</DiskID>
<WillWipeDisk>True</WillWipeDisk>
<CreatePartitions>
<CreatePartition>
<Order>1</Order>
<Size>7000</Size>
<Type>Primary</Type>
</CreatePartition>
</CreatePartitions>
<ModifyPartions>
<ModifyPartion>
<Order>1</Order>
<PartitionID>1</PartitionID>
<Letter>C</Letter>
<Label>TestOS</Label>
<Format>NTFS</Format>
<Active>true</Active>
<Extend>false</Extend>
</ModifyPartion>
</ModifyPartions>
</Disk>
</DiskConfiguration>
</component>
<component name="Microsoft-Windows-International-Core-WinPE"
publicKeyToken="31bf3856ad364e35" language="neutral"
versionScope="nonSxS" processorArchitecture="x86">
<SetupUILanguage>
<WillShowUI>OnError</WillShowUI>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<UILanguage>en-US</UILanguage>
</component>
</settings>
</unattend>

Copy file unattend.xml vo th mc C:\RemoteInstall\WdsClientUnattend

Ti mn hnhWDS-> Nhp phi server athena.edu.vn chn Properties->
Chn tab Client v click chn Enable unattend installation. y ta ch s

-27-

dng phin bn Windows Server 2008 x86 nn mc x96 ta nhp ng

dn file unattend.xml trong C:\RemoteInstall\WdsClientUnattend

Tng t ti Install Image chn Deploy Windows server 2008-> mn hnh

bn phi, nhp phi Image chn Properties. Tab General chn Allow
image to install in unattene mode ->chn Select File-> nhp ng dn
file unattend.xml trong C:\RemoteInstall\WdsClientUnattend-> OK-> OK.

-28-

c. Thc hin ti my Client

Vo Bios chnh PC c th Boot qua mng bng cch chn Menu Boot->
Chnh First Boot l Card mng ca my.

-29-

 Qu trnh Boot thng qua card mng ca my PC02:

-30-

-31-

IV.

Windows Server Backup

1. Mc ch:

Windows Server Backup cung cp tnh nng lu tr (backup), phc hi d

liu (restore) v phc hi h thng (Operating System Volume Recovery).
2. Cc bc thc hin:
a. Ci t Windows Server Backup:
Vo Admin Tools-> Server Manager -> nhp phi Features-> Add Feature
-> Bung Windows Server Backup Features Chn Windows Server Backup
->Next

Ca s Confirm Installation chn Install->Ci t hon tt->close

b. Backup Full Server:

-32-

 B1: M Windows Server Backup, vo Action->chn Backup Once>Ca s Backup Option, kim tra chn Different options chn Next

B2: Ca s Select backup configuration, chn Full server->Next

-33-

 B3: Ca s Specify destination type, chn Local drivers->Next

-34-

 B4: Ca s Select backup destination, chn cng c lu file backup

->Next

-35-

 B5: Ca s Specify advanced options, chn VSS copy backup ->Next

-36-

 B6: Ti ca s Confirmation chn Backup->Next

B7: Ca s Backup progress tin hnh backup, kim tra thnh cng->
close

-37-

-> Kim tra Windows Explorer, vo cng lu file backup kim tra c folder
WindowsImageBackup (folder lu tr cc file backup).

-38-

c. Restore File v Folder:

B1: Xa vi th mc ca h thng (Window mt d liu)

B2: M Windows Server Backup, vo Action->chn Recover->Ca s

Getting started chn This Server chn Next

-39-

 B3: Ca s Select backup date, chn ng ngy lu tr, chn Next

B4:Ca s Select recovery type, chn Files and Folders
B5:Ca s Select items to recover chn th mc cn restore

-40-

 B6: Ca s Specify recovery options->Next

B7: Ca s Confirmation->Recover->qu trnh restore hon tt->close

-41-

 B8: Kim tra thy d liu c phc hi

-42-

d. Operating System Volume Recovery:

B1: Gi lp h iu hnh b li. B a ci t Windows Server 2008 vo
DVD ROM tin hnh nh ci t Windows.->Ca s Install Windows->Next>Ca s Install Windows tip theo chn Respair your computer->Ca s
System Recovery Options chn Microsoft Windows Server 2008->Next

B2: Ca s Choose a recovery tool, chn Windows Complete PC Restore

-43-

 B3:Ca s Restore your entire computer from a backup, chn Use the latest
available backup->Next

Next-> qu trnh restore din ra-> hon tt->Finish

V.

