1. Cu hnh DHCP trn my server ........................................................................................................

51
MC LC
BUI 1: TRIN KHAI ACTIVE DIRECTORY DOMAIN SERVICES .................................................. 3 2. Cu hnh a ch ip ng trn my client. ........................................................................................... 54

I. CHUN B TRC KHI CI T. ............................................................................................................ 5 BUI 6: DNS SERVER ................................................................................................................................ 56

II. CI T DOMAIN CONTROLLER (DC) ................................................................................................ 6 I. Ci t DNS Server ...................................................................................................................................... 56

1. Cu hnh TCP/IP ................................................................................................................................... 6 II. Cu hnh DNS Server ................................................................................................................................. 58

2. Ci t dch v ADDS .......................................................................................................................... 6 1. Cu hnh DNS Server chnh (DNS Server Primary) ........................................................................... 58

3. Ci t Domain Controller (Ln Domain) ............................................................................................ 8 2. Cu hnh DNS Server ph (DNS Server Secondary).......................................................................... 65

4. Kim tra thng tin h thng ................................................................................................................ 14 3. ng b d liu gia DNS Server Primary v DNS Server Secondary ............................................. 68

III. Demote Domain Controller (H Domain) ................................................................................................. 15 4. Cu hnh TCP/IP trn my Client my Client phn gii c tn min ........................................ 70

IV. Join Client vo Domain ............................................................................................................................. 19 III. Thao tc vi cc record trn DNS Server .................................................................................................. 71

1. Cu hnh TCP/IP ................................................................................................................................. 19 BUI 7: GROUP POLICY (GP) ................................................................................................................. 74

2. i tn my tnh v thit lp tn domain ............................................................................................ 19 I. Ci t cng c Group Policy Management Console (GPMC).................................................................... 74

3. Kim tra thng tin ............................................................................................................................... 22 II. c im ca cng c Group Policy Management Console (GPMC) ........................................................ 74

BUI 2: QUN L USER, GROUP, OU ................................................................................................... 24 III. GPO c lp .............................................................................................................................................. 74

I. Qun l user ................................................................................................................................................. 24 IV. p dng GPO c lp ln cc i tng ................................................................................................... 77

1. To user mi ....................................................................................................................................... 24 V. GPO lin kt (Linked GPO) ....................................................................................................................... 79

2. Thit lp thi gian user c php ng nhp vo domain ........................................................... 27 VI. Mt s thao tc m rng i vi GPO ...................................................................................................... 82

3. Thit t quyn ng nhp my tnh ca cc user .............................................................................. 28 BUI 8: WEB SERVER ............................................................................................................................... 89

II. Qun l Group ............................................................................................................................................ 30 I. Ci t Web Server ...................................................................................................................................... 89

1. To group ............................................................................................................................................ 30 II. Xut bn Website ........................................................................................................................................ 93

2. a user vo group ............................................................................................................................. 32 III. Cu hnh DNS Server phn gii tn min cho Website ............................................................................. 97

III. Qun l Organizational Unit (OU) ............................................................................................................ 35 IV. Chy nhiu website trn mt server .......................................................................................................... 97

1. To OU ............................................................................................................................................... 35 V. Ci t FTP Site.......................................................................................................................................... 98

2. a Group vo OU ............................................................................................................................. 35 BUI 9: WINDOWS FIREWALL ............................................................................................................ 106

BUI 3: SAO LU V PHC HI WINDOWS SERVER 2008 ............................................................ 38 I. Gii thiu Windows Firewall with Advanced Security ............................................................................. 106

BUI 4: ROUTING AND REMOTE ACCESS ......................................................................................... 43 II. Firewall Rule............................................................................................................................................. 109

I. Ci t v kch hot dch v RRAS.............................................................................................................. 43 1. Gii thiu Firewall Rule ................................................................................................................... 109

BUI 5: DHCP SERVER ............................................................................................................................. 45 2. To mt firewall rule ........................................................................................................................ 115

I. Ci t DHCP Server ................................................................................................................................... 45

II. Cu hnh DHCP Server ............................................................................................................................... 51

1 2
 BUI 1: TRIN KHAI ACTIVE DIRECTORY DOMAIN SERVICES
Active Directory Domain Services (AD DS) l mt dch v trn Windows Server 2008, s dng thng
tin lu tr trong Active Directory qun l cc i tng users, group, computer. Cc i tng
ny c t chc theo mt cu trc phn cp.Gm c cc kiu :
Active Directory forest ( forest l i tng c to ra t mt nhm gm 2 hay nhiu domain
tree c quan h tin cy vi nhau trust relationship)
Cc domain tree trong forest
Cc Organization Unit (OU) trong mi Domain
Nhng im mi ca Active Directory Domain Services ca Windows Server 2008:
3 4
Auditing : lu tr cc s kin lin quan n nhng i tng trong Active Directory.T
c th bit c i tng thay i nhng g.V gi tr hin tai v gi tr trc khi thay i
cng c h thng ghi nhn li.
Password Policies c th c cu hnh cho nhng i tng ring bit trong mt domain.V
th bn s khng phi s dng chung mt chnh sch mt khu cho tt c cc ngi dng trong
cng mt domain
Read-Only Domain Controller l mt Domain Controller vi c s d liu Active Directory
dng read-only.Dch v ny gip bn tm bo mt c i vi nhng ni m bo mt cha
c m bo cao ,chng hn nh cc vn phng .Read-Only Domain Controller khng
cho php cc domain controller cp thp hn thc hin nhng thay i ln Active Directory
Restartable AD DS : c im ny gip bn khi ng li AD DS trong khi vn gi nguyn
trng thi hot ng ca Domain Controller,gip bn hon thnh nhng thao tc offline mt
cch nhanh chng
Active Directory Certificate Services (AD CS) l mt dch v c dng sinh ra v qun
l cc certificate trn nhng h thng s dng cng ngh public key .Bn c th s dng
ADCS to ra cc my ch chng thc CA ( Certification Authorities) .Cc CA c tc dng
nhn yu cu v chng thc,sau x l v gi cc chng thc v li cho i tng
gi yu cu.
Active Directory Federation Services (AD FS) l mt dch v cung cp c ch ng nhp -
single sign-on(SSO) ,cho php bn ng nhp ch mt ln nhng c th dng nhiu ng dng
Web c quan h vi nhau
Active Directory Rights Management Services (ADRMS) l dch v c dng kt hp
vi cc ng dng h tr AD RMS (AD RMS enable application),nhm bo v d liu quan
trng ( bo co ti chnh,thng tin khch hng,n hng,s sch k khai k ton .v..v.) trc
nhng i tng ngi dng khng c php (unauthorized users).Vi AD RMS,bn c th
xc nh nhng ai c th thc hin cc thao tc nh xem,chnh sa,in n.trn d liu ca
mnh
Active Directory Lightweght Directory Services (AD LDS) l mt dch v th mc LDAP
(Lightweght Directory Access Protocol) trn Windows Server 2008.AD LDS cung cp mt
c ch nhm h tr cc ng dng directory-enabled ( s dng th mc lu tr d liu)
.Dch v ny c chc nng tng t nh AD DS,nhng khng i hi phi trin khai cc
domain hoc Domain Controller
(Mt ng dng directory enabled l ng dng khng dng c s d liu, file hoc cc cu trc lu II. CI T DOMAIN CONTROLLER (DC)
tr khc,m thay vo l th mc lu tr d liu ca mnh. Cc ng dng dng ny c th l h 1. Cu hnh TCP/IP
thng qun l quan h khch hng, h thng qun l nhn lc.) Cng nh Windows Server 2003, th Windows Server 2008 trc khi nng cp ln DC phi cu
I. CHUN BN TRC KHI CI T. hnh Preferred DNS v IP Loopback l 127.0.0.1 hoc v IP 192.168.1.1
1. Thit lp a ch IP cho card mng ca server hoc bn c th thit lp a ch IP ca cc
DNS Server trong h thng.Nu server ny l Domain Controller v DNS Server u tin,qu
trnh ci t AD DS s bao gm c vic ci t DNS Server
2. Nu mun b sung server ny vo mt forest tn ti trn Windows Server 2000,Windows
Server 2003 bn phi cp nht thng tin v forest bng lnh:

adprep /forestprep

3. Nu mun b sung server ny vo mt domain tn ti trn Windows Server 2000,Windows

Server 2003 ,bn phi cp nhp thng tin v domain v group policy bng lnh

adprep /domainprep /gpprep

4. Nu mun ci t mt Read-Only Domain Controller (RODC), bn phi chun b forest bng

lnh:

adprep /rodcprep

5. Xy dng cc DNS Server trong h thng mng nu c, trong qu trnh ci t AD DS s c

ci t DNS Server

2. Ci t dch v ADDS
Windows Server 2003, ci t thm cc dch v nh DHCP, DNS vo Add/Remove Windows
Components. Windows Server 2008 c thay th bng cng c qun tr Server Manager vi cc
Roles v Features.V mc nh Windows Server 2008 cha ci t cc dch v nn bn phi ci t
dch v AD DS trc khi ln Domain Controller.

5 6
Vo Server Manager Add Roles. Chn dch v Active Directory Domain Services Chn Next tip tc.Ti bng Confirm Installation Selections s yu cu bn xc nhn ln cui
trc khi ci t. Chn Install

i cho n khi hon tt qu trnh ci t dch v Active Directory Domain Services. Chn Close
Chn Next.Ti bng Active Directory Domain Services gii thiu cho bn v dch v ny v mt s hon tt
lu khi ci t trong phn Things to Note

3. Ci t Domain Controller (Ln Domain)

Vo Run g dcpromo v chn OK. i trong vi giy h thng kim tra ci t dch v AD
DS cha.
7 8
 Ti bng Operating System Compability s cho bn bit v tnh tng thch ca Windows Server
2008. Chn Next tip tc

Ti bng Welcome to the Active Directory Domain Services Installation Wizard chn Next

Ti bng Choose a Deployment Configuration chn Create a new domain in a new forest to
mt domain mi trn mt forest mi

Chn Next tip tc.Ti bng Name the Forest Root Domain.Ti FQDN of the forest root
domain g tn domain vo.Sau chn Next v ch vi giy h thng kim tra tn domain s
dng cha.

9 10
 Chn Next.Ti bng Location for Database,Log File,and SYSVOL cho php bn thit lp ng dn
Ti bng Set Forest Functional Level,chn phin bn Windows Server 2008 tn dng ht tnh ca database, log file v sysvol. Hy mc nh trong C:\Windows
nng. Sau chn Next

Chn Next tip tc.Ti bng Directory Services Restore Mode Administrator Password,thit lp
password.Lu ,password ny khng phi l password ca ti khon Administrator trong domain v
Ti bng Additional Domain Controller Options, h thng kim tra xem th dch v DNS Server
password phi theo kiu phc tp complexity (gm cc k t a,A,@,1.). VD: pass@word1
c cha,v t ng nh du ci t DNS Server. Lu l bn khng th ci t Read-only domain
controller trn DC u tin ny

11 12
 Sau khi ci t hon tt ,chn Finish kt thc

Chn Next.Ti bng Summary cho bn bit thng tin m bn thit lp trn.Nu ng v y
,chn Next thc hin vic ci t

4. Kim tra thng tin h thng

Khi ng li my tnh thay i c hiu lc sau kim tra li thng tin h thng trong Server
H thng ang tin hnh ci t
Manager xem ln c domain cha:

13 14
 Ti bng Welcome to Active Directory Domain Services Installation Wizard chn Next.

Ti bng thng bo Global catalog server.Chn OK.

III. Demote Domain Controller (H Domain)

Vo Run ,g dcpromo
15 16
Ti bng Delete the Domain, chn Delete the domain because is the last domain controller in the
domain. Chn Next

Ti bng Administrator Password.Nhp password cho ti khon Administrator

Ti bng Confirm Deletion.Chn Delete all application directory partitions on this Active Directory
domain controller. Chn Next.

Chn Next.Ti bng Summary, xem li thng tin thit lp Chn Next v i cho ti khi h thng
yu cu Restart thay i c hiu lc.

17 18
IV. Join Client vo Domain
1. Cu hnh TCP/IP
Sau khi trin khai thnh cng AD DS,to cc user,group v ou. Lc ny, cng vic tip theo l join
cc my trm (client) vo domain .C th l domain ict24h.net
Trc tin,thit lp IP cho my client

Chn OK.V tnh bo mt, h thng s yu cu bn ng nhp vo domain. Nhp Username v

Password ca administrator trn my server

in a ch IP ca client cng lp mng vi IP ca server . y ti s dng lp C l 192.168.1.x

.Ti mc Use the following DNS server addresses in a ch IP ca DNS Server m bn thit
lp lc ci t DC .Trong trng hp ny l 192.168.1.1. Sau chn OK.
2. i tn my tnh v thit lp tn domain
Nhp chut phi vo My Computer trn desktop v chn Properties:
Mc Computer Name thay i tn my tnh Chn OK tip tc. Nu bn ng nhp sai password v ti khon ca Administrator s khng th

Mc Member of, chn Domain v nhp tn domain cn join vo. y l ict24h.net join client vo domain c.

19 20
 3. Kim tra thng tin
Kim tra trn my Client
Kim tra bng cch nhp chut phi vo My Computer ,chn Properties . bng System properties
thy my client c join vo domain ict24h.net

Sau khi h thng thng bo join domain thnh cng th chn OK

Kim tra bn my DC
Vo Server Manager Roles Active Directory Domain Services Active Directory Users
and Computers ict24h.net Computers . thy my client c tn Dandoh hin din trn
domain.

H thng yu cu khi ng li my thay i c hiu lc.Chn OK cho ti khi h thng yu cu

Restart my client

21 22
 BUI 2: QUN L USER, GROUP, OU
I. Qun l user
1. To user mi
Sau khi to mt Domain Controller.Tip theo l to user trn domain.
M Server Manager.Click Roles Active Directory Domain Services Active Directory Users
and Computers.Sau click vo domain. Nhp chut phi vo User v chn New User

Bn c th xem thng tin h iu hnh ca my client ny bng cch click p vo v xem ti tab
Operating system

Ti bng New Object User bn in y cc thng tin vo mc First name, Last name, Full
name.
Lu : ti mc User logon name.y chnh l tn ti khon ca bn dng ng nhp vo h
domain.V th phi nh chnh xc,v phi m bo tnh duy nht.

