Nguyn Quc Dng

Email: bighare_701@yahoo.com

Gio Trnh: MOC & Training Kit

MOC: Trnh by ngn gn Kit: Trnh by c th LAB (Thc hnh) Network Basic Management 70-680: Cc dch v mng Windows 7 (h tr) 70-290: Cc dch v mng Windows Server 2003
(Qun l h thng mng va v nh) Yu cu xy dng h thng mng (Phn Application): Tng vt l (trin khai dy cp kt ni cc my tnh trong h thng mng, t a ch IP cho mi my tnh) Workgroup (M hnh ngang hng): H thng nh Domain (M hnh tp trung-d liu tp trung ti my server (File Server)): H thng ln -- Nng cp Workgroup ln Domain -- Cch ci t v cu hnh my lm File Server: Lu tr d liu file (Shared Folder) + Phn quyn: Share Permission & NTFS Permission + Backup & Restore d liu + H tr (iu Khin) qun l t xa (Terminal Service-Remote Desktop) + Group Policy Object (GPO): qui nh trong h thng + Ci t phn mm t my Server

70-291: Network Infrastructure (C s h tng mng)

(Quan trng nht) -- DNS Server (Quan trng nht hin nay): Phn gii tn ra a ch IP gip truy cp bng tn. -- DHCP Server: Cung cp a ch IP t ng cho PC -- Share Internet/Proxy-NAT: Chia s my tnh trong h thng mng. -- Remote Access Services (Virtual Private Network (VPN) - H thng mng ring o): Truy cp t xa. Cn mt PC ng lm VPN server cho VPN clients bn ngoi.

70-236: Microsoft Exchange Server 2007 (Mail Server cho h thng ln) 70-351: Microsoft ISA Server 2006 (Firewall cho h thng)
Software firewall Hardware firewall

70-648: Upgrade Windows Server 2008 Chuyn : (kin thc thc t)

-- Cu hnh ADSL Router -- Cu hnh h thng mail offline (s dng cho IP Public) -- Trin khai h thng wireless -- Public key Infrastructure (PKI): M ha d liu -- Right Management service (RMS): qun l quyn trn ti nguyn

Nguyn Quc Dng

Email: bighare_701@yahoo.com

Thi: 1. Thi ti NN - Gia kha (LAB 680, 209, 291) - Cui kha (LAB tng hp -648; tr li trc tip 3 cu vn p) 2. Thi Quc T xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Network Basic Management

H thng mng my tnh l tp hp nhiu my tnh c kt ni vt l (cable) vi nhau tun th theo m hnh chung v thit k chung. 1. OSI model (thay th cho m hnh mng trn gi) OSI (Open System Interconnection): m hnh mng 7 lp, mi lp m nhn mt vai tr v chc nng ring 7. Application: lp giao din ngi dng Application 6. Presentation: chun ha d liu theo tiu chun chung Presentation 5. Section: ng gi d liu Section m gi d liu 4. Transport TCP(bo m) UTP (ko bo m) Data Transport TCP Data 3. Network TCP/IP Data - gn IP Network TCP/IP Data 2. Datalink MAC TCP/IP Data - gn MAC addressn Datalink MAC TCP/IP Data Layer 1. Physical 1011001... Physical 1011001... A --------------------------------------------------------------------------------------------------------------> B ng gi d liu layer 7-->1 Mac: bit c MAC no gi MAC no TCP/IP: a ch IP no gi IP no M hnh mng 3 lp: Application: Layer 5-7 Web, mail, FTP... TCP/IP Layer 3-4 Router... Devices: Layer 1-2 Switch, Hub, NIC, Cable... 2. Network topology BUS (cp ng trc, u ni ch T): khng cn s dng na + Khng c h mch + S dng cho h thng nh + Tc ng truyn chm do d liu phi qua nhng PC pha trc (1 chiu). RING + Truyn d liu 1 chiu (ging Bus) + Khng c h mch + S dng cho h thng nh STAR: cn thit b kt ni, s dng cp UTP hoc STP 3. Network divices Thit b kt ni: Hub, Switch (da vo MAC gi gi tin chnh xc, ti mt thi im tt c PC u c th lin lc vi nhau) Card mng (PCI): trn mi card mng c duy nht mt MAC address Dy cp mng: cp xon i (8 dy xon vi nhau thnh 4 cp kh nhiu), chiu di 100m UTP: cat 5 (5a, 5e) (kh nhiu bng cch xon), cat 6 (bc thm cho mi cp xon)

Nguyn Quc Dng

Email: bighare_701@yahoo.com

STP: cht lng cao hn u ni RJ45 Chun A (T568A) Chun B (T568B) 4. Cable a. Cp thng: kt ni 2 thit b khc loi b. Cp cho: kt ni 2 thit b cng loi 5. TCP/IP Trong mt h thng mng cc thit b lin lc vi nhau th phi s dng chung 1 protocol (TCP: c s dng nhiu nht) IP Address: 32 bits (4 bytes), c biu din bng s nh phn hoc thp phn xxxx . xxxx . xxxx . xxxx 1byte (8bits) NetID (c mng) - HostID (c c th) 128 64 32 - 16 8 4 2 1 (i t nh phn sang thp phn) 11110000(2) = 128+64+32+16 = 240(10) 10-->2 S dng php tr 192-128=64-64=0----->192(10)=11000000(2) 1 1 Cc lp a ch IP: Subnet Mask Default Class A: 1-126 255.0.0.0 Class B: 128-191 255.255.0.0 Class C: 192-223 255.255.255.0 Class D: 224-239 Multicast (Conferencing-Hi ngh) Class E: 240-255 D phng (B 127.x.x.x lm a ch loopback/localhost-dng test/s dng trong mi trng lab) Hai a ch IP c cng NetID th lin lc c vi nhau Hai a ch IP khc NetID th ch lin lc c qua router + Public IP: a ch thu (ISP) dng lm web hoc mail. + Private IP: cho php s dng min ph, cho h thng mng ni b. Class A: 10.x.x.x Class B: 172.16.x.x-172.31.x.x Class C: 192.168.x.x 2-->10 Subnet Mask: (S dng tm NetID) lun lun ko di cc bit 1 i u ri ti cc bit 0 i tip Bit 1 ca Subnet Mask ko di ti u th NetID ko di ti . SM: 11111111.1111111.11111111.00000000 NetID: 24 bit HostID: 8 bit Tnh NetID: IP Address & Subnet Mask AND (&): 0&0=0 0&1=0 1&0=0 1&1=1 VD: IP: 11000000.10101000.01010111.00010100 SM: 11111111.11111111.11110000.00000000 ----------------------------------------------------------NetID 11000000.10101000.01010000.00000000 Tnh HostID: 2^x-2 (x: s bit lm Host) Tm IP: nslookup

Nguyn Quc Dng

Email: bighare_701@yahoo.com

set type=ns set type=mx mail cho nhau.

# Phn gii MX record trong mail. Cn vo DNS> Forwarder cho 2 my gi

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

70-680 & 70-290

Hai m hnh qun l mng ch yu: Workgroup (peer to peer: qun l khng tp trung: dnh cho h thng nh) cc my tnh hot ng ngang hng, i tng v ti nguyn trn my no th my qun l. Domain (m hnh qun l tp trung: dnh cho h thng ln) tt c i tng v ti nguyn c lu tr trn mt server.

I. Workgroup
1. Local User Account s dng h iu hnh th m i user phi c 1 account v: + Mi ngi s dng trong h thng phi c mt cp quyn hn khc nhau. + Mi ngi s dng phi c mi trng lm vic khc nhau d s dng chung mt my tnh. Administrator: ti khon c quyn cao nht trn my tnh. Built-in Account: ti khon c to mc nh trn my tnh (khng th xa). Mi account khi c to s c cp 1 SID. Khng c SID no trng nhau trn 1 my tnh. 2. Local Group (ch c quyn trn 1 my) C chc nng cha thnh vin user acccount. Quyn ca group cng l quyn ca user. Administrators: Ton quyn s dng h thng. Users: Quyn s dng h thng Automatic Logon: Control userpasswordS2 3. Network Access: truy cp t my ny n my khc. S dng ng dn UNC: \\IP_address (\\Computer_name) Authenticate User: Chng thc user a. Classic (XP tr v trc) + Current User (User hin hnh ang logon) + User Guest + Hi username/password b. Guest Only ch cho truy cp qua ti khon Guest 4. Policy: chnh sch ca h iu hnh (>win2000) Cng c qun l h thng: mmc Add: Group Policy Object Editor hoc gpedit.msc + Chuyn Guest sang classic: chnh policy (Windows Settings\Security Settings\Local Policies\Security Options\Network Access: Sharing and security) + Cp nht thay i Policy: cmd gpupdate /force + Cho php password trng: \Accounts: Limitblank password Disable Chnh sa mt s local policy thng dng: + di ti thiu ca password + phc tp ca password + Hn ch s ln nhp ca password + Khng hin th user name ln trc logon thnh cng + B Ctrl+Alt+Del trc khi khi ng