Network Access Protection

1. Mc ch:
Vn pht sinh l nu mt my Client no trong h thng mng c cp
IP hon chnh v c th truy cp Internet rt tt v gi s khi my Client
ny khng c ci t cc chng trnh Anti Virus hoc ngi dng khng
c thc v bo mt lm cho my ny v tnh b nhim Virus t Internet...
Nh vy v tnh c h thng chng ta b ly nhim Virus do my Client ny
pht tn mt cch v . V vy do nhu cu thc t h thng mng i hi phi
c mt c ch cht ch hn chnh l dch v Network Access Protection
(NAP).

-44-

 Thc t NAP ng dng rt nhiu lnh vc tuy nhin trong bi chng ta s

kho st NAP cho DHCP DHCP Server cp pht IP cho cc Client mt
cch t ng nhng vi mt tiu chun no , ngha l cc my Client nu
tha y cc tiu chun m DHCP Server t ra th mi c cp IP
ngc li s c cp IP nhng khng c cp Default Gateway. Nh vy
vi cc my Client khng tha cc tiu chun m DHCP Server t ra s c
php truy cp trong mng ni b m thi v khng th ra Internet c nhm
gim n mc ti a kh nng ly nhim Virus t Internet.
2. Chun b:
My PC01 Windows Server 2008 ln domain l Athena.edu.vn v

s ci them dch v NAP.

My PC02 Client(Window XP, Window Vista, Win 7) join

domain Athena.edu.vn.
3. Cc bc thc hin
a. Cu hnh Nap server:
B1: Ci t Network Policy and Acces Service

-45-

Ca s Select Role Serices-> chn Network Policy Server

I
n
s
t
a
l
l
->Qu trinh ci t din ra->hon tt->close
B2:Khai bo cc tiu chun sc khe:
-

M Network Policy Server->Chn System Health Validation nhp

phi Windows Sercurity HealthValidators chn Properties-> Configure-> do

ta kim tra client nao c firewall th cho kt ni nn Windows Sercurity
HealthValidators ch chn A firewall is enable for all network connections>OK->OK.

-46-

Khai bo Health Policy:

- Trong Policies Health Policy New t tn: Full Access ti
Client SHV checks chn Client passes all SHV checks. Sau check
vo Windows Sercirity Health Validator OK.

-47-

Tng t to Limit Acces t tnti Client SHV checks chn Client

passes all SHV checks. Sau check vo Client fails one or more SHV
checks sau d check vo Windows Sercirity Health Validator OK.

-48-

 Khai bo Network policy:

- Trong Policies chn Network Policies ri disable 2 policy mc nh.
Click phi chut vo Network Policies chn New. t tn l Full
Access Policy Next Add chn Health Policies Add chn
Full Access OK

-49-

 Next chn Access granted. Chn Perform machine health check

only, tt ht cc la chn cn li Next Next Finish.

Tng t to cho Limit Access Policy, chn Health Policies Add chn
Limit Access OK Next chn Access denied. Chn Perform machine
health check only, tt ht cc la chn cn li Next Next Finish.

-50-

b. Ci t v Cu hnh dch v DHCP

-

Xem li bi Windows Deployment Services

Tuy nhinmc nh DHCP s khng hiu c cc police m ta qui nh nh

trn.

-51-

M dch v DHCP ->chn ipv4-> vo scope chn Properties->chn tab

Network Access Protection (NAP)->chn Enable for this scope->OK

c. Cu hnh trn my Client

-

Trn my client chnh IP ng, bt firewall, vo run g napclcfg.msc.

Chn Enforcement Client Chn DHCP Quarantine Enforcement Client

Right click chn Enable

-52-

Vo services.msc chn Network Access Protection Agent v chuyn sang ch

Automatic v Start ln

-53-

Run cmd ipconfig /renew

-54-

Tt firewall g li ipconfig /renew

d. Cu hnh truy cp hn ch
-

Network policy server Network Policies Double vo Limit Access

trong Overview chn Grant Access. Qua tab Setting chn Nap
Enforcement chn allow limited access vo Enable auto remediation of
client computers Chn Configure Trong Troubleshooting URL in
a ch trang web cn chuyn n OK OK.

