Windows-Server-2008 - TV 02 PDF

Ti liu Qun Tr WinDows Server 2008
Hng dn ci t Active Directory trn Windows Server 2008

- Microsoft Active Directory cung cp gii php tp trung, qun l v lu tr thng tin v ti nguyn h thng
mng trn ton b domain. Bn cnh , Active Directory s dng Domain Controllers c nhim v lu tr v
phn phi dung lng lu tr cho tt c ngi s dng trong h thng, v thit lp Windows Server 2008 kim
lun vai tr ca Domain Controller.
- Trong bi vit sau, mnh s gii thiu mt s bc c bn to mi h thng Windows Server 2008 Domain
Controller dnh cho domain Active Directory.
Ni dung bi lab:
Nng cp my Windows Server 2008 (BKNP-DC08-01) thnh Domain Controller qun l

min bachkhoa-npower.vn
Cho php cc my trm gia nhp vo trong min: bachkhoa-npower.vn
Khoa Cng Ngh Thng Tin
Trang 1
Cc bc cn thc hin:
Cu hnh tn my tnh, a ch IP cho tt c cc my.

S dng lnh dcpromo nng cp BKNP-DC08-01 thnh Domain Controller.
ng nhp vo my trm, gia nhp my trm vo Domain Controller.
Yu cu chun b:
Chun b mt my chy h iu hnh Windows Server 2008 v mt my Client chy iu hnh

Windows 7
S a ch nh sau:
Hng dn chi tit:

* Nng cp ln Domain Controller:
- Cu hnh tn my tnh, a ch IP cho tt c cc my tnh.
- S dng lnh DCPROMO nng cp my BKNP-DC08-01 thnh Domain Controller.
- Click vo Start chn Run g lnh: dcpromo
Trang 2
- H thng s kim tra thng tin cu hnh trc khi ci t Active Directory.
- Sau khi kim tra xong thng tin, qu trnh ci t Active Directory bt u, chn Next.
Trang 3
- Ti ca s Operating System Compatibility, h thng s cnh bo s tng thch gia h thng Windows
Server 2008 vi cc h thng trc, chn Next.
Trang 4
- Ti ca s Choose a Deployment Configuration, chn mc Create a new domain in a new forest, chn
Next.
Trang 5
- Ti ca s Name the Forest Root Domain, nhp vo tn min cn qun l, chn Next. H thng s kim
tra xem tn min m t c tn ti hay khng? Nu tn min cha c s dng, qu trnh ci t s qua
bc k tip.
Trang 6
- Ti ca s Set Forest Function Level, la chn mc chc nng trn Forest, chn Next.
Trang 7
- Ti ca s Set Domain Function Level, la chn cp p dng trn h thng Domain, chn Next.
Trang 8
Lu : li 1 ln na rng DC u tin phi l Global Catalog. Trong hu ht mi trng hp, ngi s dng s
nhn c thng tin cnh bo rng server hin ang c 1 hoc nhiu hn 1 a ch IP ng. G lnh
IPCONFIG /all. Tnh nng ny t u sinh ra? Cu tr li y l do Ipv6. Trong h thng c IPv6 nhng
khng s dng, bn c th b qua cnh bo nh sau:
Trang 9

- Ti ca s Additional Domain Controller Options, chn ci t dch v DNS Server, chn Next.
- Ti hp thoi k tip, Windows s cnh bo lin quan n dch v DNS, chn Yes.
Trang 10

- Ti ca s Location for Database, Log Files, and SYSVOL gi cc thng tin mc nh, chn Next.
- Ti ca s Directory Services Restore Mode Administrator Password, nhp mt khu khi phc li
dch v danh b, chn Next.
Trang 11
- Ti ca s Sumary s tm tt li ton b cc phn c m t, chn Next.
Trang 12
- Qu trnh nng cp Windows Server 2008 thnh Domain Controller bt u din ra.
Trang 13
- Sau khi nng cp hon tt, nhn Finish
Trang 14
- Chn Restart Now khi ng li h thng.
- Sau Khi khi ng xong li my. Vo Start -> chn Administrative Tools -> chn Active Directory Users
and Computers.
Trang 15
* Gia nhp my trm vo Domain controller:

- Cu hnh tn my tnh, a ch IP cho my client.
- T my BKNP-WRK-01, chn phi chut vo My Computer, chn Properties, chn mc Change Setting,
Chn Change nhp tn min d tnh gia nhp, sau chn OK.
Trang 16
- H thng s yu cu nhp Username v Password, chn OK.
- Sau khi h thng chng thc hon tt, my tnh s c gia nhp vo trong min.v khi ng li my.
Trang 17
- ng nhp vo h thng.
Trang 18
- Qu trnh gia nhp vo min thnh cng
Cu hnh Additional Domain Controller trn Windows Server 2008
Trang 19
Cu hnh Additional Domain Controller trn Windows Server 2008
CH :
My BKNP-DC08-01 c nng cp ln Domain Controller v ci t DNS vi tn min l:

Bknpower.vn
Nng cp my BKNP-SRV08-01 thnh Additional Domain Controller.
Nhn Start > Run :g lnh DCPROMO, mn Hnh Welcome to the Active Directory Domain
Services Installation Wizard xut hin, chn Next:
Trang 20
Ti ca s Operating System Compability, chn Next.
Trang 21
Ti ca s Choose a Deployment Configuration, chn mc Existing forest, chn Add a

domain controller to an existing domain, chn Next:
Trang 22
Ti ca s Network Credentials, nhp vo tn min cn cho php my BKNP-SRV08-01 gia nhp

vo vi chc nng Additional Domain Controller, chn nt Set nhp thng tin v ti khon c
php cho my tnh BKNP-SRV08-01 gia nhp vo min bknpower.vn, chn Next:
Trang 23
Ti ca s Select a Domain, chn tn min s gia nhp vo, chn Next:
Trang 24
Ti ca s Select a Site, chn Site cn thit, chn Next:
Trang 25
Ti ca s Additional Domain Controller Options, chn mc 2 mc DNS Server v Global

Catalog, chn Next:
Trang 26
Ti hp thoi k tip, Windows s cnh bo lin quan n dch v DNS, chn Yes:
Trang 27
Ti ca s Location for Database, Log Files, and SYSVOL, chn Next:
Ti ca s Directory Services Restore Mode Administrator Password, nhp vo mt khu, sau

chn Next:
Trang 28
Ti ca s Summary, chn Next:
Trang 29
Qu trnh nng cp Windows Server 2008 thnh Additional Domain Controller din ra
Trang 30
Sau khi nng cp thnh cng, chn Finish khi ng li h thng:
Trang 31
Vo Start > Progams > Administrative Tools > Active Directory Users and Computer ( Kim tra
ng b cc i tng trn c 2 Server )
Trang 32
Ci t v cu hnh Child Domain trn windows server 2008

Ni dung bi lab:
- Xy dng my BKNP-SRV08-01 thnh Child Domain qun l min hcm.bknpower.vn l min con ca
bknpower.vn
M hnh lab:
Trang 33
Yu cu chun b:
- Nng cp BKNP-DC08-01 thnh Domain Controller.
- t a ch IP cho my tnh BKNP-SRV08-01.M hnh lab:
S a ch nh sau:
Hng dn chi tit:
Trang 34

- Nng cp BKNP-DC08-01 thnh Domain Controller (xem Lab )
- t a ch IP cho my tnh BKNP-SRV08-01, vi gi tr DNS c m t chnh l a ch IP ca BKNPDC08-01 (BKNP-DC08-01 l mt DNS Server).
- Thc hin lnh DCPROMO trn my BKNP-SRV08-01.
- Chn Start > chn Run > g lnh: DCPROMO, mn hnh Welcome to the Active Directory Domain
Services Installation Wizard xut hin, chn Next
- Ti ca s Operating System Compability, chn Next
Trang 35
- Ti ca s Choose a Deployment Configuration, chn mc Existing forest, chn Create a new domain
in an existing forest, chn Next
Trang 36
- Ti ca s Network Credentials, nhp vo thng tin tn min tn ti trong Domain Forest, khai bo thng
tin v ti khon chng thc, chn Next
Trang 37
- Ti ca s Name the New Domain, nhp vo thng tin v min cha, thng tin v tn min con, chn Next
Trang 38
- Ti ca s Set Domain Function Level, la chn mc chc nng trn Domain, chn Next
Trang 39
- Ti ca s Select a Site, chn mc Default First Site Name, chn Next
Trang 40
- Ti ca s Additional Domain Controller Options, chn mc DNS Server, chn Next
Trang 41
- Ti ca s Location for Database, Log Files, and SYSVOL, chn Next
Trang 42
- Ti ca s Directory Services Restore Mode Administrator Password, nhp vo mt khu, sau chn
Next
Trang 43
- Ti ca s Summary, chn Next
Trang 44
- Qu trnh nng cp Windows Server 2008 thnh Domain Controller din ra
Trang 45
- Sau khi nng cp thnh cng, chn Finish khi ng li h thng.
Trang 46
- To ti khon congdd, cp pht cc quyn hn tng ng.

- Dng my Client join vo min hcm.bknpower.vn
- ng nhp vo min bknpower.vn t my tnh thuc min hcm.bknpower.vn
Trin khai Read-Only Domain Controllers (RO DC)

Ni dung bi lab:
- Cu hnh h thng mng trn sao cho my BKNP-SRV08-01 c trin khai thnh Read-Only Domain
Controller.
Trang 47

Cc bc cn thc hin:
- Nng cp BKNP-SRV08-01 thnh RODC thuc min bknpower.vn:
- S dng lnh DCPROMO
- La chn ty chn ci t thm mt Domain Controller mi trong min tn ti.
- Chn ty chn ci t RODC trong Active Directory Domain Services.
- La chn ci t theo ch Advanced nu mun t mt khu khi Replication gia hai Domain
Controller.
M hnh lab:
Yu cu chun b:
My Server BKNP-DC08-01 c nng cp ln Domain Controller.

My Server BKNP-SRV08-01 mi
My Client BKNP-WRK-01
S a ch nh sau:
Trang 48
*Nng cp BKNP-SRV08-01 thnh RODC thuc min bknpower.vn:

- Chn Start > chn Run > g lnh: DCPROMO, mn Hnh Welcome to the Active Directory Domain
Services Installation Wizard xut hin > chn User advanced mode installation > chn Next
- Ti ca s Operating System Compability, chn Next
Trang 49
- Ti ca s Choose a Deployment Configuration, chn mc Existing forest, chn Add a domain

controller to an existing domain, chn Next
Trang 50
- Ti ca s Network Credentials, nhp vo tn min cn cho php my BKNP-SRV08-01 gia nhp vo vi

chc nng Additional Domain Controller, chn Set nhp thng tin v ti khon c php cho my tnh
BKNP-SRV08-01 gia nhp vo min bknpower.vn, chn Next
Trang 51
- Ti ca s Select a Domain, chn tn min s gia nhp vo, chn Next
Trang 52
- Ti ca s Select a Site, chn Site cn thit, chn Next
Trang 53
- Ti ca s Additional Domain Controller Options, chn mc Read-only domain controller (RODC),

chn Next
Trang 54
Trang 55

- Ti ca s Specify the Password Replication Policy chn Next
- Ti ca s Delegation of RODC Installation and Administration, nhp vo User hay Group c quyn
cho php my RODC gia nhp vo trong min, chn Next
Trang 56
- Ti ca s Install from Media Nhn Next
Trang 57
- Ti ca s Source Domain Controller, Chn Use this specific domain controller, chn BKNP-DC0801.bknpower.vn, chn Next
Trang 58
- Ti ca s Location for Database, Log Files, and SYSVOL, chn Next
Trang 59
- Ti ca s Directory Services Restore Mode Administrator Password, nhp vo mt khu, sau chn
Next
Trang 60
- Ti ca s Summary, chn Next
Trang 61
- Qu trnh chuyn i Windows Server 2008 thnh RODC bt u
- Sau khi qu trnh hon tt, chn Finish.
Trang 62
- Ti BKNP-SRV08-01, m Active Directory Users and Computers, vo OU Domain Controllers, chut

phi BKNP-SRV08-01, chn Properties
Trang 63
- Trong hp thoi BKNP-SRV08-01 Properties, chuyn qua tab Password Replication Policy, chn Add
Trang 64
- Hp thoi Add Groups, Users and Computers, chn Allow passwords for the account to replicate to this
RODC, chn OK
- Hp thoi Select Users, Computers, or Groups, add group SS_G_Sale vo Enter the object name to
select, chn OK
Trang 65
- Hp thoi BKNP-SRV08-01 Properties, kim tra c SS_G_Sale, chn OK
- Trong hp thoi Advanced Password Replication Policy for BKNP-SRV08-01, kim tra c user Vietlq
Trang 66
Kim tra kt qu
- Ngt kt ni ng truyn v m bo my BKNP-SRV08-01, BKNP-WRK-01 khng lin lc c vi
my BKNP-DC8-01
- Trn my BKNP-WRK-01, Log on ln lt BKNPOWER\vietlq, kim tra Log on thnh cng
- Trn my BKNP-WRK-01, Log on ln lt BKNPOWER\thanhnv, kim tra log on khng thnh cng
(password ca thanhnv khng lu trn Read-Only Domain Controller)
Qun l ti khon ngi dng v nhm trn AD

Ni dung bi lab v cc bc cn thc hin:
*To ti khon ngi dng v ti khon nhm:
- Nhm ging vin (GG_S_GV) bao gm: hoavq, duynh, congdd, thaidv.
- Nhm gim c (GG_S_GD) bao gm: doantv.
*Thit lp thuc tnh cho cc i tng ngi dng v nhm nh sau:
- Tt c cc ti khon ngi dng trn l thnh vin ca nhm Backup Operators.
- Ti khon ngi dng hoavq v anln phi thay i mt khu (password) khi ng nhp vo h
thng ln u tin.
- Ngi dng congdd khng c php i mt khu t my trm.
Trang 67

- Tm kha ti khon ngi dng congdd v anh ny i hc nc ngoi.
- Ngi dng congdd ht hn lm vic vo ngy 30 thng 12 nm 2012.
- Nhn vin nhm ging vin ch c php ng nhp vo mng t 7 gi sng n 9 gi ti mi
ngy, t th 2 n th 6.
Yu cu chun b:
- My BKNP-DC08-01 c nng cp ln Domain Controller v ci t DNS vi tn min l:
bachkhoa-npower.vn.
- My client (BKNP-WRK-01) join domain.
M hnh lab:

Hng dn chi tit:
* To ti khon nhm v ti khon ngi dng:
- Nhn vo Start chn Programs chn Administrative Tools chn Active Directory Users and
Computers. Nhp phi chut trn mc Users chn ew chn Group.
- To nhm: GG_S_GV.
Trang 68
- Ti ca s New Object Group nhp tn nhm cn to v nhn OK kt thc.
Trang 69
- Tng t to ti khon nhm: GG_S_GD.

- To ti khon ngi dng: Nhp phi trn mc Users chn New chn User.
Trang 70
- Hp thoi to ti khon ngi dng xut hin, nhp thng tin v chn Next.
Trang 71
- Ti hp thoi k tip, nhp thng tin v mt khu, nhn Next. (Vi ty chn User must change password at
next logon th ngi dng s phi thay i mt khu khi ng nhp vo h thng ln k tip).
Trang 72

- Ti hp thoi tip theo, nhp Finish hon tt vic to ti khon ngi dng.
- Cc User cn li to tng t.
*Thay i thuc tnh ti khon:

- Phi chut ln ti khon ngi dng cn thay i thng tin, chn Properties
Trang 73
- Chn tab Account.
Trang 74
- thm ti khon hoavq vo nhm GG_S_GV v nhm Backup Operators -> chn tab Member of v
chn Add thm nhm ngi dng cho ti khon:
Trang 75
- Tng t, thc hin to ti khon congdd, duynh, thaidv, doantv v gia nhp vo nhm cho cc User theo
yu cu bi.
- Trn ti khon congdd, thit lp khng cho php thay i mt khu v kha ti khon, trn tab Account
ca ti khon congdd, tick vo User cannot change password v Account is disabled.
Trang 76
- thit lp hn s dng cho ti khon congdd, trong phn Account expires tick vo End of v thit lp ngy
ht hn ca ti khon.
Trang 77
- thit lp thi gian ng nhp cho ngi dng thuc nhm ging vin, click chn cc thnh vin thuc
nhm ging vin, nhn phi chut chn Properties.
Trang 78
- Ti tab Account tick chn Logon hours ri nhn vo Logon hours tip tc:
Trang 79
- Sau khi thit lp thi gian ng nhp, nhn OK kt thc.
To OU, User v Group bng lnh trn PowerShell

Trang 80

- Cho cc bn! Hy th tng tng bn l nhn vin qun tr cho mt cng ti c 500 nhn vin, 20 b phn,
v rt nhiu nhm cn phi to. Chng l by gi ngi to tng user, group, ou mt? Mnh xin hng dn vi
cc bn mt cch to user, group, ou nhanh chng bng lnh.
To OU, User, group bng lnh trn PowerShell

1. To cu trc OU vi dsadd ou:
to mt OU mi hy s dng dng lnh dsadd ou:
dsadd ou "ou=Ha Noi,dc=bachkhoa-npower,dc=vn"
dsadd ou "ou=IT,ou=Ha Noi,dc=bachkhoa-npower,dc=vn"
dsadd ou "ou=Sale,ou=Ha Noi,dc=bachkhoa-npower,dc=vn"
- Cc bn C th dng tp tin bat tin hnh t dng qu trnh trn, vi OU l tn ca OU c to, DC l tn
ca domain lu nn to tun t cc bc.
2. To User Vi dsadd user:
Chng ta c th to ti khan ngi dng vi dsadd user, v d sau s to ra ti khan cho ng nh Cng
thuc phng ban IT :
- Tn ng nhp congdd, mt m ng nhp 123456a@
Trang 81

- Thuc b OU IT
- First name: Dang Dinh
- Last name: Cong
- ti khan c th s dng c ngay hy t disabled no
dsadd user "cn=congdd,OU=IT,OU=Ha Noi,dc=bachkhoa-npower,dc=vn " -UPN congdd@bachkhoanpower.vn fn Dang Dinh ln Cong pwd 123456a@ disabled no
3.To Group vi dsadd group:
- Cc user trong mi phng ban thng c nhng c tnh chung nh quyn hn truy cp vo ti nguyn chia s
ca b phn, kh nng s dng my inV vy hy to ra cc nhm ngi dng (Group) sau add nhng
user vo. Chng ta c th thc hin iu ny vi dng lnh dsadd group. V d sau y s to mt group c tn
l GG_S_IT (CN) trong OU IT ca domain bachkhoa-npower.vn, group type l security v group scope l
global.
dsadd group "cn=GG_S_IT,OU=IT,OU=Ha Noi,dc=bachkhoa-npower,dc=vn" secgrp yes scope g
- Ghi Ch: C hai lai group trong active directory l security v distribution. Hu ht cc group chng ta to
ra v s dng thuc lai security goup. Distribution group ch c dng cho qu trnh hat ng ca cc
ng dng nh Exchange Server, v cc bn khng th gn quyn truy cp i vi lai group ny. Ngai ra cc
group c chia lm 3 lai group scope l Global, Universal v Local. Vi Local Group cc thnh vin ch c
th truy cp nhng ti nguyn trn domain ni b. Khi h thng c nhiu domain, user c th truy cp t
nguyn cc domain khc th chng phi l thnh vin ca Global hay Universal Group.
4.Add User vo Group Vi Dsmod:
- Add User Dang Dinh Cong l thnh vin ca group GG_S_IT trong OU IT (l OU con ca Ha Noi) cho
domain bachkhoa-npower.vn ta s dng lnh sau :
dsmod group "cn=GG_S_IT,ou=IT,ou=Ha Noi,dc=bachkhoa-npower,dc=vn" addmbr "cn=congdd,ou=Ha
Noi,dc=bachkhoa-npower,dc=vn"
Hng dn to OU v u quyn qun tr OU cho 1 user