Nguyn Quc Dng

Email: bighare_701@yahoo.com

+ Cho php Shutdown trc khi logon + Bt/Tt Firewall + Thit lp cc biu tng trong Control Panel + Cm s dng chng trnh + n Folder Option + n a Windown 7: Control Panel: Ch cn mc Fonts Cm Control Panel Cm Notepad n Recycle t Pass cho user 8 k t phc tp Gii hn logon 3 ln Cho php user truy cp dng pass trng Khng hin th user name khi logon 5. Share Permission My lu d liu tp trung (File Server) s dng phin bn server (v win server h tr maximum kt ni ti mt thi im, cc my khc ti a 10 PC/ln). Chn file server v phn quyn. + Qun l n gin: -- T ng cp nhn d liu gia server v clients (Synchionize) -+ D bo mt: phn quyn trn cc shared folder (Share Permission) -- Access Control Lists (ACLs) -- Map Network Drive (right click) or net use T: \\ipaddress\folder_name$ -- Share n (folder_name$) + An ton cho d liu (d backup) iu kin: User phi c password v my phi lin lc c vi server. Kim tra folder share trn server: net view ipaddress (Clients) Computer\Manage\Shared Folders\Shares (Server) 6. Offline File S dng ti nguyn trn server khi offline: Sharing\Caching\ -> All (Server) Avaiable Offile -> Sync (Clients) -> Control Panel\Sync Center 7. NTFS permission H iu hnh windows 2000 tr v sau (h tr NTFS) Phi c Physical disk nh dng NTFS Mt user c th c nhiu quyn (multi permission) trn nhiu ti nguyn Mt user va c quyn shared va c quyn NTFS th ly theo quyn nh nht. c im khi di chuyn ti nguyn: Move: Cng partition th quyn gi nguyn, khc partition th quyn ph thuc vo ni n Copy: Quyn ph thuc vo ni n, khng ph thuc partition a. Standard permission: b quyn n gin (6 quyn/1Folder; 5 quyn/1File) Quyn nh nht (read): Read; List Folder Contents v Read & Execute Quyn write Quyn modify (read, write and delete) Quyn cao nht (full control): c php phn quyn cho users khc Cm users: cm ngm nh (khng c trong list) v cm tng minh (cp quyn deny). Cm tng minh cp cho user nm trong group ang c quyn allow. b. Special permission: b quyn phc tp Security/Advanced/Edit

Nguyn Quc Dng

Email: bighare_701@yahoo.com

Create Owner: c quyn full control vi file/folder mnh to ra (c, vit, xa v phn quyn). c. Take Ownership: ly li quyn s hu ti nguyn (Security Setting/Local policy/User Rights Assigment) H thng Right Ti nguyn Permission Kim tra quyn trn th mc: Advanced/Effective Permissions d. Share&NTFS permission Gi nguyn NTFS khi truy cp qua mng th Shared full control. n tp: Folder cha: quyn read Folder con: t chia quyn

II. Domain Network

1. Domain Controller: my server (DC) c chc nng lu tr cc i tng trong h thng domain v qun l h thng domain. iu kin ci t domain controller: + Phi s dng h iu hnh windows server (NT server, 2000 server, 2003 server, 2008 server). + a phi nh dng NTFS. + C cu hnh TCP/IP y : IP address, Subnet Mask, Preferred DNS. + Quyn Local Admin Chnh policy c th nh hng n 1 hoc nhiu user. Phi s dng domain name (tn min): 1 my lm DNS server (quan trng nht, kt hp vi Global Server chng thc cho user logon, DNS li th DC li). Nng cp domain controller: + Chnh gi tr Preferred DNS v chnh mnh (ging IP address). + Nng cp bng lnh dcpromo (ci t dch v Active Directory: lu tr, qun l v chng thc cho cc i tng trong h thng domain). Mt domain u tin to ra cng chnh l tree v forest. Tn domain c th c bt k (do domain ni b). Tn domain: 1. Host name (DNS name: 255 k t) (ex: name.local) 2. NetBios name (16 k t) Qun l thng tin: Administrator Tools/Active Directory Users and Coputers (dsa.msc) + Password ti thiu 7 k t v phc tp + Cc my cn li gi l WorkStation Active Directory Users & Computer Domain root (domain name) + Container (khng th to thm) + Organiztional Unit (OU) (c biu tng hnh quyn sch) 2. Join to domain + Chnh Preferred DNS v DNS server (DC) + Kim tra ng truyn (Ping PC) + Join domain (Single Sign On - SSO) vi tn domain y xxx@xxx.xxx Group Domain Admins c ton quyn trong h thng domain (PC clients). Khc vi Group Local Admins (ch c quyn trn 1 my). Khi join bng ti khon Domain Admins th s t ng thm vo Local Admins. Qun l t xa, dng cng c mmc/add Computer Management 3. Domain user account: User do domain to ra. Trong domain root, to thm thm OU. Tt trong OU -> new/user

Nguyn Quc Dng

Email: bighare_701@yahoo.com

User logon name: + username@domain_name vd: u1@domx.local + Domain_name\username vd: domx\u1 Chnh sa user: + Thi gian logon + Logon vo my c th + Chng thc user + Thi gian ht hn 4. Domain group Group type: + Security Group: - Phn quyn cho group c - Phn phi email (users c th nhn c mail t group) + Distribution Group: - Khng phn quyn cho group c - Phn phi email Group scope: ch khc khi h thng l multi domain + Cha thnh vin l nhng i tng no, cng domain hay khc domain + Phm vi quyn trn cc ti nguyn, cng domain hay khc domain - Domain local group: + Cha user, computer account, global/universal group ca bt k domain + Cha domain local group khc trong cng domain ( Native mode) + Phm vi quyn trn ti nguyn cng domain - Global group: + Cha user, computer account trong cng domain. + Cha c global group khc (Native mode) + Phm qui quyn trn ti nguyn ca bt k domain - Universal group: + Cha user, computer account + Cha global, universal group khc domain (cng forest) + Phm vi quyn trn ti nguyn ca bt k domain s dng Universal th phi tha Domain Functional Level. Vo Domain root/Raise Domain Functional Level - Cc domain controller trong 1 domain phi s dng h iu hnh Windows server Windows 2000 mixed-h tr pre-win2k Windows 2000 Native-h tr win2k tr ln Windows Server 2003-h tr win2k3 tr ln Windows Server 2003 Interim (ch c khi nng cp t windows NT)-h tr WinNT&2k3, khng h tr win2k - c php s dng nhng tnh nng mi? 5. Domain Security Policy: nh hng trn ton domain 6. Domain controller Security Policy: Ch nh hng trn nhng my lm DC User thng khng c php logon trn my DC User right Assignment/allow logon locally To user bng lnh: dsadd user "CN=name,OU=HCM,DC=DOMx,DC=Local" -pwd password 7. Home Directory (Home Folder): Folder lu tr d liu ring cho tng user nm ti file server. + Mi user trong h thng trn file server s c to t ng cho mt folder. + T ng phn quyn cho tng user. + T ng map network drive mi khi user logon. Cc bc to Home Directory

Nguyn Quc Dng

Email: bighare_701@yahoo.com

+ To Shared Folder trn File Server v cp quyn cho Everyone ti thiu l change + Kim tra tn file server + Vo dsa.msc -> Properties\Profiles (Home Folder): \\pcxx\Home\%username% (%username% l mt bin, cu hnh cho 1 user mu t nhn ln khi to thm user) 8. Local Profile Profile ca user trn local PC. Lu cc b trn tng my 9. Roaming Profile Proflie lu tr tp trung trn File Server. Cu hnh Roaming Profile: + To Shared Folder trn File Server v cho Everone ti thiu quyn change + Kim tra tn File Server + Vo dsa.msc -> Properties\Profiles path: \\pcxx\Profiles\%username% Sau khi Take Owner Ship th ngoi tr quyn ca user cn tr thm Current Owner cho user. Check Replace Permission Entries... 10. Mandatory Profile: Profile khng cho php thay i profile. Cu hnh mandatory Profile: NTUSER.DAT -> NTUSER.MAN 11. Organizational Unit (OU): chia nh h thng domain thnh nhiu phn v mt lun l (logical). Mi OU c th i din cho mt vn phng hoc chi nhnh trong cng ty. + thun tin cho vic phn quyn qun l + Thun tin cho vic trin khai v qun l GPO + Dng n cc i tng (Objects) trong AD a. Delegate Control: phn quyn qun l cho user trong h thng AD + Phn quyn bng Wizard (s dng giao din) + Phn quyn bng tay (Manual) AD: View/Advance Features b. Group Policy Object (GPO) + Local Policy: nh hng trn 1 my + Site Policy: nh hng ln tng site (mi site l mt v tr trong h thng mng; vd: site HCM v site HN ) + Domain Policy: nh hng ln tng domain + OU Policy: nh hng ln tng OU i tng b nh hng GPO: Computer account & User account Thi im v th t apply Policy: + Startup (Computer account) -> Logon (User account) + Local Policy -> Site Policy -> Domain Policy -> OU Policy -> OU Policy (con) (Computer Conf. -> User Conf.) iu kin nh hng GPO: + Nm trong phm vi nh hng: + Phi c quyn Read & Apply Group Policy trn GPO + Phi tha iu kim WMI Filter Logon & Logoff Script

xxxxxxxxxxxxxxxx I. My tht 1. Chnh Preferred DNS Lan v chnh mnh 2. Nng cp Domain Controller, t tn domain: domxx.local (xx: s my) 3. Chnh password Policy n gin 4. Cho user quyn Allow logon locally

