Chng 1 TNG QUAN V WINDOWS SERVER 2003

1.1. Cc phin bn ca Windows Server 2003 Trong Windows Server 2003 Microsoft cung cp mt s tnh nng mi nhng cc tnh nng ny khng c cung cp y trong mi n bn ca h iu hnh Windows Server 2003. Thay v th h chia ra thnh 4 phin bn ch lc sau: Windows Server 2003, Standard Edition Windows Server 2003, Web Edition Windows Server 2003, Enterprise Edition Windows Server 2003, Datacenter Edition 1.1.1 Windows Server 2003, Standard Edition y l phin bn chun ca Windows Server 2003, n c tt c cc tnh nng c trong cc h iu hnh tin nhim trc n l Windows 2000 Server. Ngoi ra n cn c b sung thm cc tnh nng mi nh cc bn Windows Server 2003 khc. Mt khc Windows Server 2003, Standard Edition cn km theo mt tnh nng khc m trong Windows 2000 Server khng c, l tnh nng Network Load Balancing (NLB). NLB khng phi l tnh nng mi, n xut hin trong phin bn Windows Server cao cp hn, l phin bn Windows 2000 Advanced Server. 1.1.2. Windows Server 2003, Web Edition y l phin bn mi xut hin trong dng Windows Server ca Microsoft. Mc ch ra i ca phin bn ny l nhm thc y s pht trin ca phn mm Web Server (IIS) cnh tranh vi cc Web Server khc nh Apache. Phin bn ny ch c kh nng nh a ch ti a l 2GB b nh RAM. Ngoi ra phin bn ny cn b loi b nhiu tnh nng khc nh: Khng th ng vai tr l Domain Controller mc d n c th gia nhp vo mt min c sn. Khng th ym tr cc my khch Macintosh tr khi vi vai tr l mt Web Server. 106

 Khng th truy cp t xa thng qua Terminal Services mc d n c tnh nng Remote Desktop nh Windows XP. Khng th cung cp tnh nng Internet Connection Sharing hoc Net Bridging. Khng th ng vai tr l mt DHCP Server hoc Fax Server. 1.1.3. Windows Server 2003, Enterprise Edition y l bn nng cp ca phin bn Windows 2000 Advanced Server c Microsoft cung cp trc y. Windows Server 2003, Enterprise Edition cung cp kh nng kt chm server ti a ln n 4 my v n cng cho php khi ng server t Storage Area Network (SAN), lp t nng b nh RAM v chy c 4 b vi x l. 1.1.4. Windows Server 2003, Datacenter Edition y l bn cao cp nht trong dng sn phm Windows Server 2003 ca Microsoft. Phin bn ny c nhng cng c rt mnh m trc y ch c th thc hin c trn nhng my mainframe nh cng c Windows System Resource Manager (WSRM). Cng c ny cho php thc hin vic qun l ti nguyn h thng nh l nng lc ca CPU v RAM i vi tng ng dng c th. Datacenter cng ym tr vic kt chm 8 my Server v lp t nng RAM m khng cn phi tt my hoc Reboot li h thng. 1.2. Cc Server min ph mi trong Windows Server 2003 Ngoi nhng Server min ph c sn trong cc phin bn Windows NT trc y nh cc cng c truy cp t xa, mt Web Server, FTP Server v nhiu tnh nng khc, Windows Server 2003 cn b sung mt s Server min ph mi nh mt Mail Server bao gm dch v POP3 v giao thc SMTP. Ngoi ra trong Windows 2003 cn cung cp mt cng c na l mt ng c phn mm (software engine) c s d liu min ph. ng c phn mm c s d liu ny l mt bn SQL Server 2000 nhng b gii hn mt s tnh nng ca bn SQL Server 2000 thng mi. 1. 3. Nhng tnh nng mi v ni mng 107

Windows Server 2003 cng tha hng nhng tnh nng mi v ni mng ca cc phin bn trc , ngoi ra n cn c mt s c im khc na. 1.3.1. NAT Traversal y l mt tnh nng c trnh by trong Windows XP. Chc nng ca NAT Traversal l lm th no mt my bn trong mt mng NAT c th lin lc vi mt my bn trong mt mng NAT khc. 1.3.2. IPSec NAT Traversal truyn nhng thng tin quan trng qua mng ta khng th s dng cc cuc truyn tin IP bnh thng thng qua NAT v nhng l do an ninh. Thay v th ta phi thc hin cc cuc truyn tin da trn IPSec (IP Security). Cng vic ca IPSec l chuyn i mt cuc trao i thng tin IP thng thng thnh mt cuc truyn tin IP c m ho (encryped). Trong cc phin bn Windows Server trc y th IPSec v NAT khng c phi hp vi nhau. Nhng trong phin bn Windows Server 2003 th Microsoft km theo mt loi IPSec mi, c kh nng nhn bit NAT Trasersal. Vi cng c ny cc my thuc cc mng nonroutable c th truyn thng an ton vi nhau. Nhng thc hin c cc cuc truyn thng ny bn phi c nhng firewall v router c kh nng nhn bit NAT Trasersal. 1.3.3. Tnh nng NBT Proxy Thnh phn Routing and Remote Access Service (RRAS) ca Windows Server 2003 c mt tnh nng tn l NetBIOS over TCP/IP Proxy hay ngn gn hn l NBT Proxy cho php cc my kt ni n mng WAN thng qua ng dial-in c th nhn thy cc my trong mng WAN trong ca s Network Neighborhood. 1.3.4. Tnh nng Conditional DNS Forwarding Tnh nng ny cho php cc qun tr vin mng xy dng cc DNS Server dnh cho cc min ring bit trong cng mt mng c th tm thy cc DNS Server khc dnh cho cc min khc trong cng mng .

108

Chng 2 TCP/IP TRONG WINDOWS 2003

2.1. a ch IP v dng thc Dotted-Quad a ch IP bao gm 32 bit c biu din di dng w.x.y.z trong w,x,y,z l nhng gi tr thp phn t 0 n 255. Mt s trong b dotted-quad tng ng vi tm bit ca a ch Internet. Cc a ch IP c cp pht bi cc qun tr vin mng hoc c cung cp bi DHCP Server trn mng. 2.2. Cc mng lp A, B, C v vic phn chia mng 2.2.1. Cc mng lp A C 8 bit u tin c n nh bi InterNIC, nhng ngi qun tr ni b ca mng n nh 24 bit cn li. Tm bt bn tri nht c th c nhng gi tr t 0 (0000.0000) n 126 (0111.1110), cho php n 127 mng lp A, mi mng c th cha n 224 host (hn 16,7 triu host). 109

0 0 0 0 0 0 XXXXXXXX XXXXXXXX XXXXXXXX 00 0 X X X ......................................................................................... ............................... 0 1 1 1 1 1 XXXXXXXX XXXXXXXX XXXXXXXX 10 126 X X X 2.2.2. Cc mng lp B C 16 bt u tin c n nh trc cc a ch lp B lun lun c nhng gi tr t 128 (1000.0000) n 191 (1011.1111) trong quad th nht ca chng, sau l mt gi tr t 0 n 255 trong quad th hai C 16.384 mng lp B, mi mng c th c n 2 16 = 65536 host. 1 0 0 0 0 0 0 0 0 0 0 0 XXXXXXXX XXXXXXXX 00 00 128 0 X X ....................................................................................... ...................... 1 0 1 1 1 1 1 1 1 1 1 1 XXXXXXXX XXXXXXXX 11 11 191 255 X X 2.2.3. Cc mng lp C C 24 bit bn tri nht c n nh bi InterNIC, cn 8 bit dnh cho nhng ngi qun tr mng. Cc a ch mng lp C bt u bng mt gi tr t 192 (1100.0000) n 223 (1101.1111) trong quad th nht, cc quad th hai v th ba c gi tr t 0 n 255. C 2.097.152 mng lp C, mi mng c ti a 254 host. 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 XXXXXXXX 00 00 00 192 0 0 X 110

........................................................................................ ....................... 1 1 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 XXXXXXXX 11 11 111 223 255 255 X 2.3. Cc a ch khng nh tuyn (nonroutable) RFC 1918 quy nh ba phm vi a ch khng nh tuyn (nonrountable) l: 10.0.0.0 10.255.255.255 (EVNIT) 172.16.0.0 172.31.255.255 192.168.0.0 -192.168.255.255 2.4. Cc a ch khng s dng trn Internet 2.4.1. a ch nh tuyn mc nh a ch 0.0.0.0 l a ch ch ti ton b Internet, l a ch phn mm IP trn mi my gi gi d liu n khi n khng bit gi i u. 0.x.y.x l mt a ch lp A, do c 16.7 triu a ch nh vy khng c s dng. 2.4.2. a ch quay vng a ch 127.0.0.1 c dnh ring lm a ch quay vng (loopback). Cc thng ip c gi ti a ch loopback s khng i ra khi mng. Do khng c mng no c a ch IP l 127.x.y.z. Nh vy s c 16,7 triu a ch bt u bng 127.x.y.z khng c s dng. 2.4.3. a ch i din cho mng Cc a ch kt thc bng tt c cc s nh phn 0 l a ch i din cho mng. Nhng a ch ny s khng c s dng gn cho cc my trong mng. V d a ch i din cho mt mng con lp C c a ch IP t 195.134.25.0 n 195.134.25.255 s l 195.134.25.0. 2.4.4. a ch Broadcast L cc a ch kt thc bng tt c cc s nh phn 1 l a ch Broadcast cho mng. V d mt mng con lp C s c a ch Broadcast l x.y.z.255. 2.4.5. a ch router mc nh

111

Thng thng a ch sau a ch i din cho mng con s l a ch gateway (hoc router) mc nh. 2.5. Mt n mng con (subnet mask) L mt dy ch s nh phn 32 bt bao gm hai phn: phn u l ton b cc bt 1, phn sau l ton b cc bt 0 Mt n mng con nhm mc ch chia nh cc mng ln thnh cc mng con d qun l hn. a ch i din cho mng con l a ch u tin trong phm vi a ch va thu c t vic phn chia mng con. a ch Broadcast ca mng con sau khi phn chia li mng l a ch cui cng trong phm vi a ch . 2.6. Cc socket, cc cng v tp hm giao tip Winsock Cc chng trnh lm vic trn Internet hoc Intranet u hot ng theo m hnh client-server da trn cc socket. Mt socket c to bi ba thnh phn chnh l: a ch IP ca my nhn, s hiu cng (port number) ca chng trnh nhn v loi cng (TCP hoc UDP) TCP/IP v UDP u s dng con s 16 bit ch s hiu cng m chng trnh s dng truyn nhn thng tin. C 216 = 65.536 cng khc nhau c s dng. Mt s chng trnh ph bin s dng mt s cng ni ting nh trong bng di y: Giao thc Internet Port Number FTP TCP 20/21 Telnet TCP23 SMTP TCP25 DNS UDP v TCP 53 HTTP TCP 80 ng nhp Kerberos UDP v TCP88 POP3 TCP 110 NNTP TCP 110 NETBIOS UDP v TCP 137, UDP 138, TCP 139 SNMP UDP 161/162 Security HTTP (SSL) TCP v UDP 443 SMB over socket TCP/UDP 445 SQL server UDP/TCP 1433 112

2.7. nh tuyn cho cc a ch nonrouTable: Network Address Translation (NAT) 2.7.1. Tng quan v Internet Connection Sharing (ICS) ICS c s dng chia s kt ni Internet cho cc my khc nhau trong mt mng LAN. Mt my chy ICS c th phc v cho nhiu kt ni cng mt lc ti cc a ch khc nhau bng cch s dng cc cng khc nhau cho mi yu cu kt ni. Vic thng tin gia my chy ICS vi cc my trong mng ni b (my nonroutable) ca bn thng qua cc cng c gi l PAT (Port Address Translation). ICS l mt mu phn mm PAT routing c tch hp trong Windows 2003. ISC c b sung thm mt phn mm NAT routing mnh hn gip ngi s dng c th kt ni mt a ch IP routable c th vi mt a ch IP nonroutable c th. 2.7.2. Cch thc hot ng ca ICS c th chia s cc kt ni Internet cho cc my c a ch nonroutable, my tnh ang chy ICS s phn phi cc a ch IP ring bit cho cc my trong mng. Di a ch IP m n s phn phi tun th RFC1918, l cc a ch nonroutable, thng thng trong di 192.168.0.2 n 192.168.0.254 v cp cho chnh n mt a ch IP khc na l 192.168.0.1 ngoi a ch IP routable sn c m nh cung cp dch v cp cho n. Khi mt my trong mng c a ch nonroutable c mt yu cu truy nhp mt Web site trn Internet, n phi gi mt yu cu kt ni n my lm chc nng routing bi v a ch ca n l a ch nonroutable s khng c gi i trn Internet. My lm chc nng routing s dng a ch routable ca n chuyn yu cu ra Internet. Khi my trn Internet hi p li yu cu , n cng ch lin lc vi my lm chc nng routing m khng h bit thc s l n ang lin lc vi my c a ch nonroutable. Cc hi p s c cc my routing chuyn n my trong mng khi xng yu cu lin lc. 113

My chy ICS cn c kh nng phc v cng mt lc nhiu my trong mng c yu cu trao i thng tin ra ngoi Internet thng qua cc cng khc nhau cho mi yu cu. Sau my routing li s dng s hiu cng n c hi p t cc my trn Internet chuyn i cc s hiu cng ra mt a ch nonroutable trong mng. Quy trnh ny c gi l Port Address Translation (PAT). ICS l mt mu phn mm PAT c tch hp sn trong Windows Server 2003. 2.8 Thit lp TCP/IP trn WinDOWS 2003 vi IP tnh 2.8.1. nh cu hnh TCP/IP vi mt a ch IP tnh thit lp a ch IP cho cc my s dng Windows Server 2003, bn lm theo hng dn sau: Start/Control Panel/Network Connections, nhp phi chn Open, s xut hin ca s nh hnh 2.1

Hnh 2-1. Cc mi ni kt mng Ca s ny trnh by tng NIC trong my bn. Nhp phi vo NIC tng ng trn my v chn Properties, khung thoi nh hnh 2-2 xut hin

114

Hnh 2-2. Khung thoi c tnh ca mt mi ni kt LAN Nhp Internet Protocol (TCP/IP) ri nhp nt Properties, xut hin khung thoi nh hnh 2-3

Hnh 2-3. Trang c tnh IP ca card mng Bn chn Use the following IP Address sau in a ch IP ca my, mt n mng con, a ch ca default gateway v cc a ch ca mt hoc nhiu DNS server. 115

Sau khi nhp xong cc a ch bn nhn OK hai ln ng cc khung c tnh IP v LAN. 2.8.2. Kim nghim cu hnh IP M ca s dng lnh g lnh ipconfig /all, kt qu s xut hin nh hnh 2.4.

Hnh 2-4. D liu xut hin sau lnh ipconfig /all Lnh ping ipaddress cho php xc nh xem phn mm TCP/IP trn my bn c m ln v chy tt khng v bn c mt mi ni kt vi cc im khc khng. 2.8.3. Gia nhp vo min Active Directory c cng tn Nhp Start/Control Panel/System, chn tab Computer Name nh hnh 2-5

116

Hnh 2.5: Trang Computer Name Nhn vo nt Change s xut hin khung thoi nh hnh 2.6, chn radio button Domain ri nhp tn ca domain m bn mun gia nhp. Sau mt khong thi gian ngn s xut hin khung thoi yu cu bn nhp User name v Password xc nhn quyn gia nhp vo Domain ca bn. Sau my yu cu reboot cc thay i c hiu lc. mt my l thnh vin ca hai min khc nhau bn nhn vo nt More trn hnh 2-6, khung thoi DNS Suffix and NetBIOS Computer Name s xut hin nh trong hnh 2-7 mt my va l thnh vin ca min DNS Internet va l thnh vin ca mt min Active Directory bn b duyt i v trong khung Primary DNS suffix of this computer bn in tn ca min DNS bn mun gia nhp vo.