- Organizational Units hay OU l n v nh nht trong h thng Active Directory, n c xem l mt vt
cha cc i tng (Object) c dng sp xp cc i tng khc nhau phc v cho mc ch qun tr ca
bn. Vic s dng OU c hai cng dng chnh nh sau :
- Trao quyn kim sot mt tp hp cc ti khon ngi dng, my tnh hay cc thit b mng cho mt nhm
ngi hay mt qun tr vin ph no (sub-administrator), t gim bt cng tc qun tr cho ngi qun tr
ton b h thng.
- Kim sot v kha bt mt s chc nng trn cc my trm ca ngi dng trong OU thng qua vic s dng
cc i tng chnh sch nhm (Group Policy)
Trang 82
1. Yu cu:
Anh (ch) hy to OU v ti khon ngi dng theo m hnh trn min bachkhoa-npower.vn:
- Cng ty t H Ni c cc phng ban: IT, Sale, Mar
- Phng ban IT: ng nh Cng (congdd), Vn Thi (thaidv) thuc nhm GG_S_IT.
- Phng ban Sale: V Vn Cng (cuongvv) thuc nhm GG_S_Sale
- Phng ban Mar: Nguyn Th nh (anhnt) thuc nhm GG_S_Mar
Thit lp quyn hn cho cc i tng ngi dng nh sau:
- Cp cho ti khon congdd c php qun l phng ban IT.
- Cho php cc ti khon congdd, thaidv c php qun l Server.
Kt hp vi Deploy qun tr trn Windows 7, Kim tra quyn hn ca cc i tng OU Admin:
- T my BKNP-WRK-01 s dng Remote Server Administration Tools ng nhp ti khon qun tr
congdd , to ti khon Nguyn Vn Thnh (thanhnv) phng ban IT.
2. Yu cu chun b:
- My Server (BKNP-DC08-01) c nng cp ln Domain Controller.
- My Client (BKNP-WRK-01) Join vo min.
3. Hng dn thc hin:
*To OU v ti khon ngi dng:
- Chn Start chn Programs chn Administrative Tools chn Active Directory Users and
Computers.- Nhp phi trn domain bachkhoa-npower.vn chn New Organizational Unit.
Trang 83
- Nhp vo tn OU cn to.
Trang 84
- Tng t cc bn phi chut vo OU H Ni to cc phng ban: IT, Sale, Mar
Trang 85
- To User v Group ( click vo link bn di )
Trang 86

Trang 87
*Thit lp ti khon congdd c quyn qun tr trn OU:

- Nhp phi trn OU cn thit lp chn Delegate control, mn hnh Welcome to the Delegation of Control
Wizard xut hin, nhn Next.
Trang 88
- Ti mn hnh Users or Groups, nhp Add thm vo i tng cn thit lp quyn hn, nhn Next.
Trang 89

- Ti mn hnh Task to Delegate, chn cc tc v ngi qun tr c php thc hin trn i tng OU. Sau
khi thit lp xong, nhn Next.
- Ti mn hnh Completing the Delegation of Control Wizard, nhp Finish hon tt.
Trang 90
*Cp quyn cho ti khon congdd, thaidv c php qun l Server:

- Nhp phi chut trn i tng ngi dng cn thit lp quyn chn Properties, chn Add to a group.
Trang 91
- Ti hp thoi Properties ca i tng ngi dng, chn Add thm nhm Server Operators, nhp OK
xc nhn.
Trang 92

- Sau khi thit lp xong, nhp OK kt thc qu trnh cp quyn.
- Trn my Client join vo min ci Remote Server Administration Tools
- M Control Panel chn Programs and Features
Trang 93
- Trong ca s Windows Features tick chn Remote Server Administration Tools.
Trang 94
- Khi ng li my v ng nhp vo min bng user congdd
Trang 95
- Vo Control Panel -> chn Administrative Tools
Trang 96
- Chn Active Directory Users and Computers
Trang 97
- Giao din qun tr ca Active Directory Users and Computers
Trang 98
- To User thanhnv ( tng t nh bi vit bn di )

To multi user bng Mail Merge t file excel c sn

- Cho cc bn! Hy th tng tng bn l nhn vin qun tr cho mt cng ti c 100 nhn vin, 20 b phn,
v rt nhiu nhm cn phi to. Chng l by gi ngi to tng user, group, ou mt? Mnh xin hng dn vi
cc bn mt cch to user nhanh chng t file excel c sn danh sch nhn vin.
Hng dn chi tit:
- To mi mt file excel v lp bng s liu bao gm cc thng s Logon Name, First Name, Last Name cho
cc ngi dng.
Trang 99
- Lu li file excel va to vi tn user.xlsx
Trang 100
- T ca s Word, son tho trc mt on command to user. Sau vo th Mailings > Start Mail Merge
> Step by step mail merge wizard.
Trang 101
- Ti Step 1 la chn Directory v nhn Next
Trang 102
- Nhn Next ti Step 2. Ti Step 3 click Browse v tm ti file user.xlsx va to trn
Trang 103
- Ti bng Select Tab nhn OK
- Ti bng Mail Merge Recipients nhn chn tt c v nhn OK v nhn Next ti Step 3.
Trang 104
- Ti Step 4, bi en anln, nhn vo More Items pha bn phi ri la chn trng tng ng l Logon
Name. Lm tng t vi cc trng First Name,Last Name v E-Mail
Trang 105
- Nhn Next ti Step 4 v 5.

- Ti Step 6 nhn To New Document v nhn Next
Trang 106
- Copy ni dung va to t Word sang Notepad ri lu li vi tn file User.bat
Trang 107
- Chy file User.bat va to ra.
- Cc bn m Active Directory Users and Computers ra kim tra
Cu hnh DNS trn Windows Server 2008
Trang 108

DNS (Domain Name System), ra i vo nm 1984 cho s pht trin ca Internet. Thut ng ny a ra mi quan h gia a
ch IP v tn min. H thng tn min (DNS) c s dng t tn cho cc thnh phn, thit b tham gia vo h thng mng
Internet. ngha thc t quan trng nht ca DNS l gi tr gi nh cao cho ngi s dng.
Cu hnh DNS trn Windows Server 2008:
Cu hnh DNS trn Widows Server 2008
Chn Start > Programs > Administrative Tools > Server Manager.
Trang 109
Ti ca s Server Manager, chn mc Roles, chn mc Add Roles.
Trang 110
Ti ca s Before You Begin, chn Next.
Trang 111
Ti ca s Select Server Roles, chn DNS Server, chn Next.
Trang 112
Ti ca s DNS Server, chn Next.Ti ca s Confirm Installation Selections, chn Install tin hnh ci
t.Qu trnh ci t s din raSau khi ci t xong, nhn Close kt thc qu trnh ci t.
Trang 113
To Zone thun (Forward Lookup Zone) tn bknpower.vn :Start > Programs > Administrative Tools >
DNS. Nhp phi trn mc Forward Lookup Zone > New Zone, mn hnh Welcome to the New Zone
Wizard xut hin, chn Next.
Trang 114
Ti mn hnh Zone Type, chn mc Primary zone, chn Next.
Trang 115

Ti mn hnh Zone Name, nhp vo tn min cn qun l, chn Next
Ti mn hnh Dynamic Update, chn Next.
Trang 116

Ti mn hnh Completing the New Zone Wizard, chn Finish kt thc qu trnh to Zone thun.
To Zone ngc tn 1.168.192.in-addr.arpa:Nhp phi chut trn Reverse Lookup Zone > New Zone, ti
mn hnh Welcome to the New Zone Wizard, chn Next.
Trang 117
Ti mn hnh Zone Type, chn mc Primary zone, chn Next
Ti mn hnh Reverse Lookup Zone Name, chn mc IPv4 Reverse Lookup Zone, chn Next.
Trang 118
Ti mn hnh Reverse Lookup Zone Name, nhp vo thng tin v a ch IP ca my DNS Server, chn
Next.
Trang 119

Ti mn hnh Dynamic Update, chn Next.
Ti mn hnh Completing the New Zone Wizard, nhp Finish kt thc qu trnh ci t Zone ngc.
Trang 120

y quyn cho min hcm.bknpower.vn:Trn my BKNP-DC08-01: Nhp phi chut trn min bknpower.vn
> New Delegation, mn hnh Welcome to the New Delegation Wizard xuthin, chn Next.
Ti mn hnh Delegated Domain Name, nhp vo tn min con, chn Next.
Trang 121
Ti mn hnh Name Servers, chn nt Add m t thng tin Name Server.
Trang 122

Ti hp thoi New Name Server Record, nhp thng tin ca Name Server qun l min con, nhp OK, sau
chn Next.
Ti mn hnh New Delegation Wizard, nhp Finish kt thc.
Trang 123
To Forwarder trn BKNP-SRV08-01 nh BKNP-DC08-01 phn gii h:Nhp phi trn DNS Server,
chn Properties, chn tab Forwarders.
Trang 124
Ti hp thoi Properties > Forwarder, chn Edit nhp vo a ch IP ca my cn Forwarder.
Trang 125
Nhp OK hon tt qu trnh m t Forwarder.
Ci t v cu hnh DHCP Server trn windows server 2008

- Dynamic Host Configuration Protocol (DHCP) l mt dch v c s h tng li trn cc mng, cung cp cc
thng tin nh a ch IP v my ch DNS cho cc my khch cng nh cc thit b khc. DHCP c s dng
bn khng phi gn tnh ti cc a ch IP cho mi thit b trn mng bn cnh cn qun l cc vn ca
vic nh a ch IP ng to ra. Cng ngy, DHCP cng c m rng thch hp vi cc dch v mng mi
nh indows Health Service v Network Access Protection (NAP). Mc d vy, trc khi c th s dng cc
dch v tin tin ca n, bn cn s phi ci t v cu hnh mt s vn c bn. chnh l ni dung chnh
mnh s gii thiu trong bi.
I. M hnh mng
Trang 126
II. Yu cu chun b.
- My BKNP-DC08-01 c nng cp ln Domain Controller v ci t DNS vi tn min l:
bachkhoa-npower.vn.
- My client (BKNP-WRK-01)
III. Hng dn chi tit
- bt u qu trnh ci t DHCP, bn c th kch vo Add Roles t ca s Initial Configuration Tasks
hoc t Server Manager > Roles > Add Roles.
Trang 127
- Khi Add Roles Wizard xut hin, bn hy kch Next trn mn hnh .
Trang 128
- Tip n, chn thnh phn mun b sung, DHCP Server Role, sau kch Next.
Trang 129
- Nu khng c a ch IP tnh c gn trn my ch th bn s gp mt cnh bo, cnh bo ny thng bo cho

bn bit rng bn khng nn ci t DHCP vi mt a ch IP ng.
- y, bn s c nhc nh v cc thng tin IP mng, thng tin v phm vi v cc thng tin DNS. Nu ch
ci t DHCP server m khng cn cu hnh cc phm vi v cc thit lp, bn ch cn kch Next xuyn sut cc
cht vn trong qu trnh ci t.
Trang 130
Trang 131
- Nhng g wizard ny hi l, what interface do you want to provide DHCP services on? tm c dch l
giao din bn mun cung cp cho cc dch v DHCP l g? Mnh chn mc nh v kch Next.
- Tip n, nhp vo Parent Domain, Primary DNS Server, v Alternate DNS Server (xem hnh bn di)
v kch Next.
Trang 132
- La chn NOT s dng WINS trn mng ca mnh v kch Next.
Trang 133
- Sau chng ta s c tng cp cu hnh DHCP scope cho DHCP Server mi. Chn cu hnh di a ch
IP l 192.168.1.10-254 cho hn 200 my khch trn mng ni b ca chng ta. thc hin iu , bn cn
kch Add b sung thm mt phm vi mi. Nh nhng g bn c th thy trong hnh bn di, Mnh t
tn Scope DHCP Server, cu hnh a ch IP bt u v kt thc l 192.168.1.10-192.168.1.254, subnet
mask l 255.255.255.0, default gateway l 192.168.1.1, kiu subnet (chy dy), v activated the scope.
Trang 134
- Quay tr li mn hnh Add Scope, chng ta kch Next b sung thm mt phm vi mi (khi DHCP Server
c ci t).
Trang 135
- Chn Disable DHCPv6 stateless mode cho my ch ny v kch Next.
Trang 136
Trang 137
- Sau xc nhn DHCP Installation Selections ca mnh (trn mn hnh bn di) v kch Install.
Trang 138
- Qu trnh ci t din ra
- Sau mt vi giy, DHCP Server s c ci t v chng ta s thy mt ca s xut hin nh hnh bn
di:
Trang 139
- Kch Close ng ca s ci t, sau chng ta hy chuyn sang cch qun l DHCP Server.
*Qun l Windows Server 2008 DHCP Server mi
- Start > Administrative Tools > DHCP Server
Trang 140
* ng trn my client kim tra

- Cu hnh ch nhn ip ng.- Vo Start - chn Run - g CMD
- G lnh: ipconfig /release v ipconfig /renew
Trang 141
- Win 2008 DHCP Server c cc my khch bknp-wrk-01 c lit k trong Address Leases
Trang 142
Ci t v cu hnh IIS 7 vi Single Website

Ni dung bi lab:
Ci t dch v IIS.
Cu hnh IIS vi Single Website.
M hnh lab:
Trang 143
Yu cu chun b:
Chun b hai my Server v mt my Client theo m hnh trn

My BKNP-DC08-01 Ci t Domain Name System vi tn: Bknpower.vn.
My BKNP-SRV08-01 dng t v cu hnh WebSite.
My BKNP-WRK-01 dng truy cp vo WebSite: www.bknpower.vn.
Hng dn chi tit:

*To d liu v ni dung WebSite t trn C.(thc hin trn my BKNP-SRV08-01)
- Vo My Computer > chn C > to New Folder c tn l: Website Bachkhoa-Npower
Trang 144
- To file homepage.htm nm trong th mc Bachkhoa-Npower c ni dung:
Trang 145
- To th mc C:/>Backhoa-Npower/npower
Trang 146
- To th mc C:/>Backhoa-Npower/npower/CEH
- To th mc C:/>Backhoa-Npower/npower/NCNA
Trang 147
*Ci t dch v IIS (trn my BKNP-SRV08-01)

- Chn Start > Progams > Administrative Tools > Server Manager
Trang 148
- Ti ca s Server Manager > chut phi vo Rule > chn Add Roles
Trang 149
- Ti ca s Before You Begin, Chn Next.
Trang 150
- Ti ca s Select Server Roles, chn Web Server (IIS)
Trang 151
- Ti ca s Add features required for Web Server (IIS)? > chn Add Required Features.
- Ti ca s Select Server Roles, chn Next.
Trang 152
- Ti ca s Web Server (IIS), chn Next.
Trang 153
- Ti ca s Select Role Service, chn cc Option Security > chn Next
Trang 154
- Ti ca s Confirm Installation Selections, chn Install thc hin vic ci t
Trang 155
- Ti ca s Installation Progress, Qu trnh ci t din ra
Trang 156
- Ti ca s Installation Results, chn Close ( kt thc qu trnh ci t IIS)
Trang 157
*Cu hnh dch v Web Server (IIS)

- Chn Start > Programs > Administrative Tools > Internet Information Service (IIS) Manager
Trang 158
- Ti ca s Internet Information Service (IIS) Manager, chut phi vo Site > chn Add Web Site
Trang 159
Ti ca s Add Web Site

Site name: To Hosting Web Site trn IIS vi tn: bknpower
Physical path: Browse ti d liu v ni dung WebSite t trn C
Hostname: www.bknpower.vn > chn OK
Trang 160
- ng trn my Client (BKNP-WRK-01) vo IE g www.bknpower.vn
Trang 161
*Add: homepage.htm thnh Default Document

- Chn bknpower > chn Default Document
Trang 162
- Ti ca s Default Document > chn Add
Trang 163
- Ti ca s Add Default Document, nhp tn :homepage.htm -> chn OK
*Enable Directory Browsing

- Chn bknpower > nhy p chut vo Directory Browsing
Trang 164
- Ti ca s Directtory Browsing, chn Enable
Trang 165
- ng trn my Client (BKNP-WRK-01) truy cp vi tn: www.bknpower.vn/npower thnh
Trang 166
*Enable Basic Authentication ( ngi dng vo phi nhp user v pass xc thc)
- Vo bknpower/npower > chn Authentication
Trang 167
- Ti ca s Authentication, chn Base Authentication > chn Enable
Trang 168
- Nhn chut phi vo My Computer > chn Manager
Trang 169

- Ti ca s Server Manager, chn Configuration, chn Local Users and Groups nhy chut phi vo
Users chn New User
- User name: bknp v Password: 123456a@ > chn Create
Trang 170
- Trn my Client (BKNP-WRK-01) truy cp www.bknpower.vn/npower i nhp User v Password yu

cu xc thc. nhp User: bknp v Pass: 123456a@
Trang 171
- Truy cp thnh cng.
Trang 172
*Chn IP khng cho php truy cp vo website

- Ti ca s bknpower Home, nhy p chut vo IPv4 Address and Domain Restrictions
Trang 173
- Ti ca s IPv4 Address and Domain Restrictions, chn Add Deny Entry
Trang 174
- Ti ca s Add Deny Restriction Rule, Nhp IP my Client cn chn khng cho vo Web > chn OK
Hng dn cu hnh multi web site kt hp vi DNS Sever
Ni dung bi lab:
Ci t dch v IIS.
Cu hnh IIS vi Multi Website kt hp vi DNS Server.
Trang 175
Cc bc cn thc hin:
Ci t v cu hnh dch v IIS trn my BKNP-SRV08-01

ng trn my Client (BKNP-WRK08-01) kim tra truy cp vi 3 website
Website1:
Website2:
Website3:
M hnh lab:
Yu cu chun b:
Chun b 2 my Server v 1 my Client theo m hnh Lab trn
My BKNP-DC08-01 Ci t Domain Name System vi tn: Bknpower.vn.

To ln lt cc bn ghi phn gii cho cc website
Trang 176
My BKNP-SRV08-01 dng t v cu hnh WebSite.

My BKNP-WRK-01 dng truy cp vo WebSite: .
Hng dn chi tit:

*To d liu v ni dung cho 3 website lu trn C
- Vo My Computer > chn C > to New Folder c tn l: bknpower.vn
- To file index.htm nm trong th mc bknpower.vn c ni dung:
Trang 177
- Vo My Computer > chn C > to New Folder c tn l: bknp.vn
Trang 178
- To file index.htm nm trong th mc bknp.vn c ni dung:
Trang 179
- Vo My Computer > chn C > to New Folder c tn l: bachkhoa-aptech.vn
Trang 180
- To file index.htm nm trong th mc bachkhoa-aptech.vn c ni dung:
Trang 181
*Ci t dch v IIS. (trn my BKNP-SRV08-01)

-Chn Start > Progams > Administrative Tools > Server Manager
Trang 182

- Ti ca s Server Manager > chut phi vo Rule > chn Add Roles
- Ti ca s Before You Begin, Chn Next.
Trang 183
- Ti ca s Select Server Roles, chn Web Server (IIS)
Trang 184
- Ti ca s Add features required for Web Server (IIS)? , chn Add Required Features
- Ti ca s Select Server Roles, chn Next.
Trang 185
- Ti ca s Web Server (IIS), chn Next.
Trang 186
- Ti ca s Select Role Service, Chn cc Option Security > chn Next
Trang 187
- Ti ca s Confirm Installation Selections, chn Install
Trang 188
- Ti ca s Installation Progress, Qu trnh ci t din ra
Trang 189
- Ti ca s Installation Results, chn Close ( kt thc qu trnh ci t IIS)
Trang 190
*Cu hnh dch v Web Server (IIS)

- Chn Start > Programs > Administrative Tools > Internet Information Service (IIS) Manager
Trang 191
- Ti ca s Internet Information Service (IIS) Manager, chut phi vo Site > chn Add Web Site
- Ti ca s Add Web Site
Trang 192

Site name: To Hosting Web Site trn IIS vi tn: bknpower.vn
Physical path: Browse ti d liu v ni dung WebSite t trn C
IP address: 192.168.1.3 Hostname: > Chn OK
- Click chut phi chut vo bknpower.vn > chn Edit Binding
Trang 193
- Ti ca s Site Bindings chn Add
- Ti ca s Add Site Bindings, chn Add
Trang 194
- Ti ca s Site Bindings, chn Close
- 2 website cn li lm tng t.
*To bn ghi phn gii cho cc website (thc hin trn my BKNP-DC08-01)
- Chn Start > Programs > Administrative Tools > DNS
Trang 195
- Ti ca s DNS Manager, nhn chut phi vo Forword Lookup Zone chn New Zone
Trang 196
- Ti ca s Welcome to the New Zone Wizard, chn Next.
Trang 197
- Ti ca s Zone Type, chn Primary zone, chn Next
Trang 198

- Ti ca s Active Directory Zone Replication Scope, chn Next.
- Ti ca s Zone Name, nhp tn zone vo > chn Next.
Trang 199
- Ti ca s Dynamic Update, chn Allow both nonsecure and sercure dynamic updates, chn Next.
Trang 200

- Ti ca s Completing the New Zone Wizard, chn Finish kt thc qu trnh to Forword Lookup
Zone.
- To bn ghi, Click chut phi vo Zone va to, Chn New Host (A or AAAA)
Trang 201
- Ti ca s New Host, trong phn IP address: nhp IP ca server WEB(BKNP-SRV08-01) > chn Add
Host
Trang 202
- Ti ca s New Host, trong phn Name: g www, IP address: nhp IP ca Server WEB (BKNP-SRV0801) > chn Add Host.
- To Zone Bachkhoa-aptech.vn v cc bn ghi tng t.

