Windows Server 2008

Lu hnh ni b
BI TP THC HNH
QUN TR MNG WINDOWS SERVER 2008
BI 1: LOCAL USER ACCOUNT & GROUP ACCOUNT
Gii thiu: Thng thng mt my tnh khng phi lc no cng ch c mt ngi no
s dng duy nht m trn thc t ngay c my trong gia nh chng ta i khi vn
c t nht t 2-3 ngi s dng. Tuy nhin nu tt c mi ngi u s dng chung
mt ti khon th nhng d liu ring t ca ngi ny ngi kia hon ton c th xem
c.
Nhng nu my tnh l my chung ca cng ty v vn t ra l ta khng
mun ti liu ca ngi dng ny ngi dng kia c th xem ty tin c. Vy cch
tt nht l cp cho mi nhn vin mt my nht nh v yu cu h t password ln
my ca mnh, nhng nh th th rt tn km v khng c a chung. Chnh v th
ngi qun tr mng s s dng cng c Local Users and Groups to cc ti khon
ngi dng trn cng mt my, khi d liu ca ngi ny ngi kia khng th truy
cp c.
Local User - to c User local bn phi c quyn ngang hng vi
Administrator ca h thng.
1. To Local user account

B1: M chng trnh Local user and group
- Start chn programs chn Adminitrative tools chn Computer Management
chn Local user and group
- Cch 2: Vo Start chn run g lnh lusrmgr.msc
B2: Click phi chut vo user chn New user
B3: in cc thng s:
Thc hnh Windows Server 2008
Trang 1
Lu hnh ni b
-
user name: SV1

Full name: Nguyen Van Nam
Desciption: Lop Truong
Password: abc@123
Confim Password: abc@123
B du check trc dng user must chang password at next logon chn
Create
B5: Lm cc bc trn to user SV1,SV2,SV3
B6: Log on vo user SV1
2. To Local Group Account
B1: Vo Start chn run g lnh lusrmgr.msc
B2: Click phi chut vo Group chn New group
B3: Group name: SINHVIEN chn add
Trang 2
Lu hnh ni b
B4: Hp thoi New group chn add g SV1 chn Check name chn ok
B5: Quan st thy user SV1 c add vo Group SINHVIEN

B6: Lm cc bc trn to Group GIAOVIEN v add cc user GV1, GV2 vo
BI 2: LOCAL POLICY
Gii thiu: Trong cng tc qun tr mng vic ng dng Group Policy vo cng vic
l iu khng th thiu i vi bt c nh qu tr mng no. Vi Group Policy ta c
th ty bin Windows theo ch m vi ngi s dng thng thng khng th lm
c
Chun b:
- M hnh bi lab gm 1 my
- To console Group policy Object
- To 3 user: U1, U2, U3 Vi password abc@123
- Add user U1 vo Group administrators
Thc hin:
1. M Group policy Object Editor
B1: M Group policy Object Editor
Start chn Run g lnh MMC
B2: Mn hnh console 1 chn menu file chn add/remove Snap-in
B3: Mn hnh add or Remove Snap-ins chn Group policy Object Editor chn
add
Trang 3
Lu hnh ni b
B4: Chn Finish
B5: Mn hnh add or Remove Snap-ins chn Group policy Object Editor chn
add
B6: Chn Browse
Trang 4
Lu hnh ni b
B7: Qua tab users chn U2 chn Finish
B8: Lm li B5-B6 Qua Tab user chn Administrators chn Finish

B9: Lm li B5-B6 Qua Tab user chn Non- Administrators chn Finish chn Ok
- Vo menu File- chn Save lu li vo Desktop vi tn l console1
2. iu chnh policy computer configuration

B1: Log on vo my bng account administrator chn Shutdown Xut hin bng
shutdown Enven tracker chn Cancel
- Cm USB vo my xut hin bng Autorun
B2: M console1 trn desktop chn Local computer policy chn computer
configuration Chn Administrative Templates chn system ct bn phi Double
click vo Display shutdown Enven tracker chn Disable
Trang 5
Lu hnh ni b
B3; ct bn tri m theo ng dn Local computer policy chn computer
configuration Chn Administrative Templates chn windows components chn
AutoPlay policies
B4: Ct bn phi chn Turn off Autoplay

B5: Chn Enabled chn all drives chn Ok
B6: M Start chn Run g lng CMD Enter
Ti mn hnh command line g lnh GPUPDATE/FORCE Chn Enter
Kim tra:
Vo Start chn shutdown khng cn xut hin bng shutdown Enven tracker
Cm USB vo my khng cn Autorun na
3. iu chnh policy user configuration

-
iu chnh policy user khng th truy cp control Panel
B1: Log on bng account Administrators m console1 trn desktop m theo ng

dn Local computer policy chn user configuration Chn Administrative
Templates chn control Panel.
- Ct bn phi double click vo policy prohibit access to the control Panel
chn Enable
Trang 6
Lu hnh ni b
- G lnh GPUPDATE/FORCE
B2: Kim tra Log of Administrator log on ln lt bng U1, U2 vo start chn setting
khng thy control Panel
4. User configuration-Non- admin Group

-
Chnh policy n dektop ch p dng trn nhng user Khng thuc Group
Administrators
B1: log on bng account Administrators M console1 trn dektop m theo ng

dn: Local computer\Non-Administrators policy chn user configuration chn
Administrative Templates chn dektop
- ct bn phi double click vo policy Hide and disable all items on the
desktop chn Enable
G lnh GPUPDATE/FORCE
Trang 7
Lu hnh ni b
Kim tra:
- log on vo my bng account U2 mi chng trnh trn desktop u b n
5. User configuration-Admin Group

Chnh policy n chc nng Chang password khi nhn Ctrl+Alt+Del ch p dng cho
user thuc group administrator
B1: Log on bng account administrator m console1 trn dektop m theo ng dn:
Local computer\Administrators policy chn user configuration chn
Administrative Templates chn system chn Ctrl+Alt+Del options
- ct bn phi double click vo policy Remove chang password chn Enable
G lnh Gpupdate/Force
B2: Kim tra:
- Log on vo bng quyn U1 Nhn Ctrl+Alt+Insert quan st thy khng c
chc nng chang password
- Log on vo bng quyn U2 Nhn Ctrl+Alt+Insert quan st thy c chc
nng chang password
6. iu chnh policy cho tng user

B1: Log on bng account administrator m console1 trn dektop m theo ng dn:
Local computer\U2 policy chn user configuration chn Administrative Templates
chn control Panel
- Ct bn phi double click vo Policy Prohibit access to the control Panel
chn Disable
Trang 8
Lu hnh ni b
- G lnh Gpupdate/Force
Kim tra:
- Log on U1,U3 Khng th truy cp control penel
- Log on U2 truy cp control penel thnh cng
BI 3:
LOCAL SECURITY POLICY
1. Password policy
B1: Log on bng administrator
To 1 user U4 v password l : 123
Bo li khng th to c do khng tha yu cu v phc tp ca password
B2: Vo start chn program chn Administrative Templates chn Local Security
policy
B3: M Account polices chn password policy
Quan st ct bn phi
Trang 9
Lu hnh ni b
B4:
Enforce password history: S password h thng lu tr (khuyn dng: 24)
Maximun password age: Thi gian hiu lc ti a ca 1 password (khuyn dng : 42)
Minimun password age: Thi gian hiu lc ti thiu ca 1 password (khuyn dng : 1)
Minimun password length: di ti thiu ca 1 password (khuyn dng 7)
Password must meet complexity requirements: Yu cu password phc tp (khuyn
dng: enable)
Chnh password policy:
- Password must meet complexity requirements chn disable
- Cc password policy cn li chnh gi tr v 0 chn OK
- G lnh Gpupdate/Force
Kim tra: to user U4 vi password 123 thnh cng
2. Account Lockout policy

B1: M local security policy
B2: theo ng dn Account policies chn Account lockout policy
- Quan st cc policy bn phi Account lockout threahold s ln nhp sai
password trc khi account b kha
- Account lockout duration: Thi gian account b kha
- Reset Account lockout counter after: thi gian khi ng li b m
B3: Chnh policy:
- Account lockout threahold : 3
- Account lockout duration: 30
- Reset Account lockout counter after: 30
Trang 10
Lu hnh ni b
Kim tra:
- ng nhp th sai password 4 ln khng th ng nhp c tip
- Chi sau 30 pht c th ng nhp li
3. user rights assignment

B1:
- Log on bng quyn U4 shut down My tnh khng c

- Thay i ngy gio h thng khng c
B2: Log on bng administrator m local security pilicy chn local policies chn
user rights assignment ct bn phi quan st thy c 2 policy.
- Chang the system time : cho php 1 user c quyn thay i ngy gi h thng
- Shutdown the system: cho php 1 user co quyn tt my
B3: Chnh policy:

- Chang the system time: a group users vo
- Shutdown the system: a group user vo policy
Kim tra:
Trang 11
Lu hnh ni b
-
Log on U4 Shut down th thnh cng

Thay i ngy gi h thng thnh cng
BI 4: SHARE PERMISSION
Vic chia s cc ti nguyn trn mng l iu khng th thiu trong bt k h
thng mng no, tuy nhin vic chia s ny cn ty thuc vo nhu cu ngi s dng
& ca nh qun tr mng, v d trong cng ty chng ta c nhiu phng ban v cc
phng ban trong cng ty c nhu cu chia s ti nguyn cho nhau tuy nhin nh qun tr
mng mun khng phi phng ban no cng c th truy cp v t cc d liu ca
phng ban khc.
Chng hn cc nhn vin trong phng kinh doanh th c th truy cp d liu ca
phng mnh v phng k thut thoi mi, nhng vi cc nhn vin trong phng k
thut ch c php truy cp ti nguyn trong phng mnh m thi v khng c php
truy cp cc ti liu t phng kinh doanh. Tnh nng Sharing and Sercurity.. s gip
ta gii quyt cc yu cu trn.
Chun b:
- M hnh bi Lab gm 2 my
+ PC01 Windows Server 2008
+ PC02 Windows Server 2008
- PC01 To 2 account U1 v U2 vi password l :123
- To Folder THUCHANH trong a C, trong th mc THUCHANH to 2
Folder l DULIEU v BIMAT
- Trong cc th mc to file thuchanh.txt ni dung ty
- M windows explore chn Tool chn folder options chn View b du
chn trc dng User Sharing Wizard
- Trn 2 my tt Firewall, UAC v chng trnh Virus. Kim tra ng
truyn bng lnh Ping
Thc hin:
1. Share mt Folder
B1: Vo th mc gc a C chn Foder DULIEU Click chut phi ln folder
DULIEU chn Share
B2: Ti tab Share Click vo Advanced Sharing.

