MCSE

Nguyn Quc Dng
bighare_701@yahoo.com
70-294 (Ci t v Cu hnh AD) Installing Active Directory

Trin khai trong cng v tr a l. Nng cp DC Gia nhp Domain Additional DC Global Catalog Sv Secondary DNS Sv DFS (Distributed File System) ng b d liu gia cc file Server. Ch : 1- Khi ci t DNS cng vi AD th phi cu hnh thm DNS s (Reverse lookup Zone). DNS h tr Join Domain + ng nhp Domain. 2- Multidomain th phi xem la chn: ng b n tt c DNS trong cng Forest ng b n tt c DNS trong cng Domain Tt c my DC trong cng Domain 3- C nhiu Network th phi to nhiu Reverse Lookup Zone 4- User c chng thc da vo Global Catalog
Nguyn Quc Dng
5- To nhiu Server: Load Balancing v Failover 6- To Additional DC (My ADC phi ang logon as Administrator\DomX.local) DC th 2 tr ln khng phi l Global Calalog Server. Phi cu hnh thm.
7- Khi ng li sau khi ci Secondary DNS Server trn ADC. My Domain Member chnh Prefer DNS v Afternate DNS v my no cng c. 8- DFS (ng b d liu gia cc file Server) Domain root: Multi domain Stand-alone root: Single Domain
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Install & Configure Active Directory

Cu hnh AD hai v tr khc nhau Verifying AD AD Tools Nu Server 2 Join Domain th mi thao tc s d dng hn khi ci t ADC. Nu khng Join th chnh Prefer DNS v Server 1. { khc phc tnh trng chp chn ca mng trong khi cu hnh ADC th Backup (System State) Server 1 sau Restore ti Server 2 (hoc c th Copy, Host ln Server trung gian) } Chnh ghi ln file c sn.
Restore ra th mc C:\ABC (Alternate location)
Nguyn Quc Dng
Nng cp DC ch Advance Run | dcpromo /adv
Nguyn Quc Dng
bighare_701@yahoo.com Administering AD
1- Backup AD 2- Restore AD Boot DC1 li nht F8 vo Directory Services Restore Mode None Authoritative: Phc hi System State cho mt DC m khng lm nh hng n AD Database ca h thng. Khi thc hin Restore trn 1 DC th khng cn thit phi tt DC th 2 (tt th khng chng thc c cho User khi Logon). Nu DC1 xa 1 User th sau khi Restore User s c to li. Nhng sau khi khi ng ln DC2 s Replicate qua DC1 l mt User Khng nh hng AD Database. Authoritative: Restore c th mt i tng trong AD Database. Mc nh khi Restore l Non Authoritative. thc hin Authoritative Restore th sau khi Restore th khng Restart li. Sau vo CMD NTDSutil | Authoritative Restore + Phc hi nguyn Database: Restore Database + Phc hi mt phn Database: Restore subtree (s dng cho OU) V d: Restore Subtree OU=HN,dc=domX,dc=local Quit Quit Exit + Phc hi mt i tng: Restore Object (s dng cho User) V d: Restore Object CN=KT2, OU=HN,dc=domX,dc=local
Nguyn Quc Dng
Multi: Domain, Tree, Forest

