Professional Documents
Culture Documents
BI TP THC HNH
QUN TR MNG WINDOWS SERVER 2008
BI 1: LOCAL USER ACCOUNT & GROUP ACCOUNT
Gii thiu: Thng thng mt my tnh khng phi lc no cng ch c mt ngi no
s dng duy nht m trn thc t ngay c my trong gia nh chng ta i khi vn
c t nht t 2-3 ngi s dng. Tuy nhin nu tt c mi ngi u s dng chung
mt ti khon th nhng d liu ring t ca ngi ny ngi kia hon ton c th xem
c.
Nhng nu my tnh l my chung ca cng ty v vn t ra l ta khng
mun ti liu ca ngi dng ny ngi dng kia c th xem ty tin c. Vy cch
tt nht l cp cho mi nhn vin mt my nht nh v yu cu h t password ln
my ca mnh, nhng nh th th rt tn km v khng c a chung. Chnh v th
ngi qun tr mng s s dng cng c Local Users and Groups to cc ti khon
ngi dng trn cng mt my, khi d liu ca ngi ny ngi kia khng th truy
cp c.
Local User - to c User local bn phi c quyn ngang hng vi
Administrator ca h thng.
B3: in cc thng s:
Lu hnh ni b
Trang 1
Lu hnh ni b
Trang 2
Gii thiu: Trong cng tc qun tr mng vic ng dng Group Policy vo cng vic
l iu khng th thiu i vi bt c nh qu tr mng no. Vi Group Policy ta c
th ty bin Windows theo ch m vi ngi s dng thng thng khng th lm
c
Chun b:
- M hnh bi lab gm 1 my
- To console Group policy Object
- To 3 user: U1, U2, U3 Vi password abc@123
- Add user U1 vo Group administrators
Thc hin:
1. M Group policy Object Editor
B1: M Group policy Object Editor
Start chn Run g lnh MMC
B2: Mn hnh console 1 chn menu file chn add/remove Snap-in
B3: Mn hnh add or Remove Snap-ins chn Group policy Object Editor chn
add
Lu hnh ni b
Trang 3
B5: Mn hnh add or Remove Snap-ins chn Group policy Object Editor chn
add
Lu hnh ni b
Trang 4
B2: M console1 trn desktop chn Local computer policy chn computer
configuration Chn Administrative Templates chn system ct bn phi Double
click vo Display shutdown Enven tracker chn Disable
Lu hnh ni b
Trang 5
Lu hnh ni b
Trang 6
- G lnh GPUPDATE/FORCE
B2: Kim tra Log of Administrator log on ln lt bng U1, U2 vo start chn setting
khng thy control Panel
Chnh policy n dektop ch p dng trn nhng user Khng thuc Group
Administrators
G lnh GPUPDATE/FORCE
Lu hnh ni b
Trang 7
G lnh Gpupdate/Force
B2: Kim tra:
- Log on vo bng quyn U1 Nhn Ctrl+Alt+Insert quan st thy khng c
chc nng chang password
- Log on vo bng quyn U2 Nhn Ctrl+Alt+Insert quan st thy c chc
nng chang password
Trang 8
- G lnh Gpupdate/Force
Kim tra:
- Log on U1,U3 Khng th truy cp control penel
- Log on U2 truy cp control penel thnh cng
BI 3:
1. Password policy
B1: Log on bng administrator
To 1 user U4 v password l : 123
Bo li khng th to c do khng tha yu cu v phc tp ca password
B2: Vo start chn program chn Administrative Templates chn Local Security
policy
B3: M Account polices chn password policy
Quan st ct bn phi
Lu hnh ni b
Trang 9
B4:
Enforce password history: S password h thng lu tr (khuyn dng: 24)
Maximun password age: Thi gian hiu lc ti a ca 1 password (khuyn dng : 42)
Minimun password age: Thi gian hiu lc ti thiu ca 1 password (khuyn dng : 1)
Minimun password length: di ti thiu ca 1 password (khuyn dng 7)
Password must meet complexity requirements: Yu cu password phc tp (khuyn
dng: enable)
Chnh password policy:
- Password must meet complexity requirements chn disable
- Cc password policy cn li chnh gi tr v 0 chn OK
- G lnh Gpupdate/Force
Kim tra: to user U4 vi password 123 thnh cng
Lu hnh ni b
Trang 10
Kim tra:
- ng nhp th sai password 4 ln khng th ng nhp c tip
- Chi sau 30 pht c th ng nhp li
Trang 11
BI 4: SHARE PERMISSION
Vic chia s cc ti nguyn trn mng l iu khng th thiu trong bt k h
thng mng no, tuy nhin vic chia s ny cn ty thuc vo nhu cu ngi s dng
& ca nh qun tr mng, v d trong cng ty chng ta c nhiu phng ban v cc
phng ban trong cng ty c nhu cu chia s ti nguyn cho nhau tuy nhin nh qun tr
mng mun khng phi phng ban no cng c th truy cp v t cc d liu ca
phng ban khc.
