dao tao admin - cddl 2109
TRANSCRIPT
-
8/6/2019 Dao Tao Admin - CDDL 2109
1/85
CNG TY THNG TIN VIN THNG IN LC
TRUNG TM CNG NGH THNG TIN
-----------------------------------
TI LIU O TOQUN TR H THNG MNG
TRNG CAO NG IN LC
TP.HCM, 2010
-
8/6/2019 Dao Tao Admin - CDDL 2109
2/85
Trung tm Cng ngh Thng tin EVNIT
MC LCMC LC .................................................................................................................................................2
CHNG 1. GII THIU V CI T WINDOWS SERVER 2008 ...................................................4
I. Tng quan h iu hnh win 2008 ...........................................................................................................4
II. Chun b ci t win 2008 ......................................................................................................................4
a. Ci t win 2008.................................................................................................4
b. Ci t h iu hnh...........................................................................................4
III. Dch v DHPC ......................................................................................................................................7
1. Ci t DHCP Server...........................................................................................7
b. Cu hnh DHCP Server v thit lp a ch IP ng trn my client..................18
c. Cu hnh a ch IP ng trn my Client..........................................................22
d. Sao lu v phc hi DHCP Server.....................................................................23
IV. Dch v DNS ......................................................................................................................................25
1. Ci t DNS Server...........................................................................................25
b. Ci t DNS Server...........................................................................................25
V. Cu hnh DNS Server ...........................................................................................................................28
VI. B sung cc bn ghi DNS vo DNS Server ........................................................................................35
VII. Dch v Hyper-V ...............................................................................................................................39
CHNG 2. ACTIVE DIRECTORY .....................................................................................................44
I. M hnh WORKGROUP M hnh Domain ........................................................................................44
Active Directory...................................................................................................44
II. Ci t Active Directory .......................................................................................................................46
1. Chun b trc khi ci t.................................................................................46
b. Ci t Domain Controller (DC)........................................................................46
III. Qun l User .......................................................................................................................................59
1. To mi ti khon ngi dng..........................................................................59
2. Thit lp thi gian user c php ng nhp vo domain.........................62
c. Thit lp user ng nhp s dng my tnh .....................................................63
d. To Group v a user vo Group ...............................................................66
e. To Organization Unit (OU)...............................................................................71
Ti liu o to Qun tr Trang 2
-
8/6/2019 Dao Tao Admin - CDDL 2109
3/85
Trung tm Cng ngh Thng tin EVNIT I. Chia s d liu .......................................................................................................................74
II. Phn quyn User ..................................................................................................................................75
CHNG 4. DCH V PROXY (ISA SERVER) ..................................................................................79
I. Cu hnh ngi dng c quyn VPN .................................................................................................79
II. Cu hnh VPN trn my Client .............................................................................................................80
Ti liu o to Qun tr Trang 3
-
8/6/2019 Dao Tao Admin - CDDL 2109
4/85
Trung tm Cng ngh Thng tin EVNIT
CHNG 1. GII THIU V CI T WINDOWS SERVER 2008
I. Tng quan h iu hnh win 2008Windows Server 2008 Standard
Windows Server 2008 Standard l h iu hnh mnh m cho my ch, c tch hpnhiu tnh nng nhm ci thin bo mt, qun l, v gim chi ph c s h tng.Windows Server 2008 Standard h tr:
32GB Ram trn h thng 64-bit (4GB trn h thng 32-bit) 4 b vi x l a nhn 250 kt ni dch v truy cp mng (Network Access Services - NAS) 50 kt ni my ch chnh sch mng (Network Policy Server - NPS) 250 kt ni my phc v thit b u cui (Terminal Server) o ha Hyper-V vi mt gii php min ph
II. Chun b ci t win 2008Chun b ci t Windows Server 2008Phn cng / Cu hnh Ti thiu ngh Ti u
B nh RAM 512MB 1GB 2GBB vi x l 1Ghz 2Ghz 3Ghz cng (trng) 10GB 40GB 80GB
a. Ci t win 2008Ton b vic ci t Windows Server 2008 ch qua ba phn:
Ci t h iu hnh, bao gm c xc nhn m kha hp l Khi to cu hnh Initial Configuration Tasks Ci t Server Manager
b. Ci t h iu hnhLm theo cc bc sau ci t h iu hnh:
1. Cho a ci t Windows Server 2008 vo v khi ng my ch t a ci.2. Khi c yu cu chn ngn ng, thi gian, n v tin t v thng tin bn phm,
bn hy a ra la chn thch hp ri click Next.
Thit lp ngn ng, thi gian v n v tin t, thng tin bn phm.
Ti liu o to Qun tr Trang 4
-
8/6/2019 Dao Tao Admin - CDDL 2109
5/85
Trung tm Cng ngh Thng tin EVNIT
3. Ty chn Install Now xut hin. Nu cha chc chn v yu cu phncng, bn c th click vo lin ktWhat to Know Before Installing Windows bit thm chi tit.
4. Nhp kha kch hot sn phm (product key) v nh du kim vo Automatically Activate Windows When Im Online. Click Next.
Nhp kha kch hot sn phm hp l.5. Nu cha nhp kha sn phm mc trc, by gi bn s phi la chn n b
Windows Server 2008 sp ci t v nh du kim vo I Have Selected an Edition of Windows That I Purchased . Nu bn nhp kha sn phm hp l,trnh ci t s t ng nhn din c n bn Windows Server 2008 bn sp ct. Click Next.
La chn bn Windows Server 2008 ci t.6. c cc iu khon quy nh v chp nhn bng cch nh du kim. Click
Next.7. ca s mi xut hin, do bn khi ng my t a ci nn ty chn Upgrade
(nng cp) b v hiu. Click Custom (Advanced).
