Professional Documents
Culture Documents
Ni dung bi lab:
Trang 1
Cc bc cn thc hin:
Yu cu chun b:
S a ch nh sau:
Trang 2
- H thng s kim tra thng tin cu hnh trc khi ci t Active Directory.
- Sau khi kim tra xong thng tin, qu trnh ci t Active Directory bt u, chn Next.
Trang 3
- Ti ca s Operating System Compatibility, h thng s cnh bo s tng thch gia h thng Windows
Server 2008 vi cc h thng trc, chn Next.
Trang 4
- Ti ca s Choose a Deployment Configuration, chn mc Create a new domain in a new forest, chn
Next.
Trang 5
- Ti ca s Name the Forest Root Domain, nhp vo tn min cn qun l, chn Next. H thng s kim
tra xem tn min m t c tn ti hay khng? Nu tn min cha c s dng, qu trnh ci t s qua
bc k tip.
Trang 6
- Ti ca s Set Forest Function Level, la chn mc chc nng trn Forest, chn Next.
Trang 7
- Ti ca s Set Domain Function Level, la chn cp p dng trn h thng Domain, chn Next.
Trang 8
Lu : li 1 ln na rng DC u tin phi l Global Catalog. Trong hu ht mi trng hp, ngi s dng s
nhn c thng tin cnh bo rng server hin ang c 1 hoc nhiu hn 1 a ch IP ng. G lnh
IPCONFIG /all. Tnh nng ny t u sinh ra? Cu tr li y l do Ipv6. Trong h thng c IPv6 nhng
khng s dng, bn c th b qua cnh bo nh sau:
Trang 9
- Ti hp thoi k tip, Windows s cnh bo lin quan n dch v DNS, chn Yes.
Trang 10
- Ti ca s Directory Services Restore Mode Administrator Password, nhp mt khu khi phc li
dch v danh b, chn Next.
Trang 11
Trang 12
- Qu trnh nng cp Windows Server 2008 thnh Domain Controller bt u din ra.
Trang 13
Trang 14
- Sau Khi khi ng xong li my. Vo Start -> chn Administrative Tools -> chn Active Directory Users
and Computers.
Trang 15
Trang 16
- Sau khi h thng chng thc hon tt, my tnh s c gia nhp vo trong min.v khi ng li my.
Trang 17
- ng nhp vo h thng.
Trang 18
Trang 19
CH :
Nhn Start > Run :g lnh DCPROMO, mn Hnh Welcome to the Active Directory Domain
Services Installation Wizard xut hin, chn Next:
Trang 20
Trang 21
Trang 22
Trang 23
Trang 24
Trang 25
Trang 26
Ti hp thoi k tip, Windows s cnh bo lin quan n dch v DNS, chn Yes:
Trang 27
Trang 28
Trang 29
Qu trnh nng cp Windows Server 2008 thnh Additional Domain Controller din ra
Trang 30
Trang 31
Vo Start > Progams > Administrative Tools > Active Directory Users and Computer ( Kim tra
ng b cc i tng trn c 2 Server )
Trang 32
Trang 33
Yu cu chun b:
- Nng cp BKNP-DC08-01 thnh Domain Controller.
- t a ch IP cho my tnh BKNP-SRV08-01.M hnh lab:
S a ch nh sau:
Trang 34
Trang 35
- Ti ca s Choose a Deployment Configuration, chn mc Existing forest, chn Create a new domain
in an existing forest, chn Next
Trang 36
- Ti ca s Network Credentials, nhp vo thng tin tn min tn ti trong Domain Forest, khai bo thng
tin v ti khon chng thc, chn Next
Trang 37
- Ti ca s Name the New Domain, nhp vo thng tin v min cha, thng tin v tn min con, chn Next
Trang 38
- Ti ca s Set Domain Function Level, la chn mc chc nng trn Domain, chn Next
Trang 39
Trang 40
Trang 41
Trang 42
- Ti ca s Directory Services Restore Mode Administrator Password, nhp vo mt khu, sau chn
Next
Trang 43
Trang 44
Trang 45
Trang 46
Trang 47
Yu cu chun b:
S a ch nh sau:
Trang 48
Trang 49
Trang 50
Trang 51
Trang 52
Trang 53
Trang 54
Trang 55
- Ti ca s Delegation of RODC Installation and Administration, nhp vo User hay Group c quyn
cho php my RODC gia nhp vo trong min, chn Next
Trang 56
Trang 57
- Ti ca s Source Domain Controller, Chn Use this specific domain controller, chn BKNP-DC0801.bknpower.vn, chn Next
Trang 58
Trang 59
- Ti ca s Directory Services Restore Mode Administrator Password, nhp vo mt khu, sau chn
Next
Trang 60
Trang 61
Trang 62
Trang 63
- Trong hp thoi BKNP-SRV08-01 Properties, chuyn qua tab Password Replication Policy, chn Add
Trang 64
- Hp thoi Add Groups, Users and Computers, chn Allow passwords for the account to replicate to this
RODC, chn OK
- Hp thoi Select Users, Computers, or Groups, add group SS_G_Sale vo Enter the object name to
select, chn OK
Trang 65
- Trong hp thoi Advanced Password Replication Policy for BKNP-SRV08-01, kim tra c user Vietlq
Trang 66
Kim tra kt qu
- Ngt kt ni ng truyn v m bo my BKNP-SRV08-01, BKNP-WRK-01 khng lin lc c vi
my BKNP-DC8-01
- Trn my BKNP-WRK-01, Log on ln lt BKNPOWER\vietlq, kim tra Log on thnh cng
- Trn my BKNP-WRK-01, Log on ln lt BKNPOWER\thanhnv, kim tra log on khng thnh cng
(password ca thanhnv khng lu trn Read-Only Domain Controller)
Trang 67
Trang 68
Trang 69
Trang 70
- Hp thoi to ti khon ngi dng xut hin, nhp thng tin v chn Next.
Trang 71
- Ti hp thoi k tip, nhp thng tin v mt khu, nhn Next. (Vi ty chn User must change password at
next logon th ngi dng s phi thay i mt khu khi ng nhp vo h thng ln k tip).
Trang 72
- Cc User cn li to tng t.
Trang 73
Trang 74
- thm ti khon hoavq vo nhm GG_S_GV v nhm Backup Operators -> chn tab Member of v
chn Add thm nhm ngi dng cho ti khon:
Trang 75
- Tng t, thc hin to ti khon congdd, duynh, thaidv, doantv v gia nhp vo nhm cho cc User theo
yu cu bi.
- Trn ti khon congdd, thit lp khng cho php thay i mt khu v kha ti khon, trn tab Account
ca ti khon congdd, tick vo User cannot change password v Account is disabled.
Trang 76
- thit lp hn s dng cho ti khon congdd, trong phn Account expires tick vo End of v thit lp ngy
ht hn ca ti khon.
Trang 77
- thit lp thi gian ng nhp cho ngi dng thuc nhm ging vin, click chn cc thnh vin thuc
nhm ging vin, nhn phi chut chn Properties.
Trang 78
- Ti tab Account tick chn Logon hours ri nhn vo Logon hours tip tc:
Trang 79
Trang 80
Trang 81
Trang 82
1. Yu cu:
Anh (ch) hy to OU v ti khon ngi dng theo m hnh trn min bachkhoa-npower.vn:
- Cng ty t H Ni c cc phng ban: IT, Sale, Mar
- Phng ban IT: ng nh Cng (congdd), Vn Thi (thaidv) thuc nhm GG_S_IT.
- Phng ban Sale: V Vn Cng (cuongvv) thuc nhm GG_S_Sale
- Phng ban Mar: Nguyn Th nh (anhnt) thuc nhm GG_S_Mar
Thit lp quyn hn cho cc i tng ngi dng nh sau:
- Cp cho ti khon congdd c php qun l phng ban IT.
- Cho php cc ti khon congdd, thaidv c php qun l Server.
Kt hp vi Deploy qun tr trn Windows 7, Kim tra quyn hn ca cc i tng OU Admin:
- T my BKNP-WRK-01 s dng Remote Server Administration Tools ng nhp ti khon qun tr
congdd , to ti khon Nguyn Vn Thnh (thanhnv) phng ban IT.
