P. 1
Quan tri mang Win2K Server

Quan tri mang Win2K Server

|Views: 22|Likes:
Published by api-3696962

More info:

Published by: api-3696962 on Oct 16, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

03/18/2014

pdf

text

original

QUAN TRI MANG WINDOWS 2000 SERVER

1JX\HÄQ7UXQJ+LHÂX 7UDQJ
004N I8I wIN00w5 2000 5£8¥£8
84I I: 0I0I IhI£0 0h0N0
, Gioi thieu ve Active Directory:
Co the so sanh Active Directory YÖÛL /DQ0DQDJHU trong WinNT 4.0. Ve can ban Active
Directory la 1 co so du lieu cua 1 ta i nguyen tren mang cung nhu cac he thong lien quan den cac
doi tuong do. Tuy vay day khong phai la 1 khai niem moi bo i Novell da su dung dich vu thu muc
(directory service) trong nhieu nam ro i.
,, 'RPDLQ
Mot khai niem khong thay doi tu WinNT 4. 0 la Domain. Mot domain van la trung tam
cua 1 mang trong Windows 2000, tuy nhien lai duoc thie t lap khac di. Cac DC (Domain
Controller) khong con phan biet PDC hay BDC. Bay gio chi con la DC. Theo mac dinh tat ca
cac may khi moi cai Windows 2000 server deu la server doc lap (standalone server).
DCPROMO. EXEFKÏQKODÚActive Directory Installation Wizard va duoc dung de thang cap 1
may khong phai la DC thanh DC.
III. Nang cap may server bình thuong thanh DC:
%ØÖÛFChon mneu 6WDUW5XQJR×'&35202 roi Enter.
%ØÖÛF Hop thoai $FWLYH 'LUHFWRU\ ,QVWDOODWLRQ :L]DUG xua t hien. Nhan 1H[W de tiep
tuc.
%ØÖÛF Trong hop thoai 'RPDLQ &RQWUROOHU 7\SH, chon muc 'RPDLQ &RQWUROOHU IRU D
QHZ'RPDLQ va nhan chon 1H[W. Neu ban muon bo sung may dieu khien vung vao 1 domain co
san, ban chon $GGLWLRQDOGRPDLQFRQWUROOHUIRUDQH[LVWLQJGRPDLQ
%ØÖÛF Trong hop thoai &UHDWH 7UHH RU &KLOG 'RPDLQ, chon &UHDWH D QHZ GRPDLQ WUHH
de tao 1 cay domain moi. Neu tren he thong mang da co san $FWLYH'LUHFWRU\ va ban muon tao
domain con cua cay domain san co, chon &UHDWHDQHZFKLOGGRPDLQLQDQD[LVWLQJGRPDLQWUHH
%ØÖÛF Trong hop thoai Create ar Ja/n Farest, chon Create a nen farest af dama/n tree,
chon Next. Neu ban co san Act/re D/rectary va ban muon dua cay domain vao rung san co, ban
se chon P/ace th/s nen dama/n tree /n an ex/st/ng farest
%ØÖÛF Trong hop thoai 1HZ GRPDLQ QDPH, ban co the dien ten nao cung duoc. Ví du
QKØGYWKWUXQJKLHXFRP (truong hop do i voi mang cuc bo LAN); va neu may chu cua ban dang
kí voi nha cung cap thì ban se lay ten do ban dang kí. Sau do nhan Next.
%ØÖÛF Hop thoai 'DWDEDVH DQG /RJ /RFDWLRQV cho phep ban chi dinh noi luu tru
database Active Directory va tap tin Log. Ban muon thay do i thì chon %URZVH, o day toi chon
1H[W.
%ØÖÛF Hop thoai 6KDUHG6\VWHP9ROXPH chi dinh vi trí cua thu muc 6<692/. Luu y thu
muc nay phai nam tren dïa co dinh dang NTFS neu khong se bao loi. Chon 1H[W.
%ØÖÛF Ban se thay thong bao cho biet tren he thong cua ban chua co '16VHUYHU quan
tri domain ban dinh tao. Nhan 2.de tiep tuc.