Domain c xy dng u tin trong mt Forest c gi l Forest Root Domain Child Domain (Enterprise Admin qun l). Xy dng AD th dng quyn ca Domain Admin. Nu xy dng thm 1 Domain mi th phi s dng quyn Enterprise Admin. Domain u tin c xy dng trong mt cy c gi l Tree Root Domain Child Domain Grandchild Domain, c trin Domain mi khng k tha Domain ang c. 1- Multi Domain: - S dng xy dng ph hp chnh sch bo mt (Vd: Password khc nhau - do Password Policy c chnh sa trong Computer nn khng p dng c bng cch gn GPO cho User trong OU). - Ph hp vi nhu cu qun l. Admin v tr no th qun l Domain v tr . - Ti u ha s ng b. Domain v tr khc (c lp vi Domain th nht) ch Repicate Schema (do Domain th hai ny thuc cng Forest) tn bng thng. - Gi li h thng Domain chy trn nn WinNT i c. Khng cn phi tn chi ph xy dng h thng mi. (WinNT c kh nng nng cp thng ln Win2003). C th trin khai 1 DNS qun l nhiu Domain hoc xy dng trn mi Domain 1 DNS ring qun l. VD: Trong trng hp ny s dng 1 DNS (Internal Namespace) qun l nhiu Domain. B1: Vo DNS To New Forward Lookup Zone b check Store the Zone in AD
Nguyn Quc Dng
B2: Nng cp Domain s dng quyn Enterprise Admin
Nguyn Quc Dng
Nguyn Quc Dng
B3: Logon vo Con04 bng Administrator password trng. B4: Thay i Dynamic Update th vo DNS | Properties (con04.dom03.local) trn DC1. Trong tab General chn Change v Check vo Store the Zone in AD. Chc nng: + User ca Domain cha c th Logon ti Domain con v ngc li (chnh Logon theo ng tn User) + Ti nguyn bn Domain con c th cp quyn cho Domain cha.
Nguyn Quc Dng
2- Multi Tree - Tha 1 trong 4 iu kin ca Multi Domain trn v khng k tha tn Domain ang c. 3- Multi Forest - Secure data (bo mt d liu): cn thm 1 Enterprise Admin mi qun l. D liu trong Domain mi ny b c lp v ch c nhng ngi lin quan mi c truy xut. - Isolate Directory Replication (cch ly ng b AD Database): khng ng b bt c d liu no k c Schema. - Trin khai mi trng LAB: kim tra ng dng sp trin khai c tng thch vi mi trng hin ti hay khng.
Nguyn Quc Dng
bighare_701@yahoo.com Rename Domain (70-294 trang 237)
S dng Windows Support Tool (Win2k3) 1- Rename DC iu kin i c tn l: Domain Functional Level phi l Win2k3 (h thng ch ton s dng win2k3 tr ln). Active Directory Users and Computers | Raise Domain Functional Level | Windows Server 2003 + Lnh s dng i tn: netdom computername pc03.dom03.local /add:dc03.dom03.local #Khng khong trng netdom computername pc03.com03.local /makeprimary: dc03.dom03.local + Kim tra: Full Computer Name Netdom computername dc03.dom03.local /enumerate Netdom computername dc03.dom03.local /remove:pc03.dom03.local + Quan trng nht l phi tt domain member ri sau khi ng li DC. Sau khi DC khi ng xong th mi bt u khi ng Domain Member. 2- Rename Domain (http://nhatnghe.com/tailieu/RenameDomain.htm) C1: S dng Email Address Policy trong Exchange Server i phn m rng email ca User. Nhng h thng vn s dng l DomX.local. C2: i tn Domain. Cn trung gian l Control Station (CS). Mi thao tc u thc hin trn CS. Chun b:
Nguyn Quc Dng
Nguyn Quc Dng
Bc 1: Backup System State ca Domain Controllers ( m bo vic an ton h thng) Bc 2: Thit lp my Control Station. (hu ht mi thao tc c thc hin ti y) Bc 3: To file m t Forest hin ti. Bc 4: Chnh sa li file m t va c to mi. Bc 5: To b lnh Rename Domain. Bc 6: Chuyn b lnh Rename vo DC. Bc 7: Kim tra li b lnh Rename sau khi chuyn vo DC. Bc 8: Thc hin cng vic i tn Domain bng b lnh Rename. Bc 9: Thc hin lnh kt thc qu trnh cu hnh. Bc 10: Cp nht Policy (Quan trng nht) vd: gpfixup /olddns:dom03.local /newdns:dom03.local.vn /newnb:dom03 /dc:dc03.dom03.local.vn
/oldnb:dom03
Nguyn Quc Dng
bighare_701@yahoo.com Operation Master Role