Ti liu o to Qun tr Trang 5
-
8/6/2019 Dao Tao Admin - CDDL 2109
6/85
Trung tm Cng ngh Thng tin EVNIT
Ty chn Upgrade b v hiu khi bn khi ng my t a ci.Lu :Nu bn mun tin hnh ci t nng cp, bn cn chy trnh ci t trongmi trng Windows.
8. Trn ca s tip theo, bn cn la chn v tr ci t Windows. Nu c driver cacc thit b lu tr bn th ba, cn ci t ngay bng cch click lin kt Load Driver .
Ti driver ca cc thit b lu tr bn th ba v chn ni ci t.Lc ny, Windows s bt u c ci t vo h thng. Bn c th thy tng bc tin trnh hon tt th hin bng phn trm. Trong qu trnh ci t, my chs phi khi ng li nhiu ln. Trnh ci t s hon thnh nhng tc v sau y- Sao chp tp tin- M rng tp tin- Ci t chc nng- Ci t cp nht- Hon thnh
9. Khi qu trnh ci t hon tt, hy thay i mt khu ti khon qun tradministrator trc khi ng nhp. Sau khi mt khu c thay i v bn ng nhp vo h iu hnh, nh vy l bn xong phn 1 ca vic ci t.
Ti liu o to Qun tr Trang 6
-
8/6/2019 Dao Tao Admin - CDDL 2109
7/85
Trung tm Cng ngh Thng tin EVNIT
III. Dch v DHPCDHCP (Dynamic Host Configuration Protocol) Server l my ch c dng cp phta ch IP ng cho cc my client trong h thng mng.V cch thc hot ng,DHCP Server s dng dch v cng tn lng nghe yu cuxin cp pht a ch IP c gi t my client.Sau khi nhn yu cu,DHCP Server schn ra mt a ch IP trong dy a ch ca mnh v gi v cho my client.ng thiDHCP Server cng gi n my trm cc thng tin lin quan n a ch IP nh subnetmask,a ch IP ca cc DNS Server,default gateway.
1. Ci t DHCP Server.Vo Server Manager Roles Add RolesTi bng Before You Begin chn Next.
Ti bng Select Server Roles chn DHCP Server .Bn bn gc phi h thng cng c ch thch v DHCP.y l trung tm cu hnh ,qun l,cp pht a ch IP cho ccmy client.
Ti liu o to Qun tr Trang 7
-
8/6/2019 Dao Tao Admin - CDDL 2109
8/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next.Ti bng DHCP Server gii thiu v dch v DHCP Server,v c mt vi ch trc khi ci t mc Thing to Note
Ti liu o to Qun tr Trang 8
-
8/6/2019 Dao Tao Admin - CDDL 2109
9/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next .Ti bng Select Network Connection Bindings ,chn kt ni s c dng lng nghe yu cu gi t my client.i vi HEPC, IP Address s l 10.145.0.1
Ti liu o to Qun tr Trang 9
-
8/6/2019 Dao Tao Admin - CDDL 2109
10/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next.Ti bng Specify IPv4 DNS Server Settings nhp tn domain mc Parentdomain v nhp a ch IP ca DNS Server mc Preferred DNS Server IPv4Address .Bn c th chn Validate h thng kim tra v xc thc.i vi HEPC:
- Parent Domain: hepc.evn.com.vn- Preferred DNS: 10.145.0.1- Alternate DNS: 10.145.0.2
Ti liu o to Qun tr Trang 10
-
8/6/2019 Dao Tao Admin - CDDL 2109
11/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next.Ti bng Specify IPv4 WINS Server Settings chn WINS is not required for applications on this network.Nu h thng mng ca bn vn cn dng WINS Server thchn WINS is require for applications on this network v nhp thng tin a ch IP choDNS Server.
Ti liu o to Qun tr Trang 11
-
8/6/2019 Dao Tao Admin - CDDL 2109
12/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next.Ti bng Add or Edit DHCP Scopes chn Add.Ti y bn in cc thng tiIP vo .V nh chn Active this scope kch hot cc thit lp va ri.i vi HEPC:
- Scope name: HEPC-DHCP - Start IP: 10.145.4.11- End IP: 10.145.4.249- Subnet Mask: 255.255.248.0- Default Gateway: 10.145.4.2 (y l a ch IP ca ISA Server, khi kt ni
WAN th phi sa li Gateway ny l IP ca Router)
Ti liu o to Qun tr Trang 12
-
8/6/2019 Dao Tao Admin - CDDL 2109
13/85
Trung tm Cng ngh Thng tin EVNIT
Nu bn mun thit lp tip dy IP DHCP Server cp pht th chn Add v tip tcnhp thng s vo.
Ti liu o to Qun tr Trang 13
-
8/6/2019 Dao Tao Admin - CDDL 2109
14/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next.Ti bng Configure DHCPv6 Stateless Mode chn Disable DHCPv6Stateless mode for this server .Nu mun cu hnh DHCP Server h tr DHCPv6 tngng vi IPv6 th chn Enable DHCPv6 Stateless mode for this server
Ti liu o to Qun tr Trang 14
-
8/6/2019 Dao Tao Admin - CDDL 2109
15/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next.Ti bng Authorize DHCP Server chn ti khon cp php cho DHCPServer trong Active Directory Services. y ti chn ti khon Administrator.
Ti liu o to Qun tr Trang 15
-
8/6/2019 Dao Tao Admin - CDDL 2109
16/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next.Ti bng Confirm Installation Selections l thng tin nhng thit lp trckhi ci t DHCP Server.
Ti liu o to Qun tr Trang 16
-
8/6/2019 Dao Tao Admin - CDDL 2109
17/85
Trung tm Cng ngh Thng tin EVNIT
Chn Install tin hnh ci t.i cho qu trnh ci t hon tt.
