A4 Xay Dung Va Quan Tri Moi Truong Mang Doanh Nghiep 5-8-25!10!07

Qun tr v xy dng mi trng mng doanh nghip
XY DNG V QUN TR MI TRNG MNG DOANH NGHIP

BI 1: XY DNG WINDOWS SERVER 2003 ACTIVE DIRECTORY ........ 2 BI 2: QUN TR TI KHON NGI DNG, MY TNH V NHM ..... 30 BI 3: QUN TR TRUY XUT TI NGUYN FILE ............................................ 56 BI 4: QUN TR TRUY XUT TI NGUYN PRINTER .................................. 74 BI 5: QUN TR MI TRNG MNG GROUP POLICY .............................. 82 BI 6: GIM ST HOT NG MY CH ........................................................... 100 BI 7: QUN TR LU TR V BO MT D LIU ....................................... 120 BI 8: QUN TR S C H THNG MY CH ................................................ 153
-1-
Qun tr v xy dng mi trng mng doanh nghip BI 1: XY DNG WINDOWS SERVER 2003 ACTIVE DIRECTORY Mc tiu: Gii thch Forest, Tree, Domain, OU Xy dng DC Hiu bit cc lp cha ca ADUC Giai nhp Client vo Domain X l cc s c DC, logon
1.1. Xy dng Windows Server 2003/2008 Domain Controller (DC) H iu hnh Windows thng dng c chia lm 2 dng: dng s dng cho mc ch c nhn v cho h thng mng. H iu hnh Windws s dng cho h thng mng c gi l h iu hnh mng v c nhiu im khc bit so vi phin bn s dng cho mc ch c nhn nht l kh nng phc v cho nhiu ngi, nhiu my tnh c khi ln ti con s hng trm hoc hng ngn ng thi gia tng nhng tnh nng bo mt d liu, cng nh bo v s ring t ca c nhn. Phin bn Windows 2003 Server c nhng c im ni bt so vi phin bn Windows trc Windows 2000 Server l: khi ng nhanh hn, hot ng n nh hn, d qun l hn Phin bn Windows Server 2003 c chia lm nhiu loi ph hp vi tng i tng s dng: Windows 2003 Server Standard: phin bn ny c hu ht nhng tnh nng cn thit cho mt Server thng thng. phin bn ny, Windows 2003 h tr 4 CPU (4-way symmetric multiprocessing (SMP) support processor) v c th nng RAM ti a ln 4 GB. Phin bn ny bao gm: .NET Framework, IIS 6, Active Directory.. Windows 2003 Web Edition: phin bn ny h tr ti a RAM 2GB v 2 CPU, ng thi cng gii hn nhng tnh nng nh chia s file, khng c Active Directory, v ch c th l thnh vin ca Domain tuy nhin phin bn ny c ti u c bit h tr nhng ng dng Web. Windows 2003 Enterprise: phin bn ny h tr RAM ln n 64GB v 8 CPU, y l phin bn dnh cho cc doanh nghip ln nn c thm nhng tnh nng h tr c bit cho vic qun l. Phin bn Windows 2003 DataCenter: phin bn ny cng ging nh phin bn Enterprise v thng c s dng trong cc phng Server phc v cho vic lu tr d liu chuyn bit. Ngoi nhng phin bn trn cn c nhng phin bn khc nh Windows 2003: Small Business Server c ti u cho cc doanh nghip va v nh.
Trong chng trnh hc, chng ta s dng phin bn Windows 2003 Server Enterprise v phin bn ny h tr rt nhiu cc tnh nng ca Windows 2003 v ang c s dng rng ri Vit Nam. Phin bn Windows Server 2008: Microsoft vn c n mt mc lch s trng i khc vi RC0 Release Candidate u tin ca h iu hnh Windows Server 2008 hin c cung cp trn mng cho khch hng. Gi y cc khch hng v i tc c th ti chng v t kim tra phin bn mi nht ca Windows Server 2008. c ng gi vi nhiu tnh nng mi, Windows Server 2008 mang n cho khch hng mt nn tng Windows c kh nng tin cy v linh hot nht t trc ti nay. Nhng nng cao v mt k thut nh my ch v kh nng o ha, Internet Information Services (IIS) 7.0, Server Core, PowerShell, Network Access Protection, Server Manager, cc cng ngh ni mng v clustering nng cao cho php khch hng c c mt nn tng bo mt nng cao, d dng trong qun l. Tt c nhng ci thin trong cc tnh nng mang n cho khch hng mt gii php Windows tch hp nht cn c. V d, vi IIS 7.0, nn tng ca Microsoft cho vic pht trin v cu hnh cc ng dng v dch v Web, ang cho thy mt tim lc khch hng ln, vi hn 13 cng ty lm vic v hosting tin c IIS 7.0 v hn 1.200 khch hng trin khai thng quan ng k GoLive.
-2-
Qun tr v xy dng mi trng mng doanh nghip Tt c cc t chc CNTT vi nhiu quy m khc nhau s nh gi kh nng m rng ca s o ha Windows Server, gm c b a x l khch, cp pht b nh ln (hn 32 GB trn mt my) v s h tr chuyn i o c tch hp cho php cc t chc CNTT c th o ha hu ht cc lung cng vic. Kin trc 64-bit, v my o nhn siu nh ca Windows Server 2008 h tr cho mt lot cc thit b, c 32 v 64 bit, b a x l khch v mt lot cc gii php lu tr gm iSCSI v fiber channel SAN. S o ha Windows Server a ra giao din WMI da trn cc chun v API xut bn cho vic qun l tch hp hon ton vi giao din qun l Windows Server vi cc nhu cu cn thit ca khch hng. So snh cc phin bn Microsoft Windows Server 2008 gip cc chuyn gia CNTT tng c kh nng linh hot ca c s h tng my ch, mang n cho cc chuyn gia pht trin phn mm mt nn tng ng dng v Web mnh m trong vic xy dng ng dng v dch v nt ni. Cc cng c qun l mi mnh m v nng cao v bo mt cho php c nhiu kim sot hn i vi cc my ch, mng v cung cp s bo v nng cao cho cc ng dng v d liu. Windows Server 2008 Standard Edition: Phin bn ny cung cp chc nng my ch chnh vi hu ht cc vai tr v tnh nng my ch. N gm c ty chn y v ty chn ci t Server Core. Windows Server 2008 Enterprise Edition: Phin bn ny xy dng trn Windows Server 2008 Standard Edition cung cp kh nng m rng v kh nng sn c tt hn, b sung thm cc cng ngh doanh nghip nh vic t ng chuyn i d phng clustering v Active Directory Federation Services. Windows Server 2008 Datacenter Edition: Phin bn ny cung cp chc nng tng t nh Windows Server 2008 Enterprise Edition cng vi s h tr cho cc b vi x l, b nh b sung v quyn s dng nh o v tn. Windows Web Server 2008: Phin bn ny c thit k c bit cho s dng nh mt my ch ng dng v Web. Cc vai tr my ch khc khng c trong phin bn ny. Windows Server 2008 for Itanium-based Systems: Phin bn ny c thit k s dng vi b vi x l 64 bit cung cp chc nng my ch ng dng v Web trn nn tng . Cc vai tr my ch khc cc tnh nng c th khng c trong phin bn ny. Domain Name L tn min (vng, khu vc, lnh vc) ca mt quc gia, lnh th... Trong lnh vc my tnh th Domain Name l mt min qun l cao cp v phn cp ca mt t chc hay mt phng ban. Ngi ta dng tn min qun l cc nhm my tnh v a ra cc chnh sch an ninh, bo mt cho h thng. Ngoi ra tn min cn c bit n vic phn chia logic gia cc mng ln thnh cc mng con d dng qun l v phn chia ti nguyn hp l v tin li. V d: microsoft.com, yahoo.com, icare.com.vn, ispace.edu.vn... nhng tn min ny c gi tr xc thc trn internet v c cp bi cc i l cung cp tn min. Chng c qun l bi t chc qun l v cung cp tn min ICANN (Internet Comporation for Assigned Names and Numbers). Lu : Trong qun tr mng LAN nh gio trnh ny th Domain c coi l tn min qun l cc nhm my, cc ngi dng, cc ti nguyn cc b. Tn min ny ch c gi tr trong h thng cc b ny m khng h c gi tr trn Internet (ton cu) v tn min ny cha c cng nhn.
-3-
Domain Controller Trong qun l Windows NT th vic iu khin, xc lp v qun l tn min c gi l Domain Controller v thng c vit tt l DC (B iu khin tn min). DC s c nhim v tr li nhng yu cu v bo mt, quyn truy cp, kim tra hp php... ca cc kt ni my con hay tnh hp php ca ngi s dng cc dch v domain. Mi tn min c mt trnh iu khin PDC (Primary Doman Controler B iu khin tn min chnh) v c mt hay nhiu BDC (Backup Domain Controller B iu khin tn min d phng), cha cc c s d liu ca ti khon v thng tin ca cc ti khon . Vic sao chp, backup l hon ton t ng gia cc DC vi nhau.
Trong h thng mng ln, ngi dng ca tn min ny lun c nhu cu truy cp thng tin ca cc tn min khc do ngi qun tr phi tht lp quan h y thc chng cho (trust relationship). Tuy nhin, trong h thng doanh nghip ch c mt tn min th iu ny khng cn thit.
-4-
Qun tr v xy dng mi trng mng doanh nghip Forest Tree L mt hay nhiu domain chia s chung mt cu hnh, gin . Forest Tree cha nhiu domain trong mt rng chia s chung mt DNS namespace lin k nhau. Active Directory L mt chui iu khin tch cc l tri tim ca Windows 2003 Server. Hu ht tt c hot ng ca h thng nh chi phi, phn quyn... u do Active Directory iu khin.
Active Directory (AD) dng lu tr d liu ca Domain nh cc i tng User, Group, OUs... theo kiu cung cp dch v (Directory Service) tm kim, kim sot... cho php user truy cp ti nguyn mt cch an ton v nhanh chng. Vi nhng dch v v tin ch ca mnh AD lm cho vic qun tr tr nn nh nhng hn v hiu qu c nng cao hn, m iu ny khng th c th m hnh mng peer to peer, phn tn. Cho d h thng ln cng c th qun tr tp trung mt cch tt nht. OU (Organization Units): l mt loi i tng c bit ca Active Directory c cha trong domain, cc OU rt hu ch bi v bn c th s dng chng t chc hng trm ngn i tng trong th mc thnh mt khi c th qun l. Bn s dng OU nhm, t chc cc i tng cho mc ch qun l nh l phn quyn qun tr hay gn cc chnh sch (policies) cho mt tp hp cc i tng ging nh mt khi. Khi tht k AD chng ta phi phn r cc t chc, phng ban v phng din hnh chnh hay a l ngi qun tr d dng thao tc cng nh qun l. V d: chng ta to cc OUs nh Marketing, Sale, Manager... c th qun l hoc ci t thm cc chng trnh cho nhm ngi trong OUs. 1.1.1. Ci t Windows 2003 Server. Ci t Windows Server cng tng t nh ci Windows XP. y chng ta chun b cc thit b cng nh iu kin y ci t Windows. CPU t 733Mhz tr ln RAM ti thiu l 256MB tr ln. a cng phi trng t 1.5 GB tr ln. Mn hnh c phn gii t 800 x 600 tr ln. a CDROM.
-5-
Qun tr v xy dng mi trng mng doanh nghip Windows 2003 Server c bootable.
Theo gio trnh ny, chng ta dng Windows 2003 Enterprise Edition ci t. Qui c t ci t v t tn: Server name: svr1. Domain Controller l: ispace.com.vn. IP Server l: 192.168.1.1. t user l: An Tran Bao -> antb@ispace.com.vn. Sau khi chun b cc bc trn y . By gi chng ta tin hnh ci t Windows 2003. Bc 1: Vo BIOS chn Controller boot u tin l CDROM. (Nn tm hiu ti liu ca Mainboard bit cch thit lp BIOS). Bc 2: t CD Windows 2003 bootable vo cho ti lc my hin ra thng bo Press any key to boot from CD th chng ta bm mt phm bt k my tnh khi ng v ci t t CDROM cha Windows 2003.
Hnh 1.1: Thng bo Boot CD Bc 3: lc ny mn hnh ci t Windows s hin ra. Nu mun cu hnh trng thi lu tr nh RAID th nhn F6 (iu ny s ni r trong phn Ci t Windows 2003 Server vi RAID pha sau).
Hnh 1.2: Windows Setup Bc 4: Windows setup tip tc ci t mt s file cn thit ti lc hin ra mn hnh Welcome to setup. V l ci t Windows nn tip tc nhn Enter ci t.
-6-
Hnh 1.3: Welcome to Setup Bc 5: sau khi kim tra dung lng ca HDD, Windows setup s hin ra bng Windows Licensing ni v Windows 2003 cng nh tnh php l ca Windows. Tip tc nhn F8 chp nhn License.
Hnh 1.4 Tho thun v bn quyn Bc 6: Sau khi nhn F8. Windows setup tip tc ti phn chn khong trng ca cng copy v install Windows.
-7-
Hnh 1.5: Chn Partition ci t Windows Bc 7: Trong hnh trn, dung lng ca h thng ci t Windows ch c 8GB. Nu mun chia nh dung lng ci t th nhn C=Create Partition. Trong bi ny, chng ta chn ht dung lng ci t nn nhn Enter. Sau khi chn ci t th Windows setup s hi l nn ci h thng Win trn File System no? C 2 la chn chnh l: FAT, NTFS. V h thng NTFS c nhiu u im hn nh kh nng chu li, qun l nhiu HDD vi dung lng h tr ln nn khuyn co nn chn kiu Format ny.
Hnh 1.6: Cc ty chn nh dng Partition Bc 8: Sau khi chn format kiu NTFS. Windows setup tip tc format v copy d liu cn thit vo cng.
-8-
Hnh 1.7: Qu trnh copy file Bc 9: Vic copy file c thc hin ti lc kt thc v my s t ng restart li. Lu : khi khi ng li. ti mn hnh boot CD my tnh s hin ra thng bo Press any key to boot from CD th chng ta b qua, khng nhn phm no c. Bc 10: khi khi ng li my s tip tc ci t thm cc thng s ca ngi qun tr trn giao din graphic.
Hnh 1.8: Tin trnh ci t Windows
-9-
Qun tr v xy dng mi trng mng doanh nghip Bc 11: Windows Setup s Install v Preparing cc file setup h thng ha cc file. Ti lc Windows Setup s cho ngi qun tr bit v khu vc v ngn ng la chn Regional And Language Options page Lu : chng ta c th chnh sa thng s ny sau khi ci t xong Windows bng cch la chn Regional And Language Options trong Control Panel
Hnh 1.9: La chn ngn ng v khu vc Bc 12: Windows Setup tip tc ti phn thng tin c nhn hoc t chc (Personalize Your Software). Chng ta in tn ngi qun tr v t chc hoc cng ty m chng ta ci t.
Hnh 1.10: Nhp tn v t chc
- 10 -
Bc 13: Setup tip tc hin ra bng Your Product Key chng ta in m sn phm vo. M sn phm ny cn gi l CDKEY thng c ghi trn b mt ca CD.
Hnh 1.11: Nhp s CD Key Bc 14: Setup tip tc hin th ti Licensing Modes (kiu cp php bn quyn). y Windows 2003 s cho chng ta s la chn kiu licence l: bn Windows ny ci t vi kiu Server v c 5 kt ni mt lc, hoc kiu Device l c bao nhiu Processor hay bao nhiu Server ni vi nhau. Chng ta chn Per Server, Number of Concurrent Connection l 5 qua bc k tip.
Hnh 1.12: La chn bn quyn
- 11 -
Bc 15: Mn hnh Setup s tip tc hin ra phn computer name and administrator password ngi qun tr in vo thng s Server name, password bo v.
Hnh 1.13: Nhp tn my tnh v Password cho user Administrator Bc 16: K tip chng ta chn mi gi v gi gic cho ng vi khu vc. Lu : Mi gi Vit Nam l GMT+7. Vic thay i gi v ngy cng c th vo Control Panel sau khi ci t hon tt Windows.
Hnh 1.14: Ci t ngy, gi cho h thng
- 12 -
Bc 17: K tip setup s hin ra trang Networking setting chn Typical settings v nhn Next.
Hnh 1.15: La chn kt ni mng Bc 18: Setup s hin ra cho trang mi trng lm vic Workroup and Computer Domain. y c 2 s la chn: Workgroup l computer ny khng thuc mi trng qun l Domain (tn min); v Member of Domain l chu s qun l phn cp t mt Domain khc. V chng ta ang to mt my ch nn cn chn Workgroup xy dng mt my ch c Domain qun l.
Hnh 1.16: La chn Workgroup hay Domain
- 13 -
Qun tr v xy dng mi trng mng doanh nghip Bc 19: Phn cu hnh setup Windows kt thc. Chng ta ch h thng cp nht cc file ci t cho ti ht v t ng khi ng li my. Lu : khi my khi ng li th chng nn ly CDROM ra khi khay CDROM hoc vo BIOS thit lp li BIOS cho boot bng HDD. Bc 20: Sau khi ci t hon tt v reboot. Mn hnh welcome to Windows s xut hin vi cc t hp phm Ctrl+Alt+Delete. Chng ta nhn cc t hp phm trn ng nhp vo h thng vi user: administrator v password m chng ta to t bc 15.
Hnh 1.17: Mn hnh logon Bc 21: Cui cng chng ta ci t hon tt Windows 2003. Phn cn li l chng ta ci t cc driver cho cc thit b m Windows cha cp nht Driver (xem hng dn trn cc ti liu km theo mainboard v thit b km theo).
Hinh 1.18: Xem thuc tnh h thng
- 14 -
Qun tr v xy dng mi trng mng doanh nghip Kt lun: qua phn trn chng ta c th hiu v setup mt Windows 2003 Server tng bc theo ca ngi qun tr. Nu chng ta mua Windows chnh hng t nh phn phi ca Microsoft th trong vng 30 ngy sau khi ci t buc phi kch hot (activation) sn phm, nu khng h thng s mt quyn ng nhp. 1.1.2. Ci t RAID trn Windows 2003. Vic cu hnh RAID phn cng xong by gi ci t Windows c RAID. Ci t Windows c RAID cng tng t nh ci Windows khng c RAID, tuy nhin bc 3 trn chng ta phi nhn F6 ci t RAID (lu phn ny hin th rt nhanh trong lc ci t v nhn kp thi).
Hnh 1.25: Ci t Windows trn a RAID Vic ci t RAID sau khi nhn F6 phi i hi c a Mm (FDD) cha thng s card RAID. (xem hng dn ca km theo ca Mainboard hoc Card RAID hay tm hiu trn website ca thit b RAID ). Nu Windows khng t tm c trnh iu khin RAID th Windows setup s hin ra thng bo sau:
Hnh 1.26: Windows khng tm c driver a cng RAID
- 15 -
Qun tr v xy dng mi trng mng doanh nghip Lc ny chng ta a FDD cha trnh iu khin RAID vo FDD controller. V nhn S. Th Windows s cho thy trnh iu khin RAID c trn FDD:
Hnh 1.27: Ci t driver cho a cng RAID Trong v d ny chng ta chn Intel (R) 82801GR/GH SATA RAID Controller (Desktop ICH7R/DH). Sau khi chn trnh iu khin nh trn mn hnh s xut hin nh sau:
Hnh 1.28: Driver RAID c ci t Lc ny Windows s nhn ra c h thng RAID m chng cu hnh t phn cng. V dung lng t c nh hnh sau l dung lng Logic m sau khi kt hp t phn cng v RAID trn:
- 16 -
Hnh 1.29: La chn partition ci t windows Qu trnh ci t din ra bnh thng nh ci t khng c RAID cho ti lc kt thc phn Windows setup. Kt lun: qua phn trn chng ta hiu r qu trnh ci t Windows c h tr tnh nng RAID. Tuy nhin vn ci t RAID c th khc khi chng ta s dng h thng my ch ca cc hng sn xut my ch ln nh IBM, HP, Dell... th trong packet km theo my ch s c CD cu hnh m thng gi l smartstart CD. Qu trnh ci t Windows bt u t CD ny cho ti lc h thng yu cu a CD Windows 2003 vo, h thng s copy file t CD Windows 2003 v cho ti lc hon tt vic ci t Windows 2003. 1.1.3. Nng cp Server thnh Domain Controller. Trc y khi s dng Windows NT4 th khi setup Windows l chng ta thit lp Domain ngay trong lc ci t. Nhng t Windows 2000 Server tr v sau khng cn ci t Domain trong lc ci, m chng ta phi nng cp Windows Server thnh Domain Controller. Nhng l do sau y khng cn nng cp: Ngn sch dnh cho h thng thp. Ph hp vi phng Internet, games hoc cng ty nh. H thng mng khng i hi tnh bo mt cao. Nhng phn mm c th hot ng c trn c ch ca Windows Server. ... V vy khi s dng h thng c mc nh ln v c tnh bo mt th chng ta nng cp Server thnh domain controller qun l v phn cp. Ci t Domain Controller. Trc khi ci t Domain Controller chng ta phi chun b mt s dch v cn thit cho cng vic cu hnh: DNS (Domain Name System), DHCP (Dynamic Configuration Protocols): Dch v phn gii tn min v dch v cp pht IP ng. Start -> Control Panel -> Add/Remove Programs. Click Add/Remove Windows Component, chn mc Networking Services sau Click Details.... Chn DNS, DHCP.
- 17 -
Sau khi chun b cc dch v trn. Chng ta tin hnh nng cp Server thnh Domain Controller. Bc 1: Vo Start > Programs -> Administrative Tools -> Manager
Bc 2: Mn hnh s hin ra. Chn Add or Remove A Role. Mn hnh Configure Your Server Wizard, click Next
- 18 -
Bc 3: Trong Server Role chn Domain Controller (Active Directory), click Next
Bc 4: Windows s tp hp nhng iu kin cn thit chun b cho vic Active Directory. Sau mn hnh Active Directory Installation Wizard hin ra, click Next.
- 19 -
Bc 5: Mn hnh Installation Wizard s hin ra bng Domain Controller Type:
Domain Controller For a new Domain: Chn mc ny s to mi Domain. Domain ny c th l Domain mi hon ton hoc l Domain con mi (Child Domain) Additional domain Controller for existing domain: mc ny s to mt Backup Domain Controller, mt Domain d c nhiu BDC ty thuc vo mc ch ca ngi qun tr.
- 20 -
Bc 6: to new Domain, chng ta chn Domain Controller for a new Domain to Domain: ispace.com.vn
Bc 7: in tn min: ispace.com.vn vo mc Full DNS name for new Domain:
- 21 -
Bc 8: i mt vi giy, Windows s cho chng ta bit NetBIOS domain name l ispace.
Bc 9: Qu trnh ci t tip tc cho ti khi chng ta gp bng thng bo DNS Registration Diagnostics ngha l Domain ny khng tm thy c DNS do nh cung cp dch v cp hoc t mt my ch khc cp. V chng ta ang to tn min mi v cung cp DNS cho cc my khc cc my khc tr vo chnh my ch SVR1 ny. Do Windows s hi chng ta c ci t lun DNS trong lc ny hay khng?.
- 22 -
Bc 10: Chn Install and Configure the DNS... th Windows s hi v s tng thch cc permission gia Windows 2000 tr v sau hay l tng thch vi nhng phin bn trc Windows 2000.
- 23 -
Qun tr v xy dng mi trng mng doanh nghip Bc 11: Trong gio trnh ny chng ta chn Permission nh hnh trn ngha l tng thch t Windows 2000 tr v sau. Windows s cho chng ta nhp password phc hi password ny c tc dng l khi chng ta g b hoc phc hi AD th phi s dng password ny.
Bc 12: Qu trnh khai bo nhng iu cn thit cho vic nng cp AD nh Domain, DNS, restore password... kt thc. Lc ny Windows s xy dng (build) Active Directory.
Bc 13: Sau khi Build xong h thng s yu cu Restart Windows li vic cu hnh hon thnh.
- 24 -
Nh vy chng ta hon tt vic xy dng mt Domain controller vi domain l: ispace.com.vn. Lu : vic xy dng Domain controller phi c mt s iu kin cn nh sau: My ch ci AD phi ci IP tnh. My ch phi c ni vo Hub/switch. Tn min khng c qu di, r rng, v din t c ngha ca cng ty hay doanh nghip... Ngoi ra chng ta cng c th ci t Domain Controller bng cch vo Start -> Run g vo dng dcpromo, click OK mn hnh s hin ra nh bc 4, v qu trnh xy dng Domain Controller din ra bnh thng cho ti lc kt thc. 1.2. Gia nhp Client vo Domain (Join vo Domain) Chng ta dng ln mt Server v xy dng Server ny thnh Domain Controller. By gi chng ta s cho php my con (client) truy cp vo my ch. Click chut phi vo My Network Places trn Windows XP. Chn Properties.
- 25 -
Qun tr v xy dng mi trng mng doanh nghip Chn Properties ca Local area Connection
Chn Internet Protocol (TCP/IP), sau click vo Properties.
in vo IP trng vi lp mng ca my ch: o IP address: 192.168.1.2 o Subnet mark: 255.255.255.0 o Preferred DNS Server: 192.168.1.1
- 26 -
Nhng phn trn chng ta c th khng thit lp khi tm hiu v cp pht IP ng DHCP. Sau khi t IP cho Windows XP. By gi thit lp Windows XP gia nhp (join) vo Domain. Chn Properties ca My Computer trn Windows XP. Chn tab Computer Name. Click Change...
- 27 -
G tn domain ispace.com.vn vo mc Domain. Click OK
in user name v password ca administrator vo mc permission. (B sung hnh sau)