23 24
 User must change password at next logon : bt buc user phi thay i password ln ng nhp k
tip
User cannot change password : user khng c quyn thay i password
Password never expires : password khng c thi hn qui nh
Account is disabled : v hiu ha ti khon.
Ta chn User must change password at next logon m bo tnh ring t cho user. Chn Next
tip tc. bng tip theo l thng tin v user chun b c to. Chn Finish kt thc

Chn Next tip tc. Xut hin bng thit lp password. y l mt khu ca bn ng vi tn ti
khon to trn,dng ng nhp vo domain.
Lu : Password phi tha mn cc chnh sch mc nh ca Windows Server 2008. Password t
nht l 8 k t v phi c cc thnh phn sau :
Cc k t thng : a,b,c,d,e..
Cc k t in hoa : A,B,C,D,E.
Cc ch s : 1,2,3,4,5.
Cc k t c bit : @,!,$,&,#....
VD: pass@word1

Gii thch ngha ca cc ty chn:

25 26
Tip theo, kim tra th xem user c to cha nu c to th s c tn user trong mc Users. Theo mc nh, user c php ng nhp 24/24. thit lp li, chuyn qua tab Account v chn
Double Click vo User kim tra thng tin chi tit ca user . Logon Hours Ti y bn c th thit lp thi gian ng nhp cho user.
Chn khong thi gian v click vo Logon Denied chn thi gian truy cp ca user.

Hnh trn l thit lp user ny ch truy cp c vo 8h sng n 19h vo cc ngy th 2 cho n

th 7. Sau chn OK hon tt
2. Thit lp thi gian user c php ng nhp vo domain 3. Thit t quyn ng nhp my tnh ca cc user
Nhp chut phi vo user va to v chn Properties V l do bo mt, khng phi user no cng c ng nhp vo cc my tnh mt cch ty . thit
lp tnh ring t v ch nh my tnh no user c php s dng ta thit lp nh sau:
Tab Account
Vo tab Account.Chn Log On To. Chn The following computers , sau g tn nhng my tnh
m user c php ng nhp. Sau chn Add.
Nu mun b th click vo tn my tnh v chn Remove.
Hoc mun sa tn th click vo tn my tnh v chn Edit.
Chn OK xc nhn.

27 28
Gii thch ngha cc mc trong tab Account:
- Unlock Account : khi bn mun m kha ti khon th chn ny
- Account Options : thit lp cc chnh sch v ti khon.
- Account Expire : thi gian mt account tn ti.Nu bn chn End of v chn thi gian
bn cnh th n thi gian account s ht hn v s mt.
xa user ,nhp chut phi vo user v chn Delete
Tab General: cho php bn in y v chi tit v thng tin ca user
II. Qun l Group
1. To group
to mt group mi. Nhp chut phi vo User v chn New Group.

Tab Address: cho php bn in thng tin v a ch ca user

29 30
Ti Group name g tn group.Sau chn OK
2. a user vo group
a user vo group ICT24H ,nhp chut phi vo group v chn Properties.Ti tab
Member.Chn Add..
Ti Enter the object name to select bn g tn user mun a vo group. (Lu tn user phi l tn
bn in ti mc User logon name phn to user.)
Sau khi g tn user bn chn Check Names kim tra.

Kim tra li group c to bng cch click vo User V kt qu l tn ti user ny trn domain

31 32
Ti s th g tn mt user khc.Chng hn Nguyen Van A sau chn Check Names kim tra.H
thng s thng bo An object name Nguyen Van A cannnot be found Tn Nguyen Van A
khng tn ti trn domain

tab Managed By ,bn c th cp quyn cho user c php qun l group bng cch chn Change
v g tn vo Name . Chn OK xc nhn

Hoc bn cng c th tm kim nng cao bng cch chn Advance

Sau khi thm user vo group. Chn OK xc nhn

33 34
III. Qun l Organizational Unit (OU)
1. To OU
to mt OU trn domain ,nhp chut phi vo domain, chn New Organizational Unit

Chn OU Network sau click OK.

G tn OU vo Name. Nu bn mun cho php thao tc xa c thc hin trn OU ny th b

chn vo mc Protect container from accidental deletion. Chn OK hon tt.

Kim tra OU Network thy group ICT24H .

2. a Group vo OU
Tin hnh a group ICT24H vo OU Network. Nhp chut phi vo group ICT24H v chn Move
35 36
 BUI 3: SAO LU V PHC HI WINDOWS SERVER 2008
Chn Windows Server Backup Features.Sau chn Next

Nu bn mun xa user, group hay OU th nhp chut phi ln i tng v chn Delete v chn Yes

bng Confirm Installation Selection yu cu bn xc nhn vic ci t Windows Server

Backup.Chn Next

Ch i qu trnh ci t trong bng Installation Progress

37 38
 Khi bng Getting started hin ra,chn Next
Sau khi ci t hon tt,ti bng Installation Results,chn Close hon tt qu trnh ci t thnh
phn Windows Server Backup

Ti Server Manager.Click vo Storage Windows Server Backup Ti khung Action bn phi,click

Backup Schedule. bng Select backup configuration chn kiu cn backup:
- Full Server : backup ton b d liu trn server
- Custom : cho php ty chn a cn backup.
y ta s chn Custom.Sau chn Next
39 40
Ti bng Select backup items .Chn a cn backup. y ti s chn C v a ny cha d liu
ca h iu hnh Windows Server 2008.

Sau khi chn xong,tip tc nhn Next.

Ti bng Select destination disk,nh du chn a m bn mun backup n v chn Next.
Ti bng Label destination disk,chn Next
Ti bng Summary,chn Finish hon tt qu trnh backup a.
V lc ny ,h thng t ng backup theo thi gian m bn thit lp trn

Tip tc nhn Next .Ti bng Specify backup time ,chn thi gian :
- Once a day : backup 1 ln trong ngy vo lc
- More than once a day : chn backup nhiu ln trong mt ngy.Bn chn thi gian cn backup
v chn Add .Nu mun xa thi gian th chn Remove.

41 42
 BUI 4: ROUTING AND REMOTE ACCESS
I. Ci t v kch hot dch v RRAS
Vo Server Manager Add Roles Network Policy and Access Services - Next

Chn Custom configuration Next

Chn mc Routing and Remote Access Services v 2 mc con Remote Access Service v Routing
Next - Close

Chn LAN routing Next Finish Start Service

Sau khi ci xong vo Start Administrative Tools Routing and Remote Access Nhn chut phi
vo tn server chn Configure and Enable Routing and Remote Access kch hot

43 44
 BUI 5: DHCP SERVER
DHCP (Dynamic Host Configuration Protocol) Server l my ch c dng cp pht a ch IP
ng cho cc my client trong h thng mng.Trn cc phin bn trc nh Windows Server 2000
hay Windows Server 2003 ,bn quen thuc vi chc nng ny.
V cch thc hot ng,DHCP Server s dng dch v cng tn lng nghe yu cu xin cp pht
a ch IP c gi t my client.Sau khi nhn yu cu,DHCP Server s chn ra mt a ch IP trong
dy a ch ca mnh v gi v cho my client.ng thi DHCP Server cng gi n my trm cc
thng tin lin quan n a ch IP nh subnet mask,a ch IP ca cc DNS Server,default gateway.
I. Ci t DHCP Server
Vo Server Manager Roles Add Roles. Ti bng Before You Begin chn Next.