Nguyn Quc Dng

Email: bighare_701@yahoo.com

5. To cc Objects trong AD: OU Group User HCM Ketoan KT1/123 KT2/123 HN Nhansu NS1/123 NS2/123 II. My o 1. Khi ng my o 2. Cu hnh TCP/IP cho my o IP. 192.168.4.100+s my SM: 255.255.255.0 GW: 192.168.4.s my 3. Join my o vo domain ca my tht domxx.local III. My tht 1. To cy th mc v phn quyn C:\Data (User:read) -Chung (Ketoan&Nhansu: Full) -Ketoan (Ketoan:Full;Nhansu:No) -Nhansu (Nhansu:Full;Ketoan:No) 2. Share cy th mc sao cho cc quyn vn gi nguyn khi user truy cp qua mng 3. Cu hnh sao cho th mc Chung ti nguyn do ai to ra th ngi mi c quyn xa. 4. Kim tra: s dng my o truy cp qua my tht kim tra. IV. My tht 1. Cu hnh Home Directory cho tt c user (th mc cha Home Folder l C:\Home) 2. Cu hnh Roaming Profile cho user Nhansu (C:\Profiles) 3. Trn my o: Logon tng user kim tra V. Yu cu khai thc cc GPO: 1. Cm Control Panel i vi user trong OU HCM 2. n Internet Explore------------------------------ HN 3. Cu hnh Folder Redirection lu My Document ca cc user Ketoan vo th mc C:\MyDocs ca my tht 4. To OU Clients v move Computer Account ca my o vo OU Client. 5. Trn OU client trin khai GPO deploy chng trnh Adobe reader 9.0 cho computer account (192.168.4.201) Ch : Khi lm xong nh kim tra. VI. Cu hnh Auditing 1. Ghi nhn s kin Logon tht bi ca tt c user 2. Ghi nhn s kin truy cp thnh cng v tht bi vo th mc C:\Data 3. Kim tra kt qu

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Terminal Service Qun l t xa v chia s ng dng

1. Remote Control Mun qun l my t xa th c th dng MMC (Domain Controller). Nhng c nhc im l ch qun l nhng phn thuc Microsoft Cooperation. Remote Desktop: thy v s dng c cc ng dng c ci t trn my. 2. Share Application - Adminnistration Mode

Nguyn Quc Dng

Email: bighare_701@yahoo.com

+ Free + Max: 2 connection + S dng Terminal Client: Remote Desktop Connection & Remote Desktop Console Ch Remote Desktop + Session mode (giao din o): Khng th cu hnh cho mt s phn mm trn server. Dng cho clients cng lc s dng phn mm trn server. + Console mode: Ly giao din tht ca my server. Dng cho admin. - Application Mode + License + Max: Unlimit S dng Remote Desktop connection bng ch Console: Run: mstsc /console - Turn on Remote Desktop - Add user vo group Remote Desktop. RDP (Remote Desktop Protocol): Port 3389 HTTP: Port 80 (Cu hnh chc nng Terminal Service Web Access) Chn Add Remove Program/Application Server Chn details--> http://192.168.xx.xx/tsweb 3. Remote Assistance (tr gip t xa) C sn trn Windows, khng cn cu hnh li. To li mi (thng bo admin gip ), to Folder (Advance Sharing) Vo Windows Remote Assistance :D Mt s chng trnh thng dng: Team Viewer, VNC... (Freeware). Nu c bn quyn th nn dng Terminal Service.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Disaster Recovery Cu & Sa Li D Liu

1. Backup & Restore Data S dng lnh: ntbackup Quyn backup v restore: Quyn Read (Backup) v Modify (Restore). Mun user c quyn Backup & Restore th a user v Group Backup Operator. ti u ha Backup th phi kt hp cc loi Backup vi nhau. + Ln u tin Backup: Normal sau khi backup xa thuc tnh A + Ngy tip theo: - Diffirential ch backup file c s thay i (da vo thuc tnh A). Mun Backup th s dng file backup u tin v file cui cng. V Diffiential khng xa thuc tnh A ca file nn ln tip theo s backup li file c. Cha ti u nhng n gin v Restore. S dng backup hng thng. - Incremental ch backup file c s thay i (d vo thuc tnh A), sau xa thuc tnh A. D liu mt th restore tt c cc file. Ti u ha v dung lng lu tr nhng Restore phc tp. S dng backup hng tun. Thit lp Backup t ng thng qua Schedule. 2. Backup & Restore System State Data S dng lnh: ntbackup --> System State i vi my DC: Password lc khi to l password dng Restore System State. Phi khi ng ch Directory Service Restore Mode. My khng phi DC: Restore bnh thng. 3. Shadow Copy (nh dng a NTFS) Cho php user ly li phin bn trc ca mt d liu. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Nguyn Quc Dng

Email: bighare_701@yahoo.com

MONITORING
Thit b nh hng n hot ng my tnh: + Ram + CPU + cng vt l + NIC (Network Interface Card-Server) 1. Performance (Administrative Tools) kim tra hot ng ca thit b trn my. 2. Hardware Profile: danh sch miu t thit b phn cng trn my tnh (devmgmt.msc). Tit kim in: ci t driver. 2. Driver Signing: nhng driver tng thch vi h iu hnh Windows. bit c thit b no tng thch th vo Microsoft -> Hardware Compatible List (HCL). 3. Compress: thuc tnh nn ca Windows. 4. Disk Quota: hn ngch s dng a, dng hn ch dung lng s dng ca user. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Disk Management
I. Basic Disk: 1. Primary Partition: Boot c, ko chia nh c 2. Extended Partition: Ko boot c, chia nh c Mt Physical Disk ch to c 4 Partition: TH1: 4 Primary TH2: 3 Primary v 1 Extended cng vt l b li m vn chy bnh thng th cn 2 Physical Disk (Fault Tolerancing). H thng a trn server phi h tr cn bng ti (Load Balancing) II. Dynamic Disk h tr c Load Balancing v Fault Tolerancing (W2k tr v sau) Mi a lun l c to ra gi l Volume a-s lng physical disk b-dung lng gp chung c-tng dung lng c c 1. Simple Volume: trung gian thay th cc partition ca c ch basic. a-1 2. Span Volume: c th nm trn 2 cng Logical tr ln. Dung lng khng nht thit phi bng nhau trn cc . Cha h tr c Fault and Load Balancing. Ch h tr v mt dung lng v c php m rng bng cch gn thm cng. cng h th mt d liu. a>=2 b-c th khng bng nhau c-tng dung lng cc thnh phn 3. Strip Volume (RAID-0): H tr cn bng ti nhng cha h tr Fault Tolerancing. Dung lng trn cc a phi bng nhau. Tng tc c ghi. a>=2 b-bng nhau c-tng dung lng cc thnh phn 4. RAID-5 Volume: H tr c 2. iu kin l phi c 3 cng. Ch s dng c (n-1) a. a cui cng lu bit d phng. S dng thut ton Parity. An ton v d liu. a>=3 b-bng nhu c=DLx(HDD-1) 5. Mirror Volume (RAID-1): Ch s dng 2 cng vt l. H tr 1 chc nng Fault Tolerancing. Hai

Nguyn Quc Dng

Email: bighare_701@yahoo.com

lun c ni dung ging nhau. An ton v d liu. C th s dng cho h iu hnh. a=2 b-bng nhau c=1 disk * To HDD Virtual: File\Virtual Disk Wizad S dng cng c Disk Management + Basic Disk: c 2 loi partition: Primary (4) v Extended (1). M t extended bao gm nhiu Logical Drive bn trong. Logical Drive khng gii hn (C-Z). Mount t a cng vo Folder trng c t trn Partition (NTFS) to thm dung lng cho cng b y. + Dynamic Disk (>W2k): Convert Basic->Dynamic CI T WINDOWS I. Gii Thiu Operating System: Windows + XP | + Vista | Clients + Win7 | + 2k + 2k3 + 2l8 Phng thc ci t: - CD Setup Windows - Source I386 - Ghost - LAN 2k3: Remote intallation service II. Unattend Mode * Cn: File tr li TH1: CD Setup Windows - To file tr li: WINNT.SIF (H thng t tm) - Lu tr v a mm TH2: Source I386 - To file tr li: xxx.txt - Lu tr: xxx Winnt.exe Dng cho mi trng Dos (16 bit) Winnt.exe /u:<ng dn n file tr li> Winnt32.exe Dng cho mi trng Win (32 bit) Winnt32.exe /u:<ng dn n file tr li> TH3: CD Setup Windows - To file tr li: WINNT.SIF - Lu tr: CD Setup Windows\I386 To file ISO t a ci Windows. B file WINNT.SIF vo file ISO. Sau chp ra a mi. (UltraISO) * To file tr li (Setupmgr.exe) Lu : - a cng mi hon ton: [Unattended] Repartition=Yes (coi chng mt ht d liu) - a cng c d liu: khng cn khai bo cu lnh trn. Ghost t my ny qua my khc th ging: IP, Computername, SID