1.3. X l s c 1.4. Bi tp tnh hung Tm tt: Cc phin bn ca Windows Server 2003: Windows 2003 Server Standard: phin bn ny c hu ht nhng tnh nng cn thit cho mt Server thng thng. Windows 2003 Web Edition: phin bn ny h tr ch yu cho nhng ng dng Web. Windows 2003 Enterprise: l phin bn dnh cho cc doanh nghip ln nn c thm nhng tnh nng h tr c bit cho vic qun l. Windows 2003 DataCenter: phin bn ny cng ging nh phin bn Enterprise v thng c s dng trong cc phng Server phc v cho vic lu tr d liu chuyn bit. Windows 2003: Small Business Server c ti u cho cc doanh nghip va v nh.
- 28 -
Qun tr v xy dng mi trng mng doanh nghip Cc phin bn ca Windows Server 2008: Windows Server 2008 Standard Edition: Phin bn ny cung cp chc nng my ch chnh vi hu ht cc vai tr v tnh nng my ch. N gm c ty chn y v ty chn ci t Server Core. Windows Server 2008 Enterprise Edition: Phin bn ny xy dng trn Windows Server 2008 Standard Edition cung cp kh nng m rng v kh nng sn c tt hn, b sung thm cc cng ngh doanh nghip nh vic t ng chuyn i d phng clustering v Active Directory Federation Services. Windows Server 2008 Datacenter Edition: Phin bn ny cung cp chc nng tng t nh Windows Server 2008 Enterprise Edition cng vi s h tr cho cc b vi x l, b nh b sung v quyn s dng nh o v tn. Windows Web Server 2008: Phin bn ny c thit k c bit cho s dng nh mt my ch ng dng v Web. Cc vai tr my ch khc khng c trong phin bn ny. Windows Server 2008 for Itanium-based Systems: Phin bn ny c thit k s dng vi b vi x l 64 bit cung cp chc nng my ch ng dng v Web trn nn tng . Cc vai tr my ch khc cc tnh nng c th khng c trong phin bn ny.
Domain Controller: lu tr cc th mc d liu v qun l vic giao tip gia cc user v cc domain, bao gm cc qu trnh user log on, kim tra quyn v tm kim ti nguyn. Khi bn ci t AD trn mt my tnh chy Windows Server 2003 , n tr thnh mt Domain Controller. Active Directory (AD): dng lu tr d liu ca Domain nh cc i tng User, Group, OUs... theo kiu cung cp dch v (Directory Service) tm kim, kim sot... cho php user truy cp ti nguyn mt cch an ton v nhanh chng. OU (Organization Units): l mt loi i tng c bit ca Active Directory c cha trong domain, cc OU rt hu ch bi v bn c th s dng chng t chc hng trm ngn i tng trong th mc thnh mt khi c th qun l.
- 29 -
Qun tr v xy dng mi trng mng doanh nghip BI 2: QUN TR TI KHON NGI DNG, MY TNH V NHM Mc tiu: Hiu bit User, Group, Computer Qun tr User, Group Gii thch cc loi Profile X l cc s c v User rights
2.1. Gii thiu ti khon User Account: l ti khon ngi dng. Khi ci t AD s c mt s user c to ra mc nh (Buildin) nh Administrator l quyn qun tr cao nht cho ton h thng. User ny khng th g b c. Ngoi ra nhn vin s dng my tnh trong h thng c th s dng ti nguyn v ng nhp vo h thng th ngi qun tr khi to user v phn quyn s dng. Computer Account: Mi my tnh chy Microsoft Windows NT, Windows 2000, Windows XP hay Windows Server 2003 tham gia vo mt domain u c mt computer account. Tng t nh user account, cc computer account cung cp ngha thm nh quyn v chnh sa quyn truy xut vo mng v cc ti nguyn domain. Group: l tp hp mt s user c nhng c tnh chung nh truy cp chung mt th mc no , hay phn nhm theo phng ban... L ngi qun tr, chng ta phi cung cp cho cc ngi dng trong t chc kh nng tip cn c cc ti nguyn mng m h cn. Ti khon ngi dng cho php ngi dng ng nhp v truy cp cc ti nguyn cc b hoc domain. Trong bi ny, chng ta s hc cch to cc ti khon ngi dng cc b v domain, t cc thuc tnh cho chng. Gii thiu ti khon ngi dng Ti khon ngi dng l mt tp hp quyn hn duy nht cho mt ngi dng cho php ngi dng ng nhp vo domain truy cp ti nguyn mng hoc ng nhp vo mt my tnh c th truy cp ti nguyn trn my . Nhng ngi s dng mng thng xuyn nn c mt ti khon ngi dng. Bng sau m t cc kiu ti khon ngi dng c Microsoft Windows 2003 cung cp. Kiu ti khon
M t
Ti khon Cho php ngi dng ng nhp vo mt my tnh c th v truy ngi dng cp ti nguyn trn my . Ngi dng c th truy cp ti cc b nguyn trn my khc nu h c ti khon ring trn my . Cc ti khon ngi dng ny nm trong Security Accounts Manager (SAM) ca my.
- 30 -
Ti khon Cho php ngi dng ng nhp vo domain truy cp ti ngi dng nguyn mng. Ngi dng c th truy cp ti nguyn mng t bt domain k my tnh no trn mng bng mt ti khon ngi dng v mt mt khu. Cc ti khon ngi dng ny nm trong dch v danh b Active Directory.
Ti khon ngi dng dng sn (built-in)
Cho php ngi dng thc hin cc tc v qun tr hay tm thi truy cp n cc ti nguyn mng. C hai ti khon ngi dng dng sn khng th xa c: Administrator v Guest. Cc ti khon Administrator v Guest cc b nm trong SAM, cc ti khon Administrator v Guest ca domain nm trong Active Directory. Cc ti khon ngi dng dng sn c to t ng trong qu trnh ci t Windows 2003 v Active Directory.
2.2. Qun tr User To users. Sau khi cu hnh DC xong, chng ta phi to user cc user ny ng nhp vo h thng mng v s dng ti nguyn trn my ch nh lu tr d liu, chng trnh k ton, my in... lc ny ngi qun tr cn phi bit cc ngi dng s dng vo mc ch g? Mc nh th no...Do vic to user phi c mt tnh chuyn nghip v d qun l. u tin chng ta vo Start programs administrative toos Active directory Users and Computers. Trong phn user chng ta c th to bng cch:
Hnh : Active directory Users and Computers Cch 1: Vo Action new user.
- 31 -
Hnh : New User Cch 2: Chng ta c th thc hin bng cch click chut phi trn Users Mn hnh To user s hin ra, chng ta nhp h tn, user name... vo new user.
Hnh : Nhp thng tin User Sau khi in y thng tin chng ta ti phn nhp mt m (password) cho user :
- 32 -
Hnh : Nhp Password v cc ty chn cho user Trong phn Password: Password Confirm password: User must change password at next logon User cannot change passwword Password nerver expires Account is disabled Nhp password theo qun tr Nhp li password trn User c phi thay i password theo user trong ln truy cp u tin User khng c quyn thay i. Quyn thay i thuc v qun tr Password khng bao gi ht hn s dng. Ti khon ny s b v hiu ha chc nng
Trong v d ny ta khng t password, ngha l password trng v chn mc Password nerver expires.
- 33 -
Hnh : Qu trnh to user hon thnh Sau khi click nt Finish kt thc qu trnh to user chng ta s gp mt vn l Windows Server s khng cho to user do password ca chng ta l trng, v khng tun theo qui c ca AD:
Hnh : Thng bo li do t Password khng hp l gii quyt vn trn chng ta phi vo Start Security policy Program Administrative Tools Domain
- 34 -
Hnh : Chn Domain Security Policy Mn hnh s cho chng ta bit nhng policy no ca Windows
Hnh : Password Policy Chn khung bn tri l Password Policy, chn Minimum Password Length, ngha l chiu di ti thiu phi l 7 k t. Nu chng ta mun s dng Password trng th chng ta chn Policy setting l 0 k t.
- 35 -
Hnh : Thay i Password Policy Sau khi cho php nhp password trng, chng ta phi loi b s phc tp ca password m h thng Windows ra: Chn Password must meet complexity requirements properties -> Define this policy setting l Disable:
Hnh : Cm ch password phc tp Khi chn nhng policy theo nh trn, chng ta phi cp nht nhng thay i policy cho Windows. Bng cch l chng ta khi ng li my ch hoc ta cng c th vo Start -> Run, g vo c php sau: gpupdate /force thay i cc policy ca h thng.
Hnh : Cp nht Policy va thay i Nh vy sau khi cp nht Policy cho Server, lc ny chng ta quay v vn to user vi password trng th chng ta s to user thnh cng m khng gp tr ngi no.
- 36 -
Hnh 3.12: Qu trnh to user hon tt Qun l Users. Phn trn chng ta tm hiu v cch to user, by gi chng ta phi tm hiu v qun l cc user nh th no? Chng ta th tm hiu mt s gii php thng dng khi qun l user. V d 1: mt s user to ra trong mt thi gian ngn l v hiu ha chc nng do tnh cht thi v ca user . V d 2: Trong mt cng ty, Gim c yu cu l tt c nhn vin lm vic t 8 gi sng ti 12 gi tra, sau khi qua 12 gi tra l tt c cc my tnh hoc mt s my tnh phi t ng ngng lm vic ngh tra hoc hn ch tht thot thng tin... V d 3: Trong mt h thng mng c trin khai cho mi trng gio dc. Cc hc sinh s lu bi tp trn th mc share trn Server ca mnh, vn t ra l s c nhiu em hc sinh ng nhp (logon) vo nhiu my m ch c mt user copy bi ca nhau trn cng mt th mc share . Vy lm sao gii quyt cc vn . Nhng vn trn s c tm hiu trong phn ny. Sau khi to mi user, chng ta vo Properties ca user :
- 37 -
Hnh 3.14: Thuc tnh General ca user Account properties Discriptions General, Address, Telephones and y l nhng thng tin b sung ca user Organization tabs Account tab Thuc tnh ny bao gm nhiu thng tin v user nh khi to, password, hn s dng... Profile tab y c th cu hnh ng dn profile, hay logon Script Member Of tab Thuc tnh ny bao gm mc , quyn hn hoc thuc nhm no. Terminal Services Profile, Nhng Tabs ny cho php thit lp mi Environment, Remote trng lm vic, truy cp t xa hoc cc Control, Sessions tabs phin lm vic ca vic truy cp . Dial-in tab Cho php hoc khng cho php truy cp t xa hoc quyn dng nhp VPN COM+ tab Gn Active Directory COM+ cho vic qun l d liu phn tn trn Windows 2003. bng trn c rt nhiu thuc tnh, tuy nhin chng ta ch quan tm nhiu ti 3 thuc tnh c bn l Account tab, profile tab, member of tab. Cn nhng thuc tnh cn li chng ta tm hiu sau hoc cc hoc vin t tm hiu. Account tab y l thng tin rt quan trng, cho php thay i thng tin user, thi hn ca user...
- 38 -
Hnh : Thuc tnh Account ca user Logon Hours...: cho php ti khon ny truy cp vo nhng thi gian qui nh trong ngy. Ngi qun tr s chn thi gian l work time, hoc free time:
- 39 -
Hnh : Thi gian Logon ca user Logon to...: cho php ti khon ny truy cp vo mt my tnh duy nht (computer name) hoc nhiu my tnh trong mt phng ban hoc mt nhm lm vic. Mc ch ny gip cho ngi s dng trnh c mt mt thng tin c nhn trn my tnh ca mnh.
Hnh : Cho php ti khon logon vo 1 hay nhiu my tnh. Account Expires: chc nng ny cho php thi hn s dng ca Account ny ti bao lu:
- 40 -
Hnh : Thi gian s dng Account Member of Tab. Khi ni n Member of ca user tc l chng ta ang ni n phn cp ca user hay nhm lm vic ca user . Mt user c th l user thun ty hoc user c quyn ngang cp vi quyn qun tr administrator. iu ny ty thuc vo s phn quyn ca ngi qun tr. Tt nhin vic phn quyn ca user th ngi qun tr phi ng nhp vo h thng my ch vi ti khon Administrator. By gi chng ta s thc hin bi lab vi ti khon Hatq vi quyn administrator. Log on SVR1 vi ti khon administrator. Vo administrative tools -> active directory user and computers. Chn user Ha Trn quang. Chn Menu Action -> Properties (c th click chut phi vo Properties). Chn tab Mermber of. Click vo nt Add... thm group vo.
Hnh : Add Group
- 41 -
Hnh : Select Group Click vo Nt Advanced tm group.
Hnh : Chn group cn add vo Chn nt Find Now -> chn group administrators, sau click OK hon tt vic chn nhm admistrators. Qun tr Group Qun l Groups.
- 42 -
Qun tr v xy dng mi trng mng doanh nghip Group l mt nhm lm vic do ngi qun tr to ra c th ha cc cng vic hoc d dng qun tr. Group c th c chia lm 2 loi l Buildin v manual. Loi build-in th do Windows to ra ni ln mt chc nng c bit no v d nh Administrators, Backup Operators... l nhng ti khon no nm trong group ny s c nhng quyn rt cao nh ng nhp vo my ch, backup, restore .... v cc group ny khng th xa b khi h thng. Loi Manual l loi do ngi qun tr to ra qun l, v d trong cng ty c rt nhiu nhn vin cng s dng mt ti nguyn no trn my ch th ngi qun tr ch to ra 1 group gom nhm cc nhn vin ny li, v chia s folder cho group ny th ton b cc thnh vin u c share. to mt Group qun tr, chng ta vo Active Directory user and Computers, chn User bn tri, chn Menu Action -> new -> Group. (chng ta c th lm nhanh bng cch click chut phi vo User, chn new).
Hnh : To New Group To mt Group c tn l Marketing, vi Group scope l Domain Local, kiu group l Security
- 43 -
Hnh : Nhp tn v cc tu chn ca group Sau khi to xong Group Marketing, chng ta a nhng user no cn gom nhm vo group. Vic a user vo group c 2 cch. Chn Properties ca group Marketing mi to, chn member tab, chn nt Add.. chn user no cn a vo.
Hnh : Add Group Cch khc l chn chut phi trn user no mun a vo Group, chn Add to group
- 44 -
Hnh : Add user vo group Nh vy vic to group v a user vo group khng qu kh khn, do ngi qun tr c th to nhiu group khc nhau qun tr. Cc group ny cn c th a vo group khc nh group buildin...
- 45 -
Hnh : User c add vo Group 2.4. Qun tr User Profile Profile tab cha cc thng tin ca user v ng dn h thng nh vn : cc user u dng chung mt mn hnh desktop, cc shortcuts trn desktop, cc cookies... hoc cc ng dn ca th mc share trn my ch m ch duy nht user c m user khc khng c. Local Profiles: l profile mc nh ca h thng trn Windows 2000, XP: c:\documents and settings\%username%. Profile ny c to ra ln u tin khi user logon vo h thng, cc thay i v desktop, network... u c lu tr Profile ny. Roaming User Profiles: l tt c cc user u ly chung mt Profile hot ng theo mt Profile share trn my ch. Trn Profile tab, trong mc Profile path c c php nh sau: \\<Server>\<share>\%username%. Trong %username% l t ng ly ng user m user ng nhp vo h thng
Hnh 3.19: Profile User Trc ht chng ta to mt Profiles kiu mu trn Server. To mt th mc trn my ch t tn l profiles. Share th mc ny vi tn Profiles. Chn Permissions. chn quyn share l Full Control. Chn OK.
- 46 -
Hnh : Cp quyn cho Group Everyone Sau ta to mt User kiu mu trn Server: Text Box Name First Name Last Name User Logon Name: User Logon Name (Pre-Windows 2000): Enter Profile Account Profile Profile
- 47 -
Hnh : Nhp thng tin user Sau khi to User hon tt, chng ta cho user ny vi quyn Administrator user ny ng nhp (logon) vo my ch. Logoff Windows Server 2003. Logon Windows Server 2003 vi ti khon profile. Sau khi logon hon tt, chnh sa Desktop, software, internet options... To cc shortcut trn desktop...
- 48 -
Hnh : Logon vi account Profile logoff Windows. Logon Windows vi ti khon administrator. Vo System Proferties ca SVR1, chn tab Advanced, chn User profiles, click setting...
Hnh : System Properties Trong user Profiles, chn ISPACE\Profile. Click Copy to.
- 49 -
Hinh : User Profile g ng dn profile mun copy ti: \\svr1\profiles\hatq. trong hatq l user ca Tran Quang Ha m chng ta mun s dng profile ny. Thay i quyn s dng l ISPACE\Hatq
Hnh : Ni lu tr profile Click OK hon tt vic copy profile. vo Start -> Programs -> Administrative tools -> Active Directory User and Computer. Chn Properties Ha Tran Quang. Vo Tab Profile. G vo Profile path: \\svr1\profiles\%username%
- 50 -
Hnh : Profile path Click OK hon tt. Logoff ti khon Administrator. Logon vi ti khon hatq (Ha Tran Quang).
- 51 -
Hnh : Logon ti khon Ha Tran Quang Nh vy chng ta hon tt vic Roaming Profile. Ti khon Hatq s s dng cc desktop, shortcut... ca user profile. By gi chng ta gii quyt mt vn thng dng ca Profile l Automatics Map Network Disks. Trong phn ny cc user khi ng nhp vo h thng s c mt a network c sn trn my tnh ca mnh v khi thot ra s khng cn a trn my trnh trng hp tht thot thng tin cng nh vn ring t. Trong bi ny chng ta c v d v ti khon Ha Tran Quang. Ti khon ny c mt th mc trn my ch l Hatq v share th mc ny trn my ch vi quyn Full Control. To th mc trn my ch l Hatq, share th mc ny cho Ha Tran Quang vi quyn Full Control.
- 52 -
Hnh : Cp quyn cho user Ha Tran Quang Dng Notepad hoc bt c chng trnh son tho vn bn no to file: tranquangha.bat. Ni dung trong file tranquangha.bat nh sau: net use z: \\svr1\hatq.
Hnh 3.29: Ni dung file Tranquangha.bat Copy file ny vo th mc: C:\Windows\SYSVOL\sysvol\ispace.com.vn\cripts.
- 53 -
Hnh 3.30: Ni lu tr file Tranquangha.bat Vo Profile tab ca user Ha Tran Quang. Trong mc Logon cripts: g tn file mi to:
Hnh : Nhp tn file Logon script Click OK. Khi user Hatq ng nhp vo h thng mng ispace.com.vn th s c mt a o.
- 54 -
Qun tr v xy dng mi trng mng doanh nghip Hinh : a o ca user khi logon vo mng Nh vy ti khon hatq c th lu tr ti liu ca mnh trn my ch v ch c Hatq mi c th chnh sa, xa... ti liu ca mnh. 2.5. Cc nhm mc nh Khi mt my tnh tr thnh mt domain controller, nhng group c to trong dch v Active Directory. Mc nh, nhng group ny c nhng quyn c xc nh trc quyt nh nhng thao tc h thng m cc thnh vin ca group hay cc group c th thc hin. Nhng group ny khng th b xo. Danh sch sau m t cc nhm domain local group v nhng cp quyn c gn trc cho chng. Administrators: Cc thnh vin ca Administrators group c th thc hin tt c cc chc nng m h iu hnh h tr. Administrators c th gn cho chnh h bt k quyn no m h khng c theo mc nh. Ch logon l mt ngi qun tr khi cn thit. Cng phi cn thn khi add mt user khc vo Administrator group. Backup Operators: Cc thnh vin ca Backup Operators group c th backup v phc hi cc tp tin bng cch s dng cng c Backup. Account Operators: Nhng thnh vin ca Account Operators group c th qun l cc user account v group. Ngoi l l ch nhng thnh vin ca Administrators group c th thay i mt Administrators group hoc bt k mt group no. Server Operators: Cc thnh vin ca Derver Operators group c th share cc ti nguyn mng, logon vo mt Server tng tc, to v xo cc ti nguyn share, khi ng v ngng cc dch v, nh dng cng ca server v shutdown my tnh. H cng c th backup v phc hi cc tp tin bng cch s dng cng c Backup. Print Operators: Cc thnh vin ca Print Operators group c th ci cc my in local v mng m bo rng cc user c th d dng kt ni ti v s dng cc ti nguyn my in.
2.6. X l s c 2.7. Bi tp tnh hung Tm tt: User account: l mt i tng cha tt c cc thng tin khai bo mt user trong Windows Server 2003. Account c th l local hay domain account. Mt user account bao gm user name v password km theo khi logon, cc nhm m n l thnh vin (member of) cc quyn li (user right) v s cho php (permisions) m user c khi truy xut vo my tnh v ti nguyn mng. Computer Account: Mi my tnh chy Microsoft Windows NT, Windows 2000, Windows XP hay Windows Server 2003 tham gia vo mt domain u c mt computer account. Tng t nh user account, cc computer account cung cp ngha thm nh quyn v chnh sa quyn truy xut vo mng v cc ti nguyn domain. Group: l mt tp hp cc user account. Bn c th s dng group qun l vic truy xut ti cc ti nguyn domain rt hiu qu, gip cho bn n gin ho cng vic bo tr v qun tr mng. Bn cng c th s dng cc group ring bit hay bn c th t mt group vo mt group khc n gin vic qun l hn na. Local Profiles: l profile mc nh ca h thng trn Windows 2000, XP: c:\documents and settings\%username%. Profile ny c to ra ln u tin khi user logon vo h thng, cc thay i v desktop, network... u c lu tr Profile ny. Roaming User Profiles: l tt c cc user u ly chung mt Profile hot ng theo mt Profile share trn my ch.
- 55 -
Qun tr v xy dng mi trng mng doanh nghip BI 3: QUN TR TRUY XUT TI NGUYN FILE Mc tiu: Hiu bit truy xut ti nguyn mng Qun tr quyn truy xut Shared, NTFS Lm vic ngoi tuyn offline file X l cc s c v Permissions, offline file Hiu bit v trin khai dch v file DFS
3.1. Gii thiu Windows Server 2003 t chc cc tp tin vo trong nhng th mc th hin dng ho l cc folder. Nhng folder ny cha tt c cc loi tp tin v c th cha cc folder con. Mt vi folder c dnh ring trc cho cc tp tin h iu hnh v nhng folder chng trnh. Shared cc folder cho php cc user truy xut cc file v folder qua mng. User c th kt ni ti cc foler share qua mng truy xut cc folder v nhng tp tin m folder cha. Cc folder shared c th cha cc ng dng, d liu cng cng hay d liu c nhn. Vic s dng nhng folder share ng dng lm tp trung cng vic qun tr bng cch cho php bn ci t v duy tr nhng ng dng trn server thay v trn cc my client. S dng cc folder share d liu cung cp mt v tr trung tm cho user truy xut cc tp tin ph bin v lm cho n d dng backup d liu cha trong cc tp tin ny. Bn mun cp quyn cho cc ngi dng truy cp qua mng th dng Share Permissions. Share Permissions ch c hiu lc khi ngi dng truy cp qua mng ch khng c hiu lc khi ngi dng truy cp cc b. Khc vi NTFS Permissions l qun l ngi dng truy cp di cp truy xut a. Trong hp thoi Share Permissions, cha danh sch cc quyn sau cho php ngi dng truy xut n th mc chia s: Full Control: cho php ngi dng c ton quyn trn th mc chia s. Change: cho php ngi dng thay i d liu trn tp tin v xa tp tin trong th mc chia s. Read: cho php ngi dng xem v thi hnh cc tp tin trong th mc chia s.
- 56 -
3.2. Quyn chia s th mc Cc ti nguyn chia s l cc ti nguyn trn mng m cc ngi dng c th truy xut v s dng thng qua mng. Mun chia s mt th mc dng chung trn mng, bn phi logon vo h thng vi vai tr ngi qun tr (Administrators) hoc l thnh vin ca nhm Server Operators, tip theo trong Explorer bn nhp phi chut trn th mc v chn Properties, hp thoi Properties xut hin, chn Tab Sharing.
Mc Do not share this folder Share this folder Share name Comment
M t Ch nh th mc ny ch c php truy cp cc b Ch nh th mc ny c php truy cp cc b v truy cp qua mng Tn th mc m ngi dng mng nhn thy v truy cp Cho php ngi dng m t thm thng tin v th mc dng chung ny Cho php bn khai bo s kt ni ti a truy xut vo th mc ti mt thi im Cho php bn thit lp danh sch quyn truy cp thng qua mng ca ngi dng Cho php th mc c lu tr tm ti liu khi lm vic di ch Offline.
User Limit
Permissions
Offline Settings
- 57 -