- nh du check vo share this folder click vo Permissions
Trang 12
Lu hnh ni b
Pha trn chn Everyone pha di check vo Allow full control chn OK
B3: Ti my PC02 chn Menu Start chn Run g: \\PC01 chn OK

Hp thoi yu cu chng thc khi ng nhp in vo user name: U1 v
Password 123
Truy cp thnh cng thy Folder DULIEU
2. Share n mt folder
Thc hin trn PC01:
B1: Click chut phi ln folder BIMAT chn Share
Trang 13
Lu hnh ni b
B2: Ti tab Sharing Click chn vo Advanced Sharing.

- nh du check vo share this folder
- Khung Share name Thm vo BIMAT$ Chn vo Permissions
Pha trn chn Everyone pha di check vo Allow full control chn OK
Trang 14
Lu hnh ni b
B3: Ti my PC02 chn menu Start chn Run nhp vo \\PC01 truy cp vo
khng thy folder BIMAT
- Tt ca s explorer truy cp li PC01 Start chn Run nhp vo \\PC01\BIMAT$
G user name: U1 v Password 123 Truy cp vo Folder BIMAT thnh cng
3. Share mt folder vi nhiu tn

B1: Click chut phi ln folder DULIEU chn Share chn Advanced Sharing.
Click vo Add.
B2: Khung share name nhp vo DULIEU_KETOAN Chn Ok
Trang 15
Lu hnh ni b
B3: Kim tra trong hp thoi Advanced Sharing, phn Share name c 2 tn
DULIEU V DULIEU_KETOAN
4. Gn tn a mng truy cp cc shared folder

B1: Share th mc TAILIEU trn a C
B2: Click chut vo folder TAILIEU chn vo Tool Chn vo Map network drive..
- Driver: Chn tn a
- Folder: g vo \\tn PC\tn th mc Share sau chn Finish
B3: M Windows explore kim tra c a mng DULIEU(W)
Trang 16
Lu hnh ni b
5. Qun l cc Share Resources
Click chut phi ln biu tng Conputer ngoi Desktop Chn Manage chn vo
Role chn vo file services chn vo share and storage management Quan st bn
tay phi cc d liu hin ang c chia s trn my tnh
BI 5: NTFS PERMISSION
Nh chng ta bit khi chia s ti nguyn qua mng (Share) User s chu tc
ng ca Permission c quyn hay b gii hn quyn do Administrator phn quyn.
Nhng n ch c tc dng nu User t my Client truy cp vo cn nu User
ngi trn Server th mi tc ng ca Share Permission hon ton v ngha, v th
gii hn quyn ca User ti local ngi ta s dng NTFS Permission Khi khi User
truy cp vo mt ti nguyn no mng s chu tc ng ca 2 Permission l
Share Permission & NTFS Permission Trong khi nu truy cp ti local s ch chu
tc ng ca NTFS Permission .
iu kin s dng NTFS Permission l Partition ca bn phi c format
nh dng file system l NTFS.
Chun b: To cy th mc nh hnh di
To 2 Group: KETOAN, NHANSU

To 2 User : KT1, KT2 Add 2 user ny vo Group KETOAN
To 2 User : NS1, NS2 Add 2 user ny vo Group NHANSU
Trang 17
Lu hnh ni b
Phn quyn th mc bng Standard Permission

Phn quyn cho cc Group nh sau
- Trn th mc Data:
+ Group Ketoan v Nhansu c quyn Read
- Trn th mc Chung:
+ Group Ketoan v Nhansu c quyn Full
- Trn th mc Ketoan:
+ Group Ketoan c quyn Full
+ Group Nhansu khng c quyn

Trn th mc Nhansu:
+ Group Nhansu c quyn Full
+ Group Nhansu khng c quyn
1. Phn quyn trn th mc DATA

B1: Click chut phi ln th mc DATA chn Properties qua tab Security chn
Advanced
B2: Trang tab Permissions chn Edit
Trang 18
Lu hnh ni b
B3: B du check trc dng Include inheritable permissions from this objects
parent
B4: Mn hnh Windows security chn copy chn OK-OK
B5: Ti mn hnh DATA properties chn Edit
Trang 19
Lu hnh ni b
B6: Mn hnh Permissions for DATA chn Add
B7: Trong khung Enter the object names to select g KETOAN ; NHANSU Chn
check names
B8: Quan st thy KETOAN V NHANSU c gch chn xc nh group

KETOAN V NHANSU c tn ti chn OK
Trang 20
Lu hnh ni b
Quan st thy KETOAN v NHANSU c 3 quyn Allow: Read & excute, List folder
contents, read chn Ok-Ok
Kim tra:
- Ln lt log on va my bng quyn KT1,NS1 m th mc c:\DATA truy
cp thnh cng
- To Folder bt k xut hin thngbo li khng c quyn
2. Phn quyn cho th mc Chung

B1: Log on Administrator click chut phi ln th mc chung chn Properties qua
tab security chn Edit Ln lt chn tng Group Ketoan v Nhansu cho quyn
Allow full control chn Ok-OK
Trang 21
Lu hnh ni b
B2: Kim tra:

-Ln lt log on vo bng KT1, NS1 truy cp vo th mc Chung truy cp thnh cng
-To xa, folder bt k trong th mc chung thnh cng
3. Phn quyn cho mc KETOAN

B1: Click chut phi ln th mc KETOAN chn Properties qua tab security chn
advanced
B2: Trong tab Permissions chn Edit

Trang 22
Lu hnh ni b
parent
B5: Ti mn hnh KETOAN Properries chn Edit
Trang 23
Lu hnh ni b
B6: Chn Group NHANSU chn Remove
B7: Chn Group KETOAN chn allow full control chn ok-ok
Trang 24
Lu hnh ni b
Kim tra:
-Ln lt log on vo bng KT1, NS1 truy cp vo th mc KETOAN ch c KT1 truy
cp thnh cng, cn NS1 khng truy cp c.
-User KT1 To, xa file, folder bt k trong th mc KETOAN thnh cng
4. Phn quyn trn th mc NHANSU

B1: Click chut phi ln th mc NHANSU chn Properties qua tab security chn
advanced
B2: Trong tab Permissions chn Edit
Trang 25
Lu hnh ni b
parent
B5: Ti mn hnh NHANSU Properries chn Edit
Trang 26
Lu hnh ni b
B6: Chn Group KETOAN chn Remove
B7: Chn Group NHANSUchn allow full control chn ok-ok
Kim tra:
-Ln lt log on vo bng KT1, NS1 truy cp vo th mc NHANSU ch c NS1 truy
cp thnh cng, cn KT1 khng truy cp c.
-User NS1 To, xa file, folder bt k trong th mc NHANSU thnh cng
Trang 27
Lu hnh ni b
Phn quyn th mc bng Special Permission

Phn theo yu cu: File do user no to ra User mi xa c
B1: Click chut phi ln th mc KETOAN chn Properties qua tab security chn
advanced
B2: Trong tab Permissions chn Group KETOAN Chn edit
Trang 28
Lu hnh ni b
B3: Ti mn hnh advanced security Setting for KETOAN, Chn group KETOAN
chn edit
B4: mc Allow, tt du check Delete subfolders and file v delete chn ok 3 ln
Trang 29
Lu hnh ni b
B5: Kim tra:
-Ln lt log on vo bng KT1, KT2 truy cp vo th mc KETOAN
- KT1 to file KT1.txt
- KT2 to file KT2.txt
- Log on KT1 xa file KT2.txt bo li khng c quyn xa. Xa file KT1.txt thnh
cng.
- Log on KT2 xa file KT1.txt bo li khng c quyn xa. Xa file KT2.txt thnh
cng.
BI 6: DOMAIN
Trong cc bi trc chng ta hc v cc vn nh to user Account trn
server. Hy tng tng trong cng ty bn c khong 5 my tnh vi mi my chng ta
s to cc User Account cho nhn vin truy cp. Tuy nhin nu ngi dng ng nhp
vo my 1 lm vic sau anh ta sang my th 2 lm vic th mi ti nguyn do anh
ta to trn my 1 hon ton c lp vi my 2 v thm ch vi tng my Admin phi
to cc User Account ging nhau anh ta mi truy cp c, mi chuyn s khng tr
nn qu rc ri nu cng ty chng ta c chng y my . Nhng nu cng ty bn c
khong 100 my th mi chuyn li khc, vn t ra l ch l mi my Admin phi
ngi to 100 Account nhn vin truy cp? v v mi my c lp vi nhau vic tm
li d liu trn my m ta tng ngi lm vic trc l cc k kh khn.
Do Windows c tnh nng l Domain Controller (DC) gip ta gii quyt
rc ri trn. iu kin c mt DC l bn phi trang b mt my Server ring c
gi l my DC cc my cn li c gi l my Client, c h thng c gi l
Domain Khi Administrator ch vic to User Account ngay trn my DC m thi
nhn vin cng ty d ngi vo bt c my no trn Domain u c th truy cp vo
Account ca mnh m cc ti nguyn anh ta to trc u c th d dng tm thy.
1. Nng cp Domain Controller