Ti liu o to Qun tr Trang 17
-
8/6/2019 Dao Tao Admin - CDDL 2109
18/85
Trung tm Cng ngh Thng tin EVNIT
Ti bng Installation Results thy dch v DHCP c ci t hon ttInstallation succeeded .Chn Close kt thc ci t
b. Cu hnh DHCP Server v thit lp a ch IP ng trn my client.VoStart Administrative Tools DHCPChn IPv4.Nhp chut phi voScope [10.0.0.1] EVN-DHCPv chnProperties. i vi HEPC, chn Scope [10.145.0.1]
Ti liu o to Qun tr Trang 18
-
8/6/2019 Dao Tao Admin - CDDL 2109
19/85
Trung tm Cng ngh Thng tin EVNIT
Ti tabGeneralbn c th thay i Scope name,thit lp li di IP v gii hn thi giana ch IP tn ti trn my client HEPC:
- Start IP: 10.145.4.11- End IP: 10.145.4.249
Ti liu o to Qun tr Trang 19
-
8/6/2019 Dao Tao Admin - CDDL 2109
20/85
Trung tm Cng ngh Thng tin EVNIT
thay i gateway.ChnScope Options.Ti khung bn phi,nhp chut phi vo003Router v chnProperties.
Ti liu o to Qun tr Trang 20
-
8/6/2019 Dao Tao Admin - CDDL 2109
21/85
Trung tm Cng ngh Thng tin EVNIT
Ti bngScope Optionsbn c th thay i gateway bng cch chnAddvxa b bng cch chnRemove. HEPC:
- Gateway: 10.145.4.2- DNS Server: 10.145.0.1; 10.145.0.2- DNS Domain Name: hepc.evn.com.vn
Sau chnOK . thay i tn min,voServer Optionsv chn015 DNS Domain Namev chnProperties.
Ti mcString valueg tn min mi vo chnOK
Ti liu o to Qun tr Trang 21
-
8/6/2019 Dao Tao Admin - CDDL 2109
22/85
Trung tm Cng ngh Thng tin EVNIT
c. Cu hnh a ch IP ng trn my ClientChnObtain an IP address automaticallyvObtain DNS server addressautomatically
Ti liu o to Qun tr Trang 22
-
8/6/2019 Dao Tao Admin - CDDL 2109
23/85
Trung tm Cng ngh Thng tin EVNIT
Th ping ti server .
d. Sao lu v phc hi DHCP Server.Sau khi hon thnh cc bc cu hnh,bn nn backup nhm hn ch ri ro. Nhp chut phi ln DHCP Server v chn Backup
Ti liu o to Qun tr Trang 23
-
8/6/2019 Dao Tao Admin - CDDL 2109
24/85
Trung tm Cng ngh Thng tin EVNIT
Chn th mc dng lu tr d liu backup. y mc nh l system32\dhcp\backu
Trong mt s trng hp,DHCP Server c th b li,mt d liu do mt s nguyn nhnnh h iu hnh gp s c,dch v DHCP gp li v khng th khi ng,cc xung
Ti liu o to Qun tr Trang 24
-
8/6/2019 Dao Tao Admin - CDDL 2109
25/85
Trung tm Cng ngh Thng tin EVNIT
ny sinh lm DHCP Server ngng hot ng.Khi bn cn restore DHCPServer.y l tnh nng tit kim thi gian v m bo chnh xc. Nhp chut phi ln DHCP Server v chn Restore.Ti bng Browse For Folder chn th mc cha d liu backup.Mc nh nm trongsystem32\dhcp\backup
IV. Dch v DNS1. Ci t DNS Server
DNS (Domain Name System) Server l my ch c dng phn gii domain thnha ch IP v ngc li.V d evn.vn 10.0.0.1V cch thc hot ng,DNS Server lu tr mt c s d liu bao gm cc bn ghi DNv dch v lng nghe cc yu cu.Khi my client gi yu cu phn gii n,DNS Server tin hnh tra cu trong c s d liu v gi kt qu tng ng v my client.
b. Ci t DNS ServerVo Server Manager Roles Add Roles.Ti bng Select Server Roles .Chn DNS Server
Chn Next.Ti bng DNS Server gii thiu v DNS Server cng nh mt s ch trkhi ci t ti mc Thing to Note
Ti liu o to Qun tr Trang 25
-
8/6/2019 Dao Tao Admin - CDDL 2109
26/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next.Ti bng Confirm Installation Selections xc nhn vic ci t.
Ti liu o to Qun tr Trang 26
-
8/6/2019 Dao Tao Admin - CDDL 2109
27/85
Trung tm Cng ngh Thng tin EVNIT
Chn Install.i qu trnh ci t hon tt.
Ti liu o to Qun tr Trang 27
-
8/6/2019 Dao Tao Admin - CDDL 2109
28/85
Trung tm Cng ngh Thng tin EVNIT
Chn Close hon tt ci t.
V. Cu hnh DNS Serveri vi DNS Server,thng thng bn nn xy dng ng thi hai h thng l DNSServer chnh (Primary) v DNS Server d phng (Secondary) dng chung mt c s dliu.Vi phng php ny,bn s hn ch kh nng dch v DNS b ngng khi c s cxy trn h thng.
1. Cu hnh DNS Server chnhVo Start Administrative Tools DNS. Nhp chut phi vo Forward Lookup Zones v chn New Zone
Ti liu o to Qun tr Trang 28
-
8/6/2019 Dao Tao Admin - CDDL 2109
29/85
Trung tm Cng ngh Thng tin EVNIT
Ti bng Welcome to the New Zone Wizard ,chn Next.
Ti liu o to Qun tr Trang 29
-
8/6/2019 Dao Tao Admin - CDDL 2109
30/85
Trung tm Cng ngh Thng tin EVNIT
Ti bng Zone Type chn Primary zone cu hnh DNS Server chnh.