Kt ni n th mc chia s Sau khi chia s mt th mc, ngi dng c th truy cp th mc qua mng. Ngi dng c th truy cp mt th mc chia s trn my khc bng cch s dng My Network Places, Map Network Drive, hay lnh Run. S dng My Network Places Trong nhiu trng hp, cch d nht truy cp th mc chia s l s dng My Network Places. kt ni n th mc chia s dng My Network Places, hy thc hin cc bc sau: 1. Nhp p My Network Places. 2. Nhp ng dn n th mc chia s mun kt ni hoc nhp Browse tm my tnh cha th mc. 3. Nhp p th mc chia s m xem ni dung. Lu Khi m th mc chia s trn mng, Windows 2003 t ng thm n vo My Network Places. S dng Map Network Drive (nh x a mng) Hy nh x mt a mng khi mun lin kt mt k t a v mt icon vi mt th mc chia s. iu ny lm cho vic tham chiu n v tr ca mt tp tin trong th mc chia s d dng hn. V d, thay v tr n \\My ch\Tn th mc chia s \Tp tin, chng ta s tr n a:\Tp tin. Chng ta s dng cc k t a truy cp cc th mc chia s khng th s dng ng dn UNC (universal naming convention), chng hn nh mt th mc ca mt ng dng c.
nh x mt a mng, hy thc hin cc bc sau: 1. Nhp phi My Network Places, nhp Map Network Drive. 2. Trong wizard Map Network Drive, hy chn k t a mun s dng. 3. Nhp tn th mc chia s mun kt ni hay nhp Browse tm th mc chia s. c th tip cn th mc chia s s dng thng xuyn, hy chn Reconnect at logon kt ni t ng mi khi log on.
- 58 -
Qun tr v xy dng mi trng mng doanh nghip S dng lnh Run
Khi s dng lnh Run kt ni n ti nguyn mng, khng cn phi c k t a; cho php s lng kt ni khng gii hn, c lp vi cc k t a kh dng. kt ni th mc chia s vo mt a mng, hy thc hin cc bc sau: 1. Nhp Start, nhp Run. 2. Trong hp thoi Run, nhp ng dn UNC trong hp Open, nhp OK. Khi nhp tn my ch trong hp Open, mt danh sch tn cc th mc chia s kh dng s xut hin. 3.3.Quyn NTFS Windows 2003 ch cung cp cc quyn NTFS trn cc phn vng c nh dng NTFS. bo mt cho cc tp tin v th mc trn cc phn vng NTFS, chng ta gn cc quyn NTFS cho tng ti khon hay nhm ngi dng cn truy cp ti nguyn. Ngi dng phi c cp php c th truy cp ti nguyn. Nu khng c cp php, ti khon ngi dng khng th tip cn tp tin, th mc. Bo mt NTFS c hiu lc khi ngi dng truy cp th mc hay tp tin ngay ti my hoc qua mng. Danh sch kim sot truy cp (Access Control List)
NTFS lu mt danh sch kim sot truy cp (Access control list - ACL) trn tng tp tin v th mc trong phn vng NTFS. ACL cha danh sch cc ti khon ngi dng, nhm, v cc my tnh c cp php truy cp tp tin th mc, cng nh loi truy cp m chng c php. ngi dng tip cn c tp tin th mc, ACL phi cha mt mc (entry) gi l mc kim sot truy cp (Access control entry ACE) cho ti khon, nhm, hay my tnh ca ngi dng. Mc ny phi cho php kiu truy cp m ngi dng cn phi c c th tip cn c tp tin th mc. Nu khng tn ti ACE trong ACL, Windows 2003 s khng cho php ngi dng truy cp ti nguyn. Chng ta c th s dng cc quyn NTFS ch ra cc ngi dng, nhm, v my tnh c th tip cn tp tin th mc. Cc quyn NTFS cng ch ra cc ngi dng, nhm, v my tnh no c th lm g vi ni dung ca tp tin, th mc. Cc quyn th mc NTFS
- 59 -
Chng ta gn quyn th mc NTFS kim sot truy cp n cc th mc cng nh cc tp tin v th mc con cha trong cc th mc . Cc quyn tp tin NTFS
Chng ta gn quyn tp tin NTFS kim sot truy cp n cc tp tin. Lu : Khi nh dng mt phn vng theo NTFS, Windows 2003 t ng gn quyn truy cp Read Only (ch c) n th mc gc cho nhm Everyone. Mc nh, nhm Everyone s c quyn Full Control i vi tt c cc th mc v tp tin c to trong th mc gc. gii hn truy cp ch cho cc ngi dng c php, chng ta nn thay i quyn mc nh cho cc th mc v tp tin chng ta to. Cch Windows 2003 p dng cc quyn NTFS Mc nh, khi chng ta cp php s dng mt th mc cho ngi dng v nhm, cc ngi dng v nhm ny s c th tip cn c cc tp tin v th mc con cha trong th mc ny. iu quan trng chng ta phi hiu l cc cc th mc con v cc tp tin k tha quyn t cc th mc cha, t c th s dng s k tha ny truyn quyn truy cp cho cc tp tin v th mc. Nu cp php truy cp mt tp tin hay th mc cho mt ti khon ngi dng hay cho nhm m ngi dng l thnh vin, ngi dng s c nhiu quyn truy cp n cng mt ti nguyn. C nhiu lut v u tin lin quan n cch NTFS kt hp cc quyn. Ngoi ra, chng ta cng c th tc ng n cc quyn truy cp khi sao chp hay di chuyn cc tp tin, th mc. Quyn NTFS tng hp Nu chng ta gn cc quyn NTFS cho mt ti khon ngi dng v cho nhm m ngi dng thuc v, th c ngha l chng ta gn quyn tng hp cho ngi dng. C nhiu lut quy nh cch NTFS kt hp cc quyn ny to ra tp hp quyn tht s c hiu lc cho ngi dng. Quyn t chi (deny) che cc quyn khc
- 60 -
Chng ta c th t chi truy cp trn mt tp tin, th mc c th qua vic gn quyn t chi cho ti khon ngi dng hay nhm. Thm ch khi mt ngi dng c quyn truy cp tp tin hay th mc do l thnh vin ca mt nhm, vic t chi quyn i vi ngi dng s chn cc quyn khc ngi dng ang c. Do , quyn t chi l mt ngoi l i vi lut tch ly. Chng ta nn trnh vic t chi quyn v vic cho php truy cp th d dng hn vic t chi. Nn t chc cc nhm v t chc cc ti nguyn trong cc th mc ch cn s dng vic cp php l (khng cn dng Deny). Lu Trong Windows 2003, c s khc bit gia mt ngi dng khng c php truy cp v vic t chi mt ngi dng truy cp bng vic thm mt mc t chi (deny entry) vo ACL trn tp tin, th mc. iu ny c ngha nu l ngi qun tr, chng ta c mt cch khc t chi truy cp l khng cho php ngi dng truy cp tp tin th mc. S k tha quyn NTFS Mc nh, cc quyn c gn cho th mc cha s c k tha v lan truyn xung cc tp tin v th mc con nm trong th mc cha ny. Tuy nhin, chng ta c th ngn chn s k tha quyn khi mun cc tp tin v th mc con c quyn khc vi th mc cha ca chng. S k tha quyn
Bt c quyn g c gn cho mt th mc cha cng c p dng cho cc th mc con v tp tin cha trong n. Khi gn quyn NTFS cho php truy cp n mt th mc l chng ta gn quyn cho th mc cng nh cho tt c cc tp tin v th mc con ang tn ti trong n k c cc tp tin v th mc con s c to trong th mc . Ngn chn vic k tha quyn
- 61 -
Qun tr v xy dng mi trng mng doanh nghip Chng ta c th ngn chn vic k tha quyn qua vic ngn chn cc th mc con v tp tin k tha quyn t th mc cha. ngn chn vic k tha quyn, hy hy cc quyn c k tha v ch gi li cc quyn c gn c ch ch. Th mc con m chng ta ngn khng cho k tha quyn t th mc cha lc ny tr thnh th mc cha mi. Cc th mc con v tp tin cha trong th mc cha mi ny s k tha cc quyn c gn cho cc th mc cha ca chng. Gn quyn NTFS Gn quyn NTFS trong hp thoi Properties ca th mc. Khi gn hay thay i quyn NTFS cho mt tp tin hay th mc, chng ta c th thm hay xa cc ngi dng, nhm hay my tnh cho tp tin hay th mc. Qua vic chn mt ngi dng hay nhm, chng ta c th hiu chnh quyn cho ngi dng hay nhm.
Trn tab Security trong hp thoi Properties ca tp tin hay th mc, hy cu hnh cc tham s m t trong bng sau. Tham s Name M t Chn ti khon ngi dng hay nhm mun thay i quyn hoc mun xa khi danh sch. chn check box Allow.
php mt quyn khi Permissions Cho T chi mt quyn khi chn check box Deny. Add
M hp thoi Select User, Groups, or Computers, dng chn cc ti khon ngi dng v nhm thm vo danh sch Name. Xa cc ti khon ngi dng hay nhm c chn v cc quyn hn lin quan n tp tin, th mc.
Remove
- 62 -
Thit lp s k tha quyn Nhn chung, chng ta nn cho php Windows 2003 truyn li cc quyn t th mc cha cho cc th mc con v tp tin cha trong th mc cha . S lan truyn cc quyn lm n gin ha vic gn quyn cho cc ti nguyn. Tuy nhin, s c khi chng ta mun ngn chn vic k tha quyn. V d, chng ta c th cn phi gi tt c cc tp tin ca phng kinh doanh trong mt th mc sales mi ngi trong phng kinh doanh u c quyn Write. Tuy nhin, chng ta cn phi gii hn quyn cho mt s tp tin trong th mc l Read. lm c iu ny, chng ta s ngn chn s k tha quyn Write khng truyn xung cc tp tin cha trong th mc.
Mc nh, cc th mc con v cc tp tin k tha quyn c gn cho cc th mc cha, nh hin th trn tab Security trong hp thoi Properties khi check box Allow inheritable permissions from parent to propagate to this object c chn.
ngn chn mt th mc con hay tp tin k tha quyn t th mc cha, hy xa check box Allow inheritable permissions from parent to propagate to this object, sau chn mt trong hay ty chn uc m t trong bng sau.
- 63 -
Ty chn Copy
M t Sao chp cc quyn c k tha trc y t th mc cha xung th mc con hay tp tin v t chi s k tha quyn t th mc cha k t lc .
Remove Xa cc quyn k tha c gn trn th mc cha khi th mc con hay tp tin v gi li nhng quyn chng ta gn c ch ch cho th mc con hay tp tin.
3.4. Tng tc quyn Shared v NTFS 3.5. Offline File Offline Files l mt tnh nng qun l ti liu quan trng cung cp cho cc user kh nng truy xut online hay offline nht nh ti tp tin. Khi my client ngt kt ni khi mng, mi th c download v my cc b. Cc user vn c th tip tc lm vic nh h ang cn kt ni ti mng. H c th chnh sa, copy, xo Khi client kt ni tr li vo mng, cc tp tin client v server t ng ng b li. S dng Offline Files c nhng thun li sau : H tr cho nhng user lu ng Khi mt user lu ng xem share folder trong khi ngt kt ni mng, user vn c th trnh duyt, c, chnh sa cc tp tin, bi v chng c lu tr trong b nh ca my client. Khi user sau kt ni ti server, h thng iu chnh nhng thay i vi server T ng ng b Bn c th cu hnh chnh sch ng b v cch hnh ng da trn thi gian trong ngy v loi kt ni mng bng cch s dng Synchronization Manager. V d bn c th cu hnh ng b n xy ra t ng khi user logon vo mng LAN. Qu trnh thc thi thun li Offline Files cung cp s thc thi thun li cho mng. Trong khi kt ni ti mng, cc client vn c th c tp tin t b nh cc b, gim lu lng d liu truyn trn mng. Backup thun li Offline Files gii quyt tnh trng kh x trong cc t chc kinh doanh ngy nay. Nhiu t chc thc thi mt chnh sch backup yu cu tt c d liu ca user phi c lu tr trn cc server c qun l. B phn IT ca t chc thng khng backup d liu c lu trn cc a cc b. iu ny tr thnh mt vn nghim trng cho nhng user lu ng vi cc my tnh xch tay. Nu bn mun truy xut d liu khi offline, my tnh cn sao chp d liu gia my xch tay v server. Mt vi t chc s dng cng c Briefcase. Vi Windows Server 2003, vic sao chp d liu gia my client v server c qun l t ng. Cc tp tin c th c truy xut trong khi ang offline v c ng b t ng vi server c qun l . Bn c th cu hnh mt file trn mng lm cho n sn sng offline khi Offline Filse c enable cho folder cha file . Khi cc user cu hnh lm cho cc tp tin c offline, user s lm vic vi phin bn ca tp tin mng trong khi ang kt ni vo mng ,v lm vic vi phin bn tp tin c lu tr trong b m khi ngt kt ni mng.
- 64 -
Qun tr v xy dng mi trng mng doanh nghip Khi cc user cu hnh cc files c sn c offline nhng s kin ng b sau s xy ra khi user disconnected khi mng : Khi user log off khi mng, h iu hnh Windows client ng b cc tp tin mng vi b nh m s copy cc tp tin Khi user disconnected khi mng, user s lm vic vi nhng tp tin c lu tr torng b nh cc b Khi user log on tr li vo mng, h iu hnh client Windows ng b bt k tp tin offline no m user sa i trn my mng. Nu file c thay i trn c hai my th h iu hnh client Windows s nhc user loi file no user mun gi, hay user c th i tn tp tin, hoc gi c hai phin bn. Ch : Nu c hai user lm vic vi cng tp tin offline ti cng thi im th sau khi ng b, mt trong hai phin bn s b mt. Ty chn Offlin file Cache
Offline Files lu tr cc file thng xuyn c truy xut vo mt folder share. iu ny tng t nh trnh duyt Web gi mt danh sch cc web site thng xuyn truy xut vo trong b m(cache). Khi bn to cc share folder trn mng, bn c th ch ra tu chn lu tr cho tp tin v nhng chng trnh trong folder. C 3 tu chn lu tr khc nhau. Manual caching of documents: Ch ny cung cp truy xut offline ch cho nhng file v chng trnh m user ch nh l c hiu lc. N l tng cho mt folder share mng cha nhng tp tin m mt vi ngi s truy cp v chnh sa. y l tu chn mc nh khi bn cu hnh mt share folder tr thnh offline. Automatic caching of documents: Vi ch lu tr t ng, tt c cc file v chng trnh m user m t folder share t ng offline. Nhng tp tin m user khng m s khng offline. Cc bn copy c s t ng b ghi bi nhng phin bn mi hn. Automatic caching of programs: Khi check box Optimized for performance c chn, n cung cp t ng lu tr nhng chng trnh. Vic t ng lu tr cc chng trnh lm gim lu thng mng, bi v cc tp tin offline c m ngay lp tc. Cc phin bn tp tin trn mng khng th truy xut theo bt c cch no, v nhng file offline nhn chung khi ng v chy nhanh hn nhng version mng. Khi bn s dng ch ny, phi bo m hn ch cc quyn ti nhng file c cha trong cc share folder thnh truy xut Read. cu hnh cc thit lp offline bng cch s dng Windows Explorer : 1. Trong Windows Explorer, right-click trn shared folder mun cu hnh truy cp offline v sau click Sharing and Security.
- 65 -
Qun tr v xy dng mi trng mng doanh nghip 2. Trong hp thoi Properties chn Tab Sharing v click Offline Settings. 3. Trong hp thoi Offline Settings chn cc option m bn cn v click OK. 3.6. Trin khai dch v file DFS Gii thiu DFS: Trong thc t nhng cng ty ln u c mt h thng my ch cha d liu trn c chia s cho nhiu ngi dng, v d liu c chia s khng phi t mt my ch m t nhiu my ch khc nhau. Vi ngi dng mng, h s gp nhiu phin phc mi khi mun truy xut mt d liu no . H kh m nh c, d liu no ang c chia s trn Server no. Vn trn cng s gy kh khn cho Ngi Qun tr mng. Trong h thng Windows Server 2003 c mt gii php cho php tp trung cc ti nguyn c chia s trn mng (bi cc my khc nhau) n gin vic qun l v truy xut. l s dng Distributed File System (DFS).
Hnh 10.1: M hnh DFS Nn nh rng, DFS ch tp trung ti nguyn cha s v phng din Logic. C ngha l, ti nguyn thc s vn tn ti trn my ch chia s. DFS s gom tt c cc ng dn ca ti nguyn chia s v tp trung ti mt mi (gi l DFS root). Gii php s dng DFS mang li s thun tin cho cc ngi dng mng. Khi s dng DFS ngi dng ch cn truy cp vo DFS root. T , h s truy cp c vo cc ti nguyn chia s trn cc my khc, nh vo cc nhnh c to ra bi cc ng link n cc a ch c chia s trn my khc.. Cc kiu ca DFS Root: DFS tp trung cc ng lin kt n ti nguyn chia s trn mng v mt mi (gi l DFS root). Microsoft a ra hai m hnh qun tr mng: WORKGROUP v DOMAIN, nn DFS root cng c hai kiu tng ng cho mi m hnh qun tr. Domain Root v Stand-Alone Root Domain Root: L s kt hp gia DFS vi tnh nng Replication trong Active Directory. Domain root c kh nng t d tm cc ti nguyn chia s trong mng Domain to lin kt t vo Domain root. Vi Domain root, cc thng tin ca DFS s lu tr trn Active Directory. Ngi dng truy cp vo h ti nguyn qua h thng DFS dng Domain root bng ng dn: \\Domain\ShareName o Domain: tn ca Domain o ShareName: tn ti nguyn chia s trn Root Stand-Alone Root: L mt gii php cho mt my ch n hot ng trong mng WORKGROUP hoc mng DOMAIN.
- 66 -
Qun tr v xy dng mi trng mng doanh nghip Vi Stand-Alone Root, ngi Qun tr phi t tay nhp cc ng lin kt n ti nguyn chia s trn mng vo Root. Stand-Alone Root khng h tr ch t ng d tm ti nguyn chia s nh Domain root. Ngi dng truy cp vo h ti nguyn qua h thng DFS dng Stand-Alone Root bng ng dn: \\Server_Name\ShareName o ServerName: tn ca my ch cha DFS root o ShareName: tn ti nguyn chia s trn Root Thc thi DFS: Gi nh, ti Trung tm o to CNT iSpace, mi b phn u c my ch cha ti nguyn chia s: My ch PDT: chia s cc ti nguyn GIAO_TRINH, GIAO_AN My ch GIAO_VU:: chia s cc ti nguyn, THONG_BAO, TKB, My ch KY_THUAT:: chia s cc ti nguyn SOFTWARE, DRIVER, i vi ngi dng, truy cp ti nguyn h phi truy cp qua Computer Browser: Truy cp ti nguyn trn my ch PDT: \\PDT\Giao_Trinh ; \\PDT\Giao_An ... Truy cp ti nguyn trn GIAO_VU: \\GIAO_VU\TKB ; \\GIAO_VU\Thong_Bao, Truy cp ti nguyn trn KY_THUAT: \\KY_THUAT\Driver \\KY_THUAT\SOFTWARE, Nu s dng gii php DFS, n s mang li s thun tin cho ngi dng trong c Trung tm. My ch vi tn ISPACE l root ca cc ti nguyn chia s t nhiu my ch trong Trung Tm, Khi s dng DFS trn my ch ISPACE ton b ngi dng s truy xut cc d liu share trn mng vi mt a ch duy nht qua computer brower l: \\ISPACE\Tai_Nguyen Thit lp DFS trn my ch ISPACE Trn my ch ISPACE, vo a bn mun cha d liu root (V d l E:), to mt folder c tn l TAI_NGUYEN
Hnh 10.2: To th mc root tn TAI_NGUYEN trn my ch ISPACE M Control Panel Administrative Tools chy chng trnh Distributed File System.
- 67 -
Hnh 10.3: Distributed File System
To root mi trn my ch ISPACE bng cch chut phi vo Distributed File System sau chn New Root
Hnh 10.4: To New Root Sau khi nhn chn New root h thng hin ra mt Wizard h tr ngi Qun tr to Root mi, chn Next. Ti ca s Root Type, h thng s yu cu la chn mt trong hai dng root l: Domain Root hoc Stand-Alone Root. (Xem hnh 4) Nu bn chn Domain root, Wizard s yu cu ngi Qun tr xc nh chnh xc tn Domain ang tn ti trn mng. Nu mng ca mng cha nng cp ln Domain, hy chn Stand-Alone Root,
- 68 -
Hnh 10.5: La chn dng root cho DFS Sau bn nhn Next, trong ca s Host Server, h thng yu cu bn g tn my ch cha Root ca DFS. phn minh ho ny, tn Server l: ISPACE (tn my ch ch DFS root)
Hnh 10.6: Nhp tn Server ca DFS root Nhn Next h thng s ra mt ca s yu cu bn cn t tn cho th mc Root, v miu t th mc (Comment)
- 69 -
Hnh 10.7: t tn th mc root Bc k, ti ca s Root Share, ngi Qun tr phi ch nh th mc dng cha thng tin ca DFS root.
Hnh 10.8: Ch nh th mc cha DFS root Cui cng, chn Finish hon thnh vic to th mc Root trn my ch ISPACE.
Ghi nh rng, khi to c DFS Root, phi p ng 2 iu kin: Dch v Distributed File System phi c Start (Xem thm phn hng dn pha di dy. a cha Folder dng lm Root Share (hnh 7) phi s dng File System l NTFS
Hng dn Start dch v Distributed File System: Chy cng c Services (t trong Control panel Administrative Tools. Nhp phi mouse trn Distributed File System v chn Start.
- 70 -
Hnh 10.9: Xem trng thi hot ng ca cc services To ng lin kt mi trong root S dng DFS vi kiu Stand-Alone Root, ngi Qun tr phi t tay to ra cc link ch n ti nguyn chia s trn mng trong DFS root. Cch to link nh sau: Chy Distributed File System nhp phi mouse trn Root to chn New Link (Xem hnh 8)
Hnh 10.10: To Link mi trong DFS root Cc thng tin nhp trong New link (hnh 9) gm c: o o o Link name: Tn ca link. Tn ny s th hin trong Root nh l mt Folder cha ti nguyn chia s. Path to Target (shared folder): ng dn n ti nguyn chia s bi my ch khc trn mng.. Ngi Qun tr c th dng nt Browse duyt ti nguyn chia s trn mng. Comment: Ch thch thm v ti nguyn (nu cn).
- 71 -
Hnh 10.11: Thng tin chi tit khi to Link mi trong DFS root Tng t, ngi Qun tr s to thm cc link dn ti ti nguyn chia s trn mu ch PDT, GIAO_VU Truy xut ti nguyn chia s qua DFS: Mt khi h thng DFS v cc link c thit lp, ngi dng mng c th truy xut ti nguyn chia s ch bng mt ng dn duy nht \\Domain\ShareName hoc \\Server_Name\ShareName V d: truy cp ti nguyn qua DFS lp trn my ch ISPACE kiu Stand-Alone Root
Hnh 10.12: Truy xut ti nguyn qua DFS
3.7. X l s c 3.8. Bi tp tnh hung
- 72 -
Qun tr v xy dng mi trng mng doanh nghip Tm tt: Quyn chia s th mc: Mun chia s mt th mc dng chung trn mng, bn phi logon vo h thng vi vai tr ngi qun tr (Administrators) hoc l thnh vin ca nhm Server Operators. Share Permissions: l quyn ch c hiu lc khi ngi dng truy cp qua mng ch khng c hiu lc khi ngi dng truy cp cc b. Share Permissions, cha danh sch cc quyn sau cho php ngi dng truy xut n th mc chia s: Full Control: cho php ngi dng c ton quyn trn th mc chia s. Change: cho php ngi dng thay i d liu trn tp tin v xa tp tin trong th mc chia s. Read: cho php ngi dng xem v thi hnh cc tp tin trong th mc chia s. NTFS Permission: NTFS l mt h thng file v sn c trn Windows Server 2003. NTFS cung cp qu trnh thc thi v cc tnh nng khng th c trong FAT hay FAT32. NTFS cung cp cc li ch sau: tin cy Bo mt cao Ci thin vic qun l v gia tng lu tr Nhiu quyn user Offline File: l mt tnh nng qun l ti liu quan trng cung cp cho cc user kh nng truy xut online hay offline nht nh ti tp tin. Khi my client ngt kt ni khi mng, mi th c download v my cc b. Cc user vn c th tip tc lm vic nh h ang cn kt ni ti mng. H c th chnh sa, copy, xo Khi client kt ni tr li vo mng, cc tp tin client v server t ng ng b li. S dng Offline Files c nhng thun li sau : H tr cho nhng user lu ng T ng ng b Qu trnh thc thi thun li Backup thun li DFS (Distributed File System): Trong h thng Windows Server 2003 c mt gii php cho php tp trung cc ti nguyn c chia s trn mng (bi cc my khc nhau) n gin vic qun l v truy xut.
- 73 -
Qun tr v xy dng mi trng mng doanh nghip BI 4: QUN TR TRUY XUT TI NGUYN PRINTER Mc tiu: Trin khai Local, Network Print Device Qun tr quyn truy xut Printer X l cc s c v in n
4.1. Gii thiu Printer Gii thiu vic in n trong Windows 2003: Windows 2003 to iu kin thun li cho ngi qun tr thit lp in n mng v cu hnh cc ti nguyn in n t mt v tr trung tm. Chng ta cng c th cu hnh cc my trm chy Windows 95, Windows 98, hay Microsoft Windows NT phin bn 4.0 in n t cc thit b in n mng. Trc khi thit lp vic in n trong Windows 2003, chng ta nn n thut ng c s dng v cc c v yu cu h thng cho vic thit lp mt print server vi mt thit b in c kh nng tip cn mng. t kt qu tt nht, hy ghi nh cc nguyn tc khi lp k hoch trin khai mi trng in n mng. Cc thut ng in n trong Windows 2003
Chng ta nn lm quen vi cc thut ng c s dng nhn din cc thnh phn v cch cc thnh phn lm vic vi nhau. Danh sch sau lit k cc thut ng v in n c nh ngha trong Windows 2003: Print device (thit b in): Thit b phn cng to ra cc bn ti liu in. Windows 2003 h tr cc thit b in:

Local print device (thit b in cc b): Thit b in kt ni n mt cng vt l trn print server. Network-interface print device (thit b in giao din mng): Thit b in kt ni n mt print server qua mng thay cho cng vt l. Network-interface print device i hi card mng ring ca n v c a ch mng ring hoc c gn vo mt card mng gn ngoi.
Printer (my in): Giao din phn mm gia h iu hnh v thit b in. Printer nh ngha khi no v u mt ti liu s i n tm mt thit b in (cng cc b, cng kt ni mng, hay tp tin). Print server (my ch in n): My tnh c gn cc my in v trnh iu khin my khch. Print server nhn v x l cc ti liu t cc my khch. Chng ta thit lp v chia s cc my in mng lin quan n cc thit b in n cc b v giao din mng trn cc print server.
- 74 -
Qun tr v xy dng mi trng mng doanh nghip Printer driver (trnh iu khin my in). Mt hay nhiu tp tin cha thng tin m Windows 2003 i hi dng chuyn i cc lnh in thnh ngn ng my in chuyn dng. S chuyn i ny lm cho my in c th in c ti liu. Mt trnh iu khin my in l chuyn dng cho tng thit b in v trnh iu khin my in ph hp phi hin din trn print server. Printer Port: Trong hp thoi Printer Server Properties, bn m Tab Port. Tab ny cng tng t nh Tab Port trong hp thoi Properties ca my in. S khc nhau gia hai Tab Port l: Tab Port trong hp thoi Print Server Properties c s dng qun l tt c cc port trong Print Server. Cn Tab port trong hp thoi Properties ca my in qun l cc port ca thit b my in vt l. 4.2. Trin khai Printer Local Printer: Vo Start Setting Printers and Faxes
Hnh : Printers and Faxes minh ha (b sung sau) Chn Add printer computer Next Next Trang Local or Network Printer chn Local printer attached to this
Hnh : Chn Local Printer
- 75 -
Qun tr v xy dng mi trng mng doanh nghip Trang Select a Printer Port chn Use the following port (chn port LPT hay USB ty theo my in) Next chn hng sn xut v loi my in (vd l HP2000C)
Hnh : La chn my in Next Next Next Next Finish. Right click trn my in cn chia s v chon Sharing
Chia s my in Vo Start Setting
Printers and Faxes
Network Printer: Nguyn tc thit lp mt my in mng Trc khi thit lp in n mng, hy a ra chin lc in n c th qun l hiu qu cc nhu cu in n trn ton mng. iu ny bo m cho vic qun l cc tc v in thng sut. Danh sch sau cung cp cc nguyn tc cho vic lp chin lc in n mng:
Xc nh cc yu cu v in n ca t chc. Cc yu cu ny gm c s lng v kiu thit b in. Ngoi ra, hy xem xt loi ti mi thit b in s x l. Chng hn, khng nn dng thit b in kt ni cc b cho vic in n mng v n c th khng qun l ni lng ti. Xem xt yu cu in n ca ngi dng trong tng phng ban. Chng hn, phng Ha n c th c nhiu tc v in do phi in cc ha n lin tc. Ti cho vic in n cng ln th cng cn c nhiu thit b in hn. Xc nh s lng print server cn thit qun l s lng v cc loi my in trong mng. Xc nh v tr t cc thit b in. V tr ny phi thun tin cho cc mi dng nhn cc ti liu in. Xc nh cc tc v in no c u tin cao. Cc thnh vin ban qun tr thng c nhu cu in n tht nhanh. Cc qun tr vin c th gn u tin cao cho nhng ngi c nhu cu.
Cu hnh my in mng Sau khi ci t v chia s mt my in s dng trn mng, nhu cu in n ca ngi dng v t chc c th thay i v i hi chng ta cu hnh cc thit t in n sao cho ti nguyn in n ca chng ta ph hp hn vi cc nhu cu ny.
- 76 -
Ci t my in thng qua my in chia s trn mng. Vo Start Setting Printers and Faxes Chn Add printer Next Trang Local or Network Printer printer attached to another computer Next
chn A network printer, or a
Hnh C5.4: Chn network printer Trang Specify a printer chn Connect to this printer v g ip hoc computer name v tn my in chia s trn mng nh hnh bn di. Vd:\\192.168.1.102\HP2000C hay \\PCXX\HP2000C Next Finish.
Hinh C5.5: Chn my in share trn mng
- 77 -
Qun tr v xy dng mi trng mng doanh nghip C th c nhiu cch khc nhau truy xut v s dng my in chia s trn mng, cc bn c th tm hiu thm hoc nh ging vin hng dn cng tc ny. Tuy nhin, chng ti lun hy vng rng cc bn s tm ra mt cch khc lm cng vic ny v chia s thm nhng kinh nghim cho cc bn cng lp. 4.3.Qun tr Printer t u tin cho my in: hy t u tin gia cc my in u tin cho cc ti liu cng s dng mt thit b in in. thc hin iu ny, hy to nhiu my in cng tr n mt thit b in. iu nu cho php nhiu ngi dng gi cc ti liu quan trng n my in c u tin cao v cc ti liu thng thng n my in c u tin thp hn. Cc ti liu c gi n my in c u tin cao s c in trc.
Hnh: u tin gia cc my in
t u tin gia cc my in, hy thc hin cc bc sau: 1. Tr hai hay nhiu my in n cng mt thit b in (chung cng). Cng c th l cng vt l trn print server hay mt cng tr n mt thit b in giao din mng. 2. t u tin khc nhau cho tng my in kt ni n thit b in, sau cho cc nhm ngi dng khc nhau dng cc my in khc nhau in. Chng ta cng c th cho php ngi dng gi cc ti liu c u tin cao n my in c u tin cao hn v cc ti liu c u tin thp n cc my in c u tin thp hn. Lu l trong minh ha trc, User1 gi cc ti liu n mt my c u tin thp nht l 1, trong khi User2 gi cc ti liu n my in c u tin cao nht l 99. Trong v d ny, cc ti liu ca User2 s c in trc cc ti liu ca User1. t u tin cho my in
- 78 -
t u tin cho mt my in, hy thc hin cc bc sau: 1. M hp thoi Properties ca my in. 2. Trn tab Advanced, thay i u tin trong hp Priority, nhp OK. Gn quyn cho my in C ba cp quyn hn trn my in: Print (in), Manage Documents (qun l ti liu), v Manage Printer (qun l my in). Cc quyn hn trn my in
Bng sau lit k cc kh nng ca cc cp quyn hn khc nhau.
- 79 -
Kh nng ca cc quyn hn in n Print documents (In ti liu)
Quyn in X
Quyn qun Quyn qun l ti liu l my in X X X X
Pause, resume, restart, and cancel the user's own document X (Tm ngng, tip tc, khi ng li, hy ti liu ca ngi dng) Connect to a printer (Kt ni n my in) Control job settings for all documents (iu khin cc thit t cng vic cho mi ti liu) Pause, restart, and delete all documents (Tm ngng, khi ng li, xa tt c ti liu) Share a printer (Chia s my in) Change printer properties (Thay i thuc tnh my in) Delete printers (Xa cc my in) Change printer permissions (Thay i cc quyn hn my in) X
X X
X X
X X X X
Mc nh, cc qun tr vin ca mt my ch, cc print operator (nhn vin qun l in n) v cc server operator (nhn vin qun l my ch) trn mt my iu khin vngc quyn Manage Printer. Nhm Everyone c quyn Print, v ch ti liu c quyn Manage Documents. Gn quyn cho my in
thm mt ngi dng hoc nhm ngi dng v gn quyn print, hy thc hin cc bc sau:
- 80 -
Qun tr v xy dng mi trng mng doanh nghip 1. Trong th mc Printers, nhp phi biu tng my in mun thay i quyn, nhp Properties. 2. TRn tab Security, trong hp thoi Properties ca my in, nhp Everyone group, nhp Remove. 3. Nhp nt Add. chn cc ngi dng v nhm c php, nhp Add, nhp OK. 4. Trn tab Security, kim tra li cc quyn cho ngi dng v nhm, nhp OK. 4.4. X l s c 4.5. Bi tp tnh hung Tm tt: Print device (thit b in): Thit b phn cng to ra cc bn ti liu in. Printer (my in): Giao din phn mm gia h iu hnh v thit b in. Printer nh ngha khi no v u mt ti liu s i n tm mt thit b in (cng cc b, cng kt ni mng, hay tp tin). Print server (my ch in n): My tnh c gn cc my in v trnh iu khin my khch. Print server nhn v x l cc ti liu t cc my khch. Chng ta thit lp v chia s cc my in mng lin quan n cc thit b in n cc b v giao din mng trn cc print server. Printer driver (trnh iu khin my in). Mt hay nhiu tp tin cha thng tin m Windows 2003 i hi dng chuyn i cc lnh in thnh ngn ng my in chuyn dng. S chuyn i ny lm cho my in c th in c ti liu. Mt trnh iu khin my in l chuyn dng cho tng thit b in v trnh iu khin my in ph hp phi hin din trn print server. Printer Port: Port trong hp thoi Print Server Properties c s dng qun l tt c cc port trong Print Server. Cn Port trong hp thoi Properties ca my in qun l cc port ca thit b my in vt l. Local print device (thit b in cc b): Thit b in kt ni n mt cng vt l trn print server. Network-interface print device (thit b in giao din mng): Thit b in kt ni n mt print server qua mng thay cho cng vt l. Network-interface print device i hi card mng ring ca n v c a ch mng ring hoc c gn vo mt card mng gn ngoi.
- 81 -
Qun tr v xy dng mi trng mng doanh nghip BI 5: QUN TR MI TRNG MNG GROUP POLICY
Mc tiu: Gii thiu Windows Group Policy Trin khai Group Policy trn Domain v Organizational Units Dng Group Policy t ng ha cc cng tc qun tr User v Computer X l li thng dng khi trin khai Group Policy
5.1. Gii thiu Group Policy. Group Policy Object (GPO) l mt thnh phn quan trng trong h qun tr ca Windows. N gip ngi qun tr c th a ra nhng chnh sch bo v, gii hn tm hot ng ca ngi s dng theo mt khun php nht nh. Hu ht nhng thay i trn Windows nh desktop, control panel, Internet Explorer... u lu li trn registry. Nhng registry li qu phc tp v nguy him do h iu hnh a ra mt h thng Policy nhm n gin ha vn thay i v bo mt. Domain Group Policy: trong h thng Windows Server th GPO hot ng theo m hnh client/Server. Do ngi qun tr s theo tc cc GPO trn my ch p t nhng thay i cn thit cho my con khi my con ng nhp vo h thng. Xt mt s v d: Trong mt Cng Ty, ngi qun tr mun mt s nhn vin no khng c thay i thng s mn hnh Desktop. Hoc khng mun vo Control Panel chnh sa, ph phch... Mt phng ban no mun khng cho h thay i cc thng s trn Internet Explorer hoc cm h khng c php s dng USB... Tt c nhng vic trn u c th lm trn cc my client . Nhng GPO c th lm trn my ch v c hiu lc cho mt OU. Nguyn l hot ng ca GPO l khi my client truy cp vo Server th Server s ly thng tin registry trn my client v chnh sa li theo ng nhng g m GPO thit lp v qu trnh ny c cp nht thng xuyn khi c tn hiu truy cp t my Client. Cc group policy dnh cho site, domain v OU c to ra di dng cc i tng chnh sch nhm (GPO), v cc GPO c lu tr mt phn trong c s d liu Active Directory v mt phn trong share SYSVOL. Local Group Policy: trn mi my Win2k/XP Pro/WinS2k3 cng c mt b chnh sch nhm ti ch (local group policy), s c p dng khi my khng tham gia vo min AD no c (tc khi n tham gia vo mt workgroup hoc khi n c dng c lp). Cc my Windows XP Home th khng c local group policy. Khi my Win2k/XP Pro/WinS2k3 ni vo min AD, th ngoi cc local group policy, n cn c p dng ln lt cc group policy dnh cho Site, Domain, OU cha n (nu thuc nhiu OU lng nhau, th policy no dnh cho OU ngoi hn s c p dng trc). Cc policy c p dng sau s override cc policy c p dng trc. GPO ti ch ca mi my Win2k/XP Pro/WinS2k3 th nm trong th mc %Windir%\System32\GroupPolicy. Chng trnh to ra v chnh sa cc GPO c tn l Group Policy Object Editor, c dng mt console MMC tn l GPEDIT.MSC, hoc cng c th dng di dng mt cng c snap-in trong mt console MMC khc. V d: console Active Directory Users and Computers, tc dsa.msc, cng c trang b sn snap-in Group Policy.
- 82 -
Qun tr v xy dng mi trng mng doanh nghip Cc thnh phn ca Group Policy tm hiu cc thnh phn GPO chng ta cn khi ng chng trnh Group Policy. C 2 cch: Cch 1: Vo menu Start > Run, ri nhp lnh mmc khi ng Microsoft Management Console. Sau vo menu File, chn Open. Trong ca s Open, tm n th mc System32. Chng ta thy nhiu tp tin xut hin c phn m rng l *.msc nhng chng ta ch quan tm n file gpedit.msc, chn file gpedit.msc v bm Open:
Hnh 5.1: Chn file gpedit.msc Cch 2: Vo menu Start chn Run v nhp vo gpedit.msc ri nhn OK khi ng chng trnh. Khi chng trnh khi ng, chng ta s thy ca s giao din nh hnh bn di:
Hnh 5.2: Giao din Group Policy
- 83 -
Qun tr v xy dng mi trng mng doanh nghip Chng trnh c phn theo dng cy v rt d dng v chng ta hon ton c th s dng Group Policy m Windows cung cp sn qun tr h thng, khng cn phi ci thm cc phn mm khc. Trong Group Policy c 2 thnh phn chnh l Computer Configuration v user configuration Cch s dng chung: tm ti cc nhnh, Chn Not configured nu khng nh cu hnh cho tnh nng , Enable kch hot tnh nng, Disable v hiu ha tnh nng. Computer Configuration: Cc thay i trong phn ny s p dng cho ton b ngi dng trn my. Trong nhnh ny cha nhiu nhnh con nh: Windows Settings: nhnh ny chc cc vn lin quan n ti khon, password ti khon, qun l vic khi ng v ng nhp h thng... Administrative Templates: Windows Components: cho php cu hnh cc thnh phn ci t trong Windows nh: Internet Explorer, NetMeeting... System: cu hnh v h thng. Cn lu l trc khi cu hnh cho bt k thnh phn no, chng ta cng cn phi tm hiu tht k v n. Chng ta c th chn thnh phn ri nhp chut phi chn Help.
Hnh 5.3: Tm hiu thnh phn ang cu hnh Cn mt cch khc l khng chn Help m chn Properties. Khi ca s Properties xut hin, chuyn sang th Explain c gii thch chi tit v thnh phn ny.
- 84 -
Qun tr v xy dng mi trng mng doanh nghip Hnh 5.4: Gii thch tnh nng ca thnh phn Mc nh th tnh trng ban u ca cc thnh phn ny l Not configured. thay i tnh trng cho thnh phn no , chng ta chn th Setting trong ca s Properties, s c 3 ty chn cho chng ta chn la l: Enable (c hiu lc), Disable (v hiu lc) v Not configure (khng cu hnh). User Configuration: gip chng ta cu hnh cho ti khon ang s dng. Cc thnh phn c khc i cht nhng vic s dng v cu hnh cng tng t nh trn.
Sau y chng ta tm hiu chi tit mt s thnh phn chnh ca GP: Computer Configuration: Windows Setting: Ti y chng ta c th hiu chnh, p dng cc chnh sch v vn s dng ti khon, password ti khon, qun l vic khi ng v ng nhp h thng... Scripts (Startup/Shutdown): Chng ta c th ch nh cho windows s chy mt on m no khi Windows Startup hoc Shutdown. Security settings: Cc thit lp bo mt cho h thng, cc thit lp ny c p dng cho ton b h thng ch khng ring ngi s dng no. Account Policies Thit lp cc chnh sch p dng cho ti khon ca ngi dng. 1. Password Policies: Bao gm cc chnh sch lin quan n mt khu ti khon ca ngi s dng ti khon trn my. Enforce password history: Vi nhng ngi s dng c khng c thi quen ghi nh nhiu mt khu, khi buc phi thay i mt khu th h vn dng chnh mt khu c thay cho mt khu mi, iu ny l mt k h ln ln quan trc tip n vic l mt khu. Thit lp ny bt buc mt mt khu mi khng c ging bt k mt s mt khu no do ta quyt nh. C gi tr t 0 n 24 mt khu. Maximum password age: Thi gian ti a mt khu cn hiu lc, sau thi gian ny h thng s yu cu ta thay i mt khu. Vic thy i mt khu nh k nhm nng cao an ton cho ti khon, v mt k xu c th theo di nhng thi quen ca chng ta, t c th tm ra mt khu mt cch d dng. S gi tr t 1 n 999 ngy. Gi tr mc nh l 42. Minimum password age: Xc nh thi gian ti thiu trc khi c th thay i mt khu. Ht thi gian ny chng ta mi c th thay i mt khu ca ti khon, hoc chng ta c th thay i ngay lp tc bng cch thit lp gi tr l 0. Gi tr t 0 n 999 ngy. Chng ta cn thit lp Minimum password age ln hn khng nu chng ta mun chnh sch Enforce password history c hiu qu, v ngi s dng c th thit lp li mt khu nhiu ln theo chu k h c th s dng li mt khu c. Minimum password length: di nh ti thiu cu mt khu ti khon. (Tnh bng s k t nhp vo). di ca mt khu c gi tr t 1 n 14 k t. Thit lp gi tr l khng nu chng ta khng s dng mt khu. Gi tr mc nh l 0. Password must meet complexity requirements: Quyt nh phc tp ca mt khu. Nu tnh nng ny c hiu lc. Mt khu ca ti khon t nht phi t nhng yu cu sau: - Khng cha tt c hoc mt phn tn ti khon ngi dng - di nh nht l 6 k t - Cha t 3 hoc 4 loi k t sau: Cc ch ci thng (a -> Z), cc ch ci hoa (A -> Z), Cc ch s (0 -> 9) v cc k t c bit. phc tp ca mt khu c coi l bt buc khi to mi hoc thay i mt khu. inh : Disable. Store password using reversible encryption for all users in the domain: Lu tr mt khu s dng m ha ngc cho tt c cc ngi s dng domain. Tnh nngcung cp s h tr
- 85 -
Qun tr v xy dng mi trng mng doanh nghip cho cc ng dng s dng giao thc,n yu cu s am hiu v mt khu ca ngi s dng. Vic lu tr mt khu s dng phng php m ha ngc thc cht ging nh vic lu tr cc vn bn m ha ca thng tin bo v mt khu. Mc inh : Disable. 2. Acount lockout Policy: Account lockout duration: Xc nh s pht cn sau khi ti khon c kha trc khi vic m kha c thc hin. C gi tr t 0 n 99.999 pht. C th thit lp gi tr 0 nu khng mun vic t ng Unlock. Mc nh khng c hiu lc v chnh sch ny ch c khi chnh sch Account lockout threshold c thit lp. Account lockout threshold: Xc nh s ln c gng ng nhp nhng khng thnh cng. Trong trng hp ny Acount s b kha. Vic m kha ch c th thc hin bi ngi qun tr hoc phi i n khi thi hn kha ht hiu lc. C th thit lp gi tr cho s ln ng nhp sai t 1 n 999. Trong trng hp thit lp gi tr 0, account s khng b kha. Reset account lockout counter after: Thit lp li s ln c gng ng nhp v 0 sau mt khong thi gian quy nh. Thit lp ny ch c hiu lc khi Account lockout threshold c thit lp. Local Policies Kim nh nhng chnh sch, nhng ty chn quyn li v chnh sch an ton cho ngi dng ti ch. User rights Assignment: n nh quyn cho ngi s dng. Quyn ca ngi s dng y bao gm cc quyn truy cp, quyn backup d liu, thay i thi gian ca h thng Trong phn ny, cu hnh cho mt mc no bn c th nhy p chut ln mc v nhn nt Add user or group trao quyn cho user hoc Group no bn mun. Access this computer from the network: Vi nhng k t m, tc mch th ti sao chng ta li phi cho php chng truy cp vo my tnh ca mnh. Vi thit lp ny chng ta c th tuy thm, bt quyn truy cp vo my cho bt c ti khon hoc nhm no. Act as part of the operating system: Chnh sch ny ch nh ti khon no s c php hot ng nh mt phn ca h thng. Mc nh, ti khon Aministrator c quyn cao nht, c th thay i bt k thit lp no ca h thng, c xc nhn nh bt k mt ngi dng no, v th c th s dng ti nguyn h thng nh bt k ngi dng no. Ch c nhng dch v chng thc mc thp mi yu cu c quyn ny. Add workstations to domain: Thm mt ti khon hoc nhm vo min. Chnh sch ny ch hot ng trn h thng s dng Domain Controller. Khi c thm vo min, ti khon ny s c thm cc quyn hot ng trn dch v th mc (Active Directory), c th truy cp ti nguyn mng nh mt thnh vin trn Domain. Adjust memory quotas for a process: Ch nh nhng ai c php iu chnh ch tiu b nh dnh cho mt qu trnh x l. Chnh sch ny tuy c lm tng hiu sut ca h thng nhng n c th b lm dng phc v cho nhng mc ch xu nh tn cng t chi dch v DoS (Dinal of Sevices). Allow logon through Terminal Services: Terminal Services l mt dch v cho php chng ta ng nhp t xa n my tnh. Chnh sch ny s quyt nh gip chng ta nhng ai c php s dng dch v Terminal ng nhp vo h thng. Back up files and directories: Tng t nh cc chnh sch trn, y s cp php cho nhng ai s c quyn backup d liu. Change the system time: Cho php ngi s dng no c quyn thay i thi gian cu h thng. Create global objects: Cp quyn cho nhng ai c th to ra cc i tng dng chung
- 86 -
Qun tr v xy dng mi trng mng doanh nghip Force shutdown from a remote system: Cho php nhng ai c quyn tt my qua h thng iu khin t xa. Shut down the system: Cho php ai c quyn Shutdown my. Public Key Policies Cc chnh sch kha dng chung Lu : y chng ti ch gii thiu mt s cc thnh phn, cc bn c th da theo cch ny t tm hiu thm. 5.2. Trin khai Group Policy To Group Policy trn Local Computer to mt GPO local, chng ta phi c logon nh l mt thnh vin Administrator c th truy xut Group Policy Object Editor t Administrator Tools hay qua mt snap-in MMC ci t mt policy vi nhng thit lp local Start Run v nhp vo mmc OK Add Group Policy bject Editor Vo menu Files Add/Remove Snap-in
Open Group Policy Object Editor. In the console tree, double-click the folders to view the policy settings in the details pane. In the details pane, double-click a policy setting to open the Properties dialog box, and then change the policy setting.
- 87 -
To Group Policy trn Domain Vic thc thi Group Policy trn mt domain cung cp cho nh qun tr mng vi quyn iu khin ln hn qua nhng cu hnh my tnh xuyn sut cu trc mng. Cng bng cch s dng Group Policy trong Windows Server 2003, chng ta c th to mt mi trng lm vic c qun l hon ton thch hp vi trch nhim cng vic ca user v mc kinh nghim ca mnh, chng ta c th gim lng h tr mng cn thit. to mt GPO mi hoc link ti mt GPO ang tn ti bng cch s dng Active Directory Users and Computers, to mt GPO trong mt site, domain hay OU. S dng Active Directory Users and Computers Trong Active Directory Users and Computers, click chut phi trn Active Directory (domain or organizational unit) m chng ta mun to GPO, sau chn Properties. Trong hp thoi Properties, trn th Group Policy s c cc la chn sau: To mi mt GPO, click New, nhp tn mi ca GPO, sau bm ENTER. Lin kt n mt GPO sn c, click Add, sau chn GPO t danh sch GPO m chng ta va to hoc lin kt s c hin th trong danh sch GPO trong Active Directory.
S dng Group Policy Management Start Administrative Tools, sau click Group Policy Management. Trong Group Policy Management, trong phn console, m rng forest v tm domain m bn mun to mi GPO. Right-click trn Group Policy Objects, v chn New. Trong hp thoi New GPO, nhp tn Group Policy OK.
Edit Group Policy L mt ngi qun tr h thng, chng ta phi chnh sa nhng thit lp Group Policy. chnh s Group Policy chng ta thc hin theo cc bc sau: Trong Group Policy Management, phn console tree, tm Group Policy Objects cn Edit. Right-click trn GPO v sau click Edit. Trong Group Policy Object Editor, thng qua Group Policy setting m bn mun edit click vo. double-
- 88 -
Qun tr v xy dng mi trng mng doanh nghip Trong hp thoi Properties, cu hnh Group Policy setting v click OK.
Link Group Policy n Domain hay OU
Tt c cc GPOs c lu tr trong mt container Active Directory c gi l Group Policy Objects. Khi mt GPO c s dng cho site, domain hay mt OU, GPO c link ti container Group Policy Objects. Kt qu l chng ta c th tp trung qun l v trin khai GPOs ti nhiu domai hay nhiu OU. Creating a linked GPO Khi chng ta to mt GPO c lin kt vi mt site, domain hoc OU, chng ta thc hin mt cch th cng hai hot ng ring bit: to mt GPO mi v sau link n ti site, domain hay OU. Khi u nhim quyn link GPO ti mt domain, OU hay site, chng ta phi c quyn Modify cho domain, OU hay site m chng ta mun u quyn. Theo mc nh, ch nhng thnh vin ca nhm Domain Admins v Enterprise Adminsgroup l c cc quyn cn thit link mt GPO ti domain v OU. Ch nhng thnh vin ca Enterprise Admins group c quyn link GPOs ti cc site. Nhng thnh vin ca nhm Group Policy Creator Owner c th to GPO nhng khng th link chng. Sau y l cc hng dn gip cho chng ta c th to, link GPO ti domain: To v Link mt GPO Trong Group Policy Management, trong console tree chng ta c th to v link GPO ti domain hay OU Nu to v link GPO ti domain th chng ta right-click ln domain v sau click Create and Link a GPO Here. Nu to v link GPO ti OU (organizational unit) th chng ta right-click ln OU v sau click Create and Link a GPO Here. Trong hp thoi New GPO, nhp tn mi cho GPO OK.
Link mt GPO sn c link mt GPO ang tn ti ti mt site, domain hay OU. Chng ta thc hin theo cc bc sau: Trong Group Policy Management, phn console tree, m rng forest cha domain m bn cn link GPO sn c. Right-click trn domain, site, hoc OU v sau click Link an Existing GPO. Trong hp thoi Select GPO, click vo GPO m chng ta mun link ri click OK.
- 89 -
Qun tr v xy dng mi trng mng doanh nghip Ch : Chng ta khng th link mt GPO ti nhng container trong Active Directory nh User v Computer. Tuy nhin, bt k GPO no c link ti domain cng p dng cho cc user v computer trong container ny. Quyn tha k (inherited) trong Active Directory Th t m Windows Server 2003 p dng cc GPOs ph thuc vo Active Directory container, ni m GPOs c link. GPOs trc tin p dng cho site, sau l domain v cui cng ti OU trong cc domain. Mt container con s tha k GPOs t container cha. iu ny c ngha l container con c nhiu thit lp Group Policy c p dng cho cc user v computer ca n m khng cn c mt GPO no c link ti n. Tuy nhin, khng c h ng cp cc domain ging cho cc OU, nh l OU cha v OU con. Nu c nhiu GPO cng thit lp mt gi tr ging nhau, theo mc nh GPO chim u tin trc c p dng. Chng ta cng c th c nhiu GPOs c link ti cng mt container. Nu kiu k tha mc nh khng p ng nhng yu cu ca t chc ca chng ta, chng ta c th chnh sa quy lut tha k cho cc GPOs c th. Windows Server 2003 cung cp 2 tu chn thay i kiu tha k mc nh. No Override S dng tu chn ny khi chng ta mun khng c thit lp cu hnh no ca n c th b ghi bi bt k GPOs no trong qu trnh x l ca Group Policy. Tu chn ny c t trn tng GPO ring bit. Chng ta c th set tu chn ny trn mt hay nhiu GPO c yu cu. Khi nhiu GPO cng c set l No Override, GPO c v tr cao nht trong h ng cp Active Directory s chim quyn u tin. Block Policy inheritance S dng tu chn ny p buc mt container con ngn cn tha k t container cha. S dng tu chn ny khi mt OU yu cu mt thit lp Group Policy duy nht . Block Policy inheritance c set trn mi container. Trong trng hp xung t, tu chn No Override s lun lun chim u tin hn tu chn Block Policy inheritance. Ti sao phi Block Policy?
Chng ta c th ngn cn mt container con k tha bt k GPO no t cc container cha bng cch cho php Block Policy inheritance trn contaner con. Cch ny s ngn cn container tha k tt c nhng thit lp Group Policy ca nhng Group Policy c chn. iu ny tht hu ch khi mt container Active Directory yu cu mt Group Policy duy nht, v chng ta mun bo m rng nhng thit lp Group Policy khng b tha k. V d, chng ta c th s dng Block Policy inheritance khi ngi qun tr ca mt OU phi iu khin tt c cc GPOs cho containter . Block Policy inheritance chng ta thc hin cc bc sau: Trong Group Policy Management, phn console tree, m rng forest m bn mun block inheritance, v thc hin cc la chn sau: block inheritance ca GPO links cho domain, m rng Domains, v right-click the domain.
- 90 -
Qun tr v xy dng mi trng mng doanh nghip block inheritance ca GPO links cho organizational unit, expand Domains, m rng domain cha organizational unit, v right-click trn organizational unit. Click Block Inheritance.
Group Policy Filtering
Mc nh, tt c nhng thit lp Group Policy cha trong GPOs m tc ng ti container c p dng cho tt c cc user v computer trong container , iu ny c th a ra nhng kt qu m chng ta khng mong mun. Bng cch s dng tnh nng filtering (sng lc), chng ta c th xc nh nhng thit lp no m chng ta mun p dng cho cc user v computer trong container c th. Cc bc cu hnh Group Policy Filtering lc phm vi ca mt GPO bng cch s dng security group : Trong Group Policy Management, phn console tree, m rng forest tm GPO cn filter v click vo GPO. Trong ca s GPO chn Tab Scope v click Add. Trong hp thoi chn User, Computer, hoc Group, nhp tn i tng chn vo v chn OK.