117

Hnh 2.6: Khung thoi Computer Name Changes

Hnh 2.7: Khung thoi DNS Suffix and NetBIOS Computer Name thay i th t tm kim tn min (domain search order) bn nhn vo nt Advanced trong hnh 2.3 lm xut hin khung thoi c tnh Advanced TCP/IP Settings c bn trang vi chc nng nh sau: IP Setting: Cho php bn a thm vo nhiu a ch IP hoc sa i mt s c tnh routing no i vi mi ni kt LAN dng TCP/IP ang xt. DNS: Kim sot cch cch s dng DNS ca mi ni kt TCP/IP ang xt. WINS: Kim sot cch thc m mi ni kt TCP/IP ang xt nhn din v lin lc vi nhng my m khng c kh nng dng Active Directory. Options: Cho php bn gii hn nhng cng no m mi ni kt TCP/IP c th dng lin lc. 118

Hnh 2.8: Trang c tnh DNS nng cao 2.9. Thit lp ch nh tuyn trn cc my tnh h iu hnh Windows 2003, NT v Windowws 9x 2.9.1. Lnh route add Lnh route add dng a cc mc vo cc bng thng tin tip vn. C php: route add destination mask netmask gatewayaddress Trong : destination a ch hoc nhm a ch m bn mun my trm gi n (a ch i din cho mng ch) netmask l gi tr mt n mng con (subnet mask) ca mng bn cn gi ti. gatewayaddress l a ch IP ca card mng tip nhn d liu ca my router. my tnh ca bn vn c th nh c lnh ny khi restart li, thm tham s -p sau t route v trc t add. 2.9.2. Xem bng thng tin nh tuyn (routing table) xem cc thng tin tip vn ca my s dng mt trong hai lnh sau: netstat rn hoc route print

119

Hnh 2-9. V d v xut hin d liu ca lnh netstat -rn Mi dng l mt ng tip vn bao gm cc thng s sau: Network Destination: a ch mng ch. Netmask: mt n mng con, gip xc nh c bao nhiu a ch ti mng ch . Gateway: a ch my router, l a ch IP m my ny cn a cc gi d liu ca n ti c th chuyn tip n ch. Interface: l card giao tip mng c s dng n c gateway trong trng hp c nhiu card mng trn my. Metric: gip IP xc nh ng tip vn ti u khi n c nhiu phng n la chn. Metric bng s router i qua cng 1. Nu metric bng mt th ch n ca gi tin nm trn cng mt mng con. Nu c hai con ng chuyn gi tin ti cng mt a ch th gi tin s c chuyn ti ch theo con ng no c metric nh hn. Nu cc ng tip vn li c metric bng nhau th n s gi n n my no c subnet mask c th nht. Trong Windows XP v Windows 2003 gi tr ca metric c n nh thng qua tc kt ni mng. Tc kt ni metric >200 Mbps 10 20 200 Mbps 20 4 20 Mbps 30 120

500Kbps 4Mbps 40 < 500 Kbps 50 v hiu ho vic n nh Metric t ng ca cc my tnh, trong khung thoi IP Setting xut hin sau khi n nt Advanced trong hnh 2-3, b nt duyt Automatic metric nh trong hnh 2-10.

Hnh 2-10. Hp thoi Advanced TCP/IP Setting. n nh metric cho mi card mng hy nhp gi tr vo trong Interface matric nh trong hnh 2-10. Ngoi ra bn c th b sung thng s metric cho mi ng tip vn ring bit bng cch thm tham s metric vo lnh router add. V d: route add 200.15.16.0 mask 255.255.255.0 210.50.200.22 metric 2. 2.10. Giao thc thng tin tip vn (RIP Routing Information Protocol) n gin ho vic thit lp cc routing table, trong Win2K v WinS2K3 tch hp sn phn mm RIP ver2. Cc router chy RIP c hai ln mi pht li loan bo cc routing table ca chng khp mng. Cc my trm chy RIP u nghe thy v tch hp chng vo routing table ca chnh n. 2.11. S dng my WINS2K3 lm router gia cc LAN Yu cu my dng lm router phi c hai card mng, mi kt ni c t thnh cc tn khc nhau cho d gi nh. 121

Trong Win2K hoc WinXP Pro, c th thit lp tnh nng ny bng cch tm HKEY_LOCAL_MACHINE\System\CurentControlSet\Services \Tcpip\Parameters c mc tn l IPEnableRouter c gi tr mc nh l 0, thay i gi tr thnh 1 ri restart li my. Cc my sau khi restart li c kh nng nh tuyn tnh gia cc mng con m n kt ni trc tip. Trong WINS2K3, s dng ch routing bng cch nhn Start/Control Panel/ Administrative Tools/ Routing and Remote Access lm xut hin ca s MMC nh hnh 2-11.

Hnh 2-11. Mn hnh m mn ca dch v Routing and Remote Access Nhp phi chut vo biu tung tn my trong ngn bn tri ri chn Configure and Enable Routing and Remote Access, khi xut hin mt Wizard tn l Routing and Remote Access Server Setup Wizard . Nhn Next v bn s thy xut hin mt khung thoi nh hnh 2.12.

122

Hnh 2-12. Mn hnh ca RRAS Setup Wizad Chn Custom Configuration ri nhn Next, mn hnh Custom Configuration xut hin nh hnh 2-13. Chn mc LAN Routing ri nhp Next v Finish hon thnh.

Hnh 2-13. Chn loi router cn thc hin WINS2K3 s hi bn c mun khi ng dch v Routing and Remote Access hay khng, chn Yes, xut hin mn hnh nh trong hnh 2-14.

123

Hnh 2-14. Console qun l ca RRAS vi tnh nng routing c bt Sau khi xy dng thnh cng router ca mnh, phi n nh defautl gateway cho cc my trong cc mng bng cch s dng lnh route add. Hoc c th b sung ng tip vn tnh trn bng giao din ho trong RRAS. Trong ngn tri ca ca s Routing And Remote Access chn Folder Ip Routing, m n ra v chn i tng Static Routers ri chn New Statics Route, khung thoi nh hnh 2-15 xut hin.

Hnh 2-15. Khung thoi b sung mt ng tip vn tnh Bn nhp cc gi tr thch hp vo cc trong khung thoi v nhn OK kt thc. 2.12. S dng my WINDows 2003 lm gateway/router ni vi Intenet

124

2.12.1. nh tuyn gia LAN v WAN bng ICS (Internet Connection Sharing) Yu cu: My duy nht trn LAN c mt a ch IP routable (do IANA hoc ISP cung cp) l my c s dng lm gateway. Cc my khc ch c nhng a ch nonroutable. Chc nng ny ni chung c gi l NAT (Network Address Translation). K t Windows 98 SE cc h iu hnh ca Microsoft u c kh nng ng vai tr NAT router. Mang tn l Internet Connection Sharing (ISC) tnh nng ny s p dng trn mi loi mi ni kt Internet Trc khi tin hnh bn phi bo m dch v Routing and Remote Access (RRAS) khng c chy trn my kt ni Internet. ISC s khng chy trn my c dch v RRAS ang c bt. Ba bc thc hin vic kt ni ICS: Ni tt c cc my ni b ca bn thnh mt mng. Cc my c t ch nhn a ch IP ng (do ICS c km trong n mt DHCP server c bn khng cn cu hnh) Ni kt mt trong cc my (my ang chy ICS) vo Internet thng qua mt modem hoc mt card mng khc. Trn mi ni kt vi Internet, bn m dch v ICS ln bng cch nhp phi vo mi ni kt vi Internet ri chn Properties, trong khung thoi c tnh bn chn tab Advanced. Tu thuc vo mi ni kt ca bn vi Internet nh th no bn s thu c cc trang Advanced khc nhau. Hnh 2.16 l trang Advanced ca mt kt ni Internet thng qua mt card mng. Trong cc trang hy duyt vo cc c nhn l Allow other network users to connect throught this computers Internet connection ri nhp OK ng trang c tnh li. Khi quay tr li ca s Network Connection kt ni vi Internet c thm biu tng Share nh hnh 2-17.

125

Hnh 2-16. Trang Advanced dnh cho mt kt ni thng qua NIC

Hnh 2-17. Ca s Network Connection khi ICS c m Ra lnh cho tt c cc my trong mng ni b t ng nhn cc a ch IP ca chng do my ICS cp pht ri reboot chng. Nhng hn ch ca ICS: Khng th can thip c vo hot ng ca DHCP server c tch hp trong ICS. Mi my trn mng ni b u c kh nng truy cp Internet nhng cc my trn Internet khng th truy cp vo cc my trn mng ring. 2.12.2. Thit lp RRAS/NAT hot ng ging nh ICS khc phc nhng nhc im ca ICS, chng ta s dng NAT (Network Address Translation). NAT c kh nng ym tr cho cc mi kt ni inbount (t ngoi vo trong mng ni b). Vic thit lp NAT phc tp hn ICS mt cht, do ta s bt u bng cch lp li cc chc nng ging nh ICS ri sau mi b sung nhng mi kt ni inbount. Trc ht v hiu ho chc nng ICS trn my kt ni Internet. 126

Khi ng dch v RRAS bng cch vo Start/ Control Panel/Administrative Tools/ Routing and Remote Access lm xut hin ca s MMC nh hnh 2-11. Nhp phi chut vo biu tung tn my trong ngn bn tri ri chn Configure and Enable Routing and Remote Access, khi xut hin mt Wizard tn l Routing and Remote Access Server Setup Wizard. Nhn Next v bn s thy xut hin mt khung thoi nh hnh 2-12. Chn Network Address Translation (NAT) ri chn Next n vi mn hnh cu hnh NAT nh trong hnh 2-18.

Hnh 2-18. Chn mi ni kt NAT Chn NIC s dng kt ni vi Internet (theo mc nh my s chn NIC c a ch routable). Nu dng modem kt ni bn phi chn mc Create a new demand-dial interface to the Internet. Bn c th chn duyt m mt firewall nu my bn c kt ni trc tip vi Internet, nu my bn khng kt ni trc tip bn khng cn s dng duyt ny. Nhn Next nhn thy mn hnh nh trong hnh 2-19.

127

Hnh 2.19: Gii quyt vn DNS v DHCP trn mng Bn nhp chn Enable Basic name and address services ri nhp Next bo cho NAT phi dng nhng a ch no nh bn thy trong hnh 2.20.

Hnh 2-20. NAT n nh mt phm vi a ch DHCP ca n Sau khi c nhng a ch bn nhn Next v Finish kt thc. NAT router hot ng ca s RRAS s xut hin nh trong hnh 2.21.

128

Hnh 2-21. RRAS sau khi ci t NAT 2.12.3. Tng cng tnh nng cho NAT mc trc ta thit lp mt NAT router vi cc chc nng ging nh ICS. Mc ny s hng dn cch b sung thm cc tnh nng khc cho NAT nh x cng. Dng khc phc nhc im ca ICS l cc my trn mng Internet khng th truy cp vo cc my nm trn mng ring c NAT cho php bn chuyn hng (rederect) mt cng c th no trn mt router n mt cng no trn mt my c th trn mng ni b c a ch nonroutable. bo cho NAT bit bn chun b chuyn hng mt cng c th n mt a ch ni b c th, bn m ca s RRAS ri m i tng NAT/Basic Firewall trong ngn bn tri, ngn bn phi s xut hin ba i tng Intranet NIC : NIC ni vi Internet, v NIC ni vi mng ni b. Bn nhp phi chut vo NIC ni vi Internet chn Properties chn Services and Ports, khi s xut hin mn hnh nh hnh 2-22.

129

Hnh 2-22. Chn dch v v cng tng ng cn nh x Bn chn dch v tng ng m bn mun t trn my ni b, gi s ti chn Web Server. Khi s xut hin khung thoi Edit Server nh hnh 2-23.

. Hnh 2-23. nh x mt cng c th ln mt my c th trong NAT Nhp a ch IP ca server vo trng Private Address ri nhp OK. ngha ca vic nh x cng ny l lm cho firewall c bn m cng ra (nu bn s dng firewall) iu chnh phm vi a ch v cc tu chn v firewall thay i phm vi a ch m NAT router cung cp cho cc my trong mng ni b, trong ca s RRAS bn nhp phi vo i tng NAT/Basic Firewall chn Properties ri nhp chn trang Address Assignment, khung thoi nh hnh 2-24.

130

Hnh 2-24. Thay i phm vi a ch ni b T trang ny bn c th thay i phm vi a ch ni b bt k m bn mun cp pht cho mng con vi iu kin a ch tnh m bn cp cho NIC ni vi mng ring phi nm trn cng mt phm vi a ch. ngn DHCP server cung cp mt hoc mt s a ch IP no trong phm vi a ch ca mng con, nhp Exclude ri ch nh chng. bt tt ch firewall, m i tng NAT/Basic Firewall trong ngn bn tri ca ca s RRAS, chn hnh tng i din cho NIC kt ni vo Internet, nhp phi hnh tng v chn Properties, nhp trang NAT/Basic Firewall nh hnh 2-25.

Hnh 2-25. Vic bt tt Firewall

Chng 3 DHCP SERVER

131

3.1. n gin ho vic cp pht a ch IP: Host v Bootp Trc khi xut hin DHCP Server, cc qun tr vin mng thng lu a ch IP ca cc my trong mt file Hosts trn server ca h. File ny nhm hai mc ch: cho bit a ch IP no c dng ri v cung cp file hosts sao chp n a cng cho cc my mi. Giao thc tip theo c s dng qun l cc a ch IP cho cc my trn mng l giao thc Bootstrap vit tt l Bootp c m t trong RFC 951. Giao thc ny hot ng da trn nguyn tc l qun tr vin s thu thp tt c danh sch cc a ch MAC ca cc card mng, sau s phn b mi a ch IP cho mt a ch MAC, sau giao cho mt Server trn Intranet qun l cc cp a ch IP v MAC ny. Khi mt my tnh khi ng n s pht qung b yu cu ca n v mt a ch IP. Bootp Server nhn ra a ch IP ca my loan tin y v cung cp a ch IP tng ng cho my trm y cng vi mt bn H iu hnh nh khi ng my (bootstrap loader) t mng m khng cn mt a cng hoc a mm no c. 3.2. DHCP: nh cu hnh TCP/IP t ng DHCP (Dynamic Host Configuration Protocol) l giao thc cp pht a ch IP ng cho cc my trn mng ni b. Mi my khi ng nhp vo mng s c cp pht cc a ch IP khc nhau mt cch t ng m khng cn phi cu hnh th cng cho tng my. DHCP khng cung cp m khi ng cho cc my trong mng m n ch quan tm n vic cp pht a ch IP cho cc my trong mng. Vi DHCP bn ch cn cp php cho n mt phm vi a ch, sau n s t ng cp pht chng cho cc my trong mng theo nguyn tc n trc c gii quyt trc, n sau c gii quyt sau cho nhng my c yu cu cp pht a ch IP. DHCP vn c kh nng cp pht cc a ch IP cho cc a ch MAC c th nh tnh nng DHCP reservation - s gi ch trc DHCP).

132

DHPC v BOOTP u dng cng UDP s 67 v 68 nn khng th ci c DHCP v BOOTP trn cng mt my. i vi nhng my server nh cc WINS server, cc DNS server v cc DHCP server nn cp pht a ch IP tnh, cc my cn li trong mng nn cp pht a ch IP ng t DHCP server. Cc my khc nh domain controler, mail server, Web Server v nhng Server khc nn s dng tnh nng DHCP reservation. 3.3. Ci t v cu hnh cc DHCP server 3.3.1. Ci t DHCP server sn sng cho vic thit lp dch v DHCP bn cn: C mt a ch IP (tnh) sn sng cho DHCP server ca bn. Bit c nhng a ch IP no cha c dng n v c th cp pht t do. Ci t phn mm bin my server ca mnh thnh DHCP server theo cc bc sau: Vo Control Panel/ Add Remove Programs/ Add Remove Windows Components. Nhp chn Networking Services ri nhp nt Details. Duyt vo Dynamic Host Configuration Protocol (DHCP). Nhn OK quay v Windowws Components Wizard. Nhn Next ci t dch v , nhn Finish kt thc. Nhn Close ng Add Remove Windows Components. Khng cn phi khi ng li my sau khi kt thc ci t. 3.3.2. Cu hnh cho DHCP server Cu hnh cho DHCP server s dng cng c snap-in MMC. Vo Control Panel/ Administrative Tools/DHCP. Mn hnh cu hnh DHCP xut hin nh trong hnh 3-1

133

Hnh 3-1. Mn hnh m mn ca trnh qun l DHCP Cng c snap-in ny lit k Server trong ngn bn tri v cho php kim sot oc nhiu DHCP Server cng mt lc. thm mt DHCP Server vo, chn Action/ Add Server. Nu mng ang vn hnh Active Directory, bn phi trao quyn cho mt Server bng cch gi chy cng c snap-in DHCP trong khi ng nhp vi t cch Enterprise Admin. T ca s ca snap-in DHCP, nhp phi vo Server y v chn lnh Manage Authorized Servers, mt khung thoi nh hnh 3.2 xut hin.

Hnh 3-2. Danh sch cc DHCP server c trao quyn Trong trng hp ny cha c server no c trao quyn, ta trao quyn cho server ny bng cch nhp nt Authorize khung thoi nh hnh 3-3 xut hin

134

Hnh 3-3. Chnh thc trao quyn cho mt DHCP server mi in a ch IP ca server ny vo khung thoi, nhp OK xc nhn yu cu b sung server ny vo danh sch. Nhp Yes a bn v vi danh sch cc server c trao quyn. Bn phi tt DHCP Server v bt li, khi mi tn t mu chuyn sang mu xanh v tr xung. Nu cha ci t Active Directory th khng cn authorize cho DHCP, cc bc trn khng cn quan tm. 3.3.3. To phm vi a ch (Scope) cho DHCP server DHCP server phi bit c phm vi a ch m n c php cp pht, v vy cn phi to ra mt phm vi a ch cho DHCP server. to ra mt phm vi a ch nhn chut phi vo hnh tng ca DHCP server y, chn New Scope khi ng New Scope Wizard. Nhn Next t mn hnh m mn , khi xut hin mn hnh nh hnh 3-4

Hnh 3-4. Vic t tn cho Scope

135

Xc nh c im nhn dng ca Scope v t cho n mt ci tn v li ch thch. Nhn Next tip tc, mn hnh nh hnh 3-5 xut hin

Hnh 3-5. Nhp phm vi a ch IP Bn nhp phm vi a ch IP m bn mun cp pht cho mng vo trong cc Start IP Address v End IP Address. Bn in mt n mng con vo trong Subnet mask v nhn Next tip tc. DHCP server khng cp pht mt s a ch no m bn mun s dng t cho mt s my cn s dng a ch IP tnh, bn nhp phm vi a ch cn ch nh vo Start IP Address v End IP Address trong ca s Add Exclusion nh trong Hnh 3-6

Hnh 3-6. Vic ch nh cc phm vi a ch cn ring ra

136

 ch nh nhiu phm vi a ch trn cng mt on mng vt l, bn hy to ra mt Supperscope. Supperscope cho php to ra nhiu phm vi a ch IP trn mt on mng duy nht. to mt Supperscope, nhp phi DHCP Server chn New Supperscope sau thm cc Scope vo . 3.3.4. n nh thi gian thu bao (lease duration) n nh khong thi gian thu bao cho cc DHCP client bn nhn Next v trong mn hnh tip theo nh Hnh 3.7, bn nhp vo khong thi gian thu bao cn thit cho cc my.