2. Yu cu chun b:
- My Server (BKNP-DC08-01) c nng cp ln Domain Controller.
- My Client (BKNP-WRK-01) Join vo min.
3. Hng dn thc hin:
*To OU v ti khon ngi dng:
- Chn Start chn Programs chn Administrative Tools chn Active Directory Users and
Computers.- Nhp phi trn domain bachkhoa-npower.vn chn New Organizational Unit.
Trang 83
- Nhp vo tn OU cn to.
Trang 84
Trang 85
Trang 86
Trang 87
Trang 88
- Ti mn hnh Users or Groups, nhp Add thm vo i tng cn thit lp quyn hn, nhn Next.
Trang 89
- Ti mn hnh Completing the Delegation of Control Wizard, nhp Finish hon tt.
Trang 90
Trang 91
- Ti hp thoi Properties ca i tng ngi dng, chn Add thm nhm Server Operators, nhp OK
xc nhn.
Trang 92
Trang 93
Trang 94
Trang 95
Trang 96
Trang 97
Trang 98
Trang 99
Trang 100
- T ca s Word, son tho trc mt on command to user. Sau vo th Mailings > Start Mail Merge
> Step by step mail merge wizard.
Trang 101
Trang 102
Trang 103
- Ti bng Mail Merge Recipients nhn chn tt c v nhn OK v nhn Next ti Step 3.
Trang 104
- Ti Step 4, bi en anln, nhn vo More Items pha bn phi ri la chn trng tng ng l Logon
Name. Lm tng t vi cc trng First Name,Last Name v E-Mail
Trang 105
Trang 106
Trang 107
Trang 108
Chn Start > Programs > Administrative Tools > Server Manager.
Trang 109
Trang 110
Trang 111
Trang 112
Ti ca s DNS Server, chn Next.Ti ca s Confirm Installation Selections, chn Install tin hnh ci
t.Qu trnh ci t s din raSau khi ci t xong, nhn Close kt thc qu trnh ci t.
Trang 113
To Zone thun (Forward Lookup Zone) tn bknpower.vn :Start > Programs > Administrative Tools >
DNS. Nhp phi trn mc Forward Lookup Zone > New Zone, mn hnh Welcome to the New Zone
Wizard xut hin, chn Next.
Trang 114
Trang 115
Trang 116
To Zone ngc tn 1.168.192.in-addr.arpa:Nhp phi chut trn Reverse Lookup Zone > New Zone, ti
mn hnh Welcome to the New Zone Wizard, chn Next.
Trang 117
Ti mn hnh Reverse Lookup Zone Name, chn mc IPv4 Reverse Lookup Zone, chn Next.
Trang 118
Ti mn hnh Reverse Lookup Zone Name, nhp vo thng tin v a ch IP ca my DNS Server, chn
Next.
Trang 119
Ti mn hnh Completing the New Zone Wizard, nhp Finish kt thc qu trnh ci t Zone ngc.
Trang 120
Trang 121
Trang 122
Trang 123
To Forwarder trn BKNP-SRV08-01 nh BKNP-DC08-01 phn gii h:Nhp phi trn DNS Server,
chn Properties, chn tab Forwarders.
Trang 124
Trang 125
Trang 126
II. Yu cu chun b.
- My BKNP-DC08-01 c nng cp ln Domain Controller v ci t DNS vi tn min l:
bachkhoa-npower.vn.
- My client (BKNP-WRK-01)
III. Hng dn chi tit
- bt u qu trnh ci t DHCP, bn c th kch vo Add Roles t ca s Initial Configuration Tasks
hoc t Server Manager > Roles > Add Roles.
Trang 127
- Khi Add Roles Wizard xut hin, bn hy kch Next trn mn hnh .
Trang 128
- Tip n, chn thnh phn mun b sung, DHCP Server Role, sau kch Next.
Trang 129
Trang 130
Trang 131
- Nhng g wizard ny hi l, what interface do you want to provide DHCP services on? tm c dch l
giao din bn mun cung cp cho cc dch v DHCP l g? Mnh chn mc nh v kch Next.
- Tip n, nhp vo Parent Domain, Primary DNS Server, v Alternate DNS Server (xem hnh bn di)
v kch Next.
Trang 132
Trang 133
- Sau chng ta s c tng cp cu hnh DHCP scope cho DHCP Server mi. Chn cu hnh di a ch
IP l 192.168.1.10-254 cho hn 200 my khch trn mng ni b ca chng ta. thc hin iu , bn cn
kch Add b sung thm mt phm vi mi. Nh nhng g bn c th thy trong hnh bn di, Mnh t
tn Scope DHCP Server, cu hnh a ch IP bt u v kt thc l 192.168.1.10-192.168.1.254, subnet
mask l 255.255.255.0, default gateway l 192.168.1.1, kiu subnet (chy dy), v activated the scope.
Trang 134
- Quay tr li mn hnh Add Scope, chng ta kch Next b sung thm mt phm vi mi (khi DHCP Server
c ci t).
Trang 135
Trang 136
Trang 137
- Sau xc nhn DHCP Installation Selections ca mnh (trn mn hnh bn di) v kch Install.
Trang 138
- Qu trnh ci t din ra
- Sau mt vi giy, DHCP Server s c ci t v chng ta s thy mt ca s xut hin nh hnh bn
di:
Trang 139
- Kch Close ng ca s ci t, sau chng ta hy chuyn sang cch qun l DHCP Server.
*Qun l Windows Server 2008 DHCP Server mi
- Start > Administrative Tools > DHCP Server
Trang 140
Trang 141
- Win 2008 DHCP Server c cc my khch bknp-wrk-01 c lit k trong Address Leases
Trang 142
Ci t dch v IIS.
Cu hnh IIS vi Single Website.
M hnh lab:
Trang 143
Yu cu chun b:
Trang 144
Trang 145
- To th mc C:/>Backhoa-Npower/npower
Trang 146
- To th mc C:/>Backhoa-Npower/npower/CEH
- To th mc C:/>Backhoa-Npower/npower/NCNA
Trang 147
Trang 148
- Ti ca s Server Manager > chut phi vo Rule > chn Add Roles
Trang 149
Trang 150
Trang 151
- Ti ca s Add features required for Web Server (IIS)? > chn Add Required Features.
Trang 152
Trang 153
Trang 154
Trang 155
Trang 156
Trang 157
Trang 158
- Ti ca s Internet Information Service (IIS) Manager, chut phi vo Site > chn Add Web Site
Trang 159
Trang 160
Trang 161
Trang 162
Trang 163
Trang 164
Trang 165
Trang 166
*Enable Basic Authentication ( ngi dng vo phi nhp user v pass xc thc)
- Vo bknpower/npower > chn Authentication
Trang 167
Trang 168
Trang 169
Trang 170
Trang 171
Trang 172
Trang 173
Trang 174
- Ti ca s Add Deny Restriction Rule, Nhp IP my Client cn chn khng cho vo Web > chn OK
Ni dung bi lab:
Ci t dch v IIS.
Cu hnh IIS vi Multi Website kt hp vi DNS Server.
Trang 175
Cc bc cn thc hin:
M hnh lab:
Yu cu chun b:
Chun b 2 my Server v 1 my Client theo m hnh Lab trn
Trang 176
Trang 177
Trang 178
Trang 179
Trang 180
Trang 181
Trang 182
Trang 183
Trang 184
- Ti ca s Add features required for Web Server (IIS)? , chn Add Required Features
Trang 185
Trang 186
Trang 187
Trang 188
Trang 189
Trang 190
Trang 191
- Ti ca s Internet Information Service (IIS) Manager, chut phi vo Site > chn Add Web Site
Trang 192
Trang 193
Trang 194
- 2 website cn li lm tng t.
*To bn ghi phn gii cho cc website (thc hin trn my BKNP-DC08-01)
- Chn Start > Programs > Administrative Tools > DNS
Trang 195
- Ti ca s DNS Manager, nhn chut phi vo Forword Lookup Zone chn New Zone
Trang 196
Trang 197
Trang 198
Trang 199
- Ti ca s Dynamic Update, chn Allow both nonsecure and sercure dynamic updates, chn Next.