*ng t my Client (BKNP-WRK-01) kim tra truy cp vo cc website
- Truy cp website:
Trang 203
- Truy cp website: .
Trang 204
- Truy cp website: .
Trang 205
Group Policy - Cu hnh, sao lu v phc hi

- Group policy (GPO) c hiu nm na l chnh sch nhm. N bao gm cc thit lp cu hnh cho my tnh
v ngi s dng. Tin ch cho php a ra cch thc m cc chng trnh, ti nguyn, h iu hnh lm vic
vi my tnh v ngi dng trong mt hoc nhiu t chc.
- Trn thc t, Group Policy c s dng kh nhiu trn mi trng server-client. GPO ch yu c p dng
cho Site, Domain v OU. Trn my Client cng c GPO v c p dng khi my khng ng nhp vo ti
khon min.
Trang 206
Group Policy - Cu hnh, sao lu v phc hi
1. t hnh nn cho my Client:

Ti my BKNP-DC08-01 thc hin to th mc chia s nh nn
Trang 207
Truy cp Group Policy Management > nhn phi chut phng ban IT chn Create a GPO in this domain
Trang 208
t tn cho policy mi
Nhn phi chut ln Policy va to, chn Edit
Trang 209
Ti User Configuration > Policies > Administrative Template > Desktop > Desktop > nhn phi chut trn
Desktop Wallpaper chn Properties
Trang 210
Chn Enabled v tr ng dn ti tp tin nh va chia s ri nhn OK kt thc
Trang 211
Sau kt thc s dng lnh: gpupdate/force p dng chnh sch.
2. Chn truy cp Registry:

Truy cp Group Policy Management > nhn phi chut phng ban IT to mi Policy block registry. Nhn
chut phi ln Policy va to chn Edit
Trang 212
Nhn chut phi vo Prevent access to registry editing tools ri chn Properties
Trang 213
Chn Enabled v nhn OK kt thc
Trang 214
3. Kha Task Manager:

Tng t ta to mi Policy block task mgmt. Chut phi ln Policy va to chn Edit
Trang 215
Nhn chut phi vo Remove Task Manager chn Properties
Trang 216
Tick chn Enabled ri nhn OK kt thc
Trang 217
4. Chn s dng command:

Tng t ta to mi Policy block CMD. Chut phi ln Policy va to chn Edit
Trang 218
Nhn chut phi ln Prevent access to the command prompt chn Properties
Trang 219
Chn Enabled v nhn OK kt thc
Trang 220
5. Cm s dng Run:
Tng t ta to mi Policy block run. Chut phi ln Policy va to chn Edit
Trang 221
Nhn phi chut ln Remove Run from Start Menu chn Properties
Trang 222
Chn Enabled ri nhn OK kt thc
Trang 223
6. Backup v Restore Policy:

Backup nhn chut phi ln Group Policy Objects chn Back Up All
Trang 224
Chn ni lu tp tin Backup, nhp tn m t ri nhn Back Up bt u sao lu
Trang 225
Restore li cc Policy nhn chut phi trn Group Policy Objects chn Manage Backups
Trang 226
La chn cc Policy sao lu v nhn OK kt thc

Kim tra cc chnh sch khi p dng cho phng ban IT bng cch ng nhp bng ti khon Tuannv trn my
BKNP-WRK-01.
Bo mt h thng bng Group Policy

Bi tip theo s gii thiu 1 vi th thut gip bo mt ti khon ngi dng trong mi trng domain-client.
Trang 227
Bo mt h thng bng Group Policy
Thc thi cc chnh sch mt khu cho user Tuannv trong domain:
Thc hin trn my Domain Controller
Start > Administrative Tools > Group Policy Management.
Trang 228

Forest > Domains > bknpower.vn > Group Policy Objects, nhp chut phi Default Domain
Policy chn Edit.
Trong ca s Group Policy Management Editor, chn Computer Configuration > Policies >
Windows Settings > Security Settings > Account Policies > Password Policy.
Trang 229
Trong ca s bn phi cu hnh cc thng s nh sau:

Minimum password length: chn 10 k t chn OK.
Trang 230
Minimum password age: thit lp 19 ngy, chn OK.
Maximum password age: thit lp 20 ngy, chn OK.
Trang 231

Kha ti khon khi ng nhp sai nhiu ln:
Chuyn qua ca s phn bn tri, chn Account Lockout Policy.
Trong ca s bn phi, chn Account lockout threshold thit lp: 5 invalid logon attempts, chn
OK.
Trang 232
Trong ca s Account lockout duration chn kha 30 pht, chn OK.
Cm tt my tnh t xa:
Trong ca s Group Policy Management Editor, chn Computer Configuration > Policies >
Windows Settings > Security Settings > Local Policies > User Rights Assignment
Trang 233
Trong ty chn Force shutdown from a remote system chn remove nhm Server Operators
ch li mnh Administrators > chn Ok
Trang 234
Cm shutdown my tnh cc b:
Trong ty chn Shutdown the system chn remove nhm Server Operators.
Trang 235
Cm ng nhp my tnh cc b:
Trong ty chn Deny log on locally thm User mun cm ng nhp > chn Ok
Trang 236
Cu hnh chia s Internet s dng RRAS

Bi vit s a ra 1 li ch thc t khc t dch v RRAS....
Trang 237
Cha s kt ni Internet s dng RRAS
1. Ci t dch v Routing and Remote Access ( Thc hin BKNP-SRV08-01)

Start > CMD > g lnh: ipconfig kim tra a ch IP ca tng card mng.
Trang 238
Start > Programs > Administrative Tools > Server Manager
Trang 239
Ti ca s Server Manager nhn phi chut vo Roles > chn Add Roles
Trang 240
Trang 241
Ti ca s Select Server Roles, chn Network Policy and Access Service, chn Next.
Trang 242
Ti ca s Network Policy and Access Serices, chn Next.
Trang 243
Ti ca s Select Role Services, chn Routing and Remote Access Services, chn Next.
Trang 244
Ti ca s Confirm Installation Selections, chn Install thc hin qu trnh ci t
Trang 245
Qu trnh ci t din ra
Trang 246
Ti ca s Installation Results, chn Close kt thc
Trang 247
2. Cu hnh dch v Routing and Remote Access ( Thc hin BKNP-SRV08-01)

Start > Programs > Administrative Tools > Routing and Remote Access
Trang 248
Ti ca s Routing and Remote Access, nhn phi chut vo BKNP-SRV08-01 (local) > chn
Configure and Enable Routing and Remote Access
Trang 249
Ti ca s Welcome to the Routing and Remote Access Server Setup, chn Next.
Ti ca s Configuration, chn Custom configuration chn Next.
Trang 250
Ti ca s Custom Configuration, chn NAT, chn Next.
Trang 251
Ti ca s Completing the Routing and Remote Access Server Setup Wizard, chn Finish
Trang 252
Ti ca s Routing and Remote Access, chn IPv4 > nhn phi chut vo NAT > chn New
Interface
Trang 253
Ti ca s New Interface for IPNAT, chn card mng external, chn OK tip tc
Trang 254
Ti ca s Network Address Translation Properties external Properties, chn Public

interface connect to internet..., v Enable NAT on this interface > chn OK
Trang 255
Ti ca s Routing and Remote Access, chn IPv4, nhn chut phi vo NAT, chn New
Interface
Trang 256
Ti ca s New Interface for IPNAT, chn card mng internal > chn OK
Trang 257
Ti ca s Network Address Translation Properties external Properties, chn OK
Trang 258
3. Kim tra ng t my Client 1 kim tra ra ngoi Internet ( my BKNP-WRK-01)

Start > CMD > g lnh ping kim tra kt ni
Trang 259
Vo Internet Explorer -> vo kim tra truy cp website
Trang 260
Cu hnh nh tuyn tnh s dng RRAS trn Windows Server 2008
Trang 261
Cu hnh nh tuyn tnh s dng RRAS trn Windows Server 2008
Mc tiu: Kt ni c my BKNP-WRK-01 ti my BKNP-WRK-02

1. Thc hin trn my Client 1 (BKNP-WRK-01)
To th mc v chia s d liu.
Trang 262
2. Thc hin trn Router 1 (BKNP-SRV08-01)

Cu hnh IP cho tng card mng nh m hnh lab. (Hnh 6.2.1)
Trang 263
Ci t dch v Routing and Remote Access services

Trang 264
Ti ca s Server Manager, nhp phi chut vo Roles > chn Add Roles
Trang 265
Trang 266
Ti ca s Select Server Roles, chn Network Policy and Access Service > chn Next.
Trang 267
Trang 268
Ti Select Role Services, chn Routing and Remote Access Services > chn Next.
Trang 269
Trang 270
Qu trnh ci t din ra
Trang 271
Trang 272
Thit lp nh tuyn tnh

Trang 273
Trang 274
Ti ca s Welcome to the Routing and Remote Access Server Setup Wizard, chn Next.
Trang 275
Ti ca s Configuration, chn Custom configuration chn Next.
Trang 276
Ti ca s Custom Configuration, chn LAN routing, chn Next.
Trang 277
Ti ca s Completing the Routing and Remote Access Server Setup, chn Finish
Trang 278
Chn BKNP-SRV08-01(local) > chn IPv4 > nhn chut phi vo Static Routes > chn New
Static Route
Trang 279
Ti ca s IPv4 Static Route, in thng tin nh trong hnh > chn OK
Trang 280

3. Thc hin trn Router 2(my BKNP-SRV08-02)
Ci t a ch cho cc card mng nh trong m hnh.
Ci t dch v Routing and Remote Access services

Trang 281
Ti ca s Server Manager nhn chut phi vo Roles > chn Add Roles
Trang 282
Trang 283
Ti ca s Select Server Roles, chn Network Policy and Access Service, chn Next.
Trang 284
Trang 285
Trang 286
Trang 287
Qu trnh ci t din ra
Trang 288
Trang 289
Thit lp nh tuyn tnh

Trang 290
Trang 291
Trang 292
Ti ca s Configuration, chn Custom configuration chn Next tip tc
Trang 293
Ti ca s Custom Configuration, chn LAN routing, chn Next.
Trang 294
Trang 295
Chn BKNP-SRV08-02(local) > chn IPv4 > nhn chut phi vo Static Routes > chn New
Static Route
Trang 296
Ti ca s IPv4 Static Route, in thng tin nh trong hnh > chn OK
Trang 297

4. Kim tra Ping t my Client 2 ti my Client1 v truy cp vo ti nguyn chia s.
Thc hin Ping t my Client2 ti my Client 1
Truy cp vo th mc chia s
Trang 298
Cu hnh VPN Client to Site kt hp Radius

Kt ni VPN vn kh ph bin, tuy nhin, n li cha tht s an ton. tng tnh bo mt cho h
thng, bi vit s gii thiu cc bc cu hnh kt ni VPN Client to Site kt hp vi Radius Server.
Trang 299
Thc hin trn my DC (BKNP-DC08-01)

Trong phng ban IT cho php cc Group v User c php VPN Client to Site
Start > Programs > Administrative Tools > Active Directory Users and Computers
Kim tra cc OU, Group, User
Trang 300
To th mc v chia s th mc
Trang 301
Thc hin trn Radius Server (BKNP-SRV08-02)

Join my Radius Server vo Domain vCi t Radius Server
Login bknpower\administrator
Trang 302
Trang 303
Ti ca s Server Manager, nhn chut phi vo Roles > chn Add Roles
Trang 304
Ti ca s Select Server Roles, chn Network Policy and Access Services, chn Next
tip tc
Trang 305
Ti ca s Network Policy and Access Services, chn Next.
Trang 306
Ti ca s Network Policy Server,chn Network Policy Server, chn Next tip tc
Trang 307
Ti ca s Confirm Installation Selections, chn Install thc hin ci t
Trang 308
Ti ca s Installation Progress, qu trnh ci t din ra
Trang 309
Ti ca s Installtion Resuts, chn Close kt thc vic ci t
Trang 310
Cu hnh Radius Server

Start > Programs > Administrative Tools > Network Policy Server
Ti ca s Network Policy Server, RADIUS Clients and Servers > nhn chut phi vo
RADIUS Clients > chn New RADIUS Client
Trang 311
Ti ca s New RADIUS Client, trong phn Name and Address:

Friendly name: RADIUS Client
Address (IP or DNS): 192.168.1.1
Shared secret: 123456a@ | Confrim shared secret: 123456a@
> Chn OK
Trang 312
Ci t dch v VPN Server thc hin trn my BKNP-SRV08-01

Trang 313
Ti ca s Server Manager nhn chut phi vo Roles > chn Add Roles
Trang 314
Trang 315
Ti ca s Select Server Roles, chn Network Policy and Access Service > chn Next.
Trang 316
Trang 317
Trang 318
Trang 319
Qu trnh ci t din ra
Trang 320
Ti ca s Installation Results, chn Close.
Trang 321
Cu hnh dch v VPN

Trang 322
Ti ca s Routing and Remote Access, nhn phi chut vo BKNP-SRV08-01 (local) chn
Trang 323

Ti ca s Configuretion, chn Remote access (dial-up or VPN) > chn Next tip tc
Trang 324
Ti ca s Routing Access, chn VPN > chn Next.
Trang 325
Ti ca s VPN Connection, chn card mng external, chn Next.
Trang 326
Ti ca s IP address Assignment, chn From a specified range of addresses > chn Next
tip tc
Trang 327
Ti ca s Address Range Asignment, chn New
Trang 328
Ti ca s New IPv4 Address Range, nhp di mng cn cp pht > chn OK tip tc
Ti ca s Address Range Assignment, chn Next.
Trang 329
Ti ca s Managing Mutiple Remote Access Servers, chn Yes, set up this server to work
with a RADIUS server > chn Next.
Trang 330
Ti ca s RADIUS Server Selection, trong phn Primany RADIUS server : nhp tn a ch

ip ca RADIUS server v trong phn Shared secret : nhp password ging bn phn thit lp cu
hnh RADIUS Server : 123456a@
Trang 331
kt thc qu trnh ci t
Trang 332
Ti ca s Routing and Remote Access, chn OK
To kt ni VPN thc hin trn my Client (BKNP-WRK-01)

Nhn chut phi vo Network, chn Properties > chn Set up a new connection or network
Trang 333
Ti ca s Set Up a Connection or Network, chn Connect to a workplace, chn Next tip

tc
Trang 334
Ti ca s Connect to a Workplace, chn Use my Internet connection (VPN)
Trang 335
Chn Ill Set up an Internet connect later
Trang 336
Nhp a IP Publish ca cng ty vo phn Internet address, nhp tn m t cho card mng kt ni
VPN, chn Next.
Trang 337
Nhp thng tin user name v password ca user c php kt ni VPN, chn Create to
ng truyn kt ni
Trang 338
Ti ca s Connect Ket Noi VPN, chn Connect
Trang 339
Qu trnh kt ni din ra
Star > CMD > g lnh: ipconfig kim tra IP c c cp pht
Trang 340
G lnh Ping ti a ch IP ca DC (BKNP-DC08-01)
Truy cp vo th mc chia s
Trang 341
Ci t v cu hnh NPS cho VPN Client

Ci t v cu hnh NPS cho VPN Client
M hnh lab:
Trang 342
Yu cu chun b:
My BKNP-SRV08-01: C 2 card mng: Card 1 ng Internal, Card 2 ng External.

My BKNP-SRV08-02: t trong Internal chia s d liu.
My BKNP-WRK-01: lm VPN Client l Windows
Hng dn thc hin:
Trang 343

*Ci t RRAS v Network Policy Server
Ti my BKNP-SRV08-01:
- Chn Start > Program > Administrative Tools > Server Manager > Roles > chut phi chn Add Role v
chn Network Policy and Access Services ri nhn Next tip tc.
- Ti ca s Select Role Services, la chn Network Policy Server v Routing and Remote Access Services
ri nhn Next bt u qu trnh ci t
Trang 344
*To ngi dng v nhm VPN

- M Computer Management to mi ti khon VPN v thuc nhm VPN-group
Trang 345
- Cn chc chn rng ti khon vpn c truy cp thng qua chnh sch NPS
Trang 346
- Thm user vpn vo nhm VPN-group
Trang 347
*Cu hnh Routing and Remote Access

- Nhn chut phi ln BKNP-SRV08-01 chn Configure and Enable Routing and Remote Access
Trang 348
- Ti ca s ci t u tin, nhn Next tip tc
Trang 349
- La chn Remote Access (Dial-up or VPN)
Trang 350
- Ti ca s Remote Access, la chn VPN
Trang 351
- Ti ca s VPN Connection la chn card mng kt ni ra Internet
Trang 352
- Ti ca s IP Address Assignment la chn From a specified range of Addresses
Trang 353
- Ch nh di IP cp pht cho kt ni VPN
Trang 354
- Tip theo, la chn xc thc thng qua Routing and Remote Access
Trang 355
- Nhn Finish kt thc qu trnh ci t
Trang 356
*Cu hnh dch v NPS:

- Start > Programs > Administrative Tools > Network Policy Server
Trang 357
- V hiu ha cc chnh sch hin c trong Network Policies v to mi Policy: nhn phi chut vo Network
Policies chn New
Trang 358
- Ti ca s New Network Policy nhp tn cho chnh sch v kiu truy cp
Trang 359
- Ti ca s Specify Conditions nhn Add
Trang 360
- La chn User Groups
Trang 361
- La chn nhm VPN-group to trn
- Nhn Next tip tc
Trang 362
- Ti ca s Specify Access Permission chn Access Granted
Trang 363
- Ti ca s Configure Authentication Methods chn phng php xc thc l EAP MSCHAP v2
Trang 364
- Ti ca s Configure constraints nhn Next
Trang 365
- Ti ca s Configure Settings gi nguyn ty chn ri nhn Next
Trang 366
- Nhn Finish kt thc qu trnh cu hnh
Trang 367
- Thng tin chnh sch mi va c to
Trang 368
- Ti my Client to kt ni VPN
Trang 369
- Kim tra a ch IP c cp pht
- Truy cp vo my chia s d liu
Trang 370

Trin khai IPv6 cho h thng mng
ng trc s pht trin nh v bo ca Internet, nh mt iu hin nhin, sau hn 30 nm hot ng, lng
a ch IPv4 ng trc b vc cn kit trong trong khi tc pht trin ca Internet li cng tng mi ngy.
gii quyt vn ny, IPv6 vi khng gian a ch ln hn ra i cho php cung cp lng a ch IP ti
mc gn nh l v hn (2^128 a ch)
Trang 371

Trin khai IPv6 cho h thng mng
1. Cu hnh a ch IPv6 cho cc my:

Trn my BKNP-SRV08-02: M Network and Sharing Center.
Chn View status:
Trang 372
Chn Properties:
Trang 373
B du tch Internet Protocol Version 4 (TCP/IPv4).
Trang 374
Chn Properties vo mc TCP/IPv6 v in a ch: 2001:db8:1:2.
Trang 375
Chn OK > Close hon tt qu trnh t a ch IPv6.Trn my BKNP-SRV08-03 cng thit

lp tng t nhng vi di mng th 2 c a ch l: 2001:db8:2:2.
Trang 376
Trn my BKNP-SRV08-01 gn 2 a ch tng ng vi 2 Gateway ca 2 card mngGateway 1

c a ch l: 2001:db8:1:1
Trang 377
Gateway 2 c a ch l:
Trang 378
2. Thit lp tnh nng Routing and Remote Access Server

Ci t Routing and Remote Access Server:Chn Start > Programs > Administrative Tools >
Server Manager. chn Roles > Add Roles.Xut hin ca s Before You Begin, chn Next.Xut
hin ca s Select Server Roles > Network Policy and Access Services > Next
Trang 379
Sau khi xut hin ca s Network Policy and Access Sevices chn Next > Xut hin ca s
Select Role Services chn Routing and Remote Access Services, chn Next.
Trang 380
Sau khi xut hin ca s Confirm Installation Selections chn Install
Trang 381
Sau khi ci t thnh cng chn Close
Trang 382
3. Kch hot RRAS cho IPv6:

Start > Programs > Administrative Tools > Routing and Remote Access > chut phi vo
BKNP-SRV08-01(local) > Configure and Enable Routing and Remote Access
Trang 383
Trong ca s Welcome to the Routing and Remote Access Server Setup Wizard chn Next
Trang 384
Trong ca s Configuration chn Custom configuration, chn Next
Trang 385
Trong ca s Custom Configuration chn LAN routing, chn Next
Trang 386
Trong ca s Completing the Routing and Remote Access Server Setup chn Finish
Trang 387
Ca s Start the service xut hin chn Start service
Sau khi ca s Routing and Remote Access xut hin
Trang 388
Phi chut vo IPV6 chn Properties v tch chn IPv6 Router
Trang 389
Chn OK hon tt.