Lu : nhng thit lp Group Policy p dng ti user hay computer account, account phi c t nht quyn Read cho mt GPO. 5.3. Qun tr mi trng User v Computer Qun l mi trng lm vic user c ngha l iu khin cc user c th lm g khi logon vo mng. Chng ta lm iu ny bng cch iu khin mi trng lm vic ca h, kt ni mng v giao din ngi dng thng qua Group Policy. Chng ta qun l mi trng lm vic ca user m bo rng cc user c nhng g m h cn cho cng vic ca h. Khi chng ta cu hnh v qun l tp trung cc mi trng lm vic ca user, chng ta c th thc hin nhng thao tc sau : Qun l cc user v computer Bng cch qun l cc thit lp mi trng desktop ca user vi vic ng k vi nhng policy, chng ta bo m rng cc user c cng mi trng lm vic, thm ch nu h logon t nhng my tnh khc nhau. Chng ta c th iu khin Microsoft Windows Server 2003 qun l cc user profiles, bao gm c d liu c nhn ca user c lm cho sn dng. Bng cch chuyn hng cc folder ca user t cng cc b trn my tnh user ti mt v tr trung tm trn mt server, chng ta c th bo m rng d liu ca user l sn c cho h m khng cn bit ti my tnh m h logon vo.
- 91 -
Qun tr v xy dng mi trng mng doanh nghip Trin khai phn mm Phn mm c trin khai ti my tnh hay user qua dch v th mc Active Directory. Vi vic trin khai phn mm, chng ta c th bo m rng cc user c c nhng chng trnh m h yu cu, cc gi services pack v hotfix. Lm cho cc thit lp bo mt c hiu lc Bng cch s dng Group Policy trong Active Directory, nh qun tr h thng c th tp trung p dng cc thit lp bo mt c yu cu bo v mi trng lm vic ca user. Trong Windows Server 2003, chng ta c th s dng Security Settings m rng trong Group Policy xc nh nhng thit lp bo mt cho security policies local hay domain. Lm cho mt mi trng desktop nht qun. Nhng thit lp Group Policy cung cp mt cch hiu qu p dng cc tu chun, nh l logon script v nhng thit lp password. V d, chng ta c th ngn cn cc user to ra nhng thay i cho desktop m c th lm ra nhng mi trng lm vic ca h phc tp hn cn thit. Ngoi ra, chng ta cng c th p t Group Policy trn local computer nhng hiu qu khng cao bng vic trin khai Group Policy qua mng. Sau y l mt s trng hp cng nh cch hng dn trin khai Group Policy cho OU, Group, Local Computer, Gn Script vo Group Policy Chng ta c th s dng Group Policy trin khai scripts ti cc user v computer. Mt script l tp tin b hay mt script Microsoft Visual Basic m c th thc thi code v qun l cc thao tc. Chng ta c th s dng nhng thit lp Group Policy script t ng ho qu trnh chy scripts. C nhng thit lp script bn di c hai Computer Configuration v User Configuration trong Group Policy. Chng ta c th s dng Group Policy chy cc script khi mt my tnh khi ng v shutdown v khi mt user log on, log off. Ging nh tt c nhng thit lp Group Policy, Chng ta cu hnh mt thit lp Group Policy, v Windows Server 2003 tip tc thc thi v p buc n trn mng ca chng ta. add mt script vo mt GPO chng ta thc hin cc bc sau: Trong Group Policy Management, chn edit GPO. Mn hnh Group Policy Object Editor, phn Configuration/Windows Settings/Scripts (Logon/Logoff). Double-click Logon. Trn hp thoi Logon Properties v click Add. Trong hp thoi Add a Script, cu hnh bt k thit lp no m bn mun s dng v click OK: Script Name. nhp ng dn n script hoc click Browse tm v tr script file share trn domain controller. Script Parameters. Nhp bt k thng s vo m bn mun ging nh cc thng s m bn nhp bng command line. Trong hp thoi Logon Properties, cu hnh cc thit lp sau m bn cn s dng: Logon Scripts for. y s cho bn thy danh sch tt c cc script c gn cho v dng Up or Down thay i th t script no c u tin x l trc. Add. Click Add xc nh cc scripts no m bn cn thm. Edit. Click Edit thay i thng tin cng nh cc thng s ca script. Remove. Click Remove remove cc scripts c chn t danh sch Logon Scripts. Show Files. Click Show Files xem cc file scripts c xc nh trong GPO. Lu : Cc script logon chy trong ng cnh ca user account s khng chy trong ng cnh computer account. console tree, thng qua User
- 92 -
Qun tr v xy dng mi trng mng doanh nghip Mt s thao tc lin quan n Group Policy Thao tc v Internet Explorer (IE). Nhnh User Configuration/Windows Settings/Internet Explorer Maintenance/Browser User Interface Browser Tittle: nhp kp ri nh du kim vo "Customize Tittle Bars", g vo mt ci tn nh ABC. M IE ch about:blank s thy dng ch "Microsoft Internet Explorer provided by ABC" Custom logo: chng ta c th thay logo ca Microsoft pha trn gc phi trnh duyt IE bng logo ca ring mnh (ch h tr cc file BMP c 16-256 mu v kch c l 22x22 hay 38x38). Hp "Customize the static logo bitmaps" dnh cho hnh tnh cn hp "Customize the animated bitmaps" dnh cho hnh ng. Nhnh User Configuration/Administrative Templates/Windows Components/Internet Explorer Internet Control Panel: c tt c 7 ty chn thit lp khng cho hin 7 th trong hp thoi Internet Options nh General, Security... Nu khng giu th General, chng ta c th quay li folder Internet Explorer enable phn "Disable changing home page settings" nhm v hiu ha vic thay i trang ch IE. Toolbars: enable phn "Configure Toolbar Buttons" s cho ty chn hin th cc nt trn thanh cng c ca IE. Nhnh Computer Configuration/Administrative Templates/Windows Components/ Internet Explorer Security Zone: Use only machine settings: bt buc tt c cc user u phi chung mt mc security nh nhau. Security Zone: Do not allow users to add/delete sites: trong Security Zone c danh sch cc site nguy him do ngi dng thit lp, enable ty chn ny s khng cho thay i danh sch (cch tt nht l giu lun th Security). Disable Periodic Check for Internet Explorer software updates: ngn khng cho IE t ng tm phin bn mi ca n.
Thao tc v Windows Explorer. Nhnh User Configuration/ Administrative Templates/ Windows Components/ Windows Explorer: Maximum number of recent document: quy nh s lng cc ti liu m hin th trong My Recent Documents. Do not move deleted files to the Recycle Bin: file b xa s khng c a vo Recycle Bin. Maximum allowed Recycle Bin size: gii hn dung lng ca Recycle Bin, tnh bng n v phn trm dung lng ca a cng. Hide the dropdown list of recent files trong folder Common Open File Dialog: khng cho hin th danh sch recent file trong cc hp thoi Open (nh Word, Excel...) Thao tc v Logon. Nhnh Computer Configuration/Administrative Templates/Logon Always use classic logon: lm hp thoi Logon/Shutdown ca Windows XP c dng ging Windows 2000. Run these programs at user logon: ty chn ny cho php ngi dng lp danh sch cc file cn chy khi ng nhp vo my tnh, ch nn s dng cho cc file d liu.
Thao tc v System Restore. Nhnh Computer Configuration/Administrative Templates/System Restore Turn off System Restore: tt System Restore, khi ngi dng gi System Restore th xut hin thng bo "System Restore has been turn off by group policy. To turn on System Restore, contact your domain Administrator". Turn off Configuration: ch c tc dng khi System Restore c kch hot, tnh nng ny v hiu ha phn thit lp cu hnh ca System Restore.
- 93 -
Qun tr v xy dng mi trng mng doanh nghip Thao tc v Windows Media Player. Nhnh User Configuration/Administrative Templates/Windows Components/ Windows Media Player Phn "Set and Lock Skin" trong folder User Interface: thit lp mt skin duy nht cho Windows Media Player. Phn "Prevent Codec Download" trong folder Playback: ngn Windows Media Player t ng ti cc codec.
Thao tc v Windows Firewall vi Group Policy Windows Firewall l chng trnh tng la c tch hp vo Windows XP Service Pack 2 hay Windows 2003 Service Pack 1, gip ngi dng an ton hn khi lt web. Microsoft cng cung cp tp tin qun tr system.adm cp nht cc thit lp cho Group Policy cho php chng ta c th cu hnh tng la tt hn s dng AD (Active Directory) da trn GPO (Group Policy Object). truy cp vo phn thit lp cho tng la ca Windows trong Group Policy, vo Start Run, g gpedit.msc , Enter hp thoi Group Policy m ra. Tip theo, vo tip theo cc nhnh sau: Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall. Ti hp thoi ny, chng ta c th cu hnh cho tng la ca Windows qua 2 th mc: Domain Profile v Standard Profile. Domain Profile: thit lp cho Windows Firewall khi my tnh kt ni n mng AD Standard Profile: thit lp cho tng la khi my tnh khng kt ni n mng. Nhng thit lp ny cho php chng ta cu hnh cho nhng my kt ni mng hay cc my t xa. Phn thit lp ca 2 th mc Domain v Standard cng hon ton ging nhau, chng ta c th chn mt thit lp v xem m t nh sau: Mt vi tnh nng ca Windows Firewall hu ch m chng ta nn kch hot: Protect all network connections: thit lp ny buc tng la tt hay m cho mt nh danh Do not allow exceptions: ty chn ch th cho tng la t chi cc trng hp c bit c ch nh. Kch hot thit lp ny tng ng vi vic chn Dont allow exceptions (Khng cho php cc trng hp c bit) trn th General trong Windows Firewall Control Panel. Define program exceptions Properties: thit lp cho php chng ta ty chn ch nh cc chng trnh, gip chng ta cp php cho cc trng hp c bit tm v qua tng la. Prohibit notifications: thit lp dng cc thng bo ca tng la khi mt chng trnh yu cu Windows Firewall b sung n vo danh sch cc chng trnh cho php. Allow logging: ty chn cho php chng ta cu hnh cp bc bn ghi lu tr thng tin cho tng la, kch c bn ghi, tn v v tr.
Trin khai chnh sch mt khu min vi Active Directory Windows 2003 Trong qu trnh ci t Windows Active Directory cho mt Domain Controller, hai Group Policy Object (GPO), tc i tng chnh sch nhm c to. Cc GPO ny c t tn l Default Domain Controllers Policy v Default Domain Policy. Trch nhim chnh ca GPO ny l thit lp c quyn ngi dng cho Domain Controller, cng nh mt s thit lp bo mt hn hp khc. Default Domain Policy lin kt ti cc min trong ton b qu trnh ci t. Trong phn ny chng ta ch ni n nhim v chnh l thit lp Password Policy cho tt c ti khon ngi dng trong min. Password Policies ch l mt trong ba phn khc nhau khu vc Account Policies. Bn cnh cn c Account Lockout Policies v Kerberos Policies. Bn trong Default Domain Policy, cc thit lp kim sot mt khu ti khon ngi dng trong min v gii hn kho c to, nh trong cc hnh bn di.
- 94 -
Hnh Cc thit lp Password Policies.
Hnh Cc thit lp Account Lockout Policies. Nu cc gi tr mc nh khng nh chng ta mong mun th chng ta c th chnh sa chng. C hai hng thc hin l update Default Domain Policy t c cc thit lp Password Policy mong i. Hoc khng thay i GPO mc nh m to mi mt GPO khc. Sau lin kt n vi min, cu hnh vi cc thit lp Password Policy mong i cng nh cc thit lp khc v chuyn ln mc u tin cao hn Default Domain Policy, nh trong hnh.
Hnh GPO mi vi mc u tin cao hn c to cung cp Password Policy cho tt c ti khon ngi dng trong min. V hiu ha cc USB, CD-ROM, Floppy Disk... bng Group Policy Microsoft Group Policy cho php to cc file mu Administrative Template (.adm) ty thch p dng cho cc thit lp registry khng c sn trong ch mc nh. Mu ADM trong bi vit ny cho php v hiu ha b ci cc thit b trn.
- 95 -
Qun tr v xy dng mi trng mng doanh nghip Mc nh, Group Policy khng to diu kin d dng v hiu ha cc c th di chuyn nh cng USB, CD-ROM, mm v mm cng sut co LS-120. Tuy nhin, Group Policy c th c m rng s dng cc ty chn bng cc mu ADM. Mu ADM trong bi ny cho php qun tr vin c th v hiu ha cc trn, bo m rng chng khng th s dng. Cch thc tin hnh Chng ta to mt file c phn ui l .adm vi ni dung code bn di CLASS MACHINE CATEGORY !!category CATEGORY !!categoryname POLICY !!policynameusb KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR" EXPLAIN !!explaintextusb PART !!labeltextusb DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 3 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY POLICY !!policynamecd KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom" EXPLAIN !!explaintextcd PART !!labeltextcd DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 1 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY POLICY !!policynameflpy KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk" EXPLAIN !!explaintextflpy PART !!labeltextflpy DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 3 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART
- 96 -
Qun tr v xy dng mi trng mng doanh nghip END POLICY POLICY !!policynamels120 KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy" EXPLAIN !!explaintextls120 PART !!labeltextls120 DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 3 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY END CATEGORY END CATEGORY [strings] category="Custom Policy Settings" categoryname="Restrict Drives" policynameusb="Disable USB" policynamecd="Disable CD-ROM" policynameflpy="Disable Floppy" policynamels120="Disable High Capacity Floppy" explaintextusb="Disables the computers USB ports by disabling the usbstor.sys driver" explaintextcd="Disables the computers CD-ROM Drive by disabling the cdrom.sys driver" explaintextflpy="Disables the computers Floppy Drive by disabling the flpydisk.sys driver" explaintextls120="Disables the computers High Capacity Floppy Drive by disabling the sfloppy.sys driver" labeltextusb="Disable USB Ports" labeltextcd="Disable CD-ROM Drive" labeltextflpy="Disable Floppy Drive" labeltextls120="Disable High Capacity Floppy Drive" Enabled="Enabled" Disabled="Disabled" Chn OU hay user cn v hiu ha, chng ta edit hay to mi Group Policy v p t file*.adm vo. chn Administrative Templates Click chut phi v chn
Trong Computer Configuration Add/Remove Template
- 97 -
Tm v add file*.adm va to xong
OK
Click chut phi trn Custom Policy Settings chn View Filtering v b chn dng Only show policy setting that can be fully managed OK. Sau vo Restrict Drives trong Custom Policy Settings cho php hay cm cc thit b. Hnh sau minh ha vic cm s dng USB
Mu code ny s tc ng ln registry ca cc my khch vi thit lp ca n. Nu mu ny b xa b khi Group Policy p dng n, registry s thay i n tr li nh c. Nu chng ta mun o ngc li cc thit lp c to ra bi mu ny, cc n gin l o ngc cc ty chn sang re-enable cho cc . Lu : Code ny p dng cho cc phin bn di y ca Windows Microsoft Windows Server 2003, Standard Edition (32-bit x86) Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- 98 -
Qun tr v xy dng mi trng mng doanh nghip 5.4. X l s c 5.5. Bi tt tnh hung Tm tt: Group Policy Object (GPO) l mt thnh phn quan trng trong h qun tr ca Windows. N gip ngi qun tr c th a ra nhng chnh sch bo v, gii hn tm hot ng ca ngi s dng theo mt khun php nht nh. Domain Group Policy: trong h thng Windows Server th GPO hot ng theo m hnh client/Server. Do ngi qun tr s theo tc cc GPO trn my ch p t nhng thay i cn thit cho my con khi my con ng nhp vo h thng. Local Group Policy: trn mi my Win2k/XP Pro/WinS2k3 cng c mt b chnh sch nhm ti ch (local group policy), s c p dng khi my khng tham gia vo min AD no c (tc khi n tham gia vo mt workgroup hoc khi n c dng c lp). Cc my Windows XP Home th khng c local group policy. Group Policy c 2 thnh phn chnh l Computer Configuration v user configuration Computer Configuration: Cc thay i trong phn ny s p dng cho ton b ngi dng trn my. User Configuration: gip chng ta cu hnh cho ti khon ang s dng. Cc thnh phn c khc i cht nhng vic s dng v cu hnh cng tng t nh trn.
- 99 -
Qun tr v xy dng mi trng mng doanh nghip BI 6: GIM ST HOT NG MY CH Mc tiu:
Hiu bit cc cng c qun tr v gim st Server Gim st cc thnh phn v nhn bit nguyn nhn tht c chai Server a ra gii php nng cp, thm v thay mi CPU, RAM, DISK, Network
6.1. Phng thc qun tr Trch nhim chnh ca mt ngi qun tr h thng l qun l cc Server trong mt t chc, doanh nghip m hu ht cc nh qun tr khng phi lc no cng trong cng phng vi cc server m h qun l, nn h phi qun l Server t xa. V lm th no qun l Server c hiu qu ngay khi h cng phng vi server (Local Management) hay qun tr t xa (Remote Management). Bi ny chng ti s dng Microsoft Windows Server 2003 hng dn cc bn nhng g cn thit cng nh s dng cng c g, nhng quyn c yu cu cai qun cc server. 6.2. Cng c qun tr qun l mt server, chng ta phi c cc quyn ph hp lm cng vic ny. iu quan trng l phi bit r nhng quyn no c gn cho domain local group cho php cc thnh vin ca chng thc hin nhng thao tc c th, bi v chng ta c th s dng nhng group ny thc hin nhng thao tc qun l ph bin. Mc nh, nhng group ny c nhng quyn c xc nh trc quyt nh nhng thao tc h thng m cc thnh vin ca group hay cc group c th thc hin. Cc group mc nh gm: Administrators, Backup Operators, Account Operators, Server Operators, Print Operators (chc nng ca cc group ny cc bn c th xem li trong bi 2). Computer Management: l mt tp hp cng c qun l m chng ta c th s dng qun l mt my local hay my t xa. Chng ta c th s dng Computer Management : Gim st nhng s kin h thng, nh l nhng thi gian logon v nhng ng dng b li To v qun l cc ti nguyn share Xem danh sch cc user, ngi c kt ni ti mt my local hay my t xa Khi ng v dng cc dch v h thng, nh l Task Cheduler v Indexing Service Ci t cc thuc tnh cho cc thit b lu tr Xem nhng cu hnh thit b v add thm nhng driver thit b mi
Computer Management gm c cc thnh phn chnh v c qun l theo cy nh: System Tools, Storage, Services and Applications. Mi thnh phn ny c cc chc nng ring. System Tools: cho php chng ta s dng nhng cng c trong System Tools qun l nhng s kin h thng v qu trnh thc hin trn my tnh m chng ta qun l. Event Viewer: S dng Event Viewer qun l v quan st nhng s kin c ghi trong cc log application, security, v system. Chng ta c th quan st nhng bn ghi theo di nhng s kin bo mt v nhn dng nhng phn mm, phn cng v cc vn h thng c th xy ra. Shared Folders: S dng Shared folders xem nhng kt ni v cc ti nguyn c s dng trn my tnh. Chng ta c th to, xem v qun l nhng ti nguyn chia s (share) , xem v m cc file v phin lm vic
- 100 -
Qun tr v xy dng mi trng mng doanh nghip Local users and groups: S dng Local Users and groups to v qun l cc local user account v group ca chng ta. Performance Logs and Alerts: S dng Performance Logs and Alert gim st v tp hp d liu v qu trnh thc hin ca my tnh. Device Manager: S dng Device Manager xem cc thit b phn cng c ci trn my, update nhng driver cc thit b, thay i nhng thit lp phn cng v gii quyt cc vn xung t thit b.
Storage: gm cc cng c qun l cc thuc tnh ca cc thit b lu tr. Removeabke Storage: S dng Removeable Storage theo di nhng thit b lu tr c th di chuyn c v qun l cc th vin hay cc h thng lu tr d liu m cha chng. Disk Management: S dng Disk Management thc hin nhng thao tc lin quan ti a nh l chuyn i , to hay nh dng cc volume. Disk Management gip chng ta qun l cc a v nhng partition hay cc volume chng cha
Services and Applications: nhng cng c trong Services and Applications gip chng ta qun l cc services v nhng ng dng trn mt my tnh c ch nh. Services: S dng Services qun l cc dch v trn mt my local hay cc my t xa. Chng ta c th khi ng, ngng, dng, tip tc li hau disable cc dch v. WMI Control: S dng WMI Control cu hnh v qun l Windows Management Service Indexing Service: S dng Indexing Service qun l dch v Indexing v to, cu hnh thm nhng catalog lu tr ch mc thng tin .
Cc bc cu hnh Computer Management qun l Server t xa Log on vo my vi quyn administrator v password v d 123456?a Vo Start menu, right-click trn My Computer v sau click Manage. Right-click trn Computer Management (local), sau click Connect to another computer. Click Another Computer, nhp tn ca my hoc click Browse tm v tr my tnh m chng ta mun qun l t xa sau click OK. Trong Computer Management, chng ta s thy c cc cng c nh: System Tools, Storage v Services and Applications.
Mun dng cng c g s dng th chng ta chn cng c .
- 101 -
Microsoft Management Console (MMC) qun tr trn my Local hay qun tr t xa Microsoft Management Console (MMC) cung cp mt giao din m chng ta c th s dng to, lu v m cc cng c qun l, gi cc snap-in qun l cc phn cng, phn mm v cc thnh phn ca Windows Server 2003. Khi chng ta m mt cng c qun l trong MMC, chng ta c th ch nh p dng cng c trn my cc b (Local) hay trn mt my t xa. thc hin nhng cng vic trn nhiu server, s dng cc MMC snap-in. Hu ht nhng cng c qun l c cung cp bi h cc h iu hnh Windows Server 2003 l nhng MMC snap-in m chng ta c th s dng qun l cc server t xa ging nh my local ca chng ta. Cc bc cu hnh MMC cho qun l mt server t xa M Microsoft Management Console (MMC) bng cch vo Start Run g mmc OK
Vo menu chn File v click Add/Remove Snap-in, sau click Add. Trong danh sch snap-in, click vo Computer Management, ri click vo nt Add. Mt mn hnh Computer Management xut hin cho php chng ta chn local computer hoc remote computer, sau click Finish. Click vo Close v click OK.
Dng Remote Desktop qun tr Server qun tr t xa. Bng cch s dng Remote Desktop cho cng vic qun tr, chng ta c th qun l mt hay nhiu Server t xa t mt v tr. Trong mt t chc ln, chng ta c th s dng vic qun l t xa qun l tp trung nhiu my tnh c nh v trong cc to nh khc hay thm ch nhng thnh ph khc. Trong mt t chc nh hn, chng ta c th s dng vic qun l t xa qun l mt Server c nm trong mt vn phng khc. Remote Desktop cung cp cho vic truy xut ti mt server t mt my tnh ti mt v tr khc bng cch s dng Remote Desktop Protocol (RDP). RDP truyn giao din user ti phin client v n cng truyn bn phm v nhng click chut t client ti server. Chng ta c th to ti hai kt ni t xa ng thi. Mi phin m chng ta logon vo khng ph thuc vo phin lm vic ca user khc v phin lm vic ca server. Khi chng ta s dng Remote Desktop logon vo mt server t xa, n ging nh chng ta logon vo server local. Remote Desktop cung cp hai cng c m chng ta c th s dng qun l mt server t xa. Remote Desktop Connection v Remote Desktops snap-in. Mi trng hp ca cng c Remote Desktop Connection to ra mt ca s chnh n v cho php chng ta qun l mt server t xa cho mi ca s. N lun khi ng mt phin lm vic mi trn server. Remote Desktop snap-in rt hu ch cho cc nh qun tr, ngi qun l t xa nhiu Server hay cho cc nh qun tr phi kt ni ti phin lm vic t xa.
- 102 -
Qun tr v xy dng mi trng mng doanh nghip S kt ni ti a cho remote desktop connection ti mt Server l hai. Sau khi chng ta t ti gii hn ny, Remote Desktop khng cho php nhng kt ni remote desktop khc ti server. Tuy nhin mun s dng c dch v ny th chng ta phi enable truoc khi cu hnh Remote Desktop. Remote Desktop rt hu dng, bi v n cung cp truy xut t xa ti hu ht nhng thit lp cu hnh, bao gm Control Panel, mt cng c khng th c cu hnh t xa. Bng cch s dng mt phin Remote Desktop, chng ta c th truy xut MMC, Active Directory, Microsoft System Management Server, nhng cng c cu hnh mng v phn ln nhng cng c cu hnh khc. cu hnh Remote Desktop chng ta cn chun b cc bc sau: Trc khi chng ta qun l mt server t xa,, server remote phi c cho php qun l t xa. Remote Desktop Service phi c enable locally trn server t xa bi mt ngi qun tr h thng. Ngi qun tr h thng phi c nhiu quyn thch hp qun l my tnh. Mc nh, mt administrator c c quyn kt ni ti mt Server remote v c th s dng Remote Desktop thc hin cc thao tc t xa nh l add thm phn mm mi v ci nhng gi service pack trn mt server t xa. cu hnh cc kt ni server cho vic qun l server t xa Log on vi quyn nh Administrator. Vo Start menu, right-click trn My Computer chn Properties Click vo th Remote. Check vo Allow users to connect remotely to this computer.
Cu hnh Remote Desktop cho client Remote Desktop Connection l mt ng dng pha ma client cho php chng ta kt ni ti mt server sau khi Remote Desktop trn c enable trn Server kt ni ti mt server t xa bng cch s dng Remote Desktop Connection Trn my tnh client, click Start Desktop Connection. Programs Accessories Communications Remote
Trong hp thoi Computer, nhp tn computer name hoc a ch IP ca Server v sau bm Connect kt ni.
Nu mun ngt kt ni chng ta vo Start menu v chn Log off.
6.3. Gim st hot ng Server Gim st qu trnh thc hin Server l mt thnh phn quan trng ca cng vic bo dng v qun l h iu hnh ca chng ta. Vic theo di hng ngy qu trnh thc thi h thng bo m rng chng ta cp nht nhng thng tin v my tnh ca chng ta ang hot ng nh th no. Vic gim st s thc thi cng cung cp cho chng ta d liu m chng ta c th s dng d on s pht trin trong tng lai v d tnh thay i nh th no ti nhng cu hnh h thng ca chng ta c th nh hng ti hot ng trong tng lai. Phn ny gip cho chng ta c th thit lp mt ranh gii thc thi (baseline), thc hin vic gim st thi gian thc v log, cu hnh v qun l cc counter log v cu hnh alert.
- 103 -
Qun tr v xy dng mi trng mng doanh nghip Monitoring Server Performance Gim st thc thi l mt thnh phn ca vic bo dng server ca chng ta. Bng cch gim st u n s thc thi server qua nhng thi k thay i t cc ngy, tun, thng chng ta c th thnh lp mt baseline cho s thc thi server. Qua vic gim st, chng ta nhn c d liu thc thi rt c ch trong vic chn on cc vn server nh: Hiu nhng c im khi lng cng vic phi lm ca chng ta v tc ng tng ng ln cc ti nguyn h thng ca chng ta. Theo di nhng thay i v xu hng pht trin trong workload v vic s dng ti nguyn chng ta c th lp k hoch nng cp trong tng lai Kim tra nhng thay i cu hnh bi kt qu ca vic gim st h thng.
Chn on cc vn v nhn ra cc thnh phn hay nhng qu trnh ti u. Nhng cng c gim st chnh trong microsoft Windows Server 2003 l Performance console v Task Manager Task Manager: cung cp mt cch tng qut v hot ng v s thc thi h thng. N cung cp v nhng chng trnh v nhng qu trnh ang chy trn my tnh ca bn. N cng hin th nhng tiu chun nh gi s thc thi c s dng ph bin nht cho cc qu trnh. Bn c th s dng Task Manager thc thi real-time monitoring. Bn c th s dng Task Manager quan st nhng b hin th chnh ca s thc thi my ca bn. Bn c th xem nhng trng thi ca nhng chng trnh ang chy v kt thc nhng chng trnh no khng p ng. Bn cng c th nh gi hot ng ca qu trnh ang chy bng cch s dng ti 15 tham s khc nhau, v xem nhng biu , d liu v cch s dng CPU v b nh. Nu bn ang kt ni ti mng, bn c th xem trng thi mng Nu c nhiu hn mt user c kt ni vo my ca bn, bn c th xem ai ang kt ni, xem nhng file no h ang lm vic v gi cho h mt tin nhn .