Chn Next.Ti bng Zone Name g tn domain vo. HEPC: Zone name l: hecp.evn.com.vn
Chn Next.Ti bng Zone File , mc nh
Ti liu o to Qun tr Trang 30
-
8/6/2019 Dao Tao Admin - CDDL 2109
31/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next.Ti bng Dynamic Update bn c th ngn chn hoc cho php DNSServer chp nhn cc my client cp nht thng tin mt cch t ng.Ti s ngn chn m bo an ton cho h thng,chn Do not allow dynamic updates .
Chn Next.Ti bng Completing the New Zone Wizard bn xem li thng tin
Sau chn Finish hon tt.
Ti liu o to Qun tr Trang 31
-
8/6/2019 Dao Tao Admin - CDDL 2109
32/85
Trung tm Cng ngh Thng tin EVNIT
Nh vy bn cu hnh chc nng forward ( phn gii tn thnh a ch IP).By gi cu hnh chc nng reverse (phn gii a ch IP thnh tn) Nhp chut phi vo Reverse Lookup Zones v chn New Zone.Ti bng Welcome to the New Zone Wizard chn Next.
Ti bng Zone Type chn Primary zone cu hnh chc nng reverse cho DNS Server
chnh.
Ti liu o to Qun tr Trang 32
-
8/6/2019 Dao Tao Admin - CDDL 2109
33/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next.Ti bng Reverse Lookup Zone Name chn kiu IP cn phn gii.y ti chn IPv4.
Chn Next.in Network ID v chn Next. HEPC: Network ID l: 10.145 (lu : s 0 th 3 trong hnh khng in)
Ti bng Zone File mc nh.
Ti liu o to Qun tr Trang 33
-
8/6/2019 Dao Tao Admin - CDDL 2109
34/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next.Ti bng Dynamic Update chn Do not allow dynamic updates
Chn Next v xem li thng tin thit lp,nu chnh xc chn Finish
Ti liu o to Qun tr Trang 34
-
8/6/2019 Dao Tao Admin - CDDL 2109
35/85
Trung tm Cng ngh Thng tin EVNIT
VI. B sung cc bn ghi DNS vo DNS ServerSau khi hon thnh nhim v ci t v cu hnh DNS Server .Bn cn to c s d licho server ny bng cch b sung cc bn ghi DNS .Thng thng bn s tng tc v
ba loi ban ghi DNS ph bin l Host (A) ,Aliad(CNAME) Host (A): l bn ghi gm domain v a ch IP tng ng .V d evn.vn
192.168.1.1 Alias (CNAME): l bn ghi b danh,cho php nhiu domain cng nh x n mt
a ch IP,v d evn.vn evn.vn 10.0.0.1
Nu bn mun to cc record khc.Nhp chut phi vo zone v chn Other NewRecords..
Ti liu o to Qun tr Trang 35
-
8/6/2019 Dao Tao Admin - CDDL 2109
36/85
Trung tm Cng ngh Thng tin EVNIT
y ti s hng dn thao tc ba loi DNS record thng dng.Vo Start Administrative Tools DNS Nhp chut phi vo zone v chn New Host ( A or AAAA)G tn host vo mc Name ,g a ch IP vo mc IP address. Nu bn mun to ra mt bn ghi DNS phn gii ngc tng ng th nh du chnCreate associated pointer (PTR) record.Sau chn Add Host
Ti liu o to Qun tr Trang 36
-
8/6/2019 Dao Tao Admin - CDDL 2109
37/85
Trung tm Cng ngh Thng tin EVNIT
Xut hin thng bo thnh cng
Chn OK.Bng New Host tip tc xut hin,chn Done kt thc to bn ghi. to mt bn ghi Alias,nhp chut phi vo zone v chn New Alias (CNAME).Tng t nh trn,in cc thng tin vo.Ti mc Fully qualified domain name (FQDN) for target host .Nu bn khng nh ,chnBrowse tm tn my cn tht.
Ti liu o to Qun tr Trang 37
-
8/6/2019 Dao Tao Admin - CDDL 2109
38/85
Trung tm Cng ngh Thng tin EVNIT
Sau khi in thng tin y .Chn OK hon tt.
Ti liu o to Qun tr Trang 38
-
8/6/2019 Dao Tao Admin - CDDL 2109
39/85
Trung tm Cng ngh Thng tin EVNIT
Lu .V tn server,tn my client hay DNS Server ca cc bi lab l khngging nhau.V vy cc bn nn ch .Mc ch thay i tn lin tc cc bn c thhiu v nm bt nhanh hn.
VII. Dch v Hyper-V1. Gii thiu
Hyper-V trc y cn c gi l Windows Server Virtualization l cng ngh o haserver ca Microsoft, Hyper-V l mt trong nhng thnh phn quan trng ca WindowServer 2008. Hyper-V ch chy trn nn Windows 64 bit v CPU 64 bit c h tr cngngh o haHyper-V l mt gii php tt cho vic hp nht cc Server vt l hin khng s dng h phn cng c trang b bng cch trin khai thm cc Server o trn nn Server thcho php 1 Server m nhn cc cng vic ca nhiu Server nhm gim thiu chi ptrang b thm Server mi v cc chi ph duy tr hot ng ca Server nh in, khngian t Server v chi ph bo tr bo dng..., Hyper-V h tr cc Server o chy cc Hiu Hnh Windows 2000 Server, Windows Server 2003 32 bit v 64 bit, WindowsServer 2008 32 bit v 64 bit, ngoi ra Hyper-V cn h tr Vista, XP v c Linux.