WinNT: Primary DC (my Master), Backup DC Win2k: Multi Master, 1 in 5 roles 1- Gii thiu OMR Forest-Wide Operation Master Roles + Schema Master: qun l Schema (nh ngha v thuc tnh ca cc i tng) trong Forest. Mi Forest ch c mt Schema Master Role. Mc nh c lu tr trong DC u tin trong Forest Root Domain (Domain u tin trong mt Forest). AD Schema. + Domain naming Master: qun l cc Domain Name trong Forest. Mi Forest ch c mt Domain naming Master. Mc nh c lu tr trong DC u tin trong Forest Root Domain. AD Domain & Trust + RID Master Role: qun l cc s ID (SID: i din cho cc i trng trong AD; RID: ID i din cho Domain) trong Domain. Mi Domain ch c mt RID Master Role. Mc nh c lu tr trong DC u tin trong Forest Root Domain. AD UC + PDC Emulator Role: ng gi lp mt PDC (Primary Domain Controller) chy trn nn WinNT. Mi Domain ch c mt PDC Emulator Role. Mc nh c lu tr trong DC u tin trong Forest Root Domain. AD UC + Infrastructure Master Role: ng b thng tin t Domain ny sang Domain kia. (Vd: xa hoc thm i tng trong Domain). Mi Domain ch c mt Infrastructure Master Role. Mc nh c lu tr trong DC u tin trong Forest Root Domain. AD UC Ci AdminPack.msi s dng cc cng c trn. Mun bit my no l my chnh th xem trong Operations Master (Run | MMC | Add Schema Master).
2- Trin khai
Nguyn Quc Dng
Thc hin khi s lng WorkStation qu ln hoc DC qu c. + Tranfer OMR: iu kin l DC c phi ang hot ng bnh thng. Mua my DC mi Join Domain Nng cp ln ADC (cu hnh GC). DC1: Change Domain Controller Operations Master Change OK
Nguyn Quc Dng
Nguyn Quc Dng
+ Seizing OMR (chim ot OMR) Trng hp my DC chnh b cht (h cng) bt c k t. Nhng xc cht vn cn (trong DNS). Dn xc cht bng lnh (trang 207 70.294) B1: Chim OMR Run | CMD | Ntdsutil
Nguyn Quc Dng
Tng t vi Seize domain naming master Seize RID Master Seize PDC Seize Infrastructure Master Bc cui cng l quit B2: Dn xc cht (207 70.294) Run | CMD | Ntdsutil
Nguyn Quc Dng
Quit
Nguyn Quc Dng
bighare_701@yahoo.com Trust Relationship
Khi trong mi trng mng trin khai Multi Domain th phi ch n Trust Domain. Khi hai Domain Trust vi nhau th User c th s dng ti nguyn ca nhau. Cc Domain nm trong cng Forest th t ng Trust vi nhau. 1- Gii thiu S dng cng c AD Domain & Trust xem v cu hnh. Hai c ch (two-way): Outgoing v Incoming. User c s dng ti nguyn ca nhau. Mt c ch (one-way): mt trong hai. Ch c s dng ti nguyn ca mt bn. V d: khi mua them cng ty. Trust Protocol: Win2k3 s dng Kerberos v.5 (default) hoc NTLM Trust Type:
+ Tree-root trust: Trust gia Forest Root Domain v Tree Root domain (2-way) + Parent-child trust: 2-way (vd: Microsoft.com v uk.microsoft.com) + Shortcut trust: hai domain t ng Trust thong qua Cross-link (vd: us.microsoft.com v sls.uk.msn.com) nhng thi gian ng nhp qu lu nn cu hnh Shorcut Trust (1-way hoc 2-way)
Nguyn Quc Dng
+ Realm Trust: cu hnh cho Windows v non-Windows (1-way hoc 2-way) + External Trust: Hai domain trong hai Forest (vd: Microsoft.com v Intel.com). + Forest Trust: cu hnh cho hai Forest Root Domain trust vi nhau. (1 way v 2 way). 2- Trin khai External trust (274 294): iu kin + Cc domain phi phn gii c tn ca nhau (s dng VPN hoc Lease Line). Cu hnh DNS Forwarder. Sau khi cu hnh th Restart DNS. + ng b thi gian gia hai h thng (quan trng)
Cch lm: M AD Domain & Trust (nh check kim tra incoming v outgoing)
Nguyn Quc Dng
Kim tra: Log off s thy thm Domain ca Forest bn kia. Ch c Domain ca my c cu hnh mi thy c nhau. Forest Trust: iu kin Ngoi hai iu kin trn th Forest Functional Level phi l Windows Server 2003.
Nguyn Quc Dng
Domain Functional Level: cc c ch hot ng trong Domain + Mixed Mode: H tr Win trc Win2k + 2000: Ch h tr t Win2k tr ln + 2003: Ch h tr Win2k3 tr ln + 2003 Interrim: nng cp t NT ln 2003 mi c. Ch h tr NT v 2k3. Cch lm: M AD Domain & Trust Raise Forest Functional Level Nu cu hnh External Trust th Remove ri thc hin cu hnh li. Kim tra:
Nguyn Quc Dng Chapter 5:

1- Gii thiu AD Site
Site: i tng thuc cu trc vt l. Domain: i tng thuc cu trc lun l ca AD. Cu hnh th t chng thc ca USER qu trnh chng thc nhanh hn v qun l c vic ng b AD Database. User Site no th Site chng thc Chia Site (AD Site & Services). B1: To mt Site mi
B2: Di chuyn DC sang Site mi.
Nguyn Quc Dng
B3: Thc hin vic Chia Subnet cho Saigon v Hanoi
Nguyn Quc Dng
2- Trin khai M1: DC (gi lp HCM) M2: Join DC Cross: 172.16.1.2/24 Cu hnh RARS (LAN Routing) M3: Tt LAN (gi lp HN) Cross: 172.16.1.1/24 M1& M3: chnh DG v M2 (192.168.1.2 & 172.16.1.2 Router) Hai my lin lc c vi nhau. { Mun qun l tp trung User HN th Join Domain tt c cc my vo M1 (nh to thm Reverse Lookup Zone cho M3 172.16.1.x). Khng b check Store the zone in AD. Trin khai thm DC (cu hnh Global Catalog v DNS Server) HN nhm Load Balancing v Failover }
Nguyn Quc Dng
. Xy dng thm Domain con (v d cho nhm nhn vin thng xuyn lm vic bn ngoi chnh sch password bo mt). B1: To New Forward Lookup Zone (M1) B2: Nng Cp DC (M2) B3: Chnh Policy B4: Tch hp vo trong AD
Nguyn Quc Dng
Nguyn Quc Dng
ng b gia Cc DC bng tay.
Nguyn Quc Dng

