.

TRUNG TM O TO MNG MY TNH NHT NGH

I TC O TO CA MICROSOFT TI VIT NAM
105 B Huyn Thanh Quan, Q3, TP. HCM
Tel: 3.9322.735 0913.735.906 Fax: 3.9322.734 www.nhatnghe.com

N TP THI CUI KHA MCSA 2008

I. Chun b: Nhm 2 my:
- My chn: Ghost EX2010
- My l:
Ghost TMG-SRV
Chc nng ca 2 my trong bi Lab:
- My chn: DC, DNS Server, CA Server, Exchange Server, Client
- My l: Member Server, TMG Server, VPN Server
1. Thng s TCP/IP
Cu hnh TCP/IP cho 2 my nh trong bng sau:
Interface

Parameter

My L

My chn

172.16.x.1 / 24

172.16.x.2 / 24

Khng

172.16.x.1

P. DNS

172.16.x.2

172.16.x.2

IP Add.

192.168.P.x / 24

IP Add.
Cross

LAN

D. Gateway

D. Gateway

192.168.P.200

P. DNS

Disable

Khng

X : S my l
P : S phng
Z : S my chn
Lu : My chn phi enable IPv6 ca card Cross
2. My chn
- Cu hnh li DNS s dng card CROSS:
+ Xa Reverse Lookup Zone 192.168.Y.0, to Reverse Lookup Zone 172.16.X.0
+ To Pointer Record cho my chn
- Restart Services: Microsoft Exchange Active Directory Topology Services
- Kim tra Exchange hot ng tt
3. My l
- Disjoin domain hin thi
- Join vo domain ca my chn
- Logon Domain Administrator
- m bo 2 my truy cp Internet thnh cng
II. Thc hin
1. To cc Exchange Recipients sau:
- Mailbox user:
+ kt1/123, kt2/123 c thuc tnh Deparment l ketoan & nm trong OU Ketoan
+ ns1/123, ns2/123 c thuc tnh Deparment l nhansu & nm trong OU Nhansu
+ s1/123, s2/123 c thuc tnh Deparment l kinhdoanh & nm trong OU KinhDoanh
+ a1/123, a2/123 c thuc tnh Company l ABC & nm trong OU ABCCorp

Phin Bn Th Nghim Lu Hnh Ni B

TRUNG TM O TO MNG MY TNH NHT NGH

I TC O TO CA MICROSOFT TI VIT NAM
105 B Huyn Thanh Quan, Q3, TP. HCM
Tel: 3.9322.735 0913.735.906 Fax: 3.9322.734 www.nhatnghe.com
To cc Mail Enable Group:
+ Security Group NS c member l : ns1, ns2 & nm trong OU Nhansu
+ Security Group KT c member l : kt1,kt2 & nm trong OU Ketoan
+ Security Group ABCGroup c member l : a1,a2 & nm trong OU ABCCorp
To Dynamic Group Sale lc member c thuc tnh Deparment l kinhdoanh
To Mail Contact: Teo vi Email Add: teo@yahoo.com

2. Trn my chn:
- To cy th mc v phn quyn NTFS nh trong bng sau:
C:\DATA
C:\DATA\KETOAN
C:\DATA\NHANSU
C:\DATA\DULIEUCHUNG
-

KT: Read
KT: Modify
NS: Modify
KT: Modify

NS: Read
NS: khng c quyn
KT: khng c quyn
NS: Modify

Share cy th mc sao cho cc quyn NTFS cp vn gi nguyn khi user truy cp qua mng

3. Trn my chn:
- Cu hnh Home Folder cho tt c cc user thuc group KT & NS, th mc cha Home folder l
C:\HOMEDIR
- Cu hnh Roaming Profile cho cc user thuc group KT & NS, th mc ch Profile l C:\PROFILES
- Cu hnh Folder Redirection lu My Documents ca cc user trong OU HN vo th mc
C:\MYDOCS
- Ci t v cu hnh File Server Resource Manager theo cc yu cu sau:
+ Thit lp Quota cho th mc KETOAN & NHANSU l 2GB (Hard Quota)
+ Thit lp Quota cho th mc DULIEUCHUNG, HOMEDIR, PROFILES & MYDOCS l 1GB
(Hard Quota)
+ Khng cho lu cc file c ui .exe, .vbs, .msi, .com vo cc th mc trn
4. Trin khai GPO theo cc yu cu sau
- Map th mc KETOAN v thnh a X i vi cc user trong OU KETOAN
- Deploy chng trnh Adobe Reader 9.0 cho cc user trong OU KETOAN & NHANSU
5. Setup & deploy Printer
- Trn my chn ci t 1 Printer t tn l Printer1
- Phn quyn sao cho ch thnh vin ca group KT c s dng Printer1
- S dng GPO deploy Printer1 cho cc user trong OU NHANSU
6. Cu hnh Audit Policy theo cc yu cu sau:
- Ghi nhn s kin logon tht bi ca tt c user trn tt c cc my trong h thng
- Ghi nhn tt c cc hnh ng truy cp vo folder C:\DATA