Hnh 3-7. n nh khong thi gian thu bao (lease duration)

3.3.5. n nh cc thng s tu chn cho my khch Sau khi n nh khong thi gian thu bao, bn nhn Next n nh cc thng s tu chn cho my khch. Mn hnh nh Hnh 3-8 xut hin.

137

Hnh 3-8: Mn hnh Configuration DHCP server DHCP server cho php bn n nh cc thng s cho ton b cc host trn mng, bao gm cc thng s c bn nh: Default gateway, Domain name, DNS server, WINS server. Nu bn khng mun n nh cc thng s ny trn ton b cc my khch th cc thng s c n nh c th trn my khch s ph quyt cc gi tr m DHCP server cung cp. Nhn Next khng nh bn mun n nh cc thng s ny v thng s u tin cho my khc s xut hin nh minh ho trong hnh 3-9

Hnh 3-9. n nh default gateway Bn nhp a ch ca default gateway vo IP address sau bn nhn Next tip tc n nh cc thng s k tip nh trong hnh 3-10

138

Hnh 3-10.: n nh tn domain Trong mn hnh ny bn cho DHCP server bit rng mi khi n cho mt my khch thu mt a ch IP t khong ny, n cng phi n nh mt gi tr no cho tn min DNS ca my khch v ch cho my khch y bit rng n c th tm cc DNS server ti a ch no, sau nhn Next n nh WINS server cho mng nh hnh 3.11

Hnh 3-11. n nh cc WINS server 3.3.6. a phm vi a ch n nh vo lm vic Nhn Next quyt nh khi ng scope n nh nh trong hnh 3-12

139

Hnh 3-12. Kch hot scope lm vic Sau khi kch hot, ca s snap_in DHCP xut hin nh hnh 3.13

Hnh 3-13. Ca s DHCP sau khi c kch hot 3.3.7. n nh cc thng s tu chn cho tt c cc scope Trong folder Server Options trong ca s bn phi nh hnh 3.13, gip bn thc hin vic a nhiu scope ln mt server. Nhp phi Server Option v chn lnh Configure Options xut hin khung thoi nh hnh 3.14

140

Hnh 3-14. Khung thoi Server Options Gi s bn cn n nh hai DNS server trong mng ca bn m mng li c 3 subnet khc nhau, bn ch cn chn mc DNS Servers v n s cho php bn nhp vo cc a ch DNS server ging nh trong New Scope Wizard. 3.3.8. t mt a ch IP c th ln mt my khch: DHCP Reservations Tnh nng Reservations gip bn n nh mt s a ch IP c th cho mt s my trn mng. n nh a ch IP cho mt my c th ,nhp phi vo folder Reservations ri chn lnh New Reservations, mt khung thoi s xut hin nh trong hnh 3-15

Hnh 3-15. Dnh ring mt a ch IP cho mt my c th Trong khung thoi ny bn nhp a ch IP c th cho mt a ch MAC c th. Sau khi gi ch cho mt a ch IP c th, bn c th thit lp cc thng s khc nh DNS Server, domain name, WINS Server cho a ch IP ny bng cch m folder Reservation nhp phi chn lnh Configure Option. 3.4. Gim st hot ng ca DHCP Vic gim st hot ng ca DHCP server gip bn xc nh xem c bao nhiu a ch thu bao cn hiu lc, ai c c nhng a ch ... xem nhng thng tin ny bn m folder Address Leases, khi mn hnh nh hnh 3.15 xut hin.

141

Hnh 3.16. Cc a ch thu bao c cp pht xem cn li bao nhiu a ch IP cha c cp pht, nhp phi vo mt scope bt k ri chn Display Statistics v mt thng bo s xut hin nh hnh 3-17.

Hnh 3-16. S liu thng k v cc thu bao 3.5. Xy dng li DHCP b hng phng trng hp DHCP b hng, bn nn sao lu li cc thit lp DHCP ca mnh bng lnh: netsh dhcp server dump Hoc lnh sau nu bn khng ngi ti server : netsh dhcp server ipaddress dump Lnh trn s lm xut hin trn mn hnh nhng dng cu hnh ca DHCP server. chuyn hng d liu xut ra mt file ASCII nh sau: netsh dhcp server dum >dhcpbackup.txt File ASCII c to ra s nm trong th mc C:\ Document and Settings\Administrator

142

 khi phc cc thng tin cho DHCP server bn chp file ln my cn khi phc v s dng lnh sau: netsh exec dhcpbackup.txt 3.6. DHCP pha my khch xem a ch IP ca mt my khch, ti my khch bn g lnh ipconfig /all, i vi my trm Windows 95, nhn Start/Run, g winipcfg, Windows 98 ym tr c hai lnh trn cn Windows NT ch ym tr ipconfig. mt DHCP client b a ch IP c DHCP cung cp ri tm kim a ch khc bng cch g lnh ipconfig /release trc ri sau g lnh ipconfig /renew. Windows XP, Windows 2003 v cc bn Windows sau ny ym tr mt lnh xy dng li cc mi kt ni IP: netsh int IP reset filename. Filename l file ghi nhn li nhng din tin ca lnh . 3.7. Cch lm vic ca DHCP Server 3.7.1 Tm thng tin v thu bao IP ca my khch Trn Windows 3.x, thng tin v thu bao DHCP c lu trong file DHCP.BIN Trn Windows 95, trong mc HKEY_LOCAL_MACHINE\System\ CurrentControlSet\Service\VxD\DHCP\Dhcp-infoxx, trong xx l hai ch s. Trong Windows NT trong mc HKEY_LOCAL_MACHINE\System\ CurrentControlSet ri truy tm theo t kho DHCPIPAddress. Cc kho m ra chnh l v tr ca thng tin thu bao DHCP. Trn cc my Windows 2000, v tr c th l hkey_local_machine\system\ current controlset\ service\ TCPIP\ parameters\ Interface; trong bn c th tm thy cc GUID (Global Unique ID - m nhn din c nht trn ton cu) dnh cho mi card giao tip mng v cc ni kt RAS tim nng. C mt DHCPIPAddress trong mi card c nhn a ch IP t DHCP Server. Trong Windows XP, ta tm cc thng tin trong mc hkey_local_machine\system\currentcontrolset\service, bn 143

s thy cc kho tn GUID nm ngay trn cng, mi kho c mt kho con Parameters\TCPIP bn trong. C xo mt kho GUID,th s loi b c mi thit nh v IP dnh cho card tng ng. 3.7.2. Cc bc nhn a ch IP t DHCP Server. Mt DHCP client nhn a ch t mt DHCP Server theo bn bc Bc DHCPDISCOVER: DHCP client loan truyn mt thng ip DHCPdiscover thng qua giao thc UDP hi thu mt a ch IP ra khp subnet ti ch v nh my DHCP Relay Agent gi chuyn tip di dng loan tin (broadcast) thng bo n tt c cc DHCP Server cc subnet khc trong tm truyn ca n. Bc DHCPOFFER: Cc DHCP Server hi p li bng cch cho hng (offer) cc a ch IP v thi gian thu bao m mi DHCP Server c th cung cp cho DHCP Client. Cc DHCP Server subnet khc lm iu bng cch gi thng ip DHCP offer n DHCP Relay Agent ri DHCP Relay Agent chuyn n DHCP Client. mt my khch A lin lc c vi DHCP Server B trn mng con khc bit th router nm gia A v B phi be RFC 1542compliant hoc support BOOTP forwarding. Nh c tnh nng ny m cc router mi c th tip vn cc gi tin qung b n cc subnet khc, cc tnh nng ny phi c xy dng trong phn mm ca cc router v n thng c gi l BOOTP fowarding. Cc my Windows NT4 hoc Windows 2K c th c s dng lm router v n tun theo chun 1542. Mt my Win NT4, Win2K hoc Win2003 cng c th ng vai tr l mt DHCP Relay Agent dng gip cc my khch c th lin lc c vi cc DHCP server trn cc mng con khc vi chng. DHCP Relay Agent lng nghe nhng thng ip loan bo ca cc DHCP client ri chuyn thng tin n cc DHCP server v gi chuyn tip cc li hi p t DHCP server n cc DHCP Client. Cc thng ip chuyn tip ca DHCP 144

Relay Agent c th chuyn qua c cc router t subnet ny n subnet khc. thit lp mt DHCP Relay Agent trn my NT bn thc hin theo cc bc sau: Vo Control Panel m Network. Trong khung thoi hin ra sau bn nhp chn trang Protocol ri nhp kp vo giao thc TCP/IP. Trong khung thoi hin ra sau bn thy mt trang c nhn l DHCP Relay. Nhp vo trang bn s thy mt khung thoi nh hnh 2.17. cho my ny lm vic bn nhn nt Add ri in a ch IP ca mt hoc nhiu DHCP server. DHCP Relay Agent c th chy trn my NT bt k, my khng cn phi l router. Khng nn cu hnh mt DHCP server thnh mt DHCP Relay Agent, nu khng DHCP server c th qun nhim v cp pht a ch IP ca mnh cho cc my khc trong mng. thit lp mt my Win2K hoc Win2K3 thnh mt DHCP Relay Agent, bn phi s dng Routing and Remote Access Service (RRAS): Start/Administrator/Tools/ Routing and Remote Access Service,nhp phi tn server chn mc Configure and Enable Routing and Remote Access khi s Wizard , sau chn Custom Configuration, Next v duyt vo LAN Routing hon tt Wizard . Khi mt mn hnh nh hnh 2.18 xut hin. M i tng IP routing, nhp phi vo folder General ri chn New Routing Protocol xut hin mt khung thoi khc, chn mc DHCP Relay Agent ri nhn OK. Quay tr li cng c snap-in RRAS bn thy xut hin i tng DHCP Relay Agent nh trong hnh 2.19 Nhp phi vo i tng ny ri chn Properties, xut hin khung thoi nh trong hnh 2.20 . Nhp cc a ch ca DHCP server ri nhn Add a n vo danh sch. Sau kch hot DHCP Relay Agent n lng nghe cc yu cu trn mng v chuyn tip n i bng cch ca s RRAS nhp phi vo DHCP Relay Agent ri chn New Interface, trn khung thoi k tip bn chn Local Network Connection. Bc DHCPREQUEST. 145

DHCP Client chn mt ia ch tt nht trong cc a ch IP n nhn c ri loan truyn ngc li mt thng ip DHCPRequest nhm hai mc ch: Thng bo cho DHCP Server no m n mun s dng a ch IP ca n v ng thi thng bo cho cc DHCP Server khc bit rng n nhn mt a ch IP. Nu cn n mt DHCP Server trn mt subnet khc th thng ip y cng c truyn qua DHCP Relay Agent. Bc DHCPACK. DHCP Server c li cho hng c chp nhn s hi p bng a ch IP mi v n cng bo cho DHCP Client bit subnet mask mi ca n, khong thi gian thu bao v cc thng tin khc m bn ch nh (gateway, DNS Server WINS Server). Kim tra li cu hnh TCP/IP ca my bng lnh ipconfig /all. Khi thi hn thu bao tri qua hn mt na, DHCP Client bt u gi gi tin yu cu gia hn thi gian thu bao n DHCP Server cung cp a ch IP cho n. Khi DHCP Server s hi p bng mt gi tin DHCPAck, gi tin ny cha tt c nhng thng tin m gi tin Ack ban u c: tn domain, DNS iu ny gip ngi qun tr c th thay i DNS Server, WINS Server, subnet mask v nhng thng tin khc, nhng thng tin ny s c cp nht cc Client mt cch nh k nhng khng qu 50% thi gian thu bao. Nu thng ip DHCP Ack khng xut hin th DHCP Client c sau hai pht li gi yu cu DHCP ca n i cho ti khi thi gian thu bao qu 87,5% thi gian. n lc ny DHCP Client quay tr li vch xut pht v gi thng bo DHCP Discover i khp mng cho ti khi c mt DHCP Server hi p li. Nu thu bao c ht thi hn m khng c thu bao no mi th client s chm dt vic dng a ch IP .

146

Chng 4 DCH V TN MIN DNS

DNS (Domain Name System) l mt b giao thc v dch v da trn giao thc mng TCP/IP. y l mt c s d liu phn tn, dng nh x cc hosts name vi cc a ch IP v ngc li. Do ngi s dng c th s dng cc host name quen thuc khi tm kim thay v phi nh cc a ch IP phc tp ca chng. DNS ng vai tr quan trng trong mng my tnh dng Active Directory. N l kho cha tn trung tm dnh cho Active Directory thay th cho vai tr ca WINS trong NT 4. 4.1. Cc thnh phn DNS DNS l mt c s d liu phn tn v cc tn v a ch IP ca cc host trn mng. Cc tn trong DNS to thnh mt cu trc cy logic, gi l khng gian tn min (Domain name space). Mi nt (node) hay min (domain) nm trong khng gian tn min u c t tn v c th cha cc min con. Cc min v min con ca n c nhm li thnh cc zone (zone) cho php qun tr phn tn. Tn min ch ra v tr ca min trong cu trc phn cp DNS v min cha ca n bng cch phn tch mi nhnh ca cy bi cc du .. DNS bao gm cc thnh phn c bn sau: Domain name space: y l cc thnh phn ca khng gian tn min c t chc theo cu trc cy phn cp v d liu i km theo cc tn ny. Domain name space l mt cu trc cy bao gm cc nt (node) v l (leaf). Mi nt v l ca cy tng ng vi mt tp hp ti nguyn (resource) ca mng. Cc ti nguyn nay c t vo trong source record. Name server: Lu tr thng tin v cu trc cy DNS. Mt name server ni chung cha ton b thng tin v mt min no ca cy DNS v tr ti cc name server khc c th ly thng tin v bt c vng no trong cy. Mt name server -

147

c gi l c quyn i vi mt phn ca khng gian tn min nu nh n cha y thng tin v phn . Resolver: L chng trnh nhn thng tin t cc name server tr li cc yu cu ca client. N nhn yu cu t client, gi yu cu ny ti cc server tm kim d liu c yu cu. Mi resolve cn phi truy nhp c vo t nht mt name server v ly thng tin t name server ny tr li cho cc client. Ngoi ra, n c th chuyn tip cc yu cu ti name server khc. 4.2. Cc khi nim c bn trong DNS Nh ni phn trc, DNS l mt c s d liu ln cha cc thng tin v a ch IP, tn v d liu ca cc host. Cc tn min mc cao nht c gn cho cc t chc v cc quc gia. Nhng tn ny c t theo chun quc t ISO 3166. Trong , hai hoc ba ch ci vit tt dnh cho tn quc gia, vi t chc th c th dng nhiu ch ci vit tt. Bng sau y m t mt s tn thng dng, c dng trn internet. DNS Domain M t Name Com T chc thng mi Edu T chc gio dc Org T chc phi li nhun Net T chc chuyn v mng Gov T chc chnh ph( khng phi t chc qun s) Mil T chc qun s Arpa DNS dnh ring cho vic tm hosts theo a ch IP Xx M quc gia. 4.2.1 Domain Mi nt trong cy d liu DNS cng vi tt c cc nt sau kt hp li thnh mt domain. Mi domain c th cha tt c cc host v nhng subdomain khc. Ni chung, tn ca cc domain v host b gii hn trong s cc ch ci a-z, A-Z, - v cc ch s. Cc k t khc khng c s dng. 148

