Nhat Nghe 70-410 Windows Server 2012 PDF

— TLL TATRA TEE | TRUNG TAM BAO TAO CNTY NHAT NGHE 72 POI TAC PAO TAO CUA MICROSO: BU TAE vit NAM 105 Ba Huyén Thanh Quan, Quan 3, TF E Tel: 08.39322.735 - 0913.735.906 Website: www.nhatnghe.com QUAN TRI MANG Microsoft LAB MCSA 2012 WINDOWS SERVER 2012 MON 70-410 oeumemavemereccommccsnwe {| HAT CHATLUGNG DAO TAO UGC DAM BAO BANG MHONG CAM KET CU THE ff ee aN a SEN a eaters A,TRUNG TAM DAO TAO CNTT NHATNGHE —_ *h LE“ DOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM g a © 105 Ba Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partner NHATNGHE Tel: 08.39322.735 ~ 0913.735.906 or Website: www.nhatnghe.com EES MUCLYC 1. LOCAL USERS - LOCAL GROUPS 2. LOCAL POLICY. 3. LOCAL SECURITY POLICY... BANTES vnc 4, SHARE PERMISSION ~ ACCESS BASE EMULATION (ABE). 5. DOMAIN ven 6, DELEGATE - DOMAIN USERS, GROUPS, COMPUT! 7. GROUP POLICY MANAGEMENT. 8. GPO CENTRAL STORE & SECURITY FILTERING... 9. GPO FINE-GRAINED PASSWORD POLICY 10 GPO ADMINISTRATIVE TEMPLATES ~ DEPLOY SOFTWARE - FOLDER REDIRECTIO! 11. GPO SECURE MEMBER SERVER - AUDITING - APP LOCKER ~ ADVANCED FIREWALL 42. DISTRIBUTED FILE SYSTEI 13, BITLOCKER. 14, FILE SERVER RESOURCE MANAGER. 15, WORK FOLDERS. 16. PRINTER, 17, MONITORING scons 18. BACKUP & SHADOW COPY.... 19. HYPER-V 20, LOCAL STORAGE ~ PHAN 1 21, LOCAL STORAGE ~ PHAN 2 .. 107 1s 18 135 M1 es Phign Ban Thif Nghigm ~ Lyu Hanh NGi BO‘TRUNG TAM DAO TAQ CNTT NHAT NGHE WEE“, 89x tac DA0 TAO Cia micRosorr Tat vigr NAM a TRE «105 88 Huyén Thanh Quan, Quan 3, TP.HCM Microsoft Partnet WHAT NGHE Tel: 08.39322.735 - 0913.735.906 “ Website: www.nhatnghe.com a LOCAL USERS —- LOCAL GROUPS CAC BUGC TRIEN KBAL: * Phin 1: Thye hign tr@n Window Server 2012 1. Tit User Account Control (UAC) 2. Teo Focal User Account 3. Cau hinh Log on ty dng biing account djnh sin 4. Teo local group account 5. Network access * Phin 2: The hign trén Windows 8.1 : 1. Ta0 Local User va Group 2. Tham khéo cdc Option khi nhan Ctrl + Alt + Del + 3. Enabled Account Administrator 4.Tham khdo ee Option cia User Account ‘5. Cho may tinh ty dng log on vei account din sin Ae CHUAN By M6 hin bai lab bao gm 2 miy = PCO1: Windows Server 2012 R2 = PC02: Windows Server 2012 R2 +2 iy tt firewall. Kids tra bing lo Ping gia 2 may Ban Thit Nghigm ~ Luu Hanh NGi BOTRUNG TAM DAO TAO CNTT NHAT NGHE oY — BOX TAC BAO TAO CUA MICROSOFT TAI VIET NAM a GEL 105 8a Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partner SRT NGHE Tel: 08.39322.735 - 0913.735.906 “a D NHATNGHE Website: www.ohatnghe.com ‘B- THC BIEN * Phin 1: Thye hifn trén Window Server 2012 1, Tit User Account Control (UAC) = B1 - Nhén t5 hop phim 38+ X > chon ‘BS - Nhén vio myc Change User Account | Control Panel hoge nhan phim P Control settings _ B2-G muc View By > chon Small icons |“ “ues oveiser acount ~> chon User Accounts _ $F Language 5B Uetwors el Sharing Center 1B4-- Cun thanh cugn xudng cubi cing Never Notify va nhén OK. Sau 46 khdi dGng lai may 42 thay d6i 6 higu lye, 1 Pesscnshization Power Options & resien & Sond - TF Sytem $8; Teate Speen "Bp Windows Upacte || 2, Tgo Local User Account | B1 - Mé chwong trinh Local'Users and Groups bling céch nhin té hgp phim +R > g6 lénb | lusrmgr.mse . 2 Phién Ban Thi Nghiém ~ Luu Hanh NiTRUNG TAN BAO TAO CNTT NHAT NGHE ET, P81 TAc pAo TAO COA MICROSOFT TAI VIET NAM a Wf 105 Bd Huyén Thanh Quan, Quan 3, TP.HCM Portnes NHATNGHE Tel: 08.39322,735 - 0913.735.906 serosal Partner Website: www.nhatnghe.com BS - Dién vio céc théng tin sau: + Usernaine ; U1 + Password vi Confirm password : P@ssword +Bé check User must change password at next logon Sau dé nhfin vao nit Create Ea men + Username : U2 + Password/Confirm password : P@ssword + BS - Log on user Ul. Truy e@p vio thr mye C:\Users\U1, quan sit thdy profile ca U jar ambiereane ‘B6-Tiép theo thit truy cp thr myc _ ‘CAUsers\Administrator, sé thdy béo 18i khng ¢6 quyén iy, You don't currently have permission to access this folder. Click Continue to permanently get access tothis folde, Phién Ban Thi Nghiém ~ Luu Hanh NOI BO 3TRUNG TAM BAO TAO CNTT NHATNGHE DOr TAC DAO TAO CUA MICROSOFT TAI VIET NAM 4 105 B& Huyén Thanh Quan, Quin 3, TP.HCM Microsot Partner ‘Tel: 08,39322.735 ~ 0913.735.906 ‘os : Website: www.nhatnghe.com . 3. Cau hinh Log on ty dng biing account djnh sin . [BA - Log on bing account Administrator, nhin Ctrl + Alt + Del chon Change Password Bi Pal mgt khdu thanh P@ssword456 1B2-Nhén t6 hap phim 38+ R, gO Kenh Control 1B3- 6 myc Users for this computer > chon ' UserPasswords2 Administrator. Sau d6 bd check & 6 Users ‘must enter a user name and password (0 use | SR Ritvcerenemntaige ere Bd - Nh§p vio mat khiu cia account Administrator: | Pa@sswordt56 OK \ ela BS - Kim tra: Kh dng lai my. May tinh f Mnemdpntadteaipis Pedi pcr tab fu ding ding nhgp bing account { Ee imamcely Sadist | Administrator, khéng héi password a 4. Tao local group account B1- Nhén té hop phim 38+ R, g6 le tasrmgr.se > ES . 4 Phién Ban Thi Nghigm ~ Lu Hanh NGI BSTRUNG TAM DAO TAO CNTT NHAT NGHE of EE Par TAc DA0 Tao cba mrcnosorr Tal vigr Nam ah “S105 Ba fuyén Thanh Quan, Quan 3, TP.HEM Microson Parner WHAT NGIE Tel: 08.39922,735 ~ 0013.735.906 me Website: www.nhatnghe.com in 2: Thye hign trén Windows 8.1 ‘Chun bj: Ghost may PCO1 bin Windows 8.1 1. Tg0 Local User va Group BI - Mé File Explorer, chudt phii vio This PC > _B3 - Chuft phai vo Users > New User chon Manage [E Corpo Nyon Coc) [noon B2 ~ G khung bén trai, bung myc Local Users and | * ff Sytemeot | fea Groups -> chon Users. “ieee” fs [E Compate Management loca A 1 Sadan ie 1 El System Tools © TaskScheduter » Event Viewer > a, Shaved Folders 4B Local Users and Groups Groups @ Performance y . BS - Log Off. Quan sat thdy 44 6 thém user BA Trong cita s6,.New User, khai bo cdc thong tin: account méi trong phi log on. + User name: ul ++ Password: 123 BG - Tiép theo chudt p + Confirm Password: 123 chon New Group +Bé ddu check true déng “User must Change [Computer Mansgunent Goce) assvord at nxt Lo Create 4 W System Tools ‘ + @ TaskScheduler © Sven Viewer fl Shared Folders 4B Loca ers and Groups lén mye Groups > Phién Ban Thif Nghigm ~ Luu Hanh NGI BS 7TRUNG TAM DAO TAO CNTT NHAT NGHE pE POrTAc bao Tao Ca micRosoFT TAI vigt NAM th Li 105 B3 Huyén Thanh Quan, Quan 3, TP.HCM Microsoft Partner WHAT NGHE Tel: 08,39322.735 ~ 0913.735.906 ed Website: www.nhatnghe.com BT - Trong cia sb New Group, & mue Group ‘Name, ban d3t én group la: Boss > Add BB -Nhdp vio ul > Checks Name > OK B9 - Quan sit thiy user} di duge thém vio ‘grotip Boss > Create, 2. Tham khio cée Option khi nbn Ctrl + Alt+ Del - Nhiin 16 hop phim Ctrl + Alt+ Delete, 8 Phién Ban Thiy Nghigm ~ Luu Hanh NOI BOTRUNG TAM DAO TAO CNTT NHATNGHE Wek’ BOI TAC DAO TAO CUA MICROSOFT TAL VIET NAM ah 205 B3 Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Parnes _t Tel: 08,39322.735 ~ 0913.735.906 “— eS ie tae STUNT ETe ae eee n ~ Quan sit thay cée try chon: + Lock: Khia may tinh + Switch User: Chuyén qua mai trirmg lam viéc cia user khée ma khéng tét session hign tai + Sign out: Chuyén qua moi truémg lim vige cia user khéc va tit session hign tai +¥ Task Manager: Ding dé xem ef thong s6 performance cita may tinh 3. Enabled Account Administrator ‘BI- MG File Explorer, chudt phai vio This PC > chon Manage B2- G khung ben tri, bung mye Local Users and Groups > chon Users. 'B3 ~ Chudt phai lén account “Administrator”-> chon B4 - BS check “Account is disabled” > Properties. BS - Log off va quan sit account Administrator da xudt | hign trong phi log on. 4. Tham khio cic Option cia User Account Cuber mes change password tet agen Cther cannot change password, CoPaseord never cnpies. Ccoourt is dated {[Béccount tected at + User must change password at next logon : User phai 44i password trong dn log on dau tién + User cannot change password: User khéng 6 quyén 44i password‘TRUNG TAM DAO TAO CNTT NHAT NGHE Ee, P81 TAc Ao TA0 CUA MICROSOFT TAT vigT NAM GER © 105 88 Huyén Thanh Quan, Quén 3, TP.HEM WHET NGHE Tel: 08.39322.735 - 0913.735.906 Website: www.nhatnghe.com a Microsoft Partnet + Password nerver expires: Password cita user khéng bao gid bi hét han + Account is disabled: V8 higu + Account is locked out: Account tam thai bi khéa : 5. Cho may tinh ty dng fog on véi account djnh sin a Account B1- Go té hgp phim: 32+ R, nh§p Iéah control B2 - Bé check “ Users must enter a username ‘userpasswords2 and paswword to use this computer” = hun wk muc “Users for this computer" chon = yamunemancnsee Administrator me ‘Gi int — Sy aes eer Cae (Became ‘B4~ Kigm tra: Khii dng lai may. May tinh tw ‘dong dng nhap bing account Administrator, hing hoi password. 10 Phin Ban Thi Nghigm ~ Luu Hanh NGI BGTRUNG TAM DAO TAO CNTT NHAT NGHE A phe” DOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM a u © 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner Tel: 08,39322.735 - 0913.735.906 pd NHATNGHE Webster wwncthatnghe cm eS LOCAL POLICY CAC BUGC TRIEN KHAI: 1. Cau hinh Local Policy a. Diéu chinh policy Computer Configuration . Diu chinh policy User Configuration 2. Ciu hinh Local User Policy A- CHUAN BI ~ M6 hinh bai ab bao gm 1_mdy Windows Server 2012 R2 ~ Tyo user Teo, Password: P@s B-THYCHIEN 1. Cau hint Local Policy 4. Digu chink policy Computer Configuration BI - Log on vao may bing account ‘B2- Nhin t& hop phim 3 + R, 96 lénh ‘Administrator. Nhin phim 18, chon biéu tuwong Gpeditmse Tun Of > Shut down. Xuit hign Sing, ‘Shutdown Event Tracker. Nhin quay Iai man hinh Desh B3 - Lin lugt mé theo dudng din: Local Computer Policy > Computer Configuration > Administrative Templates > System. hung bén phai nhdn double click vao Display ‘Shutdown Event Tracker. ‘cooose a ston ta bes eat ny you went ‘esha dove ts computer B4- Chon Disabled > OK BS - Thir kiém tra nhdn phim 38, chon biéu_ ‘tugng Tum Off > Shut down > Khéng thay xuat hign bang Shutdown Event Tracker nita, ’ Phién Ban Thit Nghiém ~ Luu Hanh Ni BO uTRUNG TAM BAO TAO CNTT NHAT NGHE iE, 281 TAc bdo Ta0 CUA micRosorT Tal vigT NAM JUESEE" © 105 88 Huyén Thanh Quan, Quan 3, TP.HCM WHAT NGHE Tel: 08.39322.735 - 0913,735.906 Website: www.nhatnghe.com +b. Dida chinh policy User Configuration BL - Mé Control Panel > Truy ofp thinh cng. B2 - Lan lugt mo theo duimg din: Local Computer Policy > User Configuration > Administrative Templates > Control Panel. 6 khung bén phai, rnhn double click vao Prohibit access to Control Panel and PC Settings. Wi Ws Gta 3. Saw Ss ieee rr BB ~ Quay Iai cia s6 Local Group Policy Editor. Mé theo durdmg din Local Computer Policy > User Configuration > Administrative Templates > ‘System. G khung bén phi, nhin double click vio Prevent access to the command prompt -> Enabled PB iva conne, “ 2 Microsoft Partner 1B3 - Chon Enabled > OK 1B4-- Kiém tra: Truy ofp vio Control Panel, -xuat hign thong bao 13i chan tray cfip. BS - Quay lai cita sb Local Group Policy : Editor. Mé theo duging din Local Computer Policy > User Configuration > Administrative Templates > Desktop. 6 hung bén phai, nhan double click Remove Recycle Bin icon from Desktop -> Enabled. 2 Comteargotes + Sate emt} BT7- Kiém tra: Log off va log on Iai may s& thy mét biéu tugng Recycle Bin trén desktop. ‘B9- Truy clip thir vio CMD sé thay bi béo | i B10 - Sau khi thye hign xong, tri céc policy vita thiét lap vé mc dink nhw hic ddu.TRUNG TAM BAO TAO CNTT NHAT NGHE PEE, POT TAC bao Ta0 Ca Microsort Tal viéT NAM x ES 105 84 Huyn Thanh Quan, Quén 3, TP.HCM, MerosotPartne: i Tel: 08,39322,735 ~ 0913.795.908 NHATNGHE Website: wew-ratnghe-com a= ETITeSRETmerrsoeme eee 2. Chu hinh Local User Policy BL-Nhdn 5 hop phim 38+ R, g61énh MMC B3 -G hung Available snap-ins bén tri chon Group Policy Object Editor > Add B2~ Cita s6 Console 1, vio menu File > ‘Add/Remove Snap-in... ho nhin t6 hop phim Cirl+M Fie] Acie Wer 1 Chiindontins2 gpa ba ae BS--Tidp tye vio menu File, chon Add/Remove , Sen Eai Snap-in... -> Group Policy Object Editor > Add eeenntros B7~ Qua tab Users > chon Non-Administrators > BS -Tuong ty, vio menu File, chon Add/Remove Snapin...-> Group Policy Object Editor > Add > Brovse 3 Qua tab Users, chon User Teo. Quan sit théy 063 policy vita add img véi timg 46; tugng: Computer Policy, Non-Administrators Policy vi Teo Policy 'b Local Computer Policy Loe ComputeANon AdiitaPecy b & Local Computeriteo Policy ES Phién Ban Thir Nghigm - Luu Hanh NGI BO B‘TRUNG TAM BAO TAO CNTT NHAT NGHE EE, POLTAC Do TAO Cua IcROSOFT Tal VIET NAM a REL” © 105 Ba Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partner NHATNGHE Tel: 08.39322.735 ~ 0913.735.906 ‘mee Website: www.nhatnghe.com “ THI: Chink Local Computer Policy x6a Recycle Bin trén Desktop - Ma theo dutmg din: Local Computer Policy > User Configuration > Administrative ‘Templates > Desktop. G khung bén phai, nhin double click Remove Recycle Bin icon from Desktop > Enabled. a “a 1! toca Compus Pl escort seer mst ‘geome — eo a 15 Aime fogs ee Sein Renew hoyertentsrBaceued a Neo : orveseeng won necows™ = || Stocttenthiecniwmeintingmeuegeae Neco See {Llp nag aemey Sopp nd dengan eco cea ||. remargutey cote weon 2 Made Cement hee : meow Bic iém tra: Log on User Teo, kiém tra thay biéu tugng Recycle Bin bj mat trén Desktop. * THD: Chinh Non-Administrators Policy khOng x6a Recycle Bin trén Desktops ' = Log on Administrator. Mé theo durémg dn: Local Computer\Non-Administrators Policy > ‘User Configuration > Administrative Templates > Desktop. 6 khung bén phai, nhdn double click Remove Recycle Bin icon from Desktop > Disabled. - Kiém tra: Log on User Teo, kiém tra thay biéu tugng Recycle Bin KHONG bj mat trén_ Desktop * TH3: Chinh Teo Policy x6a Recycle Bin trén Desktop ~ Log on Administrator. Mé theo duromg din: Local Computeriteo Policy -> User Configuration > Administrative Templates > Desktop. 