Chng hn cc nhn vin trong phng kinh doanh th c th truy cp d liu ca
phng mnh v phng k thut thoi mi, nhng vi cc nhn vin trong phng k
thut ch c php truy cp ti nguyn trong phng mnh m thi v khng c php
truy cp cc ti liu t phng kinh doanh. Tnh nng Sharing and Sercurity.. s gip
ta gii quyt cc yu cu trn.
Chun b:
- M hnh bi Lab gm 2 my
+ PC01 Windows Server 2008
+ PC02 Windows Server 2008
- PC01 To 2 account U1 v U2 vi password l :123
- To Folder THUCHANH trong a C, trong th mc THUCHANH to 2
Folder l DULIEU v BIMAT
- Trong cc th mc to file thuchanh.txt ni dung ty
- M windows explore chn Tool chn folder options chn View b du
chn trc dng User Sharing Wizard
- Trn 2 my tt Firewall, UAC v chng trnh Virus. Kim tra ng
truyn bng lnh Ping
Thc hin:
1. Share mt Folder
B1: Vo th mc gc a C chn Foder DULIEU Click chut phi ln folder
DULIEU chn Share
Trang 12
Pha trn chn Everyone pha di check vo Allow full control chn OK
2. Share n mt folder
Thc hin trn PC01:
B1: Click chut phi ln folder BIMAT chn Share
Lu hnh ni b
Trang 13
Pha trn chn Everyone pha di check vo Allow full control chn OK
Lu hnh ni b
Trang 14
Lu hnh ni b
Trang 15
Lu hnh ni b
Trang 16
BI 5: NTFS PERMISSION
Nh chng ta bit khi chia s ti nguyn qua mng (Share) User s chu tc
ng ca Permission c quyn hay b gii hn quyn do Administrator phn quyn.
Nhng n ch c tc dng nu User t my Client truy cp vo cn nu User
ngi trn Server th mi tc ng ca Share Permission hon ton v ngha, v th
gii hn quyn ca User ti local ngi ta s dng NTFS Permission Khi khi User
truy cp vo mt ti nguyn no mng s chu tc ng ca 2 Permission l
Share Permission & NTFS Permission Trong khi nu truy cp ti local s ch chu
tc ng ca NTFS Permission .
iu kin s dng NTFS Permission l Partition ca bn phi c format
nh dng file system l NTFS.
Chun b: To cy th mc nh hnh di
Lu hnh ni b
Trang 17
Lu hnh ni b
Trang 18
Lu hnh ni b
Trang 19
B7: Trong khung Enter the object names to select g KETOAN ; NHANSU Chn
check names
Lu hnh ni b
Trang 20
Kim tra:
- Ln lt log on va my bng quyn KT1,NS1 m th mc c:\DATA truy
cp thnh cng
- To Folder bt k xut hin thngbo li khng c quyn
Lu hnh ni b
Trang 21
Trang 22
B3: B du check trc dng Include inheritable permissions from this objects
parent
B4: Mn hnh Windows security chn copy chn OK-OK
Lu hnh ni b
Trang 23
B7: Chn Group KETOAN chn allow full control chn ok-ok
Lu hnh ni b
Trang 24
Lu hnh ni b
Trang 25
Lu hnh ni b
Trang 26
Kim tra:
-Ln lt log on vo bng KT1, NS1 truy cp vo th mc NHANSU ch c NS1 truy
cp thnh cng, cn KT1 khng truy cp c.