-55-

-56-

Kim tra kt qu: bt firewall->cp ip-> Truy cp bnh thng

Tt firewall -> Cp ip-> Thng bo li truy cp hn ch v hin trang Web

c chuyn n.

-57-

VI.

VPN SSTP
1. Mc ch:
VPN l gii php h tr truy cp t xa c chi ph v hiu qu tt nht hin
nay cho mt h thng mng doanh nghip. Ta c th trin khai h thng VPN
phc v cc nhu cu:
-

H tr truy cp t xa vo h thng mng ni b

Kt ni cc h thng mng nm nhiu v tr a l khc nhau.

Cc c ch kt ni: PPTP, L2TP, SSTP

SSTP l c ch kt ni VPN bng HTTP over Secure Socket Layer

(HTTP over SSL) port 443. Thng thng, trong h thng mng hin nay d l
cc Firewall hay Proxy server u cho php truy cp HTTP v HTTPS. V vy, d
bt k u cc my client u c th kt ni VPN bng c ch SSTP v m bo
bo mt c gi tin v p dng phng php m ha SSL.
2. Ci t Stand Alone Root CA
-

Vo Server Manager Add Roles chn Active Directory

Certifacate Services Next Next Chn Certification Authority Web

Enrollment chn Add Required Services Next.

-58-

-59-

Trong Specify Setup Type chn Standalone chn Root CA

Next chn Create a new private key Next Next t tn CA Next

Next Install Close.

3. VPN Server xin v ci Certificate

-

Trn my VPN Server m trnh duyt truy cp vo a ch:

http://172.16.1.1/certsrv

chn Request a certificate chn Advance

certificate request.

-60-

-61-

Chn Create and submit a request to this CA in tn : Athena

Type of Certificate Needed: Server authentication Certificate

Chn Mark Keys as exportable Submit yes.

Trn my Stand alone CA Admin Tool Certification Authority

Issua certificate va xin.

-62-

Trn VPN Server truy cp vo http://172.16.1.1/certsrv tin hnh ci

t Certificate va xin.

-63-

-64-

Export certificate t Certificate.

-65-

M Certificate (Local Computer) Import certificate va export t

Certificate.

-66-

 Cu hnh VPN Server

-

To user vo properties user chn tab Dial-in Allow Access.

Admin Tool Routing and remote Access chn configure and

Enable Routing and Remote Access Next Custom configuration chn

VPN Access v Lan Routing Next Finish.

-67-

Chut phi ln Server Properties. Tab IPv4 Static Address

pool Add cp dy ip ng OK.

-68-

Client kt ni n VPN Server.

-69-

-70-

-71-

-72-

-73-

-74-

VII. Internet Information Service 7.0

1. Cu hnh IIS Server
-

Ci IIS trn my Web Server Server Manager Add Roles

Web Server (IIS) Next.

-75-

Vo DNS, ti Revert lookup Zone to Zone mi 192.168.x.x, ti

Forward lookup Zone to Zone athena.com.vn v to cc Host cho domain

ny.

-76-

Vo IIS Manager to website mi

Nhp phi vi Sites chn Add Web Site t tn website ch

ng dn ti ni cha ni dung trang web trong Physical Path OK

-77-

Mc nh h thng s chy default website, v vy phn bit cc

Website vi nhau trong Server 2008 dng Host Name

-

Nhp phi vo athena.com.vn chn Edit Bindings

Trong ca s Site Bindings chn Add

-78-

Add mt Host Name mi l www.athena.com.vn

Xa Host name default i ch li 2 Host Name mnh va to.

-79-

Start Website.

Lm tng t cho web quantrimang.net

Cu hnh SSL cho trang Web

Ci Certificate (tng t phn VPN)

Vo IIS chn Server Certificate

-80-

Xin Certificate cho Web Server chn Create Certificate Request

Nhp common name l www.athena.com.vn

-81-

Trong File Name nhp ng dn trch xut Certificate. VD:

C:\athena.txt
-

M file athena.txt v copy ni dung.