QUAN TRI MANG WINDOWS 2000 SERVER
1JX\HÄQ7UXQJ+LHÂX 7UDQJ
Buoc 10: Hop thoai &RQILJXUH'16, ban chon <HV,QVWDOODQG&RQILJXUH'16RQWKLV
FRPSXWHUUHFRPPHQGHG¨ va chon 1H[W. Neu ban muon tu cau hình dich vu DNS ban chon muc
con lai.
%ØÖÛF Trong hop thoai 3HUPLVVLRQ, ban chon gia tri 3HUPLVVLRQ&RPSDWLEOHZLWKSUH
n/ndans 2000 serrer khi he thong co cac server phien ban truoc Windows 2000. Neu chon
Perm/ss/an camaat/b/e an/y n/th n/ndans 2000 serrers khi he thong may cua ban toan la cac
server cua Windows 2000.
Buoc 12: Nhap password bao ve he thong, sau do nhan 1H[W roi 2.. Ban se phai cho
khoang 10-15 phut de qua trình hoan thanh. Trong qua trình nay co the may se yeu cau ban dua
dïa nguon cua Windows 2000 server vao.
Buoc 13: Buoc nay thì qua de, ban chi can 5HVWDU1RZ.
84I 2: 004N LÍ I4I Kh04N N000I 00N0 ¥4 Nh0M
Ten tai khoan Mo ta Moi truong
Administrator La tai khoan dac biet. Ban co toan quyen
tren may
Local va Domain
Guest La tai khoan khach, tai khoan nay bi han
che rat nhieu
Local va Domain
ILS_Anonymous_USER La tai khoan duoc dung cho dich vu ILS.
ILS ho tro cho cac ung dung Ðien thoai
co cac dat tính nhu: ID, video
conferencing. Muon su dung dich vu nay
thì phai cai dat.
Domain
IUSR_computer_name La tai khoan dac biet duoc dung trong
cac truy nhap dau ten trong dich vu IIS.
Local va Domain
IWAM_computer_name La tai khoan dung cho IIS khoi dong cac
tien trình cua cac ung dung tren may co
IIS.
Local va Domain
Krbtgt La tai khoan dac biet duoc dung cho dich
vu trung tam phan phoi khoa (Key
Distribution Center)
Domain
TsinternetUser La tai khoan dung cho Terminal services Domain
* Tai khoan nhom cai san:
Ten nhom Mo ta Moi truong
Account Operators Thanh vien cua nhom nay co the tao tai
khoan nhom, tai khoan nguoi dung nhung
chi co the quan lí nhung gì do no tao ra.
Domain
Administrators Nhom nay thì co toan quyen tren he
thong.
Local va Domain
Backup Operators Thanh vien cua nhom nay co quyen
Backup va Restore. Neu he thong su
Local va Domain
QUAN TRI MANG WINDOWS 2000 SERVER
1JX\HÄQ7UXQJ+LHÂX 7UDQJ
dung NTFS, ho phai duoc gan quyen thì
moi co the thuc hien duoc cong viec
Guests Ðay la nhom bi han che nhieu nhat. Local va Domain
Power Users Nhom nay co ít quyen hon nhom
Administrators nhung nhieu quyen hon
nhom Users. Nhom nay cung co the tao,
quan lí tai khoan nhom va nguoi dung do
ho tao ra. Ngoai ra con co quyen chia se
thu muc va may in mang.
Local
Print Operator Thanh vien nhom nay co quyen quan tri
may in
Domain
Replicator Nhom nay duoc dung de ho tro tao ban
sao thu muc, no la 1 dac tính duoc dung
trong cac server
Local va Domain
Server Operators Thanh vien nhom nay co the quan tri cac
server vung
Domain
Users Nhom nay cung co quyen rat han che. Local va Domain
Cert Publishers Thanh vien nhom nay co the quan lí cac
chung thuc cua cac cong ty
Global
DHCP Administrators Nhom nay co quyen quan lí cac dich vu
DHCP
Domain
DHCP Users Nhom nay co quyen su dung dich vu
DHCP
Domain
DNSAdmins Nhom nay co cac quyen quan lí cac dich
vu DNS
Domain
DNSUpdateProxy Nhom nay co quyen cho phep cac may
tram dns duoc gui yeu cau dns thay cho
cac may tram khac
Domain
Domain Computers Nhom nay chua tat ca cac may tram va
may server nhu la 1 phan cua vung
Global
Domain Controllers Nhom nay chua tat ca cac may dieu khien
vung cua vung
Global
Domain Guests La nhom co quyen truy cap gioi han tren
vung.