4.2.2 Zone Zone l mt phn ca khng gian tn min, c cc bn ghi c s d liu, n c qun l bi mt zone file. Cc zone file c lu tr trong DNS server. Mt DNS server c th c cu hnh qun l mt hoc nhiu zone file. Mi zone tch ra t mt nt no ca cy DNS, gi l zoneroot domain. Cc zone lu tr ton b thng tin v cc tn kt thc bng zoneroot domain. Mt zone file khng nht thit phi cha ton b cy DNS (tc tt c cc subdomain) di zoneroot domain. Vic qun l mt domain c th phn cho nhiu zone khc nhau. iu ny l cn thit cho vic qun l phn tn i vi domain. Hnh v sau m t k hn v domain v zone. 4.2.3 Name server. Chc nng chnh ca mt name server l tr li cc yu cu ca client bng thng tin c trong cc zone ca n v truyn thng vi cc name server khc tm nhng thng tin thch hp nht vi yu cu. Mt name server ch cha mt phn nh d liu ca cy c s d liu DNS nn n phi m li d liu ca phn khc ca cy trong qu trnh gii quyt yu cu. Name server nh du d liu khi tr li pha yu cu c th bit c d liu tr li c nm trong zone name server qun l hay khng. Mt name server c th qun l mt hay nhiu zone. Khi , chng c gi l c quyn i vi cc zone ny . Khi cu hnh cho mt name server ta cn cho n bit c s name server nm trong cng mt domain. Name server c th c cc tn gi khc nhau tu theo vai tr, cch thc lu tr v x l d liu ca n trong h thng DNS. Trong DNS c nhng loi name server sau: primary name server, secondary name server, master name server, slave name server. a. Primary, secondary Primary name server: L name server nhn d liu cho zone m n qun l t cc file c s d liu cc b. Nhng thay i i vi mt zone nh thm vo cc domain, thm cc host mi vo trong mt zone hay thc hin phn quyn mt phn zone cho 149

mt DNS server khc phi c thc hin trong primary name server m bo nhng thng tin mi ny c a vo file cc b. Secondary name server: L name server nhn d liu cho cc zone m n qun l t primary name server khc c quyn i vi zone . Qu trnh secondary server nhn thng tin t primary server gi l zone transfer. Trong DNS, vic cu hnh nn cc Secondary name server l cn thit bi ba l do sau: -D phng: Mi zone cn c t nht hai name server: Mt primary name server v t nht mt secondary name server name server d phng. -H tr tt cc zone xa: i vi cc zone xa m c nhiu my trm, vic s dng secondary name server l cn thit m bo tc nh x tn c nhanh. -Gim ti cho primary name server: Secondary name server cng c s dng lm gim ti cho primary name server. Do thng tin v mi zone c lu tr cc file tch bit, v th, vic mt name server l primary hay secondary ch c ngha i vi tng zone. C ngha l mt name server c th primary name server i vi mt s zone nht nh nhng li l seciondary name server i vi nhng zone khc. b. Master name server. Khi nh ngha mt name server l secondary name server, cn phi ch ra name server cung cp thng tin cho n. Mt name server l ngun cung cp thng tin cho mt secondary name server c gi l master name server. Mt master name server c th l primary name server hoc l secondary name server i vi mt zone c yu cu. Cc second name server ch c s dng lm master name server khi primary name server qu ti hoc c mt ng truyn hiu sut cao hn gia secondary name server v mt secondary name server khc. c. Forwarder v Slave name server. Khi mt name server nhn c yu cu DNS, n s phi xc nh cc thng tin c yu cu trong cc zone file ca n. Nu 150

khng tim thy th n s truyn thng vi cc name server khc gii quyt yu cu. Trong mi trng Internet, gii quyt yu cu nh x tn bn ngoi cng ty th phi c s truyn thng gia name server bn trong cng ty v cc name server bn ngoi cng ty. Mt s name server c bit c la chn thc hin cng vic ny, l forwarder name server. Ch c forwarder name server mi c th truyn thng ra ngoi qua mng Internet. Tt c cc name server khc trong cng ty u c cu hnh s dng forwarder name server ny, cu hnh c thc hin trn mc server ch khng phi mc zone. Nh vy, khi mt name server bt k, v d name server A, khng tm thy thng tin c yu cu trong file zone ca n, th n chuyn yu cu ti mt trong cc forwarder name server. Forwarder name server ny s thc hin cc cng vic cn thit c th ly c thng tin p ng cho yu cu, sau chuyn thng tin kt qu cho name server A. name server ny s chuyn kt qu v ni gi yu cu nh x tn. Slave name server l cc name server c cu hnh s dng cc forwarder name server, n c nhim v l gi li thng bo tht bi khi forwarder name server khng gii quyt c yu cu. Slave name server s khng truyn thng vi bt c mt name server no khc nu forwarder name server khng th gii quyt c yu cu. d. Caching-only name server Caching-only name server l name server c nhim v thc hin vic yu cu, m li cc thng tin tr li v gi tr kt qu. Ni cch khc, n khng c quyn i vi bt k mt domain no; v ch cha thng tin c m li trong qu trnh gii quyt yu cu. Cn thy rng, mi name server u m li cc yu cu chng gii quyt nhng khng phi tt c chng u l caching name server. 4.3. Ci t DNS server M Start\Control Panel\Add Remove Program, chn Add remove Windows Componets, nhp Networking Service nhp

151

duyt vo Domain name System (DNS). Nhn Next ci t dch v, nhn Finish kt thc qu trnh ci t. Sau khi ci t xong DNS, bn nn thit lp cho DNS hng n chnh n bng cch trong ca s Network Connections, nhp phi vo Local Area Connection chn Properties, nhp chn trang General ri nhp Internet Protocol (TCP/IP)v nt Properties ri in vo trng Preferred DNS server a ch IP ca chnh n. Hoc bn cng c th n nh Preferred DNS server bng lnh sau: Netsh int ip set dns name static ipaddress primDNSTrong name l tn card mng trn my ca bn, ipaddress l a ch IP ca card mng . to ra mt Forward Lookup Zones, bn nhp phi vo folder Forward Lookup Zones trong ca s snap-in DNS v chn New zone m ra New Zone Wizard, sau nhn Next thy mt hnh ging nh hnh 4-1.

Hnh 4-1. Cc phng n to Zone mi C ba phng n to Zone mi l Primary, Secondary v Stub. Chn Primary sau nhn Next thy mn hnh nh hnh 4-2 xut hin.

152

Hnh 4-2. t tn cho Zone cn to Sau khi t tn cho Zone cn to bn nhn Next chuyn sang bc tip theo. Khi s xut hin mn hnh nh hnh 4-3 yu cu bn t tn cho Zone file.

Hnh 4-3. t tn cho Zone file Theo mc nh cc Zone file s c lu trong th mc \Windows\system\DNS di dng cc file ASCII. Cc file ASCII ny s gip ta khi phc li DNS server b hng bng cch sao chp li file ny vo th mc \Windows\system\DNS trn server mi, sau chy New Zone Wizard nhng n bc ny chng ta chn Use This Exiting File ri nhp ch cho Wizard tm n file evn.com.dns.Sau nhn Next chuyn sang bc tip theo, mn hnh nh hnh 4-4 xut hin.

153

Hnh 4-4. Nhng thit lp v cp nht ng Nu bn chn Allow both nonsecure and secure dynamic update th DNS server s cho php cc my ng k thng tin v chnh chng trong c s d liu DNS mt cch t ng. Bn chn n v nhn Next v Finish kt thc.

Hnh 4-5.

154

Chng 5 ACTIVE DIRECTORY

5.1. Chc nng ca min Active Directory Mt min Active Directory c nhim v v kh nng: Lu gi mt danh sch trung ng cc tn ti khon ngi dng, cc ti khon my v cc mt khu tng ng ca ngi s dng. Cung cp mt server ng vai tr l server xc minh (authentication server) hoc server ng nhp (logon server) gi l Domain Controller. Duy tr mt bng ch dn (Index) c th d tm nhanh nhng th thuc min , khin ngi ta d tm ra cc ti nguyn c trong cc my thuc min hn. Cho php to ra nhng ti khon ngi dng vi nhng mc quyn hn khc nhau.

155

 Cho php chia nh min ca mnh ra thnh nhng min nh (subdomain) gi l cc n v t chc (Organizational Unit - OU). 5.2. Cu hnh v ng dng Active Directory 5.2.1. Ci t Active Directory Chy DCPROMO M Start/Run, g DCPROMO, mn hnh nh hnh 5.1 xut hin

Hnh 5-1. Mn hnh khi s DCPROMO Bn nhn Next, khi mt thng bo xut hin cnh bo cc my DOS, Windows 95 v NT 4 SP3 s b loi khi mng nh hnh 5-2

Hnh 5-2. Cc cnh bo i vi cc my c trong mng Nhn Next, mn hnh nh hnh 5-3 xut hin yu cu bn chn la cc cch to my DC. 156

Hnh 5-3.

Hnh 5-4:

Hnh 5-5.

157

Hnh 5-6.

Hnh 5.7.

Hnh 5-8.

158

Hnh 5-9.

Hnh 5-10.

Hnh 5-11.

159

Hnh 5-12. 5.2.2. Xy dng mt Enterprise Adminnistrator a. To ra qun tr vin c quyn lc trn khp rng Sau khi ng nhp vo my DC, nhp Start\Administrator Tools\ Active Directory User And Computers. Khi mt khung thoi s xut hin nh hnh di.

Hnh 5-13. to mt ti khon ngi dng mi, bn nhp phi vo Folder Users trong ngn bn phi, chn New \ User, khi xut hin mt mn hnh nh hnh di.

160

Hnh 5-14. Bn in tn v h cng nh tn y ca ngi dng cn to vo cc tng ng. Trng User logon name l tn m ngi dng s s dng ng nhp vo min. Sau nhn Next chuyn sang mn hnh tip theo.

Hnh 5-15. Bn nhp mt khu m bn mun s dng xc nhn cho ti khon ca bn v b duyt User must change password at next logon sau nhn Next v Finish kt thc vic to ti khon mi. Bn m Folder Users ra, khi trandinhthi c to ra nh hnh di

Hnh 5-16. b sung ti khon trandinhthi vo nhm Enterprise Admins tr thnh qun tr vin trn ton rng, bn m nhm Enterprise Admins ra, khi khung thoi nh hnh di s xut hin. 161

Hnh 5-17. Chn trang Member bn s thy xut hin khung thoi nh hnh di. Trong khung thoi ny bn thy ti khon qun tr vin ti ch dnh cho my DC ca evn.com cng l mt Enterprise Admins. DCPROMO thit lp iu mt cch t ng.

Hnh 5-18. B sung mt ti khon ngi dng vo nhm Enterprise Admins bng cch nhn nt Add, khi khung thoi nh hnh di s xut hin, bn g tn ngi dng cn b sung ri nhn Check names.

162

Hnh 5-18. Sau khung thoi y s kim tra trong AD xem c tn no khp vi tn m bn va nhp vo khng. Sau nhn OK xc nhn nhng thay i. Nh vy ti khon thitd tr thnh mt qun tr vin c quyn lc trn ton rng. b. Thit lp quyn kim sot trn min con bng OU Active Directory cho php bn trao mt phn hoc ton b cc quyn lc qun tr cho mt nhm ngi dng. Kh nng ny gip cho mt mng n min c th c phn nh ra thnh cc b phn khc nhau, mi b phn c mt nhm ngi dng trong c mt ngi c mt phn hoc ton quyn qun tr nhm . Quy trnh thc hin nh sau: To ra mt n v t chc (OU) Di cc ti khon ngi dng m bn mun kim sot vo OU . To ra mt nhm cha nhng ngi m sau ny c quyn qun tr i vi nhng ngi trong OU va to. a mt trong s cc thnh vin trong OU to tr thnh thnh vin ca nhm. U quyn kim sot OU cho nhm to. To ra mt OU. to ra mt OU trong mt min, bn m Active Directory Users and Computers (ADUC), nhp phi vo hnh tng ca min trong ngn bn tri, chn New/Organizational Unit. Mt khung thoi hin ra ch bn nhp tn cho OU mi. Bn nhp tn sau nhp OK kt thc. Gi s ta to ra mt Ou tn l Daotao. Di cc ti khon ngi dng vo trong OU mi 163

 di cc ti khon ngi dng trn h thng vo trong OU Daotao, bn m ADUC, m min ca bn ra ri chn folder Users. Bn chn cc ngi dng cn a vo OU ri nhn chut phi sau chn Move. Khi s xut hin khung thoi hi ni cn di cc ngi dng , hoc bn c th dng tnh nng ko th . ko th trc tip cc users trong Folder Users sang OU Daotao. To ra nhm kim sot OU. Bc tip theo l to ra nhm kim sot OU. Vo ADUC, nhp Action/New/Group (hoc nhp phi vo OU va to v chn New/Group). Khung thoi nh hnh di xut hin.

Hnh 5-19. Khung thoi ny cho php bn to ra bt k mt trong ba loi nhm c trong Active Directory. Bn chn loi nhm thch hp, t tn cho nhm v nhn OK kt thc. Gi s to ra nhm PswAmd. K tip bn t mt ngi s dng trong OU Daotao vo trong nhm PswAmd bng cch nhp phi vo hnh tng ca nhm va to ri chn Properties, chn trang Members ri nhn Add, chn ti khon ngi dng mun a vo nhm ri nhn Add v Ok kt thc. U thc quyn ca OU cho nhm. Gi s ta u quyn Reset li mt khu ca Ou Daotao cho nhm PswAdm. Trong ADUC, tm OU Daotao, nhp phi n ri chn Delegation, mn hnh u tin ca Delegation of Control

164

Wizard s xut hin, nhn Next, bn thy xut hin mn hnh nh hnh di.

Hnh 5-20. Tip theo bn phi cho ADUC bit rng bn sp u thc mt s quyn no cho mt nhm c th. Nhn nt Add ri chn nhm PswAdm, sau nhn OK ng khung thoi li, mn hnh s trng ging nh hnh di.

Hnh 5-21. Nhn Next, mn hnh xut hin cc cng vic c u thc, chn cng vic m bn mun u thc cho nhm PswAdm, sau nhn Next v Finish kt thc.

165

Hnh 5-22. Tm li vic u thc quyn kim sot cho php bn ch nh mt nhm ngi dng c mt loi quyn lc no trn mt OU. U thc quyn mt cch chuyn su hn thc hin u quyn mt cch trc tip hn, bn m ADCU ln, nhp chn View/Advanced Features. Chn OU cn u quyn, nhp phi ri chn Properties, khi xut hin mt khung thoi ctnh, trong c mt trang tn l Security. Nhp chn trang ny bn s thy mn hnh ging nh hnh di.

Hnh 5-23. thy r quyn ca nhm PswAdm i vi OU, bn nhn vo nt Advanced, khi mn hnh nh hnh di s xut hin. 166

Hnh 5-24. Trong khung thoi ny, bn c th thm hoc bt cc nhm c th c quyn kim sot mt OU c th. 5.3. Cc cp hot ng (functional level) ca Active Directory 5.3.1. Cc ch Mixed v Native trong mng Windows 2000 server Mt min Active Directory ch Mixed Mode l min AD m c mt my Win2K ng vai tr domain controler v gi vai tr PDC (Primary DC) cng vi mt s my BDC (Backup DC) bt k chy NT4. Min Active Directory ch Native Mode khi tt c cc my DC trong min u l cc my chy Win2K. 5.3.2. Cc cp hot ng ca min trong Windows 2003 Trong cc min Active Directory da trn Win2K ch c hai kh nng c th xy ra: hoc ton b cc DC u chy Win2K hoc c c DC chy Win2K v cc DC chy NT4. Trong cc min AD da trn WinS2K3 th c nhiu kh nng k hp cc DC hn, mi kh nng u c Mode ring ca n. Cc mode cn c gi l domain function level (cp hot ng ca min). Bn thay i cp hot ng ca mt min bng cch m ca s Active Directory Users and Computers ri nhp phi hnh tng i din cho min y. Chn Raise Domain Functional Level

167

(nng cp hot ng ca min) v s thy mt khung thoi nh sau xut hin.