Chn Next.Ti bng DHCP Server gii thiu v dch v DHCP Server,v c mt vi ch trc khi
ci t mc Thing to Note

Ti bng Select Server Roles chn DHCP Server

Chn Next .Ti bng Select Network Connection Bindings ,chn a ch IP ca card mng s c
dng lng nghe yu cu gi t my client.

45 46
 Chn Next.Ti bng Add or Edit DHCP Scopes chn Add.Ti y bn in cc thng tin IP vo .V
Chn Next.Ti bng Specify IPv4 DNS Server Settings nhp tn domain mc Parent domain v
nh chn Active this scope kch hot cc thit lp va ri.
nhp a ch IP ca DNS Server mc Preferred DNS Server IPv4 Address .Bn c th chn Validate
h thng kim tra v xc thc.

Nu bn mun thit lp tip dy IP DHCP Server cp pht th chn Add v tip tc nhp thng s
Chn Next.Ti bng Specify IPv4 WINS Server Settings chn WINS is not required for applications vo.
on this network.

47 48
Chn Next.Ti bng Configure DHCPv6 Stateless Mode chn Disable DHCPv6 Stateless mode for
Chn Next.Ti bng Confirm Installation Selections l thng tin nhng thit lp trc khi ci t
this server .Nu mun cu hnh DHCP Server h tr DHCPv6 tng ng vi IPv6 th chn Enable
DHCP Server.
DHCPv6 Stateless mode for this server

Chn Next.Ti bng Authorize DHCP Server chn ti khon cp php cho DHCP Server trong
Chn Install tin hnh ci t.i cho qu trnh ci t hon tt. Ti bng Installation Results
Active Directory Services. y ti chn ti khon Administrator.
thy dch v DHCP c ci t hon tt Installation succeeded .Chn Close kt thc ci
t

49 50
II. Cu hnh DHCP Server
thay i gateway.Chn Scope Options.Ti khung bn phi,nhp chut phi vo 003 Router v
1. Cu hnh DHCP trn my server
chn Properties.
Vo Start Administrative Tools DHCP
Chn IPv4. Nhp chut phi vo Scope [192.168.0.50] ICT24H-DHCP v chn Properties.

Ti bng Scope Options bn c th thay i gateway bng cch chn Add v xa b bng cch chn
Remove. Sau chn OK.
Ti tab General bn c th thay i Scope name,thit lp li di IP v gii hn thi gian a ch IP tn
ti trn my client

51 52
 2. Cu hnh a ch ip ng trn my client.
thay i tn min,vo Server Options v chn 015 DNS Domain Name v chn Properties. Chn Obtain an IP address automatically v Obtain DNS server address automatically

Ti mc String value g tn min mi vo chn OK

Th ping ti server. (Ping l cu lnh cmd dng kim tra thng mng gia cc my tnh trong
mng)

53 54
 BUI 6: DNS SERVER
DNS (Domain Name System) Server l my ch c dng phn gii domain thnh a ch IP v
ngc li.V d ict24h.net 192.168.1.1
V cch thc hot ng,DNS Server lu tr mt c s d liu bao gm cc bn ghi DNS v dch v
lng nghe cc yu cu.Khi my client gi yu cu phn gii n,DNS Server tin hnh tra cu trong
c s d liu v gi kt qu tng ng v my client.
I. Ci t DNS Server
Vo Server Manager Roles Add Roles. Ti bng Select Server Roles .Chn DNS Server

Mt s lnh thng dng:

Ipcongfig /release
Lnh xa cu hnh TCP/IP ng:

Ipcongfig /renew
Lnh ly cu hnh TCP/IP ng:

Chn Next.Ti bng DNS Server gii thiu v DNS Server cng nh mt s ch trc khi ci t
ti mc Thing to Note

55 56
Chn Next.Ti bng Confirm Installation Selections xc nhn vic ci t.
Chn Close hon tt ci t.
II. Cu hnh DNS Server
i vi DNS Server,thng thng bn nn xy dng ng thi hai h thng l DNS Server chnh
(Primary) v DNS Server d phng (Secondary) dng chung mt c s d liu.Vi phng php
ny,bn s hn ch kh nng dch v DNS b ngng khi c s c xy trn h thng.
1. Cu hnh DNS Server chnh (DNS Server Primary)
Vo Start Administrative Tools DNS. Nhp chut phi vo Forward Lookup Zones v chn
New Zone

Chn Install.i qu trnh ci t hon tt. Ti bng Welcome to the New Zone Wizard ,chn Next.

57 58
Ti bng Zone Type chn Primary zone cu hnh DNS Server chnh. Chn Next.Ti bng Zone File , mc nh

Chn Next.Ti bng Zone Name g tn domain vo. Chn Next.Ti bng Dynamic Update bn c th ngn chn hoc cho php DNS Server chp nhn
cc my client cp nht thng tin mt cch t ng.Ti s ngn chn m bo an ton cho h
thng,chn Do not allow dynamic updates .

59 60
 Nhp chut phi vo Reverse Lookup Zones v chn New Zone. Ti bng Welcome to the New Zone
Wizard chn Next.

Chn Next.Ti bng Completing the New Zone Wizard bn xem li thng tin
Ti bng Zone Type chn Primary zone cu hnh chc nng reverse cho DNS Server chnh.

Sau chn Finish hon tt.

Chn Next.Ti bng Reverse Lookup Zone Name chn kiu IP cn phn gii. y ti chn IPv4.
Nh vy bn cu hnh chc nng phn gii thun forward lookup ( phn gii tn thnh a ch IP)
.
Cu hnh chc nng phn gii ngc reverse lookup (phn gii a ch IP thnh tn)

61 62
Chn Next.in Network ID v chn Next. Chn Next.Ti bng Dynamic Update chn Do not allow dynamic updates

Ti bng Zone File mc nh.

Chn Next v xem li thng tin thit lp,nu chnh xc chn Finish

63 64
2. Cu hnh DNS Server ph (DNS Server Secondary) Ti bng Zone Type chn Secondary Zone cu hnh DNS Server d phng.
cu hnh DNS Server Secondary cn mt my tnh khc DNS Server Primary v ci t
Windows Server 2008 v dch v DNS Server
Vo Start Administrative Tools DNS. Nhp chut phi vo Forward Lookup Zone v chn
New Zone

Chn Next.Ti bng Zone Name nhp tn domain nh DNS Server chnh.Trng hp ny l
Ti bng Welcome the New Zone Wizard chn Next. www.ict24h.net

65 66
 3. ng b d liu gia DNS Server Primary v DNS Server Secondary
ng b d liu gia DNS Server chnh v DNS Server d phng ,bn cn cu hnh chc nng
Chn Next tip tc.Ti bng Master DNS Servers nhp a ch IP ca DNS Server chnh .i mt
Zone Transfers trn DNS Server chnh:
thi gian h thng kim tra
Ti DNS Server chnh .
Vo Start Administrative Tools DNS. Nhp chut phi vo tn zone v chn Properties.