Global
Domain Users Nhom nay co quyen toi thieu tren vung Global
Enterprise Admins Nhom nay co quyen quan lí cac thong tin
cua cac cong ty lien quan den he thong
Global
Group Policy Creator
Owners
Nhom nay co quyen hieu chinh chính
sach bao mat trong vung
Global
RAS and ISA Server Nhoam nay chua cac thong tin ve dich vu
truy cap tu xa va dich vu chung thuc tren
Internet.
Domain
Schema Admins Nhom nay co quyen hieu chinh cac luoc Global
QUAN TRI MANG WINDOWS 2000 SERVER
1JX\HÄQ7UXQJ+LHÂX 7UDQJ
do cua Active Directory
WINS Users Thanh vien nhom nay co quyen xem
thong tin tren dich vu WINS(Windows
Internet Name Services)
Domain
* To chuc tai khoan nguoi dung va nhom (doi voi may chua nang cap thanh DC)
Cach tao tai khoan nguoi dung va nhom: 6WDUW6HWWLQJV&RQWUROSDQHO$GPLQLVWUDWLYH
7RROV&RPSXWHU 0DQDJHPHQW. Trong muc Laca/ Users and Graaas nhap chuot phai chon Nen
User hay Nen Graaa thì tuy ban chon.
Khi tao tai khoan nguoi dung mo i, co 4 muc:
+ User Must change Password At Next Logon: Nguoi dung phai thay doi password
ngay lan dang nhap dau tien.
+ User Cannot Change Password: Nguoi dung khong tu thay doi duoc mat khau.
+ Password Nerver Expires: Tai khoan nay se khong het han.
+ Account is Disabled: Tai khoan tam thoi bi khoa.
Neu ta muon nguoi dung nao gia nhap 1 nhom thì trong /RFDO XVHUV DQG JURXSV chon
*URXSroi add ten nguoi dung vao nhom ma mình muon.
QUAN TRI MANG WINDOWS 2000 SERVER
1JX\HÄQ7UXQJ+LHÂX 7UDQJ
84I 3: 40II¥£ 0I8£0I08¥
O bai 1 khi nang cap len DC, co nguoi se hoi nang cap len lam gì?
Ta nang cap len DC de co the quan lí 1 cach chi tiet hon cac tai khoan nhom va nguoi
dung.
&KXÛ\Û Khi ta nang cap len DC thì Laca/ Users and Graaas se bi danh dau cheo (khong
su su dung duoc nua). Ðe co the add User hay Group thì ta su dung Act/re D/rectary Users and
Camaaters. Khi cua so Act/re D/rectary Users and Camaaters xuat hien, chon Users. Sau do
nhap chuot phai chon Nen. (tuy ban).
O phan F/rst name, Last name, Fa// name thì tuy. Nhung o phan User Lagan name thì
ban phai nho de ma dang nhap cuc bo. Sau do cung co 4 muc giong nhu tren.
Muon xem thuoc tính nguo i dung thì click chuo t phai chon Praaert/es. Trong tab hop
thoai ban se thay rat chi tiet thong tin ve nguoi du ng. O tab Accaant ta se thay ten Lagan va cho
phep ta cau hình cac phan sau:
- Quy dinh gio logon
- Quy dinh may tram ma nguoi dung co the su dung de vao mang
- Quy dinh cac chính sach tai khoan nguoi cho nguoi dung.
- Quy dinh thoi diem het han cua tai khoan.