6 khung bén phai, nhdn double click Remove Recycle Bin icon from Desktop > Disabled ~ Kiém tra: Log on User Teo, kiém tra thay bigu tugng Recycle Bin bi mat trén Desktop u Phién Ban Thir Nghiém ~ Luu Hanh NOt BSTRUNG TAM DAO TAO CNTT NHAT NGHE Or TAC BAO TAD CUA MICROSOFT TAI VIET NAM 405 B& Huyén Thanh Quan, Quén 3, TP.HCM Tel: 08,39322.735 ~ 0913.735.908 NHATNGHE Websit jww.nhatnghe.com LOCAL SECURITY POLICY CAC BUGC TRIEN KHAI: 1, Password Policy 2. Account Lockout Policy 3. User Rights Assignment 4. Network Access A> CHUAN B] ~ M6 hinh bai lab bao gdm 2 miy * PCOL: Windows Server 2012 R2 * PC02: Windows Server 2012 R2 ~ 2 may tit Firewall > Kiém tra dung truyén bing lénh PING B-THYCHIEN 1. Password Policy (The hign tén PCO}) ‘BI - Log on Administrator -> Tao user bing B2 - Ma Server Manager, vao menu Tools > password : 123 > bdo I8i khdng thé tg0 duge ~ Local Security Policy do khéng théa yéu cdu vé 46 phite tap ct password B3-Mé Account Polices > Password Policy. | | Component Services at | Computer Management Defragment and Optimize Drives, vent Viewer Es kta ODBC Data Sources (64-bit) temas ine + Enforce password history : $6 password hé thong lira tra (khuyén diing: 24 ) + Maximum password age : Thi gian sit dung ti da cia 1 password (khuyén ding: 42 ) Phién Ban Thir Nghiém ~ Luu Hanh NGI 86 3i TRUNG TAM DAO TAO CNTT NHAT NGHE fEE, Pot Thc DAO TAO Con wicnosort Tal vier NAM x & 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM ‘Microsoft Partner NHATNGHE Tel: 08.39322.735 - 0913,735.906 ‘ey NHATNGHE ebster www hatnghe-cem + Minimum password age : Thai gian sit dung 10i thiéu cia | password (khuyén ding: 1 ) + Minimum password length : Dé dai t6i thiéu eta 1 password (khuyén ding: 7) + Password must meet complexity requirements: Yéu clu password phife tap (khuyén ding: Enabled) > Chinh password policy = B4 - Password must meet complexity requirements -> Chon Disabled BS - Céc password policy c&n Iai chinh tri v8 0> OK B6 - Mé CMD > g6 Iénh Gpupdate /Force BT-Kiém t ‘go account UI v6i password : 123 > Tao thinh eéng 2. Account Lockout Policy BL - Mé Local Security Policy. Truy efp theo dung dan Account Policies > Account Lockout Policy B2- Quan sit cde policy bén phai + Account lockout duration: Thdi gian aecount bj khéa . + Account lockout threshold : $6 ln nhap sai password trade Khi account bi Khéa + Reset account lockout counter after: thdi gian chuyén b§ dém vé gia tri 0 “itu chinh thong s6 ede policy : + Account lokout threshold : 3 + Account lockout duration : 30 + Reset account lockout counter after : 30 3. User Rights Assignment Yeu cu: [ae ae tas ee eal aE BH patna | * hace dna 2 patctatoce i ticamtwonice | 3 oye te cn Peterererenree B3 - Kiém tra: Dang nhép sai password 3 lin > khéng thé ding nbfp tiép. Chir sau 30 phat > c6 thé dang nip kai. + Log on bang quyén Ul > shut down méy tinh > khing dege + Thay adi ngdy gid hé thing > khong doe BI - Log on Administrator > Mé local security policy -> Local Policies > User Rights Assignment > o6t bén phi: Quan sit 2 policy + Change the system time: Cho phép uset/group c6 quyén thay 4éi ngay gid hé thing + Shutdown the syste Cho phép user/group 06 quyén tit may 16 : Phién Ban Thir Nghigm ~ Litu Hanh NOI BG‘TRUNG TAM DAO TAO CNTT NHAT NGHE s or fe — BOI TAC PAO TAO CUA MICROSOFT TAI VIET NAM a BR 105 B& Huyén Thanh Quan, Quan 3, TP.HCM Microsoft Partner NHATNGHE Tel: 08.39322.735 ~ 0913.735.906 om Website: www.nhatnghe.com 3 tance 1 Tere eta copy aie | seed ERR 'B2- Diéu chinh théng sé policy + Change the system time: Bua group Users vio + Shutdown the system: Bua group Users vio B3-Kiém tra: Log on Ul > Shut down thir > thanh cong. Thay di ngay gid hé théng > thanh cng 4. Network Access * Trung hgp 1: Classie = M6 Local Security Policy -> Local Policy -> Security Options > Double click Network access : ‘Sharing and security model for local aocount. (Mie dinh Windows Server chay Classic). Necro mene Someta | Mewokeeas Denton wenmourenenaston AS. Eabed | c meodace Denetiton menu ence Oe | Steet ent on gee pennies nutes rent permom ae sno Dees » Gy Wton Feat vcd ac ewe tnage Ptay 9 Bi rattan 1 ohn hein Pin | stews cee Roemer cute aed pe Eas Nemes ura bi sneymeu Nit bted » 5B Atanet Analy Cette z torrie qoetroty Aon rien on compde Net Ore Einewu ety Aweeiyten MUL seman ace "Met Phién Ban Thi Nghigm — Luu Hanh NGi BG a‘TRUNG TAM DAO TAO CNTT NHAT NGHE BOI TAC PAO TAO CUA MICROSOFT TAI VIET NAM a L&E 105 88 Huyén Thanh Quan, Quan 3, TP.HCM Partner ART NORE Tel: 08.39322.735 ~ 0913.735.906 Monceon pay Website: www.nhatnghe.com ‘a, Classie: 2 may eiing password (Thy hign trén ei 2 may) - Bbi password administrator la 123 - Thye hign truy cp bing URL tir May PCO] qua May PCO2 vi nguge lai Tei PCO2 : Nhént6 hop phim H+ R, g6 \PCO] > truy cép thanh cong ma khéng hai usemame va password = Nhdn xét : Khi tray cp vio PCO2 néu account ding dé log on trén May PCO! trig user name va passward véi I account irén may PC 02 , thi khi network access sé khéng bi héi username va password bb. Classic: 2 may khae password (Thue hign trén ci 2 may) ~ Dai password administrator May PCO] thinh 123 , password administrator May PCO2 thank 456 > Log om-vao PCO! bing account administrator - Thute hign truy ep bing URL tir May PCO! qua May PCO2 va nguge lai = Tai PCO}: Nhan t6 hop phim 38+ R, g6\PCO2 > Hign théng béo ddi User name and password > Khai bio username vi password May PCO2 > OK > Truy edp thanh cfng qua PCO2 Enterta credential inoue cee mE Domain POT ED Retarded 4B The user mee o password is incorrect, * Trurimg hop 2: Guest only (Thye hign trén cd 2 may) - May PCO2: Enabled user Guest. = Mé Local Security Policy > Local Policy > Security Options > Double click Network access: Sharing and security model for local account -> Guest only ~ local users authenticate as Guest. 2B Phién Ban Thit Nghiém — Luu Hanh Ni BS‘TRUNG TAM DAO TAO CNTT NHAT NGHE bE. OI TAC DAO TAO CUA MICROSOFT TAI VIET NAM ah “i S105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner NHATNGHE — Tel: 08.39322.735 ~ 0913.735.906 “re Website: www.nhatnghe.com [Gnas focal woos otharicte on themes (Gast -local ser adore o hemscvos A Ss oe cnn arch as os fe (ee ] [Ceenes] Senn REE = PCO! truy cp vio PCO2: Khéng hai usemame, password. Mic dinh chitng thyc bing account Guest. + PCO2: Disabled account Guest. PCO1 truy ofp vao PCO2 sé bj héi User name va password , tuy nhién di nhép account Administrator cing khong thé truy cép duge vi chi cé thé truy cap bing ‘bing account Guest (Da bj disable). | ever neworkcdenils L Sl mee mean I A Use nate acount 9 earn irene umnmmmmemmmmmmmeasenes= eet’ Phién Ban Thif Nghiém ~ Luu Hanh NGi BS 19‘TRUNG TAM DAO TAO CNTT NHAT NGHE ait OL TAC DAO TAO CUA MICROSOFT TAI VIET NAM aah HEE 408 88 Huyen Thanh Quan, Quen 3, T.HCH eer WET NGHE Tel: 08.39322.735 ~ 0913.735.906 ‘oo Website: www.nhatnghe.com NTFS CAC BUOC TRIEN KBAT . 1. Phin quyén thr mye bing Standard Permission 2. Phin quyén thr myc bing Special Permission 3. Take OwnerShip 4. Xét quyn khi di chuyn a0 liga ‘A- CHUAN BI Jab bao gm I my sit dyng bin ghost Windows Server 2012 R2 - Tao cy thur mye'nhu trong hinh: - Tao 2 group: KeToan, NhanSu ~ Tyo 2 user: KTI, KT2, Add 2 user nay vio Group KeToan - T90 2 user: NSI, NS2. Add 2 user nay vao Group NhanSu B-THYC BIEN 1, Phin quyén thir myc bing Standard Permission Phén quyén cho cée group nbue sau - Trén hue mue Data: Group Ketoan va Nhansu c6 quyén Read ~ Trén the muc Chung: Group Ketoan va Nhansu cé quyén Full = Trén thu mye Ketoan: + Group Ketoan cé quyén Full. Group Nhansu khong c6 quyén = Trén thie muc Nhansu: + Group Nhansu cé quyén Full. Group Ketoan khong cé quyén 20 Phién Ban Thiv Nohigm ~ Luu Hanh NGI BGTRUNG TAM DAO TAO CNTT NHAT NGHE BOT TAc BAO TAO CUA MICROSOFT TAI VIET NAM m 7 © 105 88 Huyén Thanh Quan, Quén 3, TP.HCM Microsoft artnet NHATNGHE Tel: 08,39322.735 ~ 0913.735.906 oe Website: www.nhatnghe.com a. Phan quyén trén thr mue DATA BL Chudt phai lén thir mye DATA —_B2- Trong tab Permissions > Chon Disable > Chon Properties > Qua tab Inheritance S | Security > Nan néit Advanced Ee EmSnc0/ ‘ios spe ee “> Cnet inered permet exp pstitonsen isd “> Reso lisse persion rom tis ebjec, (aaa) [BS - Cita s6 Permissions for DATA > nhin nét Add BG - Nhép vio; ketoansnhansu > Chon Check Names > OK Phién Ban This Nghiém ~ Luu Hanh NGi BS aTRUNG TAM DAO TAO CNT NHAT NGHE qfEE, 261 Thc DAO TA0 cia microsorr tai vier NAM STARS © 105 88 Huyén Thanh Quan, Quin 3, TP.HCM Tel: 08.39322,735 ~ 0913.735,906 NHATNGHE Wasco: ww inhatnghe.com ‘BT - Quan sit 2 group KETOAN va NHANSU > c6 3 quyén Allow: Read & excute, List folder ‘contents, Read, | onearon oom [sS.creatoaowes i (Basten | Sssten | Sremanten poor sdorsoaey |S ennnton FceI to | Sheerom renveroo, B9 - Kiém tra: . . + Lan lugt log on vio méy bing quyén KTI, NSI > Mé thn mac CADATA > truy ep thanh cog . + Tao Folder bit ki > xuét hign béo 18i bing ob quyen 2 Phién Ban Thir Nghigm — Lufu Hanh NGI BG‘TRUNG TAM DAO TAO CNTT NHAT NGHE at ‘L me OI TAC AO TAO CUA MICROSOFT TAI VIET NAM oh 4105 83 Huyén Thanh Quan, Quin 3, TP.HOM Microsoft Parner Fr Tel: 08.39322.735 - 0913.735.906 ‘ons in wie Websites www .nhatnghe.com b. Phan quyén cho the mye Chung BI - Logon Administrator > Chudt phai len thur mye Chung, chon Properties > Tab Security > Chon Edit > Ln Igt chon timg group KeToan va NhanSu > Chio quyén Allow Fall Control > OK > OK, Shsystex SQerompeoverony domesu pense + Lin lugt log on vao bing KT1 , NSI > truy cép vio thar mye Chung > truy c@p thanh eéng ++ Tao, xéa folder bit ki trong thu nye Chung > thanh cng ¢ Phin quyén cho thu mue KETOAN ‘BL - Chuodt phai lén thu mpe KETOAN > Chon Properties > Qua tab Security > Chon ‘Advanced B2- Trong tab Permissions > Chon Disable Inheritance ‘BS - Trong cita sé Block Inheritance, chon Convert inherited permissions into explicit permissions on this object > OK ‘BA - Cita sd KETOAN Properties > Chon Edit — Phién Ban Thit Nghigm ~ Luu Hanh NOI BG 23TRUNG TAM BAO TAO CNTT NHAT NGHE ‘7% BOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM © 105 88 Huyén Thanh Quan, Quén 3, TP.HCM Microson Partner WHAT NORE Tel: 08.39322.735 - 0913.735.906 NHATNGHE Website: www.nhatnghe.com BG ~ Chon Group KETOAN > Chon Allow BT - Kiém tra: - Lin hugt log on vao bling KT1 , NS1 > truy cép vao thu myc KETOAN > chi cd KT1 ty. cp thinh céng, con NST khong truy cp duge. = User KT] tao , x6a file, folder bit ki trong thu myc KETOAN > thanh cing 4d, Phan quyén cho thu mye NHANSU BA ~ Chugt phai lén thu muc NHANSU + Chon Properties > Qua tab Security > Chon Advanced BZ - Trong tab Permissions > Chon Disable Inheritance BS - Trong cita s6 Block Inheritance, chon Convert inherited permissions into explicit permissions on this object > OK ‘B4 - Cla sé NHANSU Properties > Chon Edit BS - Chon group KETOAN > Remove 1B6 - Chon Group NHANSU > Chon Allow Full Control > OK > OK CS 24 Phién Ban Thif Nghigm ~ Luu Hanh NGi BO‘TRUNG TAM DAO TAQ CNTT NHAT NGHE fe” OI TAC DAO TAO CUA MICROSOFT TAI VIET NAM FEEL © 305 88 Huyén Thanh Quan, Quin 3, TP.HCM, Tel: 08,39322.735 ~ 0913.735,906 NHATNGHE Website: www:nhatnghe-comn Seese aa eee B7 - Kiém tra: + Lin lugt log on vio bing KT1, NSI > truy c§p vao thr mpe 'NHANSU > chi NSI troy fp thinh cdng, con KTI khong truy cp duge + User NS1 tao, xés file, folder bit ki trong thir mye NHANSU > thinh cng 2. Phiin quyén thir mye biing Special Permission ile do User nao tao ra User &3 mdi x6a chege Phén quyén theo yéu cdu: BI - Chu6t phai Ién thu mye KETOAN > B2.- Trong tab Permissions -> chon Group ‘Chon Properties > Qua tab Security > nhin — KETOAN > chon Edit vao nit Advanced [nme comme 'B3 - Trong cita sé Permission Entry for KETOAN, nhan vao lién két Show advanced permissions. ‘B4-6 muc Allow, tit déu chon 5 6 Delete subfolders and fies va Delete > Chon OK 4 ‘BS - Kiém tra: + Lan lugt log on bing KTI va KT2 > truy cp vao thy mye KeToan + KT! Go file KTLAxt, KT2 to file KT2.txt - Log on bing KT1 > xéa file KT2.txt > bio I6i khong c6 quyén xda . Xéa file KTL.txt > thanh cng ’ ~ Log on bing KT2 > xéa file KT].txt > bio Idi khong ¢6 quyén x6a . Xéa file KT2.txt > think céng Phién Ban Thi Nghiém ~ Luu Hanh NGI BG 2s.. Take Owner Ship BI - Log on KT, truy cép vio folder KETOAN > tao folder KTH file ‘B2- Phan quyén NTFS trén thy myc KTi file. Chudt phai thu mye KTIFile > Chon Properties > Qua tab security > Chon Advanced > Disable Inheritance B4-- Log on Administrator, tray ep vao folder KETOAN. Truy cép vio folder KTIfile bj bio 15i khéng thé truy ep > ‘Chudt phai len folder KT file, chon Properties > Qua tab Security, chon Advanced BG -Nhap vo Administrator > Check Names > OK tra: Chudt phai vao folder KTIile, quan sat thay Administrator d& 6 quyén Full Control TRUNG TAM DAO TAO CNTT NHATNGHE BOI TAC DAO TAO CUA MICROSOFT TAT VIET NAM 105 B3 Huyén Thanh Quan, Quan 3, TP.HCM Tel: 08,39322.735 - 0913.735.906 Website: www.nhatnghe.com aS ‘B3- Tab Security > chon Edit > Remove tit ca cée object, ngoai tri KT1 (Full Control) > nhén OK 2 lar BS - O muc Owner, chon Chany pare ar ee ees ‘BT - Dinh div chon vio 6 Replace owner on subcontainers and object > Yes-> OK > OK déng cic cia 86, Microsoft Partner 4. Xét quyén khi di chuyén data trén cing Partition a. Copy = Trong 5 C tao 1 folder tén 1 A ~ Chugt phai lén CADATA chon Copy > Mé thy myc A > chudt ph Sanne hon Paste 6 Phién Ban Thi Nghigm ~ Luu Hanh N6I BG‘TRUNG TAM DAO TAO CNTT NHAT NGHE UGE’ -BOT TAC DAO TAO CUA MICROSOFT TAI VIET NAM a {105 B8 Huyén Thanh Quan, Quan 3, TP.HCM. Microsoft Partner NHATNGHE Tel: 08.39322.735 - 0913.735.906 ms Website: www.nhatnghe.com ~ Kiém tra quyén cia thu mye C\A\DATA > cc quyén NTFS bi thay déi b.Move ~ Trong 8 C tao | folder tén 1B ~ Chuot phai léa CADA'TA chon Cut > MG thu mye B > chuét phai chon Paste ~ Kidm tra quyén cit thy mye C:AAWDATA + cdc quyén NTFS kh6ng bj thay 46i * Nin Xét : - Khi di chuyén dit ligu trong cimg partition ~> quyén ciia data khéng bi thay déi. ~ Khi copy dit ligu vaa noi khdc ciing partition tht quyén ciia data vita copy bj thay aéi plu thugc v0 noi dén seen ee ey Phién Ban Thiy Nghigm ~ Luu Hanh NOI BG 7TRUNG TAM BAO 7) (NTT NHAT NGHE GEES, P01 TACOAO TAO CUA micRosor® Tal vigr NAM ah ex =~ 105 Ba Huyén Thanh Quan, Quan 3, TP.HCM ‘Microsoft Partner BART NgHE Tel: 08.39322,735 - 0913.735.906 ri NHAT NGHE Website: www.nhatnghe.com SHARE PERMISSION — ACCESS BASE EMULATION (ABE) CAC BUGC TRIEN KAI + 1. Share mot Folder 2. Thyc hign Share An 3, Map Network Drive 4, Share 1 folder véi ahiéu tén 5. Quin ly céc Shared Resources 6. Access Base Emulation A- CHUAN BI = MO hiinh bai lab bao gim 2 méy: + PCOL: Windows Server 2012 R2 + PCO2: Windows 8.1 Enterprise = PCOI tao account ul véi password li P@ssword , = PCO1 tg0 folder ThueTap trong 6 C:. Trong thu mye ThucTap igo 2 folder DuLieu va BiMat - Trong cde folder to file Abe.txt v6i n6i dung ty ¥ - Trén 2 may tit Firewall, UAC, va kiém tra dudng truyén bing lénh Ping 28 Phién Ban Thu’ Nghigm ~ Luu Hanh NGi BSTRUNG TAM DAO TAO CNTT NHAT NGHE DOI TAC BAO TAO CUA MICROSOFT TAI VIET NAM ah 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partnet NNATNGHE Tel: 08.39322.735 ~ 0913.735.906 rd B-THUC HEN 1. Share mgt Folder (Thye hign trén PCO1) BI - Chugt phai lén folder DULIEU chen ‘BS - Dinh du chon vio 6 Share this folder Share with > Advanced sharing.. vio Permissions B2- G tab Sharing > Nhén vio iit Advanced Sharing... B4 - Check vio Allow Full Control > OK > OK > OK ‘BG - Hop thoai yéu cdu ching thyc khi ding hip > Bién vio ul/ P@scwor, [ORES hae Si ter network credentials 1 teers tenet 8404 | B7- Truy ip thinh cing thy Folder F = DULIEU : A= a terete, pes Mettawa pats ww cence] tonne Seacemanee © etmenmear morse Soeaee jin Phién Ban Thit Nghigm — Luu Hanh NGI BO‘TRUNG TAM DAO TAO CNTT NHAT NGHE pL, POrTAc DAO TAO Cua micnosorr Tat vigt NAM Tee. 405 83 Huyén Thanh Quan, Quin 3, TP.HCM y Tel: 08.39322.735 ~ 0913.735.906 NHRTHGHE acto: wen rhemgnecorn 2. Share dn mt folder (Fhye big tgi may PCO) ae ‘Microsoft Partner B1-Chu6t phai thu myc BIMAT > Chon B3~ Dinh div chon vao 6 Share this folder. 