Trang 200
- To bn ghi, Click chut phi vo Zone va to, Chn New Host (A or AAAA)
Trang 201
- Ti ca s New Host, trong phn IP address: nhp IP ca server WEB(BKNP-SRV08-01) > chn Add
Host
Trang 202
- Ti ca s New Host, trong phn Name: g www, IP address: nhp IP ca Server WEB (BKNP-SRV0801) > chn Add Host.
Trang 203
- Truy cp website: .
Trang 204
- Truy cp website: .
Trang 205
Trang 206
Trang 207
Truy cp Group Policy Management > nhn phi chut phng ban IT chn Create a GPO in this domain
Trang 208
t tn cho policy mi
Trang 209
Ti User Configuration > Policies > Administrative Template > Desktop > Desktop > nhn phi chut trn
Desktop Wallpaper chn Properties
Trang 210
Trang 211
Trang 212
Nhn chut phi vo Prevent access to registry editing tools ri chn Properties
Trang 213
Trang 214
Trang 215
Trang 216
Trang 217
Trang 218
Nhn chut phi ln Prevent access to the command prompt chn Properties
Trang 219
Trang 220
5. Cm s dng Run:
Tng t ta to mi Policy block run. Chut phi ln Policy va to chn Edit
Trang 221
Nhn phi chut ln Remove Run from Start Menu chn Properties
Trang 222
Trang 223
Trang 224
Trang 225
Restore li cc Policy nhn chut phi trn Group Policy Objects chn Manage Backups
Trang 226
Trang 227
Thc thi cc chnh sch mt khu cho user Tuannv trong domain:
Thc hin trn my Domain Controller
Start > Administrative Tools > Group Policy Management.
Trang 228
Trong ca s Group Policy Management Editor, chn Computer Configuration > Policies >
Windows Settings > Security Settings > Account Policies > Password Policy.
Trang 229
Trang 230
Trang 231
Trong ca s bn phi, chn Account lockout threshold thit lp: 5 invalid logon attempts, chn
OK.
Trang 232
Cm tt my tnh t xa:
Trong ca s Group Policy Management Editor, chn Computer Configuration > Policies >
Windows Settings > Security Settings > Local Policies > User Rights Assignment
Trang 233
Trong ty chn Force shutdown from a remote system chn remove nhm Server Operators
ch li mnh Administrators > chn Ok
Trang 234
Cm shutdown my tnh cc b:
Trong ty chn Shutdown the system chn remove nhm Server Operators.
Trang 235
Cm ng nhp my tnh cc b:
Trong ty chn Deny log on locally thm User mun cm ng nhp > chn Ok
Trang 236
Trang 237
Trang 238
Trang 239
Ti ca s Server Manager nhn phi chut vo Roles > chn Add Roles
Trang 240
Trang 241
Ti ca s Select Server Roles, chn Network Policy and Access Service, chn Next.
Trang 242
Trang 243
Ti ca s Select Role Services, chn Routing and Remote Access Services, chn Next.
Trang 244
Trang 245
Qu trnh ci t din ra
Trang 246
Trang 247
Trang 248
Ti ca s Routing and Remote Access, nhn phi chut vo BKNP-SRV08-01 (local) > chn
Configure and Enable Routing and Remote Access
Trang 249
Ti ca s Welcome to the Routing and Remote Access Server Setup, chn Next.
Trang 250
Trang 251
Ti ca s Completing the Routing and Remote Access Server Setup Wizard, chn Finish
Trang 252
Ti ca s Routing and Remote Access, chn IPv4 > nhn phi chut vo NAT > chn New
Interface
Trang 253
Ti ca s New Interface for IPNAT, chn card mng external, chn OK tip tc
Trang 254
Trang 255
Ti ca s Routing and Remote Access, chn IPv4, nhn chut phi vo NAT, chn New
Interface
Trang 256
Ti ca s New Interface for IPNAT, chn card mng internal > chn OK
Trang 257
Trang 258
Trang 259
Trang 260
Trang 261
Trang 262
Trang 263
Trang 264
Ti ca s Server Manager, nhp phi chut vo Roles > chn Add Roles
Trang 265
Trang 266
Ti ca s Select Server Roles, chn Network Policy and Access Service > chn Next.
Trang 267
Trang 268
Ti Select Role Services, chn Routing and Remote Access Services > chn Next.
Trang 269
Trang 270
Qu trnh ci t din ra
Trang 271
Trang 272
Trang 273
Ti ca s Routing and Remote Access, nhn phi chut vo BKNP-SRV08-01 (local) > chn
Configure and Enable Routing and Remote Access
Trang 274
Ti ca s Welcome to the Routing and Remote Access Server Setup Wizard, chn Next.
Trang 275
Trang 276
Trang 277
Ti ca s Completing the Routing and Remote Access Server Setup, chn Finish
Trang 278
Chn BKNP-SRV08-01(local) > chn IPv4 > nhn chut phi vo Static Routes > chn New
Static Route
Trang 279
Trang 280
Trang 281
Ti ca s Server Manager nhn chut phi vo Roles > chn Add Roles
Trang 282
Trang 283
Ti ca s Select Server Roles, chn Network Policy and Access Service, chn Next.
Trang 284
Trang 285
Ti ca s Select Role Services, chn Routing and Remote Access Services, chn Next.
Trang 286
Trang 287
Qu trnh ci t din ra
Trang 288
Trang 289
Trang 290
Ti ca s Routing and Remote Access, nhn phi chut vo BKNP-SRV08-02 (local) > chn
Configure and Enable Routing and Remote Access
Trang 291
Ti ca s Welcome to the Routing and Remote Access Server Setup Wizard, chn Next.
Trang 292
Trang 293
Trang 294
Ti ca s Completing the Routing and Remote Access Server Setup Wizard, chn Finish
Trang 295
Chn BKNP-SRV08-02(local) > chn IPv4 > nhn chut phi vo Static Routes > chn New
Static Route
Trang 296
Trang 297
Truy cp vo th mc chia s
Trang 298
Trang 299
Trang 300
To th mc v chia s th mc
Trang 301
Trang 302
Trang 303
Ti ca s Server Manager, nhn chut phi vo Roles > chn Add Roles
Trang 304
Ti ca s Select Server Roles, chn Network Policy and Access Services, chn Next
tip tc
Trang 305
Trang 306
Trang 307
Trang 308
Trang 309
Trang 310
Trang 311
Trang 312
Trang 313
Ti ca s Server Manager nhn chut phi vo Roles > chn Add Roles
Trang 314
Trang 315
Ti ca s Select Server Roles, chn Network Policy and Access Service > chn Next.
Trang 316
Trang 317
Ti ca s Select Role Services, chn Routing and Remote Access Services, chn Next.
Trang 318
Trang 319
Qu trnh ci t din ra
Trang 320
Trang 321
Trang 322
Ti ca s Routing and Remote Access, nhn phi chut vo BKNP-SRV08-01 (local) chn
Configure and Enable Routing and Remote Access
Trang 323
Ti ca s Configuretion, chn Remote access (dial-up or VPN) > chn Next tip tc
Trang 324
Trang 325
Trang 326
Ti ca s IP address Assignment, chn From a specified range of addresses > chn Next
tip tc
Trang 327
Trang 328
Ti ca s New IPv4 Address Range, nhp di mng cn cp pht > chn OK tip tc
Trang 329
Ti ca s Managing Mutiple Remote Access Servers, chn Yes, set up this server to work
with a RADIUS server > chn Next.
Trang 330
Trang 331
Ti ca s Completing the Routing and Remote Access Server Setup Wizard, chn Finish
kt thc qu trnh ci t
Trang 332
Trang 333
Trang 334
Trang 335
Trang 336
Nhp a IP Publish ca cng ty vo phn Internet address, nhp tn m t cho card mng kt ni
VPN, chn Next.