Ðieu khien gio Logon vao mang: Khi chon /RJRQKRXUV, hop thoai xuat hien va mac dinh
la duoc su dung 24/24 gio va 7 ngay /tuan. O day co 2 nut: /RJRQ3HUPLWWHGla cho phep, /RJRQ
'HQLHG la tu choi. Tuy ban thay doi ma cho phep nguoi dung su dung ngay nao, gio nao trong
tuan.
Chon may duoc truy cap: click ORJRQWR,ban se thay hop thoai /RJRQ:RUNVWDWLRQVxuat
hien, ta co the chi dinh cho nguoi dung /RJRQtu bat kì may nao hay tu 1 so may do ta chon bang
cach nhap ten may tính vao muc &RPSXWHU1DPHva sau do chon DGG.
* Neu muon kích hoat tai khoan de chay ngay tren may cua mình: chon Dama/n Secar/ty
Pa//cy/Laca/ Pa//c/es/User R/ghts Ass/gnment tìm dong Lagan Laca//y ro i add ten ma muon cho
Lagan ngay tren may Serrer. Sau do vao Start/ran/cdm.
Go cac lenh sau:
VHFHGLWUHIUHVKSROLF\XVHUBSROLF\
VHFHGLWUHIUHVKSROLF\PDFKLQHBSROLF\
Va nhu vay ban da kích hoat tai khoan xong. Neu khong lam nhu tren thì ban se phai cho
8h thì tai khoan moi tu dong kích hoat.
Them 1 nhom tai khoan, tuong tu nhu them User nhung ta chon Nen Graaa. Ta co cac muc:
- Dama/n /aca/ neu dung nhom cho viec gan quyen cho cac tai nguyen.
- G/aba/: neu dung nhom nay cho tat ca nguoi dung ma ho co quyen truy cap giong
nhau.
- Un/rersa/: neu ban muon gan quyen quan he voi nhung tai nguyen trong nhieu mien
khac nhau
- Secar/ty: neu nhom nay la nhung nguoi dung ma ho can truy cap den tai nguyen cu
the.
- D/str/bat/an: neu nhom nay la tap hop nhung nguoi dung ma ho co dac trung giong
nhau.
QUAN TRI MANG WINDOWS 2000 SERVER
1JX\HÄQ7UXQJ+LHÂX 7UDQJ
Xem thuoc tính cua nhom, chon 3URSHUWLHV.
* Tab General
* Tab Members: cho phep thay doi cac thanh vien
* Tab Members Of: cho phep ban xem va them, xoa nhom hien tai la thanh vien cua cac nhom
khac.
*Tab Managed by: Cho phep thay doi nguoi dung quan lí nhom nay.
QUAN LY TAI KHOAN THONG QUA COMMAND LINE
Chuc nang tao them, hieu chinh va hien thi thong tin cua cac tai khoan nguo i dung:
Ca ahaa:
net aser asername aassnard /dama/n
Chuc nang tao them nhom tai khoan:
Ca ahaa:
net graaa graaaname /dama/n
Chuc nang tao them nhom cuc bo.