Task Manager c 5 tab cho php bn thc hin tt c nhng chc nng ny. Tab Applications: Tab Applications hin th trng thi ca nhng chng trnh ang chy trn my tnh. Trong tab ny, bn c th kt thc, chuyn hoc khi ng mt chng trnh. Tab Processes: Tab Processes hin th thng tin v nhng qu trnh ang chy trn my. V d, bn c th hin th v vic s dng CPU, b nh, nhng li trang nh v cc thng s khc. Tab Performance: Tab Performance hin th mt ci nhn linh ng v s thc thi ca my tnh, bao gm : th v vic s dng CPU v b nh S handles, chui v nhng qu trnh ang chy trn my tnh ca bn. S lng KB ca b nh vt l, kernel v b nh chuyn giao. B nh vt l l tng b nh, b nh kernel l b nh m h thng kernel v cc driver thit b s dng, cn b nh chuyn giao l b nh c cp pht cho cc chng trnh v h iu hnh. Tab Networking: Tab Networking hin th dng ho qu trnh thc hin mng. N cung cp mt cch hin th n gin, nhng cht lng trnh by trng thi ca mng hay cc mng ang chy trn my tnh ca bn. Tab ny ch c hin th khi c mt card mng c tn ti. Trn tab ny, bn c th xem phm cht v tnh sn dng kt ni mng ca bn, xem bn c c kt ni ti nhiu mng hay khng. Tab Users:
- 104 -
Qun tr v xy dng mi trng mng doanh nghip Tab Users hin th tn ca cc user, nhng ngi ang truy xut vo my tnh cng vi trng thi phin v tn. Client Name ch nh tn ca my client ang s dng session, nu c th ng dng c. Session cung cp mt ci tn cho bn s dng khi bn thc hin nhiu thao tc nh l gi cho user khc mt thng ip hoc kt ni ti mt session ca user khc. Tab Users c hin th ch khi Fast User Switching c cho php trn my tnh m bn ang lm vic. My tnh cng phi l thnh vin ca mt workgroup hoc mt my standalone. Tab ny khng c trn cc my tnh l thnh vin ca domain. Performance Console Windows Server 2003 cung cp nhng cng c sau nh l thnh phn ca Performance console gim st vic s dng ti nguyn trn my tnh ca bn : System Monitor Performance Logs and Alert System Monitor: tnh nng ny bn c th tp hp v xem d liu theo phm vi rng v vic s dng nhng ti nguyn phn cng v hot ng ca cc dch v h thng trn my m bn qun l. Vi System Monitor, bn c th tp hp v xem d liu thc thi thi gian thc ca mt my local hoc nhiu my remote. chn d liu c tp hp, ch ra nhng i tng, cc counter thc thi v nhng trng hp i tng thc thi. Performance Logs and Alerts: cung cp kh nng theo di v cnh gic cho c hai my local v remote. Bn s dng logging phn tch chi tit v duy tr nhng mu tin. Vic gi li v phn tch d liu c tp hp qua thi gian c th hu dng lp k hoch nng cp. Vi performance Logs and Alerts, bn c th tp hp d liu s thc thi bng cch s dng hai loi log: counter log v trace log. Bn cng c th ci mt cnh bo trn mt counter gi mt thng ip, chy mt chng trnh hoc khi ng mt log khi gi tr ca counter vt qa hoc tt xung di mc ch nh. Thit lp thng s cho counter log Khi bn thit lp cc tham s cho mt counter log, bn phi chn mt nh dng file log. Chn nh dng file log ph hp nht cho mi trng ca bn. V d, nu bn chu trch nhim trc mt vi server, file nh dng text hoc binary l s la chn tt nht. Nu bn chu trch nhim qun l hnh trm server, nh dng d liu thnh database SQL l la chn tt nht. thit lp cc thng s file cho mt counter log 1. Vo Start Programs Administrative Tools click Performance. 2. Double-click vo Performance Logs and Alerts. 3. Double-click Counter Logs thit lp thuc tnh. 4. Double-click vo log file 5. Chn Tab Log Files v cu hnh cc option sau: Log file type, Chn log file cn nh dng, sau click vo nt Configure. Configure. Cu hnh cc la chn nh dung lng log file, tn file v v tr lu tr. End file names with: check vo End file names with l cho php chng ta chn tn file v tn file ny khc vi tn file do windows t to. Schedule Counter Log Tht l khng thc t nu cho mt ngi gim st mt server mng 24 h mi ngy. Bn phi t ng qu trnh ny bn c thi gian thc hin nhng cng vic khc ca bn. Bn c th sp xp cc counter log to ra mt ranh gii thc thi, tm nhng bottleneck, gim st cc s kin h thng v tp hp thng tin v nhng s kin h thng tc ng ti server nh th no . Bn c th sp xp cc counter log : To mt ranh gii thc thi Xc nh tc ng trn ton h thng khi vic sao lu xy ra gia cc domain controller Xc nh mt bottleneck c xy ra hay khng khi cc user logon vo bui sng Xc nh mt bottleneck c xy ra hay khng khi cc user kt ni t xa vo bui ti Xc nh xem Backup c gy ra mt bottleneck hay khng khi n chy vo bui ti . Xc nh xem mt bottleneck c xy ra hay khng trong mt khong thi gian no trong ngy khi cc user phn nn rng mng chm i.
- 105 -
Thng thng bn lp k hoch gim st bt u trong thi gian lm vic. Vi hu ht cc t chc, thi gian ny bt u t 8 h sng ti 5 h chiu. Vi nhng t chc hot ng 24 h mi ngy v 7 ngy mi tun, logging nn c m lin tc. Nu logging c m lin tc, bn c th to mt log file cho mi ca (thng thng 8 h) hoc ton b 24 h. Mt log file b gii hn bi kch thc tip tc pht trin ti kch thc m bn ch nh v sau mt log mi c khi ng. lp biu mt counter log, bn phi xc nh cc thng s khi ng v ngng n. Cc bc xc nh cc tham s khi ng v ngng cho mt counter log 1. Vo Start Programs Administrative Tools v chn Performance. 2. Double-click Performance Logs and Alerts v click Counter Logs. 3. Double-click ln tn ca counter log. 4. Trn Tab Schedule, cho php thit lp thi gian bt u (Start log) v thi gian kt thc (Stop log) ca mt counter log Ch : Thit lp gii hn trong hp thoi Configure Log Files trc khi click When the log file is full. Nu khng tu chn ny b lm khng hot ng. Cu hnh Alert S dng cc alert thng bo cho mt user hay nh qun tr khi mt gi tr counter c xc nh trc b vt qu hoc tt xung di mt thit lp ch ra. Ngoi ra, bn c th s dng Performance Logs and Alerts tp hp d liu v ti nguyn phn cng, cc dch v h thng v s thc thi. Alert l mt tnh nng m pht hin khi mt gi tr counter khai bo trc b vt qua hoc tt xung di mt thit lp c ch nh. Thit lp c ch nh trn mt counter c gi l alert threshold (ngng cnh bo) Bn c th ci mt alert trn mt counter thc hin nhng chc nng sau : To ra mt mc d liu trong log s kin ng dng. V d, enable tu chn ny nu bn mun ghi li tt c nhng s kin gy ra mt alert Khi ng mt log khi gi tr ca counter chn vt ngng hoc tt xung ngng cnh bo . V d, bn c th s dng ty chn ny thng bo cho bn nu CPU s dng qu 85 % Gi mt thng ip Chy mt chng trnh: Enable tu chn ny nu bn mun mt chng trnh chy khi mt s kin xy ra. V d, bn c th mun shutdown server khi a cng y. S dng procedure sau to mt alert to mt alert 1. Vo Start Programs Administrative Tools v chn Performance. 2. Double-click Performance Logs and Alerts v click Alerts. 3. Right-click trn vng trng v chn New Alert Settings. 4. Nhp tn Alert v sau bm OK. Trn Tab General, bn cn ch thch alert, khong thi gian thc hin v ngng cnh bo. Trn Tab Action, bn c th ch nh cnh bo bng cch gi e-mail hay chy mt chng trnh no khi c mt Alert xut hin. Trn Tab Schedule, bn c th lp lch thi gian bt u v thi gian kt thc scan alerts. Ch : lu nhng thit lp cho mt alert, right click ln alert trong ca s bn phi ca Performance console, v sau click Save Settings As. Bn c th ch ra mt file .html lu nhng thit lp ny. s dng li nhng thit lp lu cho mt alert mi, right click trong ca s bn phi, v sau click New Alert Settings From. y l cch d dng to nhng thit lp mi t mt cu hnh alert. Bn cng c th m file HTML trong Internet Explorer hin th mt th System Monitor S dng Performance console v Task Manager trong Microsoft Windows Server 2003 gim st hot ng Server. Mi trng doanh nghip ngy nay yu cu cc k s h thng bo m rng nhng server ca h hot ng hiu qu v ng tin cy. ti u s thc thi ca server, bn phi tp hp d liu v qu trnh thc thi, gip bn nhn ra nhng ch h thng tc nghn (bottleneck). Phn ny trnh by lm th no tp hp d liu qu trnh thc thi bng cch s dng h thng server subsytem.
- 106 -
Qun tr v xy dng mi trng mng doanh nghip Bn subsystem chnh l : B nh: B nh server l h thng con quan trng nht i vi s thc thi chung ca server. Nu server khng c b nh RAM gi d liu m n cn, n phi lu tm thi d liu ln cng. Truy xut a chm hn nhiu so vi RAM, v th vic lu d liu trn a c th lm gim ng k s thc thi server. B x l: Kha cnh quan trng nht trong vic thc thi b x l l mc s dng ca n. Khi mt ng dng hay phn mm khc s dng nhiu hn chu k chia s ca n, tt c cc phn mm khc ang chy s hot ng chm i nhiu hn. a: Tc truy xut ca cc a vt l c th nh hng ln ti tc ng dng hot ng v d liu c ti ln. V th, dung lng trng a phi bn ci nhng ng dng, lu tr d liu v c dung lng trng cho b nh o. Mng: S thc thi mng ca bn b tc ng bi c hai phn cng trong cu trc mng ca bn v phn mm ang chy trn server v cclient. Thiu b nh l nguyn nhn ph bin nht ca cc vn thc thi nghim trng trong cc h thng my tnh. Thm ch nu bn c nghi ng ti cc vn khc, nhng trc tin hy kim tra cc counter b nh loi tr kh nng thiu b nh. Gim st b nh server nh gi lng b nh sn c, mc b nh o, v theo di nhng tc ng ca vic thiu b nh. Gim st b nh server c th gip bn xc nh bt k mt trong nhng trng hp tn ti sau : Tc nghn b nh: Trng hp b nh thp c th lm chm hot ng ca cc ng dng, cc services trn server v c th nh hng ti s thc thi ca cc ti nguyn khc trn server ca bn. V d, khi server ca bn b thp b nh, trang nh c th b ko di, dn ti lm vic trn a ca bn nhiu hn. Bi v n i hi c v ghi ln a, nn trang nh ny hot ng c th cnh tranh vi cc yu cu thc thi a khc, do lm dn ti mt vn tc nghn a. Tt c nhng cng vic vi a c th mun ni rng b x l c s dng thp hay n ang lm vic khng nh mong mun, nh l x l nhiu ngt thay th nhng trang nh li. Page faults xy ra khi server khng th nh v code c yu cu hoc d liu trong b nh. Nh l mt kt qu, cc ng dng v nhng services tr nn t phn ng hn. V th, iu quan trng l phi gim st b nh mt cch u n pht hin nhng tc nghn b nh. Khng b nh: Khng b nh l l do ca nhng triu chng chng ta bt gp vi dung lng b nh thp. Bng cch gim st b nh server, bn c th s dng baseline c thit lp d bo trc khi no bn cn add thm b nh v trnh cc vn ny. Vt qu trang nh: Du hiu ca vic thiu b nh thng l paging. Paging l qu trnh di chuyn nhng khi code kch thc c nh v d liu t RAM ti a bng cch s dng cc khi c gi l pages gii phng b nh cho nhng mc ch khc. Mc d mt vi paging c th chp nhn c, bi v n cho php bn s dng b nh nhiu hn l kch thc tn ti tht s, nhng hng s paging lm chm s thc thi server. Gim paging ci thin ng k tnh trng ca server Tht thot b nh: Vic tht thot b nh xy ra khi cc ng dng nh v b nh s dng, nhng khng gii phng b nh c nh v khi ng dng kt thc. V kt qu l b nh b s dng mt cch lng ph, thng lm cho server ngng hot ng ng.
B nh RAM:
- 107 -
S dng cc counter Performance xc nh xem b nh c gy ra mt nghn c chai trong h thng hay khng. Danh sch sau bao gm hai loi counter. Loi counter th nht l counter tc , nh l Pages/sec, Page Faults/sec. Mt counter tc ly mu vic gia tng m cc s kin theo thi gian. hin th tc hot ng, counter tc chia b m thnh nhng gi tr thay i theo thi gian. V th, nhn c mt kt qu chnh xc, bn phi gim st cc counter tc lu mt cht, thng thng t 30 ti 60 giy. Loi counter th hai l counter tc thi , nh l Avaiable Bytes v Committed Bytes. Nhng counter ny hin th cc php o gn nht. Pages/sec: S yu cu cc trang nh khng c sn ngay lp tc trong RAM, v v th phi c truy xut t cng hoc c ghi ln a to ra mt phm vi trong RAM dnh cho nhng trang nh khc. Thng thng, nu gi tr ca counter vt qua 5 chu k m rng, b nh c th b tc nghn trong h thng. Avaialble Bytes: Dung lng b nh vt l sn c. N thng thp, bi v Windows Disk Cache Manager s dng nhiu b nh hn thng l lu v sau tr n v khi nhng yu cu b nh xy ra. Tuy nhin, nu gi tr ny thng thp di 5 % ca tng dung lng b nh, n ch ra rng tha qu mc trang nh ang xy ra Committed Bytes: Dung lng b nh o c trao chuyn cho RAM vt l lu tr hoc cho cc trang nh. Nu dung lng c chuyn ln hn dung lng b nh vt l, nhiu RAM hn c yu cu. Pool Nonpages Bytes: Dung lng RAM trong vng nh h thng Nonpaged pool, ni m dung lng c yu cu bi cc thnh phn ca h iu hnh khi chng hon thnh nhim v ca chng. Nu gi tr Pool Nonpaged Bytes th hin mt s gia tng u n v khng tng thch vi hot ng trn server, n c th ch ra rng mt qu trnh tht thot b nh ang chy, v bn nn gim st n cn thn. Pages Faultd/sec: S ln mt trang nh o khng tm thy trong b nh. Nu con s ny l vt qu 5, qu nhiu b nh c inh v cho mt ng dng v khng cho server m bn ang chy.
Gim st b nh RAM bng cch s dng Performance console: 1. Vo Start Programs Administrative Tools v chn Performance. 2. Right-click trn System Monitor v click Add Counters.
- 108 -
Qun tr v xy dng mi trng mng doanh nghip Di Performance object, click vo Memory, chn cc counter cn gim st v Add vo Pages/sec Available Bytes Committed Bytes Pool Nonpaged Bytes Page Faults/sec Ch : Mi khi bn click Add add mt counter, counter c add vo danh sch nhng counter trong ca s bn phi ca System Monitor. 3. Trong ca s bn phi ca System Monitor, view counters, v chn cch gii quyt cho cc vn ca memory. Mo nh: Hnh ng ph hp gii quyt mt vn b nh c th bao gm vic tm kim qu trnh gy ra paging hoc vic s dng RAM, kim tra tht thot b nh trong mt ng dng v add thm RAM. Gim st b nh RAM bng cch s dng Task Manager: Bn cng c th gim st b nh bng cch s dng Task Manager : 1. Bm t hp phm CTRL+ALT+DEL, v chn Tab Task Manager. 2. Trn Tab Performance, gim st data trong Page File, Physical Memory, Kernel Memory v Commit Charge. Gim st b x l: Cch s dng b x l, cn gi l cch s dng CPU l t l phn trm lng thi gian m CPU ang lm vic. Bn phi gim st cch s dng CPU pht hin cc vn tc nghn CPU. Trong Windows Server 2003, bn c th s dng Tak Manager ging nh Performnace gim st hot ng v cch s dng CPU. Couner xc nh cch s dng trong nhng cng c ny c gi l : CPU Usage trong Task Manager % Processor Time trong Perfromance Trong Task Manager, CPU Usage hin th mt th ch ra phn trm thi gian b x l ang lm vic. Counter ny l b hin th chnh hot ng ca CPU. Xem th ny thy bao nhiu phn trm b x l ang x dng. Nu h thng ca bn c v nh chy chm i, th ny c th hin th phn trm cao. Trong Performance, % Propcessor Time l phn trm thi gian tri qua m b x l s dng thc thi mt xu chui khng ngng. Mi b x l c mt tuyn on rnh ri s dng trong cc chu k khi khng c nhng xu lnh no sn sng chy. Counter ny l b hin th chnh hot ng ca CPU. N hin th phn trm trung bnh ca thi gian bn c theo di trong khong thi gian gia hai s kin mu. N tnh ton gi tr ny bng cch gim st thi gian m CPU hot ng nhn ri v ly 100% tr cho gi tr . iu quan trng l quan st counter trn nhng h thng SMP cng nh trn cc h thng ch c mt CPU. SMP cho php bt k mt trong nhiu b x l trn my tnh chy h iu hnh hoc chui ng dng ng thi vi cc b x l khc trong h thng. Theo di cch s dng tng b x l ring bit v cho tt c cc b x l khc trn h thng qua mt thi gian rng.Ngoi ra xt s chui hng i trong b x l ca h thng xc nh xem vic s dng b x l cao c lm cho kh nng hon thnh cng vic ca h thng b gii hn hay khng.
- 109 -
Hu nh mi hot ng xy ra trn mt server u lin quan ti b x l. B x l cho mt server ng dng thng th bn hn CPU trn file v printer server. V kt qu l, cp b x l hot ng l s khc nhau gia hai loi server. Hai nguyn nhn ph bin nht gy ra nhng tht c chai CPU l gii hn CPU ng dng v driver, v qu nhiu ngt c to ra bi thiu a hoc bi cc thnh phn h thng mng ph. Gim st cc counter b x l xc nh xem b x l c gy ra mt botleneck (nghn) hay khng. % Processor Time: Nhng gii hn lng thi gian m b x l bn. Khi b x l chy qu 85%, b x l l mt h thng botleneck. Phn tch cch s dng b x l bng cch gim st tng b x l ring bit xc nh xem nguyn nhn b x l hot ng l g. System. Processor Queue Length: S yu cu trong hng i cho b x l. N ch ra s chui lnh sn sng c thc thi v ang i x l. Thng thng, di mt hng i x l di hn hai c th cho thy tc nghn. xc nh nguyn nhn gy ra tc nghn, bn phi phn tch su hn tng qu trnh ring bit to ra cc yu cu ti b x l. Server Work Queues: Queue Length. S yu cu trong hng i c chn x l.
Interrupts/sec: S ngt m b x l ang bo qun t cc ng dng hay t cc thit b phn cng. Windows Server 2003 c th gi hng ngn ngt mi giy. Mt s gia tng t ngt gi tr ca counter ny m khng tng thch vi s gia tng hot ng h thng, ch ra rng mt phn cng c vn . Vn c th l mt thit b khng th duy tr vi s ngng li ca h thng, ging nh b iu khin a hay card mng (NIC). Mt s bin php ci thin b x l khi botleneck - Add mt b x l nhanh hn nu h thng l mt file v print server - Add thm nhiu b x l cho cc appplication server - Offload qu trnh x l ti mt h thng khc trn mng, nh l cc user, ng dng hoc cc services. - Nng cp card mng ca bn, card a, b iu khin a. Nhn chung, cc card thng minh 32 bit c ngh. Nhng card thng minh cung cp cho h thng s thc thi ton din tt hn bi v chng cho php cc ngt c x l trn chnh card .
Gim st hot ng ca b x l bng Performance 1. Vo Start Programs Administrative Tools v chn Performance. 2.Trong ca s Performance, System Monitor c chn theo mc nh. Trong ca s bn phi ca System Monitor, counter % Processor Time c hin th
- 110 -
Qun tr v xy dng mi trng mng doanh nghip Gim st hot ng ca b x l bng Task Manager 1. Bm t hp phm CTRL+ALT+DEL v sau click Task Manager. Bn cng c th m Task Manager bng cch right-click trn taskbar v chn Task Manager hoc cng c th dng t hp phm Ctrl+Shift+Esc. 2. Trn Tab Performance, xem counter trong CPU Usage v CPU Usage History. Gim st a (Disk) H thng a ph nm gi vic lu tr, hot ng ca cc chng trnh v d liu trn server ca bn. Cng c Performance cung cp cc counter a c th cho php bn gii hn hot ng v thng lng a Trng thi bottleneck a c biu th bi s hin din ca tt c nhng iu kin sau: Tc duy tr hot ng ca a lin tc vt trn ranh gii ca bn S hng i lin tc nhiu hn hai cho mi a Thiu mt s lng ng k trang nh
Xem xt ti dung lng lu tr v thng lng a khi bn bt u nh gi cu hnh. S dng bus, b iu khin, cab v nhng cng ngh a m n a ra thng lng tt nht. Phn ln cc my tnh thc hin tng xng mt mc va phi vi gi c cc thnh phn a. Tuy nhin, nu bn mun thu c s thc thi tt nht, bn c th mun nh gi nhng thnh phn a mun nht. Nu cu hnh ca bn cha nhiu loi a, bo mch iu khin v bus, nhng khc nhau trong cc thit k ca chng c th tc ng ti tc thng lng. Bn c th mun kim tra thng lng bng cch s dng nhiu h thng a khc nhau, xc nh xem mt vi thnh phn c a ra t kt qu c ch ni chung hay khng, hay ch mt loi no v sau thay th nhng thnh phn ny khi cn. Ngoi ra, mt vi loi cu hnh volume set c th cung cp nhng li ch cho s thc thi. V d cc volume striped c th cung cp s thc thi tt hn, bi v chng gia tng thng lng bng cch cho php nhiu a bo dng tun t hay nhng yu cu I/O c nhm li. Mt volume striped l mt volume m d liu c chn vo ko di t hai hay nhiu a. D liu trn mt loi loi ny c nh v lun phin nhau v u nhau trn mi a vt l.
Cc counter dng xc nh khi no a bottleneck Khi phn tch s thc thi v dung lng lu tr h thng a con, gim st nhng counter sau cho cc bottleneck:
- 111 -
Qun tr v xy dng mi trng mng doanh nghip % Disk Time. Ch ra lng thi gian m bn c v ghi cc yu cu. Nu iu ny thng gn 100%, a ang c s dng rt nng n. Vic gim st tng qu trnh ring bit gip xc nh qu trnh no to ra phn ln cc yu cu a. Current Disk Queue Length. Ch ra s yu cu I/O a cha gii quyt cho a. Nu gi tr ny thng hn 2, n ch ra s tc nghn. Avg.Disk Bytes/Tranfer. S byte trung bnh c chuyn giao ti hay t a trong qu trnh cc hot ng ghi hoc c. Kch thc chuyn giao ln hn, h thng chy hiu qu hn. Disk Bytes/sec. y l tc m cc bytes c chuyn giao t hay khi a trong cc hot ng ghi c. LogicalDisk\%Free Soace. y l dung lng a trng sn c.
Nu bn xc nh rng h thng a con l mt h thng bottleneck, mt s gii php l c th, bao gm : Phn mnh a bng cch s dng Disk Defragmenter Loi tr b nh thp. Khi b nh l khan him, Vitual Memory Manager ghi nhiu trang nh ti a hn, dn ti gia tng hot ng a. Trc khi bn add thm phn cng, chc chn rng b nh thp khng phi l nguyn nhn ca vn , bi v b nh thp l nguyn nhn ph bin ca cc bottleneck Add thm mt b iu khin nhanh hn, nh l Fast SCSI-2 Add thm cc a trong mt mi trng RAID. Gii php ny dn tri d liu ra nhiu a vt l v ci thin s thc thi, c bit l trong cc hot ng ghi. Chuyn gnh nng ang x l cho mt h thng khc trn mng, nh l cc user, ng dng hay cc services.
gim st a chng ta thc hin theo cc bc sau: 1. Vo Start Programs Administrative Tools v chn Performance. 2. Right-click c s bn phi ca System Monitor v click Add Counters. 3. Trn hp thoi Add Counters, bn di Performance object, chn PhysicalDisk, chn cc counter cn v Add vo nh: % Disk Time Avg. Disk Bytes/Transfer Current Disk Queue Length Disk Bytes/Sec 4. Xem cc counter bn phi ca System Monitor v a ra cc gii php khc phc cho cc vn pht sinh ca a. Mo nh : gii quyt mt a bootleneck, bn c th cn xc nh xem paging c ang xy ra hay khng, nu c, nng cp a. S dng Performance gim st mng: Cc giao tip qua mng lm gia tng tnh quan trng trong bt k mi trng lm vic no. Tng t nh b x l hay cc a trn h thng ca bn, hot ng ca mng tc ng ti hot ng h thng ca bn. Ti u s thc thi h thng ca bn bng cch gim st vic s dng mng mt cch u n, nh l lu thng mng v vic s dng ti nguyn. Cch s dng mng l phn trm bng thng mng c s dng trn on mng ang c theo di. Bng thng mng c o theo nhiu cch khc nhau : Tc truyn cc bytes gia cc server Tc m gi d liu c gi bi server. Cc gi d liu bao gm frames, packet, segment v datagrams. Tc cc file c gi v nhn bi server.
Hiu qu bng thng mng thay i rt ln, ph thuc vo kh nng truyn ti ca ng link, cu hnh server v khi lng cng vic server.
- 112 -
Bn gim st cch s dng mng pht hin nhng bottleneck mng. Nhng bottleneck mng nh hng ngay lp tc kinh nghm ca user ti cc trm lm vic client v ton mng. Mt bottleneck mng gii hn s client c th truy xut ng thi vo server. Nhng nguyn nhn ph bin cho nhng bottleneck mng l : Qu ti server Qu ti mng Mt i tnh ton vn mng
Cc counter s dng xc nh bottleneck trn mng: S dng nhng counter c gim st ph bin sau hnh thnh mt bc tranh tng qut v gim st mng nh th no v gip khm ph v gii quyt cc bottleneck mng. Task Manager: % Network Utilization. Phn trm bng thng mng c s dng trong on mng cc b. Bn c th s dng counter ny gim st tc ng ca nhiu hot ng mng khc nhau trn mng, nh l user logon vo mng c hiu lc v ng b domain account . Network Interface : Bytes Sent/sec. S bytes c gi bng cch s dng card mng Network Interface: Bytes Total/sec. S bytes c gi v nhn bng cch s dng card mng ny. S dng counter ny xc nh card mng ang lm vic nh th no. Counter Bytes Total/sec bo co cc gi tr cao, ch ra rng mt s ln hn s truyn pht thnh cng. Server. Bytes Received /sec. So snh cc bytes nhn c mi giy vi tng bng thng ca card mng ca bn xc nh xem kt ni mng ca bn c ang to ra cc bottleneck hay khng.
gim st cch s dng mng bng Performance : 1. Vo Start Programs Administrative Tools v chn Performance. 2. Right-click c s bn phi ca System Monitor v click Add Counters. a. Trong Performance object, chn Network Interface, v chn cc counter cn gim st v Add vo nh: Network Interface\Bytes Sent/sec Network Interface\Bytes Total/sec b. Performance object, chn Server, chn cc counter add v sau click Close. Server\Bytes Received/sec
- 113 -
Qun tr v xy dng mi trng mng doanh nghip 3. Xem cc counter ca s bn phi ca System Monitor v a ra cc gii php khc phc nu Network c vn pht sinh. Mo nh : hnh ng thch hp gii quyt mt vn l c th cn phi nng cp hay add thm card mng khc. Bn cng c th chia mng thnh tng on nh hoc gii hn cc giao thc ang s dng. Hay bn cng c th s dng Task Manager gim st Network. S dng Event viewer gim st h thng. Event viewer l mt cng c quan trng trong vic gim st h thng da vo cng c ny ngi qun tr s pht hin ra nhng k truy cp bt hp php vo nhng thi im c th, vi tnh nng lc trong Event viewer gip chng ta gii hn nhng s kin cn thit gim st. Event viewer l mt cng c tch hp trong Windows cho php xem li cc s kin xy ra trong h thng mt cch chi tit vi nhiu tham s c th nh: user, time, computer, services Cc s kin ri rc c lc li thnh nhng s kin ging nhau gip chng ta ly c nhng thng tin cn thit mt cch nhanh nht. Event viewer phn vng cc s kin ring bit cho tng ng dng, mt my ch ci t mc nh s c ba phn vng trong event viewer l: Application Security System
Application log
Application log ghi li s kin ca cc ng dng t cc nh sn xut hay cc ng dng mailthng thng cc thit lp trong Application l mc nh ca cc ng dng nn chng ta ch c th c n m khng thit lp c.
- 114 -
Security log
y l mt trong nhng log quan trng nht trong h thng, n ghi li ton b cc thit lp audit trong group policy, cc thit lp group policy quan trng nht l thit lp gim st qu trnh login vo h thng, truy cp d liu.
Trong thit lp ny chng ta thit lp gim st qu trnh truy cp log-on, log-off h thng. khi thit lp gim st ny th ton b ngi dng logon hay logoff vo h thng u c ghi li trong security log
bit ti khon no log-on, log-off vo lc my gi chng ta m Event viewer v tm n dng Security log, ti ca s bn phi double click vo ti khon cn xem, xut hin hp thoi thng bo cho chng ta thng tin ngy gi ca ti khon va log-on, log-off
- 115 -
Qun tr v xy dng mi trng mng doanh nghip Cc bc thit lp gim st mt Folder Bc 1: Thit lp audit object access trong group policy ch Success v Failure Vo start Run g gpedit.msc, xut hin ca s group policy object editor
Ti mn hnh group policy object editor chn nhnh computer configurationt bm vo du cng ca th mc Windows settings security settings local policy audit policy ti ca s bn phi double click vo dng audit object access xut hin hp thoi audit object access properties nh du vo Success v Failure
Chn Apply
OK
Vi thit lp trong group policy chng ta ch enable tnh nng cho php h thng ghi li m thi, mc nh h thng sau khi thit lp ny s ghi li event vi cc i tng h thng nh registry Cn mun mt qu trnh truy cp vo folder m c lu li th phi thit lp trn chnh folder . Bc 2: Thit lp audit trn foder. Click chut phi vo folder chn properties Tab Security chn Advanced, chuyn sang Tab Audit chn trong ca s Add chng ta Add group vi tn l everyone xut hin ca s cho php la chn nhng i tng cn ghi li chn full control ghi li tt c cc hot ng cn gim st OK Restart li my
- 116 -
Sau vo Event Viewer kim tra xem ti khon no thao tc nhng g trn th mc c thit lp
System Log
System log c thit lp mc nh ca h thng gip chng ta xem li cc s kin: Bt, tt, pause, disable, enable cc services ca h thng. V d nh mt service chy b li trong thi im no n s ghi li trong system log ca event viewer.
- 117 -
11.4. Log Properties