B1: Chnh IP
- Menu start chn setting chn network Connections click chut phi vo card mng
Lan chn Properties b du check internet Protocol Version 6 (TCP/TPv6) chn
internet Protocol Version 4 (TCP/TPv4) nhn Properties
Trang 30
Lu hnh ni b
B2: iu chnh Preferred DNS server v IP ca chnh s my mnh ngi chn OK
B3: Vo menu Start chn Run nh lnh DCPROMO
B4: Mn hnh Welcome to th Active Derectory Domain Services Installtion wizard

chn user advanced mode Installtion chn next
Trang 31
Lu hnh ni b
B5: Mn hnh Choose a Deployment configuration chn Create a new domainin a
new forest
B6: Mn hnh Name the forest root Domain g tn domain cse.edu chn next
B7: Mn hnh Domain NetBIOS name chn next
Trang 32
Lu hnh ni b
B8: Mn hnh Set Forest Functional Level Chn windows server 2008 chn next
B9: Mn hnh additional Domain Controller Options chn next
B10: Mn hnh Location for database, log files, and SYSVOL chn next
Trang 33
Lu hnh ni b
B11: Mn hnh Diretory Services Restore mode Administrator password g
abc@123 Chn next
B12: Mn hnh summary chn next
B13: Mn hnh Active Directory Doamin services Installation
Trang 34
Lu hnh ni b
B14: Mn hnh Completing Active Directory Domain Services Installation Wizard
Finish chn Restart
2. Join cc my Workstation vo Domain

Sau khi nng cp my Server ln DC by gi ta tin hnh Join tt c cc my Client
vo Domain. Li ch ca vic Join vo Domain ny l rt nhiu trong bi ny khng
th ni ht c nhng c hiu mt cch nm na rng join vo Domain ri mi my
Client khng cn to User g c m ch cn dng cc User Account m ta to trn
DC m vn c th truy cp vo my mt cch ngon lnh. Cch Join nh sau:
Vo TCP/IP chnh DNS l IP ca my DC
Thc hin trn PC2 : Windows server 2008
B1: Chnh IP
- Menu start chn setting chn network Connections click chut phi vo card mng
Lan chn Properties b du check internet Protocol Version 6 (TCP/TPv6) chn
internet Protocol Version 4 (TCP/TPv4) nhn Properties
iu chnh Preferred DNS server v IP ca chnh s my mnh ngi chn OK
Trang 35
Lu hnh ni b
B2: Click chut phi vo Computer chn Properties Trong phn Computer name,
domain, and workgroup setting chn Change setting
Trong phn Member of chn domain in tn domain cse.edu chn ok
in Usernsme v Password: administrator v Password: 123
3. Kho st cc policy trn my Doamin Controller

Mt s thay i khi nng cp ln my DC
-
Quan st trong Server Manager khng cn Local Users and Group

M Active Directory users and computer Vo Start chn Program chn
Administrative tools chn Active Directory users and computer Quan st
Trang 36
Lu hnh ni b
-
Chnh policy cho php t password n gin

B1: Vo Start chn Program chn Administrative tools chn Group plicy
Management chn Forest chn cse.edu chn Domain chn cse.edu click chut
phi Default domain policy chn Edit
B2: Theo ng dn Computer Configuration chn policies chn Windows

setting chn security setting chn Account policy chn Password policy Double
click vo Password must meet complexity requirements
B3: Chn Disable chn OK
Trang 37
Lu hnh ni b
B4: Mn hnh Group policy management Editor Double click vo Maximum
password age chn Properties
B5: G 0 vo dng
Mn hnh Group policy management Editor Double click vo Enforce password

history chn properties
G 0 vo dng Do not keep passwords remember
Vo Start chn Run g CMD chn Ok G GPUPDATE/FORCE Enter
- iu chnh cho php Group Users Logon trn my DC

B1: Vo Start chn Program chn Administrative tools chn Group plicy
Management chn Forest chn cse.edu chn Domain chn cse.edu click chut
phi Default domain Controller policy chn Edit
Trang 38
Lu hnh ni b
B2: Theo ng dn Computer Configuration chn policies chn Windows

setting chn security setting chn Local policy chn user right assgnment
B3: Hp thoi Allow log on locally chn Properties chn Add user or Group
B4: G vo Users chn Ok- Ok
Trang 39
Lu hnh ni b
Vo Start chn Run g CMD chn Ok G GPUPDATE/FORCE Enter

Trang 40
Lu hnh ni b
4. To Domain Group
B1: M Active Directory Users and Computer
B2: Nhp chut phi vo cse.edu chn New chn Group
B3: Group name: SINHVIEN chn Ok
Trang 41
Lu hnh ni b
5. To Domain User
B1: M Active Directory Users and Computer Nhp chut phi vo cse.edu chn
New chn User
B2:
First name : Nguyen Van

Last name : Nam
Full name : Nguyen Van Nam
User logon name: SV1 chn Next
Trang 42
Lu hnh ni b
B3:
- Password : 123
- Confirm password : 123
B du check User must chang password at next logon chn next
Quan st thy User va to
BI 7: HOME FOLDER USER PROFILE

Trong bi ny chng ta cn c mt my DC v mt my Client join vo domain
Nh cc bi trc chng ta bit cch to cc user v join chng vo domain khi
mi user by gi gi l domain user ch khng cn l local user na v vy chng ta
c th ngi vo bt c my client no m vn lm vic vi Account domain user mt
cch thoi mi
Nhng vn t ra y l cho d user ngi vo my no login vn ok nhng
nhng ti liu m user ang lm cha trn my Client 01 th khi login vo my
Client 02 ch thy u nhng thay i mn hnh desktop, tinh chnh start menu cng
khng c lu li. Bi v khi ng nhp vo bt c my Client no domain user s
chnh l local Administrator ca my nn cc Profile ca User ny s ch lu trn
my Client m thi
V vy cho tin dng vi cc user thng xuyn thay i ch lm vic ta s dng
Home - Profile nh sau:
Trang 43
Lu hnh ni b
Chun b: Bi Lab s dng 2 my
- PC1: Windows server 2008 DC
- PC2: Windows XP hoc Windows server 2008 - Join Domain
- Chnh password n gin
- Cp quyn log on locally domain controller
- To user U1 password 123
Thc hin:
1. To Home Folder cho user
Thc hin to PC1:
B1: M Windows explorer M a C:\ click phi vo khong trng chn New chn
Folder t tn folder l Homes
B2: Share folder C:\ Homes
- Click phi vo folder Homes chn Properties ti tab Sharing chn
Advanced sharing
- Chn Share this folder chn Permissions
B3: Chn Allow full control chn ok
Trang 44
Lu hnh ni b
B4: M Server manager vo menu start chn Program chn Administratives tools
chn server manager
B5: M Active directory user and computer chn server manager vo Role chn
Active directory services chn Active directory user and computer
B6: Click chut phi vo User U1 chn properties qua Tab Profile chn Connect
in a ch th mc Homes Share trn server
\\Server\Homes\%username% chn Apply
B7: Quan st thy %username% i thnh U1 chn ok
Trang 45
Lu hnh ni b
B8: Kim tra:
-Ti PC2: log on U1, To Folder HoSoU1 trong a Z
-Ti PC1: log on U1 M My computer thy c a z truy cp vo a z thy file
HoSoU1
-Ti PC1: Log on administrator m c:\homes thy c 1 th mc tn U1 m th mc
thy c folder HoSoU1
2. Kho st Local Profile

- Ti PC2: log on U1 trn Desktop to folder ABC
- Ti PC1: log on U1 Quan st trn Desktop khng c folder ABC
- Ti PC1: log on Domain administrator: Xa C:\Users\U1\.Desktop\ABC
- Log on U1: Quan st Desktop khng cn folder ABC
Nhn xt: Local Profile ch tn ti trn my User log on
3. To Roaming Profile cho user

Thc hin trn PC1
B1: To Folder C:\Profiles
Share Folder C:\Profiles vi Shared permision: Everyone allow full control
Click chut phi vo Folder Profiles chn properties ti tab Sharing chn advanced
sharing chn share this folder chn permision
B2: Chn Allow full control chn ok-ok
Trang 46
Lu hnh ni b
B3: M Active directory user and computer chn server manager vo Role chn
Active directory services chn Active directory user and computer chn users
B4: Click chut phi vo User U1 chn properties qua Tab Profile in a ch th
mc Profile share trn PC1 g vo \\PC1\%username% chn Apply
B5: Kim tra:
-Ti PC2: log on U1, Trn Desktop to Folder Dulieu
-Ti PC1: log on U1, Quan st trn Desktop c Folder Dulieu
BI 8:
DOMAIN USER
Chun b:
- Chnh password n gin
- Chnh policy Allow log on locally : Add group Users vo policy
- Trong a C to 2 Folder Homes v Profiles Share 2 th mc ny vi quynEveryone Full control
- To OU CSE, trong OU CSE to Group NHANSU
1. To s dng User Template
B1: M Active Directory user and computer to user NS1 vi password 123
- To Roaming Profile v homes folder cho NS1 (Xem li bi homes folder
v Roaming Profile)
- Add user NS1 vo Group Nhansu
Trang 47
Lu hnh ni b
B2: Click chut phi vo user NS1 chn Properties