Configure Site Site Policy
Cc cp Policy: Local Policy: nh hng my tnh n Domain policy: nh hng n tt c my c trong h thng trong Domain OU policy: nh hng trn OU trin khai Site Policy: nh hng n Site ang trin khai. Chia Site trc khi cu hnh.
Nguyn Quc Dng
Replication (302 294) + Schema Partition: nh ngha v thuc tnh ca cc i tng trong Forest + Configuration Partition: cc i tng i din cu trc lun l i din cho Forest. + Domain Partition: i tng c lu tr trong mt Domain. + Application Directory Partition: ch tn ti trn DC 2k3. ng dng v dch v (tch hp Zone trong AD) c bit m c th bao gm tt c ngoi tr quyn hn hin c.
Nguyn Quc Dng
Chapter 6 & 8 (OU & GROUP) Ba l do nh ngha mt OU + y quyn Admin + Administer Group Policy (473) + n i tng Group + Type: Mail, File, Driver + Security C kh nng phn quyn + Distribution Khng c kh nng phn quyn 1- Group Scope thuc Universal (Distribution type & Functional Level Domain 2k3) Win2k3 h tr bn loi Group + Group nesting: Group trong Group member ny c th l member ca Group khc.
Nguyn Quc Dng

Chapter 7 I. Cng c to nhiu User + DSadd + CSvde + Ldifde + Script 1- DSadd
B1: dsadd B2: dsadd OU ou=HN,dc=dom12,dc=dom12,dc=local B3: dsadd user cn=u1,ou=SG,dc=dom12,dc=local pwd 123 2- CSvde To User: csvde i f c:\vd1.txt # I (AD), f (file) Xut thng tin: csvde d cn=u100,ou=HN,dc=dom12,dc=local f C:\vd2.txt 3- Ldifde Ldifde i f c:\vd3.txt \\pcnn\MSresource\techdocs\chbidomain2.vbs II. Move User K: Forest Functional Level 2003 Trust Relationship Tool: AD Migration Tool B1: M DNS to Zone (my join Domain nng cp DC) B2: Raise Level B3: Ci I386/ADMT B4: Vo AD Migration Tool III. Limit Logon Backup System State trc khi LimitLogon
Nguyn Quc Dng
bighare_701@yahoo.com Group Policy Object
1- Gii thiu GPO Policy l mt cng c chnh Registry (thuc regedit) trc quan c t Windows 2000 Apply Security Setting (trc khi hin Ctrl+Alt+Del) Computer Policy Apply Security Setting (sau khi nhp User & Pass) User Policy iu kin nh hng Policy: + Thuc phm vi nh hng (OU) + C quyn Read & Apply Group Policy + Tha WMI Filter 2- Trin khai Khi trin khai GPO th nn cu hnh ring l D qun l (c th Link mi ci n OU khc) A - Thuc phm vi nh hng. User hoc OU khng b nh hng th c cc cch sau: + Di chuyn User sang OU khc + Block Policy Inherity (khng cn Update) + To GPO ph nh li (thc t s dng)
Nguyn Quc Dng
B- Read & Apply GPO. + B quyn Read ca User + To Group cho nhm Users v Deny quyn Read ca Group
C- WMI Filter (http://www.computerperformance.co.uk/vbscript) i tn a C trn my l thnh abc Policy ch nh hng trn my l.
Nguyn Quc Dng
Lookback Policy: ly Policy trong User p cho Computer
Replace: Ghi ln Policy c Merge: kt hp vi Policy c Khi ng li my tnh sau khi chnh Policy Lookback. 3- Deploy Software (Chng 11 - 12) iu kin s dng cng c Deploy Software + S dng *.msi hoc *.zap (Winstle gip chuyn EXE sang MSI) http://www.nhatnghe.com/forum/showthread.php?t=1817 + User c cp quyn ci *.MSI (Chnh Registry) http://support.microsoft.com/kb/259459 Khi chnh Registry nh ng dn v Key To Key mi AlwaysInstallElevated c gi tr "1" HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer c th chnh sa c Registry nm ngoi Polciy th to file ADM. + (Optional) to file *.MST gip t ng nhp Product key S dng Windows Resource Kit (ORK.EXE\Custom Installation Wizard) to file MST. Computer Account B1: To OU > Move Computer Accout vo OU tng ng B2: Copy phn mm vo File Server > Share ra B3: Deploy Software cho Computer Account
Nguyn Quc Dng

User Account B1: to OU > Move User B2: Copy phn mm vo File Server > Share ra Public nm trong Control Panel (t ci) Assign l t ng ci lun B3: Deploy Software cho Computer Account
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng 70 293 TCP/IP

1- Chuyn i thp phn sang nh phn
2- a ch IP Giao thc (TCP/IP) ph bin nht giao tip gia cc my tnh vi nhau. 3- Cc phng php truyn tin 4- Chia Subnet 5- Lab Multicast (Class D: 224-239) S dng cho Chat Room, hi ngh truyn hnh
Nguyn Quc Dng
bighare_701@yahoo.com Internet Connectivity
1- Share Internet (NAT OutBound) 2- VPN (L2TP/IPSec) Proxy (ISA, Paros) + C Cache + Kim sot thng tin truy cp + Web, Ftp + Ph thuc ng dng + Chnh thng s Proxy trn ng dng NAT (ISA, RRAS) + Khng Cache + Khng kim sot thng tin + Tt c dch v + Khng ph thuc ng dng + Chnh Default Gateway
S dng ISA kt hp u im ca c hai dch v. ISA mc ch Disable Cache v kim sot thng tin cn cu hnh
Proxy Client
Nguyn Quc Dng