Trang 337
Nhp thng tin user name v password ca user c php kt ni VPN, chn Create to
ng truyn kt ni
Trang 338
Trang 339
Qu trnh kt ni din ra
Trang 340
Truy cp vo th mc chia s
Trang 341
Trang 342
Yu cu chun b:
Trang 343
- Ti ca s Select Role Services, la chn Network Policy Server v Routing and Remote Access Services
ri nhn Next bt u qu trnh ci t
Trang 344
Trang 345
- Cn chc chn rng ti khon vpn c truy cp thng qua chnh sch NPS
Trang 346
Trang 347
Trang 348
Trang 349
Trang 350
Trang 351
Trang 352
Trang 353
Trang 354
- Tip theo, la chn xc thc thng qua Routing and Remote Access
Trang 355
Trang 356
Trang 357
- V hiu ha cc chnh sch hin c trong Network Policies v to mi Policy: nhn phi chut vo Network
Policies chn New
Trang 358
Trang 359
Trang 360
Trang 361
Trang 362
Trang 363
Trang 364
Trang 365
Trang 366
Trang 367
Trang 368
- Ti my Client to kt ni VPN
Trang 369
Trang 370
Trang 371
Trang 372
Chn Properties:
Trang 373
Trang 374
Trang 375
Trang 376
Trang 377
Gateway 2 c a ch l:
Trang 378
Trang 379
Sau khi xut hin ca s Network Policy and Access Sevices chn Next > Xut hin ca s
Select Role Services chn Routing and Remote Access Services, chn Next.
Trang 380
Trang 381
Trang 382
Trang 383
Trong ca s Welcome to the Routing and Remote Access Server Setup Wizard chn Next
Trang 384
Trang 385
Trang 386
Trong ca s Completing the Routing and Remote Access Server Setup chn Finish
Trang 387
Trang 388
Trang 389
Trang 390
Trang 391
Trang 392
Trang 393
Chn Properties:
Trang 394
Trang 395
Trang 396
Trang 397
Trang 398
Trang 399
Trang 400
Trang 401
Trang 402
in a ch IPv4 l 192.168.1.1
Trang 403
Trang 404
Sau khi xut hin ca s Network Policy and Access Sevices chn Next > Xut hin ca s
Select Role Services ta tch vo Routing and Remote Access Services v chn Next.
Trang 405
Trang 406
Trang 407
Trang 408
Trong ca s Welcome to the Routing and Remote Access Server Setup Wizard chn Next
Trang 409
Trang 410
Trang 411
Trong ca s Completing the Routing and Remote Access Server Setup Wizard chn Finish
Ca s Start the service xut hin chn Start service
Trang 412
Trang 413
Trang 414
Trang 415
Trang 416
Trang 417
Trang 418
Trang 419
Ti ca s Select Role Serives, chn Distributed File System > chn Next.
Trang 420
Ti ca s Create a DFS Namespace, chn Create a namespace now, using this wizard, nhp
tn Namespace: Data
Trang 421
Trang 422
Trang 423
Trang 424
Trang 425
Trang 426
Trang 427
Trang 428
Trang 429
Trang 430
Ti ca s Select Role Services, chn Distributed File System, chn Next tip tc
Trang 431
Ti ca s Create a DFS Namespace, chn Create a namespace later using the DFS
Manager snap-in in Server Manager > chn Next.
Trang 432
Trang 433
Trang 434
Trang 435
Trang 436
Trang 437
Ti ca s Replication Group Type, chn Replication group for data collection > chn Next.
Trang 438
Ti ca s Name and Domain, trong Name of replication group in tn: ProjectDocs, chn
Next tip tc
Trang 439
Trang 440
Trang 441
Trang 442
Trang 443
Trang 444
Trang 445
Trang 446
Trang 447
Trang 448
Trang 449
Ti ca s DFS Management, chn ProjectDocs, chn Tab Replicated Folders, nhn chut
phi vo ProjectDocs, chn Share and Publish in Namespace
Trang 450
Ti ca s Publishing method, chn Share and publish the replicated folder in a namespace
> chn Next.
Trang 451
Trang 452
Trang 453
Trang 454
Trang 455
Trang 456
Trang 457
Trang 458
Ti mn hnh Configure Storage Usage Monitoring, chn a C > nhn Next tip tc
Trang 459
Trang 460
Trang 461
Trang 462
Ti ca s Create Quota Template nhp tn, nhn v ch nh dung lng cho Template ri nhn
Edit tip tc
Trang 463
Trang 464
Trang 465
Trang 466
Trang 467
Trang 468
Trang 469
Trang 470
Trang 471
Nhn phi chut ln File Screen va to chn Properties v la chn kiu tp tin cho php lu tr
Trang 472
Ti my Client tin hnh sao chp d liu, thng bo s xut hin khi dung lng vt qu hn
ngch cho php
Trang 473
Trang 474
Trang 475
Trang 476
Trang 477
Trang 478
xut file bo co ngay lp tc, nhn chut phi ln Report Task va mi to chn Run Report
Task Now
Trang 479
Trang 480
Trang 481
Trang 482
Trang 483
Trang 484
Trang 485
Trang 486
Trang 487
Trang 488
Ti ca s Select Features, chn Windows Server Backup Features > Windows Server
Backup > Command-lie Tools
Trang 489
Trang 490
Trang 491
Trang 492
Trang 493
Trang 494
Trang 495
Trang 496
Trang 497
Ti ca s Specify backup time t lch t ng thc hin Backup > chn Next.
Trang 498
Trang 499
Ti ca s Show all Available Disks, chn lu d liu Backup > chn OK.
Trang 500
Trang 501
Trang 502
Trang 503
Trang 504
Trang 505
*YU CU*
Trn my Server BKNP-SRV08-01 dng Windows Firewall bo mt cho h thng:
Trang 506
Ti my BKNP-SRV08-01 truy cp Windows Firewall: Start > Administrative Tools > Windows Firewall
with Advance Security
Nhp phi chut ln Windows Firewall with Advance Security chn Properties
Trang 507
Trang 508
Trang 509
Trang 510
Trang 511
Trang 512
Trang 513
Trang 514
Trang 515
Trang 516
Trang 517
Trang 518
Trang 519
Trang 520
Trang 521
Trang 522
Trang 523
Trang 524
Trang 525
t tn cho Rule va to
Trang 526
Trang 527
M hnh Lab:
Trang 528
- Xut hin thm ca s yu cu ci thm dch v cho Web Server. Chn Add Required Role Service.
Trang 529
- Chn Next, xut hin ca s Introduction to Active Directory Rights Management Services. Hin th cc
thng tin v AD RMS.
- Chn Next, xut hin ca s Select Role Services, chn Active Directory Rights Management Server.
Trang 530
- Chn Next, xut hin ca s Create or Join AD RMS Cluster, chn Creat a new AD RMS Cluster.
Trang 531
- Chn Next, xut hin ca s Select Configuration Database, chn Use Windows Internal Database on
this server.
Trang 532
Trang 533
- Xut hin ca s Add Roles Wizard, nhp vo ti khon ADRMS to phn chun b.
Trang 534
Trang 535
- Chn Next, xut hin ca s Configure AD RMS Key Storage, chn Use AD RMS Centrally managed
key storage.
Trang 536
- Chn Next, xut hin ca s Specify AD RMS Cluster Key Password, to mt khu cho AD RMS cluster.
Trang 537
- Chn Next, xut hin ca s Select AD RMS Cluster Web Site, chn Default Web Site.
Trang 538
- Chn Next, xut hin ca s Specify Cluster Address, chn Use an SSL-encrypted connection (, nhp tn
BKNP-DC08-01.bknpower.vn vo Fully-Qualified Domain Name, chn Validate
Trang 539
- Chn Next, xut hin ca s Choose a Server Authentication Certificate for SSL Encryption, chn
Create a self-signed certificate for SSL encryption.
Trang 540
Trang 541
- Chn Next, xut hin ca s Register AD RMS Service Connection Point, chn Register the AD RMS
service connection point now.
Trang 542
Trang 543
Trang 544
Trang 545
- Chn Close
Trang 546
Trang 547
Trang 548
- Chn Next, xut hin ca s, Certificate Store, chn Place all, chn Browse v chn Trusted Root
Certificate Authorities.
Trang 549
Trang 550
Trang 551
Trang 552
- Xut hin ca s chng thc t Server nhp ti khon v mt khu trong nhm Admins.
- Sau khi chng thc ti khon thnh cng, xut hin ca s Permission, chn Restrict permission to this
document.
Trang 553
Trang 554
- Xut hin ca s yu cu chng thc ti khon mun truy cp tp tin ny. Nhp ti khon v mt khu ca
Anln.