- Trong tab Account phn Account options chn Account is disable chn ok
Trang 48
Lu hnh ni b
B3: click chut pah ln User account NS1 chn Copy
B4: Full name NS2 user log on name G NS2 chn Next
B5: G 123 trong phn password v confirm password chn next
B6: Chn Finish
Trang 49
Lu hnh ni b
B7: Tng t thc hin t B3-B6 copy NS1 thnh account NS3/password 123
B8: Kim tra:
- Thuc tnh ca 2 user NS2 v NS3 ging NS1
- C 2 user NS2 v NS3 u c a vo Group Nhansu
C 2 user NS2 v NS3 u c to Roaming Profile v homes folder
Trang 50
Lu hnh ni b
2. Lm vic vi Multi user

B1: Gi phm CTRL ln lt click chut chn NS1,NS2,NS3 chut phi chn
Properties
B2: Qua tab Account nh du chn trc dng Logon hours chn Logon hours
B3: T xanh vng t 8-5 / Monday chn Friday chn ok
Trang 51
Lu hnh ni b
B4: Kim tra: Ln lt Properties ca c 3 user:NS1, NS2,NS3 qua tab Account chn
Logon Hours..
B5: Quan st thy c 3 user

ng nhp vo my tnh.
NS1, NS2,NS3 u c chnh thi gian c php
3. Xem ton b thuc tnh ca User

B1: Ti chng trnh Active Directory user and computer chn Menu View chn
Advanced Features
Trang 52
Lu hnh ni b
B2: click chut phi ln user NS1 chn Properties
B3: Chn tab Attribute Editor kim mc HomeDirectory v ProfilePatch quan st

thy gi tr trong 2 dng ny ging trong tab Profile
Nhn xt: Mi thuc tnh ca user account c th c xem v chnh sa ti
Attribute Editor
BI 9: DOMAIN GROUP
Chun b:
- Chnh password policy n gin
- To OU CSE, trong OU CSE to 3 user: U1, U2, U3 Vi password 123
- Chnh policy cho php Group users c quyn log on trn my DC
Trang 53
Lu hnh ni b
1. To Global group
B1: M Active Directory user and computer click chut phi ln OU CSE chn New
chn Group
B2: Phn Group name : G Nhansu Group scope: Global chn Ok

Quan st thy c Group Nhansu trong OU CSE
2. y quyn cho 1 user c quyn qun l group: Qun l member ca group

B1: Click chut phi lm group Nhansu chn Properties qua tab Managed by chn
Chang
Trang 54
Lu hnh ni b
B2: in user U1chn check name chn ok
B3: Ti mn hnh nhansu chn Properties nh du chn vo trc dng Manager

can updata membership list chn ok
B4: Kim tra:

Logon bng quyn U1 chuyn giao din Start menu v dng Classic
-Start chn Program chn administrative tool chn Active Directory user and computer
- M OU CSE click phi ln th mc Nhansu chn Properties
Qua tan Member of chn add a 2 user U2 v U3 vo Group Thnh cng
BI 10: ORGANIZATIONAL UNIT (OU) DELEGATE CONTROL

Trong bi ny chng ta cn c mt my DC v mt my Client join vo domain
Nh chng ta bit cc bi trc to mt User Admin phi vo Active
Directory Users & Computers to. Nhng vn s tr nn kh khn hn vi mt
cng ty ln n vi trm thm ch vi ngn nhn vin, nh vy ngi qun tr mng
phi to, xo, disable cc Account rt mt cng.
V vy Windows c mt tnh nng rt hay l Organizational Unit (OU) gip gim ti
cng vic cho ngi qun tr mng bng cch U quyn cho mt User no c quyn
thay th anh ta trong vic qun l cc User Account nhng vi quyn hn ch hn. V
d anh qun tr mng s u quyn cho User SV1 c quyn to, xo, disable cc
Account chung Group vi anh ta nhng khng c quyn vi cc Group khc
Trang 55
Lu hnh ni b
Trc tin Administrator s to cc Organizational Unit v gn quyn cho mt User
no bng cch m Active Directory Users & Computers ra nhp phi vo domain
chn New -> Organizational Unit
Chun b: M hnh bi Lab gm 2 my
PC1: Windows server 2008 chnh password policy n gin
PC2: Windows server 2008, Join domain
Thc hin: Trn my PC1
1. To OU:
B1: Start chn Program chn administrative tool chn Active Directory user and
computer click phi chut vo CSE.EDU chn New chn Organizational Unit
B2: mc name nhp vo OU v v: PHONGDAOTAO sau chn OK
2. Xa OU
B1: Vo View chn advanced Features
Trang 56
Lu hnh ni b
B2: Click phi chut vo PHONGDAOTAO chn properties
B3: Qua tab Objects tt du check Protect object from accidental deletion sau
chn Ok
B4: chut phi vo OU PHONGDAOTAO chn Delete

- Hp thoi cnh bo chn Yes
- OU PHONGDAOTAO c xa thnh cng
Trang 57
Lu hnh ni b
3. y quyn cho User trn OU

B1: To OU HOCHIMINH trong OU HOCHIMINH to user quan1
B2: Click chut phi vo OU HOCHIMINH chn Delegate control
B3: Mn hnh Welcome chn Next trong mn hnh Selected users and group chn
add
Trang 58
Lu hnh ni b
B4: Nhp vo user quan1 chn check names sau chn ok chn next
B5: Trong mn hnh Tasks to Delegate nh du check vo Create, delete and

manage user accounts chn next
B6: Mn hnh Completing chn Finish
Trang 59
Lu hnh ni b
B7: Kim tra trn my PC2

Log on user quan1 trn my PC2 m Administrative tool chn Active Directory
user and computer click phi chut vo OU HOCHIMINH chn New chn user
B8: Trong ca st new Object chn user to user quan2 chn next trong Password
v Confirm password in abc@123 b du check ti dng user must chang
password at next logon chn next chn Finsh thnh cng.
Trang 60
Lu hnh ni b
B9: To thm user quan3 sau click chut phi user quan3 chn delete xa thnh
cng quan3
B10: Click chut phi vo Container users th to 1 user mi khng xut hin menu
to user
Kt lun: User quan1 ch c to,xa, qun l user trn OU HOCHIMINH

4. Tc quyn user trn OU
My PC1
B1: Log on administrator M Active administrative tool chn Active Directory user
and computer click phi chut vo OU HOCHIMINH chn Properties
Trang 61
Lu hnh ni b
B2: Trong mn hnh HOCHIMINH chn Properties, qua tab Security chn vo user
quan1 chn Remove chn OK
B3: Kim tra trn my PC2

Log on User quan1 m Active Directory user and computer click phi vo OU
HOCHIMINH To user mi khng to c
Click chut phi vo user quan1, chn Delete

Bng bo li s xut hin thng bo user quan1 khng c quyn.
Trang 62
Lu hnh ni b
BI 11: GROUP POLICY MANAGEMENT

Chun b:
PC1: Windows server 2008-DC
PC2: Windows server 2008 hoc Winxp Join Domain
Chnh policy password n gin
Chnh policy cho php Group User c quyn log on Locally
To OU HUI. Trong OU HUI to OU CSE
Trong OU HUI to user GV1,GV2 Trong OU CSE to user SV1, SV2
Thc hin:
1. To v Link Policy vo OU
My PC1:
B1: Start chn Program chn administrative tool chn Group policy
Management Bung forest chn Domain chn cse.edu click chut phi vo Group
Policy Object chn New
B2: t tn GPO khung name An control panel chn Ok
B3: Click chut phi vo GPO An control panel va to chn Edit
Trang 63
Lu hnh ni b
B4: Bung mc User configuration chn policies chn Administrative Templates

chn control panel chut phi vo Prohibit access to the control panel chn
properties
B5: Chn Enable chn Ok
B6: Quay tr li mn hnh Group policy Management chut phi vo OU HUI chn
Link an Existing GPO
Trang 64
Lu hnh ni b
B7: Chn GPO An control panel chn Ok
B8: Quan st thy GPO An control panel c Link vo OU HUI
B9: Kim tra:

Trn PC2: Log on ln lt cc user GV1.GV2, SV1, SV2 b mt control panel
2. Block inheritance cho OU

My PC1:
B1:M Group pilicy management click chut phi vo OU CSE chn Block
inheritance
Trang 65
Lu hnh ni b
B2: Quan st OU CSE thy c biu tng du chm thang
B3: Kim tra: trn PC2