Vo trang web ca CA Server d xin Certificate Request a

certificate.
-

Truy cp 192.168.2.2/certsrv chn Advanced certificate request

chn link th 2
-

Ti mc Saved Request dn ni dung khi ny vo submit

-82-

M Certificate Authority Server CA Pending request chn

All task Issue.

-

Trn my Web Server truy cp http://192.168.2.2/certsrv chn

view status of the Pending certificate request xem trng thi ca Certificate
v ci CA v my.
-

Chn Saved Request certificate chn Download certificate lu

vi tn certnew.cer

-83-

Trong Server Certificate ca IIS chn Complete Certificate Request.

Chn file certnew.cer trong ca s Specify Certificate Authority

Response v t tn l athena.com.vn

-84-

Cu hnh SSL cho athena.com.vn chn Edit Bindings Add

Site Bindings chn https.

-

Trong SSL Certificate chn Web Athena.

T my Client truy cp trang athena.com.vn bng SSL.

-85-

VIII. DFS
1. Gii thiu
-

Trong mng LAN khi h thng mng i hi phi thc hin vic

chia s ti nguyn gia cc ngi dng trong mng vi nhau ngy cng nhiu
th i hi h thng phi c mt File Server m ng cng vic ny. Tuy
nhin, trn thc t, vi mt h thng mng ln th vic mt my File Server
gnh tt c cc yu cu l khng th. M yu cu l lm sao c nhiu File
Server hn v cng chia s mt lng ti nguyn no . gii quyt,
Microsoft a ra mt gii php l Distributed File System (DFS) hay cn
gi l h thng d liu phn tn. D liu dng chia s cho ngi dng s
khng cn nm trn 1 File Server na m ty vo yu cu thc t m ngi

-86-

qun tr s thit k 2 hay nhiu File Server cng thc hin vic chia s ny,
tng hp tt c cc File Server ny c gi l DFS.
2. Ci t DFS role service
-

Vo Server Manager chn Add Roles File Server

Trong Create a DFS Namespace chn Create a namespace later

using the DFS Management snap-in in Server Manager v tin hnh ci t.

-87-

 To NameSpace
-

Vo DFS Management cu hnh DFS cho h thng.

Nhp phi vo Namespace chn New Namespace Browse Add

tn computer DFS vo Yes.

-88-

Trong Namespace Name and Setting t tn chia s mi vo Edit

Setting

-89-

Vo th mc C:\DFSRoots s thy c mt th mc l Data c

share
-

Hp thoi Review Settings and Create Namespace Chn Create

close.
-

To Thm Namespace server 2 trn server 1

Server Manager File Server DFS Management NameSpace

chut phi ln athena.edu.vn\data Add Namespace Server. Hp thoi

Namespace server Browse Chn tn my server 02 OK OK
Yes. Kim tra trn c 2 file server u c 2 namespace server.

-90-

 To Replication group
-

Cu hnh Replication h thng hiu trong mng c bao nhiu my

tham gia vo h thng DFS Ti Replication chn New replication Group

chn Multipurpose replication group Next t tn Next.

-91-

Trong Replication Group members Add tt c cc my tham gia

h thng DFS vo. Next Full mesh next next.

-92-

Ti Primary Member chn my server Next Add ch ng

dn n th mc d liu OK OK Next.
-

Trong Local Path of Data on Other Menbers ta Add cc my File

Server s tham gia vo DFS ph ti cho my th nht.

-93-

IX.

AD RMS

1. Khi qut v AD RMS

-

Active Directory Rights Management Services l mt dch v nhm

bo v bn quyn cho tc gi trnh tnh trng sao chp, chnh sa cc ti liu

m tc gi chia s cho cc user khc. Cc kiu d liu AD RMS h tr l
Office 2003, Office 2007, .
2. Ci t IIS, Enterprise
-

Ci IIS nh phn trn.

3. Ci Enterprise
-

Ti DC Server chn Server Manager Add Roles Active

Directory Certificate Services Next Next chn Certificate Authority

-94-

v Certificated Authority Web Enrollment Add Requires.. Next

Enterprise Root CA Next Create a new private key Next Next
t tn Next.