Nguyn Quc Dng

Email: bighare_701@yahoo.com

Xa SID xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

PRINT SERVICES
I. Gii thiu * Khi nim: Print: in Print Device: My in vt l Printer: My in lun l (biu tng trong my tnh) Print Server: Qun l my in vt l * M hnh: Port: LPT, USB, COM, RJ45 1. Network Printer: My in gn vo 1 my tnh (LPT, USB, COM), cc my tnh cn li s in thng qua my Print Server. My in gi l Print Device. Nhc im l ph thuc vo my kt ni. S dng cho h thng nh. u im chi ph r. 2. Local Printer: My in gn vo Switch (RJ45-NIC). u im l in mi lc, khng ph thuc vo my trung gian. Nhc im mc tin. * Cng c qun l my in: Printer and Fax II. Trin khai * Phn loi: - Local Printer - Network Printer 1. Local Printer + LPT, COM, USB + RJ45 2. Network Printer: Kt ni vo my in ca my trong mng 3. Phn quyn in n Print: quyn in n Manage Printer: qun l cu hnh my in Manage Document: hy b lnh in ca ngi khc 4. Available - Always - Available From 5. Priority: u tin in n 1=<x<=99: Chnh cu hnh trn my user 6. Printer Pooling: cn bng ti cho vic in n Ly cc my in gn vo 1 my tnh (Printer server). iu kin: cc my in phi cng nh sn xut v cng loi. 7. Additional Driver: t ng ci t driver cho my Clients 8. Spool Folder: V tr cha ng Print Queue. Nhp vo khong trng trong Printer and Fax vo Server Properties\Advanced tit kim cng th nn i ng dn Spool Folder vo a khc.

Thi Quc T - Ti Nht Ngh - Chi ph: 20$ mn u tin, 25$ mn tip theo - Ty h - Mn: 70-680: Windows 7 70-290: Windows 2003 70-291: Network Infrastructure 70-351: ISA

Nguyn Quc Dng

Email: bighare_701@yahoo.com

- Cu hi: 50-60 cu + Cu hi trc nghim + SIM: gi lp thi

n Thi
Loi file: *.pdf, *.vce B : http://thiquocte.com http://examcollection.com
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

70-291: Network Infrastructure

1. ICP/IP IP address: 32 bit (4 byte) 128 64 32 16 8 4 2 1 (Dng i thp phn -> nh phn) Class A: 1-126 255.0.0.0 (Subnet mask default) 10.x.x.x (Private Ip Address) B: 128-191 255.255.0.0 172.16.x.x-172.31.x.x C: 192-223 255.255.255.0 192.168.x.x D: 224-239 (a ch Multicast: Gi t 1->nhiu) E: 240-255 (a ch d phng: cha s dng n) IP address Subnet mask --> Xc nh NetID (da vo bit 1 i u). Bit 1 ca Subnet mask ko di ti u th NetID ko di ti . IP Address & Subnet mask ------------------------0x0=0 0x1=0 1x0=0 1x1=1 Vd: 203.162.10.1/24 --> NetID: 203.162.10.0 Public IP Address: thu (mng internet). Private IP Address: s dng min ph (mng ni b). 192.168.1.0/24 (NetID: t cho thit b) --192.168.1.255 (Broadcast: 1->tt c. Unicast: 1->1 ) Tng s lng Host: 2^8-2=254 PC Source Address Destination Address Data Source Port Destination Address {------------------------------------------------------------------} TCP/IP Destination Address: l mt a ch c th (Unicast) Destination Address: l a ch class D (Multicast) Destination Address: l a ch x.x.x.255 (Broadcast) Web Http:80; Https:443 Ftp Ftp:20&21 Mail SMTP:25;POP3:110 TSserver RDP:3389 Source Port: Pht sinh ngu nhin v lun ln hn 1024 1--1024 (Well know Port: Port c ng k) IANA.ORG xem port

Nguyn Quc Dng

Email: bighare_701@yahoo.com

2. IP Subneting: Chia 1 Net ra nhiu Net con (mt host do tr subnet u (trng vi NetID ban u lc cha chia) v cui (trng vi Broadcast ca Subnet ban u)). Mc ch: Gim Broadcast v qun l cc gi tin trong mt h thng. Tiu chun RFC 950: Khi chia Subnet phi tr 2 sub net u v ui. Tiu chun RFC 1878: Khng cn tr subnet. Khi c thit b h tr. Quy tt: Mn bit t HostID lm NetID. V d: Mn 2 bit 203.162.4.x/26 255.255.255.192 (Mask) + C bao nhiu Subnet: 2^n-2 (n: slg bit mn t Host) 2^2-2=2 Subnet + Mi Subnet c bao nhiu hosts: 2^m -2 (m: slog bit cn li lm HostID) 2^6-2=62 Hosts + Subnet u tin: 256-Mask=256-192=64 --> 203.162.4.64/26 + Subnet th hai: 203.164.4.128/26 (64+64: bc nhy) + Lit k NetID v BroadCast ca tng Subnet Subnet S1 S2 Net ID 203.162.4.64/26 203.162.4.128/128 Broadcast 203.162.4.127 203.162.4.191

203.162.4.70--> 203.162.4. 01000110 255.255.255.255 255.255.255. 11000000 ----> NetID: 203.162.4.01000000 (64) V d: Mn 3 bit 203.162.4.x/27 255.255.255.224 (Mask) + C bao nhiu Subnet: 2^3-2=6 subnet + Mi subnet c: 2^5-2=30 host + Subnet u tin: 256-224=32 + Lit k NetID v Broadcast ca tng Subnet Subnet S1 S2 S3 S4 S5 S6 Net ID 4.32/27 4.64/27 4.96/27 4.128/27 4.160/27 4.192/27 Broadcast 4.63 4.95 4.127 4.159 4.191 4.223

VLSM (Variable Length Subnet mask): Khi cc Net c s lng Host khng ng u. 192.168.4.x/27 H Ni (30 my) 192.168.4.x/26 Si Gn (50 my) 3. Super Net: Mn bit t Net lm host. 4. Routing (Chn Broadcast v lc gi tin) Hardware Router: Thit b Router chuyn dng (Cisco, Juniper, Intel) Software Router: sn phm phn mm c chc nng lm Router cho h thng mng LAN (Routing & Remote Access Service RRAS). My cu hnh Router phi b trng Gateway. + Routing Interface: cc u ni trn thit b Router. Phn cng (Serial & Ethernet). Windows (Interface) - Lan interface: c chc nng nh tuyn cho cc Net v Subnet trong m ng Lan Demand dial Interface: nh tuyt cc Net v Subnet trong h thng Remote Access + Routing Protocol: cc giao thc c chc nng t ng cp nht thong tin t Router ny n Router khc.

Nguyn Quc Dng

Email: bighare_701@yahoo.com

RIP (Windows): M hnh va v nh (Lan) tnh theo Subnet (<50 Router) OSPF (Windows): H thng ln v rt ln + Routing table: ni lu tr thong tin ca cc Net v Subnet trn cc thit b Router. Network Route: ch ti 1 network, subnet Host Route: ch ti 1 Host c th (/32: 255.255.255.255) Default Route (SM: 0.0.0.0 Dest: 0.0.0.0): lin lc c trn internet. C 2 cch: to static hoc add Default GW. Route M hnh n gin: Nhiu Net kt ni vo mt Router. n gin, khng cn cu hnh v s dng Directly Connected. Destination Network ch n 1.0 2.0 /24 /24 Net mask Interface Quo ch no 1.1 2.1 Gateway Hi ti u 1.1 2.1 Metric (<) u tin con ng

M hnh phc tp: Nhiu Net kt ni vi nhiu Router 1.0/24----------------------------R1 (1.1 & 2.1) 2.0/24-------------------------R2 (2.2 & 3.1) 3.0/24---------------------------R3 (3.2 & 4.1) 40./24-------------------------R1 Destination Network ch n 1.0 2.0 3.0 4.0 R2 Destination Network ch n 1.0 2.0 3.0 4.0 R3 Destination Network ch n 1.0 2.0 /24 /24 /24 /24 /24 /24 Net mask /24 /24 /24 /24 Net mask Net mask Interface Quo ch no 1.1 2.1 2.1 2.1 Interface Quo ch no 2.2 2.2 3.1 3.1 Interface Quo ch no 3.2 3.2 Gateway Hi ti u 1.1 2.1 2.2 2.2 Gateway Hi ti u 2.1 2.2 3.1 3.2 Gateway Hi ti u 3.1 3.1 Metric (<) u tin con ng Metric (<) u tin con ng Metric (<) u tin con ng