Ln lt logon user SV1, SV2 c control penel
3. Enforce Policy:
B1: M Group policy management click chut phi vo GPO An control panel
chn Enforce
Trang 66
Lu hnh ni b
B3: Kim tra: trn PC2
Ln lt logon user SV1, SV2 s thy b mt control penel
4. Chnh order cho policy
My PC1
B1: M Group policy management tt Enforce Policy v Block inheritance. To
thm GPO Hien control panel Link GPO ny vo Ou HUI. Nh vy lc ny OU
Hui c 2 GPO An control panel v Hien control panel
B2: Nhn vo OU HUI dng 2 biu tng mi tn Move up v Move Down di chuyn
Hien control panel ln u
B3: Qua tab Group policy inheritance ch mc Precedent, Precedent cng nh th

s c u tin hn.
Trang 67
Lu hnh ni b
B4: Kim tra: trn my PC2, log on user SV1, SV2 s thy control panel
Nhn xt:
Trong cng mt OU nu p dng chung 2 pilicy (Khng Enforce) th policy no c gi
tr link Other nh th s c u tin cao hn.
- Trong cng mt OU nu p dng chung 2 pilicy (1 policy Enforce v 1 policy khng
Enforce) th policy Enforce s c u tin
-Trong cng mt OU nu p dng chung 2 pilicy (c 2 policy u Enforce) th policy
no c gi tr link Other nh th s c u tin cao hn.
BI 11: NG DNG GPO

L mt ngi qun tr mng ngoi vic qun l my Server ra th cn c khi vic vi
cc my Client na. Trong c vic ci hoc g b bt mt s software cc my
Client.
V d cng ty bn c 2 phng ban l phng KETOAN & NHANSU mi phng c
20 my, v 2 phng ban ny c cng vic khc nhau nn trn cc my Client ny phn
mm c ci ln cng khc nhau. Ti ly v d phng NHANSU th cn chng trnh
Acrobat Rerader trong khi phng KETOAN th cn c Bitdefender Anti Virus.
Ch l vi 40 my trn ta phi i tng my ci thm software hay sao... tht l qu cc
nhc & nhm chn. V th Windows server thit k sn cho ngi qun tr mng
tnh nng Software Deloyment gip bn gii quyt vn nay gin trn.
Nhng trc thi Windows 2000 Microsoft cha thit k cc tnh nng ny nn cc
file setup thng c ui l *.exe, *.com, *.bat... cc ui ny khng h tr Software
Deloyment, cho nn t khi cho ra mt Windows 2000 Microsoft cho gii thiu mt
nh dng mi vi phn m rng l *.msi, nh dng mi ny nhanh chng c cc
hng phn mm hng ng v pht trin rng ry hin nay. Ni tm li iu kin cn
chy Software Deloyment l Software phi h tr nh dng *.msi
Nhn tin y cng ni cho bn c bit thm i vi cc phn mm ch c ui *.exe
th hin nay trn th trng c rt nhiu cng c gip ta chuyn i chng thnh *.msi
cc bn c th search bt c u trn Net
Chun b:
PC2: Windows server 2008 hoc Winxp hoc Windows 2003 Join Domain
PC1: to cc OU KETOAN, OU NHANSU, OU CLIENTS trong OU KETOAN To
cc user kt1, kt2
- To th mc Softs trong a C chp 2 th mc COSMO1 v COSMO2
vo trong th mc softs , Share th mc Softs quyn Everyone-Full
control
Thc hin:
1. Deploy Software trn User:

Thc hin trn PC1:
Trang 68
Lu hnh ni b
B1: M Group policy management click chut phi vo Group policy Object chn
New
B2: t tn GPO l Deploy COSMO1
B3: click chut phi vo GPO Deploy COSMO1 chn Edit
B4: Bung mc User configuration chn Policies chn Sofware settings click phi
chut vo Software Installation chn New chn Package
Trang 69
Lu hnh ni b
B5: khung File name nhp vo
\\Server\Softs\cosmo1\ cosmo1.msi chn vo Open
B6: Mn hnh Select Deployment method chn Assigned chn ok
B7: Click chut phi vo Cosmo1 va to, chn Properties
Trang 70
Lu hnh ni b
B8: Qua tab Deployment mc Deployment options nh du chn vo 2 dng
- Uninstall this application when.
- Install this application at logon
Chn
B9: Click chut phi vo OU KETOAN chn Link an Existing PGO
B10: Chn GPO Deploy COSMO1
B11: Quan st thy Ou KETOAN c GPO Deploy COSMO1

Trang 71
Lu hnh ni b
B12: Kim tra trn PC2:

Log on KT1 quan st thy c phn mm COSMO1 V1.0
B13: trn PC2 log on Administrator m Windows explorer vo th mc
C:\Program\File\COSMO1 xa mt vi file dll bt k gi lp chng trnh b li .
Chy th chng trnh COSMO bo li khng th chy chng trnh.
B14: PC2 Log off v Logon KT1 chy th chng trnh COSMO thnh cng chng
trnh t ng sa li.
2. Upgrade phn mm bng Deploy Software

B1: PC1: M Group pilicy management click chut phi vo GPO Deploy
COSMO1 chn Edit
B2: Bung mc User configuration chn Policies chn Sofware settings click phi
chut vo Software Installation chn New chn Package
Trang 72
Lu hnh ni b

B5: click chut phi vo Cosmo2 va to, chn Properties
Trang 73
Lu hnh ni b
B6: Qua tab Deployment mc Deployment options nh du chn vo 2 dng
- Uninstall this application when.
- Install this application at logon
Chn OK
B7: Qua tab Upgrades chn Add
B8: Chn mc A specific GPO v Browse n GPO Deploy COSMO bn di chn

Uninstall the existing
Trang 74
Lu hnh ni b
B9: tr li hp thoi COSMO 2 chn Properties nh du chn vo mc Required
upgrade for existing packages chn apply chn
B10: Kim tra trn my PC2:

Log on Kt1 quan st thy c chng trnh COSMO c upgrade ln phin bn
v2.0
B11: Trn PC1 Move user kt1 vo OU NHANSU
B12: Trn PC2 logon kt1 chng trnh Cosmo t ng Remove
3. Deploy software trn Computer

B1: M Group policy Management Chut phi vo Ou Clients, chn Create a GPO
in this domain, and Link it here
B2: t tn GPO Deploy COSMO2 on computer
Trang 75
Lu hnh ni b
B3: Click chut phi vo GPO Deploy cosmo on computer va to chn Edit
B4: Bung mc Computer configuration chn Policies chn Sofware settings click
phi chut vo Software Installation chn New chn Package

Trang 76
Lu hnh ni b
B7: Kim tra:

Trn PC2, ln lt logon cc user Administrator , KT1, KT2 u thy c phn mm
COSMO c ci t.
3. Mt s Policy
A. Map to a mng cho Client Thc hin trn PC1
To mt th mc tn l TaiLieu trong a C Share quyn Everyone- Full Control
B1: Log on Administrator M Group policy Management click chut phi ln
Default Domain Policy chn Edit
B2: M theo ng dn: Chn User Configuration chn Preferences chn Windows
settings click chut phi ln Driver Map chn New chn Mapped Driver
Trang 77
Lu hnh ni b
B3:
- Action: Chn Create
- Location: \\Server\TaiLieu
- Chn dng : Reconnect
- Driver Letter: Chn user chn Z chn OK
Kim tra:
PC2: Ln lt log on bng cc user M My Computer u c a mng Z:\TaiLieu
B. Software Restriction- Thc hin trn PC1

Cm s dng mt phn mm
B1: Log on Administrator M Group policy Management Chn Edit chn Default
Domain Policy truy cp theo ng dn: user configuration chn Policies chn
Windows setting chn security setting click chut phi chn New Software
Restriction polici Sau click chut phi ln Additional Rules chn New Hash Rule
Trang 78
Lu hnh ni b
B2: Mn hnh New Hash Rule chn Browse ch ng dn n:
C:\ProgramFiles\Internet Explorer\iexplore.exe chn Open
B3: Mn hnh new Hash Rule chn
B4: Kim tra:

PC2: Log on bng account KT1 M chng trnh Internet Explorer Bo li khng
th truy cp.
BI 12: AUDIT
tu chnh Policy thng thng chng ta vo gpedit.msc hoc Active Directory
Users & Computer nu my ln DC. Bn hy tng tng xem nu mt cng ty
chng ta c hng trm my Client v mt s my th ta chnh Policy ny mt s my ta
chnh Policy kia, ri OU ny chu tc ng ca Policy ny OU kia chu tc ng ca
Policy n. V sau mt thi gian tu chnh Policy lung tung ln nh th bn hy t hi
xem mnh tng chnh ci g cho ci g? qu tht khng nh ni u.
Trang 79
Lu hnh ni b
Chun b: PC1: Windows server 2008
To user U1 vi Password 123
Trong C to C:\Data\File1.txt, Phn quyn NTFS vi th mc DATA: ch c
Administrator c ton quyn
Thc hin:
1. Audit log on:
- Thc hin vic ghi nhn vic log on tri php vo my tnh (sai password)
B1: Log on Administrator m Start chn Program chn Administrator Tools chn
Local security policy
B2: M Local Policies chn Audit policy Double click vo Policy Audit account
logon eventes
B3: Chn Failure chn Ok

ng chng trnh Local Security Policy g lnh Gpupdate / Force
B4: M Start chn Program chn Administrator Tools chn Event Viewer
B5: M Windows Logs click chut phi ln Security chn Clear log
Trang 80
Lu hnh ni b
B6: Chn Clear
Kim tra:
B1: Log off administrator Log on account u1 vi Password 456 Log on tht bi
B2: Log on vo administrator M Even Viewer chn windows logs chn security
M Audit Failuer Quan sat bn di thy account dng ng nhp l U1 ng
nhp vo my tnh tn PC1 vi Ip l 192.168.1.1 sai Password
Trang 81
Lu hnh ni b
2. Audit Object
Thc hin ghi nhn vic truy cp v thay i d liu ti C:\DTA\File1.txt
B1:Log on administrator M Local Security policies Audit Double click vo
Policy Audit object access
B2: M Succes v Failure
B3: Click chut phi ln th mc DATA trong a C Chn properties qua tab
Security chn Advanced
Trang 82
Lu hnh ni b
B4: Chn Edit chn add
B5: Add group Everyone chn ok
Trang 83
Lu hnh ni b
B6: Mn hnh Auditing Entry for DATA chn List folder / read data (Failure)
Create files / Wrire data (Successful) chn Ok 4 ln
B7: Xa security log trong Event Viewer (Thc hin ging ln 1)