- Chn OK, qu trnh kim tra quyn truy cp tp tin ny cho Anln
Trang 555
Sau khi kim tra thnh cng ni dung ca tp tin ny s c hin th:
Ta c th kim tra li quyn truy cp trn tp tin ny ca Anln bng cch chn View Permission trn
dng Restricted Access.
Trang 556
Trang 557
Trang 558
Trang 559
Yu cu chun b:
- Mt my ci Windows server 2008 (BKNP-DC08-01) nng cp ln DC (BKNP-DC08-01.BKNPOWER.VN).
Hng dn chi tit:
*Ci t Windows Server Backup Feature
- Chn Start > chn Programs > chn Administrative Tools > chn Server Manager > chn Features >
chn Add Features
Trang 560
- Trong ca s Select Features, chn Windows Server Backup Features, chn Windows Server Backup
v Command-line Tools, chn Next tip tc
Trang 561
Trang 562
Trang 563
Trang 564
Trang 565
Trang 566
Trang 567
- Trong ca s Specify backup time, chn Once a day, chn 10:30 am, sau chn Next.
Trang 568
Trang 569
Trang 570
Trang 571
Trang 572
Trang 573
Trang 574
Trang 575
Trang 576
- Vo F kim tra.
Trang 577
- M Active Directory Users and Computers, chn menu View > Advanced Features
Trang 578
- Click phi chut vo OU IT -> chn Properties, chn Tab Object, b du check mc Protect object from
accidental deletion -> chn OK
Trang 579
Trang 580
*Restore database AD DS
- Trn my DC, chn Start > chn Command Prompt, Nhp bcdedit /set safeboot dsrepair, nhn phm
ENTER.
Ch : Restart my, sau nhn F8, chn Directory Services Restore Mode
Restore d liu system state
- Nhp shutdown -t 0 -r, nhn phm ENTER. My tnh s Restart
- Logon vi ti khon Local Administrator.
Trang 581
- Chn Start, nhp chut phi Command Prompt, chn Run as administrator.
- Ti Command prompt, Nhp lnh : wbadmin get versions
Trang 582
Trang 583
- Nhp quit, nhn phm ENTER. Nhp tip quit, nhn phm ENTER.
- Kim tra li i tng delete c restore
- khi ng li server ch bnh thng, nhp bcdedit /deletevalue safeboot, ENTER.
Trang 584
Cu hnh AD DS Auditing
Ni dung bi lab:
- Kho st trng thi hin ti ca audit policy.
- Enable DSAA trn domain controllers.
- Thit lp SACL cho domain.
- Kim tra policy.
M hnh Lab:
Trang 585
Cu hnh AD DS Auditing
Yu cu chun b:
- My BKNP-DC08-01 c nng cp ln Domain Controller.
Hng dn chi tit:
*Kho st trng thi hin ti ca audit policy.
Chn Start > Command Prompt.
Trang 586
- Enable DS Access auditing trn domain controllers: Start > Administrative Tools > Group Policy
Management. Nhp chut phi Default Domain Controllers Policy, chn Edit.
Trang 587
- Chn Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies >
Audit Policy. Tt c cc thit lp policy trng thi Not Defined.
Trang 588
- Chn Audit Directory Service Access, chn Define these policy settings, chn Success v Failure sau
chn OK.
Trang 589
- Thit lp SACL cho domain: Start > Administrative Tools > Active Directory Users and Computers.
Chn View > Advanced Features.
Trang 590
Trang 591
- Trong ca s Properties, chn tab Security, chn Advanced, chn tab Auditing, sau chn Add.
- Trong ca s Select Users, Computers and Groups, nhp Everyone, chn OK.
- Trong ca s Auditing Entry for bknpower, chn c hai ct Successful v Failed, chn Write all
Properties chn OK 3 ln.
Trang 592
- Kim tra policy: Nhp chut phi ln OU IT, chn Rename: ITAdmin.
Trang 593
Trang 594
Trang 595
Office: Bachkhoa-Npower
Telephone Number: 043625079.
Trang 596
Trang 597
Trang 598
Trang 599
- Sau thc hin tip. Trn Menu chn Connection > Binb, chn OK
Trang 600
Trang 601
Trang 602
Trang 603
- Trn Menu Connection Bind, Chp nhn cc gi tri mc nh, chn OK.
- Trn Menu, chn View Tree. Nhp cc thng tin sau, chn OK.
- Chn OU IT, chn thanhnv. Trong ca s bn phi, xem li cc thng tin m t cho thanhnv
Trang 604
- ng LDP.exe.
- Trong ca s Command prompt, stop Dsamain.exe nhn CTRL+C.
- ng Command prompt.
Trang 605
To mt custom view vi tn: Directory Service theo di cc s kin trn Active Directory v DNS
Server cc ch : Critical, Warning, v Error.
Export custom view ny ra mt file: Active Directory.xml
- Trn my BKNP-SRV08-01thc hin Import file Active Directory.xml c chuyn sang t my BKNPDC08-01, theo di cc Event cu hnh trn my ny.
- To mt Subscription: Service Events, nhm chuyn cc event system (event c ID 7036) trn my BKNPDC08-01 sang my BKNP-SRV08-01.
S dng tnh nng Attach a Task to this Log trong Windows Log, gi mt email cho administrator khi xut
hin cc file log c ID 7036.
M hnh bi lab:
Trang 606
Trang 607
Trang 608
- Trong ca s Create Custom View chn: Critical, Warning, v Error. Trong phn Event Logs >
Application and Services Logs, chn Directory Service v DNS Server, chn OK.
Trang 609
- Trong ca s Save Filter to Custom View nhp tn cho custom: Directory Service, sau chn OK.
Trang 610
- Export custom view ny ra file: Active Directory.xml: Nhp chut phi Directory Service, chn Export
Custom View.
Trang 611
- Trong ca s Save As lu ti th mc chia s Share trn D, nhp tn: Active Directory sau chn Save.
*Import custom view: Active Directory.xml
- ng nhp my BKNP-SRV08-01 vi quyn Administrator.
- Start > Administrative Tools > Event Viewer.
- Nhp chut phi Custom Views, chn Import Custom View.
Trang 612
- Trong ca s Import Custom View tr ti th mc chia s cha file Active Directory.xml, sau chn
Open.
- Trong ca s Import Custom View File chn OK.
Trang 613
*To mt Subscription nhm chuyn cc event system trn my BKNP-DC08-01 sang my BKNPSRV08-01
- Trn my BKNP-SRV08-01( my thu thp event), chn Start Command Prompt.
- Trong ca s command-prompt nhp lnh wecutil qc, ENTER, nhp y, ENTER.
- ng command prompt.
- Chyn sang my BKNP-DC08-01 (my cung cp event).
Trang 614
- ng command prompt.
- To mt Subscription theo yu cu bi: Trn my BKNP-SRV08-01, khi ng Event Viewer, nhp
chut phi Subscriptions, chn Create Subscription.
Trang 615
- Trong ca s Subscription Properties, nhp tn Subscription: Theo doi DNS tu may DC08-01, chn
Collector Initiated, sau chn Select Computers.
Trang 616
Trang 617
- Chn Advanced, chn Specific User, sau chn User and Password.
- Trong ca s Credentials for Subscriptions Source, ng nhp ti khon v mt khu ca Administrator,
chn OK.
Trang 618
Trang 619
Trang 620
Trang 621
Trang 622
Trang 623
Trang 624
Trang 625
- Chn Next, sau chn Finish. Xut hin ca s Event Viewer, chn OK.
Trang 626
To mt custom view vi tn: Directory Service theo di cc s kin trn Active Directory v DNS
Server cc ch : Critical, Warning, v Error.
Export custom view ny ra mt file: Active Directory.xml
- Trn my BKNP-SRV08-01thc hin Import file Active Directory.xml c chuyn sang t my BKNPDC08-01, theo di cc Event cu hnh trn my ny.
- To mt Subscription: Service Events, nhm chuyn cc event system (event c ID 7036) trn my BKNPDC08-01 sang my BKNP-SRV08-01.
S dng tnh nng Attach a Task to this Log trong Windows Log, gi mt email cho administrator khi xut
hin cc file log c ID 7036.