Ti tab Zone Transfer ,chn Alow zone transfer .Chn only to servers listed on the Name Servers tab.
Chn Next.Ti bng Completing the New Zone Wizard chn Finish hon tt.
y l ty chn bn thm vo DNS Server d phng

67 68
 4. Cu hnh TCP/IP trn my Client my Client phn gii c tn min

Chuyn qua tab Name Servers v chn Add. G a ch IP ca DNS Server d phng vo v i h
thng xc thc.Sau chn OK hon tt.
Mt s lnh thng dng:

nslookup
Lnh kim tra cu hnh phn gii tn min:

69 70
III. Thao tc vi cc record trn DNS Server
Sau khi hon thnh nhim v ci t DNS Server .Bn cn to c s d liu cho server ny bng cch
b sung cc bn ghi DNS .Thng thng bn s tng tc vi ba loi ban ghi DNS ph bin l Host
(A), Alias (CNAME), Mail Exchanger (MX):
- Host (A): l bn ghi gm domain v a ch IP tng ng .V d ict24h.net 192.168.1.1
- Alias (CNAME): l bn ghi b danh,cho php nhiu domain cng nh x n mt a ch IP,v
d ict24h.net ict24h.com 192.168.1.1
- Mail Exchanger (MX): l bn ghi mail server
Nu bn mun to cc record khc.Nhp chut phi vo zone v chn Other New Records..

Xut hin thng bo thnh cng

Chn OK.Bng New Host tip tc xut hin,chn Done kt thc to bn ghi.
To bn ghi Alias (CNAME).
to mt bn ghi Alias,nhp chut phi vo zone v chn New Alias (CNAME).
Tng t nh trn,in cc thng tin vo.
To bn ghi Host A (A or AAAA) Ti mc Fully qualified domain name (FQDN) for target host .Nu bn khng nh ,chn Browse
Vo Start Administrative Tools DNS. Nhp chut phi vo zone v chn New Host (A or tm tn my cn tht.
AAAA)
G tn host vo mc Name ,g a ch IP vo mc IP address.
Nu bn mun to ra mt bn ghi DNS phn gii ngc tng ng th nh du chn Create
associated pointer (PTR) record. Sau chn Add Host

71 72
 BUI 7: GROUP POLICY (GP)
Group Policy (GP) trn Windows Server 2008 cho php bn nh ngha cu hnh trn cc nhm user
v computer ca h thng mng.Chng ta c th s dng GP to ra cc chnh sch v p dng cho
cc i tng trong Active Directory nh site,domain v OU
Nhng thit lp trn GP c t chc lu tr trong cc Group Policy Object (GPO) . tng tc vi
mt GPO ,bn s dng cng c Group Policy Management Console (GPMC) .GPMC cn gip bn
lin kt mt GPO n mt trong cc i tng site,domain hoc OU , t p dng cc chnh sch
ln cc nhm user v computer thuc v i tng .
Lu : Mt OU l i tng mc thp nht bn c th gn GPO.
I. Ci t cng c Group Policy Management Console (GPMC)
ci t GPMC vo Server Manager Features Add Features. Sau chn Group Policy
Management v ci t bnh thng . Nu bn ci t dch v ADDS, thnh phn GMPC s t
ng ci t vo h thng
II. c im ca cng c Group Policy Management Console (GPMC)
GMPC l cng c qun l GP a nng ,cho php bn tng tc vi tt c cc GPO,Windows
Management Instrumentation (WMI) filters v nhng i tng lin quan n GP trn h thng.
GMPC em n cho bn nhng kh nng :
Sau khi in thng tin y .Chn OK hon tt.
- Backup v Restore GPO
- Import v Copy GPO
- Tm kim cc GPO
- Group Policy Modeling cho php bn to mi trng gi lp trong qu trnh xy dng k
hoch trin khai GP trc khi bc vo giai on trin khai thc t
- Group Policy Results cho php bn thu thp thng tin v GP p dng cho cc i tng
c th ,trn c s ,gip bn gim st v x l cc s c xy ra khi trin khai
- Starter GPOs l thnh phn dng qun l cc Aministratives Templates
- Preferences bao gm hn 20 chc nng m rng ca GP ,cho php bn thc hin cc thit
lp lin quan n registry,ti khon cc b,dch v,file v th mc.
III. GPO c lp
bt u vi GPO,bn nn to ra cc GPO c lp (unlinked GPO) v trin khai th nghim trn
cc h thng o trc khi a vo p dng thc t.Ch khi no m bo rng cc GPO hot ng
Lu : V tn server,tn my client hay DNS Server ca cc bi lab l khng ging nhau.V vy cc
tt,bn mi a vo p dng trn cc i tng thuc h thng ca mnh (site,domain,OU) .
bn nn ch thay i cho ng. Mc ch thay i tn lin tc cc bn c th hiu v nm bt
to mt GPO c lp vo Start Administrative Tools Group Policy Management
nhanh hn.
Ti ca s GMPC,nhp chut phi ln mc Group Policy Objects v chn New

73 74
 Click chut n mc Password Policy trong Computer Configuration Polices Windows
Settings Security Settings Account Policy Password Policy
C 6 mc, gii thch ngha tng mc:
- Enforce password history : s lng password bt buc phi lu tr
- Maximum password age : thi hn ti password ny tn ti.
- Minimum password age : thi hn ti thiu password ny tn ti
- Minimum password length : s k t ti thiu ca password
- Password must meet complexity requirements : password phi tha mn vic c cc k t
(a,A,@,1)
- Store passwords using reversible encryption: lu tr password,s dng phng thc m
ha.
Ti bng Name GPO nhp tn GPO v chn OK.
Bn c th thit lp bng cch click p vo tng dng v chn Define this policy setting sau nhp
thng tin thit lp v chn OK.

Nhp chut phi vo GPO va to v chn Edit

V ti thit lp chnh sch v password nh sau: domain ict24h.net lu tr ti a 5 password.Sau

khi thit lp password 1 ngy,bn c th thay i password. Qu 30 ngy buc bn phi thay i
Ti bng Group Policy Management Editor ,chn Polices cn cu hnh ca Computer hoc user
password. Password ti thiu l 7 k t v buc phi gm cc k t (a,A,@,1) trong password.
y ti s v d mu v Password Policy mc Computer Configuration.Ti s thit lp mt s
Password ny c lu tr s dng phng thc m ha
chnh sch v password:
75 76
Sau khi thit lp xong ng ca s Group Policy Management Editor.