Kim tra:
B1: Log off administrator Log on U1 truy cp th mc DATA bo li khng th truy
cp
B2: Log on administrator truy cp File File1.txt trong th mc DATA sa ni
dung file ri lu li.
B3: Quan st vic truy cp tri php ca U1: M Event Viewer chn Windows logs
chn Security Quan st Audit Failure: Account dng truy cp ti nguyn l U1
(Read data)
Trang 84
Lu hnh ni b
B4: Quan st chnh sa file ca Admin: M Event Viewer chn Windows logs chn
Security.
M Audit Success quan st thy account dng truy cp ti nguyn l
Administrator truy cp vo C:\DATA\file1.txt
BI 13: SHADOW COPY

Trong Windows mi khi l tay xa file no ta c th vo Recycle Bin
phc hi li. Tuy nhin trong cc th mc Share m ta gn quyn Delete cho user th
mt khi user l tay xa mt mt tp tin no l ng ngha vi vic mt lun file y
v kh nng phc hi l rt kh, chnh v th khc phc tnh trng ny ngi qun tr
mng s s dng tnh nng Shadow Copies tuy nhin ci gi phi tr cho cng vic ny
l s chim kh nhiu ti nguyn cng
Chun b:
PC1: Windows server 2008
PC2: Windows Vista, Hoc Win 2003
1. Cu hnh Shadow copy

My PC1:
Trang 85
Lu hnh ni b
Vo a C: To th mc DATA. Share th mc DATA cho Group Everyone quyn
Full Control
Sau m th mc DATA, To file Thongbao.txt ni dung nh sau.
-Click chut phi vo C, chn Properties Qua tab Shadow copy chn Setting
-Mn hnh Setting chn Schedule
Trang 86
Lu hnh ni b
- mc Schedule Task chn Daily mc Start time: chn 01:00 PM chn ok
- Quay tr li mn hnh Properties ca a C chn Create now chn
2. Kim tra:
My PC2: Vo Start chn run g \\Server M th mc DATA m file thongbao.txt
sa li ni dung bn di, sau lu li
Trang 87
Lu hnh ni b
My PC1: Click chut phi vo file thongbao.txt chn Restore Previous Version.
Chn Restore chn Restore chn ok
Ni dung tr li nh lc ban u
BI 14:
FILE SERVER RESOURCE MANAGER
1. Gii thiu:
FILE SERVER RESOURCE MANAGER gip cho ngi qun tr mngc th d dng
qun l d liu trn server mt cch hiu qu, bng cng c ny, Administrator c th
p quota ln ngay trn Folder hoc a, ngn cm sao chp nhng nh dng file m
admin ch nh.
Chun b:
PC2: Windows Vista, WinXP, Hoc Win 2003
To user U1 password 123
To Th mc BAOCAO , Share Full Control
Thc hin:
1. Ci t Role services: File Server Resource Manager

B1: Log on Administrator my PC1, Vo Start chn Program chn
Administrative tools chn server manager.
B2: Bung mc Role click chut phi vo File Services chn Add Role Services
Trang 88
Lu hnh ni b
B3: Mn hnh Select Role Services nh du chn vo mc File Server Resource

Manager chn next.
B4: Trong mn hnh Configure Storage Usage Monitoring nh du chn vo C

chn next.
Trang 89
Lu hnh ni b
B5: Rong mn hnh Set Report Options chn Next
B6: Trong mn hnh Confirm Installation Selection nhn Install
B7: Trong mn hnh Installation Results nhn Close.
2. To gii hn 5 MB cho th mc BAOCAO

B1: Vo Start chn Program chn Administrative tools chn File Server Resource
Manager
B2: Bung mc Quota Management click chut phi vo Quota chn Create Quota
Trang 90
Lu hnh ni b
B3: Bung mc Quota path, chn Browse n Folder BAOCAO

- Bn di chn Define custom quota properties chn Custom properties
B4: Trong hp thoi Quota properties

- Mc Label: t gii hn 5 MB
- Mc Limit: 5 MB
Nhn OK
Trang 91
Lu hnh ni b
B5: Quay tr li hp thoi Create quota nhn Create
B6: Hp thoi yu cu Save Template t tn 5MB khung Template Name chn

OK
3. Cm chp file c ui * .exe vo th mc BAOCAO

B1: Log on Administrator my PC1, Vo Start chn Program chn
Administrative tools chn File Server Resource Manager
B2: Bung mc File Screening Management click chut phi vo File Group chn
Create file Group
Trang 92
Lu hnh ni b
B3: Trong hp thoi Create file Group

- File Goup name: t tn cam file exe
- File to include: g vo ui file mun cm: v d *.exe Sau nhn add
chn ok
B4: Cick chut phi vo File Screens chn Create Screen
B5: Mc File Screen path chn Browse n folder BAOCAO

- Bn di chn Define custom quota properties chn Custom
properties
Trang 93
Lu hnh ni b
B6: mc File Group nh du chn vo Cam file exe chn ok
B7: quay tr li hp thoi Create file Screen nhn Create
Trang 94
Lu hnh ni b
B8: Hp thoi yu cu Save Template chn Save the custom file screen without
creating a template chn Ok
4. Kim tra:
B1: log on Administrator my PC2
B2: Vo Start chn Run g \\Server
Trang 95
Lu hnh ni b
B3: Hp thoi yu cu xc thc quyn nhp vo U1 v password 123
B4: Click chut vo th mc BAOCAO nhn Map Network Driver.
Chn a Y chn Finish
Chut phi vo a Z chn Properties
Quan st thy dung lng tng cng l 5 MB

- Chp th file *.exe vo a Y
Trang 96
Lu hnh ni b
BI 15: DISK QUOTA

cc bi trc trong phn Share Permission chng ta bit cch to mt th mc
chia s ti nguyn v gn quyn cho cc User s dng ti nguyn trn th mc Share
ny. Tuy nhin trn thc t khi Share cho User c quyn Write th li pht sinh ra vn
User li dng ti nguyn d gi ca Server m lu tr v ti v nhng tp tin
khng cn thit v tnh lm nng gnh cho Server, Disk Quota s gip ta hn ch dung
lng s dng ca cc User
Dng Disk quota gii hn dung lng s dng trn 1 a i vi user
Chun b: My PC1: Windows server 2008
To 2 user: U1 v U2
Thc hin:
B1: Log on adminitrator click chut phi ln a C chn Properties qua tab Quota
B2:Chn vo dng Enabled Quota Management v Deny Disk Space to users
exceeding quota limit chn Quota Entrie.
B3: Trong ca s Quota Entries for C chn Quota chn New Quota Entry
Trang 97
Lu hnh ni b
B4: Trong Enter the object Nhp U1;U2 chn Check name chn Ok
B5: Ca s Add new Quota Entry gi nguyn option Do not limit chn Ok
B6: Trong c s Quata Entries click chut phi vo U1 chn Properties Trong ca s
Quota settings for u1 chn Limit disk space to nhp 100 MB mc Set warning
level to nhp 90 MB chn Ok
B7: Trong ca s Quota Entries click chut phi U2 chn properties trong ca s
Quota Setting for U2 chn Limit disk space to nhp 200 MB mc Set warning
level to nhp 190 MB chn
Trang 98
Lu hnh ni b
Kim tra:
- log on U1
- Click chut phi ln a C quan st thy dung lng a ch c 100 MB
- Copy th cc file c dung lng khong 90 MB vo C hin thng bo a sp y.
- Copy th cc file c dung lng ln hn 100 MB khng th copy do khng a.
Log on U2: Click chut phi ln C quan st thy dung lng a l 200 MB
BI 16: WINDOWS SERVER BACKUP