M hnh bi lab:
Trang 627
Trang 628
Trang 629
- Trong ca s Create Custom View chn: Critical, Warning, v Error. Trong phn Event Logs >
Application and Services Logs, chn Directory Service v DNS Server, chn OK.
Trang 630
- Trong ca s Save Filter to Custom View nhp tn cho custom: Directory Service, sau chn OK.
Trang 631
- Export custom view ny ra file: Active Directory.xml: Nhp chut phi Directory Service, chn Export
Custom View.
Trang 632
- Trong ca s Save As lu ti th mc chia s Share trn D, nhp tn: Active Directory sau chn Save.
*Import custom view: Active Directory.xml
- ng nhp my BKNP-SRV08-01 vi quyn Administrator.
- Start > Administrative Tools > Event Viewer.
- Nhp chut phi Custom Views, chn Import Custom View.
Trang 633
- Trong ca s Import Custom View tr ti th mc chia s cha file Active Directory.xml, sau chn
Open.
- Trong ca s Import Custom View File chn OK.
Trang 634
*To mt Subscription nhm chuyn cc event system trn my BKNP-DC08-01 sang my BKNPSRV08-01
- Trn my BKNP-SRV08-01( my thu thp event), chn Start Command Prompt.
- Trong ca s command-prompt nhp lnh wecutil qc, ENTER, nhp y, ENTER.
- ng command prompt.
- Chyn sang my BKNP-DC08-01 (my cung cp event).
Trang 635
- ng command prompt.
- To mt Subscription theo yu cu bi: Trn my BKNP-SRV08-01, khi ng Event Viewer, nhp
chut phi Subscriptions, chn Create Subscription.
Trang 636
- Trong ca s Subscription Properties, nhp tn Subscription: Theo doi DNS tu may DC08-01, chn
Collector Initiated, sau chn Select Computers.
Trang 637
Trang 638
- Chn Advanced, chn Specific User, sau chn User and Password.
- Trong ca s Credentials for Subscriptions Source, ng nhp ti khon v mt khu ca Administrator,
chn OK.
Trang 639
Trang 640
Trang 641
Trang 642
Trang 643
Trang 644
Trang 645
Trang 646
- Chn Next, sau chn Finish. Xut hin ca s Event Viewer, chn OK.
Trang 647
M hnh Lab:
Trang 648
Trang 649
Trang 650
Trang 651
Trang 652
Trang 653
Trang 654
Trang 655
Trang 656
Trang 657
To mi chnh sch: Start > Programs > Administrative Tools > Group Policy Management.
Nhn phi chut ln OU IT chn Create a GPO in this domain, and Link it here
Trang 658
t tn cho GPO mi
Trang 659
t lch cp nht t ng: Computer Configuration > Administrative Template > Windows Component >
Windows Update.
Nhn phi chut vo Configure Automatic Update chn Properties, tick chn Enable v ty chn Auto
download and Schedule the install
Trang 660
Nhn phi chut vo Specify Intranet Microsoft update service location chn Enable v nhp a ch IP ca
WSUS Server
Trang 661
Nhn chut phi vo Automatic updates detection frequency, chn Enable v click OK
Trang 662
Thc hin cp nht policy bng command line thng qua lnh gpupdate /force
Trang 663
Trang 664
Ti mn hnh Select Role Services la chn cc thnh phn cn thit ri nhn Next tip tc
Trang 665
Ci t WSUS Server
Chy tp tin cit WSUS Server, ti mn hnh ci t, nhn Next tip tc
Trang 666
La chn ch ci t Full Server Installation including Administration Console v nhn Next tip tc
Trang 667
Trang 668
Trang 669
Trang 670
Cu hnh WSUS
Ti mn hnh Before you begin, nhn Next tip tc
Trang 671
Ti mn hnh Join the Microsoft Update Improvement Program, nhn Next tip tc
Trang 672
Ti mn hnh Choose Upstream Server chn Synchronize from Microsoft Update v nhn Next
Trang 673
Trang 674
Ti mn hnh Connect to Upstream Server, nhn Start Connecting ri nhn Next tip tc
Trang 675
Trang 676
Trang 677
Trang 678
Trang 679
Trang 680
Ti mn hnh Update Services, chn Updates > All Updates, chn Any Expect Declined trong trng
Approval v Any trong trng Status ri nhn Refresh
Chn Computer, nhn chut phi vo All computers chn Add Computer Group
Trang 681
Trang 682
Trang 683
Trang 684
Ti my client, cp nht chnh sch bng lnh gpupdate /force sau chy lnh wuauclt.exe /detect now
Trang 685
Cu hnh ti thiu:
Trang 686
Trang 687
Trang 688
Trang 689
Chn Windows Server 2008 Enterprise (Server Core Installation) > tch vo I have
selectedthe edition of Windows that I purchased > chn Next.
Trang 690
Trang 691
Chn kiu ci t
Trang 692
Trang 693
Trang 694
Trang 695
Sau khi ci t hon tt, h thng khi ng li my v yu cu to mt khu cho ngi qun tr
Administrator (theo quy tc kt hp k t, s, k t c bit, chiu di t nht 7 k t)
Trang 696
Trang 697
Trang 698
Trang 699
Ti th mc gc C:\> g: notepad
Trang 700
Chn File > chn Save as > g tn file cn lu > chn ng dn lu > OK
Trang 701
Qu trnh nng cp s t ng din ra, kt thc qu trnh, Server s t ng Restart, sau khi
Restart. Server ny tr thnh Domain Controller ca Domain bknpower.vn.
Thc hin Join my BKNP-SRV08-01 vo Domain: bknpower.vn
Click phi chut vo My Computer > chn Properties.
Trang 702
Trang 703
Nhn nt Change.
Trang 704
Trang 705
Trang 706
Nhn Close.
Trang 707
Trang 708
Trang 709
Trang 710
Nhn nt Install.
Trang 711
Qu trnh ci t din ra
Trang 712
Trang 713
By gi c th Qun l Domain Controller t xa thng qua cng c Active Directory Users and
Computers.
Trang 714
Trang 715
Trang 716
Nhn Finish.
Trang 717
Trang 718
Trang 719
Nhn Install
Trang 720
Qu trnh ci t din ra
Trang 721
Trang 722
Trang 723
Chn The following computer, Nhp BKNP-DC08-02 (tn ca Server) > chn OK
Trang 724
Trang 725
II. Chun b
- My Server (BKNP-DC08-01): Windows Server 2008 nng cp Domain Controller
- My Client (BKNP-WRK-01): Windows 7 join vo domain
III. Hng dn chi tit
Bi lab bao gm cc bc:
1.
2.
3.
4.
5.
6.
7.
8.