-User NS1 To, xa file, folder bt k trong th mc NHANSU thnh cng
Lu hnh ni b
Trang 27
Lu hnh ni b
Trang 28
Lu hnh ni b
Trang 29
BI 6: DOMAIN
Trong cc bi trc chng ta hc v cc vn nh to user Account trn
server. Hy tng tng trong cng ty bn c khong 5 my tnh vi mi my chng ta
s to cc User Account cho nhn vin truy cp. Tuy nhin nu ngi dng ng nhp
vo my 1 lm vic sau anh ta sang my th 2 lm vic th mi ti nguyn do anh
ta to trn my 1 hon ton c lp vi my 2 v thm ch vi tng my Admin phi
to cc User Account ging nhau anh ta mi truy cp c, mi chuyn s khng tr
nn qu rc ri nu cng ty chng ta c chng y my . Nhng nu cng ty bn c
khong 100 my th mi chuyn li khc, vn t ra l ch l mi my Admin phi
ngi to 100 Account nhn vin truy cp? v v mi my c lp vi nhau vic tm
li d liu trn my m ta tng ngi lm vic trc l cc k kh khn.
Do Windows c tnh nng l Domain Controller (DC) gip ta gii quyt
rc ri trn. iu kin c mt DC l bn phi trang b mt my Server ring c
gi l my DC cc my cn li c gi l my Client, c h thng c gi l
Domain Khi Administrator ch vic to User Account ngay trn my DC m thi
nhn vin cng ty d ngi vo bt c my no trn Domain u c th truy cp vo
Account ca mnh m cc ti nguyn anh ta to trc u c th d dng tm thy.
Lu hnh ni b
Trang 30
Lu hnh ni b
Trang 31
B6: Mn hnh Name the forest root Domain g tn domain cse.edu chn next
Lu hnh ni b
Trang 32
B10: Mn hnh Location for database, log files, and SYSVOL chn next
Lu hnh ni b
Trang 33
Lu hnh ni b
Trang 34
Lu hnh ni b
Trang 35
Lu hnh ni b
Trang 36
Lu hnh ni b
Trang 37
B5: G 0 vo dng
Lu hnh ni b
Trang 38
B3: Hp thoi Allow log on locally chn Properties chn Add user or Group
B4: G vo Users chn Ok- Ok
Lu hnh ni b
Trang 39
Trang 40
4. To Domain Group
B1: M Active Directory Users and Computer
Lu hnh ni b
Trang 41
B2:
Lu hnh ni b
Trang 42
- Password : 123
- Confirm password : 123
B du check User must chang password at next logon chn next
Trang 43
Lu hnh ni b
Trang 44
B5: M Active directory user and computer chn server manager vo Role chn
Active directory services chn Active directory user and computer
B6: Click chut phi vo User U1 chn properties qua Tab Profile chn Connect
in a ch th mc Homes Share trn server
\\Server\Homes\%username% chn Apply
Lu hnh ni b
Trang 45
B3: M Active directory user and computer chn server manager vo Role chn
Active directory services chn Active directory user and computer chn users
Lu hnh ni b
Trang 46
B4: Click chut phi vo User U1 chn properties qua Tab Profile in a ch th
mc Profile share trn PC1 g vo \\PC1\%username% chn Apply
B5: Kim tra:
-Ti PC2: log on U1, Trn Desktop to Folder Dulieu
-Ti PC1: log on U1, Quan st trn Desktop c Folder Dulieu
BI 8:
DOMAIN USER
Chun b:
- PC1: Windows server 2008 DC
- Chnh password n gin
- Chnh policy Allow log on locally : Add group Users vo policy
- Trong a C to 2 Folder Homes v Profiles Share 2 th mc ny vi quynEveryone Full control
- To OU CSE, trong OU CSE to Group NHANSU
1. To s dng User Template
B1: M Active Directory user and computer to user NS1 vi password 123
- To Roaming Profile v homes folder cho NS1 (Xem li bi homes folder
v Roaming Profile)
- Add user NS1 vo Group Nhansu
Lu hnh ni b
Trang 47
Trang 48
B4: Full name NS2 user log on name G NS2 chn Next
Lu hnh ni b
Trang 49
B7: Tng t thc hin t B3-B6 copy NS1 thnh account NS3/password 123
B8: Kim tra:
- Thuc tnh ca 2 user NS2 v NS3 ging NS1
- C 2 user NS2 v NS3 u c a vo Group Nhansu
Trang 50
B2: Qua tab Account nh du chn trc dng Logon hours chn Logon hours
B4: Kim tra: Ln lt Properties ca c 3 user:NS1, NS2,NS3 qua tab Account chn
Logon Hours..