4. Kim tra sau khi cu hnh:
Kim tra kt ni t Client 1 n Client 2
Trang 390
Trin khai IPv6 kt hp IPv4 cho h thng mng

Bi tip theo, s a ra gii php gip hot ng ng thi c 2 nn tng IPv6 v IPv4 trn cng mt h
thng mng, khi m IPv6 vn cha th "ph sng" ton phn.
Trang 391
Trin khai IPv6 kt hp IPv4 cho h thng mng
1. Cu hnh a ch IPv4 v IPV6 cho cc my:

Cu hnh a ch mng cho my BKNP-SRV08-03 l 2001:db8:1::192.168.1.2/64 trong
192.168.1.2 l IPv4 ca mng IPv4 192.168.1.0/24
Trn my BKNP-SRV08-03: chut phi vo biu tng Network trn thanh Taskbar gc mn
hnh chn Network and Sharing Center.
Trang 392
Chn View status:
Trang 393
Chn Properties:
Trang 394
Chn Internet Protocol Version 6(TCP/IPv6)
Trang 395
in a ch IPv6 kt hp vi IPv4 l: 2001:db8:1::192.168.1.2 vi Gateway tr ti a ch:

2001:db8:1::192.168.1.1, Chn Ok
Trang 396
Tip tc chn Internet Protocol Version 4(TCP/IPv4)
Trang 397
in a ch IPv4 l 192.168.1.2 vi Gateway 192.168.1.1
Trang 398
Trn my BKNP-SRV08-02 cng thit lp tng t nhng vi di mng th 2 c a ch l:

2001:db8:2:2.
Trang 399
Cu hnh a ch mng cho my BKNP-SRV08-01 vi Card mng 1 c a ch

2001:db8:1::192.168.1.1/64 trong 192.168.1.1 l IPv4 ca mng IPv4 192.168.1.0/24
Chut phi vo Network trn thanh Taskbar gc mn hnh > Network and Sharing Center >
View Status card mng 1 > Chn Properties > Chn Internet Protocol Version 6 (TCP/IPv6).
Trang 400
Trong tab Genteral in a ch IP: 2001:db8:1::192.168.1.1 v y chnh l a ch Gateway nn

khng cn in Default gateway. Sau chn OK
Trang 401
Tip tc chn Internet Protocol Version 4 (TCP/IPv4)
Trang 402
in a ch IPv4 l 192.168.1.1
Trang 403

Cu hnh a ch cho Card mng 2:
Network and Sharing Center > View Status Card mng 2 > Chn Properties > Chn Internet
Protocol Version 6(TCP/IPv6) gn a ch ch l: 2001.db8:2::1
2. Thit lp tnh nng Routing and Remote Access Server

Ci t Routing and Remote Access Server:
Chn Start > Administrative Tools > Server Manager. Chn Roles > Add Roles.
Xut hin ca s Before You Begin, chn Next.
Xut hin ca s Select Server Roles, chn Network Policy and Access Services v Next
Trang 404
Sau khi xut hin ca s Network Policy and Access Sevices chn Next > Xut hin ca s
Select Role Services ta tch vo Routing and Remote Access Services v chn Next.
Trang 405
Sau khi xut hin ca s Confirm Installation Selections chn Install
Trang 406
Sau khi ci t thnh cng chn Close.
Trang 407
Kch hot RRAS cho IPv6:

Nhp chut phi vo BKNP-SRV08-01(local) > Configure and Enable Routing and Remote
Access
Trang 408
Trong ca s Welcome to the Routing and Remote Access Server Setup Wizard chn Next
Trang 409
Trong ca s Configuration chn Custom configuration, chn Next
Trang 410
Trong ca s Custom Configuration chn LAN routing, chn Next
Trang 411
Trong ca s Completing the Routing and Remote Access Server Setup Wizard chn Finish
Ca s Start the service xut hin chn Start service
Sau khi ca s Routing and Remote Access xut hin
Trang 412
Phi chut vo IPV6 chn Properties v tch chn IPv6 Router
Trang 413
Chn OK hon tt.

3. Kim tra sau khi cu hnh:
Kim tra kt ni t Client 1 n Client 2.
Trang 414
Cu hnh DFS Replication trn Windows Server 2008

Bi vit a ra nhng cu hnh c bn v thc t nht v DFS. Trong bi vit ny s gii thiu v cu hnh
ng b th mc qua DFS trn Windows Server 2008...
Trang 415
Cu hnh DFS Replication trn Windows Server 2008
1. Ci t dch v DFS trn DC (BKNP-DC08-01)

Trang 416
Ti ca s Server Manager, chn Roles > Add Roles
Trang 417
Trong ca s Before You Begin, chn Next.
Trang 418
Ti ca s Select Server Roles, chn File Services > chn Next.
Trang 419
Ti ca s Select Role Serives, chn Distributed File System > chn Next.
Trang 420
Ti ca s Create a DFS Namespace, chn Create a namespace now, using this wizard, nhp
tn Namespace: Data
Trang 421
Ti ca s Select Namespace Type, chn Next.
Trang 422
Ti ca s Configure Namespace, chn Next tip tc
Trang 423
Trang 424
Trang 425
Ti ca s Installation Results, chn Close kt thc qu trnh ci t
Trang 426
To th mc ProjectDocs trn C my BKNP-SRV01-01

2. Ci t dch v DFS trn c 2 Server BKNP-SRV08-01 v BKNP-SRV08-02
Start > Administrative Tools > Server Manager
Trang 427
Ti ca s Server Manager, chn Roles > Add Roles
Trang 428
Trang 429
Ti ca s Select Server Roles, chn File Service > chn Next.
Trang 430
Ti ca s Select Role Services, chn Distributed File System, chn Next tip tc
Trang 431
Ti ca s Create a DFS Namespace, chn Create a namespace later using the DFS
Manager snap-in in Server Manager > chn Next.
Trang 432
Ti ca s Confirm Installation Selections, chn Install ci t
Trang 433
Trang 434
Ti ca s Installation Results, chn Close kt thc qu trnh ci t DFS
Trang 435
3. Cu hnh dch v DFS trn my BKNP-SRV08-01

Start > Programs > Administrative Tools > DFS Management
Trang 436
Ti ca s DFS Management, chut phi Replication > New Replication Group
Trang 437
Ti ca s Replication Group Type, chn Replication group for data collection > chn Next.
Trang 438
Ti ca s Name and Domain, trong Name of replication group in tn: ProjectDocs, chn
Next tip tc
Trang 439
Ti ca s Branch Server, trong Name chn Browse > tm my BKNP-SRV08-01 >chn

Next tip tc
Trang 440
Ti ca s Replicated Folders, chn Add
Trang 441
Ti ca s Add Folder to Replicate, chn Browse
Trang 442
Ti c s Browse For Folder, chn th mc ProjectDocs > chn OK
Ti ca s Add Folder to Replicate, chn OK
Trang 443
Ti ca s Replicated Folders, chn Next.
Trang 444
Ti ca s Hub Server, chn Browse > chn my server BKNP-SRV08-02 ng b th

mc ProjectDocs > chn Next.
Trang 445
Ti ca s Target Folder on Hub Server, chn Browse ti a C ng b, chn Next

tip tc
Trang 446
Ti ca s Replication Group Schedule and Bandwidth, chn Replicate continuously using

the specified bandwidth > trong phn Bandwidth: chn Full > chn Next.
Trang 447
Ti ca s Review Settings and Create Replication Group, chn Create
Trang 448
Ti ca s Confirmation, qu trnh to Replication Group thnh cng > chn Close
Trang 449
Ti ca s DFS Management, chn ProjectDocs, chn Tab Replicated Folders, nhn chut
phi vo ProjectDocs, chn Share and Publish in Namespace
Trang 450
Ti ca s Publishing method, chn Share and publish the replicated folder in a namespace
> chn Next.
Trang 451
Ti ca s Share Replicated Folders, bi en c hai my server, chn Next tip tc
Trang 452
Ti ca s Namespace Path, chn Next.
Trang 453
Ti ca s Review Settings and Share Replicated Folder, chn Share
Trang 454
Ti ca s Confirmation, qu trnh ci t xong, chn Close
Trang 455
4. Kim tra trn my Server BKNP-SRV08-02

Vo C kim tra th mc ProjectDocs ng b
Trang 456
Cu hnh Quota v File Screening

Trong mi trng c nhiu User cng nh phn cng c gii hn th vic t hn ngch cng nh hn ch
ngi dng tr ln quan trng hn. Bi vit s gii thiu v thit lp hn ngch cng nh hn ch kiu ti
nguyn dnh cho ngi s dng.
Trang 457
Cu hnh Quota v File Screening
1. Ci t dch v File Server Resource Manager:

Start > Program Files > Administrative Tools > Server Manager > Roles > File Services >
Add Role Services
Trang 458
Ti mn hnh Configure Storage Usage Monitoring, chn a C > nhn Next tip tc
Trang 459
Ti mn hnh Set Report Option, gi nguyn ty chn th mc lu tr bo co > nhn Next

tip tc.
Trang 460
Nhn Install bt u qu trnh ci t
Trang 461
To Quota Template gii hn 100 MB v thit lp Quota cho ngi dng

Start > Program Files > Administrative Tools > File Server Resource Manager > Quota
Management > nhn chut phi trn Quota Templates chn Create Quota Template
Trang 462
Ti ca s Create Quota Template nhp tn, nhn v ch nh dung lng cho Template ri nhn
Edit tip tc
Trang 463
Ti ca s Threshold chn Send email to v nhp a ch email khi c thng bo
Trang 464
Ti th Event Log chn Send warning to event log
Trang 465
Ti th Report, chn Generate Reports, Quota Usage ri nhn OK tip tc
Trang 466
Nhn chut phi vo Quota chn Create Quota
Trang 467
Ti hp thoi Create Quota, ch nh th mc ch v la chn Quota for User
Trang 468
Thng tin cu hnh Quota
Trang 469
2. Cu hnh gii hn ngi dng lu tr cc dng file: exe, audio, video.

File Screening Management > File Screens > Nhn chut phi vo Create File Screen
Trang 470
Ti ca s Create File Screen ch nh ng dn v nhn Create to mi.
Trang 471
Nhn phi chut ln File Screen va to chn Properties v la chn kiu tp tin cho php lu tr
Trang 472
Ti my Client tin hnh sao chp d liu, thng bo s xut hin khi dung lng vt qu hn
ngch cho php
Trang 473
Thng bo t chi lu tr vi cc dng file khng c php
Trang 474

To mt bo co mi v thit lp bo co theo lch biu
Nhn phi chut vo Storage Reports Management chn Schedule New Report Task
Ti mn hnh Storage Reports Task nhp th mc lu tr v cc bo co c xut ra

Trang 475
Th Delivery chn Send reports to the following administrators gi bo co ti ngi qun

tr thng qua mail
Trang 476
Th Schedule chn Create schedule to lch biu
Trang 477
Ti th Schedule nhp thi gian cho lch biu t ng
Trang 478
xut file bo co ngay lp tc, nhn chut phi ln Report Task va mi to chn Run Report
Task Now
Trang 479
Ti hp thoi Generate Storage Reports nhn OK to bo co
Trang 480
Ni dung file Report va c to ra
Trang 481
Trang 482
Cu hnh Backup v Shadows Copy
Cu hnh Backup v Shadows Copy

m bo cho h thng lun sn sng hot ng cng nh ng ph nhanh vi cc trng hp khn cp l
mt trong nhng yu t quan trng hng u ca mt h thng mng. Bi vit s gii thiu v 2 tnh nng
c lc sn c trn my ch l Backup v Shadow Copy.
Trang 483
Cu hnh Backup v Shadow Copy
Ni dung cn thc hin:

* Trn my BKNP-SRV08-01:
-To th mc cha d liu phng ban.
-Thit lp Shadow Copy.
-Thit lp Backup v t lch t ng.
* Trn my BKNP-WRK-01:
-Thc hin xa sa trn th mc.
-Khi phc li bng tnh nng Shadow Copy.
Trang 484

1. Cu hnh Shadow Copies
Vo My Computer > nhn chut phi vo a D > chn Configure Shadow Copies
Ti ca s Shadow Copies, chn D, chn Enable
Trang 485
Ti ca s Shadow Copies, chn OK
Trang 486
2. Ci t Windows Server Backup

Start > Administrative Tools > Server Manager
Trang 487
Ti ca s Server Manager, chn Features > chn Add Features
Trang 488
Ti ca s Select Features, chn Windows Server Backup Features > Windows Server
Backup > Command-lie Tools
Trang 489
Trang 490
Trang 491
Ti ca s Installation Results, chn Close kt thc qu trnh ci t
Trang 492
Thit lp Backup v t lch t ng Backup cho Server

Start > Administrative Tools > Windows Server Backup
Trang 493
Ti ca s Windows Server Backup, chn tab Action, chn Backup Schedule
Trang 494
Ti ca s Getting stated, chn Next.
Trang 495
Ti ca s Select backup configuration, chn Custom > chn Next.
Trang 496
Ti ca s Select backup items, chn backup l C > chn Next.
Trang 497
Ti ca s Specify backup time t lch t ng thc hin Backup > chn Next.
Trang 498
Ti ca s Select destination disk, chn Show All Available Disks
Trang 499
Ti ca s Show all Available Disks, chn lu d liu Backup > chn OK.
Trang 500
Ti ca s Select destination disk, chn lu file backup > chn Next.
Trang 501
Ti ca s Windows Server Backup, chn Yes
Ti ca s Label destination disk, chn Next.
Trang 502
Ti ca s Conf irmation, chn Finish kt thc qu trnh t lch bac kup
Trang 503
Ti ca s Summary, chn Close
Trang 504
Bo mt n gin s dng Windows Firewall

i khi cng khng cn thit phi s dng ti cc phn mm chuyn nghip gii quyt nhng vn
n gin. Bi vit s hng dn to rule n gin cho php chn hay cho php ping v remote desktop.
Trang 505
*YU CU*
Trn my Server BKNP-SRV08-01 dng Windows Firewall bo mt cho h thng:
Chn cc my 192.168.1.10, 192.168.1.20 khng c php truy cp vo Server.

Cho php my 192.168.1.30 c php RDP, ping vo my Server.
Trn my Server chn s dng Internet Explorer khi cc ti khon Remote vo.
Trang 506
Ti my BKNP-SRV08-01 truy cp Windows Firewall: Start > Administrative Tools > Windows Firewall
with Advance Security
Nhp phi chut ln Windows Firewall with Advance Security chn Properties
Trang 507
Ti th Private Profile chn Off ti Firewall State v nhn OK tip tc
Trang 508
To rule cho php ping t a ch 192.168.1.30

Nhn chut phi ln Inbound Rule > New Rules > Rule Type chn Custom
Trang 509
Trong mn hnh Programs, chn All Programs
Trang 510
Ti mn hnh Protocol and Ports, chn ICMPv4 ti Protocol Type
Trang 511
Thm a ch 192.168.1.30 ti phn Remote IP Address
Trang 512
La chn Allow the connection v nhn Next tip tc
Trang 513
Ti mn hnh Profile, chn Public v nhn Next tip tc
Trang 514
Ti mn hnh Name, t tn cho Rule va khi to
Trang 515
To Rule chophp Remote Desktop t a ch IP 192.168.1.30

Nhn chut phi vo Inbound Rules > New Rule.
Ti mn hnh Protocol and Ports: chn TCP ti Protocol Type, chn Specific Ports vi Port 3389 ti Local
Port
Trang 516
Nhp a ch IP 192.168.1.30 vo phn Remote IP Address
Trang 517
Ti mn hnh Action chn Allow the connection
Trang 518
Ti mn hnh Profiles chn Public ri nhn Next tip tc
Trang 519
Ti mn hnh Name, t tn cho Rule va to
Trang 520
To Rule chn s dng IE:

Nhn chut phi vo Outbound Rules > New Rule
Trang 521
Ti mn hnh Rule Type chn Program
Trang 522
Ti mn hnh Programs chn This Program path v browse ti tp tin IE
Trang 523
Ti mn hnh Action, chn Block the connection
Trang 524
Ti mn hnh Profiles chn Public v nhn Next tip tc
Trang 525
t tn cho Rule va to
Trang 526
Ci t v cu hnh Active Directoy Rights Management Services (AD RMS)

- Windows Server 2008 tch hp sn dch v Active Directoy Rights Management Services (AD RMS). AD
RMS c chc nng phn quyn trn ti nguyn (document, e-mail.)
- Cc loi d liu h tr quyn ca AD RMS gm: MS Word, MS Excel, MS Power Point, MS Outlook phin
bn 2003 v 2007
Cc bc cn thc hin trong bi Lab:
- Ci t AD RMS.
- Cu hnh AD RMS.
- Phn quyn ti nguyn:
Trang 527
To v share tp tin bknpower.doc dng (Office 2007) lu trn Server.

User: Anln ch c quyn xem ti liu, khng c cc quyn khc nh: copy, paste.
User: Hoavq c quyn vi ti liu ny nh: xem, chnh sa ni dung v lu.
Kim tra quyn sau khi thc hin.
M hnh Lab:
Ci t v cu hnh Active Directoy Rights Management Services (AD RMS)
Trang 528

Yu cu chun b:
My server BKNP-DC08-01 c nng cp ln Domain Controller.