Proxy Server
Nguyn Quc Dng
bighare_701@yahoo.com Internet Connectivity
1- VPN (L2TP-1701/IPSec) C ch hot ng ca VPN l IP trong IP (gi tin trong gi tin) PPTP: NAT Inbound port 1723 vo IP Private ca Server (IP mt ngoi ca ISA) L2TP: + IPSec: Presharekey, Keberos (m hnh Domain), CA (CA Server). Chc nng m ha d liu, mi giao thc chuyn thnh ESP (Entrust Security Pilot). Bc cui cng l thc hin NAT Inbound port 1701 (cho php Client Access t bn ngoi). Ngoi ra cn phi thc hin NAT-T (i hi thit b, phn mm v h iu hnh phi h tr). Nu Router khng h tr NAT-T th gii quyt bng cch cu hnh Bridge Mode (IP Public s nm mt ngoi ca ISA). Tuy nhin, s gim kh nng bo mt cho h thng. http://nhatnghe.com/tailieu/adslbridge/adslbridge.htm Cu hnh VPN 1- To User v cp quyn (Dial-in Allow Access) 2- To folder DATAX Share
Nh thm 1 vo s VPN Client v Server chim mt a ch IP
Nguyn Quc Dng
ISA t Enable RRAS
Nguyn Quc Dng
Trong trng hp ISA khng Join Domain hoc s dng VPN Hardware th cn Server trung gian chng thc User (RADIUS Server).
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Client kt ni VPN Server:
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
bighare_701@yahoo.com Name Resolution
1- NetBios Name: chui di 16 k t + 15 k t u: tn ti nguyn (a-z;A-Z;0-9) + K t cn li: loi ti nguyn (h 16) Cc c ch phn gii: + Master Browser: t ng
+ Lmhosts File: C:\WINDOWS\system32\drivers\etc
+ WINS: ci WINS Clients cho User. 2- Internet Name (DNS Name) c t Windows 2k
Nguyn Quc Dng
Chui di 255 k t (a-z;A-Z;0-9;.;-). Bao gm hai phn (Fully Quanlify Domain Name FQDN): + C th c Host name + Domain name C ch phn gii: + Host file: C:\WINDOWS\system32\drivers\etc + DNS: Internal Name Space: Internet Name Space:
+ Nu nh cung cp (NCC) dch v qun l th nhng d liu to trong DNS nm trn Server vt l ca nh cung cp (New Domain). Mun to mi th Alo cho NCC hoc s dng giao din trang Web (Pointer ALO). + Khi mnh qun l th nhng d liu s nm trn server vt l ca mnh (Mc tin hn s dng cho h thng ln). u tin phi dng DNS Server (Server chuyn dng, bn quyn Windows, khai bo DNS, ng k ng truyn tt, IP tnh, NAT) New Delegation my DNS mnh qun l.
Nguyn Quc Dng