Hnh 5-25. Trong trng hp ny min ang xt ang mode hot ng Windows 2000 mixed functional level v bn c th thay i n sang cp hot ng khc tu thuc vo cc my DC ca bn trong mng. ngha ca cc cp hot ng. Windows 2000 mixed domain functional level: l min m c mt s DC chy WinS2K3, mt s khc chy Win2K server v mt s my khc na chy NT 4 server. Ging nh cc min mixed mode ca Win2K server, cc min ny thiu multimaster replication v cc universal group, cc SID History v chng cng khng chuyn i c cc distribution group thnh cc nhm security group v ngc li. Windows 2000 native domain functional level: l min ch c cc DC da trn Win2K server hoc WinS2k3. Khi bn nng cp mt min AD da trn Win2K server bn s c c cp hot ng ny hoc khi bn t nng cp hot ng ca min. Nhng my trong Windows 2000 native domain functional level c th s dng cc universal group, multimaster replication, cc SID History v c th chuyn i qua li gia cc nhm phn phi v bo mt. Chng khng c kh nng i tn min c n gin ho mi c trong WinS2k3. Windows server 2003 domain functional level: l cp hot ng tt nht. t n cp ny, tt c cc DC trong mng 168

u phi chy Windows 2003. Vi cp hot ng ny bn c th thc hin c nhng chc nng khc m cc cp hot ng khc khng thc hin c. 5.4. Tng quan v chnh sch nhm (Group Policy) 5.4.1. S khc nhau trong thc hin chnh sch nhm v chnh sch h thng Cc chnh sch h thng (system policy) ca Windows 9x, Windows Me v c tp hp li thnh mt file duy nht l CONFIG.POL, cc chnh sch nhm (Group Policy) ca Windows NT4, Win2k, XP, WinS2K3 c lu gi trong file NTCONFIG.POL. Tt c u c t trn mt th mc dng chung l NETLOGON ca tng my DC. Khi mt my Windows 9x, Me, NT4, Win2K, XP, WinS2K3 khi ng ri ng nhp vo mt min NT4 hoc mt min AD th my s ti xung file CONFIG.POL hoc NTCONFIG.POL ri thc hin nhng chnh sch c m ho trong cc file . Bn c th dng chnh sch h thng kiu NTCONFIG.POL/CONFIG.POL trn cc min da trn NT4 hoc trn cc min AD bi v cc my trc Win2K khng hiu c cc chnh sch nhm. Cc chnh sch nhm khc bit vi cc chnh sch h thng cc im sau: Cc chnh sch nhm ch c th hin hu trn min Active Directory, khng th t cc chnh sch nhm ln cc min NT4. Cc chnh sch nhm thc hin c nhiu cng vic hn cc chnh sch h thng. V d bn c th dng cc chnh sch nhm trin khai phn mm cho mt hoc nhiu my trm no mt cch t ng. Cc chnh sch nhm t ng hu b tc dng khi chng c g b, khng ging nh cc chnh sch h thng. Cc chnh sch nhm c p dng thng xuyn hn cc chnh sch h thng. Cc chnh sch h thng ch c p dng khi my khch ng nhp, cn cc chnh sch nhm c p dng khi bn m my ln, khi my khch ng nhp v mt cch t

169

ng vo nhng thi im ngu nhin trong sut ngy lm vic. C nhiu mc kim sot vic p dng cc chnh sch nhm i vi cc i tng khc nhau. Cc chnh sch nhm ch p dng c vi cc my Win2K, XP v WinS2K3. 5.4.2. Kh nng ca chnh sch nhm. Vi chnh sch nhm bn c th lm c mi chuyn nh l i vi chnh sch h thng, ngoi ra bn cn lm c mt s vic khc v d nh: Trin khai phn mm ng dng. n nh cc quyn hn ngi dng. Gii hn nhng ng dng m ngi dng c php chy. Kim sot cc thit nh h thng. Thit lp cc kch bn ng xut, ng nhp v tt my. n gin ho v hn ch chng trnh. Hn ch tng qut mn hnh Desktop ca ngi dng.

5.5 .Kim ton v s dng mng bng Active Directory Active Directory s theo di tu bn chn la mt s hot ng trn mng v ghi li nhng g n tm thy v cc hot ng trong cc mc ghi chp ca Event Viewer, trong bn ghi chp Security. Win2K v cc phin bn sau ca NT u ym tr vi loi kim ton: Kim ton nhng s kin ng nhp ti khon (account logon event) Kim ton nhng s kin ng nhp (logon event) Kim ton vic qun l ti khon (account management) Kim ton vic truy cp directory service access Kim ton vic thay i chnh sch (policy change) Kim ton nhng s kin h thng (system event) Kim ton vic theo di phn trnh x l (process tracking) 170

 Kim ton vic truy cp i tng (object access) Kim ton vic s dng quyn hn (privilege use).

Chng 6 To v qun l cc ti khon ngi dng

6.1. To ra ti khon ngi dng ti ch v trn min 6.1.1. To ngi dng ti ch S dng cng c Computer Management (COMPMGMT.MSC) to nhng ti khon ngi dng v nhm ti ch. Cng c ny cng c th lm vic c t xa bng cch bn chn Connect to another computer t menu Action trong ca s MMC ca Computer Management. Trn mt server khng phi l DC bn s dng cng c Computer Management, cn nu my ang lm vic l mt DC 171

th bn s dng Active Directory Users and Computers (DSA.MSC) to cc ti khon. to ra mt ti khon mi trn cc my phi DC, m folder Users bn di Local Users and Groups, chn New User t menu Action, hoc c th nhp chut phi vo Folder Users ri chn New User. in cc thng tin cn thit nh Username, Password v Confirm Password (cc trng khc l tu ) ri nhn Create. thay i cc c tnh ca ti khon, hoc ch nh cc thnh vin ca nhm, mt kch bn ng nhp v home folder hoc troa quyn truy cp dialin cho ngi dng, nhp phi vo ti khon ngi dng ri chn Prroperties. thit lp mt khu cho ti khon no bn chn ti khon ri chn Set Password. Tt c cc ti khon ti ch bn to ra trn mt stand alone server, member server hoc my trm u c lu tr trong c s d liu SAM (Security Accounts Manager) ti ch trong th mc \windows\system32\config. n nh cc chnh sch ti khon bn s dng cng c Local Security Policy (SECPOL.MSC) hoc cng c Group Policy (GPEDIT.MSC). 6.1.2. Cc ti khon min a. V tr lu tr ca cc ti khon ngi dng v nhm Active Directory Users and Computers (ADUC- DSA.MSC) l cng c qun tr chnh qun l cc ti khon ngi dng, cc nhm bo mt, cc OU v cc chnh sch trong mt mng. Cc ti khon ngi dng v nhm c gi tr trn c min AD c lu tr trong file NTDS.DIT, theo mc nh n nm trong th mc \Windows\NTDS. C s d liu ny lu tr nhiu thng tin hn so vi SAM, bao gm c cc thng tin v cc my server v my trm, cc ti nguyn ca mng, cc ng dng c pht hnh v cc chnh sch bo mt. C s d liu ny c sao chp khp min n tt c ccDC trong mt min nh c c kh nng chu li (fault tolerance) v kh nng san ti (load balancing). b. Cc m nhn din bo mt

172

Cc ti khon ngi dng khi mi c to ra u t ng c cp mt m nhn din bo mt (security identifier SID). Mi SID l mt con s c nht, c tc dng nhn din mt ti khon. Cc SID khng bao gi c s dng li, khi mt ti khon b xo i th cc SID ca n cng b xo theo. Mt SID bao gm cc on sau: S-1-5-21-D1-D2-D3-RID Trong S-1-5-21 l tin t chun ca NT. D1, D2, D3 l nhng con s 32 bit ca mt min no . Sau khi bn to ra c mt min cc gi tr t D1 n D3 ny c thit lp v tt c cc SID trong min y t tr i c cng 3 gi tr . RID l dng vit tt ca (Relative IDentifier) l m nhn din tng i. RID l phn khc bit c nht vo nh ca bt k SID no. Mi ti khon mi lun c mt m s RID khc bit. c. Cc chc nng lin quan n ngi dng v nhm trong ADUC ADUC cung cp cho ngi qun tr mng nng phng tin thc hin nhng cng vic sau: - To ra, sa i v xo b cc nhm ngi dng. - Phn b (assign) cc kch bn ng nhp cho cc ti khon ngi dng. - Qun l cc nhm v cc thnh vin nhm. - To ra v qun l cc chnh sch nhm. M ADUC t nhm cng c Administrative Tools trn menu Start hoc chn Start/Run ri g vo tn file (DSA.MSC). Cng c cn ni kt vi mt my DC thu thp thng tin v v truyn t nhng thay i ca bn n my . Ca s ADUC xut hin nh hnh di. Trong ca s tn ca DC c lin h nm trn cng ca cy, cn tn min nm ngay di gc cy. Mun ni kt vi mt min hoc DC khc, chn Connect to Domain hoc Connect to Domain Controller t menu Action.

173

Hnh6-1. Cc container Users v Computter l nhng ni mc nh t cc ti khon ngi dng, ti khon nhm v ti khon my c sn t min c vo khi my c nng cp t min NT4 ln. Builin l container dnh cho cc nhm ti ch c to sn c bit nh Administrators, Account Operators, Guess v User, cc nhm ny c mt trn mi my server Win2K hoc Win2k3 k c cc DC. Domain Controllers l OU mc nh dng cho cc my DC mi. y l ni t cc ti khon khi bn mi to ra cc DC mi. ForeignSecurityPrincipals l container mc nh dnh cho cc i tng t bn ngoi min ang xt., t cc min c tin (trusted domain) ca cc min ny. to ra mn g mi trong cy console ny, bn chn i tng container no m bn mun t n vo ri chn New t mnu Action hoc nhp phi i tng v chn New t menu ng cnh. bn c th to ra mt th mc dng chung(Share Folder), ti khon ngi dng (User) my in dng chung (printer) OU, ti khon nhm, Contact v ti khon my. Bi v OU y thc ra khng phi l OU ca AD m ch l Container ca MMC nn bn khng th to ra OU bn trong cc container Users v Computers c. d. Cc ti khon to sn: Administrator v Guest 174

Ti khon Administrator l ti khon c y quyn lc trn mt my hoc mt min tu theo ng cnh. Khi ci t Windows 2003, bn t mt khu cho ti khon qun tr my, cn khi bn chy DCPROMO.EXE to ra min mi, bn phi t mt khu cho ti khon Administrator ca min. Ti khon Guest l dnh cho nhng ngi dng m khng c ti khon ca ring h trn min ang xt. Theo mc nh th ti khon ny b v hiu ho. e. To ra ti khon ngi dng mi Trong ca s ADUC, chn container Users (hoc bt k v tr no ni m bn mun t ti khon y vo), chn menu Action, nhp phi sau chn New/User. Nhp cc thng tin cn thit cho ngi dng mi nh Fist name, Last name, Full name. Tip theo l tn ng nhp ca ngi dng (User logon name hoc username) ri chn hu t UPN cho ngi khi ng nhp. Cc username mi c to ra trong Windows 2003 phi tun theo nguyn tc sau: i vi ti khon ti ch th tn phi c nht trn my, i vi ti khon min th ti khon cng phi l c nht. Tuy nhin tn ca mt ti khon trn min c th ging vi tn ca ti khon ngi dng ti ch trn my phi DC l thnh vin ca min. i vi ti khon ti ch th username khng c ging nh mt tn nhm no trn my ti ch, cn i vi ti khon min th username th khng c ging vi tn nhm trn min. Username c th di ti 20 k t, c th kt hp c ch hoa v ch thng. Nn trnh s dng cc k t c bit. Cc tn c th gp c cc khong trng v du chm, nhng nn trnh cc khong trng. Sau khi in y cc thng tin bn nhn Next chuyn sang bc tip theo n nh cc tu chn v ti khon v mt khu. Sau nhn Next xc nhn li nhng thng tin bn cung cp v cui cng nhn Finish kt thc. 175

f. Cc c tnh ca ti khon ngi dng Bn c th thay i cc c tnh ca m ti khon ngi dng bng cch nhn chut phi vo ti khon ngi dng v chn Properties. Khi s xut hin hp thoi bao gm 13 trang c tnh ca ngi dng v bn c th chnh sa trc tip cc c tnh . Trang Account cho php sa i tn ng nhp v hu t UPN ca ngi dng cng vi thi gian c php ng nhp khi thit lp trong nt Logon hours. Trang Profile ch nh ng dn n Profile (profile path) v kch bn ng nhp (logon scrip) v mt folder home cho ngi dng ang xt. Trang Member Of ch nh cc t cch thnh vin nhm cho mt ti khon ngi dng. a ngi dng ang xt vo mt nhm khc, nhp Add m khung thoi Select Groups chn nhm mi cho ngi dng. loi b ngi dng ang xt ra khi cc nhm no v chn nt Remove trong trang Member Of. g. Qun l cc ti khon Bn c th thay i cc thng s cho nhiu ti khon cng mt lc bng cch chn ng thi nhiu ti khon cng thay i. Gi phm Ctrl chn cc ti khon mun thay i v nhn chut phi xut hin menu ng cnh v chn cc thay i trn . Nhng thay i i vi ti khon ngi dng s ch c tc dng trong ln ng nhp k tip ca ngi s dng. h. Reset mt khu Mt khu ca ngi s dng c th reset li trong ADUC bng cch nhp phi ti khon ca ngi v chn Reset. Cn trong ch dng lnh bn cng c th thc hin vic reset mt khu nh sau: Nu l ti khon ngi dng ti ch th g lnh: net user usename newpassword Nu l ti khon ngi dng ca min th thm /domain: net user usename newpassword /domain

176

 reset mt khu thnh gi tr ngu nhin dng kho chuyn /random: net user usename newpassword /domain /random Mt khu c to ra mt cch ngu nhin s hin th trn mn hnh sau khi lnh xong vic. 6.2. Tm hiu cc nhm 6.2.1. To cc nhm to ra mt nhm trong ADUC, chuyn ti container bn mun to nhm trong . C th to ra nhm ti gc ca min trong mt container dng sn nh l Users hoc trong mt OU no . Trong container ang c chn, nhp phi hoc ko menu Action xun, chn New/Group. Sau nhp tn nhm, tn kiu c ca nhm (pre- Windows 2000), phm vi ca nhm (group scope)v loi nhm (group type). Theo mc nh th phm vi ca nhm sp to l Global, loi ca n l Security. Nhp OK to ra nhm mi y. b sung thm nhng thng tin cho nhm, nhp kp vo nhm va to m khung thoi c tnh ca nhm . b sung thnh vin cho nhm, trong trang Members, nhn nt Add 6.2.2. Cc loi nhm a. Cc nhm bo mt L loi nhm dng cp pht cc quyn hn v quyn truy cp, cc nhm ny u c ch nh cc SID. C nhng loi nhm bo mt chnh sau: Local group (nhm ti ch) l loi nhm c trn mt stan-alone server, mt member server, hoc mt my trm Win2K hoc XP Pro. Cc local group ch c ngha ti ch i vi my cha n. Domain local group (nhm ti ch ca min) l nhm local group nm trn mt my DC, do chng c sao chp ti cc my DC khc trn ton mng. Cc global group (nhm ton mng) c dng cp pht nhng quyn hn v quyn truy cp vt qua nhng ranh gi ca my v min.

177

Cc universal group (nhm ph qut) c th cung cp cc chc nng ca cc global group, cp pht quyn hn v quyn truy cp i tng trn khp cc min vgia cc min vi nhau. b. Cc nhm phn phi v cc contact Nhm phn phi l lai nhm khng c quyn hn g v bo mt, khng c m s nhn din SID, t cch thnh vin ca nhm khng c tnh trong s nhng d liu chng minh ca nhng ngi dng ca nhm vo lc h ng nhp. Loi nhm ny hon ton dnh ring cho email. V ch hu dng khi trong mng c Exchange 2000 bi v trong Exchange 2000 khng c mt danh b ring r nh trong Exchange 5.5 m n s dng danh b ca AD. 6.2.3. Group scope a. Cc nhm local hoc machine local L nhng nhm ti ch cua my, c mt trn cc my server c lp (stand-alone server) v cc my trm Win2K hoc XP Pro. Nhm local c s dng lm n gin vic qun tr my . Khng th lng mt nhm local vo mt nhm local khc nhng nhm local c th cha bt k loi nhm no trong s ba loi nhm da trn min: global, domain local v universal. b. Cc nhm global L nhm ch c th cha cc ti khon ngi dng t min nhng chng c th cha cc nhm global khc trong cng mt min. Cng c th t mt nhm global vo trong mt nhm local ca mt min no m tin vo min ca nhm global . Do vy c th a mt nhm global vo trong mt nhm local ca mt server thnh vin trong cng mt min vi nhm global hoc vo trong mt nhm local ca mt min khc no trong cng mt rng vi nhm global. c. Cc nhm domain local Loi nhm da trn min th hai gi l nhm domain local. C hai loi nhm domain local: cc nhm domain local c sn (built in) v cc nhm domain local khc oc xy dng thm. Khi mt server tr thnh mt DC th cc nhm ti ch ca server tr thnh nhm domian local v c a vo 178

container Buitin trong AD. Cc nhm ny bao gm nhm Administrator, Backup Operators v Print Operators. C mt s nhm mi c to ra cng vi min nh Server Operators v Account Operators. Cc nhm domain local ny ging nhau trn tt c cc DC trn mng nh chia s cng mt c s d liu bo mt trong AD. Cc nhm domain local ny khng th di ch hoc xo i v khng th tr thnh thnh vin ca nhm local khc v cc nhm local khc cng khng th tr thnh thnh vin ca nhm domain local ny. Nhng nhm domain local mi do ngi dng to ra trong container Users c th c di i v xo b. Cc nhm ny khng ging nh cc nhm global, n ch c th t vo trong cc nhm local ca cc my bn trong cng mt min vi n ch khng th t vo trong mt nhm local trn mt min tin min cha n. d. Cc nhm Universal Nhm Universal c th lm c mi th, ch c th to ra chng trn mt my DC, ngoi ra chng cn c nhng kh nng sau: t mt nhm Global t mt min bt k no vo trong mt nhm universal thuc cng mt rng. t mt nhm universal vo trong bt k loi nhm local no (machine local, domain local hoc buit-in domain loacal) t mt nhm universal vo trong mt nhm universal khc. Nhm universal ch c th c dng trong Windows 2000 Native hoc Windows server 2003 function level. Khi tt c cc my DC trong mng u phi chy Win2K3 hoc Win2K3. e. Nhng s kin khc v nhm C th t cc ti khon my vo trong cc nhm, iu ny khng th thc hin trong NT4. C nhc im trong AD ca Win2k l hn ch kch c ca mi nhm mc khong chng 5000 thnh vin. Trong Win2k3 nhc im c sa cha. 6.2.4. Lm vic vi cc nhm bo mt

179

Mt s mu hnh lng nhm c Windows 2003 thit lp sn trong mt min. V d th nht: AD t ng to ra cc nhm global Domain Admins. Khi mt server tham gia vo mt min (oc tr thnh DC) nhm global Domain Admins v nhm universal Enterprise Admins c t ng a vo danh sch thnh vin ca nhm local Administrators ca server .