Cu hnh HTTPS
-

M IIS chn server double click vo Server Certificate

Create Domain Certificate in thng tin.

-95-

Chn CA server t tn Friendly name Finish.

Vo Server Sites Edit Binding Add

Add site Binding : Type: HTTPS, IP:All unassigned, Port: 443, SSL

certificate : Web
-

Th truy cp https://athena.edu.vn

-96-

4. Ci t RMS
-

Server Manager Add roles Chn Active Directory Right

Management Services Add Required Next Trong Specify Service

Account chn Specify, khai bo account Trong Specify Cluster
Address chn Validate Next in a ch web server Next ..
Install Close.

-97-

-98-

-99-

-100-

-101-

5. Kim tra trn my client

X.

Terminal Services

Trn my Server bt chc nng Allow Access trong Tab Dial-in cho

user cn Terminal.

-102-

Gn quyn cho php truy cp t xa vo h thng.

cc user c th truy cp c vo my server th phi thm chng

vo Group Remote Desktop User.

-

Trn my Client truy cp vo my Server.

Trn my Server ci Terminal Server.

-103-

-104-

-105-

M Terminal services cu hnh cho Terminal services

-106-

-107-

Add cc chng trnh mun chia s cho client.

-108-

-109-

-110-

XI.

Network Load Balancing

1. Mc ch
-

L mt dch v dng chia ti cho Web Server, Print Server, Mail

Server,Gi s ta c trang web www.athena.edu.vn v do nhu cu thc t

chng ta phi thit lp nhiu my Web Server cng tham gia chia ti cho trang
Web ny.V vy chng ta phi ng dng NLB chia ti.
-

Ci t Network Load Balancing

-111-

Server Manager Add Features chn Network Load Balancing Next

Install Close.

2. Cu hnh Network Load Balacing

-

Trn Server M NLB d cu hnh. Chn New Clusters to 1

giao thc mi.

-

Trong New Cluster: Connect chn card Lan Next Add thm

1 IP o Next.

-112-

-113-

Trong Port Rule Edit nhp port ca dch v cn chia ti

next Finish.

-114-

 Lm tng t Add Server 2 vo

-

Phi chut vo Virtual IP chn add Host To Cluster Nhp IP

ca my server 2 vo connect Chn card LAN .

-

Vo command line nhp ipconfig /all .

Ti DNS Server Add thm Host www ch n IP o.

XII. Windows Server Core 2008

1. Gii thiu
T Windows Server 2008 tr i Microsoft nhn thy vn bo mt v
n nh ca h thng cn phi c ch trng hn, do a ra mt
chun h iu hnh mi gi l Windows Server Core ch s dng lnh,
khng dng giao din ha.
Li ch ca windows server core :

-115-

Gim kh nng b tn cng t bn ngoi v n khng c giao din

ha.
-

Server Core cng gip gim cng tc bo tr v mi thao tc u thc

thin trn mt my Remote khc.

-

Chim rt t dung lng nn tt truy cp nhanh.

2.Ci t Windows server core 2008

Chn source vo Boot t CD chn thng s ngn ng, Install
now chn Windows Server 2008 enterprise (Server Core Installation)
Next Chn I accept the license term Next Chn Custom chn
Partition next .
Nng cp ln domain controller
t IP.
Xem IP ca card mng bng lnh sau:
Netsh interface ipv4 show interface
t IP :
-

Netsh

interface

ipv4

set

address

name=2

source=static

address=192.168.2.3 mask=255.255.255.0 gateway=192.168.2.200

t DNS :
-

Netsh interface ip set dns 2 static 192.168.2.2 primary

i tn my bng lnh sau:

-

Netdom renamecomputer %computername% /Newname:PC02

Restart my bng lnh: Shutdown /r /t 0

Tt Firewall : Netsh Firewall set Opmode Mode=Disable
Nng cp ln DC
-

To file unattend.txt vi ni dung:

[DCINSTALL]
ReplicaOrNewDomain=Domain
TreeOrChild=Tree

-116-

CreateOrJoin=Create
NewDomainDNSName=athena.com
DNSOnNetwork=yes
DomainNetbiosName=athena
AutoConfigDNS=yes
SiteName=Default_First_Site_Name
AllowAnonymousAccess=no
DatabasePath=%systemroot%\ntds
LogPath=%systemroot%\ntds
SYSVOLPath=%systemroot%\sysvol
SafeModeAdminPassword=
CriticalReplicationOnly=No
RebootOnSuccess=yes
Lu file ny trong th mc gc C
DCPROMO /Unattend:unattend.txt

-117-

G ipconfig /all kim tra.