Khi lm cng tc qun tr mng vn an ton d liu lun c chng ta ch trng
vi cc cng vic m bo cho chng lun mc an ton cao. Khng may mt
ngy no c h thng b nhim virus trm trng, phng cha server ri ro xy ra ho
hon nhng g cn li by gi l mt h thng vi d liu b tn ph nng n hoc
mi th bin thnh tro khi chy n xy ra.Chnh v th Windows khuyn co bn
nn sao lu d phng d liu sang mt ni khc v tr a l vi ni t server v nu
tt hn l sao lu d phng vi tn sut mi ngy mt ln l tt hn c.
Nhng hy tng tng xem khng l mi ngy ta phi sao lu c h thng hng chc
thm ch hng trm GB ra a v em ct i, ngy qua ngy th chi ph cho ta u t
d phng d liu c l l mt con s khng l m vi qui m nh may ra cn kham
ni, nhng vi nhng cng ty c n hng trm my th e ra c v kinh khng qu
Chun b:
PC2: To User U1 password 123 . To v Share th mc BACKUP trn C phn
quyn cho U1 quyn Everyone- Full control trn th mc ny.
Thc hin: Trn PC1
1. BACKUP
B1: M server manager click chut phi ln Feature chn Add Features
B2: Mn hnh Welcom chn next chn Windows server backup Features chn next
chn Install
Trang 99
Lu hnh ni b
B3: To th mc C:\DATA v 2 File text tn Dulieu1.txt v Dulieu2.txt
B4: M Windows server backup trong Administrtive tools khung Action chn
Backup one
B5: Ca s Backup Options chn Different Options chn next
Trang 100
Lu hnh ni b
B6: Hp thoi Select Backup configuration chn Custom chn Next
B7: Hp thoi Select backup items Chn Server(C) B du check trc dng Enable
system recovery chn next
B8: Hp thoi Specify destination type chn Remote shared folder chn
B9: Trong phn Type the path to the Remote shared folder g \\PC2\BACKUP
Chn Do not inherit chn next
Trang 101
Lu hnh ni b
B10: Hp thoi xc nhn quyn: in vo U1 password 123 chn OK
B11: Hp thoi Specify advanced option chn vss copy backup ( recommended)
chn next chn next
B12: Chn Backup sau khi Backup xong chn Close
Trang 102
Lu hnh ni b
B13: Trn PC2 m thu mc BACKUP chn WindowsImageBackup chn PC1 Quan
st ni cha cc file backup t PC1
2. RECOVER
Trc khi Restore gi lp mt d liu bng cch PC1 xa th mc DATA
Tin hnh khi phc d liu
B1: Trong chng trnh Windows server Backup trong khung Action chn Recover
B2: Hp thoi Getting started chn Another server chn next
B3: Specify remote folder g \\PC2\BACKUP chn Next
Trang 103
Lu hnh ni b
B4: in usename v password ca U1 chn Ok
B5: Select backup date chn next
B6: Select recovery type chn Files and folders chn next
B7: Select Items to recover chn th mc DATA chn next

Trang 104
Lu hnh ni b
B8: Specify recovery options gi mc nh chn next
B9: chn Recover
Kim tra trn PC1: Sau khi Recover hon tt , m C quan st thy Folder DATA v
cc File trong DATA c khi phc.
Trang 105
Lu hnh ni b
BI 17: DISK MANAGEMENT
Chun b: 1 my o Windows 2008 c 3 a cng
Thc hin:
A. Basic Disk
Gn Disk0 v Disk1 vo my o
1. Primery Partition
B1: Start chn Run g diskmgmt.msc chn Ok
B2: Mn hnh Initialize Disk chn OK
B3: Click chut phi ln vng Unalocated ca Dk1 chn New simple volume
B4: Mn hnh Welcome chn Next
B5: Mn hnh Specify Volume Wizard chn dung lng partition trong volume size in
MB: 100 chn next
B6: Mn hnh Assign Drive Letter or Path chn k t i din cho partition chn next
B7: Mn hnh Format partition chn tn nhn trong phn Volume label: P1 chn
Perform a quick format chn next
B8: Chn Finish.
B9: Quan st to partition thnh cng. Loi partition c chn t ng l Primery
B10: M computer quan st thy co thm a P1(E:)
B11: Thc hin cc bc to thm 2 partition dung lng 100 MB vi tn ln lt P2,
P3
Lu : i vi Windows server 2008 : mi a vt l ch c th to ti a 3 partition
Primary khc vi Windows serevr 2003 ( C th to 4 Primary)
2. Extended-Logical partition
B1: Thc hin li cc bc ging phn 1 to ra partition dung lng 100 MB, tn l
P4
- Quan st thy partition P4 c chn t ng l Logical
- Logical partition c bao bc bi Extended partition
B. Dynamic Disk
1. Chuyn Disk sang Dynamic
B1: M Disk Management click chut phi ln Disk 1 chn Convert to dynamic disk
B2: Chn Disk 0 v Disk 1 chn OK
B3: chn Convert
B4: Mn hnh cnh bo chn Yes
3. Mirror
Mc ch: Bin mt Disk thnh bn sao ca disk cha d liu nhm gia tng kh nng
chu li, H mt a vn c th truy cp d liu
B1: Click chut phi ln Partition cha h iu hnh Chn Add Mirror
B2: Chn Disk 1 chn Add Mirror. Qu trnh ng b d liu thnh cng
Kim tra:
Trang 106
Lu hnh ni b
G Disk ra khi my o khi ng my o
Chn Microsoft Windows server 2008 Secondary plex khi ng vo Windows thnh
cng.
4. Spanned:
Mc ch: Tn dng dung lng cn trng trn cc a vt l to thnh mt Partition
Gn Disk0 vo my o: vo disk Management click chut phi ln Disk 1 chn
Remove Mirror
B1: Click chut phi ln vng Unallocated tn Disk0 chn New Spanned volum
B2: Mn hnh Welcome chn next
B3: Mn hnh Select Disks khung bn tri chn Disk1 chn Add
B4: Chn Disk1 Select the amount of space in MB: 100
B5: Chn Disk1 Select the amount of space in MB: 200 chn next
B6: Chn Next
B7: t tn Partition l Spanned Partition chn Perform a quick Format chonj next
B8: Chn Finish
B9 : Kim tra: M computer thy xut hin Partition Spanned Partition c dung dng
l 300 MB
5. Stripped
Mc ch: To 1 Partition c kh nng c ghi d liu ln 2 a vt l cng lc tng
tc truy xut d liu.
B1: Click chut phi ln vng Unallocated ca Disk0 chn New stripped volume
Mn hnh Welcome chn next
B3: Mn hnh Select Disk khung bn tri chn Disk 1 chn Add
B4: Chn dung lng s ly to Partition trn 2 a vt l : Select the amount of
space in MB: 500 chn next
B5: Chn Next
B6: Chn Quick format chn next
B7: Chn Finish
Quan st to Partition thnh cng (Phn vng mu xanh)
Kim tra: M computer quan st thy c thm 1 Partition mi
Dung lng Partition l 1000 MB
5. Rail 5:
Mc ch: To 1 Partition trn c 3 a vt l tng kh nng chu li ( Mt a b
h vn c th truy xut c). Tng tc truy xut d liu
- Xa ht cc Partition to ( Tr Partition cha h iu hnh)
B1: Gn a th 3 vo my o
B2: Khi ng my o vo Disk Management click chut phi ln vng Unallocated
trn disk0 chn New RAID-5 volume
B4: Mn hnh select Disks khung bn tri chn Disk1 v Disk2 Add
Trang 107
Lu hnh ni b
B5: chn dung lng Partition trn c 3 disk : 500 chn next
B6: Chn Next
B7: Chn Quick format chn next
B8: Mn hnh Complete chn Finish
B9: Quan st to Partition thnh cng
Kim tra: M computer M Partition va to: To file Thisinh.txt vi ni dung ty
Tt my o: G Disk1 ra khi my o
Khi ng my o: Vn truy xut c File
Lu : Sau khi gn tr Disk 1 v my o : M Disk management Click chut phi ln
Partition ca RAID-5 chn Reactive ng b d liu li.
BI 18: PRINTER
PC2: Windows server 2008- Join domain
My PC1:
To 3 User: GV1,SV1, U1 To 2 Group: Giaovien v Sinhvien
Add user KT1 vo Group Giaovien, Add user SV1 vo Group Sinhvien
Thc hin: Local Device: Thc hin trn PC1
B1: Logon Administrator: M Start chn Setting chn Printers Double click vo Add
Printer
B2: Chn Add a local Printer
B3: mc nh chn Next
B4: Chn Have Disk
B5: Chn Browse ch n th mc Driver ca my in --------------chn Ok
B6: Chn Next
B7: mc nh chn Next
B8: mc nh Share this Printer chn Next
B9: Chn Finish Quan st thy trong Printer c my in
B10: khng b bo li v khng c Printer vt l- Click chut phi ln Printer va
to chn Printer Offine
3. Network Device
Thc hin ti PC1
B1: M Printer chn Add Printer chn add a local Printer
B2: Chn Create a new port chn Standart TCP/IP Port chn Next
B3: Device type: TCP/IP Derice
Hostname or Ip address: 192.168.10.100+X (X l s my SV)
Port name: NetworkPT
Trang 108
Lu hnh ni b
B du trc dng: Query the Printer and automaticcaly select the Driver to use chn
next
B4: Chn Custom chn Next
B5: Chn Have Disk
B6: Ch ng dn n th mc cha Driver ca my in -------------ok
B7: Thy xut hin ng my in -----------chn next
B8: Chn User the driver that the currently installed (Recommened) chn next
B9: Trong mc Printer name in vo NetworkPT chn Next
B10: Chn Do not share the printer chn next Finish
Kim tra: Thy trong th mc Printer c thm my in tn NetworkPT
4. Map Printer
Thc hin trn PC1: Xa my in NetworkPT
Thc hin trn PC2:
B1: Log on administrator truy cp vo PC1
B2: Click chut phi ln my in ---- chn Connect
B3: Chn Install driver
B4; Quan st thy c my in : ------- on PC1
4. Phn quyn Thc hin trn PC1
U1 khng c quyn in
Group Giaovien c quyn in v qun l document
Group Sinhvien c quyn in v ch xa c document do mnh to ra
B1: Click chut phi vo Printer ---- Chn Properties
B2: To Tab Security Remove cc Group ngoi tr Group Creator Owner, add thm
2 Group Giaovien, Sinhvien vo.
- Phn quyn Group Sinhvien: Print (Allow)
- Phn quyn Group Giaovien: Print (Allow), Manage document (Allow)
Kim tra:
B1: Logon GV1: M notepad son ni dung bt k v gi lnh in 3 ln
B2: M Start chn settng chn Printers Double click vo my in --- Chut phi ln cc
document ang c chn cancal hy lnh in Hp thoi cnh bo chn Yes
Cancel thnh cng
Cancel ht ch cha li 1 document
B3: Logon SV1: M notepad son ni son ni dung bt k gi lnh in 3 ln
B4: M Start chn setting chn Printers Double click vo my in-----click chut phi
ln cc document ang c ca user SV1 chn Cancal hy lnh in hp thoi cnh bo
chn Yes Cancel thnh cng
Chn cancel document ca GV1 khng thc hin
B5: Log on U1 m Notepad in th khng thy my in ---- do khng c quyn in
Trang 109
Lu hnh ni b
5. Printer Pooling
Thc hin trn PC1
Mc ch to ra 1 Printer s dng chung 2 my in vt l
B1: Thc hin cc thao tc ging phn 1 add thm Printer HP----- trn Port LPT2
B2: Trong phn Printers click chut phi ln printer ----- chn Properties
B3: Trong Tab Ports nh du chn vo mc Enabled printer pooling
nh du chn vo 2 mc: LPT1 v LPT2 chn OK
6. Available Time
Thc hin trn PC1:
B1: M phn Printers click chut phi ln ----chn Properties
Trong Tab Advanced chn Available from
Chn t 8:00 AM to 12:00 AM
Log on GV1: M notepad in th khng th in c
7. Spool Folder
Thc hin ti Pc1: Thay i ni lu cc print Job
B1: Trong phn Printers chn Server Properties
B2: Tab Advanced thay i ng dn Spool Folder C:\Printers chn OK
Kim tra: Trong a C c th mc Printers quan st ni cha Print Job
8. Priority
Thc hin ti PC1:
B1: Thc hin ging phn 1 Printer mi t tn l VIP
B2: Ti mc Printers click chut phi ln VIP chn Properties
B3: Trong Tab security phn quyn ch cho group GiaoVien c quyn in
B4: Qua tab advanced trong phn Priority in s 2 chn OK
Kim tra:
PC2
Log on adminitrator MAP my in VIP v
Log on SV1 : To file vn bn v in 3 ln bng my in --------Log on GV1 : To file vn bn v in bng my in---Kim tra trong print job: document ca GV1 tuy in sau nhng li c nm trn
document ca SV1 trong danh sch ch in.
9. Deploy Printer
Thc hin trn PC1
B1: M server manager click chut phi ln Roles chn add roles
B2: Chn Roles Print services
B3: Chn next
B4: Chn server chn next
B5: Chn Install
B6: Chn Close
Trang 110
Lu hnh ni b
B7: chn Administrator Tools chn Print Management M Print servers chn Printers
khung bn phi click chut vo my in ---- chn Deploy ith Group Policy
B8: Trong phn GPO name chn Browse
B9: Chn Default Domain Policy chn Ok
B10: nh du vo trc dng The computers that the GPO applies to (Per machine)
Chn add chn Ok
B11: Mn hnh cnh bo chn Ok
Kim tra:
PC2 log on Administrator xa cc my in ci t- Restart li my
Vo li phn Printers quan st thy c my in ------------- c ci t
BI 19: TERMINAL SERVICES