To mt ti khon: ADRMS thuc nhm Domain Admins.
To 2 user: Hoavq v Anln trn domain: Bknpower.vn
Ci t Office 2007 trn cc my trin khai.
Hng dn chi tit

* Ci t AD RMS:
- Chn Menu Start > Administrative Tools > Server Manager.
- Chn Roles > Add Roles.
- Xut hin ca s Before You Begin, chn Next.
- Xut hin ca s Select Server Roles, chn Active Directory Rights Management Services.
- Xut hin thm ca s yu cu ci thm dch v cho Web Server. Chn Add Required Role Service.
Trang 529
- Chn Next, xut hin ca s Introduction to Active Directory Rights Management Services. Hin th cc
thng tin v AD RMS.
- Chn Next, xut hin ca s Select Role Services, chn Active Directory Rights Management Server.
Trang 530
- Chn Next, xut hin ca s Create or Join AD RMS Cluster, chn Creat a new AD RMS Cluster.
Trang 531
- Chn Next, xut hin ca s Select Configuration Database, chn Use Windows Internal Database on
this server.
Trang 532
- Chn Next, xut hin ca s Specify Service Account, chn Specify
Trang 533
- Xut hin ca s Add Roles Wizard, nhp vo ti khon ADRMS to phn chun b.
Trang 534
- Chn OK, xut hin li ca s Specify Service Account.
Trang 535
- Chn Next, xut hin ca s Configure AD RMS Key Storage, chn Use AD RMS Centrally managed
key storage.
Trang 536
- Chn Next, xut hin ca s Specify AD RMS Cluster Key Password, to mt khu cho AD RMS cluster.
Trang 537
- Chn Next, xut hin ca s Select AD RMS Cluster Web Site, chn Default Web Site.
Trang 538
- Chn Next, xut hin ca s Specify Cluster Address, chn Use an SSL-encrypted connection (, nhp tn
BKNP-DC08-01.bknpower.vn vo Fully-Qualified Domain Name, chn Validate
Trang 539
- Chn Next, xut hin ca s Choose a Server Authentication Certificate for SSL Encryption, chn
Create a self-signed certificate for SSL encryption.
Trang 540
- Chn Next, xu thin ca s Name the Server Licensor Certificate.
Trang 541
- Chn Next, xut hin ca s Register AD RMS Service Connection Point, chn Register the AD RMS
service connection point now.
Trang 542
- Chn Next, xut hin ca s Web Server (IIS).

- Chn Next, xut hin ca s Select Role Servics, chn mc nh.
Trang 543
- Chn Next, xut hin ca s Confirm Installation Selections.
Trang 544
- Chn Install, qu trnh ci t AD RMS din ra v hon thnh.
Trang 545
- Chn Close
Trang 546
*Cu hnh RMS:

- Trn my ci AD RMS, khi ng dch v ny t Start > Administrative Tools > Server Manager >
Active Directory Right Management Services. Khi ng ln u tin xut hin ca s Security Alert
cu hnh Certificate
Trang 547
- Chn View Certificate, xut hin ca s Certificate.
Trang 548

- Chn Install Certificate, xut hin ca s Welcome to the Certificate Import Wizard.
- Chn Next, xut hin ca s, Certificate Store, chn Place all, chn Browse v chn Trusted Root
Certificate Authorities.
Trang 549
- Chn Next, xut hin ca s Completingthe Certificate Import Wizard.

- Chn Finish, xut hin ca s Security Warning.
Trang 550
- Chn Yes, xut hin ca s Certificate Import Wizard.
- Chn OK, xut hin ca s Active Directory Rights Management Services.
Trang 551
*Phn quyn ti nguyn:

- Trn my ci AD RMS to tp tin bknpower.docx ni dung ty lu ti:
\\BKNP-DC08-01\Data\bknpower.docx
- M tp tin bknpower.docx. Chn biu tng Office gc tri mn hnh, chn Prepare > Restrict Permission
> Restricted Access
Trang 552
- Xut hin ca s chng thc t Server nhp ti khon v mt khu trong nhm Admins.
- Sau khi chng thc ti khon thnh cng, xut hin ca s Permission, chn Restrict permission to this
document.
Anln ch c quyn c: nhp ti khon ny ti dng Read

Hoavq c quyn thay i tp tin: nhp ti khon ny ti dng Change
Trang 553
- Khi trn tp tin Word ang m, xut hin Restricted Access.
*Kim tra quyn sau khi thc hin:
Trang 554

- ng nhp ti khon Anln
- M tp tin bknpower.docx ti \\BKNP-DC08-01\\Data\\bknpower.docx
- Xut hin ca s Security Alert, chn Yes
- Xut hin ca s yu cu chng thc ti khon mun truy cp tp tin ny. Nhp ti khon v mt khu ca
Anln.
- Chn OK, qu trnh kim tra quyn truy cp tp tin ny cho Anln
- Xut hin ca s Microsoft Office, thng bo tp tin ny b gii hn quyn truy cp
Trang 555
Sau khi kim tra thnh cng ni dung ca tp tin ny s c hin th:
Ta c th kim tra li quyn truy cp trn tp tin ny ca Anln bng cch chn View Permission trn
dng Restricted Access.
Trang 556
- Ti khon ca Anln ch c quyn c ngoi ra khng c quyn no khc.
Trang 557
- ng nhp ti khon Hoavq v truy cp vo \\BKNP-DC08-01\Data\bknpower.docx

Thc hin cc bc tng t nh Anln. Khi ni dung tp tin bknpower.docx hin th, chn View permission
kim tra lai quyn trn ti khon ca Hoavq.
Trang 558
Backup v Restore database AD DS trn windows server 2008

Ni dung bi lab:
- Ci t Windows Server Backup Feature sau :
- To mt lch sao lu (Scheduled Backup).
- Thc hin sao lu (Backup AD).
- Khi phc li c s d liu ca Active Directory Domain Service 2 ch :
- Ch 1: Authoritative Restore.
- Ch 2: Non Authoritative Restore.
Cc bc cn thc hin:
- To mt lch sao lu (Scheduled Backup).
- Thc hin sao lu (Backup AD).
- Khi phc li c s d liu: theo kiu Authoritative Restore.
- Khi phc li c s d liu: theo kiu Non Authoritative Restore.
M hnh lab:
Trang 559
Yu cu chun b:
- Mt my ci Windows server 2008 (BKNP-DC08-01) nng cp ln DC (BKNP-DC08-01.BKNPOWER.VN).
Hng dn chi tit:
*Ci t Windows Server Backup Feature
- Chn Start > chn Programs > chn Administrative Tools > chn Server Manager > chn Features >
chn Add Features
Trang 560
- Trong ca s Select Features, chn Windows Server Backup Features, chn Windows Server Backup
v Command-line Tools, chn Next tip tc
Trang 561
- Chn Install, thc hin qu trnh ci t lin tc
Trang 562
- Sau khi ci t hon thnh, chn Close.
Trang 563
*To mt Scheduled Backup

- Chn Start > chn Progams > chn Administrative Tools > chn Windows Server Backup
Trang 564
- Chn Actions > chn Backup Schedule.
Trang 565
- Trong ca s Getting Started, chn Next tip tc
Trang 566
- Trong ca s Select backup configuration, chn Custom sau chn Next
Trang 567
- Trong ca s Specify backup time, chn Once a day, chn 10:30 am, sau chn Next.
Trang 568
- Trong ca s Select destination disk, chn Show All Available Disks.
Trang 569
- Trong ca s Show All Available Disks, chn Disk 1, chn OK.
Trang 570
- Trong ca s Select destination disk, chn Disk 1, sau chn Next.
Trang 571
- Trong ca s Windows Server Backup, chn Yes sau chn Next.
- Trong ca s Label destination disk, chn Disk 1, sau chn Next.
Trang 572
- Trong ca s Confirmation, chn Cancel trnh format E
Trang 573
- Trong ca s Summary, chn Close
Trang 574
*Thc hin Backup AD

- chn Start > chn Run > g CMD > chn OK
- G lnh: wbadmin start systemstatebackup backuptarget:f:

- Sau nhn phm y > nhn phm Enter
Trang 575
- Qu trnh backup din ra tm 20 n 30 pht
- Qu trnh backup hon tt
Trang 576
- Vo F kim tra.
Trang 577
- M Active Directory Users and Computers, chn menu View > Advanced Features
Trang 578
- Click phi chut vo OU IT -> chn Properties, chn Tab Object, b du check mc Protect object from
accidental deletion -> chn OK
Trang 579
- Click phi chut vo OU IT -> chn Delete
Trang 580
*Restore database AD DS
- Trn my DC, chn Start > chn Command Prompt, Nhp bcdedit /set safeboot dsrepair, nhn phm
ENTER.
Ch : Restart my, sau nhn F8, chn Directory Services Restore Mode
Restore d liu system state
- Nhp shutdown -t 0 -r, nhn phm ENTER. My tnh s Restart
- Logon vi ti khon Local Administrator.
Trang 581
- Chn Start, nhp chut phi Command Prompt, chn Run as administrator.
- Ti Command prompt, Nhp lnh : wbadmin get versions
Trang 582
- Chn phin bn backup gn nht, nhp lnh:

wbadmin start systemstaterecovery version:04/26/2011-14:30
(vi version l s ma bn tm hiu bc trn), nhn phm ENTER. Nhn phm Y, nhn phm ENTER. Qu
trnh Restore c th mt 30-35 pht.'
- Restored thng tin ca i tng b delete

- Ti Command prompt, nhp ntdsutil, nhn phm ENTER.
- Ti du nhc ntdsutil nhp Activate instance ntds, nhn phm ENTER.
Trang 583

- Nhp tip: authoritative restore, nhn phm ENTER
- Ti restore subtree nhp: OU=IT,DC=bknpower,DC=vn , nhn phm ENTER, sau chn Yes.
- Nhp quit, nhn phm ENTER. Nhp tip quit, nhn phm ENTER.
- Kim tra li i tng delete c restore
- khi ng li server ch bnh thng, nhp bcdedit /deletevalue safeboot, ENTER.
- Nhp shutdown -t 0 r, nhn phm ENTER.

- Sau khi Server restarts, logon vi ti khon Administrator.
- M Active Directory Users and Computers, kim tra OU IT c Restored.
Trang 584
Cu hnh AD DS Auditing
Ni dung bi lab:
- Kho st trng thi hin ti ca audit policy.
- Enable DSAA trn domain controllers.
- Thit lp SACL cho domain.
- Kim tra policy.
M hnh Lab:
Trang 585
Cu hnh AD DS Auditing
Yu cu chun b:
- My BKNP-DC08-01 c nng cp ln Domain Controller.
Hng dn chi tit:
*Kho st trng thi hin ti ca audit policy.
Chn Start > Command Prompt.
Trang 586
- Trong ca s command-prompt, nhp Auditpol.exe /get /category:*, ENTER, kho st cc thit lp mc

nh ca audit-policy.
- Enable DS Access auditing trn domain controllers: Start > Administrative Tools > Group Policy
Management. Nhp chut phi Default Domain Controllers Policy, chn Edit.
Trang 587
- Chn Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies >
Audit Policy. Tt c cc thit lp policy trng thi Not Defined.
Trang 588
- Chn Audit Directory Service Access, chn Define these policy settings, chn Success v Failure sau
chn OK.
Trang 589
- ng Group Policy Management Editor v Group Policy Management console.

- Khi ng Command Prompt g lnh gpupdate/force ENTER.
- Khi cp nht hon thnh, chy li lnh Auditpol.exe /get /category:* kho st li cc thit lp policy.
- Thit lp SACL cho domain: Start > Administrative Tools > Active Directory Users and Computers.
Chn View > Advanced Features.
Trang 590
- Nhp chut phi bknpower.vn, chn Properties.
Trang 591
- Trong ca s Properties, chn tab Security, chn Advanced, chn tab Auditing, sau chn Add.
- Trong ca s Select Users, Computers and Groups, nhp Everyone, chn OK.
- Trong ca s Auditing Entry for bknpower, chn c hai ct Successful v Failed, chn Write all
Properties chn OK 3 ln.
Trang 592
- Kim tra policy: Nhp chut phi ln OU IT, chn Rename: ITAdmin.
Trang 593
- M Event Viewer Windows Logs Security.

- Chn cc Event 4662, v kho st cc event ny.
Trang 594
- Quay li Active Directory Users and Computers, edit mt user bt k:

M li Event Viewer, kho st li cc kt qu.
S dng cng c AD DS Database Mounting Tool

Ni dung bi lab:
- M t cc thng tin cho ti khon thanhnv trong OU IT:
Description: Nhn vin phng IT
Trang 595
Office: Bachkhoa-Npower
Telephone Number: 043625079.
- To snapshot(backup) cho cc thng tin ca AD DS.

- Xa ti khon thanhnv trong OU IT
- S dng LDP khi phc li ti khon thanhnv.
- Hin th li cc thng tin v user b delete.
M hnh lab:
Trang 596
S dng cng c AD DS Database Mounting Tool

Yu cu chun b:
- My server BKNP-DC08-01 c nng cp ln Domain Controller
Hng dn chi tit:
*To snapshot (backup) cho cc thng tin ca ADDS
Trong ca s Active Directory Users and Computers, chn OU IT, nhp chut phi user thanhnv, chn
Properties. Thm cc thng tin cho user ny nh sau:
Description: Nhn vin phng IT

Office: Bachkhoa-Npower
Telephone Number: 043625079.
Trang 597
- Chn Start, chn Command Prompt, chn Run as administrator.

- Ti Command prompt, ln lt nhp cc lnh sau:
Nhp ntdsutil, nhn phm ENTER.

Nhp snapshot, nhm phm ENTER.
Nhp tip activate instance ntds, nhn phm ENTER.
Nhp: create, nhn phm ENTER. Xut hin: Snapshot set {GUID} generated successfully.
Nhp: mount number, nhn phm ENTER. Number l GUID hin th trong cu lnh trc.
Nhp quit, nhn phm ENTER.
Nhp quit, nhn phm ENTER.
Trang 598
* Xa ti khon thanhnv trong OU IT

- Trong Active Directory Users and Computers, nhp chut phi vo user thanhnv, chn Delete, chn Yes.
*S dng LDP khi phc li thanhnv

- Ti Command Prompt, nhp thng tin di y, ENTER: Dsamain -dbpath <path to snapshot ntds.dit> ldapport 1000.
Trang 599
Ch : ng dn Snapshot ntds.dit file c hin th ti cu lnh mount. Nhng thm windows\ntds\

ntds.dit vo cui ng dn.
Xut hin: Active Directory Domain Services startup is complete.

Vn Dsamain.exe ch running. Khng ng command prompt.
Chn Start > chn Run, nhp LDP, chn OK.
Trn Menu chn Connection > Connect, chn OK
- Sau thc hin tip. Trn Menu chn Connection > Binb, chn OK
Trang 600
- Trn Menu, chn Options > Controls.

- Trong phn Load Predefined list, chn Return Deleted Objects, sau chn OK.
- Trn Menu, chn View > Tree, chn OK.
- Chn DC=bknpower,DC=vn, chn CN=Deleted Objects,DC=bknpower,DC=vn.

- Nhp chut phi CN=thanhnv, chn Modify.
- Trong phn Attribute, nhp isDeleted. Bn di, trong phn Operation, chn Delete, sau chn ENTER.
Trang 601
- Trong phn Attribute nhp li: distinguishedName.

- Trong phn Values nhp: CN=thanhnv,ou=IT,dc=bknpower,dc=vn.
- Bn di trong phn Operation, chn Replace, sau chn ENTER.
Trang 602

- Chn Extended, sau chn Run.
- Chn Close, v ng LDP.
- M Active Directory Users and Computers, Kim tra user thanhnv trong OU IT c Restored, nhng ti
khon ny b disabled.
*Xem cc thng tin m t ca ti khon thanhnv

Ch :ti khon thanhnv c khi phc li, nhng tt c cc thng tin m t cho user ny khng c khi
phc.
- Chn Start > chn Run, nhp LDP, chn OK.
- Trn Menu, chn Connection > Connect. Nhp cc thng tin sau, ri chn OK.
Trang 603
- Trn Menu Connection Bind, Chp nhn cc gi tri mc nh, chn OK.
- Trn Menu, chn View Tree. Nhp cc thng tin sau, chn OK.
- Chn OU IT, chn thanhnv. Trong ca s bn phi, xem li cc thng tin m t cho thanhnv
Trang 604
- ng LDP.exe.
- Trong ca s Command prompt, stop Dsamain.exe nhn CTRL+C.
- ng Command prompt.
Trang 605

Gim st Active Directory s dng Event Viewer
S dng tnh nng Event Viewer thc hin cc vn sau:
- Trn my BKNP-DC08-01 to Custom View:
To mt custom view vi tn: Directory Service theo di cc s kin trn Active Directory v DNS
Server cc ch : Critical, Warning, v Error.
Export custom view ny ra mt file: Active Directory.xml
- Trn my BKNP-SRV08-01thc hin Import file Active Directory.xml c chuyn sang t my BKNPDC08-01, theo di cc Event cu hnh trn my ny.
- To mt Subscription: Service Events, nhm chuyn cc event system (event c ID 7036) trn my BKNPDC08-01 sang my BKNP-SRV08-01.
S dng tnh nng Attach a Task to this Log trong Windows Log, gi mt email cho administrator khi xut
hin cc file log c ID 7036.
M hnh bi lab:
Trang 606

Yu cu chun b:
My BKNP-DC08-01 c nng cp ln Domain Controller.

My BKNP-SRV08-01 nng cp ln Additional Domain Controller: Bknpower.vn.
Trang 607

Hng dn chi tit:
*To mt custom view theo di cc dch v trn BKNP-DC08-01
- Trn my BKNP-DC08-01, ng nhp Administrator.
- Start > Administrative Tools > Event Viewer.
- Nhp chut phi Custom Views, chn Create Custom View.
Trang 608
- Trong ca s Create Custom View chn: Critical, Warning, v Error. Trong phn Event Logs >
Application and Services Logs, chn Directory Service v DNS Server, chn OK.
Trang 609
- Trong ca s Save Filter to Custom View nhp tn cho custom: Directory Service, sau chn OK.
Trang 610
- Export custom view ny ra file: Active Directory.xml: Nhp chut phi Directory Service, chn Export
Custom View.
Trang 611
- Trong ca s Save As lu ti th mc chia s Share trn D, nhp tn: Active Directory sau chn Save.
*Import custom view: Active Directory.xml
- ng nhp my BKNP-SRV08-01 vi quyn Administrator.
- Nhp chut phi Custom Views, chn Import Custom View.
Trang 612
- Trong ca s Import Custom View tr ti th mc chia s cha file Active Directory.xml, sau chn
Open.
- Trong ca s Import Custom View File chn OK.
Trang 613
*To mt Subscription nhm chuyn cc event system trn my BKNP-DC08-01 sang my BKNPSRV08-01
- Trn my BKNP-SRV08-01( my thu thp event), chn Start Command Prompt.
- Trong ca s command-prompt nhp lnh wecutil qc, ENTER, nhp y, ENTER.
- ng command prompt.
- Chyn sang my BKNP-DC08-01 (my cung cp event).
Trang 614

- Chn Start Command Prompt.
- Trong ca s command-prompt, nhp lnh winrm quickconfig, ENTER, nhp y, ENTER.
- To mt Subscription theo yu cu bi: Trn my BKNP-SRV08-01, khi ng Event Viewer, nhp
chut phi Subscriptions, chn Create Subscription.
Trang 615
- Trong ca s Subscription Properties, nhp tn Subscription: Theo doi DNS tu may DC08-01, chn
Collector Initiated, sau chn Select Computers.
Trang 616
- Trong ca s Computers chn Add Domain Computers

- Trong ca s Select Computers nhp BKNP-DC08-01, chn OK 2 ln.
Trang 617

- Chn Select Events, trong ca s Query Filter, chn Information. Chn tip Event Logs > Windows Logs.
Chn System. Trong phn Event ID nhp 7036, chn OK.
- Chn Advanced, chn Specific User, sau chn User and Password.
- Trong ca s Credentials for Subscriptions Source, ng nhp ti khon v mt khu ca Administrator,
chn OK.
Trang 618
- Chn Minimize Latency, sau chn OK 2 ln.
- Chn Yes ti ca s Event Viewer
Trang 619
- Chn Subscriptions m bo Service Events subscription c trng thi Active.
Trang 620

- Thc hin tip trn my BKNP-DC08-01.
- Chn Start Command Prompt. Trong ca s Command Prompt nhp:
Net Stop DNS, ENTER.