Lu hnh ni b
Trang 51
Trang 52
BI 9: DOMAIN GROUP
Chun b:
- PC1: Windows server 2008 DC
- Chnh password policy n gin
- To OU CSE, trong OU CSE to 3 user: U1, U2, U3 Vi password 123
- Chnh policy cho php Group users c quyn log on trn my DC
1. To Global group
Lu hnh ni b
Trang 53
Trang 54
Trang 55
1. To OU:
B1: Start chn Program chn administrative tool chn Active Directory user and
computer click phi chut vo CSE.EDU chn New chn Organizational Unit
2. Xa OU
B1: Vo View chn advanced Features
Lu hnh ni b
Trang 56
B3: Qua tab Objects tt du check Protect object from accidental deletion sau
chn Ok
Trang 57
B3: Mn hnh Welcome chn Next trong mn hnh Selected users and group chn
add
Lu hnh ni b
Trang 58
B4: Nhp vo user quan1 chn check names sau chn ok chn next
Lu hnh ni b
Trang 59
B8: Trong ca st new Object chn user to user quan2 chn next trong Password
v Confirm password in abc@123 b du check ti dng user must chang
password at next logon chn next chn Finsh thnh cng.
Lu hnh ni b
Trang 60
B10: Click chut phi vo Container users th to 1 user mi khng xut hin menu
to user
Lu hnh ni b
Trang 61
Lu hnh ni b
Trang 62
1. To v Link Policy vo OU
My PC1:
B1: Start chn Program chn administrative tool chn Group policy
Management Bung forest chn Domain chn cse.edu click chut phi vo Group
Policy Object chn New
Lu hnh ni b
Trang 63
B6: Quay tr li mn hnh Group policy Management chut phi vo OU HUI chn
Link an Existing GPO
Lu hnh ni b
Trang 64
Lu hnh ni b
Trang 65
3. Enforce Policy:
B1: M Group policy management click chut phi vo GPO An control panel
chn Enforce
Lu hnh ni b
Trang 66
B2: Nhn vo OU HUI dng 2 biu tng mi tn Move up v Move Down di chuyn
Hien control panel ln u
Lu hnh ni b
Trang 67
Trang 68
B4: Bung mc User configuration chn Policies chn Sofware settings click phi
chut vo Software Installation chn New chn Package
Lu hnh ni b
Trang 69
Lu hnh ni b
Trang 70
Trang 71
B2: Bung mc User configuration chn Policies chn Sofware settings click phi
chut vo Software Installation chn New chn Package
Lu hnh ni b
Trang 72
Lu hnh ni b
Trang 73
Lu hnh ni b
Trang 74
Lu hnh ni b
Trang 75
B4: Bung mc Computer configuration chn Policies chn Sofware settings click
phi chut vo Software Installation chn New chn Package
Lu hnh ni b
Trang 76
43. Mt s Policy
A. Map to a mng cho Client Thc hin trn PC1
To mt th mc tn l TaiLieu trong a C Share quyn Everyone- Full Control
B1: Log on Administrator M Group policy Management click chut phi ln
Default Domain Policy chn Edit
B2: M theo ng dn: Chn User Configuration chn Preferences chn Windows
settings click chut phi ln Driver Map chn New chn Mapped Driver
Lu hnh ni b
Trang 77
B3:
- Action: Chn Create
- Location: \\Server\TaiLieu
- Chn dng : Reconnect
- Driver Letter: Chn user chn Z chn OK
Kim tra:
PC2: Ln lt log on bng cc user M My Computer u c a mng Z:\TaiLieu
Lu hnh ni b
Trang 78
BI 12: AUDIT
tu chnh Policy thng thng chng ta vo gpedit.msc hoc Active Directory
Users & Computer nu my ln DC. Bn hy tng tng xem nu mt cng ty
chng ta c hng trm my Client v mt s my th ta chnh Policy ny mt s my ta
chnh Policy kia, ri OU ny chu tc ng ca Policy ny OU kia chu tc ng ca
Policy n. V sau mt thi gian tu chnh Policy lung tung ln nh th bn hy t hi
xem mnh tng chnh ci g cho ci g? qu tht khng nh ni u.