Hnh 6-2. Tc dng ca vic lng nhm l thnh vin ca nhm Domain Admins hoc Enterprises Admins cng l qun tr vin ca my trn mi server thnh vin ca min. V d th hai v lng nhm l danh sch thnh vin ca nhmlocal Users. Trn mt my thnh vin ca min hoc domain controller, nhm Users t ng cha nhm Domain Users. Khi to ra mt ti khon ngi dng mi trong mt min, ngi dng mi y c t ng phn vo nhm Domain Users. Tc dng ca n l mt ti khon ngi dng bt k trong mt min s c t ng cp nhng quyn ca ngi dng ti ch trn mi my thnh vin min. Ti khon ngi dng c a vo trong nhm global Domain Users v nhm global Domain Users c a vo trong nhm local User ca mi my thnh vin ca

180

min v khi n c nhng quyn hn v quyn truy cp ti ch trn my . Mt s s lng nhm khc na nh nhm Domain Guests c t ng tr thnh thnh vin ca nhm local Guests trn tt c cc my thnh vvin ca min cn nhm universal Enterprise Admins l thnh vin ca nhm local Administrator. a. Cc domain local group c to sn Administrators: Nhm Administrator c mi quyn hn c n nh sn, cc thnh vin ca n c tt c mi quyn lc qun tr h thng. Cc nhm Domain Admins v Enterprise Admins l nhng thnh vin theo mc nh ca nhm Administrator cho nn cc thnh vin ca nhm Administrators c ton b quyn kim sot i vi tt c cc my DC v ton b quyn lc trong min. Account Operators: Cc thnh vin ca nhm ny c th to ra cc ti khon ngi dng, ti khon my v cc ti khon nhm dnh cho min, h cng c quyn sa i hoc xo b hu ht cc ti khon ngi dng v nhm ca min. Tuy nhin h khng th xo b hoc sa i c cc nhm trong folder Buitin hoc OU Domain Controller, cc ti khon Admnistra tor ,nhm global Domain Admins hoc cc nhm domain local Administrator, Server Operators, Account Operators, Print Operators v Backup Operators. Nhm Account Operators khng th qun tr cc chnh sch bo mt nhng c th ng nhp ti ch (ch c th ng nhp ngay ti my khng ng nhp c t cc my khc trn mng) vo cc my DC v Shutdown. Nhm ny ch c mt trn cc my DC v khng c thnh vin mc nh no c. Cc thnh vin ca nhm domain local Account Operators khng th sa i cc ti khon ngi dng v nhm trn cc server thnh vin. Backup Operators: Cc thnh vin ca nhm Backup Operators c quyn lu d phng v khi phc cc file, bt k h c quyn truy cp cc file hay khng. H cng c th ng nhp mt cch ti ch vo cc server v tt chng i. Nhm ny khng c thnh vin mc nh no c, cc thnh vin ca 181

nhm domain local Backup Operators ch c nhng quyn hn ni trn trn cc my DC. Guests: Cc thnh vin ca nhm domain local Guests khng c quyn hn ngi dng c bit no c. Theo mc nh ti khon Guests v nhm domain Guests l nhng thnh vin ca nhm ny. Cc thnh vin ca nhm local Guests trn cc my phi DC c th ng nhp, chy cc ng dng v tt my. Printer Operators: Cc thnh vin ca nhm domain local ny c th to ra, qun l v xo b cc i tng my in dng chung trong AD v cc my in no c gn vo trong cc my DC. Ngoi ra h cn c th ng nhp v tt my DC. Nhm ny khng c thnh vin mc nh no v khng c s lng nhm mc nh no xy ra i vi cc nhm local Print Operators trn cc my server phi DC. Sever Operators: Trn cc my DC, cc thn vin ca nhm Server Operators c th to ra, qun l v xo bt cc i tng my in dng chung v th mc dng chung ca mng; lu d phng v khi phc cc file; khi ng v dng cc dch v; nh dng cc a cng ca server; kho cht v m kho cc server, m kho cc file v thay i giowf gic ca my> Ngoi ra cc thnh vin ca Server Operators cn c th ng nhp mt cch ti ch v tt i cc my . Nhm ny ch c mt trn cc DC v khng c thnh vin mc nh. Cc thnh vin ca nhm Server Operators ch c nhng quyn hn trn cc my DC. Users: Nhm Domain Users l thnh vin ca nhm ny theo mc nh nn tt c cc ti khon c to ra trong min cng u l thnh vin ca nhm domain local Users ny. Cc thnh vin ca nhm domain local Users khng c quyn hn g c bit trn cc my DC v h khng th ng nhp ti ch vo cc my server. Cc thnh vin ca nhm local Users trn cc my trm c php chy cc ng dng (nhng khng c php ci t chng). H cng c php tt my v kho cht my trm m h ng nhp. Nu mt ngi dng c c quyn h ng

182

nhp mt cch ti ch vo mt my trm th h cng c quyn to ra cc nhm local v qun l cc nhm m h to ra . Replicator: Nhm ny dnh ring cho vic sao chp danh b, n khng c thnh vin mc nh no c. Ngi ta t mt ti khon ngi dng vo nhm ny chy dch v Replicator v nhm ny ch nn c mt thnh vin duy nht. Incoming Forest Trust Builders: Cc thnh vin ca nhm ny c th to ra cc quan h tin hng n (incoming0, mt chiu (one-way) vo rng ny. Nhm ny khng c thnh vin mc nh no v ch c mt trn cc my DC. Network Configuration Operators: Cc thnh vin ca nhm ny ch c php sa i cc thit lp TCP/IP trn cc my DC trong min. Cc my server phi DC c mt nhm machine local tng ng. Nhm ny khng c thnh vin mc nh. Pre-Windows 2000 Compatible Access: Nhm ny c quyn truy cp c i vi tt c cc ti khon ngi dng trong min, v c quyn truy cp ti cc my DC t mng v quyn b qua khu kin tra (Bypass traverse checking). Loi thnh vin duy nht ca nhm ny l nhng ngi dng my trm Windows NT hoc c hn. Remote Desktop Users: Cc thnh vin ca nhm ny c th ng nhp mt cch t xa vo cc my DC trong min. Nhm ny khng c thnh vin mc nh no c. Performance log Users: Cc thnh vin ca nhm ny c php truy cp t xa ghi li nhng gi tr m hiu nng (performance counter) trn cc my DC. Nhm ny khng c thnh vin mc nh no c. Performance Monitor Users: Cc thnh vin ca nhm ny c kh nng gim st t xa cc my DC . Nhm ny khng c thnh vin mc nh no c. Power Users: Nhm ny ch c mt vi tnh cch mt nhm machine local trn cc my trm Win2K/XP v trn cc server phi DC. Cc thnh vin ca n c mt phn nh quyn lc ca Administrator. Cc thnh vin ca Power Users c th to ra cc 183

ti khon ngi dng v cc nhm Users, Power Users v Guests cng nh qun tr ngi dng v cc nhm m h to ra. b. Cc nhm c to sn khc Mi my DC loi Win2k3 c mt s nhm global v universal c xy dng sn. Cc nhm ny ch xut hin trn cc my DC v ch c th to ra chng trn cc my DC. Domain Admins: Khi t mt ti khon ngi dng no vo trong nhm nyth ngi dng y c quyn hn ca mt qun tr vin. Cc thnh vin ca Domain Admins c th qun tr min nh, cc my trm ca min v mi min c tin no a nhm global Domain Admins ca min ny vo cc nhm local Administrator ca chnh h. Theo mc nh nhm global c xy dng sn Domain Admins l thnh vin ca c nhm local Administrator ca min ln nhm local Administrator ca mi my trm trong min . Ti khon ngi dng c xy dng sn Administrator ca min cng t ng l mt thnh vin ca nhm global Domain Admins. Domain Users. Cc thnh vin ca nhm global Domain Users ca mt min c nhng quyn truy cp v nng lc truy cp ca ngi dng bnh thng vo c bn thn min ln mi my trm trn min. Nhm ny cha tt c ti khon ngi dng min v theo mc nh l mt thnh vin ca mi nhm local Users trn mi my trm trong min . Group Policy Creator: Cc thnh vin ca nhm ny c php sa i chnh sch nhm ca min. Theo mc nh ti khon Administrator ca min l thnh vin ca nhm ny. Enterprise Admins: Cc thnh vin ca nhm universal ny c ton b quyn lc trn tt c cc min trong rng ang xt v ch c th nhn thy n trong min gc ca rng. Enterprise Admins l thnh vin ca tt c cc nhm Administrator trn tt c cc DC trong rng ang xt. Theo mc nh ti khon Administrator l mt thnh vin mc nh ca nhm ny. Schema Adimins: Nhm universal ny ch xut hin trong min gc ca rng. Cc thnh vin ca nhm c kh nng sa 184

i cu trc t chc (schema) ca AD. Theo mc nh Administrator l mt thnh vin ca nhm ny. c. Cc nhm c to sn c bit Ngoi nhng nhm c xy dng sn loi local, global v universal ni trn cn mt s loi khc khng c lit k trong ca s ca ADUC, s xut hin trn cc ALC ca cc ti nguyn v i tng bao gm cc th sau y: INTERACTIVE Bt k ai ang s dng my mt cch ti ch. NETWORK Tt c nhng ngi dng c ni kt qua mng vi mt my tnh. EVERYONE Tt c nhng ngi dng hin ti k c khch vng lai v nhng ngi dng t cc min khc. SYSTEM H iu hnh. CREATE OWNER Ngi to ra (creator) v/hoc ch s hu (owner) ca cc th mc con, cc file v cc print job. AUTHENTICATED UESERSBt k ngi dng no m c xc minh i vi h thng. c dng vi tnh cch nh mt gii php thay th an ton hn cho Everyone. ANONYMOUS LOGON Mt ngi dng m ng nhp nc danh. BATCH Mt ti khon m ng nhp nh mt batch job. SERVICE Mt ti khon m ng nhp nh mt dch v. DIALUP Nhng ngi ang truy cp h thng thng qua Dialup Networking 6.2.5. Cch s dng cc OU Cc n v t chc (OU) l cc container lun l trong mt min AD. Chng c th cha cc ti khon ngi dng, nhm, ti khon my v cc OU khc nhng ch trong min ca chng. V d nh bn khng th t nhng nhm global hoc my tnh t mt min khc vo trong OU no trong min ca bn. Tc dng ca OU ch yu dnh cho vic qun tr. Cc qun tr vin c th to ra v p dng cc chnh sch nhm vo mt OU v cng c th u quyn kim sot cc OU cho mt nhm hoc mt ngi dng no . ngha ca vic dng OU l c 185

c mt b phn nh ca mt min nhng vn chia s cc thng tin bo mt v cc ti nguyn. Vic tp hp nhng ngi dng, nhm v ti nguyn no vo trong OU cho php bn p dng nhng chnh sch no theo cch t m hn, ngoi ra cn quyt nh mt cch c th ai qun l ci g v trong chng mc no. S khc bit gia OU v container ch: OU l mt container, bn c th u quyn kim sot i vi mt container nhng khng th p dng chnh sch nhm cho container. Vi OU th bn c th lm c iu . OU cng c nhng khc bit i vi nhm. Mt ngi dng c th l thnh vin ca nhiu nhm nhng ti mt thi im h ch c th trong mt OU. Ging nh mt nhm, mt OU c th cha cc OU khc. Cc tn nhm xut hin trong ALC cho nn bn c th cp hoc t chi quyn truy cp theo nhm. Cc OU th khng xut hin trn cc ALC cho nn bn khng th trao mt quyn no cho mi ngi trong OU. 6.2.6. S dng cc kch bn ng nhp Kch bn ng nhp (logon script) l phng php c s dng nh cu hnh cho mi trng lm vic ca mt hoc nhiu ngi dng no v cp pht cc ti nguyn mng. a. Cc ngn ng lp kch bn C rt nhiu ngn ng lp kch bn bao gm c cc lnh shell ca DOS/NT, Windows Scripting Host (WSH), KiXtart, XLNT, Perl, VBScript, Jscripts. C th s dng bt k ngn ng no bn thch. Cc logon script ch b hn ch bi hai th: Cc script developer v cc my khch (client). Cc script developer phi bit cch s dng ngn ng c chn v cc my khch phi hiu ngn ng script c dng. b. Phn b logon script cho ngi dng mng Bn c th ch nh logon script trong thng tin bin dng (profile) ca ngi dng trong ADUC hoc phn b cc script bng cch dng Group Policy. Trong c hai cch, script v mi file cn thit khc phi c t trong share SYSVOL, nm trong th mc \Windows\SYSVOL\sysvol trn my DC. Cc my khch tin 186

Win2K tm kim mt share c tn l NETLOGON n vi logon script (nu c). Do cc my Win2K server v Win2K3 to ra share NETLOGON trong th mc \Windows\SYSVOL\sysvol\domain name\ scripts c tnh tng thch ngc. Phi trao cho nhng ngi dng mng quyn truy cp Read v thc thi Execute (nu cha c) trn script no h cn dng. 6.3. Quyn hn v quyn truy cp ca ngi dng Phn ln nhng cng vic ca qun tr vin l cung cp cho nhng ngi s dng mng kh nng truy cp vo mt s ti nguyn mng v ngn khng cho ngi dng y kh nng truy cp vo mt s ti nguyn mng khc. K t NT3.1, cc h iu hnh ca Microsoft cho php bn kim sot kh nng truy cp ca ngi dng bng hai cng c: cc Permission (quyn truy cp) v Right (quyn hn). 6.3.1. Quyn truy cp i tng, ACL v ACE Mi Permission l mt thit nh c tc dng kim sot mc truy cp vo mt i tng no trn mng. Cc permission khng ch c tc dng i vi cc file v cc th mc m n cn c kh nng kim sot nhng th khc na, nh sau: Cc kho Registry, dng quyt nh ai c php c hoc sa i mt kho hoc mt mc ga tr nht nh no . Ni dung ca cc min v cc OU, vn quyt nh ai c php a cc i tng no vo mt min hoc mt OU. Cc dch v h thng, bn c th kim sot ai c php khi ng hoc dng mt dch v nht nh no . Cc th mc v file. Thng thng tm ra cc permission ca mt i tng no bng cch nhp phi vo i tng y ri chn Properties. Trong khung thoi c tnh hin ra sau thng c mt trang tn l Security.

187

Hnh 6-3. Trang c tnh Security Trong trang ny, tp hp cc permission nm di khung Permission for ny c gi l danh sch kim sot truy nhp (access control list - ACL). Mi khon mc trong ACL ny (Administrator, SYSTEM, Tran Dinh Thi nh hnh minh ho) c gi l mt mc kim sot truy nhp (Access Control Entry - ACE). Khi nhn nt Advanced s xut hinmt khung thoikhc cho bn thm mt s chi tit v cc permission ny.

Hnh 6-4. Khung thoi Advanced Security Settings Trang Auditing cho php bn ra lnh cho h thng l c kim ton hay khng vic truy cp vo file ny v phi ghi chp chi tit n mc no. Trang Owner cho php tm ra ch s hu ca file ny v thay i ch s hu ca file . tm ra nhng chi titkh d thc cht v ACE tng ng vi Administrator, chn n ri nhn Edit, khi mt khung thoi s xut hin nh hnh di. 188

Hnh 6-5. Cc permission cp thp nht ng vi mt file y l cc permission cp thp nht ng vi i tng m bn chn. Nhng permission m bn thy trang c tnh Security chnh l s kt hp ca cc permission cp thp nht ny. 6.3.2. Quyn hn ca ngi dng Trong khi quyn truy cp trao nhng kh nng truy cp khc bit cho nhng i tng khc bit th cc quyn hn li trao cho bn kh nng thc hin nhng chuyn c th no . Cc quyn hn c khuynh hng p dng vo mt my c th no (v d nh quyn ng nhp vo my, quyn thay i gi gic). Ngoi ra mt s quyn hn thc cht l nhng quyn lc m ch c i vi my thi v c ngha ln t hoc ph quyt cc ALC. Cc nhm c xy dng sn trong Win2K3 c cp sn mt s quyn hn. Bn cng c th to ra nhng nhm mi ri cp pht nhng b quyn hn ngi dng theo ring cho cc nhm . quan st hoc sa i nhng s cp quyn ti ch cho mt ngi dng hoc mt nhm i vi my phi DC, bn s dng cng c Local Security Policy trong nhm cng c Administrator Tools, cn i vi my DC th s dng cng c Domain Controller Security Policy. Khi m folder Local Policy\User Rights Assignment, mt danh mc cc quyn hn m ngi dng hoc

189

nhm m cc quyn hn c cp php s hin th trong details pane nh hnh di.