7. Mailbox Database:
- To 2 Mailbox Database:
+ KTData & move 2 mailbox kt1,kt2 vo KTData
+ ABCData & move 2 mailbox a1, a2 vo ABCData
- Cu hnh trn KTData nhm gii hn dung lng mailbox:
+ Issue warning at (KB): 4000
+ Prohibit send at (KB): 5000
+ Prohibit send and receive at (KB): 10000

8. To cc Address Lists theo yu cu sau:

Phin Bn Th Nghim Lu Hnh Ni B

TRUNG TM O TO MNG MY TNH NHT NGH

I TC O TO CA MICROSOFT TI VIT NAM
105 B Huyn Thanh Quan, Q3, TP. HCM
Tel: 3.9322.735 0913.735.906 Fax: 3.9322.734 www.nhatnghe.com
To Address List : ABC Address List cha thng tin ca cc recipient c thuc tnh Company l ABC
To Global Address List : ABCGAL cha thng tin ca cc recipient c thuc tnh Company l ABC
Cm ABCGroup s dng Default Global Address List
To Offline Address Book tn ABCOfflineAdd ly thong tin t ABC Address List, v cu hnh cho
Database ABCData s dng ABCOfflineAdd

9. Cu hnh Client Access cho php user c th truy cp mailbox thng qua cc protocol sau:
POP3, IMAP4, HTTP, POPS,IMAP4S, HTTPS.
10. Cu hnh Email Address Policy:
- To Accepted Domain : ABC.COM
- To Email Address Policy cho nhn vin ca Company ABC c Email Address l @abc.com
11. Cu hnh Messaging Policy
a. Transport rule :
- Chn thng ip trch nhim (disclaimer text) vo message.
- Cm user thuc group KT gi ra ngai v ng thi gi li thng bo li cho Administrator.
b. Journaling rule:
- Theo di e-mail ca user thuc group NS
c. Messaging Record Management Policy
- Sau 3 ngy, t ng xa mail trong Inbox ca KT1 & KT2
12. Trn my chn:
- Ci Forefront TMG Client
13. Trn my l, to cc access rule theo cc yu cu sau:
- Cho php truy vn DNS t Internal ti External
- Cho php tt c user truy cp t Internal n External vi cc Protocol SMTP & POP3
- Cho php cc user thuc group Domain Admins & Nhansu truy cp tt c dch v trn Internet
- Ch cho php cc user thuc group Ketoan truy cp web trong gi ngh tra (12h-13h)
- Cm tt c user truy cp trang http://*.zing.vn , nu truy cp th redirect v a ch
http://www.google.com.vn
Lu : Sp xp cc rule sao cho hp l
-

Bt Malware Inspection trn tt c cc rule

Cu hnh HTTPS Inpection cm truy cp cc Website c SSL Certificate khng hp l
Cu hnh URL Filtering cm truy cp cc Website h tr chat
Cm s dng Yahoo Messenger
Cm download file c ui .exe

14. Cu hnh Server Publishing theo yu cu sau:

- Publish Web Site (HTTP) t ngoi truy cp web bng http://www.domZ.local
- Public Mail Server (SMTP & POP3)
- Publish Secure Outlook Web Access t ngoi internet c th truy cp c bng a ch
https://www.domZ.local/owa
15. Cu hnh VPN Client-to-Gateway theo yu cu sau:
- H tr kt ni PPTP
- H tr kt ni L2TP/IPSec (M ha Preshare Key)
- H tr kt ni SSTP
----------------------------------@@@----------------------------------

Phin Bn Th Nghim Lu Hnh Ni B