Chun b: PC1 Windows server 2008
PC2 Windows server 2008
PC1 to User U1
Trn PC1 to th mc TSWebApp trn a C: Share th mc TSWebApp
Thc hin:
1. Remote Admin:
My PC1- Log on Administrator
B1: Click chu phi vo Computer chn Properties chn Remote settng
B2: Chn vo mc Allow connections from computers running any version of Remote
Desktop (Less secure) chn Apply chn OK
B3: M Server Manager chn Configuration M Local Users and Group chn Add
users U1 vo Group Remote Desktop Users chn Apply chn Ok
My PC2:
Log on administrator vo Start chn Prorams chn Accessories chn Remote Desktop
Connections
B2: dng computer nhp vo IP hoc tn my ca my PC1 chn Connect
B3: Nhp vo User name v Password ca U1 chn OK
B4: sau khi kt ni thnh cng chng trnh Notepad
My PC1:
B1: M chng trnh Programs chn administrative tools chn Terminal Services chn
Terminal Services Manager
B2: tab Users quan st thy c user u1, status: Active
B3: Tip tc qua tab Processes thy u1 ang s dng Notepad
Trang 111
Lu hnh ni b
My PC2
B1: Trn mn hnh Remote Desktop vn gi nguyn chng trnh Notepad vo Start
chn shutdown chn Disconnect chn Ok
My PC1:
Kim tra trong Terminal ServicesManager tab Users thy U1 b Disconnected
Qua tab Processes thy chng trnh Notepad ca user U1 vn cn
My PC1
Remote Desktop li vo PC1 vo Start chn Log off chn Log off now
My PC1:
Kim tra trong Terminal ServicesManager tab Users thy U1 b mt
Qua tab Processes thy chng trnh Notepad ca user U1 khng cn
Nhn xt:
S khc bit gia Log Off v Disconnectet khi Remote Desktop
Khi ta log off th cc chng trnh user ang s dng s b g b khi b nh ca
server
Khi ta Disconnectet th cc chng trnh user ang s dng vn cn nm trong b nh
ca server
My PC2
Remote Desktop n PC1 bng U1 ln 1
Remote Desktop n PC1 bng U1 ln 2
Khi remote thnh cng th Session ln 1 s b Disconnected
My PC1:
B1: Vo Start chn Run g gpedit.msc
B2: Bung mc Computer Configuration chn Administrative Templates chn Terminal
Services chn Terminal Server chn connections bn phi chn policy Restrict
Terminal Services users chn Properties
Chn Disabled chn apply chn OK
B3: Vo Start chn Run g gpupdate/force Sau Log off Administrator
My PC2:
Remote Desktop n PC1 bng U1: 2 ln thnh cng
Remote Desktop n PC1 bng U1: thm ln na (3 ln) tht bi
2. Terminal Services
My PC1:
B1: M chng trnh Programs chn administrative tools chn server manager click
chut phi vo Roles chn Add Roles
Trang 112
Lu hnh ni b
B2: Hp thoi Before You Begin chn Next
B3: nh du chn Terminal Services chn next
B4: Hp thoi Introduction to Terminal Services chn next
B5: Chn Terminal Server v TS Web Access chn Next
B6: Applications Compatibility mc nh
Trang 113

Windows Server 2008

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Windows Server 2008

Uploaded by

Copyright:

Available Formats

Lu hnh ni b

1. To Local user account

Thc hnh Windows Server 2008

user name: SV1

B3: Group name: SINHVIEN chn add

Thc hnh Windows Server 2008

B5: Quan st thy user SV1 c add vo Group SINHVIEN

Thc hnh Windows Server 2008

B6: Chn Browse

Thc hnh Windows Server 2008

B8: Lm li B5-B6 Qua Tab user chn Administrators chn Finish

2. iu chnh policy computer configuration

B4: Ct bn phi chn Turn off Autoplay

3. iu chnh policy user configuration

iu chnh policy user khng th truy cp control Panel

B1: Log on bng account Administrators m console1 trn desktop m theo ng

Thc hnh Windows Server 2008

4. User configuration-Non- admin Group

B1: log on bng account Administrators M console1 trn dektop m theo ng

Thc hnh Windows Server 2008

5. User configuration-Admin Group

6. iu chnh policy cho tng user

LOCAL SECURITY POLICY

Thc hnh Windows Server 2008

2. Account Lockout policy

Thc hnh Windows Server 2008

3. user rights assignment

- Log on bng quyn U4 shut down My tnh khng c

B3: Chnh policy:

Log on U4 Shut down th thnh cng

B2: Ti tab Share Click vo Advanced Sharing.

B3: Ti my PC02 chn Menu Start chn Run g: \\PC01 chn OK

B2: Ti tab Sharing Click chn vo Advanced Sharing.

Thc hnh Windows Server 2008

3. Share mt folder vi nhiu tn

B2: Khung share name nhp vo DULIEU_KETOAN Chn Ok

Thc hnh Windows Server 2008

4. Gn tn a mng truy cp cc shared folder

B3: M Windows explore kim tra c a mng DULIEU(W)

Thc hnh Windows Server 2008

To 2 Group: KETOAN, NHANSU

Thc hnh Windows Server 2008

Phn quyn th mc bng Standard Permission

+ Group Nhansu khng c quyn

1. Phn quyn trn th mc DATA

B2: Trang tab Permissions chn Edit

Thc hnh Windows Server 2008

B4: Mn hnh Windows security chn copy chn OK-OK

B5: Ti mn hnh DATA properties chn Edit

Thc hnh Windows Server 2008

B8: Quan st thy KETOAN V NHANSU c gch chn xc nh group

Thc hnh Windows Server 2008

2. Phn quyn cho th mc Chung

Thc hnh Windows Server 2008

B2: Kim tra:

3. Phn quyn cho mc KETOAN

B2: Trong tab Permissions chn Edit

B5: Ti mn hnh KETOAN Properries chn Edit

Thc hnh Windows Server 2008

Thc hnh Windows Server 2008

4. Phn quyn trn th mc NHANSU

B2: Trong tab Permissions chn Edit

Thc hnh Windows Server 2008

B4: Mn hnh Windows security chn copy chn OK-OK