Lu hnh ni b
Trang 79
B4: M Start chn Program chn Administrator Tools chn Event Viewer
B5: M Windows Logs click chut phi ln Security chn Clear log
Lu hnh ni b
Trang 80
Kim tra:
B1: Log off administrator Log on account u1 vi Password 456 Log on tht bi
B2: Log on vo administrator M Even Viewer chn windows logs chn security
M Audit Failuer Quan sat bn di thy account dng ng nhp l U1 ng
nhp vo my tnh tn PC1 vi Ip l 192.168.1.1 sai Password
Lu hnh ni b
Trang 81
B3: Click chut phi ln th mc DATA trong a C Chn properties qua tab
Security chn Advanced
Lu hnh ni b
Trang 82
Lu hnh ni b
Trang 83
Lu hnh ni b
Trang 84
B4: Quan st chnh sa file ca Admin: M Event Viewer chn Windows logs chn
Security.
M Audit Success quan st thy account dng truy cp ti nguyn l
Administrator truy cp vo C:\DATA\file1.txt
Trang 85
-Click chut phi vo C, chn Properties Qua tab Shadow copy chn Setting
Lu hnh ni b
Trang 86
2. Kim tra:
My PC2: Vo Start chn run g \\Server M th mc DATA m file thongbao.txt
sa li ni dung bn di, sau lu li
Lu hnh ni b
Trang 87
BI 14:
FILE SERVER RESOURCE MANAGER
1. Gii thiu:
FILE SERVER RESOURCE MANAGER gip cho ngi qun tr mngc th d dng
qun l d liu trn server mt cch hiu qu, bng cng c ny, Administrator c th
p quota ln ngay trn Folder hoc a, ngn cm sao chp nhng nh dng file m
admin ch nh.
Chun b:
PC1: Windows server 2008
PC2: Windows Vista, WinXP, Hoc Win 2003
To user U1 password 123
To Th mc BAOCAO , Share Full Control
Thc hin:
Lu hnh ni b
Trang 88
Lu hnh ni b
Trang 89
B2: Bung mc Quota Management click chut phi vo Quota chn Create Quota
Lu hnh ni b
Trang 90
Lu hnh ni b
Trang 91
Lu hnh ni b
Trang 92
Lu hnh ni b
Trang 93
Lu hnh ni b
Trang 94
B8: Hp thoi yu cu Save Template chn Save the custom file screen without
creating a template chn Ok
4. Kim tra:
B1: log on Administrator my PC2
B2: Vo Start chn Run g \\Server
Lu hnh ni b
Trang 95
Lu hnh ni b
Trang 96
B3: Trong ca s Quota Entries for C chn Quota chn New Quota Entry
Lu hnh ni b
Trang 97
B5: Ca s Add new Quota Entry gi nguyn option Do not limit chn Ok
B6: Trong c s Quata Entries click chut phi vo U1 chn Properties Trong ca s
Quota settings for u1 chn Limit disk space to nhp 100 MB mc Set warning
level to nhp 90 MB chn Ok
B7: Trong ca s Quota Entries click chut phi U2 chn properties trong ca s
Quota Setting for U2 chn Limit disk space to nhp 200 MB mc Set warning
level to nhp 190 MB chn
Lu hnh ni b
Trang 98
B2: Mn hnh Welcom chn next chn Windows server backup Features chn next
chn Install
Lu hnh ni b
Trang 99
B4: M Windows server backup trong Administrtive tools khung Action chn
Backup one
Lu hnh ni b
Trang 100
B7: Hp thoi Select backup items Chn Server(C) B du check trc dng Enable
system recovery chn next
B8: Hp thoi Specify destination type chn Remote shared folder chn
B9: Trong phn Type the path to the Remote shared folder g \\PC2\BACKUP
Chn Do not inherit chn next
Lu hnh ni b
Trang 101
B11: Hp thoi Specify advanced option chn vss copy backup ( recommended)
chn next chn next
Lu hnh ni b
Trang 102
2. RECOVER
Trc khi Restore gi lp mt d liu bng cch PC1 xa th mc DATA
Tin hnh khi phc d liu
B1: Trong chng trnh Windows server Backup trong khung Action chn Recover
Lu hnh ni b
Trang 103
B6: Select recovery type chn Files and folders chn next
Trang 104
Kim tra trn PC1: Sau khi Recover hon tt , m C quan st thy Folder DATA v
cc File trong DATA c khi phc.
Lu hnh ni b
Trang 105