net /aca/graaa graaaname /dama/n
84I 4: 0hÍNh 540h ¥4 Fh00N0 Fh4F 840 M4I
I. Chính sach tai khoan nguoi dung:
Chính sach tai khoan nguoi dung ($FFRXQW3ROLFLHV) duoc dung de chi dinh cac thong so
ve tai khoan nguoi dung ma no duoc su dung khi tien trình logon xay ra. No cho phep ban cau
hình cac thong so bao mat may tính cho mat ma, khoa tai khoan va chung thuc .HUEHURV trong
vung. Neu tren Windows 2000 thanh vien thì ban se thay 2 muc Passnard Pa//cy ra Accaant
Lackaat Pa//cy, tren may Windows 2000 Server lam DC (Dama/n Cantra//er) thì ban se thay 3
muc: Passnard Pa//cy,Accaant Lackaat Pa//cy ra Kerberas Pa//cyTrong Windows 2000 Server
cho phep ban quan lí chính sach bao mat tai 2 cap do la: cuc bo va vung. Muon cau hình cac
chính sach bao mat tai khoan nguoi dung ta vao: Adm/n/strat/re Taa/s/Dama/n Secar/ty Pa//cy
hay Laca/ Secar/ty Pa//cy
,, Cau hình chính sach mat ma: (Password Policy)
Chính sach Mo ta Mac dinh Gia tri nho
nhat
Gia tri lon
nhat
Enforce
Password
History
So lan dat mat ma khong
duoc trung nhau
0 0 24
Maximum
Password Age
Quy dinh so ngay nhieu
nhat ma mat ma nguoi
dung co hieu luc
Giu mat ma
trong 42 ngay
Giu mat ma
trong 1 ngay
Giu mat ma
trong 999
ngay
Minimum Quy dinh so ngay ít nhat 0 ngay (nguoi 0 999 ngay
QUAN TRI MANG WINDOWS 2000 SERVER
1JX\HÄQ7UXQJ+LHÂX 7UDQJ
Password Age ma nguoi dung co the
thay doi mat ma
dung co the
thay doi ngay
lap tuc)
Minimum
Password
Length
Chieu dai ngan nhat cua
mat ma
0 0 14 kí tu
Passwords Must
Meet
Complexity
Requirements
Cho phep ban cai bo loc
mat ma
Khong cho
phep
Khong cho
phep
Cho phep
Store Password
Using
Reversible
Encryption for
All Users In the
Domain
Mat ma nguoi dung duoc
luu duoi dang ma hoa
Khong cho
phep
Khong cho
phep
Cho phep
III. Cau hình chính sach khoa tai khoan(Account Lockout Policy)
Chính sach Mo ta Gia tri mac dinh Gia tri
min
Gia tri
max
Goi y
Account
Lockout
Threshold
Quy dinh so lan
dang nhap truoc
khi tai khoan bi
khoa
0 0 Thu 999
lan
5 lan
Account
Lockout
Duration
Quy dinh thoi gian
khoa tai khoan
La 0, nhung neu
Account Lockout
Threshold duoc thiet
lap thì gia tri nay la
30 phut
Nhu gia
tri mac
dinh
99999
phut
5 phut
Reset
Account
Lockout
Counter
After
Quy dinh thoi gian
dem lai so lan
dang nhap khong
thanh cong
La 0, nhung
neuAccount Lockout
Threshold duoc thiet
lap thì gia tri nay la 5
phut
Nhu gia
tri mac
dinh
99999
Phut
5 phut
IV. Cau hình chính sach cuc bo
Chính sach cuc bo (/RFDO 3ROLFLHV) cho phep ban thie t lap cac chính sach giam sat cac doi
tuong tren mang nhu nguo i dung va tai nguye n dung chung. Ðong thoi dua vao tính nang tren
ban co the cap quyen he thong cho cac nguoi dung va thiet lap cac lua chon bao mat.
QUAN TRI MANG WINDOWS 2000 SERVER
1JX\HÄQ7UXQJ+LHÂX 7UDQJ
IV.1 Cau hình chính sach kiem toan.
Cau hình chính sach kiem toan ($XGLW3ROLFLHV) giup ban co the giam sat va ghi nhan cac su
kien xay ra trong he thong, tren cac doi tuong cung nhu doi voi cac nguoi dung.
Chính sach Mo ta
Audit Account Logon Events Ghi nhan khi nguoi dung logon, logoff hay tao 1 ke t noi
mang
Audit Account Management Ghi nhan khi tai khoan nguoi dung hay nhom duoc tao
xoa hay cac thao tac quan lí nguoi dung
Audit Directory Service Access Ghi nhan viec truy cap cac dich vu thu muc
Audit Logon Events Ghi nhan cac su kien lien quan den qua trình logon nhu
thi hanh 1 logon script hay truy cap den 1 roaming profile
Audit Object Access Ghi nhan viec truy cap cac tap tin, thu muc, may in
Audit Policy Change Ghi nhan cac thay doi trong chính sach kiem toan
,9 Gan quyen nguoi dung:
Quyen nguoi dung (8VHU 5LJKW) la quyen he thong cung cap cho nguoi dung cac quyen
quan tri va su dung he thong.