6 ‘mye Share Name, nh§p vao BiMat$ > Nhin ‘vio mit Permissions Shate with > Advanced Sharing, B2- O tab Sharing > Nhén vio nit ‘Advanced Sharing... B4 - Check vio Allow Full Control > OK. 3 OK > Close BS - Tai méy PCO2 nhin 18 hop phim a+ R, g0: \WPCO1 > OK > Tray edp vio Khong thay folder BIMAT. B6 - Tat ota 38 File Explorer > Truy cap Jai \PCONBIMATS: = an 5 MN aetieetnee en toe 1 tata candied Bef ence ae 3.Map Network Drive BI - Qua may PCO2 > truy cép network access vio. B2- Hop thogi yéu cdu chimg thyc khi ding may PCO nip > Bién vio Username va Password B3 - Tai man hinh truy ep, chudt phii lén folder DULIEU > Chon Map Network Drive... 30 Phién Ban Thi Nghiém ~ Luu Hanh NGI BG = —hE”. < NHAT NGHE ‘TRUNG TAM DAO TAO CNTT NHAT NGHE BOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM 105 Ba Huyén Thanh Quan, Quin 3, TP.HCM Tel: 08,39322.735 ~ 0913.735.906 Website: www.nhatnghe.com ‘Microsoft Partner 1B4- Dé mac dinh céc options > Nhin Finish, use timoie BG - Mé CMD, 86 lénh Net use Y: \PCONBIMATS i Sa em SIE BS -Mé Computer kiém tra da 06 6 dia i PH Tatvaainis thy xult| BT Kidm tra tén PCO2 m8 File Explorer ata mang Y: ebdrmensny ta, etc mer SP Raicnae + neonate) CS EEEEEEEEEEEEeeEEeeeeeeeeeo Phién Ban Thir Nghigm ~ Luu Hanh N@i BG 31TRUNG TAM DAO TAO CNTT NHAT NGHE hE” BOI TAC BAO TAO CUA MICROSOFT TAI VIET NAM oh 105 Ba Huygn Thanh Quan, Quin 3, TP.HCM WHAT Wane — Tel: 08.39322.735 - 0913.735.906 Website: www.nhatnghe.com Microsoft Parnes ‘Share I folder v6i nhigu tén (Thyc hign tren B1 - Chudt phai Ién folder DULIEU > Share with > Chon Advanced sharing...> ‘Advanced sharing > Nhan vao nit Add. B3 - Kidmn tra trong hp thosi Advanced Share name c6 2 tén DuLieu vi 1B4- Nhén vo nit Permission > Phan quyén Iai v6i Everyone > Full Control > OK > Close PCO1) [9 Aorta BS - May PCO2 truy cép server kiém tra két qua thay €6 2 folder die share v6i tén KeToan , DuLicu BE ay Network » peor > J |, 5 Fevortes & oss fates |) i downone "2 Reet pce fis tom 5. Quan ly eke Share Resources (Thuc hign trén may PCO!) BI - Mé Server Manager >> chon File and Cee B2- O khung bén trai chon Shares > Quan sit bén tay phai: cae di Higu hign dang duoe. chia sé trén may tinh. 2 Phién Ban Thif Nghigm ~ Luu Hanh NGi BG‘BI - Tg0 Folder C:\Nhat Nghe B2- Trong C:\Nhat Nghe tg0 2 thu mye : Kythuat va TroGiang BS - Tao User u2/ password: P@ssword [BG - Ma Server Manager > File and Storage Services > Shares > Chudt phai lén C\NhatNghe > Properties TRUNG TAM DAO TAO CNTT NHAT NGHE DOI TAC BAO TAO CUA MICROSOFT TAI VIET NAM 405 B& Huyén Thanh Quan, Quin 3, TP.HeM Tel: 08,39322.735 ~ 0913.735,906 ‘Microsoft Partner 1BS - Share Full thu mye C:\Nhat Nghe B4- Phin quyén NTFS : +01 o6 toin quyén trén thur mye KyThuat, U2 khdng 06 quyén + U2 ¢6 toan toan quyén trén th mye TroGiang, ‘UI khong c6 quyén BT - Chon Settings > dnh du chon vio 6 a mas i ne = | [oem emt, BB - Kim tra : PCO2 truy cp network Access o gemma} Ya PCO! bing quyén Ul: Truy e@p thir mye = Nhdt Ngh@ quan sét chi thay thu mye Kythuat, | = khdng thdy thir mye TroGiang { res 2 mee ‘B9-- Tuong ty PCO2 truy cép network Access vio PCOI bing quyén U2: Truy efp thw mye Nhat Nehé quan sét thay chi thy thur muc ‘TroGiang, khdng thay thu muc KyThuat. SiQD=s! N © oy + He peor > Nhattghe Share View Wi deitop 8 Name (BH Downloads. Bi recentpaces Teale share View i + 9d pet > NhatNghe i fp mibeee te Jp Downloads es Kythuat | Ba Recentplaces ae eaEEREEEEeeeeeeeeeeeee Phién Ban This Nghigm ~ Luu Hinh NGI BG 33TRUNG TAM BAO TAO CNTT NHAT NGHE a na VJEc® BOI TAC AO TAO CUA MICROSOFT TAI VIET NAM th TASS” © 305 88 Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partnes NHATNGHE 18.39322.735 - 0913.735.905 nse Website: www.nhatnghe.com Ce DOMAIN CAC BUGC TRIEN KHAT . 1, Nang ep Domain Controller 2. Join may Workstation vio Domain 3. Cu hinh Policy trén may Domain Controller a, Cau hinh cho phép 43t password don giin b, Clu hinh cho phép Group Users duge log on trén DC 4, Tgo Domain Group va Domain User 5. Ci Remote Server Administrator Tools cho méy Client A- CHUAN BI ~M6 hinh bai lab bao gdm 2 may: +PCO1: Windows Server 2012 R2 + PC02: Windows 8.1 Enterprise ~Chinh password account Administrator cho ci 2 méy a 123, ~ Disable card CROSS. Ga bd Protocol TCP/IP IPv6 trén card LAN ~ Kiém ta 2 méy lign Ige voi nhau bing lah PING Se 34 Phién Ban Thir Nghigm ~ Luu Hanh NGi BG‘TRUNG TAM BAO TAO CNTT NHAT NGHE tk: (e% BOX TAC DAO TAO CUA MICROSOFT TAI VIET NAM 105 88 Huyén Thanh Quan, Quan 3, TP.HCM, Microsoft Partner NHATNGHE Webster wwwnhetaghecom 2 B-THYC HEN 1. Nang cdp Domain Controller (Thyc hign tai PCO1) BL-Mé Control Panel > Network and Sharing __—-‘B2- G mye Preferred DNS server, trd v8 Center, chon Change Adapter Settings. Chut phi IP ca chinh minh OK.. len card LAN, chon Properties > Chon Internet re) Protocol Version 4 (TCP/Pvd) > Nhin Pr | Hey sree i econ | bee haerg time eS 1BS - Mé Server Manager, vio menu. Manage, chon Add Roles and Features 1B4- Min hinh Welcome > Next BS - Man hinh Select installation type > 1B6 - Min hinh Select destination server, gitt nguyen chon Role-based or feature-based her mic dinh > Next installation -> Next 'B7- Man hinh Select server roles, dinh dau chon vio [**¢=#7¥or = 6 Active Directory Domain Services sceeemramteenstgertenee ees BB - Cita sb Add Roles and Features roa Secon ormer os elo es Wizard > nin vio nét Add Features > Seared ue Next sere Scan a B9- Man hinh Select features, git nguyen senses (Sees thw mic dinh -> Next Phién Ban Thiy NghiGm ~ Luu Hanh NGI BG 35‘TRUNG TAM DAO TAQ CNTT NHAT NGHE BOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM 3 105 B8 Huyén Thanh Quan, Quén 3, TP.HCM. Microsott Partner WHA E Tel: 08.39322.735 - 0913.735,906 — WHAT HGHE Website: www.nhatnghe.com a B10- Man hinh Confirm installation selections, dénh inh Deployment dau chon vao 6 Restart the destination server. ‘Configuration, chon Add a new forest. 0 automatically if required > Nhan nat Install myc Root domain name, dat té Confim instalation selections NHATNGHE LOCAL san Con guration ee Spt eames BIL - Qua trinh cdi dat din ra. Sau khi cai dt xong, hin vao mye Promote this server to a domain & mye Specify domain controlier capabilities, dénh du chon vo 6 Domain ‘Name System (DNS) server. 6 muc Type. the Directory Services Restore Mode (DSRM) password, nhgp vio mat khéu B14 - Cac bude edn Iai, nhin Next theo mac di ‘st onthe et ‘Man hinh Prerequisites Check, khi nha duge théng, Sake bdo All prerequisites check passed successfully nghta ei Vi qué trinh kiém tra digu kin dé lén DC da thinh céng > nban nat Install dé bat dau cai dt een 36 Phién Ban Thi Nghiém ~ Luu Hanh NGI BO B13 - Man hinh Domain Controller Options,TRUNG TAM DAO TAO CNTT NHAT NGHE DOr TAC DAO TAO CUA MICROSOFT TAI VIGT NAM a 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner Tel 08.39522.735 "081.758, 906 “an F Website: www.nhatnghe.com a ‘iy Workstation vio Domain (Thire ign trén PCO2) BI - Mé Control Panel > Network and Intemet > B3- Chinh Preferred DNS server vé IP May Network And Sharing Center > Change adapter stings PCOI-> OK > Ci m > Disable card Cross ie Plot Vesion Rb pele, Internet Protocol Version 6 (TCP/IPY6). > chon Internet [| RSE epi zoses seme evens Protocol Version 4 (TCP/IPv4) > chon Properties . f 'B2- Chugtphai card Lan Properties. BO diu check || wn eirawmegcamensntmeasetamre | 4 B4- Nhin té hop phim + R, gO Iéoh Sysdm.cp! | Daven ima Bowretanead ce! BS - Trong tab Computer Name, nhdn Change Fa eon 7 [Seiciee Tiron | Arcd | Sytor Ptsen Fen Ua Mesorsun be tonralemtniotinty yi oer Come een E Foren Tiden Const or" Career amperine: POD Veiga: WORKGHOUP [epee na domino. cck Neo g Rmectineemteactenetimioe — Cia] B7 - Cita s6 Windows Security, nhgp vio Usemame vi | password: Administrator/123, ‘ “Ginnie Newe(Domein rarges HEM ‘ese amore ettonrtedadin t Moonset @ Weeoretenersimcrerocas Phién Ban Thit Nghiém - LuuTRUNG TAM BAO TAQ CNTT NHAT NGHE (PEE, 261 Thc Dao Tao Cua mrcRosort Tat viet NAM a CURA” © 105 88 Huyén Thanh Quan, Quin 3, THEM Microsoft Partner NRT NONE Tel: 08.39322.735 - 0913.735.906 ‘me 5 © Website: www.nhatnghe.com ‘CAu hinh Policy trén méy Domain Controller ‘a, Chu hinh cho phép dt password don giin BI - Quay Iai méy PCO1, ma Server Manager. B2- Lin lugt bung ede muc Forest: Vio menu Tools, chon Group Policy NHATNGHE.LOCAL > Domains > Management. NHATNGHE.LOCAL > Chudt phai Default | iam bo | "native Oectory Admiisraive Center | patve Urey Domaine and Trusts | ei Directory Module fr Wars Powel 42 emetic | ete iertony Vert and Comper: Bee Dna ADSL ES i denanconretn | oe ate | | Component Sener Sai yas CX i aoe crs | | computer Managemen ae ee | ; Daragnes and Optinice Dies Be acest bas 5 ane dh * eeent Viewer B3- Lin lugt mé theo duréng din Computer Configuration > Windows Settings -> Security Settings > Account Policy > Password Policy > double click vio Password must meet complexity requirements Paty | force password history 2. Maimur passverd age @ Minienurn password age | Minoura password length | © Rea Store pesswords ung reversible enenyption Group Paty Management BG - 6 muc Password will not expire, sta gid tri thinh “0” > OK BS - Quay Iai cira s6 Group Policy Management Editor, nhin double click vio Maximum password age ‘A Define this policy vetting Peaswad ont ope. 2 Minimum password age fo Shem 2, Minimum password length ft ‘@pPassword must meet complesty requirements - {store passwords using reversible encryption ys 38 Phién Ban Thit Nghiém - Luu Hanh NGi BS‘TRUNG TAM DAO TAO CNTT NHAT NGHE 4 GEE, POT TAC DAO TAO Cua MicrosoFT TAI viET NAM ah ue © 105 B8 Huyén Thanh Quan, Quén 3, TP.HCM ‘Microsoft Partner NHATNGHE Tel: 08.39322.735 ~ 0913.735.906 s Website: www.nhatnghe.com e-oe-Werwprnee pce erorser nameneresracmmeeseeerreeeeee B7 - Quay lai cita sé Group Policy Management 8 - O myc Do not keep passwords remember, sita itor, nhén double click vio Enforce password gid tr thinh “0” > OK history soword age €. Minimum passed age 5 Mineman aerword length i Pssword mu meet comply rquremens b. Cu hinh cho phép Group Users duge log on trén DC BI - Lin lugt bung cae mye Forest: B2- Mé theo dudng din sau Computer NHATNGHE.LOCAL > Domains > Configuration > Policies > Windows Settings NHATNGHE.LOCAL + Domain > Security Settings > Local Policies > User Controllers > Chugt phai Default Domain Rights Assignment > double click vao mye Controller Policy, chon Edt Allow log on local [Be Rtn Ww ap —— esi all of Xe 8) aa [i Ge heapemme 4 Rieetoumbeiaca ern 4 Dd Doman Rey 1 Eimacetcnn ean tw ii] XG STB ime pss —_[_$_$_$_ Phién Ban Thif Nghigm ~ Luu Hanh NGi BS 39HhE. NHATNGHE ‘TRUNG TAM BAO TAO CNT NHAT NGHE : OI TAC DAO TAO CUA MICROSOFT TAI VIET NAM a 105 B Huyén Thanh Quan, Quan 3, TP.HCM Tel: 08,39322.735 ~ 0913.735.906 Website: www.nhatnghe.com Microsoft Partner 'B3- Nin vio nit Add User or Group > nip vio Users > OK > OK B4~ Sau khi chink policy xong, mé CMD, 36 len: Gpupdte Force 4. Tao Domain Group va Domain User BI - Mé Active Directory Users and Computers. IHATNGHE.LOCAL > New > B2~ Group name : Nhat Nghe > OK, 'B3 ~ Chu6t phi NHATNGHE.LOCAL > New > User B4-Full name : UI User logon name ; UI > Next SR, centers wusmoesocny 40 BS - Password/Confirm password: 123 Bé dau chon & 6 User must Change password at Next logon > Next Phién Ban Thit Nghigm ~ Luu Hanh NGI BOTRUNG TAM BAO TAO CNTT NHAT NGHE OL TAc DAO TAO CUA MICROSOFT TAI VIET NAM ah 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partnes Tel: 08,39322,735 ~ 0913.735.906 ls Website: www.nhatnghe.com ‘BG ~ Quan sit théy Domain Group va Domain User vita tao Def container don > D Computes Data container see » 5 Domtin Conve FevegnSeortyPrincpas Managed Seve Recounts 5. Cai Remote Server Administrator Tools cho may Client (The hign trén PCO2) B1-LogonNHATNGHE\Administator, __B4~ Dénh du chon vo ede mye nhu trong ‘Truy cp Server, chép source Windows8.1- inh, KB2693643-x64 vio $C: vachayfileniydé TG cai gat r | Turn Windows fetes on or off B2-M& Control Panel, chon Program and —_| smuhuelausbcrnatbutonypuastovenen some Features BO 1 Breuer mes ‘ds yourcampte setngs ©), obama no stooe 1), Hee Drees vaso Revel 2B soosten ij Aer vc enti Ct BL 2005p mand Come Seed B3~G g6c bén tréi, chon Turn Windows features on or off Phién Ban Thi Nghigm ~ Luu Hanh NGi BG a‘TRUNG TAM BAO TAO CNT NHATNGHE. pL, Pt Thc Dao TAO Ca micRosorT TAI vigr NAM ‘ a 105 B3 Huyén Thanh Quan, Quén 3, TP.HCM ‘Microsoft Partner Tel: 08.30322.735 - 0913.735.906 i NHATNGHE Website: www.nhatnghe.com BS -Chon Group Policy Management Tools. BG ~ Mé Control Panel, chon Administrative > OK > Close Tools LOSS NE] — [Micron coreanrs var To cae | tan winon esr onorot » . ‘Satie Lnabcemes epee sine, Tnoncwomesme |e eteteet tonne Active Directory Users and Computers “pouin i Gone, BB - Truy cap vao Active Directory Users and Computers thanhebng Lseetnaned a Oaitextes B9- Kiém tra: — + Tréo PC02 tao user U2, password 123 > tao serecemee| —— thtnh o&ng =< + Trén PCO1, mé AD kiém tra thy c6 user U2 ———$—$—$—_—_—_—_$_$_$_$_$_ $$$ EEE a2 Phién Ban Thi Nghiém ~ Luu Hanh NOI 86TRUNG TAM DAO TAQ CNTT NHATNGHE WE, 201 TAC DAO TAO CUA MICROSOFT TAT VIET NAM : © 105 B& Huyén Thanh Quan, Quén 3, TP.HCM VHRTNGHE Tel: 08.39322,735 - 0913.735.906. NHAT NGHE Website: www.nhatnghe.com —[—S——————EEEE DELEGATE — DOMAIN USERS, GROUPS, COMPUTERS CAC BUOC TRIEN KHAT ; 1. Delegate a. Delegate cho Group b. Delegate cho User 2. Domain Users 4. Tao ~ Sit dyng User Template b. Lam vige véi Multi Users «. Xem toan 6 thude tinh eta User 3. Domain Computers A- CHUAN B} M6 hinh bai lab bao gbm 2 may + PCO1: Windows Server 2012 R2 DC (Domain: NHATNGHE,LOCAL) + PC02: Windows 8.1 Enterprise Stand Alone BL - Trén PCOI, tao OU SaiGon. Trong OU Saigon, {90 3 group Sep, Linh, Ketoan. Tao 3 user te, ti va Phién Ban Thir Nghiém ~ Luu Hanh NOI BG 3TRUNG TAM PAO TAO CNTT NHAT NGHE OI TAC DAO TAO CUA MICROSOFT TAT VIET NAM th 105 B3 Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner Tel: 08.39322.735 ~ 0913.735.906 on Website: www.nhatnghe.com B-THYC HIEN 1. Delegate a. Delegate cho Group Us quyén cho ede thanh vién trong group Sep deg phép tao mai, xba va chinh sita thing tin user trong QU SaiGon BI~ M& Server Manager -> menu Tools > chen B2~ Chu6t phai vao OU Saigon > chon Active Directory Users and Computers Delegate Control eto Dies ndampaes me [te B3 “Man hinh Weleome > chon Next BS- Chon Create, delete, and manage user B4 - Man hinh Users and Groups > nhan ‘Add, 26 Sep > Check Names > Next 1BG- Man hinh Completing > Finish B7-Kiém tra, trén PCO1, log off ; Administrator, log on Teo. Nha t& hop phim A+R, g6 DSA.MSC. EES “4 Phién Ban Thif Nghigm ~ Luu Hanh NGi BG‘TRUNG TAM BAO TAO CNTT NHAT NGHE ‘OT TAC BAO TAO CUA MICROSOFT TAI VIET NAM 105 Ba Huyn Thanh Quan, Quén 3, TP.HCM ee ‘Microsoft Partnet NHAT NGHE B9~ Man hinh UAC, g6 username vA password ita Teo > Yes b, Delegate cho User Tel: 08,39322.735 - 0913,735.906 wwww.nhatnghe.com ‘B10 - T90 méi User be > Kiém tra tao thank Up quyén cho user ktI duege phép Reset Password va doc théng tin tai khodn user trong QU SaiGon BI -Log on Administrator. Mé Active Directory Users and Computers -> chust hai vio OU Saigon > chon Properties B3 - Chu@t phai vo OU Saigon -> chon Delegate Control [Aaa Oren Von > 2 Saved ues a matnovecoca | Bice » Hi Domain Contoten » Ci Fovignseeuty Principal, » CD LowandFouna 1 (3) Managed Seve Accounts 1B2 - Qua tab Security > chon Group Sep > Remove > OK‘TRUNG TAM DAO TAO CNTT NHAT NGHE WEE, 961 1Ac bao t40 Cua microsort Tal vigt Nam 105 83 Huyén Thanh Quan, Quén 3, TP.HCM WHET NGHE Tel: 08.39322.735 ~ 0913.735.906 BS - Man hinh Users and Groups, nhin Add > nhp vio user ktl -> Check Names > OK > Next B7 - Man hinh Completing > Finish BS - Kiém tra, rén PCO, log off Administrator, log on KT}, Nhan t6 hop phim 281+R, 26 DSA.MSC. 'B9- Man hinh UAC, g0 usemame vA password cia ktl > Yes B10 - Chudt phai vio user be > chon Reset Password B12 - Quan sat théy thay d6i password 46 tinh cong, Websit ‘www.nhatnghe.com “pe Dept SS Cony ta, Addtee grep. secuty _Dible Account secu) [seem er Now us. @ resect ge [exam Phién Ban Thi Nghigm ~ Luu Hanh Ni BO a Microsoft Partner |B6 - Danh dau chon vio 2 6 Reset user passwords and force password change at next logon va 6 ReadTRUNG TAM DAO TAO CNTT NHAT NGHE Or TAC DAO TAO CUA MICROSOFT TAI VIET NAM 4 4 105 8 Huyn Thanh Quan, Quin 3, TP.HCM ‘Microsoft Partner Tel: 08,39322.735 ~ 0913.735.906 ‘one NHAT NGHE Website: www.nhatnghe,com 2. Domain Users a. Tg0- Sir dyng User Template BL -Log on Administrator, mé File Explorer > Trong 6 C: 02 folder Homes va Profiles. Share 2 thir myc nay voi quyén: Everyone - Full Control B2~- M6 Active Directory Users and Computers. Tao thém group nhansu va user 2B ktcrecoca reer Te $5 Sopa 5S Ste BS - Qua tab Account > phin Account options > dinh dau chon vio 6 Account is disabled > OK ‘count options: DiPassword never exper (C) Store password usng reversible eneyption a sl. B7- Full Name: ns2 -> User logon name: ns2 > bln Next [BB - Gd 123 trong 2 phan Password va Confirm password > BS du chon Account i disabled > Next > Finish — ——————— Phién Bin Thi Nghigm ~ Luu Hanh N6l BO. 4”| | TRUNG TAM DAO TAO CNTT NHAT NGHE ‘BOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM ah 105 Ba Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partnet ‘Tel: 08.39322.735 - 0913.735.906 — Website: wwrw.nhatnghe.com 'B9- Chudt phai vio user ns2 vita tg0 > chon B10 - Qua tab Member of > Properties Qua tab Profile ie diduge — duge add vao group Nhansu Cio eae eee enareent dag ea pao viae Bil- Thye hign twong ty dé copy NSI thanh account NS3/password 123 b, Lim vige voi Multi Users BI - Gitt phim CTRL, Hin lugt click chudt chon B2 - Qua tab Account > Dinh dau chon trade 3 user nsl, ns2 va ns3 > Chudt phai chon dng Logon hours > Nhiin vao nit Logon Properties : - B Fi Reammrcersniestttensnt ocho : sees hasmeegtaaname te ean Hoos osc se oe — pm Some — * Diconoxee atic B3~ TO xanh ving tir Bh ~ Sh / Sunday ~ Friday chen OK 2 OK aR 48 Phign Ban Thi Nghiém ~ Luu Hanh NGI BO‘TRUNG TAM DAO TAO CNTT NHAT NGHE BOI TAC DAO TAO CUA MICROSOFT TAT VIgT NAM ih 105 83 Huy€n Thanh Quan, Quén 3, TP.HCM. Microsoft Partner “el: 08,39322.735 ~ 0913.735.506 me Website: www.nhatnghe.com B4- Kiém tra: lin hugt ma Properties cia cd 3 BS - Quan sit thdy c 3 user account nsl, ns2, user: ns, ns2, ns3 > Qua tab Account > Chon ns3 déu duge chinh thai gian duge phép ding hap vao may tinh. © Nem toin b§ thuge tinh ciia User BI - Tai chuong trinh Active Directory Users and B2-Chugt phai vao user ns3 > Chon Computers > Chon Menu View > Chon Properties Advanced Features B3 - Chon Tab Attribute > Tim dén myc homeDirectory va ProfilePath > Quan sit thiy gid trj trong 2 dong nay gidng trong tab Profile Niki xét : Moi thufc tinh cia user account dé cb thé duge xem vi chinh sita tai Attribute Editor 3. Domain Computers ‘BI ~Chudt phdi vo OU Saigon-> Chon New B2- Myc Computer Name: nbip vio PCOS > Ch ae Phién Ban Thit Nghiém - Luu Hanh N6i BG‘TRUNG TAM DAO TAO CNT NHAT NGHE qiEE, 281 tAc bdo Tao Gua micROsOFT Tal vigt NAM ze GHEEA" «105 88 Huyén Thanh Quan, Quan 3, TP.HCM Microsot Partner NHATN Tel: 08.39322.735 - 0913,735.906 — NHATNGHE Webster www.nnatnghe.com B3 - Nhiip vao user ns2 > Check Names > OK 2 B4- Quan sat thay trong OU SaiGon 05 a account computer PCOS duge tao ra. a ror eal aig For® BS - Kiém tra: Trén PCOS, log on Administrator. MG File Explorer > Chudt phi vao This PC > ‘Chon Properties. 6 mye Computer Names, chon Change settings recone fronrann] BY - Trong phn Member oft Chon mye Domain 72.96 vido Nhatnghe. oe FFE > cornu NenetDona Oo ME dl “You ean change the nome and the membership of this | Sonetec Granger mi ws arceertoneeekmsouces t ee taueutet ane Same | Contr rane 4 . od - BS - Hign bang Windows Security > G6 ns2 | Filconp.ter rane: ‘v6i password 123 > OK ras cs BIO- Kiém tra: Trén PCO! ma Active Directory Users and Computers > M3 | Container Computers > Quan sit khéng e6 | computer account duget90 ra Nhin xét: Néu tren Active Directory Users : and Computers da tao tretic computer account tring ten véi may client treée Rhi client join domain, thi Khi méy client join vo domain, hé thong sé khng tao ra thém ‘computer account nita va sé sit dng computer account da tao truce a6, in Ban Thiy Nghiém ~ Luu Hanh NGI BO‘TRUNG TAM DAO TAO CNTT NHAT NGHE ‘BOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM a EAE © 105 83 Huyén Thanh Quan, Quan 3, TP.HCM Microsoft Partner MART NGHE Tel: 08.39322.735 ~ 0913.735,906 no Website: www.nhatnghe.com SaEEREEE eee eee GROUP POLICY MANAGEMENT CAC BUGC TRIEN KHAI . 1. Tyo va link Polioy vo OU 2, Block Inheritance cho OU 3. Enforce Policy 4. Chinh order cho Policy 5. Security Filtering 6. Xem eée setting cia policy 7. Modeling Wizard 8, lem Level Targetting 9. Disable mot phin cba policy 10, Khio sat noi chia policy templates A- CHUAN BI ‘M6 hinh bai lab bao gdm 2 may + PCOL ; Windows Server 2012 R2 — DC (Domain: NHATNGHE.LOCAL) +PC02 ; Windows 8.1 ~Join Domain ~PCOL : * Chinh Policy password don gidn * Chinh Policy cho phép group Users ¢6 quyén log on locally. * Tao OU Cha, Trong OU Cha, too OU Con * Trong OU Cha tgo user ul, u2. Trong OU Con tg0 user u3, ud * Trong Domain Nhatnghe local tgo group TEST, add 2 user ul vi u3 vio group Sanam Phién Ban Thit Nghigm ~ Luu Hanh NGI BO st‘TRUNG TAM DAO TAO CNTT NHAT NGHE, pbk DOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM . & 105 B’ Huyn Thanh Quan, Quén 3, TP.HCM Microsoft Partner WHAT NGHE Tel: 08.39322.735 - 0913.735.906 ime F Website: www.nhatnghe,com ES B-THYC HIEN 1. To vi link Policy vao OU (Thy hign trn may PCO1) BI -M@ Server Manager > vio menu Tools-> ——-B3- Dat tén cho-GPO & khung name “An Group Policy Management Control Pane!” > OK. B2 - Bung Forest > Domains > NHATNGHE.LOCAL > Chut phi vao Group Policy Objects “> chon New. an Existing GPO... [re Aton Ven Wan Hp 4 - Chuft phi vio GPO “An Conta Panel” vira tao, chon Edit BS ~ Bung muc User Configuration - Policies > trative Templates > Control Panel, chudt phai vao Prohibit access to the Control Panel and PC settings, chon Edi (See ce iow Gian wae Sesto tx] = f Hesea oman! Goran mim BG - Chon Enabled > OK > Déng cia s6 Group Policy Management Edi eaLrapies [Ei] Pott aces to Contd Panel and PC cetings ONexcentigured Comment tnabes O Diabea BS - Chon GPO “An Control Panel” > BT - Quay tré Iai man hinh Group Policy OK ‘Management, chuot phai vo QU Cha, chon Link: 52 Phién Ban This Nghigm ~ Lafu Hanh NGI BG‘TRUNG TAM DAO TAO CNTT NHAT NGHE EE, POL TAC DAO TAO CUA MICROSOFT Tar ViéT NAM a & 105 Ba Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partnes . NHATNGHE — Tel: 08,39322,735 ~ 0913.735.906 — Website: www.nhatnghe.com BS - Quan sit thy GPO “An Control Pane!" di B10 - Kiém tra: Trén PC02, log on Kin lugt : duge link vao OU Cha vio cde user ul, u2, u3, u4 > Bj mat Em a = a om Control Panel, 2. Block Inheritance eho OU (Thuc hign trén may PCO1) B1~- Mé Group Policy Management, chudt phi B2 - Quan sit OU Con, thdy cé biéu tugng, vio OU Con, chon Block Inheritance dau cham thang [3h Group Policy Management 4 2 Forest NHATNGHELOCAL 4 Zi Domaine “3 By NHATNGHELOCAL iff Detaut Domain Policy 2c BL Aa ntl Poa E } > & Domain Controliers > Seoup Poi Objects 'B3 - Kiém tra: Trén may PCO2, Hin lugt log on user 13, u4 > s& thdy o6 Control Panel 3. Enforce Policy (Thyc hign trén may PCO1) BL-Mé Group Policy Management, chudt phai_B2 - Trén méy PCO2, log on user u3, ud > 38 vo GPO “An Control Panel”, chon Enforced thy bi mat Control Panel dap am [an conrorranet_ “Ronin oe behest shoe eS : Phién Ban Thit Nghigm ~ Luu Hanh NGI BO 53‘TRUNG TAM DAO TAO CNTT NHAT NGHE Gf, 28t thc ono Ta0 cba mrcnosorr Tat viér nam UE 105 B& Huyén Thanh Quan, Quén 3, TP.HCM Mlonooom Partner NHATNGnE ‘Tel: 08.39322.735 ~ 0913.735.908 =e Website: www.nhatnghe.com 4. Chinh order cho Policy (Thyc hign trén may PCO1) BI - Mi Group Policy Management, tit Enforce BS - Kiém tra: Trén my PC02, log on user Policy vi Block Inheritance trén OU Cha viOU —_u3, u4 > 8 thay Control Panel Con. hin xét: B2- Teo thém GPO “Hign Control Panel”, link | GPO nay vio OU Cha. Nhur vay lic niy OU Cha ed * Trong cing 1 OU néu dp chung 2 policy 2.GPO"An Control Panel” vi "Hign Control (ing Enforce) th poliey ni cb gi i Pane” Link Order nh thi sé 06-46 wu tién cao fe = ‘alxci Ue aoe ee ten * Trong cing 1 OU nbu dp chung 2 policy (ci 2 policy déu Enforce) thi policy néo 66 ‘816 tri Link Order no thi sé d@ wa tién 200 hom | B3 - Nhin vo OU Cha, & g6e tri ding 2 biéu . . F . turgng mii tin Move Up va Move Down, di chuyén* rong cing 1 OU néw dp chung 2 policy GPO “Hién Control Panel” én vi tri dau tién. (I policy Enforce vit] policy khong = eer Enforce) hi policy Enforce s@ cé dw tin hon 'B4- Qua tab Group Policy Inheritance, cha y muc Precedent, Precedence cng nhé thi 49 tr tién cia GPO cing cao. | Ts ett che wy GPO ede erect 1, dad Donen ey RUMSHE | Mace Ped Ow L : 54 Phién Ban Thit Nghigm ~ Luu Hanh N6i BO‘TRUNG TAM DAO TAO CNT NHAT NGHE UtE % BOL TAC BAO TAO CUA MICROSOFT TAI VIET NAM ah ei © “105 BB Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partne: WHAT NGHE Tel: 08.39322.735 ~ 0913.735.906 Sim Website: www.nhatnghe.com sa umn eeererese treme teenrer eet aer errr 5. Security Filtering (Thyc hign trén may PCO1) B1 - Mé Group Policy Management >> B2- Chon GPO“An Control Pane?”, bén du6i mye Chixyén policy “An Control Panel” lén Link Security Filtering, chon vao group Authenticated Order bing 1 B3 ~ Quay te Ii min hinh Security Filtering, chon Add -> Add Group Test vio 30K ‘BA - Kin tra: Trén may POO2: ¥ Log on user U1, U3 > mat Control Panel + Log on user U2, U4 + hign Control Panel 6. Xem efie Setting cia GPO (Thye hign trén may PCO1) - Mé Group Policy Management, chon GPO “An Control Panel”, qua tab