2. Ci t Hyper-Vlu trc khi ci t bn cn kim tra trong BIOS Setup Enable chc nngVirtualization (tham kho ti liu hng dn i km Mainboard)
- M Server Manager -- Roles -- Add Role
- Chn Hyper-V Next
Ti liu o to Qun tr Trang 39
-
8/6/2019 Dao Tao Admin - CDDL 2109
40/85
Trung tm Cng ngh Thng tin EVNIT
- Next
- Chn Card mng dng cho my oNext
- Nhn nt Install tin hnh ci t
- Qu trnh ci t hon tt, h thng yu cu Restart myClose
- Nhn Yes Restart my
3. Khai bo my tnh mi trong Hyper-V
Ti liu o to Qun tr Trang 40
-
8/6/2019 Dao Tao Admin - CDDL 2109
41/85
Trung tm Cng ngh Thng tin EVNIT
- M Hyper-V - nh du check mc chn I have read and agreed th EULA, NhnAccept chp nhn cc thng tin bn quyn
- Click phi Microsoft Hyper-V Server -- Connect to Server
- Chn Local Computer -- OK
- Click phi ln tn Server -- New - Virtual Machine
- Next
Ti liu o to Qun tr Trang 41
-
8/6/2019 Dao Tao Admin - CDDL 2109
42/85
Trung tm Cng ngh Thng tin EVNIT
- t tn cho my o, bn c th ch nh th mc lu my o bng cch nh du Storthe virtual machine in a different location, y ti chp nhn gi tr mc nh
- Qui nh dung lng RAM dnh cho my o (Tnh bng n v MB)
- Chn nhn hiu Card mng dng cho my o
- Qui nh cc thng tin v tn File, v tr lu v dung lng cng o
- Nhn Finish hon tt
Ti liu o to Qun tr Trang 42
-
8/6/2019 Dao Tao Admin - CDDL 2109
43/85
Trung tm Cng ngh Thng tin EVNIT
- Click phi vo tn my o to, nhn Start bt my o
- Do cha ci t h iu hnh nn bn gp bo li khng th khi ng, ta bt u qutrnh ci t H iu hnh cho my o. Bn a DVD Source Windows vo DVD, y ti dng Windows Vista
- Chn Media - DVD Drive - Capture I: ( y I: l a DVD)
- Chn Action - Reset reset my o
- Bt u qu trnh ci t VistaTi y bn c th thao tc vi my o v hon tt vic ci t H iu hnh
Ti liu o to Qun tr Trang 43
-
8/6/2019 Dao Tao Admin - CDDL 2109
44/85
Trung tm Cng ngh Thng tin EVNIT
CHNG 2. ACTIVE DIRECTORYI. M hnh WORKGROUP M hnh Domain
Active DirectoryActive Directory Domain Services (ADDS) l mt dch v trn Windows Server 2008,sdng thng tin lu tr trong Active Directory qun l cc i tngusers,group,computer.Cc i tng ny c t chc theo mt cu trc phn cp.Gmc cc kiu :
Active Directory forest ( forest l i tng c to ra t mt nhm gm 2 haynhiu domain tree c quan h tin cy vi nhau trust relationship)
Cc domain tree trong forest Cc Organization Unit (OU) trong mi Domain
Ti liu o to Qun tr Trang 44
-
8/6/2019 Dao Tao Admin - CDDL 2109
45/85
Trung tm Cng ngh Thng tin EVNIT
Nhng im mi ca Active Directory Domain Services ca Windows Server 2008 : Auditing: lu tr cc s kin lin quan n nhng i tng trong Active
Directory.T c th bit c i tng thay i nhng g.V gi tr hin tav gi tr trc khi thay i cng c h thng ghi nhn li.
Password Policiesc th c cu hnh cho nhng i tng ring bit trong mtdomain.V th bn s khng phi s dng chung mt chnh sch mt khu cho tc cc ngi dng trong cng mt domain
Read-Only Domain Controllerl mt Domain Controller vi c s d liuActive Directory dng read-only.Dch v ny gip bn tm bo mt c ivi nhng ni m bo mt cha c m bo cao ,chng hn nh cc vn phng .Read-Only Domain Controller khng cho php cc domain controller cp thp hn thc hin nhng thay i ln Active Directory
Restartable AD DS: c im ny gip bn khi ng li AD DS trong khi vngi nguyn trng thi hot ng ca Domain Controller,gip bn hon thnh
nhng thao tc offline mt cch nhanh chng Active Directory Certificate Services (AD CS)l mt dch v c dng sinh ra v qun l cc certificate trn nhng h thng s dng cng ngh publickey .Bn c th s dng ADCS to ra cc my ch chng thc CA( Certification Authorities) .Cc CA c tc dng nhn yu cu v chng thc,sau x l v gi cc chng thc v li cho i tng gi yu cu.
Active Directory Federation Services (AD FS)l mt dch v cung cp c chng nhp - single sign-on(SSO) ,cho php bn ng nhp ch mt ln nhng cth dng nhiu ng dng Web c quan h vi nhau
Active Directory Rights Management Services (ADRMS)l dch v c dng
kt hp vi cc ng dng h tr AD RMS (AD RMS enableapplication),nhm bo v d liu quan trng ( bo co ti chnh,thng tin khchhng,n hng,s sch k khai k ton .v..v.) trc nhng i tng ngi dng
Ti liu o to Qun tr Trang 45
-
8/6/2019 Dao Tao Admin - CDDL 2109
46/85
Trung tm Cng ngh Thng tin EVNIT
khng c php (unauthorized users).Vi AD RMS,bn c th xc nhnhng ai c th thc hin cc thao tc nh xem,chnh sa,in n.trn d liu camnh
Active Directory Lightweght Directory Services (AD LDS) l mt dch v thmc LDAP (Lightweght Directory Access Protocol) trn Windows Server 2008.AD LDS cung cp mt c ch nhm h tr cc ng dng directory-enabled s dng th mc lu tr d liu) .Dch v ny c chc nng tng t nh ADDS,nhng khng i hi phi trin khai cc domain hoc Domain Controller
(Mt ng dng directory enabled l ng dng khng dng c s d liu,file hoc cccu trc lu tr khc,m thay vo l th mc lu tr d liu ca mnh.Cc ng dng dng ny c th l h thng qun l quan h khch hng,h thng qun l nhnlc.)