Quyen Mo ta
Access This Computer form the
Network
Cho phep nguoi dung truy cap may tính tren mang. Mac
dinh moi nguoi deu co quyen nay
Act as Part of the Operating
System
Cho phep cac dich vu chung thuc o muc thap chung thuc
voi bat kì nguoi dung nao.
Add Workstations to the Domain Cho phep nguoi dung them 1 tai khoan may tính vao
vung
Back Up Files and Directories Cho phep nguoi dung sao luu du phong cac tap tin va thu
muc bat chap cac tap tin va thu muc nay nguoi do co
quyen hay khong
Bypass Traverse Checking Cho phep nguoi dung duyet qua cau truc thu muc neu
nguoi dung khong co quyen xem (list) noi dung thu muc
nay.
Change the System Time Cho phep nguoi dung thay doi gio he thong may
Create a Token Object Cho phep 1 tien trình tao 1 the bai neu tien trình nay
dung NTCreate Token API
Create Permanent Shared Objects Cho phep 1 tien trình tao 1 doi tuong thu muc thong qua
Windows 2000 Object Manager.
Debug Programs Cho phep nguoi dung gan 1 chuong trình debug vao bat
kì tien trình nao
Deny Access to This Computer
from the Network
Cho phep ban khoa nguoi dung hay nhom khong duoc
truy cap den cac may tính tren mang
Deny Logon as a Batch File Cho phep ban ngan can nhung nguoi dung va nhom duoc
phep logon nhu 1 batch file
QUAN TRI MANG WINDOWS 2000 SERVER
1JX\HÄQ7UXQJ+LHÂX 7UDQJ
Deny Logon as a Service Cho phep ban ngan can nhung nguoi dung va nhom truy
cap den may tính cuc bo.
Enable Computer and User
Accounts to Be Trusted by
Deletgation
Cho phep nguoi dung hay nhom duoc uy quyen cho nguoi
dung hay 1 doi tuong may tính
Force Shutdown from a Remote
System
Cho phep nguoi dung Shutdown he thong tu xa thong qua
mang
Generate Security Audits Cho phep nguoi dung, nhom hay 1 tien trình tao 1 entry
vao Security log
Increase Quotas Cho phep nguoi dung dieu khien cac quota cua cac tien
trình
Increase Scheduling Priority Quy dinh 1 tien trình co the tang hay giam do uu tien da
duoc gan cho tien trình khac
Load and Unload Device Drivers Cho phep nguoi dung co the cai dat hay go bo cac driver
cua cac thiet bi
Lock Pages in Memory Khoa trang trong vung nho
Log On as a Batch Job Cho phep 1 tien trình logon vao he thong va thi hanh 1
tap tin chua cac lenh he thong
Log on as a Service Cho phep 1 dich vu logon va thi hanh 1 dich vu rieng
Logon Locally Cho phep nguoi dung Logon tai may server
Manage Auditingand Security Log Cho phep nguoi dung quan lí security log
Modify Firmware Environment
Variables
Cho phep nguoi dung hay 1 tien trình hieu chinh cac bien
moi truong he thong.
Profiles Single Process Cho phep nguoi dung giam sat cac tien trình bình thuong
thong qua cong cu Performance Logs and Alerts
Profile System Performance Cho phep nguoi dung giam sat cac tien trình he thong
thong qua cong cu Performance Logs and Alerts.
Remove Computer from Docking
Station
Cho phep nguoi dung go bo 1 Laptop thong qua giao dien
nguoi dung cua Windows 2000
Replace a Process Level Token Cho phep 1 tien trình thay the 1 token mac dinh ma duoc
tao boi 1 tien trình con
Restore Files and Directories Cho phep nguoi dung phuc hoi tap tin va thu muc, bat
chap nguoi dung nay co quyen tren file va thu muc nay
hay khong.