Bt u lab
Trang 726
Trang 727
Trang 728
Trang 729
- Trong ca s Select Network Connection Bindings, kim tra c nh du chn vo a ch IP hin thi ca
my Server, chn Next
Trang 730
- Trong ca s Specify IPv4 DNS Server Settings, nguyn cu hnh mc nh, chn Next
Trang 731
- Trong ca s Specify IPv4 WINS Server Settings, chn WINS is not required for applications on this
network, chn Next
Trang 732
Trang 733
Trang 734
Trang 735
- Trong ca s Configure DHCPv6 Stateless Mode, chn Disable DHCP stateless mode for this server,
chn Next
Trang 736
Trang 737
Trang 738
- Qu trnh ci t din ra
Trang 739
Trang 740
- M DHCP t Administrative Tools, kim tra ci t v cu hnh thnh cng DHCP Server
Trang 741
Trang 742
Trang 743
- Trong ca s Select Server Roles, nh du chn vo Network Policy and Access Services, chn Next
Trang 744
Trang 745
- Trong ca s Select Role Services, nh du chn vo Network Policy Server, chn Next
Trang 746
Trang 747
Trang 748
Trang 749
Trang 750
- Trong ca s Network Access Policy, bung Network Access Protection, right click Remediation Server
Groups chn New
Trang 751
- Trong ca s New Remediation Server Group, nhp Rem1 vo Group Name, chn Add
Trang 752
- Trong ca s Add New Server, nhp IP ca my Server (192.168.1.2) vo IP address or DNS name, chn
Resolve, chn OK
Trang 753
- Trong ca s Create New Health Policy, nhp Compliant vo Policy name, trong Client SHV checks
chn Client passes all SHV checks, kim tra c nh du chn Windows Security Health Validator, chn
OK
Trang 754
- Trong ca s Create New Health Policy, nhp Compliant vo Policy name, trong Client SHV checks
chn Client passes all SHV checks, kim tra c nh du chn Windows Security Health Validator, chn
OK'
Trang 755
Trang 756
- Trong ca s Network Policy Server, bung Policies, vo Network Policies, ln lt disable 2 policy ang c
Trang 757
Trang 758
Trang 759
- Trong ca s Specify Network Policy Name and Connection Type, nhp Complian Full-Access vo
Policy name, chn Next
Trang 760
Trang 761
Trang 762
Trang 763
Trang 764
Trang 765
Trang 766
- Trong ca s Configure Settings, chn mc NAP Enforcement, kim tra m bo ang chn Allow full
network access, chn Next
Trang 767
Trang 768
Trang 769
- Trong ca s Specify Network Policy Name and Connection Type, nhp NonCompliant Restricted vo
Policy name, chn Next
Trang 770
Trang 771
Trang 772
Trang 773
Trang 774
Trang 775
Trang 776
- Trong ca s Configure Settings, chn mc NAP Enforcement, chn Allow limited access, nh du chn
Enable auto-remediation of client computers, chn Next
Trang 777
Trang 778
Trang 779
Trang 780
- Trong ca s NAP Scope Properties, vo tab Network Access Protection, chn Enable for this scope,
chn Use default Network Access Protection profile, chn OK
Trang 781
Trang 782
- Trong ca s Scope Option, vo tab Advanced, trong Vendor Class chn DHCP Standard Option, trong
User Class chn Default User Class, nh du chn 015 DNS Server Name, nhp bachkhoa-npower.vn
vo String value, chn OK
Trang 783
Trang 784
- Trong ca s Scope Option, vo tab Advanced, trong Vendor Class chn DHCP Standard Option, trong
User Class chn Default Network Access Protection Class, nh du chn 006 DNS Server, nhp
192.168.1.2 vo IP address, chn Add
Trang 785
- nh du chn 015 DNS Server Name, nhp restricted.bachkhoa-npower.vn vo String value, chn OK
Trang 786
Trang 787
Trang 788
Trang 789
Trang 790
Trang 791
Trang 792
- Trong ca s New GPO, nhp NAP Policy vo Name, trong Source Starter GPO chn (none), chn
OK
Trang 793
Trang 794
- Trong ca s Turn on Security Center (Domain PCs only) Properties, chn Enable, chn OK
Trang 795
Trang 796
Trang 797
- Trong ca s Network Access Protection Agent Properties, nh du chn Define this policy setting, chn
Automatic, chn OK
Trang 798
Trang 799
Trang 800
- Trong ca s Network Connections, right click Local Area Connection chn Properties
Trang 801
- Trong ca s Local Area Connection Properties, b du chn Internet Protocol Vertion 6 (TCP/IPv6).
Chn Internet Protocol Vertion 4 (TCP/IPv4), chn Properties
Trang 802
Trang 803
- M command line, g lnh ipconfig /all, kim tra my Client c DHCP server cung cp y thng s
TCP/IP
- Kim tra Connection- specific DNS Suffix l bachkhoa-npower.vn
- Kim tra Quarantine State l Not Restricted
Ch thch: My client c bt Windows Firewall nn iu kin nhn c cc thng s TCP/IP (k c
Default Gateway) t DHCP server cung cp
Trang 804
Trang 805
Trang 806
Trang 807
Trang 808
- firewall b tt ht
Trang 809
Trang 810
Trang 811
II. Chun b
Bi lab bao gm 3 my:
- My server (BKNP-DC08-01): Windows Server 2008 nng cp Domain Controller
- My Server (BKNP-SRV08-01): Windows Server 2008 Join domain
- My VPN Client (BKNP-WIN7-01): Windows 7 (Khng cn join domain)
- Trn my server (BKNP-DC08-01) to user bknp password 123456a@, v cp quyn Remote Access
Permission
III. Hng dn chi tit
Bi lab bao gm cc bc:
1.
2.
3.
4.
5.
6.
7.
8.
Ci Enterprise root CA
Xin Computer Certificate cho Server
Ci t Network Policy and Access Service
Cu hnh Network Policy Server (NPS)
Cu hnh VPN
Cu hnh Windows Firewall
Cu hnh Trusted Root CA
Cu hnh NAP Client
Trang 812
Trang 813
Trang 814
Trang 815
Trang 816
Trang 817
Trang 818
Trang 819
- Trong hp thoi Set Up Private Key, chn Create a new private key, chn Next
Trang 820
- Trong hp thoi Configure Cryptography for CA, gi cu hnh mc nh, chn Next
Trang 821
- Trong ca s Configure CA Name, nhp BACHKHOA-NPOWER.VN vo Common name for this CA,
chn Next
Trang 822
Trang 823
Trang 824
Trang 825
Trang 826
Trang 827
- Qu trnh ci t din ra
Trang 828
- Trong hp thoi Installation Results, kim tra qu trnh ci t thnh cng, chn Close
Trang 829
Trang 830
- Trong ca s Certificate Templates Console, chut phi certificate Computer chn Properties
Trang 831
Trang 832
Trang 833
Trang 834
Trang 835
Trang 836
Trang 837
- Trong ca s Console1, kim tra xin thnh cng certificate cho my Server
Trang 838
Trang 839
Trang 840
- Trong hp thoi Select Server Roles, nh du chn vo Network Policy and Access Services, chn Next
Trang 841
Trang 842
- Trong ca s Select Role Services, nh du chn vo Network Policy Server v Routing and Remote
Access Services , chn Next
Trang 843
Trang 844
- Qu trnh ci t din ra
Trang 845
Trang 846
Trang 847
Trang 848
- Trong hp thoi Windows Security Health Validators, b tt c cc chn, tr A firewall is enable for
all network connections, chn OK 2 ln
Trang 849
- Trong hp thoi Network Policy Server, bung Policies, right click Health Policies chn New
Trang 850
- Trong hp thoi Create New Health Policy, nhp Compliant vo Policy name, trong Client SHV
checks chn Client passes all SHV checks, nh du chn Windows Security Health Validator, chn OK
Trang 851
- Trong hp thoi Network Policy Server, bung Policies, right click Health Policies chn New
Trang 852
- Trong hp thoi Create New Health Policy, nhp NonCompliant vo Policy name, trong Client SHV
checks chn Client fails one or more SHV checks, nh du chn Windows Security Health Validator,
chn OK
Trang 853
Trang 854
- Trong hp thoi Network Policy Server, bung Policies, vo Network Policies, ln lt disable 2 policy ang
c
Trang 855
Trang 856
- Trong hp thoi Specify Network Policy Name and Connection Type, nhp Complian Full Access vo
Policy name, chn Next
Trang 857
Trang 858
Trang 859
Trang 860
- Trong hp thoi Specify Access Permission, chn Access granted, chn Next
Trang 861
- Trong hp thoi Configure Authentication Methods, gi nguyn cu hnh mc nh, chn Next
Trang 862
Trang 863