Settings -> Add > Add > Close > Quan sit cdc thiét lip duge tao ra tren GPO fo a Fees niaTHCHELOCAL ‘2 Dorsine 13 NeUTNCHELOCAL Dead Doman Pay 22o0 al An convet fan Ge 52 Demin Conteton 2 3 Sion hot ones a FB Gop Hoi Hodang Ey coup Paty tars Phién Ban Thi Nghigm ~ Luu Hanh NGI BO 55TRUNG TAM DAO TAO CNTT NHAT NGHE GT TAC DAO TAO CUA MICROSOFT TAI VIET NAM Jt 105 B3 Huyén Thanh Quan, Quén 3, TP.HCM WHRTNGHE Tel: 08.39322.735 - 0913.735.906 Websi rw.nhatnghe.com EEE 7. Modeling Wizards (Thuc hign trén may PCO1) BI - Mé Group Policy Management, chut_B2 - Cc bude dau tién nhan Next theo mic dinh, Min hinh User and Computer Selection > Dé xein OU Cha bi dp policy gi, trong 2 phin User Information va Computer Information, chon Browse dén OU Cha phai vio Group Policy Modeling, chon Group Polciy Modeling Wizard... FE san tee weer Coscia a ago ‘recvoamacioen +S onumaacca, Petes BB - Man hinh Advanced Simulation irst-Site-Name B4 - Man hinh Computer Security Groups, ‘chon Authenticated Users > Next BS - Céc bude cin Iai nhan Next theo mic ink > Man hinh Completing... Finish ES > Next 56 Phién Ban Thit Nghigm ~ Luu Hanh NOI BG q ‘Microsoft ParnerTRUNG TAM DAO'TAO CNTT NHATNGHE . WEE, Or téc oko ta0 Cua microsorr Tat vig NAM ah 105 B3 Huyén Thanh Quan, Quin 3, TP.HCM (Microsoft Partner NHATNGHE Tel: 08.39322.735 ~ 0913.735.906 lc Website: www.nhatnghe.com Item Level ting (Thy hign én my PCO1) BL- M6 Group Policy Management, chu6t B2 - Bung mye User Configuration > Preferences phai vao Default Domain Policy, chon > Control Pane! Settings, chugt phi vio Folder Bait. Options, chon New -> Folder Options (at least Windows Vista) Caenccaonecn ‘B3~ Mue Hidden files and folders, chon Show hidden files and folders. Tat déu check 62 mye: + Hide extensions for known file types + Hide protected operating system files (Recommended) fies? i Ee B6- Tai man hink Targeting Editor > Chon New BS - Qua tab Common, dinh dau check em > User vio myc tem-level targeting > chon 5 pe Computer Name CU Speed Date Match (En entrar err yw "nyen toronto ee DiskSpace Phién Ban This Nghigm ~ Luu Hanh NGI BG 37 as ————TRUNG TAM DAO TAO CNTT NHAT NGHE BOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM a 7 105 Ba Huyén Thanh Quan, Qun 3, TP.HCM Microsoft Partner Tel: 08,39322.735 ~ 0913.735.906 ee NHATNGHE (Vepstte: wow-ahatnghe.com B7-Trong myc User > Browse > Add BB - Kiém tra: Trén may PCO2 . User ud 9 OK > OK > OK + Log on user ud -> Mé File Explorer, kiém tra thay cfc file dn xudt hign va hin thi duéi file. + Log on user u3 > Mé File Explorer, khéng théy fe file dn, 9. Disable m@t phin eta policy Dai Khi ta chi sit dung mét phin trong ctia GPO (vi du User Configuration), dé tang tbe qué trinh xi I GPO, 1a nén tdi nhing phn khéng ding dén, = MG Group Policy Management, chon GPO “An Control Panel” > Details ,@ mye GPO Status, ‘chon Computer Configuration settings disabled > OK. 10, Khio sit noi chita policy templates BI -Mé Group Policy Management, B2-Truy cép vio é chign GPO “An Control Panel". Qua C\Windows\SYSVOLSYSVOL\ahatnghe local\Policies, tab Details, chi ¥ déng Unique ID sé thay cd thr mye giéng Unique ID cia policy “An fl Control Pane!” Gem a reo J eter || Seumene eres, curve _ tee. J Reet snow ne Sees) . B3 ~ Mé thu mye tring véi Unique 2" ID > User > s& thy 06 file [BA - Mé file Registry.pol bing Notepad quan sét n6i Registry.pol. Thong tin vé Policy dung bén trong, urge hu vao file nay. EES 58 Phign Ban Thif Nghiém ~ Liftu Hanh NOI BO(tt NHAT NGHE Website: www.nhatnghe.com TRUNG TAM DAO TAO CNTT NHATNGHE OT TAC AO TAO CUA MICROSOFT TAI VIET NAM 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Tel: 08.39322.735 - 0913,735.906 EL Microsoft Partner GPO CENTRAL STORE & SECURITY FILTERING CAC BUGC TRIEN KHAT 1.Te0 Central Store 2. Tao GPO 4. Teo Starter GPO b. Tao GPO tir Starter GPO M6 hinh bai lab bao gim 2 may: +PCOL: Windows Server 2012 R2 - DC (Domain: + PC02: Windows 8.1 Enterprise da join domain NHATNGHE.LOCAL) - Trén PCO! tg0 group IT va user Teo, Add Teo lim thanh vién cla Group IT. -cl B-THYCHIEN 1, Tg0 Central Store (Thyc hign trén méy PCO1) B1 - M6 File Explorer, truy cép vio dimg din CAWindows\PolicyDefinitions. Chon ton bp ‘Gp tin va thur mye o6 trong folder niy > chudt phi nhén Copy B2- Truy cdp vio dudng din ‘C:\Windows\SYSVOL sysvol\NHATNGHE.L password don gid va cho phép User Account Log On Locally 'B3 - Nhin Double Click vao folder PolicyDefinitions vita tyo > chudt pha chon Paste ‘B4 - Kiém tra: Ma Group Policy Management Editor. Chu6t phai vdo Default Domain Poticy > chon Eat OCAL\Policies > Tao méi Folder, dj tén aan PolicyDefinitions * jee) ah oxo al ae Wont iree Yew era [Bemain Controtrs| © - + [i ccionsraememanaeteorad |" gee “=| it teete fone ° “AT ona bane 2 tay (pd scomcor saan, | Seconds [aro om 95 cote seen eae fice qaeeecemrnone) | tg Phién Ban Thit Nghigm ~ Luu Hanh Néi BS 59‘TRUNG TAM BAO TAO CNTT NHAT NGHE (EE 201 thc DAo Tao Cia mrcRosorT Tar viet NAM a TEE 105 88 Huyén Thanh Quan, Quan 3, TP.HCH Microsoft Partner WakTNGHE Tel: 08.39322.735 ~ 0913.735.906 oe Website: www.nhatnghe.com : BS - Bung muc User Configuration Policies. Quan sat thay myc Administrative Templates: Policy definitions (ADMX files) retrieved from the Central Store” > Déng cia sé ei 2. 1,0 GPO. a. Tyo Starter GPO BI - Quay lai Group Policy Management B2- G mye Name, dit tén la Internet Explorer Editor, Mi theo dudng dan Forest: Restricitons > OK NHATNGHE.LOCAL > Domains > NHATNGHE.LOCAL, Chuot phi vio Starter B3 - Chugt phii vio GPO Internet Explorer GPOs > chon New Restricitons vita tao, chon Edit 5 Bei Peyton 2 Fee ATHLON. 2 Hoenn 2g matnnxocn Dd Dorn Peay » E tema Conta > 5 Gouproty jc 5S writer $ane + ase en FB Gimp heey Nool pees . . Zompreighad nee 1B4- Mé theo dudmg din User Configuration > J Administrative Templates, chut phai vao All BS - Binh du chon vio Enable Keyword _ Settings > chon Filter Options Filters. Muc Filter for word(s), g6 vio General [1555 Page. Khung ké bén, chon Exact. BO div chon jmraciyas neni PA cpenaper | Seemed + te ctgenen | Stenson sommes +6 seat fence fy secosnion taeomnne | Econ 2 ce" aml enrenameeon ici Een | Beenmegn G3 Sty eS S 60 Phién Ban Tht Nghiém ~ Luu Hanh NGI BOTRUNG TAM BAO TAO CNTT NHAT NGHE Or TAc BAO TAO CUA MICROSOFT TAT VIET NAM a 105 Ba Huyén Thanh Quan, Quan 3, TP.HCM Microsoft Partner Tel: 08.39322.735 - 0913,735.906 oe ‘BT - Chon Enabled > OK b. Tyo GPO tir Starter GPO BA - Quay Iai cia s8 Group Policy Managent _B2 - O mye Name, d3t tén IE Restrictions. 6 Editor, chugt phai vio NHATNGHE.LOCAL mye Soure Starter GPO, chon Internet Explorer > chon Create a GPO in this domain, and Link Restrictions > OK. ithere, z Phién Ban This Nghigm ~ Luu Hanh NOI BO a‘TRUNG TAM DAO TAO CNTT NHAT NGHE LE”. OI TAC BAO TAO CUA MICROSOFT TAI VIET NAM ah & 105 Ba Huyén Thanh Quan, Quan 3, TP.HCM Microsoft Partner A SHE ‘Tel: 08,39322.735 - 0913.735.906 NHAT NGHE ‘Website: www.nhatnghe.com ¢ Kiém tra BI - Trén may PCO2, log on user Teo B3 - G myc Internet Options > chon Change . your homepage = . B2-Mé Control Panel > chon Network and _[ au” hewerkand Siaara Gee Internet * YEtancatcaa ne dae eee “Adjust your computer's settings Homie @ system and Security eon eget een Seetacon cope tyres ith Hoy scare [ esotamaien ay veinty | = ) seem ép theo mé Internet Options, quam sit shdng of ab Gener niet Properties ie a 78 \wodrianet anes nae i = 3. Security Filtering (Thye hign trén may PCO1) BL Qua may PCO1, quay Igi Group Policy BZ - Nhén nGt Add Management. Chon vio policy IE Restriction, qua tab Delegation > nhan Advanced 2 Phién Ban Thir Nghigm ~ Luu Hanh NOi BG‘TRUNG TAM BAO TAO CNTT NHAT NGHE Jet, Sar rAc blo ao conmienoworr ral vr nan & eS a 105 83 Huyén Thanh Quan, Quén 3, TP.HCM. Microsoft Partner is WHAT NGHE Tel: 08.39322.735 - 0913.735.908 i www.nhatnghe.com "a mye Apply Group Policy > BS - Kiém tra: Qua may PC02, log on user Teo. . {inh dtu chon vio Deny > Apply > OK > MG Intemet Options, quan sit thi 6 tab General : Yes i | Slemanserownconmasns apenas — - | Phién Ban Thi Nghigm ~ Luu Hanh NGI BO aTRUNG TAM DAO TAO CNTT NHAT NGHE LE, 261 thc DAo Tao Gua mcRosorr Tat vigr NAM hh (AREA = 105 Ba Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partner WHAT NGNE Tel: 08.39322.735 ~ 0913.735.006 oe Website: www.nhatnghe.com GPO FINE-GRAINED PASSWORD POLICY ‘CAC BUGC TRIEN KHAI [ 1. Clu hioh Fine-Grained Password Policy 2. Kiém tra A- CHUAN BI ‘M6 hinh bai lab bao gdm 1 may: + PCO1: Windows Server 2012 R2 DC (Domain: NHATNGHE.LOCAL) BL - Tgo OU Manager. Trong OU Manager, tao group Sep va user UL Beal Gi eau ce © fecincnecae Maple bo B-THYCHIEN - 1. Cdu hinh Fine-Grained Password Policy BI - Mé Server Manager -> menu Tools > —_B3 - G khung Details, chu6t phai vao Password ‘chon Active Directory Administrative Center, Settings Container chon New > Password 'B2-G khung bén trdi > chon NHATNGHE Gocal) > & khung Details, nhén double click 64 Phién Bn Thit Nghigm ~ Luu Hanh NGI BOTRUNG TAM BAO TAO CNTT NHAT NGHE Or TAc BAO TAO CUA MICROSOFT TAI VIET NAM ah 4105 Ba Huyén Thanh Quan, Quan 3, TP.HCM Microsott Parner Tel, 08.59522,735 ~0913.735.905 “me + Name: ManagerPSO + Precedence: 10 + Minimum password length: 15 + Number of passwords remembered: 20 + User must change the password ater (day) x0 ++ Dinh du chon vio 8 Enforce account lockout policy + Number of filed logon attempts allowed: 3 | + Reset failed logon attempts count aftermins): 30 | Chon 6 Until an adminis rator manually unlocks the account +O khung Direct Apply To > nhin Add | Create Password Settings: ManagerPSO Patere ns Password Setings i ct epiesTo ae | Bese nem persed hecctowgrn panei} 4 Meimmpvnertiegntowsceat #19 tinea, Beene pana Unerar carpe prot. % 8 Moroeponuarciestenk 3 ”— @tsmcemm oa Gaciericcemenpereesinen None ae oer omptnes: 3 Sempre eg ee weyaton ‘Sieeaeatontine i Bironatten aide dan | oars rama et ct Phién Ban This Nghiém ~ Luu Hanh NGI 3 6Website: www nhatnghe.com BS - hip vio Sep > Check Names > OK > B1-M6 Active Directory Users and Computers > ‘Chugt phai user U1 chon Reset Password. TRUNG TAM DAO TAO CNTT NHAT NGHE POI TAC BAO TAO CUA MICROSOFT TAI VIET NAM 105 Ba Huyén Thanh Quan, Quin 3, TP.HCM HAT NGNE Tel: 08.29322.735 - 0913.735.906, Microsoft Partner B2- Nhp password chi 3 ky ty, a: 123 OK, Tye Deseiption = Security Group. Addo 2 group | _-_ Disable Account (Mere. 'BS - Hop thoai béo I6i khong dép ting yéu cau chinh sich bio mat (phai dt mat khdu (6i thigu 10 | cmon sesenmtsaron | Siicrenetetentootete meted Finan i | cee ty OK kyty) > OK, Pes uc ol oe ees | 3 Se 66 Phién Ban Thi Nghigm — BS Whip Iai password 10 Lata Hanh NGI BSTRUNG TAM DAO TAO CNTY NHAT NGHE qi, 26rrAc pao Ta0 cua microsort Tai vier Nam ah HEE” «105 84 Hyon Thanh Quan, Quen 3, TP-ACH Microsoft Parner WHAT NONE Tel 08.39322.735 ~ 0913.735.906 oe GPO ADMINISTRATIVE TEMPLATES — DEPLOY SOFTWARE — FOLDER REDIRECTION CAC BUGC TRIEN KHAT 1. Clu hink Administrative Templates 2. Cau hinh Deploy Software 3. Cau hinh Folder Redirection Ac CHUAN BI = MB hinb bai lab bao gdm 2 may + PCO]: Windows Server 2012 R2. DC (Domain: NHATNGHE.LOCAL) + PCOS: Windows 8.1 Enteprise 48 join domain BI - Trén my PCO1, tao thur myc C:\SaiGon. B3 - Truy edp vio Server, copy source cai dat ‘Share Everyone ~ Full Control Office 2013 Administrative Templates (ADMX).. Chay file admintemplate_64bitexe dé cai dat B2-Te0 OU VP_SaiGon, tgo user Teo va one Shwe ey se move méy client vo OU nay Oost ise 1 rete ira Be Daton Pets: Doors 1: Program es Beceem Fe 4 sagt Pe Tsp veer newer B4~ Chon Make New Folder -> tgo thir mye CAOffice2013-Admx > OK 2 aaa] BG - PCOS cai dit Microsoft Office 2013 Phién Ban Thif Nghigm ~ Luu Hanh NOI BQ o7TRUNG TAM BAO TAO CNTT NHATNGHE LZ", Por thc odo rA0 cha micRosorT Tat vit NAM th ‘105 B& Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner * SHE Tel: 08.39322.735 - 0913.735.906 ad NHAT NGHE Website: www.nhatnghe.com 'B- THC BIEN 1, Cau hinh Administrative Templates (Thyc hign trén may PCO1) BI-M6 File Explorer, truy cfp vio duong BS - Mé Group Policy Management > chugt din C\Office2013-Admx\admx\en-us > hai Group Policy Object -> chon New ‘Quét chon toan b6, chudt phai nhin Copy [Fe B2-Mé theo dudng din CAWindows\PolicyDefinitions\en-US, chudt phai chon Paste BS - Quay lai duding din, C:\Office2013- Admx\adinx > Quét chon to’n b9 file *+.admx, chuét phai nhdn Copy. B4- M6 theo dudng din CAWindowsPolicyDefinitions, chudt phai chon Paste. B7- Chudt phai vao policy vita tyo, chon Edit 2 seams 2 3 aunoeoca, Dalat tey Policies > Administrative Templates > Microsoft Word 2013-> Word Options > Customize Ribbon, double click vio mye Display Developer tab in the Ribbon B10 - Chugt phai vio NHATNGHE.LOCAL, B9-Chon Enabled -> OK chon Link an Existing GPO > Ding cita sé Group Policy Management Tae Bein Yaw Vinton Tp slagolselan 2 ben a “apenaatiay 68 Phién Ban Thit Nghigm - Lifu Hanh NOI BGTRUNG TAM BAO TAO CNTT NHAT NGHE ‘BOI TAC BAO TAO CUA MICROSOFT TAI VIET NAM ah 405 B& Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Parner Tel: 08,39322.735 ~ 0913.735.908 [Fle Action View Window Heb | of) 0] @ 6! Be TH Gcep Poi Mansgemet “2 Fores: NHATNGHELOCAL “48 Domsins 12 $5 NHATIGHELOCAL if Oetat Domain Policy Ofcom » 3 Domain Contes 3) vessigon | BI3 - Mé CMD, g0 Iénh Gpupdate /Force BI4- Kiém tra: Trén may PCOS, Jog on user ‘Teo > Mé Word 2013 2. Deploy Software (Thye hign trén may PCO1) BL - Truy eGp vio Server, copy file B2- Mé Group Policy Management, chut phii XmlNotepad.msi vio C:\Deploy. Share Folder vio OU VP_SaiGon > chon Create a GPO in this Full Control domain and Link it here This BC Local Da ED + Dapey | Bl rmanotepad i Oowtaace BE Pacr paces ‘B3-O myc Name, d3t tén Deploy XML Notepad > OK a Phién Ban Thi Nghigm ~ Luu Hanh NGi BG 6‘TRUNG TAM DAO TAO CNTT NHAT NGHE ‘BOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM 105 Ba Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partner