II. Ci t Active Directory1. Chun b trc khi ci t .1. Thit lp a ch IP cho card mng ca server hoc bn c th thit lp a ch IP
ca cc DNS Server trong h thng.Nu server ny l Domain Controller v DNSServer u tin,qu trnh ci t AD DS s bao gm c vic ci t DNS Server
2. Nu mun b sung server ny vo mt forest tn ti trn Windows Server 2000,Windows Server 2003 bn phi cp nht thng tin v forest bng lnhadprep /forestprep
3. Nu mun b sung server ny vo mt domain tn ti trn Windows Server 2000,Windows Server 2003 ,bn phi cp nhp thng tin v domain v group policy bng lnhadprep /domainprep /gpprep
4. Nu mun ci t mt Read-Only Domain Controller,bn phi chun b forest bng lnhadprep /rodcprep5. Xy dng cc DNS Server trong h thng mng nu c,trong qu trnh ci t AD
DS s c ci t DNS Server
b. Ci t Domain Controller (DC)Cng nh Windows Server 2003,th Windows Server 2008 trc khi nng cp ln DC phi cu hnhPreferred DNSv IP Loopback l 127.0.0.1 hoc v IP 10.0.0.1
Ti liu o to Qun tr Trang 46
-
8/6/2019 Dao Tao Admin - CDDL 2109
47/85
Trung tm Cng ngh Thng tin EVNIT
Windows Server 2003, ci t thm cc dch v nh DHCP,DNS voAdd/Remove Windows Components. Windows Server 2008 c thay th bngcng c qun trServer Managervi cc Roles v Features.V mc nh WindowsServer 2008 cha ci t cc dch v nn bn phi ci t dch v AD DS trc khi lnDomain Controller.VoServer Manager Add Roles.Chn dch v Active Directory Domain Services
Ti liu o to Qun tr Trang 47
-
8/6/2019 Dao Tao Admin - CDDL 2109
48/85
Trung tm Cng ngh Thng tin EVNIT
ChnNext.Ti bng Active Directory Domain Services gii thiu cho bn v dch vny v mt s lu khi ci t trong phnThings to Note
Ti liu o to Qun tr Trang 48
-
8/6/2019 Dao Tao Admin - CDDL 2109
49/85
Trung tm Cng ngh Thng tin EVNIT
ChnNext tip tc.Ti bng Confirm Installation Selections s yu cu bn xc nhnln cui trc khi ci t.ChnInstall
Ti liu o to Qun tr Trang 49
-
8/6/2019 Dao Tao Admin - CDDL 2109
50/85
Trung tm Cng ngh Thng tin EVNIT
i cho n khi hon tt qu trnh ci t dch v Active Directory Domain Services
Ti liu o to Qun tr Trang 50
-
8/6/2019 Dao Tao Admin - CDDL 2109
51/85
Trung tm Cng ngh Thng tin EVNIT
ChnClose hon ttVoRun g dcpromov chnOK
i trong vi giy h thng kim tra ci t dch v AD DS cha.Ti bng Welcome to the Active Directory Domain Services Installation Wizard chnNext
Ti liu o to Qun tr Trang 51
-
8/6/2019 Dao Tao Admin - CDDL 2109
52/85
Trung tm Cng ngh Thng tin EVNIT
Ti bng Operating System Compability s cho bn bit v tnh tng thch caWindows Server 2008.
ChnNext tip tc
Ti liu o to Qun tr Trang 52
-
8/6/2019 Dao Tao Admin - CDDL 2109
53/85
Trung tm Cng ngh Thng tin EVNIT
Ti bng Choose a Deployment Configuration chnCreate a new domain in anew forest to mt domain mi trn mt forest mi
ChnNext tip tc.Ti bng Name the Forest Root Domain.Ti FQDN of theforest root domaing tn domain vo.Sau chnNextv ch vi giy h thngkim tra tn domain s dng cha .
Ti liu o to Qun tr Trang 53
-
8/6/2019 Dao Tao Admin - CDDL 2109
54/85
Trung tm Cng ngh Thng tin EVNIT
Ti bng Set Forest Functional Level,chn phin bn Windows Server 2008 tn dnght tnh nng .Sau chnNext
Ti liu o to Qun tr Trang 54
-
8/6/2019 Dao Tao Admin - CDDL 2109
55/85
Trung tm Cng ngh Thng tin EVNIT
Ti bng Additional Domain Controller Options,h thng kim tra xem thdch v DNS Server c cha,v t ng nh du ci t DNS Server.Lu l bnkhng th ci t Read-only domain controller trn DC u tin ny
ChnNext.Ti bng Location for Database,Log File,and SYSVOL cho php bn thitlp ng dn ca database,log file v sysvol.Hy mc nh trongC:\Windows
Ti liu o to Qun tr Trang 55
-
8/6/2019 Dao Tao Admin - CDDL 2109
56/85
Trung tm Cng ngh Thng tin EVNIT
ChnNext tip tc.Ti bng Directory Services Restore Mode Administrator Password,thit lp password.Lu ,password ny khng phi l password ca ti khonAdministrator trong domain v password phi theo kiu complexity (gm cc k ta,A,@,1.) y ti s g password lpass@word1
Ti liu o to Qun tr Trang 56
-
8/6/2019 Dao Tao Admin - CDDL 2109
57/85
Trung tm Cng ngh Thng tin EVNIT
ChnNext.Ti bng Summary cho bn bit thng tin m bn thit lp trn.Nu ng v y ,chnNext thc hin vic ci t
H thng ang tin hnh ci t
Ti liu o to Qun tr Trang 57
-
8/6/2019 Dao Tao Admin - CDDL 2109
58/85
Trung tm Cng ngh Thng tin EVNIT
Sau khi ci t hon tt ,chnFinish kt thc
Khi ng li thay i c hiu lcKim tra h thng.