IV. p dng GPO c lp ln cc i tng

Sau khi to cc GPO c lp,bn cn thc hin thao tc lin k GPO ny vo cc loi i tng trn
Active Directory l site,domain hay OU.y l phng php thun li v hiu qu nht p dng
p dng GPO c lp ln OU va to
cc chnh sch thit lp ln cc nhm user v computer.Cn lu rng mi GPO c th lin kt
Sau khi to xong,bn s dng GMPC lin kt GPO vo OU.
n nhiu i tng trn Active Directory.
Vo Start Adminitrative Tools Group Policy Management.
Trc khi lin kt GPO vo cc i tng trn Active Directory,bn cn to ra cc i tng ny.
Nhp chut phi vo OU v chn Link an Existing GPO
y chng ta s to cc OU.
To OU
Vo Server Manager Roles Active Directory Domain Services Active Directory Users
and Computers.Nhp chut phi vo tn domain v chn New Organization Unit. G tn i
tng vo

Chn OK.Tip theo l to user v computer trong OU ny.Nhp chut phi vo OU v chn New Trong bng Select GPO chn tn domain mc Look in this domain.ng thi chn GPO tng
User hoc chn Computer (Vic to User,Computer hng dn bui 1) ng mc Group Policy objects. Chn OK hon tt.
Ti to 3 user v 2 computer trong OU ICT24H Group.

77 78
 Ti bng New GPO nhp tn GPO v chn OK

V. GPO lin kt (Linked GPO)

Thay v to cc GPO c lp,sau tin hnh lin kt ,bn c th kt hp hai cng vic ny vo mt
to ra mt GPO lin kt (linked GPO).Tuy nhin ,bn ch nn to trc tip GPO lin kt khi c
kinh nghim trin khai GPO v am hiu v h thng ca mnh.
Vo Start Administrative Tools Group Policy Management
Ti GPMC ,nhp chut phi vo GPO v chn Create a GPO in this domain,and Link it here Lc ny,GPO mi c to,ng thi lin kt n OU m bn tng tc.

79 80
 VI. Mt s thao tc m rng i vi GPO
Cng c GPMC cho php bn d dng thc hin cc thao tc nh :backup,restore,copy v import cc
GPO ang c trin khai.Kh nng ny l mt u im rt quan trng trong qu trnh qun l cc
GPO trn h thng mng,gip bn tit kim thi gian,ng thi tng tnh chnh xc v n nh ca
h thng
Backup GPO
backup cho tt c cc GPO nhp chut phi vo Group Policy Objects v chn Back Up All

Nu bn mun hy GPO khi OU ny ,click vo GPO .Ti khung bn phi,tab Scope ,nhp chut
phi vo OU v chn Delete Link (s)

Ti bng Backup Group Policy Objects .chn ng dn lu GPO mc Location v nhp ch thch
mc Description .

Thao tc trn ch l hy lin kt GPO n OU,nu bn mun xa GPO th nhp chut phi vo GPO
v chn Delete.
Lu : trc khi xa b GPO bn phi hy cc lin kt ca GPO vi OU trn domain .
81 82
 Qun l Backup
Sau khi backup xong,bn c th qun l GPO bng chc nng Manage Backup
Nhp chut phi vo Group Policy Objects v chn Manage Backup

Ti bng Manage Backups, mc Backup location,chn Browse v ti ng dn th mc

Sau chn Back Up.i h thng tin hnh backup. Sau khi hon tt chn OK.
backup.Sau ,danh sch cc GPO s xut hin muc Backed up GPOs

Nu bn mun ch hin th cc GPO c backup gn vi thi im hin ti nht ,bn nh du chn

Show only the lastest version of each GPO
backup mt GPO c th no nhp chut phi ln GPO v chn Back up v cng tin hnh
Nu bn mun xem chi tit cc thit lp trong GPO th chn GPO v chn View Settings.
tng t vic backup cho tt c cc GPO.

83 84
 xa GPO backup,bn chn GPO v chn Delete
Restore GPO
Nu c backup th chc chn s c restore. restore mt GPO bn nhp chut phi vo GPO
Ti bng Backup location chn ng dn th mc backup
v chn Restore from Backup.

Ti bng Welcome to the Restore Group Policy Object Wizard chn Next.

Chn Next tip tc.Ti bng Backed up GPOs,chn GPO mun restore.

85 86
 kim tra,click vo GPO ,ti khung bn phi, tab Settings.Xem li thi gian cng nh cc thit
lp.

Chn Next.Ti bng Completing chn Finish hon tt

i h thng restore GPO,sau khi hon tt chn OK

87 88
 BUI 8: WEB SERVER
Internet Information Services 7.0 (IIS 7.0) l mt trong 16 dch v my ch trn Windows Server
2008.Phin bn ny c Microsoft thit k li di dng module,va k tha u im ca nhng
phin bn trc,va tng cng tnh bo mt v n nh.Nhng im mi ng ch trong IIS 7.0
bao gm:
Nhng cng c qun tr mi.
- IIS 7.0 cung cp 2 cng c qun tr ,mt di dng ha v mt di dng dng lnh.Nhng
cng c qun tr ny cho php bn: Chn Add Required Features .
- Qun l tp trung IIS v ASP.NET
- Xem thng tin,chn on,trong bao gm cc thng tin real-time (thi gian thc)
- Thay i quyn trn cc i tng site v ng dng
- y quyn cu hnh cc i tng site v ng dng cho cc thnh vin khng c quyn qun
tr (non-administrator)
Thay i cch thc lu tr thng tin cu hnh
- IIS 7.0 lu tr thng tin cu hnh IIS v ASP.NET vo mt v tr,t cho php cu hnh IIS
v ASP.NET vi mt nh dng thng nht. D dng sao chp cc file cu hnh v ni dung
ca site hoc ng dng n mt my tnh khc
- D dng ch n on v khc phc s c nh vo thng tin real-time v h thng file log mc
chi tit
- IIS 7.0 c thit k di dng module,cho php bn b sung cng nh loi b cc thnh phn
t Web Server khi cn.
Kh nng tng thch cao.
IIS 7.0 c kh nng tng thch rt cao i vi cc ng dng trin khai trong cc phin bn IIS
trc.Khi trin khai IIS 7.0 bn c th chy cc ng dng ASP,hoc cc ng dng trn ASP.NET
1.1 v ASP.NET 2.0 c xy dng t trc m khng cn phi thay i m ngun
I. Ci t Web Server Chn Next tip tc.Ti bng Web Server (IIS) gii thiu v dch v IIS cng nh mt s lu
ci t dch v IIS 7.0 vo Server Manager Roles Add Roles. trc khi ci t mc Thing to Note.
Khi bn click vo Web Server (IIS) h thng s hin ra mt thng bo yu cu b sung mt s thnh
phn trc khi ci t dch v IIS

89 90
Chn Next.Ti bng Select Role Services la chn cc thnh phn cn thit cho Web Server.Khi la Chn Install ci t.i mt thi gian h thng ci t.Sau khi hon tt ci t chn Close
chn mt s thnh phn ,h thng s yu cu bn b sung thm mt s thnh phn nh.Chn Add
require..

qun l Web Server vo Start Administrator Tools Internet Information Services (IIS)
Chn Next d tip tc.Ti bng Confirm Installation Selections l nhng thng tin thit lp trc khi Manager.
ci t Web Server IIS . Giao din tng qut ca IIS Manager

91 92
 in tn website vo mc Site name. mc Physical path chn th mc cha m ngun ca website
bng cch nhn vo nt ().