Shut Down the System Cho phep nguoi dung shutdown may cuc bo windows
2000
Synchronize Directory Service
data
Cho phep nguoi dung dong bo du lieu voi 1 dich vu thu
muc
Take Ownership of Files or Others
Objects
Cho phep nguoi dung tuoc quyen so huu cua 1 doi tuong
he thong
QUAN TRI MANG WINDOWS 2000 SERVER
1JX\HÄQ7UXQJ+LHÂX 7UDQJ
IV.3 Cac lua chon bao mat:
Cac lua chon bao mat (6HFXULW\ 2SWLRQV) cho phep nguo i quan tri server dinh nghïa cac
quyen va giao dien tuong tac tren server giup cac nguoi quan tri thao tac tren server de dang va
an toan hon.
Ten lua chon Mo ta Mac dinh
Allow Server Operators to
Schedule Tasks(domain
controller only)
Cho phep nhom Server Operator lap
lich tac vu tren Server
Khong dinh nghïa
Allow System to Be Shut
Down Without Having to
Log On
Cho phep nguoi dung Shutdown he
thong ma khong can Logon
Khong cho phep
Audit the Access of Global
System Objects
Giam sat viec truy cap cac doi tuong
he thong toan cuc
Khong cho phep
Automatically Log Off
users When Logon Time
Expires
Tu dong logoff khoi he thong khi
nguoi dung het han tho i gian su dung
Cho phep
Disable CTRL+ALT+DEL
Requirement for logon
Khong yeu cau bam 3 phím
CTRL+ALT+DEL khi logon
Khong cho phep
Do Not Display Last user
Name in Logon Screen
Khong hien thi ten nguoi dung da
logon tren hop thoa i Logon
Khong cho phep
Rename Administrator
Account
Cho phep doi ten tai khoan
Administratror
Khong cho phep
Rename Guest Account Cho phep doi ten tai khoan Guest Khong cho phep
9 Phuong phap bao mat (Security): Chí su dung voi dia co dinh dang NTFS
Ma hoa du lieu bang EFS:
- EFS ((QFU\SWLQJ)LOH6\VWHP) la 1 ky thua t dung trong Windows 2000 dung de ma hoa cac
tap tin luu tren Partion NTFS. Viec ma hoa se bo sung them 1 lop bao ve an toan cho he thong
tap tin. Chi nguoi dung co dung khoa mo i co the truy xuat cac tap tin nay con nhung nguoi khac
thì bi tu choi truy cap. Ngoai ra nguoi quan tri mang con co the dung tac nhan phuc hoi (UHFRYHU\
DJHQW) de truy xuat den ba t kì tap tin nao bi ma hoa.
- Ðe ma hoa cac tap tin, ta tien hanh theo cac buoc:
* Chon cac tap tin va thu muc can ma hoa.
* Nhan chuot phai len cac tap tin va thu muc, chon Praaert/es/Adranced.
* Hop thoai Adranced Praaert/es xuat hien, danh dau muc Encryat/ng cantents ta secare
data va nhan OK.
* Hop thoai Canf/rm Attr/bate Changes yeu cau ban chi ma hoa rieng thu muc duoc chon
(Aaa/y changes ta th/s fa/der an/y) hay ma hoa toan bo thu muc, ke ca cac thu muc con (Aaa/y
changes ta th/s fa/der, sabfa/ders and f//es). Sau do nhan OK.
- Ðe go bo ma hoa, ta thuc hien tuong tu.
Cac quyen trong NTFS:
QUAN TRI MANG WINDOWS 2000 SERVER
1JX\HÄQ7UXQJ+LHÂX 7UDQJ
Ten quyen Chuc nang
Full control Co toan quyen tren thu muc hay tap tin
Modify Co quyen xoa, sua, thay doi
Read&Execute Co quyen doc va thi hanh tap tin
Read Chi co quyen doc
Write Co quyen sua, nhung khong xoa hay thay doi duoc
List Folder Contents Duyet danh sach thu muc
- Thuc hien: Nhap chuot phai vao tap tin, thu muc hay o dïa chon 7DE 6HFXULW\. Muon
cap quyen cho nguoi nao thì nhan $GG, muon bo quyen nguoi nao thì nhan 5HPRYH. Cot $OORZ:
la dong y; cot 'HQ\: la tu cho i. Trong 7DEVHFXULW\, neu ta danh dau chon muc: $OORZ,QKHULWDEOH
aerm/ss/ans fram aarent ta araaagate ta th/s abiect thì thu muc hien tai duoc thua huong danh
sach quyen truy cap tu thu muc cha. Neu muon cau hình chi tiet cho tung nguoi dung thì click
vao nut Adranced. Hop thoai Access Cantra/ Sett/ngsxuat hien.