Tel: 08,39322.735 ~ 0913.735.906 ad Website: www.nhatnghe.com BS - Mé theo dung din Computer Configuration 3 > Policies > Software Settings, chu6t ph Software instalation > New “> Package BG - Trd dudng din Mpc \Deploy\XMLNotepad.insi > Open B8 - Dinh diu chon vao 6 Install this 'B9 - Quan sit thay Software Installation vira to. Tie Acton View Hab + Qua may PCOS, Restart Iai may. + Log on Administrator, ma‘ CMD, g6 lénh Gpupdate /Force -> Restart Iai may + Log on Teo, quan sit thay may Client 4 duge cai dit J ES 70 Phién Ban Thiy Nghiém — Luu Hanh N6I BGTRUNG TAM DAO TAO CNTT NHAT NGHE afETES, P6TAc bho TA0 Ca micnosorT Tal viet NAM B a S105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner NHATNGHE Tel: 08.39322.735 ~ 0913.735.906 meen Website: www.nhatnghe.com Cree 3. Cdu hinh Folder Redirection (Thutc hi BI - Mé File Explores, tgo thur myc ‘C:MPolderRedir. Share Everyone — Full Control B2~M8 Group Policy Management, chudt phai OU VP_SaiGon > chon Create a GPO in this domain and ithere, [BA - Chugt phii vio GPO vita tg0 > con Edit dp Rao 2 Soe timeecoca, 4 Gytemaee 2 Spvenintoca. C Oaetbemam ay that Bae BS- Kiém tra: + Qua may PCOS, Restart lai méy. + Log on Administrator, ma CMD, g6 Iénh Gpupdate /Force > Restart lai méy + Log on Teo, chudt phai vio Desktop > chen Personalize trén may PCO1) 'B3 - O muc Name, dat tén Folder Redirection > OK : BS - Mé theo durimg din User Configuration > Policies > Windows Settings Redirection. G kbung bén phai, chudt phai vio. Documents > chon Properties B7- G muc Target Folder Location > chon Create a folder for each user under the root path. myc Root Path -> g6 \\pc0\FolderRedir > OK > Yes ‘Ban Thiy Nghiém ~ Luu Hanh NI BG n‘TRUNG TAM DAO TAO CNTT NHAT NGHE ES, 01 Thc Dao Ta0 Ca macRosorr Tat vier Nam 105.88 Huyén Thanh Quan, Quan 3, TP.HeM Microsoft Partner WHAT NGHE Tel: 08.39322.735 - 0913.735.906 “ NHAT NGHE Website: vww.nhatnghe.com 1B9 - Chon Change desktop icons ‘BLL - Double click vio folder Teo trén Desktop. FE ‘Chugt phai-vao Documents ~ chon Properties B12 - Quan sit dung din & mye Location. © (ean eran f se See 8 ]] Sevens O01 (2) i h Ceti 2 File i Ro - 1) cmt Tt Jo 2 ar i en n Phién Ban Thif Nghigm - Lafu Hanh NGi BSTRUNG TAM BAO TAO CNTT NHAT NGHE 01 TAC DAO TAO CUA MICROSOFT TAI VIET NAM we 105 83 Huyén Thanh Quan, Quin 3, TP.HCM McroscerPutnat Tel: 08,39322,735 ~ 0913.735.906 pases Website: www.nhatnghe.com ST GPO SECURE MEMBER SERVER ~ AUDITING — APPLOCKER - ADVANCED FIREWALL * CAC BUGC TRIEN KBAT 1. Sit dung Group Policy dé bio mit Member Servers 2. Auditing a. Gidm sit truy cp File hg théng. b. Gide sét User Log on trén domait 3. Clu hinh Applocker Policy 4. Cy hinh Windows Firewall A- CHUAN B} M6 hinh bai tab bao gdm 2 may: + PCOL: Windows Server 2012 R2 DE ++ PCO3: Windows Server 2012 R2 4a join domain + PCOS: Windows 8.1 Enterprise 43 join domain ~ Trén PCO1, tgo OU MemberServerOU, move Computer PCOS vio OU nay va tao thém Group Server Admins Tame pein $0 Computer Sever Admins Seuty Grup + Tao User Teo, a Phién Ban Thit Nghiém ~ Luu Hanh NOI BO B___TRUNG TAM DAO TAO CNTT NHATNGHE “4 gE, 201 Thc bao Ta0 COA micnosorT Tal viér NAM 4. 405 Ba Huyén Thanh Quan, Quin 3, TP.HCM Microson Parner NHATNGHE Tel: 8.39322.735 ~ 0913.735.906 Website: www.nhatnghe.com B-THYC HIEN 1. Sit dung Group Policy 48 bio mit Member Servers (Thy hign trén PCO1) BI - Mé Group Policy Management > Bung Forest: NHATNGHE.LOCAL ->Domains > NHATNGHE.LOCAL. Chu6t phai vo Group Policy Objects, chon New. 1H Gs Rnise 2 ven eumnonsoea. + Rowe 2S greumenioca Dasara BB - Chudt phai vio OU MemberServerOU, chon Link an Existing GPO. BS - Chudt phai vio Default Domain Policy > chon Edit 1B2 - G muc Name; dit tén Member Server > BG - Ma theo duimg din Computer Configuration -> Windows Settings Security Settings. Chugt pha vio Restricted B7- Nhin Browse, hip vio Administrators > Groups > Add Group Check Names > OK [4 8 Compute Configuration 2] Group Name “2 ice i BS - Khung Members of this group > Add > te eee E | Browse + nmenactacaPetgy || A a orecernecs | 1 By Secuny seins Hp secur Paleae > ig tee Poi (crane talcertsreree | [TT] ia 1 5B Rey > Rete > By Wont Nero 12 Wado Fs 7 Phién Ban Thiy Nahiém ~ Luu Hanh NGI BSTRUNG TAM BAO TAO CNTT NHAT NGHE WEE”, NHAT NGHE www.nhatnghe.com —— B9 - Nhip vao: Server Admins, Domain Admins 2 Check Names > OK 3 lin. Cae : OI TAC DAO TAO CUA MICROSOFT TAI VIET NAM a 105 B& Huyén Thanh Quan, Quan 3, TP.HCM Tel: 08.39322.735 ~ 0913.735.906 we Microsoft Partnet 'B10 - Chudt phai vao GPO Member Server > chon Bait B11 - Mé theo dudng din Computer Configuration - Policies > Windows Settings > Security Settings > Local Policies -> User Rights Assignment. Chugt phai vio Allow log on locally, chon Properties. BI2 - Nhdn vao not Add User or Group > ‘hip vio Administrators, Domain Admins > ‘Check Names > OK > OK B13 - Tiép tye 6 Khung bén tréi > chon Secirity Options. Khung bén phai > Double click vio User Account Control: Admin Approval Mode for the Built-in Administrator account, chon BI6-Mé Server Manager, vio menu Tools > chen Computer Management BIT = Bung myc Local Users and Groups > Groups, double click vao Administrators icra | tie Wena a | BI4~Chon Enabled > OK im tra: Trén may PCO3, log on Administrator. Mé CMD, g6 leah Gpupdate Force ES Phién Ban Thi Nghigm ~ BI - Log off Administrators, log on bing user Teo, ‘Luu Hanh NGI BS ~ oo a =‘TRUNG TAM BAO TAO CNTT NHAT NGHE DOr TAC BAO TAO CUA MICROSOFT TAI VIET NAM a 105 63 fiuyén Thanh Quan, Quin 3, TP.HEM Microson Parnes Tel: 08.39322.735 ~ 0913.735.906 st Website: www. nhatighe.com B18 - Quan sit thly nhém Domain Admins vi B20 - Quan sét thly user Teo khéng duge pphép log on trén may PCO3 durgc. Auditing . Giim sat truy ed File hg thing BI - Chudt phai vio GPO Member Server > _B2- Mé theo du’mg din Computer ‘tron Edit Configuration -> Policies > Windows Settings Se iin Wer Wier Wap > Security Settings > Local Policies > Audit Policy. Chust pha vao Audit object access > “5 bomine PS mUTNBELOCAL, ag ‘BS - Danh dau chon vio 6 Define these policy settings, sau 46 chon 2.6 Success vi Failure > B4- Qua may PC03, mé File Explorer, tao thr mye C\Data. Chudt phai vio thr mye Data > chon Share with > Specific people. BG - Chudt phai vao thir myc Data > chon Properties > Nhin Advanced B7- Qua tab Auditing > Nhin Add 76 Phign Ban Thi Nghigm ~ Luu Hanh NGi BG - ~ - _. —TRUNG TAM DAO TAO CNTT NHAT NGHE '@% p61 TAC DAO TAO CUA MICROSOFT TAI VIET NAM E s ae 105 B8 Huyn Thanh Quan, Quin 3, TP.HCM r Tel: 08,39322.735 ~ 0913.735.906 NHAT NGHE Website: www.nhatnghe.com BS - Share user Teo > Read/Write > Share BB - Chon Select a principal Done fi B9 - Nhép vio Domain Users > Check Names 30K B10-G mye Type > chon All. mye Basic yyy permissions > Binh du chon vio Write> BM OK 3 Hin ee ese ataaoaeaaR=———s] Moree BIJ - Mo CMD, g6 lénh: Gpupdate /force ‘iém tra: Trén PCOS, fog on inistrator -> Ma CMD, g6 lénh Gpupdate BI3- Log off Administrator, log on user Teo. ‘Nhin t8 hop phim ¥8 + R, g6 \ipc03 B14 - Teo file tailiew.txt ong thu myc Data B15 - Qua may PC03, mé Server Manager > Home teu menu Tools > chon Event Viewer B16 - G khung bén trai chon Windows Logs > ‘Security. Nhdin double click vao event Audit Sucess Tien Won Wap Enemas el Phign Ban Th Nghigm ~ Luu Hinh NOI BG ”TRUNG TAM BAO TAO CNTT NHAT NGHE wer % — BOX TAC BAO TAO CUA MICROSOFT TAI VIET NAM EEE © 105 88 Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner HART NGHE Tel: 08.39322.735 ~ 0913.735.906 my © website: www.nhatnghe.com b. Gidm sit User Log on trén domain (Thyc hign trén méy PCO1) BI - Mé Group Policy Management > Chudt BS - anh dau chon vao 6 Define these policy phai vio Default Domain Policy > chon Edit settings, sau d6 chon 2 6 Success va Failure > OK 'B2-M¢ theo dung din Computer Configuration > Policies > Windows Settings > Security B4- Ma CMD, g® lénh Gpupdate /Forve Settings > Local Policies > Audit Policy. Chugt . phai vio Audit account log on events -> Chon BS Kiém tra: Trén may PCOS, log on Administrator. Mi; CMD, g@ Iénh Gpupdate FRorce Properties. _ BG - Log off Administrator, log on user Teo (cé tinh nhp mat khau sai BT - Qua may PCO1, mé Event Viewer > chon Windows Logs > Securities. Quan sit thdy event 'BB - Qua méy PCOS, log on user Teo, nhip ding mat khdv BY - Qua miy PCOI, kiém tra Event Viewer, ‘thay event Audit Success do user Teo ding roe ata a || nhipthioh ong. — 8 Phién Ban Thi Nghiém ~ Luu Hanh NGi BO‘TRUNG TAM DAO TAO CNTT NHAT NGHE WEE “v pOI TAC DAO TAO CUA MICROSOFT TAT VIET NAM a & 105 B3 Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner NHATNGHE Tel: 08.39322.735 ~ 0913.735,906 oo Website: www.nhatnghe.com 3. Cu hinh Applocker Policy (Thyc hign trén PCO1) BL - Mé Active Directory Users and Computers, to OU ClientComputerOU, sau ‘46 move computer PCOS vio OU nay. BS ~ Mé theo during din: Computer ‘B2- Mé Group Policy Management -> Chugt ii vo Group Policy Objects > chon New ership Configuration > Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker. Chudt pha io Exoutable Rules > chon Create Default Rules 1B7- Thue hign tong ty tg0 Default Rule cho ‘Windows Installer Rules, Script Rules, va Package App Rules. Phién Ban Thif Nghigm ~ Luu Hanh NGI BG 7TRUNG TAM BAO TAO CNTT NHAT NGHE 61 TAC DAO TAO CUA MICROSOFT TAI VIET NAM ah 105 88 Huyén Thanh Quan, Quin 3, TP.HCM ‘Microson Partner “el: 08,30322.735 ~ 0913.735.906 ‘te . Websit jww.nhatnghe.com eS BS - Nhin chudt vao AppLocker > G khung —B9 - Dénh dau chon vao Configured -> chon . ‘én phi chon Configure rule enforcement _ Audit Only > OK Ree “T| & cee] ee | PPT gtr mnnton: | | tater cot "Sheeting | | 1 ocr B10 - Mé theo duéng din Computer B11 - Dinh ddu chon vio 6 Define this policy Configuration > Policies -> Windows setting > chon Automatic > OK Settings > Security Settings. Chudt phai vo ae Application Identity > chon Properties Tabane i ply wet] | Sele rcree eaten ose! © Asoc B12 - Chudt phai vio Executable Rules > chon CreateNew Rule Oana EL Dales oT ie [z= Sex| B13-Manhinh Before you begin > Next 1 AMtncaarmmne Gites Rie. ] + Etecreeomuen | BI4- Min hinh Permissions > Select sytem | = | BIS - Nhip vio user Teo -> Check Names > ——— OK > Next ES : 80 Phién Ban Thi Nghigm ~ Luu Hanh NGI BGTRUNG TAM BAO TAO CNTT NHAT NGHE EE, P01 TAc DAo TA0 GUA micROsOFT Tat viet NAM sh 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partners NHATNGHE Tel: 08.39322.735 - 0913.735.906 — Website: www.nhatnghe.com ‘B16 - Min hinh Conditions -> chon Path > B17- Nhdn Browse Files va tré durémg din dén Next file iexplore.exe > Next ay [FTE ne 7 Seema nn fae seeatcpmanraatermmnrman BIS - Man hinh Exceptions -> Next B20 - Quan sit Rule vita go. Create | ondions | rose ee B21 - G khung bén tréi chon AppLocker > hin vao mye Configure rule enforcement Senin ie Boeri cists hy letateserpeeterteatenenni te ean Seaniereyrote mde wctran neni tata ume Se eee 1B23 - Chu6t phai vo ClientComputer OU > ‘chon Link an Existing GPO. a EE a1 Phién Ban Thi Nghigm ~ Luu Hanh N6i BG 1B22- Dinh du chs vio cée 6 Configured > chon ttf li Enforce rules > OK ethene nase, onto ‘Zeon B24 - Chon Software Control GPO vita to > OK‘TRUNG TAM DAO TAO CNTT NHAT NGHE fn or ee ‘BOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM By TRE 105 88 Huydn Thanh Quan, Quén 3, Rh “el: 08,39322.735 ~ 0913.735.906 NHAT NGHE Website: ww ahatnghe.com TRHCM Microsoft Partner 'B25-- GPO di duge link vio OU, B26 - [HE Fie feibe View Window Help B27- ‘CMD, “eA Fores: NHATNGHE LOCAL oy Damas 2 NHATNGHELOCAL B28 - Mé Internet Explorer > nhén duge tng bdo Ii eri © mrecetracretanwctappntanen ont mane 4. Cu hinh Windows Firewall (Thyc hign trén PCO1) BI - Mi Active Direotory Users and Computers, tao group Application Servers trong MemberServerOU. BG - Nh§p vao PCO3 > Check Names > OK > OK 1B7 - Mé Group Policy Management, chudt phai vio Group Policy Objects > New ‘Mi CMD, 96 Iénh Gpupdate Force tra: Trén PCOS, log on user Teo, mo 8 ea Gores ‘a8 kiém tra policy ap 'B2- Chudt phai vio group Application Servers > chon Properties BB - Qua tab Members > Add BS - Chon Computers “> OK 3 Han. ‘Sethe yes of bjt you wort tind Object types: a 2G eres ore 1S. Computers BR Gros BB teers 2 Phién Ban Thir Nghigm ~ Luu Hanh Ni‘TRUNG TAM DAO TAO CNTT NHAT NGHE : WEE, Porthc pho tao ‘ & Tel: 08,39322.735 - 0913.735.906 NHAT NGHE Website: www.nhatnghe.com BS - 0 myc Name, dit tén la Application Servers GPO OK /A MICROSOFT TAI VIET NAM a 105 88 Huyén Thanh Quan, Quin 3, TP.HEM Microsoft Porter B9 ~ Chudt phai vio GPO via tao > chon Edit B10 - Mé theo dudng din Computer Configuration > Policies -> Windows Settings > Security Settings > Windows Firewall with Advanced ‘Security. Nhan vio Windows Firewall with Advanced Security - LDAPICN={GUID} [a Compe Conigunca 25 Poh . Sona Senge hn Setings "Name Reoltion Paty E Serpe aupSnaccon) 4B Secaty Stings iS Ae » 5h Rested Groupe » “a Sptem Senet > a Rest 3 Fe Stem ed eb EE 8225 Poices Window Fire wth Adcnced Scat in dra Wiles Net EE 12.1) Pcie B13 - Man hinh Program -> Next B14 - Man hinh Protocol and Ports > Myc Protocol: ‘TCP > Specific Ports: 8080 -> Next ras Phign Ban Thi Nghigm ~ Luu Hanh NGI BG ew Econ mes BI2~ Chon Custom -> Next Watiee ce wed you etc? BIS - Man hinh Scope > Next BIG - Man hinh Action > chon Allow the connection > Next EtaTRUNG TAM BAO TAO CNTT NHAT NGHE OI TAC BAO TAO CUA MICROSOFT TAI VIET NAM 105 8 Huyén Thanh Quan, Quan 3, TP.HCM NHA- Tel: 08,39322.735 - 0913.735.906 NHAT NGHE Website: www.nhatnghe.com B17 - Man hinh Profile, ba dau chon 4 6 Private va > Next opeitensempdern comes ents ea Pete Jose eosmede ncn nti i adn ate Crone Jee sen ieee spice en, 1820 - Chudt phi vio MemberServerOU > chon Link an B B23 - Nhiip vio Application Servers > OK B24 - Quan sit group Application Servers 43 duge thém vao B27 - Quan sit thay Application Server Firewall Rule dl duge kich hoat tn méy PCO3 'BI8 - Man hinh Neme, dit tén Application Server Department Firewall Rule > Finish B19 - Quan sét Inboud Rule vita tao. Bai - Chon Application Servers GPO > OK B22 - 6 khung Security Filtering 6 e6e cubi ciing bén phai > chon Authenticated Users > Remove > OK > Add [B25 - Kiém tra: Qua may PC03, md CMD, g lah Gpupdate /force [B26 - Ma Server Manager, vao menu Tools chon Windows Firewall with Advanced Security a cErEEEnmnmmmemmemmmmmmmmmmmmmmnmmmn a4 Phién Ban Thif Nghigm ~ Luu Hanh NGi BSTRUNG TAM DAO TAO CNTT NHATNGHE _ » HEE BOI TAC AO TAO CUA MICROSOFT TAI VIET NAM a 2 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Pectnet SHE Tel: 08.39322,735 - 0913.735.906 ang NHAT NGHE Website: www.nhatnghe.com ee DISTRIBUTED FILE SYSTEM CAC BUGC TRIEN KHAT 1. Cai tributed File System role service trén cde file server 2, Teo NameSpace & chi dinh ce NameSpace Server 3. Teo Replication Group 4. Chi dinh Replicate va publish trong NameSpace 5, Thitnghiém Failover A- CHUAN B] ‘M6 hinh bai lab bao gdm 03 may: ~ PCOL: Windows Server 2012 R2.