M trnh duyt web v g http://localhost hoc g localhost .Nu mn hnh xut hin nh hnh di
l bn ci t thnh cng IIS 7.0

II. Xut bn Website Chn OK.Lc ny xut hin mt thng bo cho bit port 80 c mt website khc s dng. l
Sau khi ci t xong dch v IIS 7.0 .By gi bn mun xut bn mt website. Default Web Site.Chn Yes.
M IIS Manager. Nhp chut phi vo Sites khung bn tri v chn Add Web Site

93 94
Lc ny bn phi ngng trng thi hot ng ca Default Web Site bng cch chn click vo Default
Web Site v chn Stop khung bn phi.ng thi chn website ca bn v chn Start

Bn cng c th m bng cch click chn Browse *:80 (http)

Lc ny th li ,bn m trnh duyt web v g http://localhost

95 96
III. Cu hnh DNS Server phn gii tn min cho Website
Bn cng c th vo trnh duyt g a ch IP hin ln website. lm c iu ny bn cn phi
cu hnh DNS Server .
S dng Web Server lm DNS Server .To mt DNS Server Primary, sau to Forward Lookup
Zone. To cc DNS Record Host v Alias.(Xem li bi thc hnh bui thc hnh v DNS Server)

Tip theo vo IIS Manager.Nhp chut phi vo Sites chn Add a Website.
in thng tin vo .Lu ti mc Host name g a ch IP theo cc bn ghi m bn thit lp
trn.Trng hp ny l 192.168.1.4 Chn OK hon tt

Vo trnh duyt g IP .Trng hp ny l a ch IP 192.168.1.4

IV. Chy nhiu website trn mt server

chy nhiu website trn mt server chng hn ict24h.net v ict24h.com .
Ti s lm mu i vi site ict24h.com. Site cn li cc bn t lm
Trc tin to vo Forward Lookup Zone to zone cho website l ict24h.net. To bn ghi tng ng
vi webserver trn website ny. i vi site ict24h.com lm tng t tuy nhin mt lu l ti mc Host name trng.
V. Ci t FTP Site
to cc FTP site trn IIS 7.0 Web Server ,bn cn b sung FTP Publishing Service.

97 98
Vo Server Manager Roles Web Server (IIS) Add Roles Services (ging vi vic ci t
Management Service.)
Ti bng Select Role Services chn FTP Publishing Service.Lc ny h thng yu cu bn b sung
cc thnh phn cn thit .Chn Add Required Role Services

Sau khi hon tt ci t.Chn Close

Vo Start Administrative Tools Internet Information Service (IIS) Manager.

Click vo FTP Sites .Sau click vo dng Click here to launch
Sau chn Next.Ti bng Confirm Installation Selections xc nhn nhng thit lp ,sau chn
Install ci t.

99 100
Lc ny IIS 6.0 Manager hin ln.i vi thnh phn FTP c tch hp sn trn Windows Server
2008 bn phi s dng IIS 6.0 qun l.Nu mun qun l FTP trn IIS 7.0 bn phi ci t FTP
7.0 .Bi vit ny c thc hin trn Vmware Workstation nn s s dng IIS 6.0
Ti IIS 6.0 Manager,nhp chut phi ln FTP Site v chn New FTP Site Ti bng FTP Site Description,g tn vo.

Ti bng Welcome to the FTP Site Creation Wizard chn Next.

Chn Next.Ti bng IP Address and Port Settings chn a ch IP v mc nh port 21 .

101 102
Chn Next tip tc.Ti bng FTP User Isolation chn ch hn ch. tng tnh bo mt ti s Chn Next.Ti bng FTP Site Access Permissions thit lp quyn truy cp, y ti s chn Read
chn Isolate users .y l ch ch c quyn cao nht mi c ng nhp vo qun l. ch tng tnh bo mt cho FTP site.(ch c quyn c)
u tin th tt c user u c th s dng v ch cui ch c nhng user c set quyn trong
Active Directory mi c s dng.

Chn Next.Chn Finish hon tt ci t.

Chn Next.Ti bng FTP Site Home Directory ,chn ng dn n th mc cha ni dung ca FTP
site.

103 104
 BUI 9: WINDOWS FIREWALL
I. Gii thiu Windows Firewall with Advanced Security
Windows Firewall with Advanced Security trn Windows Server 2008 l mt s kt hp gia
personal firewall (host firewall) v Ipsec,cho php bn cu hnh lc cc kt ni vo v ra trn h
thng. Khng ging nh nhng firewall cc phin bn Windows trc ch s dng Windows
Firewall trong Control Panel thc hin cc thao tc cu hnh mc gii hn. Trong Windows
Server 2008 b sung mt thnh phn mi c tn gi l Windows Firewall with Advance Security.
Cng c ny cho php bn d dng thc hin cc thao tc cu hnh a dng v cao cp trn
firewall,nhng im mi ng ch l :
- iu khin kt ni ra vo trn h thng (inbound v outbound)
- Tch hp cht ch vi Server Manager.Khi bn s dng Server Manager ci t dch
v,firewall s c cu hnh mt cch t ng ph hp vi cc dch v va ci t.
- Nhng ci tin trong qun l v cu hnh cc chnh sch trn IPsec.ng thi ,IPsec cng
c thay bng mt khi nim mi , l Connection Security Rules.
Tham kho thm: Kch hot kh nng qun tr iis 7.0 t xa (Tm trn goolgle)
- Nhng ci tin trong hot ng gim st cc chnh sch trn firewall v IPsec (Connection
Security Rules)
Windows Firewall with Advance Security s dng hai loi rule cu hnh :
- Firewall rules : dng xc nh kt ni no c cho php hoc b cm
- Connection Security rules : phc v cho mc ch bo mt ng truyn gia my tnh ny
vi cc my tnh khc
Sau khi hon thnh vic xy dng cc rule,bn s da vo cc firewall profile p dng rule cho
my tnh.Firewall profile l khi nim dng ch v tr m my tnh kt ni.Trn Windows Server
2008 c ba loi firewall profile sau:
- Domain : p dng khi mt my tnh c kt ni vo domain
- Private : p dng khi mt my tnh tr thnh thnh vin ca mng ni b nhng cha kt
ni vo domain.
- Public : p dng khi mt my tnh kt ni vo cc h thng mng cng cng,chng hn
nh Internet.
m Windows Firewall with Advance Security vo Start Administrative Tools Windows
Firewall with Advance Security

105 106
 - Inbound connections : iu khin cc kt ni n my tnh ny .Gi tr mc nh l
Block(default) s kha tt c cc kt ni khng tha mn mt trong cc rule c nh
ngha trn firewall.Ngoi ra cn c 2 ty chn khc l Allow v Block all connections.Allow
l cho php tt c cc kt ni n v Block all connections chn cc kt ni n.
- Outbound connections : iu khin cc my tnh i ra t my tnh ny.Gi tr mc nh l
Allow(default),cho php thc hin cc kt ni n nhng h thng khc.Nu s dng ty chn
Block,bn s cm my tnh ny thit lp cc kt ni trong mng.Do ,bn nn gi nguyn
gi tr mc nh m bo my tnh ca mnh c th lm vic tt.
- Settings : chn Customize thc hin mt s thit lp b sung cho firewall.
- Logging : chn Customize thay i cc thit lp mc nh ca h thng file log
tab Private Profile v tab Public Profile tng t nh Domain Profile.y l cc thit lp dnh
cho nhng my tnh khng thuc domain.
bng Windows Firewall with Advance Security on Local Computer cung cp thng tin v cc
tab IPsec Settings :
firewall profile nh Domain,Private v Public.y l nhng thit lp mc nh.
khung bn tri c cc chc nng chnh nh Inbound Rules,Outbound Rules,Connection Security
Rules v Monitoring .
khung Action bn phi l Import Policy,Export Policy a cc chnh sch vo v a ra.
Chng ta s kho st mt s thuc tnh mc nh ca Windows Firewall with Advance Security.
khung Actions bn phi chn Properties.