Nguyn Quc Dng

Email: bighare_701@yahoo.com

3.0 4.0

/24 /24

3.2 4.1

3.2 4.1

Thiu mt ng Route s nh hng c h thng. + Directly Connected: t ng nhn bit. Nn ch cn cu hnh ch n (mu en) a. Static Route: Route tnh, do cu hnh bng tay. Thng tin khng t ng thay i. b. Dynamic Route: Route ng, t ng hc c t Router (Routing table) khc. Thng tin t ng thay i. iu kin l cc Router phi s dng cng Protocol. c. IP Packet Filter: Cho php hoc cm 1 gi tin truy cp. Vo General vo carl Lan\Properties\Inbound Fiters (Lc gi tin i vo) Trc khi cu hnh phi: Disable v Stop Window Firewall/.... Trong Services.msc Route print: kim tra cu hnh Router bng command line Tracert IP: Kim tra ng i 5. Dynamic Host Configuration: Cung cp Dynamic IP Address. c tch hp sn trong Windows Server. Protocol (DHCP) DHCP Server: my c ci DHCP. (Add and Remove Program\Networking\Services DHCP Client: T ng cp nht IP. Lin lc thng qua Broadcast tm DHCP Server. + DHCP Discover (Client->Server) + DHCP Offer (Server->Client) + DHCP Request (Client->Server) Yu cu cp IP + DHCP ACK (Server->Client) ng cp IP DHCP Scope: t dy IP cp cho Clients. Phi tr 1 khong IP t IP Static (1-49). DHCP Option: cung cp cc thng s lin quan n a ch IP (Default GW, DNS, Domain name) + Reservation Option: nh hng ln tng Reservation + Scope Option: nh hng ln tng Scope v tt c cc Reservation nm trong Scope (nu cc reservation khng c cu hnh Option). + Server Option: nh hng ln tt c Scope v Reservation (nu Scope v Reservation khng c cu hnh Option) DHCP Reservation: gn c nh mt a ch cho 1 my Client. Authorize DHCP Server DHCP Relay Agent: Cp IP cho PC khc Net. Phi cu hnh DHCP RA trn my Router. Khi Router s lien lc vi DHCP Server thng qua gi tin Unicast. Vo Routing and Remote Access\IP Routing\General\New Routing Protocol Ipconfig /release tr li IP cho server Ipconfig /renew to li IP (hoc sau 50% thi gian cho thu, s t renew IP-DHCP Request, nu tht bi th n 87% thi gian s renew ln 2, n 100% renew ln cui169.254.x.x) Mt DHCP mun hot ng trong Domain Server th phi ng k (Authorize) vo Active Directory. 6. Windows Internet Name Services (WINS): Phn gii Net Bios Name ra a ch IP. Khng cn quan trng na. WINS Server: Khai bo IP WINS Server trong phn chnh IP. Add/Remove Windows Components Net Working Windows Internet Name Services. WINS Client: My khai bo a ch IP WINS Server trong phn chnh IP. WINS Record: chng thng tin ca Net Bios Name. Static Mapping: t IP bng tay cho cc thit b khng c Net Bios Name nh: My In WINS Repilcation Partner: ng b 2 WINS server vi nhau. a. Net Bios name: chiu di ti a l 16 k t v lun lun l 16 k t (15 k t u: i din cho tn my tnh; k t 16 i din cho tn dch v m my tnh m nhim). Khng c dng khong trng, khng c dng ;. Nhc im l hn ch s lng Name cho my tnh trong mng ln.

Nguyn Quc Dng

Email: bighare_701@yahoo.com

Xem tn:

nbtstat n nbtstat A Ip Address (My trong cng m ng)

C ch phn gii Bios Name + Dng Broadcast: s dng cng Net. + LMHOSTS Lookup: phn gii Net Bios cho my khc Net. Nhc im phi cu hnh bng tay cho tng my. + WINS: Ch cn cu hnh thng tin trn WINS server. Clients s gi Unicast thng qua WINS Server. (Hiu qu nht) - Trong h thng c s dng phin bn h iu hnh c (WinNT-98) - Trong h thng c s dng cc Application chy trn nn NetBios Name. - Trong h thng khng c trin khai DNS (Host name). b. Host name: (Win2k>) cn gi l Internet Name. Chiu di ti a l 255 k t. B hn ch bi s lng tn t. C ch phn gii Host Name + S dng file Hosts: tng t c ch LMHOSTS ca Net Bios Name. Khng xi c trong h thng WINS. + DNS (Domain Name System): phn gii Host name. Vo Add and Remove Program \Networking System Forward lookup Zone: phn gii tn ra IP. t theo tn domain. Reverse Lookup Zone: phn gii IP ra tn. t theo NetID. DNS Records: - Host (A): phn gii Host Name ra IP (To Trong Forward Lookup Zone) - Pointer (PTR): phn gii t IP ra Host Name (To trong Reverse Lookup Zone) - Alias (CNAME): phn gii t Host Name ra Host Name - Name Server (NS): i din cho tt c DNS Server trong h thng - Start Of Authority (SOA): i din cho DNS Server chnh trong h thng - Mail Exchange (MX): i din cho tn v a ch IP ca mail Server trong h thng. - DNS Round Robin: h tr Load Balancing cho dch v mng. To ra 1 Host ch ti nhiu IP. Cache only DNS Server: Phn gii tn trn Internet. Mun phn gii tn ni b th phi cu hnh Forward Lookup Zone, Reverse Lookup Zone Xa b nh cached: ipconfig /flushdns Cp nht Pointer Record: ipconfig /registerdns cn bng ti v hn ch li cho Server th cu hnh nhiu my Server chy cng dch v. Dng DNS Load Balancing cho Web. C ch n gin v hiu qu nht. Bi Tp: 1. Cu hnh my tht lm Router 2. Cu hnh Routing sao cho my o cc nhm lin lc c vi nhau 3. Cu hnh my tht lm DHCP Server. Cung cp y thong s TCP/IP cho my o gm: IP, SM, GW, DNS, WINS Server 4. Cu hnh cho my o s dng Dynamic IP Address 5. Cu hnh my tht lm WINS Server 6. Cc nhm cu hnh WINS Replication Partner sao cho my o ping thy nhau bng tn. Ci t v cu hnh DNS Server hon chnh: 1. 2. 3. 4. 5. Chnh Prefer DNS v chnh mnh Chnh DNS Suffix (Trong Computer Name) Ci DNS Sevice To Forward Lookup Zone To Reverse Lookup Zone

Nguyn Quc Dng

Email: bighare_701@yahoo.com

6. To DNS Record cn thit (ipconfig /registerdns) 7. Tt Firewall Domain Name System (DNS) Dynamic Update: H tr my Clients cp nht ng cc DNS Record trn Server None: Khng h tr cp nht ng None Secure and Secure: Cho php cc tt c cc my Clients cp nht ng. Secure only: Cho php cc my Join DC thnh cng mi c th cp nht ng (Actived Directory). Intergrated Zone: Mt DNS Zone c lu tr trong AD (khi DNS Server cng l Domain Controller). DNS Zone Transfer: Enable Zone Transfer v chn Secondary khi ci t DNS Server trn my th 2. Backup DNS Server (Secondary DNS Server): H tr cn bng ti cho Master DNS Server. S dng Transfer Zone t Master DNS v Secondary DNS Server. Ci Mail Server (Mdeamon) 1. Ci MDeamon 6 2. Turn on DEC trong My Computer\Advance\Setting 3. Vo DNS add Forwarder ca my nhn vo.

Tn ni b khc tn trn internet nh th no? Internal v external Server khc nhau nh th no? C ch truy vn ni b khc internet nh th no? 7. Network Address Translation (NAT) Mun mt my tnh truy cp c Internet: cu hnh Share Internet + Proxy: Cu hnh 1 my lm Proxy Server. Client nh Proxy Server truy cp. u im nh c b nh Cache, ln truy cp tip theo s nhanh hn. Nhng ch h tr Web v FTP (khng th truy cp cc dch v khc c). Mt s sn phm Firewall phn cng cng c tch hp Proxy. + NAT: Cu hnh 1 my lm NAT Server. u im l h tr tt c dch v. Client t truy cp bng cch mn IP Address ca NAT. Khuyt im l khng c b nh Cache. Ngoi chng trnh phn mm, tt c cc thit b phn cng u c tch hp NAT. NAT Outbound (NAT ra): dng share Internet. S dng Routing and Remote Access. Public Interface: Interface ni ra ngoi Private Interface: Interface ni vo trong NAT Inbound (NAT vo): Mun bn ngoi truy cp c Web Server: + Thu cho web server 1 public IP. + NAT inbound: NAT/Basic Firewall Services and Ports xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Nguyn Quc Dng

Email: bighare_701@yahoo.com

Virtual Private Network (VPN) Lease line: kt ni hai h thng mng s dng cp quang. Khng c i tng th 3 s dng. u im: tt n nh, bo mt cao. Nhc im: gi thnh cao. Frame Relay: S dng cp quang, v share cho nhiu i tng s dng. Nhc im: khng bo mt v tt khng cao nh Lease line. u im: gi thnh r. Xi tr theo dung lng. ISDN: s dng line in thoi. Nhc im: tt thp. Remote Access: Truy cp t xa + Dial up: (ISDN) + VPN: h thng mng ring o (ti u nht). + Wireless: C ch kt ni: s dng ng hm (ng truyn lun l) kt ni 2 h thng qua vi nhau qua Router. Gi tin ni b s dng lm Data trong gi tin IP Public. + PPTP (Point-to-Point Tunneling Protocol: 1723 ): S dng phng php m ha l MPPE. Nhc im l gi tin ch c m ha sau khi cc thong tin quan trng c kt ni. Cp bo mt cha cao. + L2TP (Layer Two Tunneling Protocol: 1701 ) s dng protocol IPSec (500 & 4500). Cu hnh Share key trong Network Interface v PCx (Local). + SSTP (Win2k8) kt ni c khi client s dng Firewall/Proxy truy cp Internet 1. VPN Client-to-Gateway: h tr Clients (Remote Client hoc VPN Client) xa truy cp h thng ni b. Cu hnh VNP Server trong Routing and Remote Access. nh ngha Static IP Pool trong Router v allow Remote Access cho user (Dial-in) trong Computer Magement. My mun truy cp vo VPN Server th phi thit lp New Conection Wizard. 2. VPN Gateway-to-Gateway (Site-to-Site): kt ni hai hay nhiu h thng mng khc v tr a l. Cu hnh thm Demand dial Conections trong Routing and Remote Access. H NI User Account: Saigon/123 Demand Dial Interface Name: Saigon User: Hanoi/123 IP: 4.M2 Static Route Dest: 172.16.1.0/24 SM: Interface: Saigon GW:

SI GN User Account: Hanoi/123 Demand Dial Interface Name: Hanoi User: Saigon/123 IP: 4.M3 Static Route Dest: 172.16.2.0/24 SM: Interface: Hanoi GW:

Nguyn Quc Dng

Email: bighare_701@yahoo.com

WINDOWS SERVER UPDATE SERVICE

I. Hacking Demo Net user teo 123 /add Net localgroup administrators teo /adll Add user vo group Admin Net user Administrator /active:No Disable Administrator Net user teo /delelete Xa User Cd \ Tro ve o C Echo <ni dung> > index.htm To file II. Windows Server Update Services Cc cch update t Windows 1. Manual: Start>Windows Update # Tn thi gian v bng thong 2. Automatic: Mycomputer>Properties>Update 3. WSUS: a. Client: Khng ci g b. Server: ASP.NET Microsoft Framework 2.0 + SP1 hoc cao hn MMC 3.0 Report Viewer WSUS 3.0 SP1 Cu hnh: + Client: Start>Run>gpedit.msc Computer configuration/Admin Templet/Windows component/Windows Upadate Configure Auto Update Specify intranet (Mng lan c kt ni internet) Microsoft # My Clients truy cp vo WSUS update ch khng qua internet. Rechedule Auto Update # Cp nht sau khi download bn v li No-Auto Restart # Khng cho php restart sau khi update + Server: ci Report Viewer trc sau mi ci WSUS Update Source and Proxy Server Product and Classifications Synchronization Schedule T ng ly bn v li Automatic Approvals a cc PC c cng chng nng thnh Group v cho update tng Group.

Nguyn Quc Dng

Email: bighare_701@yahoo.com

TRIN KHAI MNG WIRELESS

Wire Switch NIC Cable Wireless WAP Wireless Card Wave

I. Gii thiu:

II. Thng s Wireless -- Chun 802.11 thuc IEEE Tc 54Mbps 11Mbps 54Mbps haft duplex 108Mbps full duplex 248-300Mbps haft duplex 500-600 Mbps full duplex Tn s hot ng 5Ghz 2.4Ghz 2.4Ghz 2.4Ghz/5Ghz Phm vi ph song 15-30m 45-90m 45-90m 91-180m

802.11a 802.11b 802.11g 802.11n

Haft duplex: trong mt thi im ch c mt thit b truyn v nhn. Full duplex: mt thit b c th cng lc truyn v nhn. -- Cc thnh phn mng Wireless: WAP, Wireless Card, DHCP Server 1. Wireless Card + WAP + DHCP + Router + R.ADSL 2. Wireless Card + (WAP + DHCP + Router) + R.ADSL 3. Wireless Card + (WAP + DHCP + Router + R.ADSL) -- S khi m phng -- t a ch IP trong mng Wireless (Dynamic IP) -- C ch bo mt: Non Authenticate Wired Equivelent Privacy (WEP) Wireless Protection Access (WPA) MAC Address Filter -- Thng s cu hnh: Default IP: 192.168.0.1/24 (DLink) Username: Admin Password:

Nguyn Quc Dng

Email: bighare_701@yahoo.com

CU HNH ROUTER ADSL

I. Gii thiu -- Asymetric Digital Subcrider Line (Upload & Download) -- Router ADSL + Modem: chuyn i tn hiu in + Router: nh tuyn lin lc (NAT) - NAT Outbound: t ng - NAT Inbound: user ngoi internet truy cp ni b. Thc hin bng tay. II. Cc thng s cu hnh 1. Thng s thit b Default IP: 192.168.1.1/24 Username: admin Password: admin 2. Thng s v ng truyn Protocol: pppOE/pppOA VPI/VCI: 8/35 (VNN) (0/33 8/33 0/35) Username Password VNP Client to Gate B1: to user cho php kt ni B2: Enable RRAS B3: To range IP cp cho kt ni B4: NAT trn R.ADSL VPN Gatewate to Gateway B1->B4: nh trn B5: to Demand Dial Interface

Nguyn Quc Dng

Email: bighare_701@yahoo.com

70-299: CHUYN WINDOWS SECURITY PUBLIC KEY INFRASTRUCTURE

I. Gii thiu: 5 Nguy c: + Sniffing: d tm du hiu c trng + DoS: tn cng t chi dch v + Spoofing: gi mo ngun gc thong tin + Relay: chn thong tin, sau 1 thi gian pht li + MID: tn cng bt gi d liu trn ng i 3 Yu t bo mt: + Confidence: bo mt (m ha d liu) + Authenticity: xc nh danh tnh + Integrity: ton vn (nu ni dung b xm phm th ngi nhn s nhn bit c) II. Mt s khi nim m ha M + K1 C C + K2 M M: message; plain text K1,K2: key, cryptography algorithm C: cipher 1. M ha i xng: (Symemtric Cryptography) M+KC C +\- K M Phng php dng m v gii l 1. u im: d trin khai Nhc im: tn dung lng nhiu cho mi ngi gi kha. 2. M ha bt i xng: (Asymmetric Cryptography) M + K1 C C + K2 M Kha m v gii l khc nhau u im: t tn dung lng lu tr kha cho mi ngi Nhc im: Kh trin khai 3. Public Key Infrastructure (C s h tng m ha cng khai) Lun lun tn ti cp s PQ: s nguyn t v cng ln v P dung m ha, Q dung gii m. M + P C v C + Q M M + Q C v C + P C 4. Du hiu c trng vn bn: CRC (Cylic Redundency Check) M + hash CRC M M + hash CRC M M CRC >< CRC M >< M 5. Ch k in t M + hash CRC M M CRC + Q S a/CRC V d: t --------Gi mail----------> Bnh M + PB C
M M

Nguyn Quc Dng

Email: bighare_701@yahoo.com

M + hash CRCm CRCm + QA S A/CRCm Bnh nhn c C + S A/CRCm. C + QB M Confidence S A/CRCm + PA S A/CRCm Authenticity Kim tra: M + hash CRCm CRCm + PA S A/CRCm S=S: tht 6. Certificate 5Cam: (P5, Info5, S5): Cetificate 6Quyt: (P6, Info6) + hash CRC6 CRC6 + Q5 S5/6 (P6,Info6,S5/6) Certificate 5 cho 6 III. Trin khai Certificate Authority 1. Ci t: Control Panel>Add/remove Program>Add/Remove..> Cetificate Service Loi CA Enterprise Standalone Mi trng hot ng Domain Workgoup, Domain Xin Certificate User xin CA, h thng t ng dc User xin CA, admin cp cho thong tin trong AD ri t cp user Root CA | - Subodinate CA - Sub CA | CA chain + Sub CA | 2. i tng: User: Service Local Admin Computer Local Admin 3. Xin CA qua web B1: Ci ASP.NET B2: Ci Certificate Service http://localhost/certsrv/ IV. IP SECURITY I. II. Trin khai -- To Policy -- ngha cc gi tin m ha ISAKMP: Internet Security Association Key Management Protocol IKE: Internet Key Exchange ESP: Encapsulate Security Payload xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Nguyn Quc Dng

Email: bighare_701@yahoo.com

70-236: MICROSOFT EXCHANGE SERVER 2007 INSTALLTION

I. Gii thiu - Mail server: MDeamon, Kerio Mail Server, Exchange 2007 - Exchange Server 2007: + Thch hp cho danh nghip c va v ln. + Mnh nht hin nay: qun l csdl ln. Lc t. Quyt nh hng gi mail II. Trin khai - Phn cng: - Phn mm: CPU: (x86;x64). RAM: 1G16/32G (25Mb cho 1 mail box m i) 1. Domain: 2. Raise Domain Functional Level (Active Directory Domain and Trust) + Windows 2000 (mixed): NT,2000,2003 + Windows 2000 (Native): 2000,2003 + Windows 20003: 2003 Windows Server Exchange Server Domain Organization User Mailbox user Universal Group Ditribution Group 3. Software: + ASP.NET + Netframework 2.0 > SP1 + MMC 3.0 + Power Shell: qun l Server bng dng lnh III. Ci t Exchange Server 2007 1. GUI: Chy Setup.exe 2. Command: Setup.com /r:h,c,m,t enablelegacyoutlook on:Tn mail server 3. Role Mailbox Server Role (MBS) + Qun l cc mailbox + Kt ni vi cc role khc bng giao thc MAPI (Message Applilcation Programing Interface -mail trn mng ni b). Cho php user cu hnh kt ni t ng. Hub Transport Server Role (HTS) + Qun l vn lun chuyn mail + Kt ni vi Server khc bng giao thc SMTP (Simple mail transfer protocol) + Giao tip vi HTS hoc ETS ca server khc Client Access Server Role (CAS) + Server trung gian kt ni cc Client vi MBS bng giao thc khc (Non-MAPI): POP3 (Post Office Protocol), IMAP (Internet Message Application Protocol). Dng cho Client s dung Outlook hoc user ngoi internet. Unified Messaging Server Role (UMS) + H tr cc thit b di ng kt ni theo VoiIP Edge Transport Server Role (ETS) + 3 Role u bng buc + 4 Role u c th ci t chung trn 1 hay nhiu Server + Role cui cng phi t trn 1 server khc (l do bo mt). C nhim v thm nh kim tra mail t bn ngoi gi vo mail server ni b. Kt ni vi ETS hoc HTS ca Server khc.