- DC (Domain: NHATNGHE.LOCAL) = PCO3 va PCO4: Windows Server 2012 R2 da join domain, tgo thu mye DATA va share full the mye DATA trén 8 C: ~ PCOS: Windows 8.1 Enterprise da join domain. ~ Log on Domain Admin trén 3 méy PCO1, PCO3 va PCO4 B-THYC HIEN 1, Ci Distributed Fite System role service trén PCO3 va PCO4 BI - Mé Server Manager, vio menu Manage _B3 - Man hinh Confirmation > dinh du chon > Add Roles and Features. vio 6 Restart the destination server automatically if required > Install > Close 'B2-Nhin Next theo mjc dink. Man hinh Server Roles -> dénh dau chon vio 2 6 DFS Namespaces va DFS Replication -> Next > Next Bhai tence taming Diary tmntot Sireceur Gieren ——— EEE Phién Ban Thit Nghiém ~ Luu Hanh N@i BS 8s‘TRUNG TAM BAO TAO CNTT NHAT NGHE AER, POrTAc Ao TA0 Coa icRosorT Tal vier Nam ak S105 8b Huyén Thanh Quan, Quin 3, TP.HCM sacrvsett Parnes i HE Tel: 08.39322,735 - 0913,735.906 "0Te8 NHAT NGHE: Website: www.nhatnghe.com 2. Tao NameSpace & chi dinh ce NameSpace Server a, Tgo NameSpace HoSo (Thy hign trén PC03) BI -M6 Server Manager, vito menu Tools > DFS Management ‘BS - Min hinh Namespace Server -> Browse > chgn PC03 > Next ie 1B4- Man hinh Namespace Name and Settings ~ Bin vio 6 Name : HoSo > Chon Edit ore narespae rome enone al q 5 tare P 4 recente we mt aly he trgs te se Eats, BB - Hop thogi Review Settings and Creat Namespace > Chon Create [B9- Hop thogi Confirmation > Close Tew Namespace Tada Namexpoces to Display BS - Chon Use custom permissions > chon Customize Sh Bae ee pmanns: © Acnnhove maser pensions (© vee tave md rote ee Anette ave tcc eran der > pers Ae ove neat O Sem © vecnnpenisne: [Earme] BG - Cho Group Everyone quyén Full Control 3 OK > OK > Next BT Hop thogi Namespace Type > Chon. ‘Domain-based namespace > Next ea 86 Phién Ban Thi Nghigm ~ Luu Hanh NOI BSTRING ‘TAM BAO TAO CNTT NHAT NGHE PEE”, BOI TAC DAO TAO CUA MICROSOFT TAT VIET NAM ah © 405 Ba Huyén Thanh Quan, Quén 3, TP.HCM ‘Micrasoft Partner WHATNGHE Tel: 08.39922.735 - 0913.735.906 ed HAT NGHE We ww.nhatnghe.com b, Kiém tra két qua trén PCO3 BL Quay st wong DS, au tb Namespace Servers > khung bén BL -Mé DFS -> Chudt phii hat shetocalHoSo > Add Namespace B2-Mé Computer -> Quan sit thay o6 thr mye DFSRoos vi thu mpc HoSo 8 duge a0, ¢. Tg0 thém NameSpace Server PCO4 trén PCO3 B2- Hop thoai Namespace Server > Chon Browse > Chgn PCO¢ > Eait Setngs Tope ante anata tabe ta d eect es Ba (Ceaser) ‘BA - Cho Group Everyone quyén Full Control > OK > 0K BS - Quan sit: Kiém tra trén ci 2 server > M& ‘DFS quan sét thay da c6 2 name space server Ce Phign Ban This Nghigm ~ Lifu Hanh NQi BG 87‘TRUNG TAM BAO TAO CNT? T NHAT NGHE AER, P6rTAc bho Tao Gia micRosorT Tat vier NAM a 2108 88 Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Parner WHRTNGHE Tel: 08.39322.735 - 0913.735.906 Sie Website: www.nhatnghe.com Replication Group (The hign trén may PC03) B1 - Chudt phai in Replication Group > B2 - Man hinh Replication Group Type > chon ‘Chon New Replication Group [EF Aion je ol As gy eUTNONEocatview BR Rp [Ra perience Di | calagedtnagent erin. | cout opto ‘BS - Djt tén Replication group li: Replicate HoSo> Next B4- Man hinh Replication Group Members > Chon Add > Chen PCO3, PC04 > OK > Next BS - Man hinh Topology Selection > Chon Full mesh > Next > Next = E ie |, See Jigs aa and sourecia [recone B leer He epteaton Pestesion Gow Mendes Fierce toss | co BG - Man hinh Primary Member > Chon PCO3 ea oe FS Sirens Bt > Next BT ~ Man hinh Folders to Replicate > Chon ‘Add > Browse > chon thir mye DFSRootsHoS0 > OK > OK 2 ge fs add tip thtr mye CADATA > OK 9 OK > Next escanie [nalts —~“Raicaaamrtom Wie ema eesrewee te eeseore| ewe _ae Uneeeooe, B9 - Man hinh Local Path of HoSo on Other ‘Member > Chon Edit ee ES Ban Thiy Nghigm ~ Luu Hanh NGI BG‘TRUNG TAM BAO TAO CNTT NHAT NGHE EYE, Prac bdo TA0 CUA microsorT Tat vigT NAM Ess 8 105 Ba Huyén Thanh Quan, Quan 3, TP.HCM ‘Microsoft Partner NAATNGHE Tel: 08.39322.735 ~ 0913.735.906 ms www. nhatnghe.com B10 - Chon Enabled > Browse > chi dén thr B11 - Man hinh Local Path of DATA on Other mye: DFS Roots/Hoso > OK > Next Member ~> Chon Edit > Chon Enabled > z Browse > chi dén th mye: CADATA > OK > Next | i a= | 4. Chi djuh Replicate va Publish trong NameSpace B1- G khung béa tréi chon Replicate HOSO.6 —_B2 - Min hinh Namespace Path > Browse ‘hung bén phai, chon tab Replicated Folder > chon \\NHATNGHE LOCAL\HoSo > ‘Chugt phi lén Data > Chon Share and Publish in Next Namespace eee Er trent Sue | Repcated fol. | Publication Sa | Narvespece ath —_" s ‘BS - Chu6t phai DFS Replication, chon 'B3 - Man hinh Review Settings > Share > Close Restart, 'B4- Thyc hign trén cé 2 member server (PCO3 va. BG - Kim tra: Trén may PCOS, truy cp C04). Nhin 8 hgp phim WB +R, g6 Services.mse \\Nhatnghe.Local\HoSo 1BT- Quan sit thy ¢6 thu mye Data 1B9 ~ M& thur mye HoSo va Data cia ¢4 2 may PC03 va PCO4 -> kiém tra trong thir BB - Tao | file bit ki trong th mye HoSo va thu myc HoSo déu e6 file duge tao tit méy mye Data Client — Phién Ban Thiz Nghiém ~ Luu Hanh N6i BO 89‘TRUNG TAM BAO TAO CNTT NHAT NGHE WEE, 281 7Ac bdo tao Cua micnosorr Tal viér Nam dh WEA 105.88 Huyén Thanh Quan, Quin 3, TP.HEM Microsoft Pacioer WHET NGHE Tel: 08.30322.735 - 0913.735.906 oe Website: waw.nhatnghe.com ‘5. Thit ngbifm Failover - PCOS truy e@p: Whatnghe.local\HoSo, tgo cde file WordPad BaoCaoKeToan & TuyenDung, - Tit PCO3. PCOS truy céip: \WNhatnghe.local\HoSo, tao file Kiemtra.txt - Bat PCO3, tit PCO4. PCOS truy ep: \WNhatnghelocal\HoSo, tgo file Kiemtra2.txt - Bit PCO4. PCOS truy c§p: \Whatnghe.local\HoSo, truy efp duge di file da tao. ET 90 Phién Ban Thif Nghiém ~ Lu Hanh Ni BG‘TRUNG TAM BAO TAO CNT NHAT NGHE BOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM oh TE 105 Ba Huyén Thanh Quan, Quan 3, TP.HCM, Microsoft Partner STNGHE Tel: 08,39322.735 - 0913.735.906 aay NHAT NGHE Website: www.nhatngl om See BITLOCKER CAC BUGC TRIEN KHAL 1. Trién khai BitLocker bing Group Policy 2. Kich host BitLocker cho 6 dia 3. Di chuyén 6 da sang miy khic va kiém tra A- CHUAN B] M6 hin bai lab bao gdm 2 may + POO]: Windows Server 2012 R2 DC (Domain: NHATNGHE.LOCAL), + PC03: Windows Server 2012 (¢a join domain). Trén may PCO3 phai co it nhét2 8 cig va duge dinh dang la NTFS, B-THYC HIEN J. Trién khal BitLocker bling Group Policy (Thuc hign trén may PCO1) BI - Mé Server Manager > menu Tools > chon Group Policy Management BS - Mo theo duimg din: Computer Configuration > Policies -> Administrative Templates > Windows Components > BitLocker Drive Encryption ~> Fixed Data Drives > nhin double click vao policy: ‘Choose how BitLocker-protected fixed drives ‘can be recovered setting. B2- Mé theo dudng din: For NHATNGHE,LOCAL > Domai NHATNGHE.LOCAL, Chu6t phi Default Domain Policy > chon Edit B4- Chon Enabled > Banh dau chon vio 2 6: Save BitLocker recovery information to AD DS for fixed data drives vi 8 Do not enable BitLocker until recovery information is stored to ‘AD DS for fixed data drives > OK tay a ECotame tant enntattondins Mega siteyrasmcutntatee nein Bain grat catpormestbetaneboccnypntetede = hte itadon mopar peneateeetnes Nncogens sence tsps ot E Cetqutaectgnmctcase tne BS - Qua miy PCO3, log on NHATNGHB\Administrator. Mo CMD, 26 enh Gpupdate /Foree. Sau 46 Restart Iai méy PCo3 Phién Ban Thit Nghiém ~ Luu Hanh NGI BG aTRUNG TAM DAO TAO CNTT NHAT NGHE off, POT TAC DAO THO Gia micnosort Tat vier NAM Bs (A'S 105 B& Huyén Thanh Quan, Quén 3, TP.HCM (Microsoft Partner ART Nari Tel 08.39320.735 ~ o913.735.906 oS Website: www.nhatnghe.com. 2. Kich hogt BitLocker cho 6 dia (Thyc hign trén may PCO3) BI - Mé Server Manager -> menu Manage > —_B2 - Nhiin Next theo mic dinh, Man hinh chon Add Roles and Features Features -> danh du chon vao 6 BitLocker Drive . Encryption > Add Features -> Next 1B3 - Min hinh Confirmation > dénh déu chon [Belect feeures vio 6 Restart the des automatically if required > Install > Close © nit rane Fone B4 - Mé Control Panel > chon BitLocker Drive Encryption 'BS - Chon 6 dia mudn bao mat > Nbin Tum on BitLocker. ere re Fayon fh tacscbuatrins regimes ecnistenge Serenene ore thor ot 1BG - Dinh du chon vao 6 Use a password to unlock the drive > Nhip vio mat khiu 62.6 |rieduaaines Password va Confirin Password > Next a; ° oe Mie 6 ster @ a BT - Chon Save to a file. SSRERINSIET wimemantonmatunoe | [How do you want to backup your recovery Key? acnoseienntainenanancmeuecncenal | Hyeyfoiget you paivord a your sman card you can BS - Tro dudng din dén noi hru khéa gidi ma > Save > Yes % Save to a USB flash drive BS - Nhin vao nit Start encrypting dé bit dau > Savetwa file ma héa. > Print the recovery key Ts aT 2 Phién Ban Thi Nghigm ~ Luu Hanh NGI BGTRUNG TAM BAO TAO CNTT NHAT NGHi ‘BOX TAC DAO TAO CUA MICROSOFT TAI VIET NAM 105 83 Huyén Thanh Quan, Quan 3, TP.HCM Tel: 08,39322.735 - 0913.735.906 ‘www.nhatnghe.com Microsof Partner BI - Mé Windows PowerShell, 35 Iénh Mangge- ‘bd ~status. Quan sit thdy 6 dia duge bio vé bing BitLocker, ding Protection Status hi Protection On. 3.Di chuyén 5 dia sang may khde va kidm tra BL - Go ba 6 cimg bio mat trén may PCOS va BB - Nh t8 hop phim 38+, o6 lénb gin vio may PCO]. diskmgmtmse 'B2~ Trén may PCO1, m@ Server Manager > cli B4- Chugt phai vio dia méi duge gin vio > Features BitLocker Drive Eneryption chon Or [Select features aso ey Sn ( B weronect Sone 1 U nerrow ston Bt nt |b Cinagnee tps tee tem 'BS ~ Quan sét thdy 8 dia vin duge bao v¢ bin; BitLocker ve Computers > Chugt phi vio NHATNGHE.LOCAL > chon Find Phién Ban Thit Nghiém ~ Luu Hanh NOI BO 93TRUNG TAM DAO TAO CNTT NHAT NGHE wa em BO ‘TAC DAO TAO CUA MICROSOFT TAI VIET NAM Boy A Tos 8h huyen Trond Quam Quin TP.HEM tmesvoon Patent WHATNGHE Tel 08.39322.735 ~ 0913.735.906 a Web: swvi.nhatnghe.com B7-O myc Find > chon Computers > nhiin 8 - Qua tab BitLocker Recovery > © khung nit Find Now > Chon PCO3 Details, copy toan b6 n6i dung 6 dong Sc B9- Mé File Explorer, double click v . B10 - Chon More options > Nhin Enter petites ote " Slowerincmate =| | itocer a ~ Bever paszvord 10 wrbock ths ce evens Boome coer _] ‘BLL - Dan todn b9 n6i dung vita copy vao khung Enter the 48-digit recovery key to unlock this drive > Nhan nét Unlock © BitLocker (€) BI2- Quan sit thdy 8 dia di duge giai ma. Etre rece yf ne es hey cBSE5090 94 Phién Ban Thi Nghigm ~ Luu Hanh NGi BSTRUNG TAM DAO TAO CNTT NHAT NGHE EE", P01 TAC DAO TAO CUA mIcROSOFT Tal viET NAM ah a 4105 88 Huyén Thanh Quan, Quén 3, TP.HCM Miroson Pane! % ‘Tel: 08,39322.735 ~ 0913.735.906 a NAAT NGHE Website; www.nhatnghe.com FILE SERVER RESOURCE MANAGER CAC BUGC TRIEN KHAI : 1. Cai dit ile Server Resource Mananger 2. Tao gidi han SMB 3. Cim so chép tit cd cdc file tt file *.exe vio thur myc BaoCa0 4. Kiém tra A- CHUAN B] - M6 hin bai ib gdm 2 may : + PCOI: Ghost Windows Server 2012 R2 + PCO2: Ghost ~ PCO1: Tao tht mye CABaoCao, Share: Full Control = PCO1: Tyo user UI/123 ~ P02; BB: password Administrator thin 123 B-THY'C HIEN 1, Cii dit File Server Resouree Manager (Thive hign tén PCO1) lows Server 2012 R2 BI - Mé Server Manager > menu Manage > _B2 - Cic bude dau tign nhin Next theo mic dink. chon Add Roles and Features Min hinh Server Roles -> dinh dfu chon vio 6 File Server Resource Manager “> Add Features BS - Man hinh Confirmation > Dash du > Next -> Next chon vo 6 Restart the destination server. ii ranaedienesevenadiziwaned automaticaly if required > Install > Close |» few scssever ont Poe saner tse tone free Fe 1 onan 1D brs ranapsce TH Fe Sever VS get ence 1 cst Sener (i scstaget stage hdr 08nd 1D Sener tonnes 1D Wert Faden Phién Ban Thit Nghiém - Luu Hanh NOI BG 95TRUNG TAM BAO TAO CNTT NHAT NGHE qb, Pat TAc pho TA0 cba MicRosOrT TAI VIET NAM & MEAS = 105 84 Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partner HART NGHE Tel: 08.39322.735 ~ 0813.735.006 aod Website: ww.nhatnghe.com n SMB BI - Sau khi cdi dit xong, vio menu Tools > B2~ Bung mye Quota Management, chu6t phi chon File Server Resource Manager 1B3 - Myc Quota path, Browse dén dug din ja0Cao. Bén dudi chon Define custom > chon Custom Propeitics tejernntventa nrc a {| B4-Trong hop thosi Quota Properties + Myc Label: dt tén Gidi han 5 MB + Mye Limit: 5 MB Nhin OK > Creste . BS - Hop thoai yéu cdu Save Template, dit eg Tale 20K . Naunbing eeterecemeeacaen [teresa tic? Bees ] © tent ameascnae | E anata CeCe aS : 96 Phién Ban This Nghiém ~ Luu Hanh NGI BSTRUNG TAM BAO TAO CNTT NHAT NGHE EE P01 TAc DAO TAO Ca MICROSOFT TAI Vig NAM & q 105 B& Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partner NHATNGHE Tel: 08.39322.735 ~ 0913.735.906 “se www.nhatnghe.com 3. Chm sao chép tit ed céc file trir file *.exe vio thr mye BaoCao . B1-M¢ File Server Resource Manager > B2- Trong hp thogi Create File Group Bung mye File Screening Management, chugt + File Group Namé: Chi cho phép du6i exe + Files to include: np *.