Net Start DNS, ENTER.
- Chuyn sang my BKNP-SRV08-01,

- Start > Administrative Tools > Event Viewer > Windows Logs > Forwarded Events.
Trang 621
- Kho st cc s kin trong ny.
Trang 622
*S dng tnh nng Attach a Task to this Log

- Thc hin trn my BKNP-SRV08-01.
- Start > Administrative Tools > Event Viewer > Windows Logs. Nhp chut phi chn Attach a Task to this
Event.
Trang 623
- Trong ca s Create a Basic Task chn Next.

- Trong ca s When a Specific Event is Logged chn Next.
- Trong ca s Action chn Display a Message, chn Next.
Trang 624
- Trong ca s Display a Message nhp cc thng s nh sau:
Trang 625
- Chn Next, sau chn Finish. Xut hin ca s Event Viewer, chn OK.
- Chuyn sang my BKNP-DC08-01, nhp li lnh stop v start DNS service.

- Quay li my BKNP-SRV08-01. xut hin thng bo.
Trang 626

S dng tnh nng Event Viewer thc hin cc vn sau:
- Trn my BKNP-DC08-01 to Custom View:
To mt custom view vi tn: Directory Service theo di cc s kin trn Active Directory v DNS
Server cc ch : Critical, Warning, v Error.
Export custom view ny ra mt file: Active Directory.xml
- Trn my BKNP-SRV08-01thc hin Import file Active Directory.xml c chuyn sang t my BKNPDC08-01, theo di cc Event cu hnh trn my ny.
- To mt Subscription: Service Events, nhm chuyn cc event system (event c ID 7036) trn my BKNPDC08-01 sang my BKNP-SRV08-01.
S dng tnh nng Attach a Task to this Log trong Windows Log, gi mt email cho administrator khi xut
hin cc file log c ID 7036.
M hnh bi lab:
Trang 627

Yu cu chun b:

My BKNP-SRV08-01 nng cp ln Additional Domain Controller: Bknpower.vn.
Trang 628

Hng dn chi tit:
*To mt custom view theo di cc dch v trn BKNP-DC08-01
- Trn my BKNP-DC08-01, ng nhp Administrator.
- Nhp chut phi Custom Views, chn Create Custom View.
Trang 629
- Trong ca s Create Custom View chn: Critical, Warning, v Error. Trong phn Event Logs >
Application and Services Logs, chn Directory Service v DNS Server, chn OK.
Trang 630
- Trong ca s Save Filter to Custom View nhp tn cho custom: Directory Service, sau chn OK.
Trang 631
- Export custom view ny ra file: Active Directory.xml: Nhp chut phi Directory Service, chn Export
Custom View.
Trang 632
- Trong ca s Save As lu ti th mc chia s Share trn D, nhp tn: Active Directory sau chn Save.
*Import custom view: Active Directory.xml
- ng nhp my BKNP-SRV08-01 vi quyn Administrator.
- Nhp chut phi Custom Views, chn Import Custom View.
Trang 633
- Trong ca s Import Custom View tr ti th mc chia s cha file Active Directory.xml, sau chn
Open.
- Trong ca s Import Custom View File chn OK.
Trang 634
*To mt Subscription nhm chuyn cc event system trn my BKNP-DC08-01 sang my BKNPSRV08-01
- Trn my BKNP-SRV08-01( my thu thp event), chn Start Command Prompt.
- Trong ca s command-prompt nhp lnh wecutil qc, ENTER, nhp y, ENTER.
- Chyn sang my BKNP-DC08-01 (my cung cp event).
Trang 635

- Chn Start Command Prompt.
- Trong ca s command-prompt, nhp lnh winrm quickconfig, ENTER, nhp y, ENTER.
- To mt Subscription theo yu cu bi: Trn my BKNP-SRV08-01, khi ng Event Viewer, nhp
chut phi Subscriptions, chn Create Subscription.
Trang 636
- Trong ca s Subscription Properties, nhp tn Subscription: Theo doi DNS tu may DC08-01, chn
Collector Initiated, sau chn Select Computers.
Trang 637
- Trong ca s Computers chn Add Domain Computers

- Trong ca s Select Computers nhp BKNP-DC08-01, chn OK 2 ln.
Trang 638

- Chn Select Events, trong ca s Query Filter, chn Information. Chn tip Event Logs > Windows Logs.
Chn System. Trong phn Event ID nhp 7036, chn OK.
- Chn Advanced, chn Specific User, sau chn User and Password.
- Trong ca s Credentials for Subscriptions Source, ng nhp ti khon v mt khu ca Administrator,
chn OK.
Trang 639
- Chn Minimize Latency, sau chn OK 2 ln.
- Chn Yes ti ca s Event Viewer
Trang 640
- Chn Subscriptions m bo Service Events subscription c trng thi Active.
Trang 641

- Thc hin tip trn my BKNP-DC08-01.
- Chn Start Command Prompt. Trong ca s Command Prompt nhp:
Net Stop DNS, ENTER.

Net Start DNS, ENTER.
- Chuyn sang my BKNP-SRV08-01,

- Start > Administrative Tools > Event Viewer > Windows Logs > Forwarded Events.
Trang 642
- Kho st cc s kin trong ny.
Trang 643
*S dng tnh nng Attach a Task to this Log

- Thc hin trn my BKNP-SRV08-01.
- Start > Administrative Tools > Event Viewer > Windows Logs. Nhp chut phi chn Attach a Task to this
Event.
Trang 644
- Trong ca s Create a Basic Task chn Next.

- Trong ca s When a Specific Event is Logged chn Next.
- Trong ca s Action chn Display a Message, chn Next.
Trang 645
- Trong ca s Display a Message nhp cc thng s nh sau:
Trang 646
- Chn Next, sau chn Finish. Xut hin ca s Event Viewer, chn OK.
- Chuyn sang my BKNP-DC08-01, nhp li lnh stop v start DNS service.

- Quay li my BKNP-SRV08-01. xut hin thng bo.
Trang 647
Ci t Active Directory Certificate Services (AD CS) bo mt Webserver

Ni dung chnh s c cp:
- S dng Active Directory Certificate Services (ADCS) bo mt WebServer.
Cc bc cn thc hin trong bi Lab:
- Ci t IIS.
- Hosting Web Site trn IIS.
- To bn ghi phn gii cho Web Site v kim tra truy cp thng qua giao thc HTTP.
- Cu hnh Secure Socket Layer (SSL) cho Web Site:
Ci Active Directory Certificate Services Role.

Xin SSL Certificate cho Web Server.
Kim tra.
M hnh Lab:
Trang 648
Ci t Active Directory Certificate Services (AD CS) bo mt Webserver

Yu cu chun b:

My BKNP-SRV08-01 dng ci t v cu hnh Web Server.
ng trn my BKNP-WRK-02 truy cp vo web site: .
Hngdn chi tit

*Cit Web Server (IIS) role:
Trang 649

- Chn menu Start > Administrative Tools > Server Manager. Chn Roles > Add Roles.
- Xut hin ca s Before You Begin, chn Next.
- Xut hin ca s Select Server Roles, nh du chn vo mc Web Server (IIS).
- Trong hp thoi Add Roles Wizard chn Add Required Features.
- Trong ca s Select Server Roles chn Next.
Trang 650
- Trong ca s Web Server (IIS) chn Next.
Trang 651
- Trong ca s Select Role Services chn Next.
Trang 652
- Trong ca s Confirm Installation Selections chn Install.
Trang 653
- Sau khi qu trnh ci t hon tt, chn Close.

- Trong ca s Server Manager, kim tra ci t thnh cng Web Server (IIS) role.
Trang 654
Cu hnh WSUS (Windows Server Update Services)

Microsoft Windows Server Update Services (WSUS) l gii php hu hiu cho cc doanh nghip s dng h
thng mng Windows trong vn cp nht h thng. Th tng tng mt h thng vi my tnh no cng
cp nht qua kt ni Internet th lng bng thng ng truyn b chim s nhiu ti nh no. WSUS a ra
Trang 655

gii php cho vn ny, WSUS Server s download cc bn cp nht cung cp li cho cc my trm. Bn
s khng cn phi lo lng v vn bng thng ng truyn na.
Cu hnh WSUS (Windows Server Update Services)

Ti my BKNP-DC08-01, m Active Directory Users and Computers v nhn phi chut trn my BKNPWRK-01 ( join vo min) chn Move
Trang 656
Move my BKNP-WRK-01 vo OU IT thuc OU HANOI
Trang 657
To mi chnh sch: Start > Programs > Administrative Tools > Group Policy Management.
Nhn phi chut ln OU IT chn Create a GPO in this domain, and Link it here
Trang 658
t tn cho GPO mi
Nhn phi chut vo WSUS chn Edit
Trang 659
t lch cp nht t ng: Computer Configuration > Administrative Template > Windows Component >
Windows Update.
Nhn phi chut vo Configure Automatic Update chn Properties, tick chn Enable v ty chn Auto
download and Schedule the install
Trang 660
Nhn phi chut vo Specify Intranet Microsoft update service location chn Enable v nhp a ch IP ca
WSUS Server
Trang 661
Nhn chut phi vo Automatic updates detection frequency, chn Enable v click OK
Trang 662
Thc hin cp nht policy bng command line thng qua lnh gpupdate /force
Trang 663

Ti my BKNP-SRV08-01 ci t dch v Web Server (IIS)
Nhn Next tip tc
Trang 664
Ti mn hnh Select Role Services la chn cc thnh phn cn thit ri nhn Next tip tc
Trang 665
Ci t WSUS Server
Chy tp tin cit WSUS Server, ti mn hnh ci t, nhn Next tip tc
Trang 666
La chn ch ci t Full Server Installation including Administration Console v nhn Next tip tc
Trang 667

La chn ng vi cc iu khon quy nh v nhn Next tip tc
Ti mn hnh Select Update Source, nhn Next tip tc
Trang 668
Ti mn hnh Database Option nhn Next tip tc
Trang 669
Nhn Next kt thc qu trnh ci t WSUS
Trang 670
Cu hnh WSUS
Ti mn hnh Before you begin, nhn Next tip tc
Trang 671
Ti mn hnh Join the Microsoft Update Improvement Program, nhn Next tip tc
Trang 672
Ti mn hnh Choose Upstream Server chn Synchronize from Microsoft Update v nhn Next
Trang 673
Ti mn hnh Specify Proxy Server, gi nguyn ty chn mc nh ri nhn Next tip tc
Trang 674
Ti mn hnh Connect to Upstream Server, nhn Start Connecting ri nhn Next tip tc
Trang 675
Ti mn hnh Choose Language, la chn ngn ng cp nht l ting anh
Trang 676
Ti mn hnh Choose Product, la chn i tng cp nht l Windows 7
Trang 677
Ti mn hnh Choose Classifications, chn Security Updates
Trang 678
Ti mn hnh Set sync schedule chn Synchronize Manually
Trang 679
Ti mn hnh Finished, gi nguyn ty chn ri nhn Finish.
Trang 680
Ti mn hnh Update Services, chn Updates > All Updates, chn Any Expect Declined trong trng
Approval v Any trong trng Status ri nhn Refresh
Chn Computer, nhn chut phi vo All computers chn Add Computer Group
Trang 681
Ti ca s Add Computer Group, nhp tn my client
Trang 682
Chn tt c cc bn v ri phi chut chn Approve
Trang 683
La chn Approved for Install
Trang 684
Ti my client, cp nht chnh sch bng lnh gpupdate /force sau chy lnh wuauclt.exe /detect now
Kim tra cp nht trn my Client
Trang 685
Ci t Server Core 2008

Server Core l mt gii php Windows Server vi giao din dng lnh, dnh cho cc h thng khng m bo
phn cng. Tt c cc tin trnh u s c thc hin qua dng lnh. Ngi s dng cng c th ci thm
GUI h tr cho h thng.
Cu hnh ti thiu:
CPU: PIV 3.0 GHz

RAM: 512 MB
HDD: 8GB
Trang 686
Khi ng t a DVD ci t Windows Server 2008
Chn cc thng s v ngn ng, nh dng ngy gi v bn phm.
Trang 687
Chn nt Install tin hnh ci t Windows Server 2008
Trang 688
B du tch Automatically activate Windows when Im online > chn Next.
Trang 689
Chn Windows Server 2008 Enterprise (Server Core Installation) > tch vo I have
selectedthe edition of Windows that I purchased > chn Next.
Trang 690
Chn ty chn chp nhn License ca Microsoft.
Trang 691
Chn kiu ci t
Trang 692
Chn Partition mun ci t Windows > chn Next.
Trang 693
Qu trnh sao chp cc file cn thit v ci t bt u
Trang 694
Sau khi ci t, bn cn Restart my, nhn nt Restart Now.
Trang 695
Sau khi ci t hon tt, h thng khi ng li my v yu cu to mt khu cho ngi qun tr
Administrator (theo quy tc kt hp k t, s, k t c bit, chiu di t nht 7 k t)
Trang 696
Nhp mt khu vo > chn OK.
Trang 697
Qu trnh login vo Windows server 2008
Trang 698
Qun tr Server Core 2008

Tip theo bi vit , bi vit ny s hng dn nng cp ln Domain Controller trn Server Core. Bn cnh ,
cng c RSAT s h tr qun tr vin tt hn trong vic qun tr my ch t xa.
1. To file ci t Domain Controller t ng.

nh lnh cd \ chuyn ra th mc gc
Trang 699
Ti th mc gc C:\> g: notepad
Ti ca s notepad, g ni dung bn di vo.

[DCINSTALL]
ReplicaOrNewDomain=Domain
TreeOrChild=Tree
CreateOrJoin=Create
Trang 700

NewDomainDNSName= bknpower.vn
DNSOnNetwork=yes
DomainNetbiosName=bknpower
AutoConfigDNS=yes
SiteName= Default_First_Site_Name
AllowAnonymousAccess=no
DatabasePath=%systemroot%\ntds
LogPath=%systemroot%\ntds
SYSVOLPath=%systemroot%\sysvol
SafeModeAdminPassword=123456a@
CriticalReplicationOnly=No
RebootOnSuccess=Yes
Chn File > chn Save as > g tn file cn lu > chn ng dn lu > OK
Trang 701
2. Thc hin nng cp Domain Controller.

G lnh: dcpromo /unattend:C:\dcpromo_unattend.txt
Qu trnh nng cp s t ng din ra, kt thc qu trnh, Server s t ng Restart, sau khi
Restart. Server ny tr thnh Domain Controller ca Domain bknpower.vn.
Thc hin Join my BKNP-SRV08-01 vo Domain: bknpower.vn
Click phi chut vo My Computer > chn Properties.
Trang 702
Chn Change Settings.
Trang 703
Nhn nt Change.
Trang 704
Chn Domain > Nhp tn Domain: bknpower.vn.
Trang 705
Nhp User Name: Administrator, Password: 123456a@ > chn OK
Cng vic Join Domain din ra thnh cng
Trang 706
Nhn OK chp nhn Restart my.
Nhn Close.
Trang 707
Nhn Restart Now.
Sau khi Restart, bn Log on v Domain Administrator (bknpower\Administrator) > My tnh

ny tr thnh mt Member Server ca Domain: bknpower.vn
Trang 708
3. Qun l Active Directory

Ci t cng c Remote Active Diretory Domain Controller.
Ca s Server Manager: Click phi chut vo Feature > chn Add Feature
Trang 709
Chn Active Diretory Domain Controller Tool > chn Next.
Trang 710
Nhn nt Install.
Trang 711
Qu trnh ci t din ra
Trang 712
Sau khi hon tt > nhn nt Close.
Trang 713
By gi c th Qun l Domain Controller t xa thng qua cng c Active Directory Users and
Computers.
Trang 714
Dng giao din Active Directory Users and Computers to mt User.
Trang 715
t tn User l: congdd v in thng tin y ca user congdd > chn Next
Trang 716

t Password: 123456a@ > chn Next.
Nhn Finish.
Trang 717

Kim tra: User congdd c to.
DNS Server Tools:

Start > Programs > Administrative Tools > Server Manager.
Ti ca s Server Manager, Click phi chut chn Feature > chn Add Feature.
Trang 718
Chn cng c DNS Server Tool > chn Next.
Trang 719
Nhn Install
Trang 720
Qu trnh ci t din ra
Trang 721
Sau khi hon tt > chn Close.
Trang 722
Qun l DNS bng cng c DNS Server Tool.
Trang 723
Chn The following computer, Nhp BKNP-DC08-02 (tn ca Server) > chn OK
Trang 724

By gi chng ta c th dng giao din DNS qun l DNS Server ca mnh t xa
Network Access Protection - NAP DHCP

Bi lab cu hnh Network Access Protection (NAP) a ra cc iu kin bo mt trong h thng DHCP sau
khi hon tt bi lab, h thng DHCP ca bn s p ng c cc nhu cu sau:
- Cc my client an ton s c DHCP Server cung cp y thng s TCP/IP
- Cc my client khng an ton s khng c DHCP Server cung cp Default Gateway
I. M hnh
Trang 725
II. Chun b
- My Server (BKNP-DC08-01): Windows Server 2008 nng cp Domain Controller
- My Client (BKNP-WRK-01): Windows 7 join vo domain
III. Hng dn chi tit
Bi lab bao gm cc bc:
1.
2.
3.
4.
5.
6.
7.
8.
Ci t v cu hnh DHCP server

Ci t Network Policy and Access Service
Cu hnh NAP health policy server
Cu hnh NAP enforcement trn DHCP Server
Trin khai GPO cu hnh NAP client
Cu hnh my Client nhn IP t DHCP
Cu hnh System Health validator
My Client kim tra kt qu
Bt u lab
Trang 726

1. Ci t v cu hnh DHCP server.
- Ti my Server, log on Domain Administrator password 123456a@
- M Server Manager t Administrative Tools, right click Roles, chn Add Roles
- Trong ca s Before You Begin, chn Next
Trang 727
- Trong ca s Select Server Roles, nh du chn vo DHCP Server, chn Next
Trang 728
- Trong ca s DHCP Server, chn Next
Trang 729
- Trong ca s Select Network Connection Bindings, kim tra c nh du chn vo a ch IP hin thi ca
my Server, chn Next
Trang 730
- Trong ca s Specify IPv4 DNS Server Settings, nguyn cu hnh mc nh, chn Next
Trang 731
- Trong ca s Specify IPv4 WINS Server Settings, chn WINS is not required for applications on this
network, chn Next
Trang 732
- Trong ca s Add or Edit DHCP Scopes, chn Add
Trang 733
- Trong ca s Add Scope, cu hnh thng s TCP/IP nh trong hnh, chn OK
Trang 734
- Trong ca s Add or Edit DHCP Scopes, chn Next
Trang 735
- Trong ca s Configure DHCPv6 Stateless Mode, chn Disable DHCP stateless mode for this server,
chn Next
Trang 736
- Trong ca s Authorize DHC Server, gi cu hnh mc nh, chn Next
Trang 737
- Trong ca s Confirm Installation Selections, chn Install
Trang 738
Trang 739
- Trong ca s Installation Results, chn Close
Trang 740
- M DHCP t Administrative Tools, kim tra ci t v cu hnh thnh cng DHCP Server
Trang 741
Network Access Protection - NAP DHCP (Tip)

2. Ci t Network Policy and Access Service.
- M Server Manager t Administrative Tools, right click Roles chn Add Roles.
Trang 742
- Trong ca s Before You Begin, chn Next
Trang 743
- Trong ca s Select Server Roles, nh du chn vo Network Policy and Access Services, chn Next
Trang 744
- Trong ca s Network Policy and Access Services, chn Next
Trang 745
- Trong ca s Select Role Services, nh du chn vo Network Policy Server, chn Next
Trang 746
Trang 747
Trang 748