- O hop thoai, neu ta muon them nguoi dung vao danh sach truy cap thì nhan Add nguoc
lai thì bam Remove. Neu xem va hieu chinh quyen truy cap thì click vao V/en/Ed/t. Trong hop
thoai Access Cantra/ Sett/ngs, neu danh dau chon muc: Reset aerm/ss/an an a// ch//d abiects and
enab/e araaagat/an af /nheretab/e aerm/ss/ans thì danh sach quyen truy cap cua thu muc hien tai
se duoc ap xuong cac tap tin va thu muc con. Ban muon giam sat quyen va ghi nhan lai cac
nguoi dung truy xuat thu muc hien tai, trong hop thoai
* Access Cantra/ Sett/ngs chon Tab Aad/t/ng, click Add chon nguoi giam sat, sau do click
vao Saccessfa/.
VI. Chia se truy cap qua mang:
Click chuot phai len thu muc, chon Praaert/es, chon Tab Shar/ng
Y nghïa cac muc:
Muc Mo ta
Do not share this folder Chi dinh thu muc nay chi duoc phep truy cap cuc bo
Share this folder Chi dinh thu muc nay duoc phep truy cap cuc bo va qua
mang
Share name Ten thu muc nguoi dung nhìn thay tren mang
Comment Mo ta them thong tin ve thu muc nay
User Limit So nguoi truy xua t toi da vao 1 tho i diem
Permissions Cho phep ban thiet lap danh sach quyen truy cap doi vo i
tung nguoi
Caching Cho phep thu muc duoc luu tru tam ta i lieu khi lam viec
duoi che do Offline.
Trong hop thoai Share Permissions:
- )XOO&RQWURO: Co toan quyen tren thu muc chia se.
- &KDQJH: Co quyen thay doi va xoa du lieu
QUAN TRI MANG WINDOWS 2000 SERVER
1JX\HÄQ7UXQJ+LHÂX 7UDQJ
- 5HDG: chi duoc phep doc va thi hanh
VII. Disk Quota (thiet lap han ngach cho dia)
- Han ngach dïa duoc dung de chi dinh khong gian dïa to i da ma 1 nguoi dung co the su
dung.
- Cau hình han ngach dïa:
* Chon dïa can thiet lap, click chuot phai 3URSHUWLHV4XRWD.
* Theo mac dinh chuc nang nay chua duoc kích hoat.
* Y nghïa tung muc:
+ (QDEOHTXRWDPDQDJHPHQW: thuc hien hay khong thuc hien quan lí han ngach dïa.
+ 'HQ\ GLVN VSDFH WR XVHUV H[FHHGLQJ TXRWD OLPLW: nguoi dung se khong the tiep tuc su
dung dïa khi vuot qua gioi han.
+ 6HOHFWWKHGHIDXOWTXRWDOLPLWIRUQHZXVHUVRQWKLYROXPH: Ðinh nghïa cac gioi han su
dung. Cac lua chon bao gom khang d/nh nghìa g/a/ han¨ (Da nat //m/t d/sk saace);
g/a/ han cha ahea¨ (L/m/t d/sk saace ta) va g/a/ han canh baa¨ (Set narn/ng /ere/
ta)
+ Se/ect the qaata /agg/ng aat/ans far th/s ra/ame: co ghi nhan lai cac su kien lien quan
den su dung han ngach dïa.
- Ðe thiet lap nhan Quota Entries trong Tab quota. sau do thiet lap cho tung muc.
Suu tam tu http://www.manguon.com
Nguyen Trung Hieu
trunghieu@hotpop.com
http://www.vtth.com

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->