Nguyn Quc Dng

Email: bighare_701@yahoo.com

HTS ETS Mail Server Khc Phone UMS A.D MBS CAS External Client U3 Internal Client U1,U2 --SMTP MAPI LDAP NON-MAPI VoIP

V d: U1 gi mail U2: 3,4,4 U2 kim tra mail: 3 U3 gi mail U2: 1,5,4,3 U3 kim tra mail: 1,2 U1 gi mail cho teo: 3,4,8 (optional),9 U3 gi mail cho teo: 1,5,8,9 Teo gi mail cho U1: 9,8,4 III. Kim tra - Service: tt c u Started tr ME POP3, Monitoring, IMAP4 - Exchange Management Console: Mailbox user, Group

Nguyn Quc Dng

Email: bighare_701@yahoo.com

Nhn mail: EMC>Server Conf>Hub Transport>Dobule click Default PCXX Tab Authentication: b check Basic Authen Tab Permission: Check Anonymous User - Gi mail qua Server khc: EMC>Organization Conf>Hub Transpoft>tab Send Connector Mailserver c th nhn mail t a ch IP: gawab.com III. Exchange Recipients: l cc i tng trong h thng Active Directory (AD) c Exchange cung cp mt mailbox hoc a ch email v c th c php gi nhn mail thng qua h thng Exchange Mailbox user: l mt user account trong AD c Exchange cung cp cho 1 mailbox v c php gi nhn mail thng qua h thng Exchange. Mail user: l mt user account trong AD c Exchange cung cp cho External Email Address (a ch email bn ngoi) nhm mc ch lu tr External Email Address ca user vo danh sch Exchange Address Lists. Mail Contact: l mt contact trong AD c Exchange cung cp cho 1 External Email Address. Mc ch s dng l lu tr thng tin ca khch hng hoc i tc ca cng ty vo trong Exchange Address lists. Distribution Group: l mt Group trong AD c Exchange cung cp 1 a ch email c chc nng phn phi email cng lc cho nhiu i tng. Group khng c chc nng gi mail. Dynamic Distribution Group: cng c chc nng phn phi email. Ngoi ra cn t ng add/remove thnh vin da theo t tnh ca i tng. Send On Behalf: c gi mail dm cho user khc (Delegate). Resource Mailbox (2007): mailbox i din cho 1 Room hoc Equipment c chc nng h tr cho vic ng k lch s dng phng hp, phng hi ngh hoc thit b. To mi Room hoc Equipment mt Resource Mailbox + Room Mailbox: + Equipment Mailbox: Set-MailboxCarlendarSettings -Identity "Room1" -AutomateProcessing AutoAccept # Active Mailbox Get-MailboxCarlendarSettings -Identity "Room1" # Kim tra i tng Linked Mailbox (2007): l mailbox to ra cho user ca domain khc nhm mc ch h tr c ch Single Sign-on (chng thc bng mt account duy nht cho tt c cc nhu cu) trong h thng Multi-domain (M hnh ln). iu kin l hai domain phi c mi quan h Trust Relationship. iu kin Trust Domain: Cc domain phi phn gii DNS ln nhau v cc domain phi ng b thi gian vi nhau. net time /set /y \\192.168.4.x # ng b thi gian Microsoft Outlook + Out of Office Assistance (Auto Reply): t ng tr li mail + Search Index: search ni dung trong file attach -

IV. Exchange Database: Nn Move Storage Group Path sang a khc ci t Windows v s lm hn ch tc my. Storage Group: ni lu tr data ca h thng Exchange (Mailbox Server Role). Nn to nhiu Storage Group tng tc hot ng (log & chk file). Mt Storage Group c th cha nhiu Database c nhiu file edb phng trng hp nu 1 file edb b li th vn cn file khc. Ngoi ra nhiu Mailbox Database c th qui nh dung lng lu tr cho tng nhm Mailbox Database. Mailbox Database (*.edb): ni lu tr mailbox ca cc i tng trong h thng Exchange. Journal Recipient (Server Configuration>Mailbox>Storage Group>xxx): theo di mail Phn quyn li trn Mailbox Database: Add-ADPermission - Identity NhanvienDB -User Administrator -ExtentedRights Send-As,Receive-As # Quyn gi v nhn Public Folder Database: ni lu tr public Folder ca h thng Exchange. C 2 chc nng: lu tr d liu v chia s thng tin (c th phn quyn cho User trn Public Folder).

Nguyn Quc Dng

Email: bighare_701@yahoo.com

New-PublicFolder -Name Ketoan

Exchange Version Standard Enterprise

Storage Group Database 5/server 5 50/server 50

V. Exchange Address Lists: lu tr thng tin ca cc Recipient trong h thng mail. Personal Address Lists: Address List c nhn ca mi ngi. Default Address Lists: Nhng Address List c to sn trong Exchange. Default Global Address Lists: Lu tt c thng tin ca tt c Recipient trong h thng Exchange. Global Address Lists: Lu tr thng tin ca tt c Recipient trong cng Forest. T i 1 thi im User ch c th s dng 1 Global Address List. Cch to 1 Global Address List m i (sd Shell): New-GlobalAddresslist -Name HanoiGAL -IncludeRecipients AllRecipients -ConditionalStateorProvince HN Deny quyn ca user trn Group Add-ADPermission -Identity "Default Global Address List" -User HNGroup -AccessRights GenericAll -deny Update-GlobalAddressList -Identity "Default Global Address List" Deny quyn trn All User (V U3 b cm Default Global vn c th thy mail user khc qua All User). Nh update sau khi hin. Add-ADPermission -Identity "All Users" -User HNGroup -AccessRights GenericAll -deny Custom Address Lists: Address List to mi theo nhu cu. Dng phn loi theo tng c tnh ca User (Department, State...). Thng xuyn s dng nht. Offline Address Book: Mail Client khng kt ni c vi Exchange vn s dng c Address List trn Exchange. Ly thng tin t Default Global Address List. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx POP3 Protocol Set-POPSettings -LoginType PlainTextLogin Get-POPSettings # Kim tra Vo Server MXPOP3 --> Start and Automatic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# Kt ni vo Server

SMTP Protocol Protocol quan trng nht trong h thng mail Cc bc vn chuyn 1 email Domain A ------email----> Domain B 1. Phn gii MX Record (i din cho tn v IP ca mail Server) ca domain B nslookup set type = mx 2. Telnet vo port 25 (SMTP) ca mail server trong domain B telnet x.x.x.x 25 3. Gi mail bng SMTP Protocol helo dom21.local mail from: <teo@abc.com> rcpt to:<u1@dom21.local> data from: Tran Van Teo to: u1@dom21.local subject: Mail tu PC20 # enter bt u ni dung

Nguyn Quc Dng

Email: bighare_701@yahoo.com

Noi dung mail . # Ket thuc mail quit # Thoat telnet .............................................. SMTP Connector: + Send Connector: gi mail. + Receive Connector: nhn mail. Bng Port 25 (SMTP-Default) v 587 (ISMTP-Client). Cp quyn anonymous cho Receive connector gi nhn mail. Mun gi vo mail ca yahoo hoc gmail th s dng Smart Host (dnsexit.com) Add-ADPermission -Identity "Default PC02" -User relaygroup -ExtendedRights ms-exch-smtp-accept-any-sender Sau khi thc hin nh Restart Services ME Transport xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx AntiSpam Agent Set-POPSettings -LoginType PlainTextLogin Get-POPSettings --> Start Service POP3 # Cu hnh POP3 cho User