3. Cu hnh NAP health policy server
- Trn my Server, m Network Policy Server t Administrative Tools, bung Network Access Protection,
chn System Health Validators, Chn Settings -right click Default Configuration chn Properties
Trang 749
- Trong ca s Windows Security Health Validators chn Windows 7/Windows Vista

- Trong ca s Windows Security Health Validators, b tt c cc chn, tr A firewall is enable for all
network connections, chn OK
Trang 750
- Trong ca s Network Access Policy, bung Network Access Protection, right click Remediation Server
Groups chn New
Trang 751
- Trong ca s New Remediation Server Group, nhp Rem1 vo Group Name, chn Add
Trang 752
- Trong ca s Add New Server, nhp IP ca my Server (192.168.1.2) vo IP address or DNS name, chn
Resolve, chn OK
Trang 753

- Trong ca s Network Policy Server, bung Policies, right click Health Policies chn New
- Trong ca s Create New Health Policy, nhp Compliant vo Policy name, trong Client SHV checks
chn Client passes all SHV checks, kim tra c nh du chn Windows Security Health Validator, chn
OK
Trang 754
- Trong ca s Create New Health Policy, nhp Compliant vo Policy name, trong Client SHV checks
chn Client passes all SHV checks, kim tra c nh du chn Windows Security Health Validator, chn
OK'
Trang 755
- Kim tra to thnh cng 2 Health Policies: Complient v NonComplient
Trang 756
- Trong ca s Network Policy Server, bung Policies, vo Network Policies, ln lt disable 2 policy ang c
Trang 757
Trang 758
- Right click Network Policies chn New
Trang 759
- Trong ca s Specify Network Policy Name and Connection Type, nhp Complian Full-Access vo
Policy name, chn Next
Trang 760
- Trong ca s Specify Conditions, chn Add
Trang 761
- Trong ca s Select condition, chn mc Health Policies, chn Add
Trang 762
- Trong ca s Health Policies, bung Health policies chn Compliant, chn OK
- Trong ca s Specify Conditions, chn Next
Trang 763
- Trong ca s Specify Access Permission, chn Access granted, chn Next
Trang 764
- Trong ca s Configure Authentication Methods, b trng cc chn, ch nh du chn vo Perform

machine health check only, chn Next
Trang 765
- Trong ca s Configure Constraints, gi cu hnh mc nh, chn Next
Trang 766
- Trong ca s Configure Settings, chn mc NAP Enforcement, kim tra m bo ang chn Allow full
network access, chn Next
Trang 767
- Trong ca s Completing New Network Policy, chn Finish
Trang 768
- Right click Network Policies chn New
Trang 769
- Trong ca s Specify Network Policy Name and Connection Type, nhp NonCompliant Restricted vo
Trang 770
- Trong ca s Specify Conditions, chn Add
Trang 771
- Trong ca s Select condition, chn mc Health Policies, chn Add
Trang 772
- Trong ca s Health Policies, bung Health policies chn NonCompliant, chn OK
Trang 773
Trang 774
- Trong ca s Configure Authentication Methods, b trng cc chn, ch nh du chn vo Perform

machine health check only, chn Next
Trang 775
- Trong ca s Configure Constraints, gi cu hnh mc nh, chn Next
Trang 776
- Trong ca s Configure Settings, chn mc NAP Enforcement, chn Allow limited access, nh du chn
Enable auto-remediation of client computers, chn Next
Trang 777
- Trong ca s Completing New Network Policy, chn Finish
Trang 778
- Kim tra to thnh cng 2 Network Policies
Trang 779

4. Cu hnh NAP enforcement trn DHCP Server.
- M DHCP t Administrative Tools, bung bknp-dc08-01.bachkhoa-npower.vn, bung IPv4, right click
Scope [192.168.1.0] NAP Scope chn Properties
Trang 780
- Trong ca s NAP Scope Properties, vo tab Network Access Protection, chn Enable for this scope,
chn Use default Network Access Protection profile, chn OK
Trang 781
- Trong ca s DHCP, bung bknp-dc08-01.bachkhoa-npower.vn, bung IPv4, bung Scope [192.168.1.0]

NAP Scope, right click Scope Options chn Configure Option
Trang 782
- Trong ca s Scope Option, vo tab Advanced, trong Vendor Class chn DHCP Standard Option, trong
User Class chn Default User Class, nh du chn 015 DNS Server Name, nhp bachkhoa-npower.vn
vo String value, chn OK
Trang 783
- Tng t, right click Scope Option, chn Configure Option.
Trang 784
- Trong ca s Scope Option, vo tab Advanced, trong Vendor Class chn DHCP Standard Option, trong
User Class chn Default Network Access Protection Class, nh du chn 006 DNS Server, nhp
192.168.1.2 vo IP address, chn Add
Trang 785
- nh du chn 015 DNS Server Name, nhp restricted.bachkhoa-npower.vn vo String value, chn OK
Trang 786
- Kim tra cu hnh thnh cng cc DHCP Option
Trang 787

5. Trin khai GPO cu hnh NAP client.
- M Active Directory Users and Computers t Administrative Tools, right click bachkhoa-npower.vn chn
New, chn Organizational Unit
Trang 788
- Trong ca s New Object Organizational Unit, t tn cho OU l NAP Clients, chn OK
Trang 789
- Vo container Computer, move my computer account ca my Client vo OU NAP Clients
Trang 790
- Kim tra computer account ca my Client c move vo OU NAP Client
Trang 791
- M Group Policy Management t Administrative Tools, bung Forest:bachkhoa-npower.vn, bung

Domains, bung bachkhoa-npower.vn, right click OU NAP Clients, chn Create a GPO in this domain,
and link it here
Trang 792
- Trong ca s New GPO, nhp NAP Policy vo Name, trong Source Starter GPO chn (none), chn
OK
- Bung OU NAP Clients, right click NAP Policy chn Edit
Trang 793
- Trong ca s Group Policy Management Editor, vo ng dn Computer

Configuration\Administrative Template\Windows Components\Security Center, right click Turn on
Security Center (Domain PCs only), chn Properties
Trang 794
- Trong ca s Turn on Security Center (Domain PCs only) Properties, chn Enable, chn OK
Trang 795
- Trong ca s Group Policy Management Editor, vo ng dn Computer Configuration\Windows

Settings\Security Settings\Network Access Protection\NAP Client Configuration\Enforcement Clients,
right click DHCP Quarantine Enforcement Client, chn Enable
Trang 796
- Trong ca s Group Policy Management Editor, vo ng dn Computer Configuration\Windows

Settings\Security Settings\System Services, right click Network Access Protection Agent, chn Properties
Trang 797
- Trong ca s Network Access Protection Agent Properties, nh du chn Define this policy setting, chn
Automatic, chn OK
Trang 798
- M command line, g lnh gpupdate /force
Trang 799

6. Cu hnh my Client nhn IP t DHCP
- Restart my Client
- Log on BACHKHOA-NPOWER\administrator password 123456a@
- Trong Control Panel, m Windows Firewall, kim tra my Client c bt Windows Firewall
- Trong Control Panel, m Network and Sharing Center
- Trong ca s Network and Sharing Center, chn Change adapter settings
Trang 800
- Trong ca s Network Connections, right click Local Area Connection chn Properties
Trang 801
- Trong ca s Local Area Connection Properties, b du chn Internet Protocol Vertion 6 (TCP/IPv6).
Chn Internet Protocol Vertion 4 (TCP/IPv4), chn Properties
Trang 802
- Trong ca s Internet Protocol Vertion 4 (TCP/IPv4) Properties, chn Obtain an IP address

automatically, chn Obtain DNS server address automatically, chn OK
Trang 803
- M command line, g lnh ipconfig /all, kim tra my Client c DHCP server cung cp y thng s
TCP/IP
- Kim tra Connection- specific DNS Suffix l bachkhoa-npower.vn
- Kim tra Quarantine State l Not Restricted
Ch thch: My client c bt Windows Firewall nn iu kin nhn c cc thng s TCP/IP (k c
Default Gateway) t DHCP server cung cp
Trang 804

7. Cu hnh System Health validator
- Ti my Server, logon BACHKHOA-NPOWER\administrator password 123456a@
- M Network Policy Server t Administrative Tools, bung Network Access Protection, chn System
Health Vatidators, right click Settings chn Properties
Trang 805
- Trong ca s Windows Security Health Validator Properties, nh du chn An antivirus application is

on, chn OK
Trang 806

8. My Client kim tra kt qu
- M my Client, Log on BACHKHOA-NPOWER\administrator password 123456a@
- M Control Panel
Trang 807
- Trong Control Panel, m Windows Firewall, chn Windows Firewall on or off
Trang 808
- firewall b tt ht
Trang 809
M command line g ln lt cc lnh:

ipconfig /release
ipconfig /renew
ipconfig /all
- Kim tra my Client khng uc cp Default Gateway
- Kim tra Connection- specific DNS Suffix l restricted.nhatnghe.com
- Kim tra Quarantine State l Restricted
Ch thch: My client khng c ci chng trnh Antivirus nn khng c DHCP server cung cp Default
Gateway
Trang 810
Network Access Protection - NAP VPN

- bi lab , chng ta cu hnh NAP DHCP khi my Client khng bt chc nng Firewall hay anti-virus
thkhng c DHCP Server cung cp Default Gateway.
- bi ny chng ta Trin khai NAP bo mt cho h thng VPN, sau khi hon tt bi lab h thng VPN ca
bn s p ng c cc nhu cu sau: - My VPN Client no khng bt Windows Firewall, khi kt ni VPN
thnh cng s t ng bt Windows Firewall
- My VPN Client khng c ci chng trnh Anti-Virus, khi kt ni VPN thnh cng ch c php lin lc
vi 1 vi my trong h thng ni b.
I. M hnh.
Trang 811
II. Chun b
Bi lab bao gm 3 my:
- My server (BKNP-DC08-01): Windows Server 2008 nng cp Domain Controller
- My Server (BKNP-SRV08-01): Windows Server 2008 Join domain
- My VPN Client (BKNP-WIN7-01): Windows 7 (Khng cn join domain)
- Trn my server (BKNP-DC08-01) to user bknp password 123456a@, v cp quyn Remote Access
Permission
III. Hng dn chi tit
Bi lab bao gm cc bc:
1.
2.
3.
4.
5.
6.
7.
8.
Ci Enterprise root CA
Xin Computer Certificate cho Server
Ci t Network Policy and Access Service
Cu hnh Network Policy Server (NPS)
Cu hnh VPN
Cu hnh Windows Firewall
Cu hnh Trusted Root CA
Cu hnh NAP Client
Trang 812

9. To VPN Connection
10. Client kim tra kt ni VPN
11. Cu hnh System Health Validators
12. Client kim tra kt ni VPN
IV. Thc hin

1. Ci Enterprise root CA trn my DC
- Ti my DC, log on BACHKHOA-NPOWER\Administrator password 123456a@ - M Server Manager
t Administrative Tools, chut phi Roles chn Add Role
- Trong hp thoi Before You Begin chn Next

- Hp thoi Select Server Roles, nh du chn Active Directory Certificate Service, chn Next
Trang 813
- Hp thoi Introduction to Active Directory Certificate Services chn Next
Trang 814
- Hp thoi Seclect Role Services, nh du chn Certification Authority Web Enrollment
Trang 815
- Trong hp thoi Add Roles Wizard, chn Required Role Services
Trang 816
- Hp thoi Seclect Role Services, nh du chn Online Responder, chn Next
Trang 817
- Hp thoi Specify Setup Type, chn Enterprise, chn Next
Trang 818
- Trong hp thoi Specify CA Type, chn Root CA, chn Next
Trang 819
- Trong hp thoi Set Up Private Key, chn Create a new private key, chn Next
Trang 820
- Trong hp thoi Configure Cryptography for CA, gi cu hnh mc nh, chn Next
Trang 821
- Trong ca s Configure CA Name, nhp BACHKHOA-NPOWER.VN vo Common name for this CA,
chn Next
Trang 822
- Trong hp thoi Set Validity Period, gi cu hnh mc nh, chn Next
Trang 823
- Trong hp thoi Configure Certificate Database, gi cu hnh mc nh, chn Next
Trang 824
- Trong hp thoi Web Server (IIS), chn Next
Trang 825
- Trong hp thoi Select Role Services, gi cu hnh mc nh, chn Next
Trang 826
- Trong hp thoi Confirm Installation Selections, chn Install
Trang 827
Trang 828
- Trong hp thoi Installation Results, kim tra qu trnh ci t thnh cng, chn Close
Trang 829
- M Certification Authority t Administrative Tools, bung BACHKHOA-NPOWER.VN, Chut phi

Certificate Templates chn Manage
Trang 830
- Trong ca s Certificate Templates Console, chut phi certificate Computer chn Properties
Trang 831
- Vo tab Security, cho group Authenticated Users quyn Enroll, chn OK
Trang 832
Network Access Protection - NAP VPN (Tip)

2. Xin Computer Certificate cho Server
- Restart my Server ( my Server t ng add Trusted Root CA) - Ti my Server, logon
MSOpenLab\Administrator
- Vo Start -> Run, g lnh mmc, chn OK
- Trong ca s Console1, vo File, chn Add/Remove Snap-in Chn Certificates, chn Add
Trang 833
- Hp thoi Certificates snap-in, chn Computer Account, Next
Trang 834
- Hp thoi Seclect Computer, chn Local Computer, Finish
Trang 835

- Trong ca s Console1, bung Certificates, chut phi Personal chn All Tasks, chn Request New
Certificate..
- Trong hp thoi Before You Begin, chn Next
Trang 836
- Trong hp thoi Request Certificates, nh du chn Computer, chn Enroll

- Hp thoi Certificate Installation Results, chn Finish
Trang 837
- Trong ca s Console1, kim tra xin thnh cng certificate cho my Server
Trang 838

3. Ci t Network Policy and Access Service.
- Ti my Server, logon BACHKHOA-NPOWER\Administrator, password 123456a@ - M Server
Manager t Administrative Tools, chut phi Roles chn Add Roles
Trang 839
- Trong hp thoi Before You Begin, chn Next
Trang 840
- Trong hp thoi Select Server Roles, nh du chn vo Network Policy and Access Services, chn Next
Trang 841
- Trong hp thoi Network Policy and Access Services, chn Next
Trang 842
- Trong ca s Select Role Services, nh du chn vo Network Policy Server v Routing and Remote
Access Services , chn Next
Trang 843
Trang 844
Trang 845
Trang 846

4. Cu hnh Network Policy Server (NPS)
- Trn my Server (BKNP-SRV08-01), m Network Policy Server t Administrative Tools, bung Network
Access Protection, chn System Health Validators, right click Windows Security Health Validators chn
Properties.
Trang 847
- Trong hp thoi Windows Security Health Validators Properties, chn Configure
Trang 848
- Trong hp thoi Windows Security Health Validators, b tt c cc chn, tr A firewall is enable for
all network connections, chn OK 2 ln
Trang 849
- Trong hp thoi Network Policy Server, bung Policies, right click Health Policies chn New
Trang 850
- Trong hp thoi Create New Health Policy, nhp Compliant vo Policy name, trong Client SHV
checks chn Client passes all SHV checks, nh du chn Windows Security Health Validator, chn OK
Trang 851
- Trong hp thoi Network Policy Server, bung Policies, right click Health Policies chn New
Trang 852
- Trong hp thoi Create New Health Policy, nhp NonCompliant vo Policy name, trong Client SHV
checks chn Client fails one or more SHV checks, nh du chn Windows Security Health Validator,
chn OK
Trang 853
- Kim tra to thnh cng 2 Health Policies: Compliant v NonCompliant
Trang 854
- Trong hp thoi Network Policy Server, bung Policies, vo Network Policies, ln lt disable 2 policy ang
c
Trang 855
- Chut phi Network Policies chn New
Trang 856
- Trong hp thoi Specify Network Policy Name and Connection Type, nhp Complian Full Access vo
Trang 857
- Hp thoi Specify Conditions, chn Add
Trang 858
- Trong hp thoi Select condition, chn mc Health Policies, chn Add
Trang 859
- Hp thoi Health Policies, bung Health policies chn Compliant, chn OK
- Hp thoi Specify Conditions, chn Next
Trang 860
- Trong hp thoi Specify Access Permission, chn Access granted, chn Next
Trang 861
- Trong hp thoi Configure Authentication Methods, gi nguyn cu hnh mc nh, chn Next
Trang 862
- Hp thoi Configure Constraints, gi cu hnh mc nh, chn Next
Trang 863
- Hp thoi Configure Settings, chn mc NAP Enforcement, kim tra m bo ang chn Allow full
network access, chn Next
Trang 864
- Hp thoi Completing New Network Policy, chn Finish
Trang 865
- Chut phi Network Policies chn New
Trang 866
- Trong hp thoi Specify Network Policy Name and Connection Type, nhp NonCompliant Restricted vo
Trang 867
- Trong hp thoi Specify Conditions, chn Add
Trang 868
- Hp thoi Select condition, chn mc Health Policies, chn Add
Trang 869
- Hp thoi Health Policies, bung Health policies chn NonCompliant, chn OK
Trang 870
Trang 871
- Trong ca s Configure Authentication Methods, gi cu hnh mc nh, chn Next
Trang 872
- Trong hp thoi Configure Constraints, gi cu hnh mc nh, chn Next
Trang 873
- Trong hp thoi Configure Settings, chn mc NAP Enforcement, chn Allow limited access, nh du
chn Enable auto-remediation of client computers, chn Next
Trang 874
- Trong ca s Configure Settings, chn mc IP Filters, trong phn IPv4 chn Input Filters
Trang 875
- Hp thoi Inbound Filter, chn New
Trang 876
- Hp thoi Add IP Filter, nh du chn Destination network - IP Address: 192.168.1.2 (a ch ca my

DC)
- Subnet mask: 255.255.255.255
- Protocol: Any
- Chn OK
Trang 877
- Trong hp thoi Inbound Filters, chn Permit only the packetd listed below, chn OK
- Trong ca s Configure Settings, mc IP Filters, trong phn IPv4 chn Outbound Filters
Trang 878
- Trong hp thoi Outbound Filters, chn New

- Hp thoi Add IP Filter, nh du chn Source network
- IP Address: 172.16.1.2 (a ch ca my DC)
- Subnet mask: 255.255.255.255
- Protocol: Any
- Chn OK
Trang 879
- Trong hp thoi Outbound Filters, chn Permit only the packetd listed below, chn OK
Trang 880

- Hp thoi Configure Settings, chn Next
- Trong hp thoi Completing New Network Policy, chn Finish
Trang 881
- Kim tra to thnh cng 2 Network Policies
Trang 882
- Trong hp thoi Network Policy Server, bung Policies, vo Connection Request Policies, Chut phi Use
Windows authentication for all users chn Disable
Trang 883
- Trong hp thoi Network Policy Server, vo Policies, chut phi Connection Request Policies chn New
Trang 884
- Trong hp thoi Specify Connection Request Policy Name and Connection Type, nhp VPN Connection
vo Policy name, trong mc Type of naetwork access server, chn Remote Access Server (VPN-Dial up),
chn Next
Trang 885
- Hp thoi Specify Conditions, chn Add
Trang 886
- Trong hp thoi Select conditions, chn Tunnel Type, chn Add
Trang 887
- Hp thoi Tunnel Type, nh du chn vo 2 : Layer Two Tunneling Protocol (L2TP) v Point-to-Point
Tunneling Protocol (PPTP), chn OK
- Trong hp thoi Specify Conditions, chn Next
Trang 888
- Hp thoi Specify Connection Request Forwarding, gi cu hnh mc nh, chn Next
Trang 889
- Hp thoi Specify Authentication Methods, chn Add
Trang 890
- Hp thoi Add EAP, chn Microsoft: Protected EAP (PEAP), chn OK
Trang 891
- Hp thoi Specify Authentication Methods, chn Add
Trang 892
- Hp thoi Add EAP, chn Microsoft: Secured password (EAP-MSCHAP v2), chn OK
Trang 893
- Hp thoi Specify Authentication Methods, chn Microsoft: Protected EAP (PEAP), chn Edit
Trang 894
- Trong hp thoi Configure Protected EAP Properties, nh du chn vo 2 : Enable Fast Reconnect v
Enable Quarantine checks, chn OK
Trang 895
- Hp thoi Specify Authentication Methods, chn Next
Trang 896
- Hp thoi Configure Settings, gi cu hnh mc nh, chn Next
Trang 897
- Trong hp thoi Completing Connection Request Policy Wizard, chn Finish
Trang 898
- Trong ca s Network Policy Server, kim tra to thnh cng VPN Connections
Trang 899