Ti liu o to Qun tr Trang 58
-
8/6/2019 Dao Tao Admin - CDDL 2109
59/85
Trung tm Cng ngh Thng tin EVNIT
III. Qun l User1. To mi ti khon ngi dng.
Sau khi to mt Domain Controller.Tip theo l to user trn domain.M Server Manager.Click RolesActive Directory Domain ServicesActiveDirectory Users and Computers.Sau click vo domain. Nhp chut phi vo User v chn NewUser
Ti liu o to Qun tr Trang 59
-
8/6/2019 Dao Tao Admin - CDDL 2109
60/85
Trung tm Cng ngh Thng tin EVNIT
Ti bng New Object User bn in y cc thng tin vo mc First name,Lastname,Full name.Lu : ti mc User logon name.y chnh l tn ti khon ca bn dng ng nhpvo h domain.V th phi nh chnh xc,v phi m bo tnh duy nht.
Chn Next tip tc.Xut hin bng thit lp password.y l mt khu ca bn nvi tn ti khon to trn,dng ng nhp vo domain.Lu l password phi tha mn cc chnh sch mc nh ca Windows Server 2008.Password t nht l 7 k t v phi c cc thnh phn sau :
1. Cc k t thng : a,b,c,d,e..2. Cc k t in hoa : A,B,C,D,E.3. Cc ch s : 1,2,3,4,5.4. Cc k t c bit : @,!,$,&,#....
y ti s thit lp password l pass@word1Lu 4 dng di :
User must change password at next logon : bt buc user phi thay i password ln ng nhp k tip
User cannot change password : user khng c quyn thay i password Password never expires : password khng c thi hn qui nh Account is disabled : v hiu ha ti khon.
y ti s chn User must change password at next logon m bo tnh ring t chuser.
Ti liu o to Qun tr Trang 60
-
8/6/2019 Dao Tao Admin - CDDL 2109
61/85
Trung tm Cng ngh Thng tin EVNIT
Chn Next tip tc. bng tip theo l thng tin v user chun b c to.
Chn Finish kt thc.Tip theo,kim tra th user c to .Click p vo User v kim tra
Ti liu o to Qun tr Trang 61
-
8/6/2019 Dao Tao Admin - CDDL 2109
62/85
Trung tm Cng ngh Thng tin EVNIT
2. Thit lp thi gian user c php ng nhp vo domain. Nhp chut phi vo user va to v chn Properties
Ti liu o to Qun tr Trang 62
-
8/6/2019 Dao Tao Admin - CDDL 2109
63/85
Trung tm Cng ngh Thng tin EVNIT
Theo mc nh,user c php ng nhp 24/24. thit lp li,chuyn qua tabAccount v chn Logon Hours..Ti y bn c th thit lp thi gian ng nhp cho useChn khong thi gian v click vo Logon Denied chn thi gian truy cp ca user
Hnh trn,ti thit lp user ny ch truy cp c vo 8h sng n 19h vo cc ngth 2 cho n th 7.Sau chn OK hon tt.
c. Thit lp user ng nhp s dng my tnhV l do bo mt,khng phi user no cng c ng nhp vo cc my tnh mt cchty . thit lp tnh ring t v ch nh my tnh no user c php s dng.Vo tabAccount.Chn Log On To.Chn The following computers ,sau g tn my tnh muser c php ng nhp.Sau chn Add.Nu bn mun b th click vo tn my tnhv chn Remove.Hoc mun sa tn th click vo tn my tnh v chn Edit.
Ti liu o to Qun tr Trang 63
-
8/6/2019 Dao Tao Admin - CDDL 2109
64/85
Trung tm Cng ngh Thng tin EVNIT
Chn OK xc nhn.Ti tab Account cn c cc mc :Unlock Account : khi bn mun m kha ti khon th chn nyAccount Options : thit lp cc chnh sch v ti khon.Account Expire : thi gian mt account tn ti.Nu bn chn End of v chn thi gia bn cnh th n thi gian account s ht hn v s mt.
Ti tab General cho php bn in y v chi tit v thng tin ca user .
Ti liu o to Qun tr Trang 64
-
8/6/2019 Dao Tao Admin - CDDL 2109
65/85
Trung tm Cng ngh Thng tin EVNIT
Ti tab Address cho php bn in thng tin v a ch ca user
Ti liu o to Qun tr Trang 65
-
8/6/2019 Dao Tao Admin - CDDL 2109
66/85
Trung tm Cng ngh Thng tin EVNIT
cc tab cn li ti s trnh by mt bi khc.Sau khi thit lp thng tin v user .Ti bng Properties .Chn OK xc nhn thayi . xa user ,nhp chut phi vo user v chn Delete.
d. To Group v a user vo Group to mt group mi.Nhp chut phi vo User v chn NewGroup.
Ti liu o to Qun tr Trang 66
-
8/6/2019 Dao Tao Admin - CDDL 2109
67/85
Trung tm Cng ngh Thng tin EVNIT
Ti Group name g tn group.Sau chn OK
Kim tra li group c to bng cch click vo User
Ti liu o to Qun tr Trang 67
-
8/6/2019 Dao Tao Admin - CDDL 2109
68/85
Trung tm Cng ngh Thng tin EVNIT
a user vo group ICT24H ,nhp chut phi vo group v chn Properties.Ti tabMember.Chn Add..Ti Enter the object name to select bn g tn user mun a vo group.Lu tn user phi l tn bn in ti mc User logon name phn to user.Sau khi g tn user bn chn Check Names kim tra.