Log properties gip chng ta cu hnh dung lng file log, cch xo cc event c i nh th no, v nhng tnh nng lc cc s kin. s dng tnh nng log properties cho ng dng no chng ta click chut phi trn ng dng chn properties
Ti Tab General chng ta c th xem tn v ng dn ca file log, ngoi ra chng ta c th qui nh dung lng cho file log v qui nh thi gian xa cc file log c. Ti Tab Filter chng ta c th thit lp Evnet Viewer ch lc theo kiu no ti dng event types nh: information, warning, error, success audit, hay failure audit bng cch chn hay b chn trc hp kim ca cc tnh nng . Hoc chng ta c th thit lp lc cc s kin theo thi gian v ID ca cc s kin.
6.4. X l li gim st 6.5. Bi tp tnh hung
- 118 -
Qun tr v xy dng mi trng mng doanh nghip Tm tt: Computer Management: l mt tp hp cng c qun l m chng ta c th s dng qun l mt my local hay my t xa. Computer Management gm c cc thnh phn chnh: System Tools, Storage, Services and Applications System Tools: cho php chng ta s dng nhng cng c trong System Tools qun l nhng s kin h thng v qu trnh thc hin trn my tnh m chng ta qun l. Storage: gm cc cng c qun l cc thuc tnh ca cc thit b lu tr. Services and Applications: nhng cng c trong Services and Applications gip chng ta qun l cc services v nhng ng dng trn mt my tnh c ch nh. Microsoft Management Console (MMC): cung cp mt giao din m chng ta c th s dng to, lu v m cc cng c qun l, gi cc snap-in qun l cc phn cng, phn mm v cc thnh phn ca Windows Server 2003. Khi chng ta m mt cng c qun l trong MMC, chng ta c th ch nh p dng cng c trn my cc b (Local) hay trn mt my t xa. Remote Desktop: Bng cch s dng Remote Desktop cho cng vic qun tr, chng ta c th qun l mt hay nhiu Server t xa t mt v tr. Trong mt t chc ln, chng ta c th s dng vic qun l t xa qun l tp trung nhiu my tnh c nh v trong cc to nh khc hay thm ch nhng thnh ph khc. Trong mt t chc nh hn, chng ta c th s dng vic qun l t xa qun l mt Server c nm trong mt vn phng khc. Task Manager: cung cp mt cch tng qut v hot ng v s thc thi h thng. N cung cp v nhng chng trnh v nhng qu trnh ang chy trn my tnh ca bn. N cng hin th nhng tiu chun nh gi s thc thi c s dng ph bin nht cho cc qu trnh. Bn c th s dng Task Manager thc thi real-time monitoring. Performance Console: Windows Server 2003 cung cp nhng cng c sau nh l thnh phn ca Performance console gim st vic s dng ti nguyn trn my tnh ca bn l: System Monitor, System Monitor
- 119 -
Qun tr v xy dng mi trng mng doanh nghip BI 7: QUN TR LU TR V BO MT D LIU Mc tiu: Phn bit a tnh v a ng Cu hnh a ng v to RAID cho my ch chuyn dng Hiu bit cc kiu sao lu v phc hi d liu ti u M ha d liu vi NTFS Qun l lu tr vi a Quota X l cc s c lin quan
7.1: Gii thiu a Khi bn ci mt a mi, Windows Serer 2003 ghi nhn v cu hnh n l mt basic disk. Mt basic disk mc nh c tnh lu tr trung bnh v cung cp kh nng cu hnh b gii hn. Bi hc ny m t lm th no nh dng mt basic disk bng cch s dng Disk Management v cng c dng lnh DiskPart. N cng gii thch cc thuc tnh h thng tp tin tc ng nh th no ti a v s dng nhng h thng tp tin nh th no khi cu hnh a. Basic disk l loi a mc nh cho Windows Server 2003. Mt basic disk cung cp cho bn nhng kh nng gii hn ci t cc a cng ca bn. Trong khi , cc dynamic disk cung cp cho bn nhiu linh hot hn trong vic ci t a cng. V d, bn c th thc thi kh nng chu li trn mt dynamic disk nhng khng th thc hin trn mt basic disk. Cc u im ca Static Disk (Basic Disk) Li ch ca mt Static Disk l n cung cp cho bn khong trng c lp, bn c th s dng cho vic t chc d liu. Bn c th chia mt basic disk thnh 4 primary partition hoc 3 primary partition v mt partition m rng, trong partition m rng c th chia thnh mt hay nhiu cc a logical Cc u im ca Dynamic Disk Nhng li ch ca cc dynamic disk l : Mt dynamic disk c th c s dng to cc volume tri rng ra nhiu a cng Khng c gii hn v s volume c th c cu hnh trn mt dynamic disk Cc dynamic disk c s dng to ra nhng a chu li bo ton d liu khi c li phn cng xy ra.
7.1.1. Static Disk Partirion l gi?
- 120 -
nh dng a l mt cch phn chia a cng vt l thnh cc phn, mi phn hay partition hot ng nh l mt khi ring bit. Bn c th s dng cch nh dng phn chia mt cng thnh nhiu k t a gip d dng t chc cc file d liu. Mi partition c gn mt k t khc nhau, nh l C hay D. Sau khi bn to mt partition, bn phi format n vi mt h thng file trc khi bn c th lu d liu trn partition. Khi bn gn mt a cng mi vo trong my tnh, bn phi khi chy a trc khi bn c th to cc partition. Khi bn khi ng Disk Management trc tin sau khi ci xong mt cng mi. Wizard s xut hin cung cp mt danh sch cc a mi c pht hin bi h iu hnh. Khi bn hon thnh wizard, h iu hnh khi chy a bng cch ghi mt k hiu chng nhn a, nh du sector kt thc v mt MBR. Nu bn b qua wizard trc khi k hiu chng nhn a c ghi, trng thi a khng c khi chy s duy tr. Primary partitions: Bn to cc primary partition trn mt basic disk. Mt basic disk c th c ti 4 primary partition hoc 3 primary partition v mt partition m rng. Mt primary partition khng th b chia nh. Mt partition m rng c th c chia thnh nhiu a logic. Logical drives: Cc a logic tng t nh primary partition, ngoi tr mt iu rng bn c th to ti 24 a logic cho mi a cng nhng b gii hn ch c 4 primar partition cho mi a cng. Bn c th format mt a logic v gn mt k t cho n. Extended partitions: Bn ch c th to mt partition m rng trn mt basic disk. Khng ging nh primary partition, bn khng th format mt partition m rng vi mt h thng tp tin. Thay v th, bn to ra mt hoc nhiu a logic trong partition m rng v sau format chng vi mt h thng tp tin. Format a disk: Bn phi format mt a trc khi c th s dng n. Qu trnh format a s cu hnh partition vi mt bng cp pht tp tin. Qu trnh ny chun b a c v ghi. Khi bn format mt a, h iu hnh xo tt c bng cp pht tp tin trn a, kim tra a xc nhn rng cc sector l ng tin cy, nh du nhng sector xu, v to cc bng a ch ni m n s dng sau ny nh v thng tin. Deleting a partition: Vic xo mt partition s ph hu tt c d liu trn partiion. Sau partition s phc hi li dung lng trng cp pht. Nu bn ang xo mt partition m rng, bn phi xo tt c cc a logic ca n trc khi xo partition.
- 121 -
Qun tr v xy dng mi trng mng doanh nghip Assign drive letters: Windows Server 2003 cho php gn tnh cc k t a cho mt partition, volume hay CD-ROM c th . Manage drive letters: Bn c th s dng ti 24 k t a t C ti Z. Cc k t A v B c dnh trc cho cc mm. Tuy nhin, nu bn ch c mt mm, bn c th s dng k t B cho mt a mng. Khi bn add thm mt cng mi vo h thng my tnh ang tn ti, n khng tc ng ti nhng k t c gn trc . Lu : Trc khi bn xo hoc to cc partition trn mt a cng, bo m backup tt c nhng thnh phn trn a, bi v qu trnh xo hay to cc partition s ph hu bt k d liu no ang tn ti. Phn chia Partition: Bn c th s dng Disk Management hoc l DiskPart phn chia a. Bn c th s dng Disk Management khng ch chia a, nhng cng c th format v gn cc k t a ti cng thi im. Khi bn chia mt a ang tn ti, trc tin bn phi xo cc partition trc. Bn c th s dng Disk Management hoc DiskPart hon thnh nhng thao tc ny. chia mt a cng bng bng cng c Disk Management 1. Vo Start Programs Administrative Tools Computer Management v m Disk Management. 2. Right-click vo vng unallocated ca a basic v chn New Partition, hoc right-click trn vng a trng extended partition v chn New Logical Drive. 3. Ti mn hnh New Partition Wizard, click Next. 4. Trn trang Select Partition Type, click chn Primary Partition v click Next. 5. Trn trang Specify Partition Size, chn dung lng Partition v click Next. 6. Trn trang Assign Drive Letter or Path chn k t a v click Next. 7. Trn trang Format Partition: cho chng ta cc ty chn v nh dng file system, nhn a 8. Click Next v click Finish. Chng ta cng c th dng DiskPart phn chia a cng. Phn ny th cc bn c th t tm hiu thm. Drive Letter l gi? Chng ta c th s dng Disk Management hoc DiskPart gn, thay i hoc remove cc k t a trn partition. L mt nh qun tr, bn s qun l nhng k t a bng cch s dng hai cng c ny nhung chng ti ch gii thiu cng c l Disk Management. gn, thay i hoc remove cc k t a bng cch s dng Disk Management 1. Trong Computer Management chng ta chn Disk Management. 2. Right-click trn partition chn logical drive hoc volume v sau click Change Drive Letter and Paths. 3. S xut hin cc ty chn cho php chng ta c th: Gn k t a (drive letter), bng cch click Add v sau chn k t cn gn. Thay i k t a (drive letter), bng cch click Change v sau chn k t cn gn. Remove k t a (drive letter) chn n v chn Remove. Mounted Drive l gi? Vic s dng cc a mount c th gip bn qun l v t chc d liu trn server ca bn. S dng mt a c mount khi bn c hai a c d liu lin quan m v phng din logic ch thuc v mt a. Ngoi ra, cc a mount cng gip bn qun l s k t a b gii hn m bn phi lm vic trn mt a cng. Mt a mount l n v lu tr c lp c qun l bi h thng tp tin NTFS. Bn c th s dng Disk Management mount mt a local ti bt k folder trng no trn mt volume NTFS. Phng php ny tng t nh to mt shorcut ch ti mt partition disk hoc volume. Mount mt a ti mt folder cho php bn s dng mt tn trc quan cho folder, nh l Program Data. Sau cc user c th lu d liu ca h trong folder Program Data, ng hn l lu vo mt k t a.
- 122 -
Qun tr v xy dng mi trng mng doanh nghip Khi bn mount mt a local ti mt folder trng trn volume NTFS, Disk Management s gn mt ng dn, ng hn l mt k t cho a. Cc a c mount khng tu thuc vo gii hn 26 a c p t bi cc k t a, v th bn c th s dng nhng a c mount truy xut nhiu hn 26 a trn my tnh. Windows Server 2003 m bo rng cc ng dn c duy tr lin kt ti cc a, v th bn c th add hay sp xp li nhng thit b lu tr m khng lm cho ng dn a b fail. Ti mt mounted drive bng cng c Disk Management to mt a mount bng cch s dng Disk Management 1. Trong mn hnh Computer Management, m Disk Management. 2. Right-click trn volume m bn mun mount v click Change Drive Letter and Paths. 3. Click Add, browse n Mount in the following empty NTFS folder v click Browse n v tr cha n. Xa mt mounted drive bng cng c Disk Management xo mt a mount bng cch s dng Disk Management 1. Trong Computer Management, m Disk Management. 2. Right-click trn volume m bn mun xa sau click Change Drive Letter and Paths. 3. xa mt volume, click vo n v click Remove. 7.1.1. Dynamic Disk Khi mt a cng mi c ci t, n c ghi nhn v cu hnh l mt basic disk. to mt dynamic disk, bn phi chuyn mt basic disk thnh mt dynamic disk. Sau khi qu trnh chuyn i hon thnh, bn c th to mt phm vi rng ln cc volume ng. Bn cng c th m rng cc volume qua nhiu a. Nhng kh nng ny cung cp cho bn vi mc iu khin ln hn v gip bn ngn cn tht thot d liu khi phn cng b failure. Mc ch chuyn mt basic disk thnh dynamic : To, xo cc volume simple, spanned, striped, mirrored v RAID-5. M rng mt volume n hay spanned Sa cha cc volume mirrored hay RAID-5 Kch hot li nhng volume tri rng nhiu hn mt a. Bn c th chuyn mt a cng t basic thnh dynamic bt c lc no m khng b mt d liu. Khi bn convert mt a t basic thnh dynamic, cc partition ang tn ti trn a tr thnh cc volume. Lu : ngh bn rng trc khi thc hin bt k vn cu hnh phn cng cc thit b lu tr, bn lun backup d liu sang mt a khc. Chuyn i Basic Disk sang Dynamic Disk Hu ht cc t chc s dng nhng dynamic disk trong cc server ca h bi v chng cung cp kh nng chu li v bi v dung lng trng c th c m rng nu cn. Loi a mc nh l basic, v th bn phi chuyn n thnh dynamic nu bn d tnh s dng mt dynamic disk. chuyn mt basic disk thnh dynamic disk bng cch s dng cng c Disk Management 1. Trong mn hnh Computer Management, m Disk Management. 2. Right-click trn basic disk m bn mun convert, click Convert to Dynamic Disk, v lm theo cc hng dn ca chng trnh. To Volume: Cc dynamic disk cung cp nhng tnh nng m basic disk khng th c, nh l kh nng to cc volume, c gi l cc volume spanned v striped c th tri rng ra nhiu a. Tt c nhng volume trn cc dynamic disk c bit ti l cc dynamic volume. Simple volume:
- 123 -
Mt simple volume l mt volume lu tr trn dynamic disk. Bn c th to simple volume t khong trng cha cp pht trn mt dynamic disk. Mt simple volume tng ng vi mt partition, ngoi tr n khng c kch thc gii hn nh mt partition, v cng khng b hn ch s volume m bn c th to trn mt disk n. Mt simple volume s dng cc nh dng h thng file NTFS, FAT32 v FAT. Tuy nhin, bn ch c th m rng mt simple volume nu n c nh dng vi phin bn NTFS c s dng trong h iu hnh Windows 2000 hoc Windows Server 2003. Ngoi ra, bn c th add thm hay m rng mt simple volume sau khi to n. Bn c th s dng mt simple volume lu tt c d liu cho ti khi bn cn nhiu khong trng hn trn cc a ca bn. c c nhiu khong trng hn, bn c th to mt volume extended, spanned hay striped. to mt simple volume bng cch s dng cng c Disk Management 1. Trong Computer Management, m Disk Management. 2. Right-click v tr trng ca a dynamic m bn mun to simple volume v chn New Volume. 3. Trong mn hnh New Volume Wizard, click Simple v lm theo cc hng dn ca h thng. Spanned Volume
Mt spanned volume l simple volume m cho php bn to mt volume logical da trn khong trng cha cp pht sn c trn cc dynamic disk khc trn my tnh. Bng cch s dng cc spanned volume, bn c th s dng khong trng lu tr hiu qu hn. Sau khi mt volume c m rng, xo mt thnh phn ca n, bn phi xo ton b spanned volume. Spanned volume file format: Bn ch c th to mt spanned volume bng cch s dng h thng file NTFS. Cc volume spanned khng cung cp kh nng chu li. Nu mt trong cc a cha mt spanned volume b li, ton b volume s s li v tt c d liu s mt. Increase storage size: Bn c th s dng nhng spanned volume gia tng kch thc lu tr khi bn phi to mt volume, nhng li khng c khong trng cha cp pht cho volume trn mt a n. Bng
- 124 -
Qun tr v xy dng mi trng mng doanh nghip cch kt hp cc phn khong trng cha cp pht trn nhiu a, bn c th to mt spanned volume. to mt spanned volume bng cch s dng Disk Management : 1. Trong Computer Management, m Disk Management. 2. Right-click trn spanned volume bn mun to, click Extend Volume, v lm theo cc hng dn trn mn hnh. Striped Volume
Mt striped volume lu tr d liu trn hai hay nhiu a bng cch kt hp nhng vng trng thnh mt logical volume trn dynamic disk. Cc stripe volume cng c bit ti nh l RAID 0, cha d liu c tri ra nhiu dynamic disk trn cc ring bit ring bit. Nhng spanned volume khng th l striped D liu c ghi vo volume c chia thnh cc khi gi l stripes. Cc stripes ny c ghi ng thi ti tt c cc a trong stripe set. Vn thun li chnh ca a ging rng kiu ny l tc . D liu c th c truy xut trn nhiu a bng cch s dng nhiu u a , iu ny ci thin ng k qu trnh thc thi. Cc volume striped cung cp s thc thi tt nht cho tt c nhng chin lc a bi v d liu ghi vo mt striped volume c ghi ng thi ti tt c cc a ti cng thi im ng hn l tun t. V vy, qu trnh thc thi a trn mt striped volume nhanh hn bt k loi cu hnh a no khc. to mt striped volume bng cch s dng cng c Disk Management 1. Trong Computer Management, m Disk Management. 2. Right-click trn vng a trng ca a dynamic m bn mun to striped volume v click New Volume. 3. Ti trang New Volume Wizard, chn Striped, v lm theo hng dn trn mn hnh. 7.2: Sao lu d liu 8.3. Backup and Restore. Nh chng ta bit vn d liu ca h thng l vn sng cn ca doanh nghip. Ngi qun tr phi tm v dng nhiu cch phng h (backup) d liu ca h thng nhm trnh nhng tnh hung xu nht khi mt d liu. Nh chng ta tm hiu v mt kiu backup bng RAID nhm trnh tnh trng b h hng vt l ca cng. Cn trn Windows c a cho chng ta mt chng trnh backup trnh trng hp xa nhm, virus, h hng phn mm chng ta phc hi li d liu cn thit. Trong hc phn Networking, ta tm hiu v Tape, SAN... th Windows cho chng ta cng c backup s dng cc thit b . Hoc backup qua mt my tnh khc nhm trnh nhng ri ro v d liu cng nh v h thng.
- 125 -
Qun tr v xy dng mi trng mng doanh nghip 8.3.1 Backup.
Backup l ngi qun tr thit lp cc d liu phng h qua mt ni khc, my tnh khc hoc qua thit b backup chuyn dng khi cn thit th restore li s dng. Vo Start -> Programs > Accessories -> System Toos -> Backup.
Hnh : M Backup Hp thoi Backup hin ra. Chn vo Alway start in wizard mode d dng hn trong vn backup. Click Next.
Hnh : Backup or Restore Wizard Trong hp thoi Backup or Restore. V phn ny l ni v Backup nn chng ta chn Back up files and sttings. Click Next.
- 126 -
Hnh : Backup files and settings Hp thoi What to Back Up. Chn Let me choose what to back up c nhiu s la chn hn trong nhng g cn Backup. Click Next.
Hnh : La chn backup Hp thoi Item to Backup. Chng ta click vo cc du (+) trong khung bn tri c th chn nhng Folder no cn backup bng cch nh vo du check trn Folder .
- 127 -
Hnh : Item to Backup Trong V d ny chng ta chn Backup Folder My Documents. Click Next.
Hnh : Ty chn backup Hp Thoi Backup Type, Destination, and Name cho bit l Chng ta backup kiu g? Lu file u? V t tn l g? Chn Browse... tm ni lu File backup.
- 128 -
Hnh : Ni lu tr file backup Gi s chng ta lu file th mc C:\public vi tn l Backup_mydocument.bkf. Click Save.
Hnh : t tn file
- 129 -
Qun tr v xy dng mi trng mng doanh nghip Hnh : Ni lu tr file backup v tn file Chn Finish hon tt vic Backup. Lc ny h thng backup bt u hot ng Backup.
Hnh : Hot ng backup 8.3.2. Backup Nng Cao. Phn trn chng ta thit lp mt tc v backup. Nhng vic backup trn ch l th cng ngha l ch hot ng mt ln khi thit lp xong. By gi chng ta tm hiu tc v backup nng cao vi vic hn gi v backup lin tc. Xt v d trn chng ta thit lp backup ti phn Finish. Chn phn Advanced....
Hnh : Advanced backup Hp thoi Backup Type hin ra. Chn Type l Daily. Click Next
- 130 -
Hnh : Cc ty chn backup Chn Verify Data after backup kim tra li d liu sau khi backup. Click Next.
Hnh : Kim tra d liu sau khi backup Backup options chn Append this backup... click Next.
Hnh : Backup Options
- 131 -
Qun tr v xy dng mi trng mng doanh nghip Trong hp thoi When to Back up. Chn Later. Mc job name: g vo tn Job: backup_documents. Chn vo Set Shedule... thit lp lch backup cho tc v trn.
Hnh : Nhp tn lp lch Chn Schedue Task: Daily. Click vo Advanced...
Hnh : Ci t lp lch Trong hp thoi Schedule Advanced Options: o Start Date: chn thi gian bt u backup. o End Date: Ngy kt thc backup.
- 132 -
Qun tr v xy dng mi trng mng doanh nghip o Repeat task: thi gian lp li ca qu trnh backup. (v d: chn 10 pht th backup 1 ln).
Hnh : nh thi gian lp lch Click OK ng li, tr v hp thoi Schedule Job, chn OK. Mt hp thoi Password xut hin. Nhp user v password ca user no c thm quyn thc hin backup v d l Administrator.
Hnh : Nhp user name v password Nhp User v password xong. Chn OK mn hnh tr li hp thoi When to back up. Click Next. Click Finish hon tt.
Shadow Copy.
D liu (Data) l vn sng cn ca mt doanh nghip. Mt khi doanh nghip no trang b mt h thng my ch cng h qun tr bng Windows Server th doanh nghip mong mun bo ton v bo mt cc d liu ca cng ty . Vn t ra l mt khi bo mt d liu ri, nhng lm th no m bo ton c ni dung bn trong ca ti liu . Xt v d 1: mt cng ty c share d liu cho ngi dng s dng chung cc ti nguyn. Nhng v l do b virus tn cng lm thay i ni dung trong ti liu hoc v tnh thay i ni dung th lm cch no ly li ni dung trc y ca ti liu ?. Xt v d 2: Ngi dng (user) thng c thi quen lu ti liu to ra trn My Documents. Vy khi my tnh b Virus tn cng, hoc my tnh b h hng hon ton hoc mun ly li ni dung trc y ca mt file m ngi thng s dng.
- 133 -
Qun tr v xy dng mi trng mng doanh nghip gii quyt vn trn. T Windows 2003 Server tr v sau c mt tnh nng kh hay l Shadow Copy. Tnh nng ny ch c trn Windows Server 2003 tr v sau ngha l ch c Windows Server 2003, Windows Vista. Cn Windows XP hon ton khng h tr tnh nng ny. Shadow copy l h thng s t ng copy mt bn sao ni dung ca mt ti liu vo mt vng nh m. Vng nh m ny c to ra bi ngi qun tr v h thng phi c nh dng bi NTFS. Khi c s thay i v ni dung th h thng s lu li mt phin bn khc ca file theo mt thi gian nht nh, v khi c nhu cu khi phc li ni dung th ngi qun tr s cn c vo thi gian trc y ca ni dung phc hi. Cch lm mt shadow copy nh sau: logon vo Server vi quyn ti khon administrator. Chn Properties ca a, v d l C:. Chn tab Shadows Copies.
Chn Settings...
- 134 -
Trong phn Maximum size: nhp vo dung lng ca b nh m. Chn Schedule... nh thi gian cho vic thc hin shadow copy.
Schedule Task: l tc v c thc hin bi khong thi gian no: Daily, Weekly, monthly... o Start time: l bt u c hiu lc t khong thi gian no trong ngy. Chn Schedule task l Daily. Bm nt Advanced... m rng hn v tc v va chn. o
o Start Date: ngy gi no bt u c hiu lc Shadows Copy. o End Date: Ngy gi no kt thc. o Repeat task: khong bao nhiu lu s lp li mt ln shadows copy. Chn Reapeat Task l 5 pht. Bm OK r v hp thoi ban u l Properties ca C:
- 135 -
Chn Create Now bt u thit lp shadows copy. Sau chn OK thot ra.
To mt Folder l TranBaoAn, Share Folder ny cho user An Tran Bao (antb) vi quyn l Full Control.
- 136 -
Trn Windows XP. Logon vi ti khon antb.
Chn Properties ca My Documents.
- 137 -
Qun tr v xy dng mi trng mng doanh nghip Trong mc Target folder location thay th bng dng lnh sau: \\svr1\TranBaoAn.
Click OK thay th ng dn. Mt hp thoi xut hin chc hn l thay th ng dn trn. Chn OK xc nhn vic thay th.
To mt file c tn l: kiem_tra_shadow_copy.txt
M file trn, thm ni dung vo:
- 138 -
Lu li ni dung trn. Sau m file trn xa vi dng:
i mt khong thi gian sau 5 pht nh vic t Schedule Task phn trn. Chn Properties ca File trn. Vo tab Previous Versions. Cho thy thi gian c ghi vo b m.
- 139 -
Qun tr v xy dng mi trng mng doanh nghip Chn Restore phc hi ni dung ban u. Mt hp thoi xut hin cho bit user ny c thc s mun khi phc li hay khng?.
Chn Yes khi phc li ni dung ban u. Mt hp thoi xut hin cho bit l phc hi thnh cng.
Chn OK tr v Properties ca file trn. Click OK hon tt. M file kiem_tra_shadow_copy.txt ln kim tra. Ni dung ban u phc hi li:
Kt lun: Ngi qun tr s c gii php thch hp trn tnh nng shadow copy trnh trng hp mt ni dung cng nh s ph hoi ca ngi dng. Tuy nhin khi s dng tnh nng ny s c hn ch v dung lng ca a trn my ch. 8.4. Restore. Sau khi backup nhng g cn thit. Mt lc no ngi qun tr cn khi phc (restore) li nhng d liu backup. Vic restore cng thc hin bi phn Backup trn Windows.
- 140 -
Hnh : Backup or Restore Wizard Chn Restore file and settings trong hp thoi Backup and Restore.
Hnh : Restore files and setting Click vo Browse... tm file backup. Chn file backup theo ngy thng restore. Click Next.
- 141 -
Hnh : Tm source file backup Hp thoi Completing ... cho thy kiu Restore. Bm Finish hon tt.
Hnh : Hon tt qu trnh restore Hp thoi Restore bt u hot ng.
- 142 -
Hnh : Qu trnh restore hot ng Kt Lun: Nh vy ngi qun tr phi c nhiu phng n Backup d liu ca mnh v c th dng nhiu phn mm Backup khc thuc nhng hng vit phn mm khc. ng thi s dng nhiu thit b Backup chuyn dng nh Tape, NAS... nhm tng mc an ton ca d liu. 7.3: M ha d liu bng EFS H thng tp tin m ha (Encrypting File System - EFS) cung cp m ha cp tp tin cho cc tp tin NTFS. K thut m ha EFS da trn public key, hot ng nh mt dch v tch hp vo h thng, v phc hi tp tin bng tc nhn phc hi EFS c ch nh. EFS rt d qun l do khi cn tip cn d liu quan trng c ngi dng m ha, v khi khng c ngi dng hay kha ca h, tc nhn phc hi EFS (thng l ngi qun tr) c th gii m tp tin. Hiu cc li ch ca EFS s gip chng ta s dng k thut ny mt cch hiu qu trn mng. Gii thiu EFS EFS cho php ngi dng lu d liu trn a cng theo khun dng c m ha. Sau khi ngi dng m ha tp tin, tp tin s vn cn c m ha khi no n cn nm trn a. Cc ngi dng n l c th s dng EFS m ha cc tp tin b mt. EFS c mt s c im chnh:
- 143 -
Hot ng ngm (background), trong sut vi ngi dng v ng dng.
Ch cho php ngi dng hp l (authorized) truy cp tp tin m ha. EFS t ng gii m tp tin khi s dng v m ha li khi lu. Cc qun tr vin c th phc hi d liu c bt k ngi dng no m ha. iu ny bo m cho d liu vn c th truy cp c nu ngi dng m ha d liu khng c mt hoc h lm mt private key.
Cung cp h tr phc hi d liu dng sn. Kin trc bo mt trong Windows 2003 Server buc chng ta phi cu hnh cc kha phc hi d liu. Chng ta c th s dng tnh nng m ha tp tin ch khi my tnh cc b c cu hnh vi mt hoc nhiu kha phc hi. EFS t ng to cc kha phc hi v lu chng trong registry khi khng th truy cp domain.
- 144 -
Yu cu phi c t nht mt tc nhn phc hi (recovery agent) khi phc cc tp tin m ha. Chng ta c th ch nh nhiu tc nhn phc hi d liu qun l chng trnh phc hi EFS. Mi tc nhn phc hi i hi mt chng nhn (certificate) EFS Recovery Agent.
Lu : Chc nng m ha v nn khng th hot ng cng nhau. Do , chng ta ch c s dng hoc m ha hoc nn, khng th s dng c hai. M ha mt th mc, tp tin
m ha cc tp tin hoc th mc, hy to mt th mc NTFS, sau m ha n trong hp thoi Properties ca th mc. Trn tab General, nhp Advanced, ri nhp Encrypt contents to secure data. Sau khi m ha th mc, cc tp tin c lu trong th mc t ng c m ha bng cc kha m ha tp tin. Cc kha m ha tp tin l cc kha nhanh, i xng c thit k cho vic m ha khi lng ln. Windows 2003 m ha tp tin trong cc khi, vi mt kha m ha tp tin khc nhau cho tng khi. Tt c cc kha m ha tp tin c lu trong Data Decryption Field (DDF) v Data Recovery Field (DRF) trong phn u ca tp tin (file header). Tt c cc tp tin v th mc con c to trong mt th mc m ha cng t ng c m ha. Mi tp tin c mt kha m ha duy nht, lm cho vic i tn tp tin tr nn an ton. Khi di chuyn mt tp tin t mt th mc m ha sang mt th mc khng m ha trn cng phn vng, tp tin s vn c m ha. Gii m mt th mc, tp tin
- 145 -
Khi m mt tp tin m ha, EFS t ng pht hin mt tp tin m ha v nh v chng nhn ngi dng cng nh private key lin quan trong phn u tp tin. EFS p dng private key ca chng ta vo DDF m kha danh sch cc kha m ha tp tin, cho php hin th ni dung tp tin. Khng ai c th truy cp tp tin m ha tr ngi c private key. Ch ngi ch tp tin hay tc nhn phc hi mi c th gii m tp tin. iu ny vn ng khi cc qun tr vin thay i quyn hay thuc tnh tp tin, hoc chim quyn s hu tp tin. Thm ch khi chng ta s hu mt tp tin m ha, chng ta khng th c n tr khi c private key hoc chng ta chnh l tc nhn phc hi. Lu Khng th chia s mt tp tin m ha vi cc ngi dng khc. Phc hi mt tp tin, th mc m ha
Nu khng c private key ca ch nhn, nhn vin ng vai tr tc nhn phc hi c th m tp tin bng private key ca anh ta, c p ln DRF m kha danh sch cc kha m ha tp tin. Nu tc nhn phc hi ang s dng mt my tnh khc trn mng, chng ta phi gi tp tin m ha n cho anh ta. Tc nhn phc hi c th mang private key ca anh ta n my tnh ca ngi s hu, nhng vic sao chp mt private key trn my khc l khng bo mt. Thi quen bo mt tt l thay i cc tc nhn phc hi. Tuy nhin, khi ch nh tc nhn thay i, truy cp n tp tin b t chi. V l do ny, chng ta nn gi cc chng nhn phc hi (recovery certificate) v cc private key cho n khi tt c cc tp tin m ha bng chng c cp nht. phc hi mt tp tin hay th mc m ha khi ng vai tr mt tc nhn phc hi, hy thc hin cc bc sau:
- 146 -
Qun tr v xy dng mi trng mng doanh nghip 1. S dng Backup hay cng c sao lu khc phc hi mt phin bn sao lu tp tin hay th mc m ha ca ngi dng vo my ni c cha chng nhn phc hi tp tin. 2. Trong Windows Explorer, m hp thoi Properties ca tp tin hay th mc. Trn tab General, nhp Advanced. 3. Xa check box Encrypt contents to secure data. 4. To mt bn lu (backup version) tp tin hay th mc gii m, ri tr li bn sao lu cho ngi dng. 7.4. Disk Quota Ngy nay vi s pht trin nhanh chng ca cng ngh th cng ngh sn xut cng (hard Disk) t ti mt dung lng rt ln. Theo nh nh sn xut cng hng u trn th gii nh Seagate gii thiu vo qu 2 nm 2007 th dung lng ca cng t ti 750 GB. Nh vy my ch ngy nay c th c mt s lng cng ln v dung lng ln. Nhng dung lng khng phi l khng c gii hn v kh nng nng cp rt phc tp nh an ton d liu, ngn sch...Do vy chng ta phi khng ch dung lng ca mi user trn my ch mt cch hp l nhm hn ch cng y do nhng user a ln my ch nhng d liu khng cn thit. lm iu th Windows Server cung cp cho chng ta mt chc nng l Disk Quota ngi qun tr c kh nng kim sot c ti nguyn ca cng cng nh kim sot c lung d liu ca h thng. Lu : Disk Quota ch s dng c trn ton cng, tuy nhin c th m rng thc hin Quota trn Folder bng cch dng Windows Server 2003 R2. Xt v d: dng Disk Quota khng ch ti khon An Tran Bao (antb) s dng ti nguyn trn my ch vi dung lng ti a l 100 MB. Nu s dng ht dung lng ny th s khng th a thm bt c data no vo my ch. Logon vo my ch vi ti khon administrator. Chn Properties ca cng ( C:), vo tab Quota.
Chn Enable Quota management:
- 147 -
Deny disk space to user exceeding quota limit: kha phn dung lng cn li khi user vt qu gin hn cho php. o Limit disk space to: st mc nh dung lng cho ton b user. o Set warning level to: cnh bo cho ngi qun tri bit dung lng s dng gn ti hn cho php. Chn Quota Entries... thit lp Quota cho tng user hay group. o
- 148 -
Qun tr v xy dng mi trng mng doanh nghip Chn menu Quota -> New Quota Entry ... thit lp quota cho tng user.
Hp thoi Select users xut hin. Chn user An Tran Bao (antb).
Click OK chn user trn. Mt hp thoi Add New Quota Entry xut hin. Thit lp Limit disk space to: 100MB, set warning level to: 98MB.
- 149 -
Qun tr v xy dng mi trng mng doanh nghip Chn OK. Hp thoi Quota Entry for Local Disk (C:) xut hin thm ti khon antb mi thit lp.
ng hp thoi trn li. Hp thoi Properties ca cng tr li. Check vo mc Deny disk space to users Exceeding quota limit v hiu ha user khi quoat b ti hn cho php.
Chn Apply cp nht vic chn quota cho user trn. Mt hp thoi xc nhn vic cho php dng Quota cho user trn. Chn OK.
ng Properties ca cng li hon tt.
- 150 -
Qun tr v xy dng mi trng mng doanh nghip Kim tra trn my Client. Logon Windows XP vi ti khon An Tran Bao (antb). Connect vo my ch bng lnh \\192.168.1.1.
M th mc Sharing TranBaoAn. Copy th mc i386 trn CDROM Windows 2003 vo th mc share ny.
Mt hp thoi thng bo l khng khong trng trn Server khi s dng ht quota.
Kt Lun: Ngi qun tr phi bit phn b dung lng ti nguyn s dng trn mng mt cch hp l nhm trnh c nhng user a ln Server nhng ti liu khng cn thit v trnh tnh trng nghn mng. (phin bn Windows 2003 R2 c th hn ch Filetype, s dng Quotas trn tng Folder)
- 151 -
Qun tr v xy dng mi trng mng doanh nghip 7.5. X l s c 7.6. Bi tp tnh hung Tm tt: Static Disk (basic disk): l a c tnh lu tr trung bnh v cung cp kh nng cu hnh b gii hn. Basic disk l loi a mc nh cho Windows Server 2003. Mt basic disk cung cp cho bn nhng kh nng gii hn ci t cc a cng ca bn. Dynamic Disk: l a cung cp cho bn nhiu tnh nng linh hot hn trong vic ci t a cng. Dynamic Disk c cc u im sau: Mt dynamic disk c th c s dng to cc volume tri rng ra nhiu a cng Khng c gii hn v s volume c th c cu hnh trn mt dynamic disk Cc dynamic disk c s dng to ra nhng a chu li bo ton d liu khi c li phn cng xy ra.
Simple Volume: Mt simple volume l mt volume lu tr trn dynamic disk. Bn c th to simple volume t khong trng cha cp pht trn mt dynamic disk. Mt simple volume tng ng vi mt partition, ngoi tr n khng c kch thc gii hn nh mt partition, v cng khng b hn ch s volume m bn c th to trn mt disk n. Spanned Volume: Mt spanned volume l simple volume m cho php bn to mt volume logical da trn khong trng cha cp pht sn c trn cc dynamic disk khc trn my tnh. Bng cch s dng cc spanned volume, bn c th s dng khong trng lu tr hiu qu hn. Sau khi mt volume c m rng, xo mt thnh phn ca n, bn phi xo ton b spanned volume. Striped Volume: Mt striped volume lu tr d liu trn hai hay nhiu a bng cch kt hp nhng vng trng thnh mt logical volume trn dynamic disk. Cc stripe volume cng c bit ti nh l RAID 0, cha d liu c tri ra nhiu dynamic disk trn cc ring bit ring bit. Nhng spanned volume khng th l striped. Cc volume striped cung cp s thc thi tt nht cho tt c nhng chin lc a bi v d liu ghi vo mt striped volume c ghi ng thi ti tt c cc a ti cng thi im ng hn l tun t. V vy, qu trnh thc thi a trn mt striped volume nhanh hn bt k loi cu hnh a no khc. Backup: Backup l ngi qun tr thit lp cc d liu phng h qua mt ni khc, my tnh khc hoc qua thit b backup chuyn dng khi cn thit th restore li s dng. Restore: Sau khi backup nhng g cn thit. Mt lc no ngi qun tr cn khi phc (restore) li nhng d liu backup. Vic restore cng thc hin bi phn Backup trn
Windows. EFS: H thng tp tin m ha (Encrypting File System - EFS) cung cp m ha cp tp tin cho cc tp tin NTFS. K thut m ha EFS da trn public key, hot ng nh mt dch v tch hp vo h thng, v phc hi tp tin bng tc nhn phc hi EFS c ch nh. EFS cho php ngi dng lu d liu trn a cng theo khun dng c m ha. Sau khi ngi dng m ha tp tin, tp tin s vn cn c m ha khi no n cn nm trn a. Cc ngi dng n l c th s dng EFS m ha cc tp tin b mt. Disk Quota (hn ngch a): dng qun l tng dung lng lu tr trong cc mi trng phn tn. Hn ngch a cho php chng ta cp pht khng gian a kh dng cho ngi dng da trn cc tp tin v th mc h s hu. Hn ngch a cho php chng ta kim sot lng khng gian a ngi dng c cp lu tr tp tin.
- 152 -
Qun tr v xy dng mi trng mng doanh nghip BI 8: QUN TR S C H THNG MY CH Mc tiu: Hiu bit v x l s c my ch Dng cc phng php x l li H iu Hnh Qun tr Windows Update
8.1: Backup v Restore Chng ta bit mt h thng c nhiu Server phn cp trong mt domain. Khi my ch Second b h hng th vn ci li my second l bnh thng. Tuy nhin khi my ch b li th vn gii quyt my ch PDC nh th no khi ci t li v a vo h thng ang hot ng. Bi l khi ci t li my ch th my ch ny s c mt ID hon ton khc vi my ch trc khi b li v do khi a my ch vo h thng ang hot ng th my ch Second v cc Client s khng th kt ni ti my ch PDC. Vy hng gii quyt s ra lm sao? Backup System State. backup Domain h thng ngi qun tr phi backup trang thi hot ng ca my ch (system state). System state bao gm cc dch v: Active Directory. Bootfile. Registry. Sysvol. Com+ Logon vo my ch SVR1 vi quyn administrator. Chn mc backup l system state.
Hnh : Items to Back up Gi s Backup vo folder l: c:\public. Vi tn: backupsystemstate
- 153 -
Hnh : Ni lu tr file backup v t tn file Cc thao tc trn tng t nh phn Backup.
Hnh : Qu trnh backup ang hot ng Kt lun: Chng ta backup system ca Server. Vic backup ny nn thc hin hng ngy s c nhiu s la chn v trng thi ca h thng khi restore. V vic backup nn lu mt ni khc ngoi my ch ang backup.
- 154 -
Qun tr v xy dng mi trng mng doanh nghip Restore System State. Khi my ch b down th ngi qun tr phi tch ly my ra khi h thng mng. Ci t nhng g cn thit nh nng ln DC, DNS...v qu trnh ny c thc hin mt cch c lp, khng c gn dy mng vo h thng ang hot ng. Nhng vic trn hon tt, by gi chng ta tin hnh restore. Khi ng my khi qua phn POST ca CMOS. Nhn F8 xut hin phn Boot menu ca Windows.
Hnh : Mn hnh Safe Mode Chn Directory Services Restore Mode (Windows domain Controllers Only). Nhn Enter. Server s khi ng vo Windows vi ch l Safe Mode.
Hnh : Windows hot ng ch Safe Mode Vo dch v backup. Chn restore.
- 155 -
Hnh : Restore files and setting Hp Thoi What to Restore. Chn Browser... tm file backup trn. Chn System state.
Hnh : Backup System State Sau khi chn Finish. Windows s cnh bo cho chng ta bit l c nn ghi ln system State hin ti hay khng?.
- 156 -
Hnh : Hon tt vic backup system state Chn OK restore li. H thng bt u restore.
Hnh : Qu trnh backup ang hot ng Sau khi restore hon tt. Windows s yu cu khi ng li my ch.
Hinh: Thng bo khi ng li my Sau khi khi ng. Chng ta a my ch tr li h thng mng ang hot ng v lc ny Server tr li ging nh trc khi my b li. Tt c cc DNS, DHCP, User... u c bo ton.
- 157 -
8.2: Trin khai Windows Update Ch : Hin nay Software Update Services (SUS 1.0), ch c Microsoft h tr n ht 6.2006. V sau thi hn ny chng ta khng cn download c tool ny, Microsoft a ra version mi ca SUS gi l WSUS, nhng t chc ang s dng Microsoft SUS nn tin hnh nng cp ln WSUS trc thi hn trn. C th tham kho chi tit v WSUS v Download ti link sau: http://www.microsoft.com/windowsserversystem/updateservices/downloads/WSUS.mspx Ci t Microsoft SUS server Bi v Microsoft SUS server khng thc s l mt ng dng qut trn desktop, m hi thin v mt server t ng lm vic di dng dch v nn (background), nh vy hi kh khn cho cc Admin mt cht trong vic setup so vi cc cng c qun l v li khc than other. Tuy nhin mt khi set-up hon thnh, th quy trnh qun l v li s c t ng, v cc Admin s c n b xng ng vi cng sc b ra ban u. ci t Microsoft SUS server (yu cu IIS), v cu hnh kim tra cc cp nht. Cng phi m bo rng cc my trm workstations v servers phi c Windows 2000 SP3, Windows XP SP1 hoc Windows .NET, hoc phi ci Microsoft SUS client. Cn lu rng Windows NT khng c h tr. C th tin hnh ci t xa cc SUS client software thng qua vic dng Group Policy dung lng file ci t ch 1 MB. Sau khi ci SUS client trn cc my s lm vic vi SUS Server, li tip tc dng Group Policy cu hnh cho cc SUS client t ng cp nht cc bn v t SUS server. Xin nhc li cc Admin c th tham kho v cch cu hnh ny nh link cung cp trn. Qun l Microsoft SUS server Vic qun l Microsoft SUS server tt c thng qua giao din Web, v cho php qun l t xa. Microsoft SUS server tin hnh download tt c updates hon ton t ng v c th thng bo cho bn cc new updates qua e-mail. Cc New updates c th c chp thun cho trin khai hoc loi b, m bo rng bn c y quyn i vi nhng g s c ci t trn network. Giao din qun l ca SUS cng kh n gin.
- 158 -
Microsoft SUS Client Mt khi tin hnh ci t c 2 Microsoft SUS server v Microsoft SUS client, th tt c cc updates s c cp nht t ng. Vi quyn administrator cu hnh vn ny s xy ra nh th no cho thun tin vi hin trng Network ca bn. C th xc lp mt lch biu cho cp nht, thm ch c th cho php User tng tc , hoc iu khin trong tin trnh ny nu Admin mun. Hy xem hnh m t, v d nhin nhng la chn ny c th b Group Policy kha (locked).
- 159 -
Sau khi cu hnh cho Microsoft SUS client, cc patches s c trin khai t ng. User s c thng bo qua message nh trn hnh.
Nhng hn ch ca Microsoft SUS Server Mc d c nhiu u im, nhng , Microsoft SUS vn bc l nhng hn ch nht nh: Khng tin hnh cp nht c cc service packs cho Clients; Admin cn tm gii php khc? Ch qun l c cc patches cp h iu hnh (v bao gm cc ng dng Internet Explorer v IIS), nhng patch cc ng dng khc nh : Microsoft Office, Microsoft Exchange Server, Microsoft SQL Server, etc, th khng th Yu cu dng Windows 2000 tr ln, khng th patch cc h thng Windows NT 4 systems. Khng th trin khai cc bn v cho 3rd party software. Khng cho php qut ton b Network, tm kim nhng l hng cha v, V v vy Admin kh c th kim tra c cc bn v ci t ng cch hay cha. H thng bo co vn ny li khng d s dng.
- 160 -
Qun tr v xy dng mi trng mng doanh nghip V iu ny c ngha l cc Admin s trng i vo mt gii php khc c th khc phc c nhng nhc im trn ca SUS. Microsoft khng c nh thm cc tnh nng trn, v nu cc Admin mun dng nhng tnh nng trn phi tr ph dng mt gii pp ton din ca h l: Microsoft SMS server . V nh vy tnh nng chnh thch hp nht ca Microsoft SUS server c s dng v cho H iu hnh v nn s dng thm cc cng c v khc nhm hon chnh hn.
8.3: Phng thc x l s c Server 8.4: Bi tp tnh hung Tm tt:
Backup System State: backup Domain h thng ngi qun tr phi backup trang thi hot ng ca my ch (system state). System state bao gm cc dch v:
Active Directory. Bootfile. Registry. Sysvol. Com+
Restore System State: Khi my ch b down th ngi qun tr phi tch ly my ra khi h thng mng. Ci t nhng g cn thit nh nng ln DC, DNS...v qu trnh ny c thc hin mt cch c lp, khng c gn dy mng vo h thng ang hot ng. Nhng vic trn hon tt, by gi chng ta tin hnh restore.
SUS: l mt cng c qun l v phn phi cc phn mm update gii quyt nhng l hng bo mt v nhng vn n nh trong cc h iu hnh Microsoft Windows 2000, Windows XP, v Windows Server 2003.
- 161 -