-118-

Ti my Client chnh preferred DNS v my server core v join DC.

Qun l server core t xa

-

Ci t Remote Server Administrator Tools trong Server Manager

vo my client.

-119-

Ti my Client gi c y cng c qun l Windows Server

Core t xa.

-120-

XIII. Read Only Domain Controller

1. Vn
-

Gi s cng ty c tr s chnh ti thnh ph H Ch Minh v mt chi

nhnh ti H Ni, 2 h thng mng hai ni lin lc vi nhau phi trin

khai ng truyn kt ni c s h tng (Lease Line, VPN,).
-

Hin h thng mng ti tr s chnh ang c qun l theo m hnh

Active Directory vi domain athena.edu.vn, h thng ti H Ni cng c

qun l theo m hnh Active Directory thuc domain athena.edu.vn th phi
join cc my H Ni vo domain.
-

Trong trng hp ny chng thc cho cc my H Ni n nh,

ta cn cu hnh thm mt my Domain Controller H Ni, nhng v chi

nhnh H Ni khng c b phn IT v khng m bo bo mt cho Domain

-121-

Controller nn ch dng Domain Controler H Ni lu tr password v

chng thc cho cc user account ca h thng H Ni. gii quyt vn
ny cn trin khai mt Read-Only Domain Controller H Ni. V tin cho
vic chng thc gia 2 h thng ny cn chia h thng thnh 2 site HCM v
HN.

2. Thc hin chia site

-

Trn Server1 m Active Directory Sites and Services trong

Administrative Tools. i tn Default-First-Site-Name thnh HCM

To site mi tn HN

To Subnet. Nhp 192.168.10.0/24 vo Prefix chn HCM OK.

To Subnet cho HN. Nhp 172.16.1.0/24 vo Prefix chn HN

OK.

-122-

Nng cp Read-Only Domian Controller v ci Read-Only DNS

Server
-

Ti Server3, log on Admin domain

Run dcpromo check vo Use advanced mode install Next Next

Chn existing forest Add a domain controller to an existing domain Next
Next Next.
-

Select a Site chn HN Next

Chn c 3 DNS server, Global Catalog, Read-only domain controller

Next Next.

-123-

 Chn Set add user mun y quyn qun l RODC Next Next
Chn Use this specific domain controller, chn Server DC chnh Next
Next Nhp mt khu Next Next Check v Reboot on
complete.

-124-

 Kim tra.

-125-

Cu hnh Password Replication Policy

Ti Server HN. M Active Directory User and Computer vo OU

Domain controller phi chut vo Server chn properties.
Vo tab Passwork Replication Policy Add Chn Allow passwords for
the account to replicate to this RODC OK.

-126-

 Trong Select User, computer, or group add group HNGroup vo OK.

-127-

 Kim tra.

Chng III: Quy M V Kh Nng ng Dng Thc T Ca

Ti
I.

Quy M:

Ni dung phn ny l mt phn nm trong MSCA.

Ni dung bao gm nng cp domain t Windows Server 2003 ln Windows

Server 2008 v mt s dch v mng ca Windows Server 2008.

tm hiu k hn v Windows Server 2008 ta c th tham kho k hn t

mt s sch ni v cng ngh ny.
II. Kh Nng ng Dng Thc T:

-128-

Cung cp nhiu kin thc, k nng thc t v cu hnh v ci t mt mt dch

v mng ca Windows Server 2008.

Tip cn c vi cng ngh thng tin ca thi i.

Tng cng kh nng t hc, t lm, nng ng trong cng vic.

Gip cho sinh vin c kh nng nhn thc v cng vic tng lai v k nng
sinh vic.

-129-