5. Cu hnh VPN
- Ti my Server (BKNP-SRV08-01), m Routing and Remote Access Services t Administrative Tools,
chut phi BKNP-SRV08-01, chn Configure and Enable Routing and Remote Access
Trang 900
- Trong hp thoi Welcome to Routing and Remote Access Server Setup Wizard, chn Next
Trang 901
- Hp thoi Configuration, chn Custom Configuration, chn Next
Trang 902
- Hp thoi Custom Configuration, nh du chn VPN access v LAN Routing, chn Next
Trang 903
- Trong hp thoi Completing the Routing ang Remote Access Server Setup Wizard chn Finish
Trang 904
- Hp thoi Routing and Remote Access, chn OK, chn Start service
- Trong ca s Routing and Remote Access, chut phi BKNP-SRV08-01, chn Properties
Trang 905
- Trong hp thoi BKNP-SRV08-01 Properties, vo tab IPv4, chn Static address pool, chn Add
Trang 906
- Hp thoi New IPv4 Address Range nhp:

Start IP address: 192.168.1.10
End IP address: 192.168.1.254
Chn OK 2 ln.
Trang 907

- M Network Policy Server t Administrative Tools, bung Polices, vo Connection Request Policies,
chut phi Microsoft Routing ang Remote Access Service Policy, chn Disable

6. Cu hnh Windows Firewall (Cho php c Ping my Server)
- Ti my Server (BKNP-SRV08-01), m Windows Firewall with Advanced Security t Administrative
Tools, chut phi Inbound Rules, chn New Rule
Trang 908
- Trong hp thoi Rule Type, chn Custom, chn Next
Trang 909
- Hp thoi Program, chn All Programs, chn Next
Trang 910
- Hp thoi Protocol and Ports, bung mc Protocol type chn ICMPv4, chn Next
Trang 911
- Hp thoi Scope, gi cu hnh mc nh, chn Next
Trang 912
- Hp thoi Action, chn Allow the connection, chn Next
Trang 913
- Hp thoi Profile, gi cu hnh mc nh, chn Next
Trang 914
- Hp thoi Name, nhp tn ICMPv4 echo request vo Name, chn Finish
Trang 915
- Tt ca s Windows Firewall with Advanced Security
Trang 916

7. Cu hnh Trusted Root CA
- Ti my Server, m Internet Explorer, truy cp vo a ch (my BKNP-DC08-01). Trong ca s
Welcome, chn Download a CA certificate , certificate chain, or CRL
Trang 917
- Trong ca s Download a CA certificate , certificate chain, or CRL, chn Download CA certificate
Trang 918
- Hp thoi File Download, chn Save, save file certnew.cer vo a C
Trang 919
- Copy file certnew.cer qua a C: ca my VPN Client (Trong bi lab ny s dng cng USB copy file
certnew.cer qua my VPN Client)
Trang 920
- Ti my VPN Client(BKNP-WIN7-01), vo Start\Run, g mmc, chn OK
- Trong ca s Console1, vo File chn Add/Remove Snap-in
Trang 921
- Hp thoi Add/Remove Snap-in, chn Certificate, chn Add, OK
Trang 922
- Hp thoi Certificate snap-in, chn Computer Account, chn Next
Trang 923
- Hp thoi Seclect Computer, chn Local Computer, chn Finish
Trang 924

- Hp thoi Add/Remove Snap-in, chn OK
- Trong ca s Console1, bung Certificates, bung Trusted Root Certification Authorities, chut phi
Certificates, chn All Task, chn Import
Trang 925
- Trong hp thoi Welcome to the Certificate Import Wizard, chn Next
Trang 926
- Hp thoi File to Import, chn Browse tr ng dn n C:\certnew.cer, chn Next
Trang 927
- Hp thoi Certificate Store, chn Next, Finish
Trang 928
- Hp thoi "Completing the Certificate Import Wizard" chn Finish
Trang 929
- Trong ca s Console1, kim tra c certificate BACHKHOA-NPOWER.VN trong Trusted Root

Certification Authorities. Tt ca s Console1
Trang 930

8. Cu hnh NAP Client.
Ti my VPN Client (BKNP-WIN7-01), vo Start\Run g gpedit.msc, chn OK
- Trong ca s Group Policy Object Editor, vo ng dn Computer Configuration\Administrative
Template\Windows Components\Security Center, right click Turn on Security Center (Domain PCs
only), chn Edit
Trang 931
- Trong hp thoi Turn on Security Center (Domain PCs only) Properties, chn Enable, chn OK, tt ca
s Group Policy Object Editor
Trang 932
- M Command line, g lnh gpupdate /force
Trang 933
- Vo Start > Run g mmc, chn OK

- Trong ca s Console1, vo File, chn Add/Remove Snap-in
Trang 934
- Trong hp thoi Add or Remove Snap-ins, chn NAP Client Configuration, chn Add, chn OK
Trang 935
- Hp thoi NAP Client Configuration, chn Local computer, chn OK 2 ln
Trang 936
Trang 937
- Trong ca s Console1, bung NAP Client Configuration, vo Enforcement Clients, chut phi EAP
Quarantine Enforcement Client chn Enable. Tt ca s Console1.
Trang 938
- Vo Start\Run, g services.msc, chn OK

- Trong ca s Services, chut phi Network Access Protection Agent, chn Properties
Trang 939
- Trong hp thoi Network Access Protection Agent Properties, bung Startup type chn Automatic, chn
Start, chn OK
Trang 940

9. To VPN Connection.
- Ti my VPN Client, m Network and Sharing Center t Control Panel
Trang 941
- Trong ca s Network and Sharing Center, chn Change adapter settings
Trang 942
- Trong hp thoi Choose a connection option, chn Connect to a workplace, chn Next
Trang 943
- Hp thoi How do you want to connect, chn Use my Internet connection (VPN)
Trang 944
- Hp thoi Do you want to set up an Internet connection before continuing, chn Ill set up Internet
connection later
Trang 945
- Hp thoi Type the Internet address to connect to, nhp a ch mt ngoi ca my Server (131.107.1.1)
vo Internet address, chn Next
Trang 946
- Hp thoi Type your user name and password, nhp thng tin nh trong hnh, chn Create
Trang 947
- Hp thoi The connection is ready to use, chn Close
Trang 948
- Trong ca s Network ang Sharing Center, chn Change adapter settings
Trang 949
- Chut phi VPN Connection, chn Properties
Trang 950
- Trong hp thoi VPN Connection Properties, vo tab Security, chn User Extensible Authentication
Protocol (EAP), chn Microsoft: Protected EAP (PEAP)(encryption enabled), v chn Properties
Trang 951
- Hp thoi Protected EAP Properties, b du chn Connect to these servers, b du chn Enable Fast
Reconnect, nh du chn vo Enforce Network Access Protection, chn OK 3 ln
Trang 952
Trang 953
Ln sa cui bi congdd, ngy 02-02-2012 lc 09:16 AM.

10. Client kim tra kt ni VPN.
- M Windows Firewall t Control Panel, chn Turn Windows Firewall on or of
Trang 954
- Trong hp thoi Customize settings for each type of network, chn Turn off Windows Firewall , chn
OK
Trang 955
Lu : Tt Windows Firewall ca my VPN client gi lp my VPN Client khng iu kin bo mt

- M Network and Sharing Center t Control Panel, chn Change adapter settings
- Chut phi NAP VPN Connection chn Connect
Trang 956
- Trong hp thoi Connect VPN Connection, chn Connect
Trang 957
- Trong hp thoi Windows Security Alert, chn Connect
- Qu trnh kt ni din ra
Trang 958
- Qu trnh kt ni thnh cng
- Sau khi kt ni thnh cng, m Command Line, g lnh ipconfig /all, kim tra VPN Client nhn c IP
do VPN Server cung cp, trong System Quarantine State bo Not Restricted
Trang 959
- Ping my ti my BKNP-DC08-01 v my BKNP-SRV08-01, kim tra ping c c 2 my.

- M Windows Firewall t Control Panel, kim tra Windows Firewall t ng c Enable
Trang 960
Trin Khai Fine-Grained Password Policies trong Windows Server 2008

I) Gii Thiu:
Nh cc bn bit trong Windows Server 2003, khi cc bn dng Password Policy hay Account Lockout
Policy th tt c cc user trong ton h thng domain u b nh hng. Gi s cng ty bn c nhu cu mun p
password policy ch cho ring 1 user hay 1 group no , th bn s lm nh th no.
Tnh nng Fine-Grained Password Policies trong Windows Server 2008 s gp bn lm iu . Hm nay,
nhc s hng dn cc bn tng bc lm Fine-Grained Password Policies.
Bi lab gm nhng bc sau y:
- Chnh Password n gin
- To user v group
- To 1 PSO
- p PSO ln user hoc group (khng p PSO trc tip ln OU)
II) Chun b:
- 1 my Windows Server 2008 (BKNP-DC08-01) nng cp ln Domain:bachkhoa-npower.vn
Trang 961

III) Thc hin:
1) Chnh Password n gin v Account Logon locally:
- Vo Start -->Program -->Administrative Tools, chn Server Manager
- Sau , bn click phi Default Domain Policy, chn Edit
Trang 962
- M Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policies
Trang 963
- Bn sa li 2 gi tr sau y:
+ Minimum Password Length: 0
Trang 964
+ Password must meet complexity requirements: Disabled
Trang 965
- Tip theo, bn click phi Default Domain Controller Policy, chn Edit
Trang 966
- phn User Right Assignment, bn chn Allow Logon Locally v add thm group Users
Trang 967
Trang 968
- V vo Start-->Run, g: gpupdate /force

2) To User v group
+ To 2 user: congdd v hoavq
- Vo Server Manager, Roles\Active Directory Domain Services\ Active Directory Users and Computers, click
phi Users, chn New --> User
Trang 969
- Ln lt in cc thng tin v user. V d: user congdd, password:123
Trang 970
- Tng t nh vy, bn to thm user hoavq
Trang 971

+ To 2 group: sep v nhanvien
- Click phi Users, chn New --> Group
- t tn group l sep v chn Global Security Group
Trang 972
- Click phi group sep, chn Properties
Trang 973
- Chn th Members, add user Teo vo group sep
Trang 974
- Tng t, bn to group Nhanvien, v add user congdd vo group Nhanvien

3) To PSO (Password Settings Object)
PSO cha tt c cc thuc tnh v Password Policy v sau bn c th dng file ny link n 1 user hoc 1
group ch nh. Bn c th to nhiu file PSO. 1 file PSO bao gm nhng thng tin sau :
Enforce password history (msDS-PasswordHistoryLength) : s ln lu gi password
Maximum password age (msDS-MaximumPasswordAge): tui th ti a ca password.
Minimum password age (msDS-MinimumPasswordAge): tui th ti thiu ca password.
Minimum password length (msDS-MinimumPasswordLength): Chiu di ti thiu ca password
Passwords must meet complexity requirements (msDS-Password-ComplexityEnabled): Password phc
tp
Store passwords using reversible encryption (msDS-PasswordReversibleEncryptionEnabled): Password
m ha
Ngoi ra, PSO cn c nhng qui nh v kha ti khon:
Account lockout duration (msDS-LockoutDuration): ti khon s b kha trong thi gian bao lu
Account lockout threshold (msDS-LockoutThreshold): ti khon s b kha sau ? ln ng nhp bt hp
php
Reset account lockout counter after (msDS-LockoutObservationWindow): Reset li b m ca ti
khon b kha.
Trang 975

V d:
Gi s, bn mun cc user trong group sep phi t password n gin, chiu di ti thiu ca password l 5
k t, user s b kha ti khon sau 3 ln ng nhp bt hp php, ti khon s b kha trong vng 30
pht
C 2 cch to PSO
Cch 1: Bn dng ADSI
- Bn vo Start\Run, g adsiedit.msc
- Click phi vo ADSI Edit, chn Connect to
Trang 976
- khung Name, bn nhp vo tn domain ca mnh. V d: bachkhoa-npower.vn
Trang 977
- Bn m ln lt Domain bachkhoa-npower.vn\CN=SYSTEM, click phi CN=Password Settings Container,

chn New --> Object
Trang 978
- Chn Next
Trang 979
- khung CN, bn t tn gi nh n Policy. V d: Policy cho sep
N s c cc thuc tnh sau y:
Trang 980

- msDS-PasswordSettingsPrecedence: u tin ca PSO. Gi s bn c 2 PSO cng p ln 1 user, PSO no
c precedence nh hn s c u tin. y nhc t l 1
- msDS-PasswordReversibleEncryptionEnabled: Password m ha. khung Value, bn c th t gi tr l

FALSE(khng m ha) hoc TRUE (m ha). Nn t l FALSE
Trang 981
- msDS-PasswordHistoryLength: S ln lu gi password. khung Value, bn c th t gi tr t 0 n

1024.
Trang 982

- msDS-PasswordComplexityEnabled: Password phc tp. khung Value, bn c th t gi tr l FALSE
(khng) hoc TRUE (c).
- msDS-MinimumPasswordLength: Chiu di ti thiu ca password. khung Value, bn c th t gi tr

t 0 n 255 (hix, ai m t ci ny l 255 chc b ui vic sm qu)
Trang 983
- msDS-MinimumPasswordAge: Tui th ti thiu ca password. khung Value, bn c 2 ty chn nhp

+ (none): khng c
+ C dng 00:00:00:00(ngy:gi: pht: giy). V d bn nhp 3:00:00:00 (3 ngy), th sang ngy th 4, n s
bt bn change password.
Trang 984

msDS-MaximumPasswordAge: Tui th ti a ca password. khung Value, bn cng c 2 ty chn
nhp nh bc trn.
- msDS-LockoutThreshold: Ti khon s b kha sau ? ln ng nhp bt hp php. khung Value bn c

th t gi tr t 0 n 65535
Trang 985
- msDS-LockoutObservationWindow: Reset li b m ca ti khon b kha. khung Value, bn cng c 2

ty chn nhp
+ (None): khng c
+ C dng 00:00:00:00(ngy:gi : pht:giy)
Trang 986
- msDS-LockoutDuration: Kha ti khon trong bao lu. khung Value, bn cng c 2 ty chn nhp
+ (Never): khng c
+ C dng 00:00:00:00(ngy:gi: pht: giy).
Trang 987

- Cui cng, bn nhn More Attributes.
- khung Select a property to view, bn chn : msDS-PSOAppliesTo

- khung Edit, bn nhp vo : CN=sep,CN=USERS,DC=bachkhoa-npower,DC=vn(ta c th hiu nh sau
GROUP sep nm trong Users trong domain bachkhoa-npower.vn). Nhn Add --> OK
Trang 988
-Tng t, bn th to 1 PSO cho group Nhanvien, vi yu cu l bt buc user phi nhp password phc tp,
chiu di ti thiu l 7 k t, log on sai 3 ln s b kha ti khon, thi gian kha l 30 pht.
Cch 2: Ngoi cch to PSO bng ADSI, bn c th to PSO bng dng lnh.
- Bn m notepad ln, nh vo ni dung bn di(sa li 1 vi ch cho ph hp vi yu cu ca cng ty bn),
lu li vi tn pso_sep.ldf
dn: CN=Policy cho sep, CN=Password Settings Container,CN=System,DC=bachkhoa-npower,DC=vn
changetype: add
objectClass: msDS-PasswordSettings
msDS-MaximumPasswordAge:-1728000000000
msDS-MinimumPasswordAge:-864000000000
msDS-MinimumPasswordLength:5
msDS-PasswordHistoryLength:0
msDS-PasswordComplexityEnabled:FALSE
msDS-PasswordReversibleEncryptionEnabled:FALSE
msDS-LockoutObservationWindow:-18000000000
msDS-LockoutDuration:-18000000000
msDS-LockoutThreshold:3
msDS-PasswordSettingsPrecedence:1
msDS-PSOAppliesTo:CN=sep,CN=Users,DC=bachkhoa-npower, DC=vn
Trang 989

- Vo Start\Run, g CMD, g lnh ldifde i f pso_sep.ldf
4) Kim tra th
- u tin bn m Server Manager ln, chn Active Directory Users and Computers, chn Users, sau bn
chn View-->Advanced Feature
- Click phi group sep chn Properties
Trang 990
- chn Attribute Editor, tm n dng distinguisedName, bn s thy l n c add vo y
Trang 991
- By gi chng ta th reset password cho user hoavq xem no (hoavq thuc group sep: password n gin,
chiu di ti thiu phi 5 k t ). Click phi User hoavq, chn Reset Password, bn g vo: 456, mn hnh bo
li s hin ra, ((ti v hi ny bn set pass ti thiu phi l 5 k t)
Trang 992
Trang 993
- Sau , bn th set li password l "57890" , mn hnh thng bo change pass thnh cng
Trang 994
Trang 995
Vy l chng ta hon thnh xong bi lab. Khng nhng PSO p dng cho group m n cn p dng cho c
User m bn ch nh na.
Hng dn reset password Domain Administrator trn Windows Server 2008 R2

Bn l mt ngi qun tr mng my tnh (administrator) ca mt h thng khng t th cng nhiu ln chng ta
cng tng gp li. y l thng bo ngi dng nhp sai password nn khng th logon vo h thng c.
Trang 996
- B a DVD ci t Windows Server 2008 R2 Enterprise vo my v khi ng t a DVD, chn

Next
Trang 997
- Chn Repair your computer
Trang 998
- Chn Next
Trang 999
- Chn Command Prompt
Trang 1000
- G lnh nh hnh
Trang 1001
- Chn Restart khi ng li my
Trang 1002
- Click chut vo biu tng gc tay tri di hoc dng phm tt Windows + U
Trang 1003
- Mt mn hnh command promp xut hin
Trang 1004
- G lnh nh hnh. Lnh ny t li password cho administrator l bknp@123
Trang 1005
- ng nhp administrator vi password mi s thnh cng.
Trang 1006
Trang 1007
Trang 1008

Windows-Server-2008 - TV 02 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Windows-Server-2008 - TV 02 PDF

Uploaded by

Copyright:

Available Formats

Ti liu Qun Tr WinDows Server 2008

Hng dn ci t Active Directory trn Windows Server 2008

Hng dn ci t Active Directory trn Windows Server 2008

Nng cp my Windows Server 2008 (BKNP-DC08-01) thnh Domain Controller qun l

Cho php cc my trm gia nhp vo trong min: bachkhoa-npower.vn

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Cu hnh tn my tnh, a ch IP cho tt c cc my.

Chun b mt my chy h iu hnh Windows Server 2008 v mt my Client chy iu hnh

Hng dn chi tit:

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

- Ti ca s Sumary s tm tt li ton b cc phn c m t, chn Next.

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

- Sau khi nng cp hon tt, nhn Finish

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

- Chn Restart Now khi ng li h thng.

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

* Gia nhp my trm vo Domain controller:

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

- H thng s yu cu nhp Username v Password, chn OK.

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

- Qu trnh gia nhp vo min thnh cng

Cu hnh Additional Domain Controller trn Windows Server 2008

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Cu hnh Additional Domain Controller trn Windows Server 2008

My BKNP-DC08-01 c nng cp ln Domain Controller v ci t DNS vi tn min l:

Nng cp my BKNP-SRV08-01 thnh Additional Domain Controller.

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Ti ca s Operating System Compability, chn Next.

Khoa Cng Ngh Thng Tin

Ti liu Qun Tr WinDows Server 2008

Ti ca s Choose a Deployment Configuration, chn mc Existing forest, chn Add a

Khoa Cng Ngh Thng Tin