Hnh 6-6. Nhng s cp pht quyn hn trn my ti ch thm hoc bt mt quyn hn ra khi ngi dng hoc nhm. nhp kp vo quyn hn c chn khi n c hin th trong details pane hoc nhn chut phi vo n v chn Properties.

Hnh 6-7. rt quyn hn bn va chn ra khi mt ngi dng hoc nhm, chn tn nhm ri nhn Remove. b sung mt nhm hoc mt ngi dng no vo danh sch , nhn Add User or Group b sung ngi dng hoc nhm. Chng khng c cha tn ngi dng hoc mt phn no ca tn ngi dng. 190

Chng phi s dng 3 trong s 4 loi k t sau y: Cc ch ci vit hoa (A-Z), cc ch ci vit thng (a-z), cc ch s (0-9), v cc k t t bit (@,%,&,#...). Store password using reversible encryption : Cho php DC lu tr cc mt khu theo mt k thut m ho o ngc c. Chnh sch Accout lockout Policy nu c a vo p dng th s ngn khng cho bt k ai ng nhp vo ti khon ca h sau mt s ln n lc ng nhp tht bi nht nh. Cc tu chn ca n nh sau: Account lockout duration: thit nh ny quyt nh qung thi gian m ti khon s b phong to (kho cht). Sau khi thi hn ny kt thc, ti khon ca ngi dng s khng b phong to na v ngi dng c th th ng nhp li. Nu p dng tu chn ny nhng trng trng ch thi gian (minutes) tht ti khon ny vn b kho cht cho n khi c qun tr vin m kho li cho n. Account lockout threshold: Gi tr ngng (threshold) quy nh ngi dng c th n lc ng nhp tht bi bao nhiu ln trc khi ti khon ca h b kho cht. Nu p dng thit nh ny th phi ch nh s ln ng nhp tht bi c php, nu khng ti khon s khng b kho. Reset account lockout counter after: Thit nh ny quy nh qung thi gian m sau b m s ln n lc ng nhp tht bi s bt u li t u.

191

Chng 7 Qun l cc th mc dng chung

7.1. TO CC TH MC DNG CHUNG. 7.1.1. Chia s th mc dng chung. Cc ti nguyn chia s l cc ti nguyn trn mng m cc ngi dng c th truy xut v s dng thng qua mng. Mun chia s mt th mc dng chung trn mng, bn phi logon vo h thng vi vai tr ngi qun tr (Administrators) hoc l thnh vin ca nhm Server Operators, tip theo trong Explorer bn nhp phi chut trn th mc v chn Properties, hp thoi Properties xut hin, chn Tab Sharing.

Hnh7-1. Bng 7-1 ngha cc mc trong tab sharing

192

Mc

M t

Do not share this Ch nh th mc ny ch c php truy cp folder cc b Share this folder Share name Comment User Limit Permission Offline Settings Ch nh th mc ny c php truy cp cc b v truy cp qua mng Tn th mc m ngi dng mng nhn thy v truy cp Cho php ngi dng m t thm thng tin v th mc dng chung ny Cho php khai bo s kt ni ti a truy xut vo th mc ti cng mt thi im Cho php thit lp quyn truy cp thng qua mng ca ngi dng Cho php th mc c lu tr tm ti liu khi lm vic di ch Offline

7.1.2. Cu hnh Share Permissions. Bn mun cp quyn cho cc ngi dng truy cp qua mng th dng Share Permissions. Share Permissions ch c hiu lc khi ngi dng truy cp qua mng ch khng c hiu lc khi ngi dng truy cp cc b. Khc vi NTFS Permissions l qun l ngi dng truy cp di cp truy xut a. Trong hp thoi Share Permissions, cha danh sch cc quyn sau: - Full Control: cho php ngi dng c ton quyn trn th mc chia s. - Change: cho php ngi dng thay i d liu trn tp tin v xa tp tin trong th mc chia s. - Read: cho php ngi dng xem v thi hnh cc tp tin trong th mc chia s. Bn mun cp quyn cho ngi dng th nhp chut vo nt Add.

193

Hnh7-2. Hp thoi chn ngi dng v nhm xut hin, bn nhp i chut vo cc ti khon ngi dng v nhm cn chn, sau chn OK.

Hnh7-3. Trong hp thoi xut hin, mun cp quyn cho ngi dng bn nh du vo mc Allow, ngc li kha quyn th nh du vo mc Deny.

194

Hnh7-4. 7.1.3. Chia s th mc dng lnh netshare. Chc nng: to, xa v hin th cc ti nguyn chia s. C php: net share sharename net share sharename=drive:path [/users:number | /unlimited] [/remark:"text"] net share sharename [/users:number | unlimited] [/remark:"text"] net share {sharename | drive:path} /delete ngha cc tham s: - [Khng tham s]: hin th thng tin v tt c cc ti nguyn chia s trn my tnh cc b - [Sharename]: tn trn mng ca ti nguyn chia s, nu dng lnh net share vi mt tham s sharename th h thng s hin th thng tin v ti nguyn dng chung ny. - [drive:path]: ch nh ng dn tuyt i ca th mc cn chia s. - [/users:number]: t s lng ngi dng ln nht c th truy cp vo ti nguyn dng chung ny. - [/unlimited]: khng gii hn s lng ngi dng c th truy cp vo ti nguyn dng chung ny. 195

- [/remark:"text"]: thm thng tin m t v ti nguyn ny. - /delete: xa thuc tnh chia s ca th mc hin ti. 7.2. QUN L CC TH MC DNG CHUNG. 7.2.1. Xem cc th mc dng chung. Mc Shared Folders trong cng c Computer Management cho php bn to v qun l cc th mc dng chung trn my tnh. Mun xem cc th mc dng chung trn my tnh bn chn mc Shares. Nu th mc dng chung no c phn cui ca tn chia s (share name) l du $ th tn th mc dng chung ny c n i v khng tm thy khi bn tm kim thng qua My Network Places hoc duyt cc ti nguyn mng.

Hnh 7-5. 7.2.2. Xem cc phin lm vic trn th mc dng chung. Mun xem tt c cc ngi dng ang truy cp n cc th mc dng chung trn my tnh bn chn mc Session. Mc Session cung cp cc thng tin sau: - Tn ti khon ngi dng ang kt ni vo ti nguyn chia s. - Tn my tnh c ngi dng kt ni t . - H iu hnh m my trm ang s dng kt ni. - S tp tin m ngi dng ang m. - Thi gian kt ni ca ngi dng. 196

- Thi gian ch x l ca kt ni. - Phi l truy cp ca ngi dng Guest khng?

Hnh7-6. 7.2.3. Xem cc tp tin ang m trong cc th mc dng chung. Mun xem cc tp ang m trong cc th mc dng chung bn nhp chut vo mc Open Files. Mc Open Files cung cp cc thng tin sau: - ng dn v tp tin hin ang c m. - Tn ti khon ngi dng ang truy cp tp tin . - H iu hnh m ngi dng s dng truy cp tp tin. - Trng thi tp tin c ang b kho hay khng. - Trng thi m s dng tp tin (Read hoc Write).

197

Hnh7-7. 7.3. QUYN TRUY CP NTFS. C hai loi h thng tp c dng cho partition v volume cc b l FAT (bao gm FAT16 v FAT32). FAT partition khng h tr bo mt ni b, cn NTFS partition th ngc li c h tr bo mt; c ngha l nu a cng ca bn nh dng l FAT th mi ngi u c th thao tc trn cc file cha trn a cng ny, cn ngc li l nh dng NTFS th ty theo ngi dng c quyn truy cp khng, nu ngi dng khng c quyn th khng th no truy cp c d liu trn a. H thng Windows Server 2003 dng cc ACL (Access Control List) qun l cc quyn truy cp ca i tng cc b v cc i tng trn Active Directory. Mt ACL c th cha nhiu ACE (Access Control Entry) i in cho mt ngi dng hay mt nhm ngi.

198

Hnh7-8. 7.3.1. Cc quyn truy cp ca NTFS. Bng 7-2 Quyn truy cp NTFS

199

7.3.2. Gn quyn truy cp NTFS trn th mc dng chung. Bn mun gn quyn NTFS, thng qua Windows Explorer bn nhp phi chut vo tp tin hay th mc cn cu hnh quyn truy cp ri chn Properties. Hp thoi Properties xut hin. Nu a ca bn nh dng l FAT th hp thoi ch c hai Tab l General v Sharing. Nhng nu a c nh dng l NTFS th trong hp thoi s c thm mt Tab l Security. Tab ny cho php ta c th quy nh quyn truy cp cho tng ngi dng hoc mt nhm ngi dng ln cc tp tin v th mc. Bn nhp chut vo Tab Security cp quyn cho cc ngi dng. 200

Hnh7-9. Mun cp quyn truy cp cho mt ngi dng, bn nhp chut vo nt Add, hp thoi chn la ngi dng v nhm xut hin, bn chn ngi dng v nhm cn cp quyn, nhp chut vo nt Add thm vo danh sch, sau nhp chut vo nt OK tr li hp thoi chnh.

Hnh7-10. Hp thoi chnh s xut hin cc ngi dng v nhm m bn mi thm vo, sau chn ngi dng v nhm cp quyn. Trong hp thoi hin sn danh sch quyn, bn mun cho 201

ngi dng c quyn g th bn nh du vo phn Allow, cn ngc li mun cm quyn th nh du vo mc Deny.

Hnh7-11. 7.3.3. K tha v thay th quyn ca i tng con. Trong hp thoi chnh trn, chng ta c th nhp chut vo nt Advanced cu hnh chi tit hn cho cc quyn truy cp ca ngi dng. Khi nhp chut vo nt Advanced, hp thoi Advanced Security Settings xut hin, trong hp thoi, nu bn nh du vo mc Allow inheritable permissions from parent to propagate to this object and child objects th th mc hin ti c tha hng danh sch quyn truy cp t th mc cha, bn mun xa nhng quyn tha hng t th mc cha bn phi b nh du ny. Nu danh sch quyn truy cp ca th mc cha thay i th danh sch quyn truy cp ca th mc hin ti cng thay i theo. Ngoi ra nu bn nh du vo mc Replace permission entries on all child objects with entries shown here that apply to child objects th danh sch quyn truy cp ca th mc hin ti s c p dng xung 202

cc tp tin v th mc con c ngha l cc tp tin v th mc con s c thay th quyn truy cp ging nh cc quyn ang hin th trong hp thoi.

Hnh7-12. Trong hp thoi ny, Windows Server 2003 cng cho php chng ta kim tra v cu hnh li chi tit cc quyn ca ngi dng v nhm, thc hin, bn chn nhm hay ngi dng cn thao tc, sau nhp chut vo nt Edit.

203

Hnh7-13. 7.3.4. Thay i quyn khi di chuyn th mc v tp tin. Khi chng ta sao chp (copy) mt tp tin hay th mc sang mt v tr mi th quyn truy cp trn tp tin hay th mc ny s thay i theo quyn trn th mc cha cha chng, nhng ngc li nu chng ta di chuyn (move) mt tp tin hay th mc sang bt k v tr no th cc quyn trn chng vn c gi nguyn. 7.3.5. Gim st ngi dng truy cp th mc. Bn mun gim st v ghi nhn li cc ngi dng thao tc trn th mc hin ti, trong hp thoi Advanced Security Settings, chn Tab Auditing, nhp chut vo nt Add chn ngi dng cn gim st, sau bn mun gim st vic truy xut thnh cng th nh du vo mc Successful, ngc li gim st vic truy xut khng thnh cng th nh du vo mc Failed.

204

Hnh7-14. 7.3.6. Thay i ngi s hu th mc. Bn mun xem ti khon ngi v nhm ngi dng s ha th mc hin ti, trong hp thoi Advanced Security Settings, chn Tab Owner. ng thi bn cng c th thay i ngi v nhm ngi s hu th mc ny bng cch nhp chut vo nt Other Users or Groups.

205

Hnh7-15.

Chng 8 Cu hnh v chia s my in

8.1. CI T MY IN. Trc khi bn c th truy xut vo thit b my in vt l thng qua h iu hnh Windows Server 2003 th bn phi to ra mt my in logic. Nu my in ca bn c tnh nng Plug and Play th my in s c nhn din ra ngay khi n c gn vo my tnh dng h iu hnh Windows Server 2003. Tin ch Found New Hardware Wizard s t ng bt ln. Tin ch ny s hng dn cho bn tng bc ci t my in. Nu h iu hnh nhn din khng chnh xc th bn dng a CD c hng sn xut cung cp km theo my ci t. Ngoi ra, bn cng c th t mnh thc hin to ra mt my in logic bng cch s dng tin ch Add Printer Wizard. c th to ra mt my in logic trong Windows Server 2003 th trc ht bn phi ng nhp vo h thng vi vai tr l mt thnh vin ca nhm Administrators hay nhm Power Users (trong trng hp y l mt Server thnh vin) hay nhm Server Operators (trong trng hp y l mt domain controller). Bn c th to ra mt my in logic cc b tng ng vi mt my in vt l c gn trc tip vo my tnh cc b ca mnh hoc tng ng vi mt my in mng (my in mng c gn vo mt my tnh khc trong mng hay mt thit b Print Server). Mun thao tc bng tay to ra mt my in cc b hay mt my in mng, chng ta ln lt thc hin cc thao tc sau y: Nhp chut chn Start, ri chn Printers And Faxes. Nhp chut vo biu tng Add Printer, tin ch Add Printer Wizard s c khi ng. Nhp chut vo nt Next tip tc. Hp thoi Local Or Network Printer xut hin. Bn nhp vo ty chn Local Printer Attached To This Computer trong trng hp bn c mt my in vt l gn trc tip vo my tnh 206

ca mnh. Nu trng hp ta ang to ra mt my in logic ng vi mt my in mng th ta nhp vo ty chn A Printer Attached To Another Computer. Nu my in c gn trc tip vo my tnh, bn c th chn thm tnh nng Automatically Detect And Install My Plug And Play Printer. Ty chn ny cho php h thng t ng qut my tnh ca bn pht hin ra cc my in Plug and Play, v t ng ci t cc my in cho bn. Khi hon tt vic chn la, nhp chut vo nt Next sang bc k tip. Nu my in vt l c t ng nhn din bng tin ch Found New Hardware Wizard. Tin ch ny s hng dn bn tip tc ci t driver my in qua tng bc. Hp thoi Print Test Page xut hin. Nu thit b my in c gn trc tip vo my tnh ca bn, bn nn in th mt trang kim tra xc nhn rng mi th u c cu hnh chnh xc. Ngc li, nu my in l my in mng th bn nn b qua bc ny. Nhp chut vo nt Next sang bc k tip. Hp thoi Completing The Add Printer Wizard hin ra. Hp thoi ny em n cho chng ta mt c hi xc nhn rng tt c cc thuc tnh my in c xc lp chnh xc. Nu bn pht hin c thng tin no khng chnh xc, hy nhp chut vo nt Back quay li sa cha thng tin cho ng. Cn nu nhn thy mi th u n c th bn nhp chut vo nt Finish. Mt biu tng my in mi s hin ra trong ca s Printer And Faxes. Theo mc nh, my in s c chia s. 8.2. QUN L THUC TNH MY IN. 8.2.1. Cu hnh Layout. Trong hp thoi Printing Preferences, chn Tab Layout. Sau trong mc Orientation, bn chn cch thc in trang theo chiu ngang hay chiu dc. Trong mc Page Order, bn chn in t trang u n trang cui ca ti liu hoc in theo th t ngc li. Trong mc Pages Per Sheet, bn chn s trang ti liu s c in trn mt trang giy.

207

Hnh 8-1. 8.2.2. Giy v cht lng in. Cng trong hp thoi Printing Preferences, qui nh giy v cht lng in, chng ta chn Tab Paper/Quality. Cc ty chn trong Tab Paper/Quality ph thuc vo c tnh ca my in. V d, my in ch c th cung cp mt ty chn l Paper Source. Cn i vi my in HP OfficeJet Pro Cxi, chng ta c cc ty chn l: Paper Source, Media, Quality Settings v Color.

Hnh 8-2.

208

8.2.3. Cc thng s m rng. Nhp chut vo nt Advanced gc di bn phi ca hp thoi Printing Preferences. Hp thoi Advanced Options xut hin cho php bn iu chnh cc thng s m rng. Chng ta c th c cc ty chn ca my in nh: Paper/Output, Graphic, Document Options, v Printer Features. Cc thng s m rng c trong hp thoi Advanced Options ph thuc vo driver my in m bn ang s dng.

Hnh 8-3. 8.3. CU HNH CHIA S MY IN. Nhp phi chut ln my in, chn Properties. Hp thoi Properties xut hin, bn chn Tab Sharing. chia s my in ny cho nhiu ngi dng, bn nhp chut chn Share this printer. Trong mc Share name, bn nhp vo tn chia s ca my in, tn ny s c nhn thy trn mng. Bn cng c th nhp chn mc List In The Directory cho php ngi dng c th tm kim my in thng qua Active Directory theo mt vi thuc tnh c trng no .