V kt qu l tn ti user ny trn domain
Ti liu o to Qun tr Trang 68
-
8/6/2019 Dao Tao Admin - CDDL 2109
69/85
Trung tm Cng ngh Thng tin EVNIT
Ti s th g tn mt user khc.Chng hn Nguyen Van A sau chn Check Names kim tra.H thng s thng bo An object name Nguyen Van A cannnot be foundTn Nguyen Van A khng tn ti trn domain
Hoc bn cng c th tm kim nng cao bng cch chn Advance..Sau khi thm user vo group.Chn OK xc nhn
Ti liu o to Qun tr Trang 69
-
8/6/2019 Dao Tao Admin - CDDL 2109
70/85
Trung tm Cng ngh Thng tin EVNIT
tab Managed By ,bn c th in tn user qun l group bng cch chn Change v gtn vo Name .
Chn OK xc nhn.
Ti liu o to Qun tr Trang 70
-
8/6/2019 Dao Tao Admin - CDDL 2109
71/85
Trung tm Cng ngh Thng tin EVNIT
e. To Organization Unit (OU) to mt OU trn domain ,nhp chut phi vo domain,chn NewOrganizationalUnit
G tn OU vo Name .Nu bn mun cho php thao tc xa c thc hin trn OUny th b chn vo mc Protect container from accidental deletion
Chn OK hon tt.
Ti liu o to Qun tr Trang 71
-
8/6/2019 Dao Tao Admin - CDDL 2109
72/85
Trung tm Cng ngh Thng tin EVNIT
By gi ti s a group ICT24H vo OU Network. Nhp chut phi vo group ICT24H v chn Move
Sau chn OU Network v chn OK.
Kim tra OU Network thy group ICT24H .
Ti liu o to Qun tr Trang 72
-
8/6/2019 Dao Tao Admin - CDDL 2109
73/85
Trung tm Cng ngh Thng tin EVNIT
Nu bn mun xa user,group hay OU th nhp chut phi ln i tng v chn Deletev chn Yes
Ti liu o to Qun tr Trang 73
-
8/6/2019 Dao Tao Admin - CDDL 2109
74/85
Trung tm Cng ngh Thng tin EVNIT
CHNG 3. TO V QUN L TH MC DNG CHUNGI. Chia s d liu
Chn th mc cn chia s, trong v d l th mccommontrn a D:\.Click phi vo th mc, chn Propertieschn Tab Sharing bm vo Advanced
Sharing
Trong ca s Advanced Sharing, chn Permissions
Ti liu o to Qun tr Trang 74
-
8/6/2019 Dao Tao Admin - CDDL 2109
75/85
Trung tm Cng ngh Thng tin EVNIT
Chn Full Control cho user EveryoneOK OK OK
II. Phn quyn UserChn th mc cn phn quyn, v d th mc Common.Click phi vo th mc, chn Propertieschn Tab Security chn Advanced.Trong ca s Advanced s lit k ton b permissions ca th mc ny i vi tn
user.
Ti liu o to Qun tr Trang 75
-
8/6/2019 Dao Tao Admin - CDDL 2109
76/85
Trung tm Cng ngh Thng tin EVNIT
thay i, thm, sa, xa quyn ca ngi dng trn th mc, chn ChangPermissions
Ti liu o to Qun tr Trang 76
-
8/6/2019 Dao Tao Admin - CDDL 2109
77/85
Trung tm Cng ngh Thng tin EVNIT
sa quyn ca ngi dng/nhm ngi dng, chn vo ngi dng/nhmngi dng , sau chn Edit.
Chn nhng quyn p dng vi ngi dng/nhm ngi dng ny. Sau OK OK OK.
Ti liu o to Qun tr Trang 77
-
8/6/2019 Dao Tao Admin - CDDL 2109
78/85
Trung tm Cng ngh Thng tin EVNIT
Tng t vi thm quyn v ngi dng/nhm ngi dng, chn Addin votn ngi dng/nhm ngi dngOK.
Gn cc quyn ca ngi dng/nhm ngi dng
Ti liu o to Qun tr Trang 78
-
8/6/2019 Dao Tao Admin - CDDL 2109
79/85
Trung tm Cng ngh Thng tin EVNIT
CHNG 4. DCH V PROXY (ISA SERVER)I. Cu hnh ngi dng c quyn VPN
Start Administrative Tools Active Directory Users and ComputersChn user hay group cho php VPN, click phi chn PropertiesTab Dial inTrong phn Network Access Permission, chn Allow AccessOK OK.
Ti liu o to Qun tr Trang 79
-
8/6/2019 Dao Tao Admin - CDDL 2109
80/85
Trung tm Cng ngh Thng tin EVNIT
II. Cu hnh VPN trn my ClientChn Control Panel Network Connections. Trong ca s mi m, chn Create
New Connection.
Ti liu o to Qun tr Trang 80
-
8/6/2019 Dao Tao Admin - CDDL 2109
81/85
Trung tm Cng ngh Thng tin EVNIT
Ti liu o to Qun tr Trang 81
-
8/6/2019 Dao Tao Admin - CDDL 2109
82/85
Trung tm Cng ngh Thng tin EVNIT
Chn Connect to the netwok at my workplace
Chn Virtual Private Network connection
Trong khung Company Name, chn tn i din cho kt ni VPN
Ti liu o to Qun tr Trang 82
-
8/6/2019 Dao Tao Admin - CDDL 2109
83/85
Trung tm Cng ngh Thng tin EVNIT
Chn Do not dial the initial connection (nu c)
in vo a ch IP ca trng l:118.69.76.199
Ti liu o to Qun tr Trang 83
-
8/6/2019 Dao Tao Admin - CDDL 2109
84/85
Trung tm Cng ngh Thng tin EVNIT
Next Next Finish thit lp kt ni t Internet vo trng, thc hin cc bc nh sau:Vo Control Panel chn Network ConnectionTrong ca s Network Connection, chn kt ni HEPC
Ti liu o to Qun tr Trang 84
-
8/6/2019 Dao Tao Admin - CDDL 2109
85/85
Trung tm Cng ngh Thng tin EVNIT
Trong ca s kt ni, in username, passwordchn Connect kt nithnh cng.
Lu : nu h thng hi Domain th in vo tn domain l:HEPC