A4 Xay Dung Va Quan Tri Moi Truong Mang Doanh Nghiep 5-8-25!10!07

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A4 Xay Dung Va Quan Tri Moi Truong Mang Doanh Nghiep 5-8-25!10!07

Uploaded by

Copyright:

Available Formats

Qun tr v xy dng mi trng mng doanh nghip

XY DNG V QUN TR MI TRNG MNG DOANH NGHIP

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Hnh 1.8: Tin trnh ci t Windows

Hnh 1.10: Nhp tn v t chc

Qun tr v xy dng mi trng mng doanh nghip

Hnh 1.12: La chn bn quyn

Qun tr v xy dng mi trng mng doanh nghip

Hnh 1.14: Ci t ngy, gi cho h thng

Qun tr v xy dng mi trng mng doanh nghip

Hnh 1.16: La chn Workgroup hay Domain

Hinh 1.18: Xem thuc tnh h thng

Hnh 1.26: Windows khng tm c driver a cng RAID

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Bc 5: Mn hnh Installation Wizard s hin ra bng Domain Controller Type:

Qun tr v xy dng mi trng mng doanh nghip

Bc 7: in tn min: ispace.com.vn vo mc Full DNS name for new Domain:

Qun tr v xy dng mi trng mng doanh nghip

Bc 8: i mt vi giy, Windows s cho chng ta bit NetBIOS domain name l ispace.

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Chn Internet Protocol (TCP/IP), sau click vo Properties.

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

G tn domain ispace.com.vn vo mc Domain. Click OK

in user name v password ca administrator vo mc permission. (B sung hnh sau)

Qun tr v xy dng mi trng mng doanh nghip

Ti khon ngi dng dng sn (built-in)

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Hnh : Add Group

Qun tr v xy dng mi trng mng doanh nghip

Hnh : Select Group Click vo Nt Advanced tm group.

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Hnh 3.29: Ni dung file Tranquangha.bat Copy file ny vo th mc: C:\Windows\SYSVOL\sysvol\ispace.com.vn\cripts.

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip

Qun tr v xy dng mi trng mng doanh nghip S dng lnh Run

Qun tr v xy dng mi trng mng doanh nghip