M hnh mu: My 3: info
Nguyn Quc Dng
Nguyn Quc Dng
Doi voi External thi Donot allow dynamic Updates
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Thao tac cau hinh Root My Root
Nguyn Quc Dng
Sau thc hin to New Domain New Delegation cho may1.com v may3.info My 2 bn cu hnh
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
bighare_701@yahoo.com Clustering Server
1- Gii thiu: xy dng nhiu Server chy cng mt dich v Load Balancing v Failover iu kin thc hin + Clustering: Hardware, Software v OS phi h tr. + NLB: OS phi h tr (Win Server). Khi trin khai cn bng ti trn thc t th c hai chiu: ra v vo. trin khai chiu ra th c th s dng Hardware (Dlink, Linksys, Draytek) hoc Software (WinRoute, ISA Array, PfSense..). Cn bng ti chiu vo l cc dch v cn li (Web, VPN). 2- Trin khai + Clustering: S dng chung Database (SQL, Ex2007, File Server, Print Server). Khi my b li th loi node b hng ra khi h thng.
Nguyn Quc Dng
VD: M hnh bn v my bay. Khi v c bn ra th s b loi ra khi h thng ca cc i l khc. Ex2007: Mailbox s dng Clustering cn cc role cn li s dng NLB. + Network Load Balancing (NLB): Khng s dng chung Database (Web, Ftp, VPN). Khi hng th khng loi node li ra h thng. Notes: Ci Driver cho Card mng trc khi lm. Khi cha cu hnh NLB
Nguyn Quc Dng
truy cp bng tn vo DNS khai bo Host B1: To Cluster Server (Network Load Balancing Manager) ti Web Server (PC01 & PC03).
Nguyn Quc Dng
Nguyn Quc Dng
Tng t khi to cho PC03. Sau khi cu hnh xong th NLB t ng bt ln
Nguyn Quc Dng
bighare_701@yahoo.com Public Key Infrastruture (Chapter 8-12 70-293)
(Tr 151 Windows 2003 Security Guide) Phng thc chng thc IPSEC: c chc nng m ha d liu nhng khng quan tm n giao thc ang thc hin. Mi giao thc u chuyn thnh ESP. 1- Pre-share key 2- Keberos (m hnh Domain) 3- Certificate Phng thc SSL (Secure Socket Layer): m ha d liu. Quan tm n giao thc ang thc hin. (Vd: web https, mail smtps). Khi SSL hot ng th thc hin theo trnh t nh sau: B1: Client K B2: Server Client (P) B3: Kim tra P ca Server (tht B4, gi Stop) B4: K (E) Psv X B5: X (D) Qsv K (ch c Server mi gii m c X K) B6: Dng K giao dch Mun trin khai SSL th phi c Certificate. Qu trnh trin khai m hnh Stand Alone. Thng tin cc nh cung cp tin cy:
Nguyn Quc Dng
i tng c cp Certificate l User Account, Computer Account v Services Account. Cc bc thc hin:
Nguyn Quc Dng
B1: Ci ASP.NET B2: Ci CA
Nguyn Quc Dng
B3: Kim tra (Active Server Pages Allow)
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng
Nguyn Quc Dng Radius
(Remote Authentication Dial In User Service) 1- Gii thiu RADIUS l chun m trong mt giao tip kt ni c lp vi HH vi v mt giao tip kt ni vi HH p dng RADIUS phn cng hoc phn mm (Firewall - ISA) dng chng thc USER trong Domain. 2- Trin khai (http://tuantt.nhatnghe.vn/RADIUS.htm) Bonus: http://www.nhatnghe.com/forum/showthread.php?t=4330 (Wireless chng RADIUS) http://www.nhatnghe.com/forum/showthread.php?t=11960 (Chng thc qua ISA) M1: DC, Radius SV, File SV (Dis LAN, 172.16.2.1) M2: VPN SV, Radius Client (172.16.2.2; 192.168.1.2) M3: VPN Client (Dis Cross; 192.168.1.3) M1: To folder Data1 (Share Full) File Server Nng cp ln DC (dcpromo) Chnh Policy To User teo\123 All Access (Dial in)
thc
Raise Domain Windows 2000 Native hoc Windows 2003 Ci Radius Server: Control Panel | Networking Service Ci IAS
Nguyn Quc Dng
Mi IAS | Register vo AD
Khai bo Client: Radius Client | New | 172.16.2.1 | Radius Standard
Nguyn Quc Dng
Cu hnh File log: RA Logging | Local Files | Properties | Check All (Chnh li ng dn Log Files C:\)
M file Log | Format | Word Wrap M2: Cu hnh VPN Server (Disable Firewall Services) M RRAS | Enable | Custom Configuration | LAN & VPN PC02 | Properties | IP | Static Adress Pool | 10.10.2.1 10.10.2.200
Restart RRAS Cu hnh Radius Client: RRAS | PC02 (Properties) | Security | Radius Authentication | Configure | Check Always user message authentication. | Check Accounting ON/OFF.
Nguyn Quc Dng
Nguyn Quc Dng
M3:
To VPN Client
Nguyn Quc Dng

MCSE

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MCSE

Uploaded by

Copyright:

Available Formats

Nguyn Quc Dng

70-294 (Ci t v Cu hnh AD) Installing Active Directory

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Install & Configure Active Directory

Restore ra th mc C:\ABC (Alternate location)

Nguyn Quc Dng

Nng cp DC ch Advance Run | dcpromo /adv

Nguyn Quc Dng

Nguyn Quc Dng

Multi: Domain, Tree, Forest

Nguyn Quc Dng

B2: Nng cp Domain s dng quyn Enterprise Admin

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

bighare_701@yahoo.com Rename Domain (70-294 trang 237)

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

bighare_701@yahoo.com Operation Master Role

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

bighare_701@yahoo.com Trust Relationship

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng Chapter 5:

B2: Di chuyn DC sang Site mi.

Nguyn Quc Dng

B3: Thc hin vic Chia Subnet cho Saigon v Hanoi

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

ng b gia Cc DC bng tay.

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

bighare_701@yahoo.com Group Policy Object

Nguyn Quc Dng

C- WMI Filter (http://www.computerperformance.co.uk/vbscript) i tn a C trn my l thnh abc Policy ch nh hng trn my l.

Nguyn Quc Dng

Lookback Policy: ly Policy trong User p cho Computer

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng

Nguyn Quc Dng 70 293 TCP/IP

Nguyn Quc Dng