- IPsec defaults bao gm nhng thit lp mc nh s c p dng khi bn to ra mt

Connection Security Rule mi. thay i bn chn Customize.Lu l bn c th hiu
tab Domain Profile: chnh cc thit lp ny trong qu trnh to mi mt Connection Security Rule.
- Firewall state : cho php thay i gia 2 trng thi ca firewall l On hoc Off.

107 108
 - IPsec exemptions gip bn d dng tm kim v khc phc s c trong h thng mng s
dng IPsec.Nu thay i gi tr mc nh thnh Yes ,bn s d dng s dng cng c nh
Ping,Tracert. d tm nguyn nhn v x l s c.
II. Firewall Rule
1. Gii thiu Firewall Rule
Windows Firewall with Advance Security bao gm 2 loi firewall rule l Inbound Rules v
Outbound Rules.Cc firewall rule ny cho php bn to ra cc rule nhm iu khin cc kt ni n
v i t my tnh chy h iu hnh Windows Server 2008
Trong mn hnh lm vic ca Windows Firewall with Advance Security,click chn Inbound
Rules.Bn s thy xut hin mt danh sch firewall rule trn h thng,trong khung gia.

Bn cng c th sp xp v xem tng loi firewall rule p dng cho firewall profile bng cch nhp
chut phi vo Inbound Rules hoc Outbound Rules v ,lc theo cc iu kin nh Profile
,State,Group .Sau chn Filter by Nu mun xem chi tit ca mt firewall rule ,click p vo
rule

Cc firewall rule ny c to ra mt cch t ng khi bn ci t cc dch v cng nh b sung cc

thnh phn vo server. Lu : trong danh sch trn cha c mt firewall rule no c kh nng cho
php cc kt ni t my tnh khc n my tnh ny.

Vi Outbound Rules cng tng t.

Trn tab General

109 110
Bn xem v thay i trng thi ca firewall rule bng cch nh du hoc b chn mc Enabled.ng v Only allow connections from these users.Sau s dng chc nng Add b sung user v
thi mc Action,chn mt trong 3 ch Allow the connections,Allow only secure connections compute tng ng.
v Block the connections cho php hoc chn kt ni tng ng.

Tab Programs and Services Lu : xc thc user v computer,bn cn thit lp Allow only secure connections mc Action
bn c th thc hin cc thao tc nhm cho php hoc cm truy cp n cc dch v hoc ng dng ca tab General.ng thi user v computer phi thuc domain v IPsec phi c cu hnh trn
c ci t trn h thng. thit lp ng dng hoc dch v c th,s dng cc chc nng Browse cc h thng tham gia vo qu trnh xc thc.
hoc Settings. Trn tab Protocols and Ports,thit lp giao thc v port m firewall rule s p dng.

- Protocol type : bn chn mt giao thc tng ng trong danh sch nh UDP,TCP,ICMP
- Protocol number : bn nn s dng gi tr mc nh ca h thng .Tt nhin bn cng c th
Tab Users and Computers
in gi tr thch hp vi giao thc ca mnh
Bn c th thit lp nhm user hoc computer m firewall rule ny s p dng.vic ny c thc
hin bng cch nh du chn vo mt trong hai mc Only allow connection from these computers

111 112
 - Local port : bn thit lp port ca server ng vi firewall rule.Nu to mt inbound rule,port
ny s c my ch dng lng nghe cc yu cu truy cp n.Nu to mt outbound
rule,port ny s c server s dng thit lp kt ni n cc my tnh khc.
- Remote port: bn thit lp port ca my tnh khc m firewall rule ny s p dng (remote
machine).Nu to mt outbound rule ,y s l port trn mt my tnh xa m server ny s
kt ni n (destination port).Nu to mt inbound rule,y chnh l port m my tnh xa s
dng kt ni n server ny.(source port)
- Internet Control Message Protocol (ICMP) settings : nu bn mun thit lp trn giao thc
ICMP, chn Customize .

- Local IP address l a ch IP m server ny hoc dng lng nghe kt ni t my tnh khc

n vi inbound rule,hoc dng lm a ch IP ngun cho mnh thit lp kt ni n cc
my tnh khc vi outbound rule.
- Remote IP address l a ch IP ca my tnh xa m server ny s kt ni n vi outbound
rule,hoc y s l a chi IP ngun m my tnh xa s s dng kt ni n server ny
vi inbound rule
- thm IP bn chn Add v thm ,c cc mc cho bn ty chn.C th l dy IP hoc ch
mt IP hay subnet.

Tab Scope
Cho php bn thit lp cc gi tr trong mc Local IP address v Remote IP addess firewall rule
ny p dng.

Tab Advance

113 114
Bn c th thit lp cc profile v cc loi kt ni (interface type) s s dng trong firewall rule Nhp chut phi vo Inbound Rules v chn New Rule. Ti bng Rule Type chn Custom chnh
ny.Bn c th thit lp tt c cc profile hoc mt s profile ph hp.Nu mun cu hnh cc loi c cc ty chn.
kt ni ny chn Customize mc Interface type v la chn tng ng.

Chn Next tip tc.Ti bng Program bn c th chn All Program p dng cho tt c chng
trnh hoc chn chng trnh c th nu chn This program path.Sau chn Browse v ti chng
trnh .

Chn Next tip tc.Ti bng Protocol and Ports,chn giao thc ph hp mc Protocol
type.ng thi 2 mc Local port v Remote port,chn cc port ph hp v in gi tr port tng
2. To mt firewall rule
ng ngay di.
To mt firewall rule cho Inbound.(Vi outbound bn lm tng t)

115 116
Chn Next tip tc.Ti bng Scope chn kt ni ph hp.(V nh ngha Local v Remote c Chn Next tip tc.Ti bng Profile chn kiu profile bn mun p dng rule.
cp phn trn.)

Chn Next tip tc.Ti bng Action,chn Allow the Connection cho php kt ni n. Allow Chn Next.Ti bng Name g tn rule v nhp thng tin ch thch v rule mc Descripton

the connection if it is secure cho kt ni n nhng m bo iu kin bo mt.Chn Block the

connection ngn chn kt ni.

117 118
Chn Finish kt thc. Lc ny xut hin Inbound rule mi .

119