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Firewall Policy Access Rule (Rule Deny lun lun nm trc Allow) Filter gi tin: + Protocol: Truy cp web m protocol: dns (routing - ipconfig /flushdns), http(s) + Source: Cm hoc cho php my c th truy cp internet. Toolbox>Network Ojects>Computers>New Computer + Destination: Qun l ng i ca gi tin. Toolbox>Network Ojects>URL Sets (Domain Name Sets)>New... + User: Toolbox>Users (Location x.local) + Schedule: Toolbox>Schedules>New... + Content Type: Filter da vo ni dung trang web Access Rule Elements: nhng thnh phn cu thnh nn Access Rule Application Filter: Configure HTTP>Signature>Request Header (Header: Host:; sig: msg.yahoo.com). Cm da vo Signature ca Application. HTTP Filter: Configure HTTP>Extensions # Cho php hay cm download nh dng file bt k Http Method: cho s dng web mail (c ch khng cho gi) GET: c ni dung HEAD: gi d liu dung lng nh (user, pass) POST: gi d liu dung lng ln (mail, reply) ...... System Policy Rule: Firewall Policy>View>Show System Policy Rule (Khng c php xa hoc thay i v tr) Network Rule: Qui nh gi tin s c vn chuyn bng Route hay NAT. Configuration>Networks>Network Rules My Server c Public IP th phi ci trong vng DMZ (Perimeter). Gn thm Card mng th 3 trn ISA. Net A -------(Route/NAT)---------->Net B IP Private------------------Route--------IP Private IP Public------------------Route---------IP Public IP Private<-----------------NAT----------->IP Public Network Template

Nguyn Quc Dng

Email: bighare_701@yahoo.com

http://msopenlab.com/ Virtual Private Network (VPN) H thng c Firewall th xy dng VPN trn nn Firewall. Windows: Routing and Remote Access Firewall: ISA Management 1. VPN Client-to-Gateway Cp quyn Dial-in cho user 2. VPN Gateway-to-Gateway Cu hnh Demand Dial-Routing To ra Demand Dial-Connection (tn user cp cho ngi ta tn g th interface name phi t ng tn ) Cu hnh Static Route routing (V 2 mng khc Net) IPSEC: kt ni 2 thit b khc nhau xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Chuyn : Mail Offline nhn mail t ni khc gi ti: 1. ng k domain name ng k Internet Domain Name: trc tuyn (ATM), trc tip (FPT, Mt Bo...) www.directnic.com labnhatnghe.com /nhatnghe105 2. Cu hnh mail online/offline Mail Online + ng k Static Public IP + To MXRecord trn Internet domain name Mail Offline + ng k 1 mail h tr POP + Cu hnh Forward mail trn Internet domain name: tt c mail gi cho a ch mnh to u forward vo mail POP (vd: @yahoo.com.vn). Sau mail server s download mail v t mail POP. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Server Publishing My ci ASP.NET: Web Server To Alias www (DNS) To Rule access cho internal to internal ( my ni b c th truy cp web ni b) T internet truy cp Web Server (trong DMZ-Public IP): to access rule t external v DMZ (Web Server). Nu Web Server s dng Private IP th cu hnh NAT Inbound (Internet truy cp h thng ni b). Publish Web Server Public Web ((element)NAT Inbound): NetWork Objects>Web Listners (i din cho port http) New Rule>Web Publishing Rule ng k Internet Domain Name: truy cp web bng tn. External DNS Server: DNS qun l trn Internet Internet DNS Server: DNS qun l trong ni b Publish Secure Web Server Windows Opponents>Certificates https://www.nhom21.local/ # M port 443

Nguyn Quc Dng

Email: bighare_701@yahoo.com

Export Certifcate t ISS (my Webserver) Import Certicate vo Certifcate Console (My ISA) Toolbox>Weblistener>Web443 (SSL) Publish Mail Server Gi mail ra ngoi th ISA cn to Access Rule: Protocol SMTP Nhn mail t bn ngoi th ISA cn Public Mail Server (NAT inbound cho http(s)): protocol 25 (SMTP) Firewall Policy>New>Mail Server Publishing Rule Ni b: MAPI Bn ngoi: POP3, SMTP... Publish Exchange Outlook Web Access (OWA) Cp Cetificate cho mail.dom22.local. (IIS Manager/Default Web Site/Directory Security) https://mail.dom22.local/owa # Add Trusted Site Intrusion Detection: Pht hin tn cng Scan port: bit server m port no Caching: Monitoring xxxxxxxxxxxxxxxxxxxxx ISA SERVER 2006 Enterprise (h tr load balancing): Ci my Configuration Storage Server (lu tr cu hnh cho ISA Enterprise-my gia) ISA Array: h thng nhiu ISA chy song song Chung Array th cu hnh ging nhau v lu ti Configuration Storage Server. Network Load Balancing Cn bng ti (chiu ra/chiu vo (ISA)) cho nhiu ng truyn Internet: Hardware: Draytek Vigor, D-link, LinkSys... Software: ISA (n line/ n firewall ISA), Kerio WinrouteFW, Pfsense... Ci Card Loopback ni ra ngoi (cho 2 my ngoi cng) Card LAN ni vo trong Load Balancing u ra Enable Virtual IP: Networks/Tasks/Enable Network Load Balancing/Internal(nh p chut vo t VIP)/ Load Balancing u vo Enable Virtual IP: Networks/Tasks/Enable Network Load Balancing/External(nhp chut vo t VIP)/ Cn 2 ng Internet ni vi 2 Firewall (ISA). Kim tra bng cch rt line. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 70-648: UPGRADE WINDOWS SERVER 2008 Upgrade Win2k3 AD to Win2k8 AD Nng cp 2k3 ln DC Chnh IP v chnh mnh Cmd/dcpromo Upgrade 2k8: Domain Functional Level ti thiu l Win2000 Native M rng ADSchema: nh ngha thuc tnh ca cc i tng trong AD. S dng ADprep.exe (trong source 2k8) cmd> adprep /forestprep adprep /domainprep # kim tra Upgrade h thng Source 2k8: Setup.exe Install Active Directory Domain Services (ADDS)

Nguyn Quc Dng

Email: bighare_701@yahoo.com

2k3 Ci Services t Window Component 2k8 Ci Services t Add Roles/Features Qun l GPO: Group Policy Management xxxxxxxxxxxxxxxxxxxxxxxxxxxx Internet Information Services (IIS) 7.0 (2k8) Active Directory Certifcate Services Active Directory Right Management Services (AD RMS) xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Windows Server 2008 (http://msopenlab.com/index.php?article=28) Server Core: ch c giao din command line nhng cu hnh rt n gin nh giao din ca client - Yu cn phn cng thp (dung lng trng 1Gb + 2Gb cho ng dng) - Gim thiu cng vic bo tr - Li bo mt pht sinh t - Ch h tr mt s Role v Feature thng dng Thc hin: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Secure Socket Tunneling Protocol (SSTP-2k8 server/Vista): Thun tin v an ton nht ch h tr Client2Gateway S dng port 443 (https). M ha bng SSL. My 1(2k8-DC) & 2(2k8): Cross My 2(2k8) & 3(2k8): Lan Join my 2 vo my 1 Cu hnh CA server ( kt ni bng SSTP) CA Web Enrollment: Xin Certificate bng web. ng b thi gian vi my khc: net time /set /y \\192.168.x.x VNP Connection/Properties/Type of VNP (2k8/Vista) xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Additional Domain Controller (DC cng ng thi l DNS Server) Domain Controller thm sau Primary Domain Controller. Global Calalog Server (Ch c DC mi sd c GCS): Chng thc cho cc i tng trong AD. Client gi thng tin ln DC, DC tr v cho Client (thng tin Global Catalog Server). Sau Client lin h n GCS. GCS chng thc cho Client. Ci nhiu GCS load balancing th cng ci DNS server. Khng c u tin gia cc GCS. Secondary DNS Server (DNS Server th hai) Distributed File System (DFS): Khng cn phi l DC. Network Load Balancing: Ci nhiu Server chy cng 1 dch v. (2k8/Add Features) DNS Round Robin: To host tr v nhiu IP. (Web Server...) Virtual IP: To IP o cho cc IP c sn. (ISA...) xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Active Directory Site: thnh phn ca cu trc vt l. Mi Site i din cho 1 v tr trong h thng AD. Cn chia Site v: -- ti u ha tc chng thc gia cc Site -- thun tin cho vic qun l Replicate AD database gia cc Site Mt domain c th c 1 site hoc nhiu site Mt site c th thuc 1 domain hay nhiu domain AD chia lun l: to OU Read-only Domain Controller (RODC) Read_only DNS Server My 1 & 2: Cross My 2&3-4: Lan

Nguyn Quc Dng

Email: bighare_701@yahoo.com

Cu hnh my 2 lm Router (3-4 lin lc 1) M3: Join Domain M1 M2: Server Manager>Add Roles>Network Policy and Access Services>Routing and Remote Access Services M1: To thm DNS>Reverse Lookup Zones> 192.168.1 To user hcm: u1,u2 hn:hn1,hn2 To Group hngroup (hn1,hn2) Group Policy Management>Domain Controller>Default...>....Allow logon locally Cu hnh cho HN thm Global Catalog DC, DNS Second: c hai h thng c th chm v Global Catalog khng c u tin. --> Active Directory Site M1: To cc Site v Subnets cn thit --> Move AD Sites and Services >Default FSN>RC Rename>Saigon AD Sites and Services >Sites>RC New Site>Hanoi # Da vo IP bit v tr ca my AD Sites and Services >Subnet>RC New Subnet (Saigon;Hanoi) M3: Run>Dcpromo # DC Hanoi (4.M3 thuc 4.0 Hanoi, Saigon 1.0-M1,M2) >Read-only domain cotroller (RODC) # Bo mt khng cao, khng cn IT # Ch lu tr pass v user # Forest Funtional Lever: 2k3