- Hp thoi Configure Settings, chn mc NAP Enforcement, kim tra m bo ang chn Allow full
network access, chn Next
Trang 864
Trang 865
Trang 866
- Trong hp thoi Specify Network Policy Name and Connection Type, nhp NonCompliant Restricted vo
Policy name, chn Next
Trang 867
Trang 868
Trang 869
Trang 870
Trang 871
Trang 872
Trang 873
- Trong hp thoi Configure Settings, chn mc NAP Enforcement, chn Allow limited access, nh du
chn Enable auto-remediation of client computers, chn Next
Trang 874
- Trong ca s Configure Settings, chn mc IP Filters, trong phn IPv4 chn Input Filters
Trang 875
Trang 876
Trang 877
- Trong hp thoi Inbound Filters, chn Permit only the packetd listed below, chn OK
- Trong ca s Configure Settings, mc IP Filters, trong phn IPv4 chn Outbound Filters
Trang 878
Trang 879
- Trong hp thoi Outbound Filters, chn Permit only the packetd listed below, chn OK
Trang 880
Trang 881
Trang 882
- Trong hp thoi Network Policy Server, bung Policies, vo Connection Request Policies, Chut phi Use
Windows authentication for all users chn Disable
Trang 883
- Trong hp thoi Network Policy Server, vo Policies, chut phi Connection Request Policies chn New
Trang 884
- Trong hp thoi Specify Connection Request Policy Name and Connection Type, nhp VPN Connection
vo Policy name, trong mc Type of naetwork access server, chn Remote Access Server (VPN-Dial up),
chn Next
Trang 885
Trang 886
Trang 887
- Hp thoi Tunnel Type, nh du chn vo 2 : Layer Two Tunneling Protocol (L2TP) v Point-to-Point
Tunneling Protocol (PPTP), chn OK
Trang 888
Trang 889
Trang 890
Trang 891
Trang 892
- Hp thoi Add EAP, chn Microsoft: Secured password (EAP-MSCHAP v2), chn OK
Trang 893
- Hp thoi Specify Authentication Methods, chn Microsoft: Protected EAP (PEAP), chn Edit
Trang 894
- Trong hp thoi Configure Protected EAP Properties, nh du chn vo 2 : Enable Fast Reconnect v
Enable Quarantine checks, chn OK
Trang 895
Trang 896
Trang 897
Trang 898
- Trong ca s Network Policy Server, kim tra to thnh cng VPN Connections
Trang 899
Trang 900
- Trong hp thoi Welcome to Routing and Remote Access Server Setup Wizard, chn Next
Trang 901
Trang 902
- Hp thoi Custom Configuration, nh du chn VPN access v LAN Routing, chn Next
Trang 903
- Trong hp thoi Completing the Routing ang Remote Access Server Setup Wizard chn Finish
Trang 904
- Hp thoi Routing and Remote Access, chn OK, chn Start service
- Trong ca s Routing and Remote Access, chut phi BKNP-SRV08-01, chn Properties
Trang 905
- Trong hp thoi BKNP-SRV08-01 Properties, vo tab IPv4, chn Static address pool, chn Add
Trang 906
Trang 907
Trang 908
Trang 909
Trang 910
- Hp thoi Protocol and Ports, bung mc Protocol type chn ICMPv4, chn Next
Trang 911
Trang 912
Trang 913
Trang 914
Trang 915
Trang 916
Trang 917
Trang 918
Trang 919
- Copy file certnew.cer qua a C: ca my VPN Client (Trong bi lab ny s dng cng USB copy file
certnew.cer qua my VPN Client)
Trang 920
Trang 921
Trang 922
Trang 923
Trang 924
- Trong ca s Console1, bung Certificates, bung Trusted Root Certification Authorities, chut phi
Certificates, chn All Task, chn Import
Trang 925
Trang 926
Trang 927
Trang 928
Trang 929
Trang 930
Trang 931
- Trong hp thoi Turn on Security Center (Domain PCs only) Properties, chn Enable, chn OK, tt ca
s Group Policy Object Editor
Trang 932
Trang 933
Trang 934
- Trong hp thoi Add or Remove Snap-ins, chn NAP Client Configuration, chn Add, chn OK
Trang 935
Trang 936
Trang 937
- Trong ca s Console1, bung NAP Client Configuration, vo Enforcement Clients, chut phi EAP
Quarantine Enforcement Client chn Enable. Tt ca s Console1.
Trang 938
Trang 939
- Trong hp thoi Network Access Protection Agent Properties, bung Startup type chn Automatic, chn
Start, chn OK
Trang 940
Trang 941
Trang 942
- Trong hp thoi Choose a connection option, chn Connect to a workplace, chn Next
Trang 943
- Hp thoi How do you want to connect, chn Use my Internet connection (VPN)
Trang 944
- Hp thoi Do you want to set up an Internet connection before continuing, chn Ill set up Internet
connection later
Trang 945
- Hp thoi Type the Internet address to connect to, nhp a ch mt ngoi ca my Server (131.107.1.1)
vo Internet address, chn Next
Trang 946
- Hp thoi Type your user name and password, nhp thng tin nh trong hnh, chn Create
Trang 947
Trang 948
Trang 949
Trang 950
- Trong hp thoi VPN Connection Properties, vo tab Security, chn User Extensible Authentication
Protocol (EAP), chn Microsoft: Protected EAP (PEAP)(encryption enabled), v chn Properties
Trang 951
- Hp thoi Protected EAP Properties, b du chn Connect to these servers, b du chn Enable Fast
Reconnect, nh du chn vo Enforce Network Access Protection, chn OK 3 ln
Trang 952
Trang 953
Trang 954
- Trong hp thoi Customize settings for each type of network, chn Turn off Windows Firewall , chn
OK
Trang 955
Trang 956
Trang 957
- Qu trnh kt ni din ra
Trang 958
- Sau khi kt ni thnh cng, m Command Line, g lnh ipconfig /all, kim tra VPN Client nhn c IP
do VPN Server cung cp, trong System Quarantine State bo Not Restricted
Trang 959
Trang 960
Trang 961
Trang 962
Trang 963
- Bn sa li 2 gi tr sau y:
+ Minimum Password Length: 0
Trang 964
Trang 965
- Tip theo, bn click phi Default Domain Controller Policy, chn Edit
Trang 966
- phn User Right Assignment, bn chn Allow Logon Locally v add thm group Users
Trang 967
Trang 968
Trang 969
Trang 970
Trang 971
Trang 972
Trang 973
Trang 974
Trang 975
Trang 976
Trang 977
Trang 978
- Chn Next
Trang 979
Trang 980
Trang 981
Trang 982
Trang 983
Trang 984
Trang 985
Trang 986
- msDS-LockoutDuration: Kha ti khon trong bao lu. khung Value, bn cng c 2 ty chn nhp
+ (Never): khng c
+ C dng 00:00:00:00(ngy:gi: pht: giy).
Trang 987
Trang 988
-Tng t, bn th to 1 PSO cho group Nhanvien, vi yu cu l bt buc user phi nhp password phc tp,
chiu di ti thiu l 7 k t, log on sai 3 ln s b kha ti khon, thi gian kha l 30 pht.
Cch 2: Ngoi cch to PSO bng ADSI, bn c th to PSO bng dng lnh.
- Bn m notepad ln, nh vo ni dung bn di(sa li 1 vi ch cho ph hp vi yu cu ca cng ty bn),
lu li vi tn pso_sep.ldf
dn: CN=Policy cho sep, CN=Password Settings Container,CN=System,DC=bachkhoa-npower,DC=vn
changetype: add
objectClass: msDS-PasswordSettings
msDS-MaximumPasswordAge:-1728000000000
msDS-MinimumPasswordAge:-864000000000
msDS-MinimumPasswordLength:5
msDS-PasswordHistoryLength:0
msDS-PasswordComplexityEnabled:FALSE
msDS-PasswordReversibleEncryptionEnabled:FALSE
msDS-LockoutObservationWindow:-18000000000
msDS-LockoutDuration:-18000000000
msDS-LockoutThreshold:3
msDS-PasswordSettingsPrecedence:1
msDS-PSOAppliesTo:CN=sep,CN=Users,DC=bachkhoa-npower, DC=vn
Trang 989
Trang 990
Trang 991
- By gi chng ta th reset password cho user hoavq xem no (hoavq thuc group sep: password n gin,
chiu di ti thiu phi 5 k t ). Click phi User hoavq, chn Reset Password, bn g vo: 456, mn hnh bo
li s hin ra, ((ti v hi ny bn set pass ti thiu phi l 5 k t)
Trang 992
Trang 993
- Sau , bn th set li password l "57890" , mn hnh thng bo change pass thnh cng
Trang 994
Trang 995
Vy l chng ta hon thnh xong bi lab. Khng nhng PSO p dng cho group m n cn p dng cho c
User m bn ch nh na.
Trang 996
Trang 997
Trang 998
- Chn Next
Trang 999
Trang 1000
- G lnh nh hnh
Trang 1001
Trang 1002
- Click chut vo biu tng gc tay tri di hoc dng phm tt Windows + U
Trang 1003
Trang 1004
Trang 1005
Trang 1006
Trang 1007
Trang 1008