209

Hnh 8-4. Ngoi ra, trong Tab Sharing, ta c th cu hnh driver h tr cho cc my trm s dng my in trong trng hp my trm khng phi l Windows Server 2003. y l mt tnh nng cn thit v n cho php ch nh cc driver h tr in cc my trm c th ti v mt cch t ng. Mc nh, driver duy nht c np vo l driver ca hng Intel cho cc my trm l Windows 2000, Windows Server 2003, v Windows XP. cung cp thm cc driver cho my trm khc, bn nhp chut vo nt Additional Drivers nm pha di Tab Sharing. Hp thoi Additional Drivers xut hin. Windows Server 2003 h tr cc driver thm vo cho cc Client l mt trong nhng h iu hnh sau: - Itanium Windows XP hay Windows Server 2003. - x86 Windows 2000, Windows XP, hay Windows Server 2003 (mc nh). - x86 Windows 95, Windows 98, hay Windows Millennium Edition. - x86 Windows NT 4.

210

Hnh 8-5. 8.4. CU HNH THNG S PORT. 8.4.1. Cu hnh cc thng s trong Tab Port. Trong hp thoi Properties, bn chn Tab Port cu hnh tt c cc port c nh ngha cho my in s dng. Mt port c nh ngha nh mt interface s cho php my tnh giao tip vi thit b my in. Windows Server 2003 h tr cc port vt l (local port) v cc port TCP/IP chun (port logic). Port vt l ch c s dng khi ta gn trc tip my in vo my tnh. Trong trng hp Windows Server 2003 ang c trin khai trong mt nhm lm vic nh, hu nh bn phi gn my in vo port LPT1. Port TCP/IP chun c s dng khi my in c th kt ni trc tip vo mng (trn my in c h tr port RJ45) v my in ny c mt a ch IP nhn dng. u im ca my in mng l tc in nhanh hn my in cc b v my in c th t bt k ni no trong h thng mng. Khi bn cn ch nh mt port TCP/IP v khai bo a ch IP ca my in mng. Cng vi vic xo v cu hnh li mt port tn ti, bn cng c th thit lp printer pooling v iu hng cc cng vic in n n mt my in khc.

211

Hnh 8-6. 8.4.2. Printer Pooling. Printer pool c s dng nhm phi hp nhiu my in vt l vi mt my in logic, c minh ha nh hnh bn di. Li ch ca vic s dng printer pool l my in rnh u tin s thc hin thao tc in n cho bn. Tnh nng ny rt hu dng trong trng hp ta c mt nhm cc my in vt l c chia s cho mt nhm ngi dng, v d nh l nhm cc th k.

Hnh 8-7.

212

 cu hnh mt printer pool, bn nhp chut vo ty chn Enable Printer Pooling nm pha di Tab Port trong hp thoi Properties. Sau , kim tra li tt c cc port m ta d nh gn cc my in vt l trong printer pool vo. Nu ta khng chn ty chn Enable Printer Pooling th ta ch c mt port duy nht cho mi my in. Ch tt c cc my in vt l trong mt printer pool phi s dng cng mt driver my in.

Hnh 8-8. 8.4.3. iu hng tc v in n mt my in khc. Nu mt my in vt l ca bn b h, bn c th chuyn tt c cc tc v in n ca my in b h sang mt my in khc. lm c iu ny, trc ht bn phi m bo my in mi phi c driver ging vi my in c. Sau , trong Tab Port, bn nhp chut vo nt Add Port, chn Local port ri chn tip New Port. Hp thoi Port Name xut hin, g vo tn UNC ca my in mi theo nh dng: \\computername\printer_sharename.

213

Hnh 8-9. 8.5. CU HNH TAB ADVANCED. 8.5.1. Cc thng s ca Tab Advanced. Trong hp thoi Properties, bn nhp chut vo Tab Advanced iu khin cc c tnh ca my in. Bn c th cu hnh cc thuc tnh sau: - Kh nng ca my in - u tin ca my in - Driver m my in s s dng - Cc thuc tnh ng tc (spooling) ca my in - Cch thc in ti liu theo biu mu - Ch in mc nh - S dng b x l in n no - Cc trang c lp

214

Hnh 8-10. 8.5.2. Kh nng sn sng phc v ca my in. Thng thng, chng ta cn kim tra kh nng sn sng phc v ca my in trong trng hp chng ta c nhiu my in cng s dng mt thit b in. Mc nh th ty chn Always Available lun c bt ln. Do , ngi dng c th s dng my in 24 ting mt ngy. gii hn kh nng phc v ca my in, bn chn Available From v ch nh khong thi gian m my in s phc v. Ngoi khong thi gian ny, my in s khng phc v cho bt k ngi dng no. 8.5.3. u tin (Printer Priority). Khi bn t u tin, bn s nh ra bao nhiu cng vic s c gi trc tip vo thit b in. V d, bn c th s dng ty chn ny khi 2 nhm ngi dng cng chia s mt my in v bn cn iu khin u tin i vi cc thao tc in n trn thit b in ny. Trong Tab Advanced ca hp thoi Properties, bn s t u tin bng cc gi tr t 1 n 99, vi 1 l c u tin thp nht v 99 l c u tin cao nht.V d: gi s c mt 215

my in c phng k ton s dng. Nhng ngi qun l trong phng k ton lun lun mun ti liu ca h s c u tin in ra trc cc nhn vin khc. cu hnh cho vic sp xp th t ny, ta to ra mt my in tn l MANAGERS gn vo port LPT1 vi u tin l 99. Sau , cng trn port LPT1, ta to thm mt my in na tn l WORKERS vi u tin l 1. Sau , ta s s dng Tab Security trong hp thoi Properties gii hn quyn s dng my in MANAGERS cho nhng ngi qun l. i vi cc nhn vin cn li trong phng k ton, ta cho php h s dng my in WORKERS (chng ta s tm hiu r hn v Security trong phn sau). Khi cc tc v in xut pht t my in MANAGERS, n s i vo hng i ca ca my in vt l vi u tin cao hn l cc tc v xut pht t my in WORKERS. Do , ti liu ca nhng ngi qun l s c u tin in trc. 8.5.4. Print Driver. Mc Driver trong Tab Advanced cho php bn ch nh driver s dng cho my in. Nu bn cu hnh nhiu my in trn mt my tnh th bn c th chn bt k driver no trong cc driver ci t. Thao tc thc hin nh sau: Nhp chut vo nt New Driver khi ng Add Printer Driver Wizard. Add Printer Driver Wizard cho php bn thc hin cp nht cng nh thm driver mi. 8.5.5. Spooling. Khi bn cu hnh ty chn spooling, bn cn ch nh r cc tc v in n s c y ra ng ng my in hay c gi trc tip n thit b my in. Spooling c ngha l cc thao tc in n s c lu tr xung a thnh mt hng i trc khi cc thao tc in ny c gi n my in. C th xem spooling ging nh l b iu phi in n nu nh ti mt thi im c nhiu ngi dng cng lc gi yu cu n my in. Theo ch mc nh, ty chn spooling s c bt ln sn. 8.5.6. Print Options. 216

Pha di Tab Advance c cha bn ty chn in n. l cc ty chn: - Hold Mismatched Documents: ty chn ny hu dng trong trng hp bn s dng ch nhiu biu mu trong mt my in. Mc nh th ty chn ny s khng c bt ln. Cc tc v s c in theo ch first-in-first-out (FIFO). Nu bn bt ty chn ny ln, h thng s chn u tin in trc nhng tc v c chung mt biu mu. - Print Spooled Documents First: ty chn ny qui nh rng cc tc v in n c iu hng xong trc cc loi tc v ln khc. iu ny c ngha l cc tc v in n s c u tin ln hn cc loi tc v khc trong qu trnh iu hng. Mc nh th ty chn ny lun c bt ln gip gia tng hiu qu lm vic ca my in. - Keep Printed Documents: ty chn ny qui nh rng cc tc v in n phi c xa khi hng i iu hng in n khi cc tc v ny han tt qu trnh in. Thng thng, bn mun xa cc tc v in n ngay khi n bt u in bi v nu chng ta tip tc lu tr cc tc v ny trong hng i iu hng v i cho n khi chng c in xong mi xa th s phi tn dung lng a cho vic lu tr. Mc nh th ty chn ny s khng c bt ln. - Enable Advanced Printing Features: ty chn ny qui nh rng bt k cc tnh nng m rng no m my in ca bn c h tr v d nh Page Order v Pages Per Sheet nn c bt ln. Mc nh th ty chn ny lun c bt ln. Ch trong trng hp xy ra cc vn v tng thch th bn c th tt ty chn ny. V d nh bn ang s dng driver cho mt thit b my in tng t nhng n khng h tr tt c cc tnh nng ca my in. Trong trng hp , bn nn tt ty chn ny i. 8.5.7. Printing Defaults. Nt Printing Defaults nm gc tri pha di ca Tab Advance. Nu bn nhp chut vo nt Printing Defaults, hp thoi The Printing Preferences s xut hin. y cng chnh 217

l hp thoi s xut hin khi bn nhp chut vo nt Printing Preferences trong Tab General. 8.5.8. Print Processor. B x l in n c s dng qui nh Windows Server 2003 c cn phi thc hin cc x l b sung trong cng vic in n hay khng. B x l in n WinPrint mc nh c ci t v c Windows Server 2003 s dng. B x l in n WinPrint c th h tr mt vi kiu d liu. Theo mc nh th hu ht cc ng dng trn nn Window s dng chun EMF (enhanced metafile) gi cc tc v n my in. Chun EMF dng kiu d liu RAW. Kiu d liu ny s bo vi b x l in n l tc v ny khng cn phi sa i u tin khi in. iu ny l do nh sn xut phn mm qui nh.

Hnh 8-11. Bng 8-1 Cc kiu d liu c b x l in n trong Windows Server 2003 h tr:

218

8.5.9. Separator Pages. Separator pages c s dng ti thi im bt u ca mi ti liu nhm mc ch nh dng r ngi dng no thc hin vic in ti liu ny. Nu nh my in khng c chia s th ch Separator pages v hnh chung s gy ra lng ph giy in. Nu trong trng hp my in c chia s cho nhiu ngi dng th ch Separator pages s hu dng trong vic phn phi cc tc v in n hon tt. thm mt Separator page, bn thc hin nh sau: nhp chut vo nt Separator page nm gc phi pha di Tab Advance. Hp thoi Separator page hin ra, bn nhp chut vo nt Browse chn tp tin Separator page no bn mun s dng.

219

Hnh 8-12. 8.6. CU HNH TAB SECURITY. 8.6.1. Gii thiu Tab Security. Chng ta c th kim sot quyn truy cp vo my in Windows Server 2003 ca ngi dng cng nh cc nhm ngi dng bng cch cu hnh quyn in n. Chng ta c th cho php hoc khng cho php ngi dng truy xut my in. Chng ta cp quyn in n cho ngi dng v nhm ngi dngthng qua Tab Security trong hp thoi Properties ca my in.

220

Hnh 8-13. Bng 8-2 Bng phn quyn in n cho ngi dng

Theo mc nh, bt k khi no mt my in c to ra, cc quyn in n mc nh s c thit lp.

221

Bng 8-3 Bng cc quyn in n mc nh

8.6.2. Cp quyn in cho ngi dng/nhm ngi dng. Thng thng, bn c th chp nhn quyn in n mc nh c thit lp sn. Tuy nhin, trong mt s trng hp c bit, bn cn phi hiu chnh li cc quyn in cho thch hp. V d: Cng ty ca bn va trang b cho phng Marketing mt my in laser mu t tin, bn khng mun ai cng c php s dng my in ny. Trong trng hp ny, trc tin bn phi b ty chn Allow checkbox for the Everyone group. Sau , thm nhm Marketing vo trong danh sch ca Tab Security. Cui cng bn cp cho nhm Marketing quyn Print. Mun thm cc quyn in n, bn thc hin cc bc sau: 1. Tab Security trong hp thoi Properties ca my in, nhp chut vo nt Add. 2. Hp thoi Select Users, Computers, Or Groups xut hin, bn nhp vo tn ca ngi dng hoc nhm ngi dng m bn nh cp quyn in n ri nhp chut vo nt Add. Sau , bn chn tt c cc ngi dng m bn mun cp quyn v nhp chut vo nt OK

222

Hnh 8-14. 3. Chn ngi dng hoc nhm ngi dng t danh sch cc phn quyn, sau chn Allow cp quyn hoc chn Deny khng cp quyn in n, cc quyn qun l my in hay cc quyn qun l ti liu in. loi b mt nhm c sn trong danh sch phn quyn, ta s chn nhm v nhp chut vo nt Remove. Nhm va chn s khng cn c lit k trong Tab Security na v khng th c cp bt k quyn hn in n no. 8.7. CU HNH TAB DEVICES. Trong hp thoi Properties, chn m Tab Devices. Cc thuc tnh hin th trong Tab Devices ph thuc vo c tnh ca my in v driver my in m bn ci t.

223

Hnh 8-15. 8.8. QUN L PRINT SERVER. 8.8.1. Hp thoi qun l Print Server. Print Server l mt mt my tnh trn c nh ngha sn cc my in. Khi ngi dng gi mt yu cu in n n mt my in mng, th trc tin, yu cu phi c gi n Print Server. Ni cch khc Print Server s c nhim v qun l tt c cc my in logic c to ra trn my tnh. Vi t cch l mt Print Server, my tnh ny phi mnh h tr cho vic n nhn cc tc v in n v n cng phi khng gian a trng cha cc tc v in trong hng i. Bn c th qun l Print Server bng cch cu hnh cc thuc tnh trong hp thoi Print Server Properties. Chng ta m hp thoi Print Server Properties bng cch: m hp thoi Printers And Faxes, chn File ri chn tip Server Properties. Hp thoi Print Server Properties bao gm cc Tab: Forms, Ports, Drivers v Advanced.

Hnh 8-16. 8.8.2. Cu hnh cc thuc tnh ca biu mu in. Nu my in ca bn c nhiu khay giy v mi khay, bn t vo cc loi giy khc nhau, bn c th cu hnh cc 224

thuc tnh trong Tab Form to ra v qun l nhiu biu mu cho my in. Mt biu mu ch yu c cu hnh da vo kch c. Mun to ra mt biu mu mi, ta thc hin theo bn bc sau: (1) Trong Tab Forms, bn nhp chut vo ty chn Create A New Form. (2) Trong mc Form Name, bn nhp vo tn ca biu mu. (3) Trong mc Form Description, bn la chn kch thc cho biu mu (4) Nhp chut vo nt Save Form hon tt vic to biu mu

Hnh 8-17. Chng ta va to ra mt biu mu. Tip theo, chng ta cn kt hp biu mu vi khay giy ca my in. lm c iu ny, chng ta phi s dng Tab Devices trong hp thoi Properties ca my in.

225

Hnh 8-18. Pha di phn Form To Tray Assignment, trc tin bn chn khay giy, ri chn biu mu kt hp vi khay giy . 8.8.3. Cu hnh cc thuc tnh Port ca Print Server. Trong hp thoi Printer Server Properties, bn m Tab Port. Tab ny cng tng t nh Tab Port trong hp thoi Properties ca my in. S khc nhau gia hai Tab Port l: Tab Port trong hp thoi Print Server Properties c s dng qun l tt c cc port trn Print Server. Cn Tab port trong hp thoi Properties ca my in qun l cc port ca thit b my in vt l.

226

Hnh 8-19. 8.8.4. Cu hnh Tab Driver. Trong hp thoi Printer Server Properties, bn m tab Driver. Tab Driver cho php bn qun l cc driver my in c ci t trn Print Server. i vi mi driver my in, Tab ny s hin th tn, mi trng v h iu hnh m driver h tr. S dng cc ty chn trong Tab Driver, bn c th thm vo hay loi b hay cp nht driver my in. nhn thy cc thuc tnh ca mt driver my in, ta chn driver cn hin th v nhp chut vo nt Properties. Cc thuc tnh ca mt driver my in gm c: Tn driver. Phin bn. B x l. Ngn ng. Loi d liu mc nh. ng dn ca driver.

227

Hnh 8-20. 8.9. GIM ST TRNG THI HNG I MY IN. Chng ta c th dng tin ch System Monitor qun l hng i my in. System Monitor c dng theo di cc counter lin quan n thao tc thc hin cho nhiu i tng my tnh. Mun qun l hng i my in bng System Monitor, ta thc hin theo cc bc sau: 1. Chn Start > Administrative Tools > Performance. 2. Hp thoi Performance s xut hin. Mc nh th tin ch System Monitor s c chn nh hnh sau:

228

Hnh 8-21. 3. Nhp chut vo nt Add (c biu tng du +) truy xut vo hp thoi Add Counters. Sau , nhp chn Print Queue Performance Object.

Hnh 8-22. 4. Trong hp thoi Add Counters, bn c th ch nh ra my tnh m bn mun gim st (c my tnh cc b v my tnh xa). Performance Object m bn cn theo di (trong trng hp ny l hng i - Print Queue), cc counter m bn mun theo di, v bn cng ch ra l bn c mun theo di tt c cc th hin hay l bn ch mun theo di mt s th hin ca counter c bn la chn. Nu bn chn tt c cc th hin c la chn s cho php tt c d liu ca tt c cc hng i in n c nh ngha trong my in. Cn nu bn chn ch theo di mt s th hin ca counter th bn ch theo di c d liu t mt s hng i in n c nhn.

229