* + Files to exclude: nhap *.exe Nhién OK phii vao File Groups > pS secre ae con Sr tn Siete] Saati. — Seen et Men . Fieve feoucettanope ca) > B Quota Management j 4 Fe Seeing Management Filer) |] Sse | Genero f__& Fle Goups! “Crate fie Screen capone BS- G mye File Groups, dénh déu chon vio 6 “Chi cho phép dudi exe” -> OK > Create (Slt fe groups to back Aa and Vio Fee ia B4 - Myc File screen path, Browse dén duémg. «din C\Ba0Ca0, Bén duéi chon Define custom Compressed Flos F C Emod Flee (Cy ecatale Fes Ki C) trage Fes ‘C Offce Fies rw Phién Ban Thit Nghigm ~ Luu Hanh NOI BO 7TRUNG TAM BAO TAO CNTT NHAT NGI ‘ AEE, P8FtAcBA0 TA0 Coa mrcrosorr Tat vigr Nam Es REE" = 105 88 Huyén Thanh Quan, Quin 3, TPHCM Microsoft Partner NH. k ye Tel: 08.39322.735 - 0913.735.906 NHAT NGHE Website: www.nhatnghe.com 'BG - H6p thoei yéu céu Save Template, chon BT - Quan sét File Soreen vira tao, “Save the custom file screen without creating 9 [Fasc Serst ite |S Sowee Template (em) [S ciccue _Aetee Bock Ch a phep dual Rngreayertemnetenan ttn cnt ean 4. Kiém tra BI - Log on Administrator may PCO2. hii t6 hop phim #2 +R, go \PCO1 B2- Hop thogi yéu edu xac the quyén, nnhap vio ul va password 123 BA - Chon 6 dia Z: > Fini . [What network folder would you tke to map? SMB. a Derecho BG - Copy thir tap tin hoe thu myc bat ky vio 8 2:9 Bho I8i bp morttinas oe oe 9 4 eowoneases 0 BT- Chép thi file *.exe vio 8 2: > Copy thinh ong. 98 Phién Ban Thi Nghigm ~ Luu Hanh NGI BGTRUNG TAM DAO TAO CNTT NHATNGHE pee BOI TAC BAO TAO CUA MICROSOFT TAI VIET NAM © 105 88 Huyén Thanh Quan, Qugn 3, TP.HCM ‘Microsoft Parner ATNGHE Tel: 08.39322.735 - 0913.735.906 one NHATINGHE Wvabsiter wwwahatnghe WORK FOLDERS 5 CAC BUOC TRIEN KHAT 1. Cai dit Role Work Folders 2. Teo Syne Share 3. Enable SMB Access 4. Teo GPO phan quyén Domain Users Him Local Administrator trén cde méy Client 5. T30 GPO ty dng cd hinh WorkFolders 6. Teo GPO tw ding chay Script trén céc méy Client 7. Kiém tra A CHUAN B] ‘M6 hinh bai lab bao gdm 2 may: + PCOI: Windows Server 2012 R2 DC (Dor + PCOS: Windows 8 Enterprise 8.1 da join domain BI - Trén PCO1, to OU Member. Move PCOS vio OU Member. Tao user teo, ti va group Sales. NHATNGHE.LOCAL) B2-- Add 2 user too, ti vio group Sales 'B3 - Chudt phai user Teo, chon Properties. Tab General > Myc Email, dién vao teo@nhatnghe,local Phign Ban Thif Nghigm ~ Luu Hanh NGi BG 99‘TRUNG TAM BAO TAO CNTT NHAT NGHE afc’ BOT TAC DAO TAO CUA MICROSOFT TAI VIET NAM Bh hE”, Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner Waa oe meng = B- THC BIEN : 1. CAl dt Role Work Folders (Thye hign trén PCO1) BI - Md Server Manager > men B3 - Chon Add Features ->.Next ‘Manage > chon Add Roles and Features 'B4 - Nhdn Install dé ci dit > Close B2 - Cic bude du tién nhdn Next theo mic dinh, Man hinh Select Server Roles > chon Work Folders > Next content selatone —— Bi Fie and Storage Senices 2 of instal) wower | Quammnngecrmenerstepateteninmtang 2B Fea 55 Sevcer (of Mines) i enacrcehete Rete ee Dom petition LD oistomesaces Ph os apsaior LL Fe Seve Rsouee Nanaer Fie Sere 15 Ager Sense 1) sea taer sever 2, Tgo Syne Share (hire hign tr€n PCO1) BI - Quay lgi Server Manager > chon File B2- Chon Work Folders > To create a syne share and Storage Services for Work Folders, start the New Sync Share Wizard, [B4~ Man hinh Server and path > Enter a local path, nhdp C:\SaleShared > Next chy SASSOON deceit 100 Phién Ban Thiy Nghigm ~ Luu Hanh NOI BS‘TRUNG TAM DAO TAO CNTT NHAT NGHE qf", 001 thc bho TAO CUA MICROSOFT Tar VIET NAM en | ia & 105 Ba Huyén Thanh Quan, Quan 3, TP.HCM Microsoft Partner THAT NGHE — Tel: 08.39322.735 ~ 0913.735.906 sata NHATNGHE Website: www-hatnghe:com BG Chon User Alias > Next ‘BT Man hinh Syne Share Name > git nguyén Sake] bu mic dinh > Next [erienmennrongietinnanrsoncnsnre| BS - Min hinh Syne Access -> nhin Add > Chon = thém group Sales > Check Names -> OK > Next canna - sas eee a) B9 - Chon 6 Encrypt Work Folders > Next pec devee plies = ‘BIO - Man hinh Confirmation -> Create > Close BI - Quan sit thy SyneShare vira tao. 3, Enable SMB Access (Thyc hign trén méy PCO1) BI - Mé File Explorer -> Chugt phai vao B3 - Nhin Done. CaSaleShared > Share with > Speci People B2- Add group Sales > Phin quyén Read/Write > Share -> Done enim neni bette reba ace Phién Ban Thit Nghigm ~ Luu Hanh NOL ao1TRUNG TAM DAO TAO CNTT NHAT NGHE ape, POFTAc DAO TAO CUA MICROSOFT Tar VIET NAM a TASCA 105 83 Huyén Thanh Quan, Quan 3, TP.HCM Microsoft Partner NRT NGHE Tel: 08.39322.735 ~ 0913.735.906 Hcl Website: www.nhatnghe.com ES 4, Tao GPO phan quyén Domain Users lim Local Administrator trén che may Client (Thye hign tén méy PCO1) B1~ M6 Group Policy Management > Chu6t _B3 - Nhén Browse, nh§p vio Domain Admins vi phi vio Default Domain Policy > chon Edit Administrators > OK” 'B2- Bung theo dug din: Computer Configuration > Policies > Windows Settings > Security Settings. Chudt phai vio Restricted Groups “> chon Add Group ie Reon We ra 1 Safa Stags 2B sepsis | i B4- Members of this group > Add me Bonet Conigesion 1 > Si NameRectaen Pot) |) [ Ge oie Rit |_ ieanace || Soetopinass | —- ngresect caine ls [BS - Nhfp vio group Sales -> Check Names > OK 3 fia ‘BG - Quan sit thy group Sales 4a duge thém —_B7 - Chu6t phai vio OU Member > chon Create vio nhém Administrators > Déngcita sé a GPO in this domain, and Link it here Group Policy Management Editor. [Fe Ai erin He a i je +! afd oO KO 2 rename 2 bene 3 MINHA, womtee tl 1p pnotnacnra | ce nna, | 2 cy sane acorn + J trate BB - G myc Name, dit tén Members > OK 102 Phién Ban Thir Nghigm ~ Luu Hanh NOI BGHEE”. NHATNGHE Tel:0 TRUNG TAM DAO TAO CNTT NHAT NGHE OT TAc DAO TAO CUA MICROSOFT TAI VIET NAM 405 B& Huyén Thanh Quan, Quén 3, TP.HOM . Tel: 08,39322.735 - 0913.735.906 oe yww.nhatnghe.com rE prereset a ennnee nent eeessret BIO ~ Ma theo dudng din Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies ~ Security Options, khung bén phi nbn double click vio mye User Account Control: Admin Apprbval Mode for the Built- in Administrator account ea tidees a2 LEiatSSect BL — Quay Igi Group Policy Management. ‘Chu6t phi vio OU Member -> chon Create a GPO in this domain, and Link it here ‘BS - Chudt phai vio GPO WorkFolders > chon Edit [i File Adon View Wado Help | 7m] X a] Be “Group Policy Management “4 \ Forest NHATNGHELOCAL 4 ($3 Domaine 14 3g NHATNGHELOCAL -&f DefauttDomeinPoicy Domain Controller: . 2 Member sf Members Ewa 929 Group Potro by WA Fens Enforced B4- Mé theo duimg din: User Configuration s > Policies > Administrative Templates > Windows Components > Work Folders, hin double click vio mye Specify Work . Folders settings BIZ Ma CMD, g6 lénh Gpupdate /Force 5, Tg0 GPO ty dng cdu hink WorkFolders (Thyc hign trén my PCO1) ‘B2- CO muc Name, dit tén WorkFolders > OK BS - Chon Enabled. G mye Work Folders URL, ‘hip vo: http-//oc01_nhatnghe.lacal > Chon 6 . Force automatic setup > OK ES} Seecty Work olen stings Work Folders URL Phién Ban Thif Nghigm ~ Luu Hanh NOI BS 103TRUNG TAM DAO TAO CNTT NHAT NGHE GEE, POE TAc oho TA0 Cia micRosorT Tat vigT NAM i 105 Ba Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Partner : Tol: 08,39322.735 - 0913.735.906 oe NHATNGHE Website: wnw.nhataghe.com 6. 20 GPO ty ding chay Script trén ede may Client (Thyc hign trén PCOL) . BI - Mé Notepad, lin lrgt nhp 3 Kenh sau: + Lénh 1: Reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ WorkFalders /v AllowUnsecureConnection /t REG_DWORD /d 1 + Luh 2: Reg add HKLM\Software\Microsoft\Windows\CurrentVersion\WorkFolders V | ServerUrl t REG_SZ./d hitp//pe0 Lnhatnghe,Jocal + Lénh 3: Reg add HKLM\SOFTWARE Microsofi\Windows\CurrentVersion\WorkFolders /V tng od UnSOFMARE ervefiidos\CrrnterstntrkFlders Jv Sel RG /4 Migs /oh- sarge Beat 1 8 WRUNSOPTINREVeresets Mn CirrenverlanhokFabers fv Poldgloerel REGHD 1 5 B2 - Lin Iai thanh file WorkFolders.bat. B3 ~ Quay Iai Group Policy Management. ‘Chu@t phai vio file WorkFolders.bat > chon phai vio GPO WorkFolders > chon Edit Copy [a Fle Action View Window Help ® ee Ale x =. Z Guy ey Manage =. 3 Foes: NHATHGHELOCAL sun oh Dorie “218 NHATNGHELOCAL gf Default Domsin Policy > Zi Domain Controllers 43) Member » Bd - Mé theo during din: Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown), hung bén phai nhin double click vao Startup ——~—=| BS-Whén nit Show Files “eye gt te adie uw Fy het es 2 Polkaontaor , | Ey Wot coavIT@ELOCAI Pal 1B Compute Conigrton on 7 Sot Sge 153 Wow Sg 1 Nome ton Patcy fe Sees Onan | a 104 Phién Ban Thif Nohigm ~ Luu Hanh N@i BO |‘TRUNG TAM DAO TAO CNTT NHAT NGHE 4 pe OI TAC BAO TAO CUA MICROSOFT TAI VIET NAM ah ke {105 83 Huyén Thanh Quan, Quén 3, TP.HCM ‘Microsoft Partner NHATNGHE Tel: 08.39322.735 - 0913.735.906 peated NHAT NGHE Website: www.nhatnghe.com 'BG - Chudt phdi chon Paste. Quan sét théy file B7 - Nhdn wit Ada WotkFolders bat di duge din vio. at eae] Sone ib Graiesorne Yt ER + [Ee ame Vow a 1 dotep (Bwcaraarna 1 Dewi = aaa BS - Nhdn nit Browse va trd drémg dn dén file WorkFolders.bat > OK “B9-Mé CMD, g6 lénh Gpupdate /Force 7. Kidm tra (Thye hign trén may PCOS) ‘BL - Log on user Ti, nhdn té hgp phim 1+ — B2~ 0 khung bén tréi, chon Groups > Double R, 96 Iénh LuseMgr.msc > OK click vio Administrators 3 - Quan sit thly Group Sales nim tong Local Administrator B4- MG File Explorer > nbn vio This PC > sit thay 06 Work Folders, Phién Ban Thit Nghigm — Luu Hanh NGI BG 105TRUNG TAM DAO TAO CNTT NHAT NGHE AER, POvtAc oko a0 Gua micnosort tat vigr nam zy He 405 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner AT N ‘Tel: 08.39322,735 - 0913.735.906 — NHATNGHE Website: www .nhatnghe.com "BS -Mé Notepad, to file titxt vA uu vio B6- Ma Control Panel, chon Work Folders Testa Navigation (g Toubsootg Won elecee a indo Fenl BT- Nhan Apply Pe (117 GB bvalzie on the server PM sree ey ai B9 - Di liu duge ding b6 héa. User Ti ngbi & bit ky may nao ciing sé thay Work Folder nay. 117 GB levallble on the server [Marae sco ison Srecmmtintematine peter nent conten) oven ahaincena 1B - Quan sit thiy iu : aS 106 Phién Ban Thif Nghigm ~ Luu Hanh NOI BG‘RUNG TAM DAO TAO CNT NHAT NGHE EE. POL TAC DAO TAO CUA MICROSOFT TAT VIET NAM 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Tel: 08.39322.735 ~ 0913.735.906 NAAT NGAE NGHE Website: www.nhatnghe.com eS PRINTER CAC BUGC TRIEN KHAL 1, Local Printer 2. Network Printer 3. Map Printer 4, Phin quyén 5. Printer pooling 6. Available Time 7. Spool folder 8. Priority 9. Additional Driver 10. Deploy Printer A- CHUAN BI ~M6 hinh bai lab bao gm 2'may + PCO1: Windows Server 2012 R2 DC (Domain; NHATNGHE.LOCAL) +Pco2: lows Server 2012 R2~ Join Domain + Trén may PCOL + Tao 3 user: KT1, NSI, Ul. Tyo 2 group: KeToan va NhanSu + Add user KT vio group KeToan, add user NS1 vio group NhanSu + Chinh Policy Log on Locally: cho phép group Users 06 quyén log on vio PCO1 + Gid sir d3 66 1 méy in HP e6 IP 192.168.7,150 ES Phién Ban Thif Nghigm ~ Luu Hanh N6i BS 107‘TRUNG TAM BAO TAO CNTT NHAT NGHE Website: www.nhatnghe.com| 1. Local Printer (Thye hign trén may PCO1) B1 - Mé Control Panel > chon Devices and Printers [2 bata tne [Hg Dee gros BOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM a 4305 Bd Huyén Thanh Quan, Quén 3, TP.HCM Tel: 08.39322.735 ~ 0913.735.906, Microsoft Paries B2 - Nhin vao nit Add a Printer. Ey +t foamed Desee tnnge [id Biv ante BS - Mn hinh Add Printer > Next B4-- Chon Add a local printer or network printer with manual settings -> Next Find a printer by other options Cd piri a ect tnd once or fence amgle icenputnamepetemame or tatu ceopteman’ pote prtememel ptt Ade pee ing a TCP adress erhoname Add Beth wile or tet dco pine B7-Nhin vio nit «én thir mye driver cia may in > OK 1B8 - Chon ding model may in cia minh > Next B10 - Man hinh Printer Sharing, gift nguyén mie dinh Share this printer so that others on your network can find and use it > Next ‘ste dice [apa BS - Min hinh Choose a printer port, git nguyén nhur mjc dinh > Next BG - Man hinh Install the printer driver > nhén ‘vio mit Have Disk ‘B9 - Man hinh Type a printer name, dit tén cho may in > Next Type @ printer name Printer name ——| HP Laveret PIT BAL - Nbin Finish > Quan sit trong phiin Printers 48 xuat hign may in vita cai dat. yom a BB = eae 108 Phién Ban This Nghiém ~ Liu Hanh NGi BGTRUNG TAM DAO TAO CNTT NHATNGHE bk” ‘DOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM fe & 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner HAT NGHE Tel: 08.39322.735 - 0913.735.906 oe NHAT NGHE Website: www.nhatnghe.com ‘Network Printer (Thyc bign tgi mdy PCO1) B1-Mé Control Panel > Devices and ‘BS - Man hinh Choose a printer port Chon Printers -> nhdn Add a Printer > Next ‘Create a new port > Chon dang Standard ‘TCPIP Port > Next 'B2-Chon Add a local printer or network [Choose a printer port printer with manual settings > Next. J prints ports typeof connection tha allows your co | BA Khai bdo cfc thong s6 sau | + Hostname or IP address: 192.168.7.150 + Port name; 192.168.7.150 + BS di chon trade dng Query the printer |. crates new port and automaticaly slot the vero use > spoof amare] TEMP Por Type a printer hostname or P address [O Usean esting port Ti: Printer Port) BS Chon Custom -> Next I eset pone Honnamece edges Perens fee] cerevcnet _t | aemerminammarenmaeee]| | tment canoer teers BG - Man hinh Install the printer driver > hin vio nit Have Disk B7--Nhin vio nit Browse > trd duéng din B8-Chon model mAy in cia minh > Next dién vio: installed (recommened) -> Next ‘NetworkPT > Next Which version he ver 6 yeast ue? BIL-Chon Do not share this printer > Next _ | “/"“tsts'®*+ ios tmarinttet tai pret > Finis Chgset ‘B10 - Quan sit thay may in NetworkPT vita tao. 4 anes) '@ Do not share this printer y i ‘ J } contins Sept! hPL Phién Ban Thit Nghiém ~ Luu Hanh N6i BG. 108TRUNG TAM DAO TAO CNTT NHAY NGHE a Wk: fot BOI TAC BAO TAO CUA MICROSOFT TAI VIET NAM oe TARL™ 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner NI Tel: 08.39322.735 - 0913.735.906 Nes . NHAT NGHE Website: www.nhatnghe.com ‘3. Map Printer . BI - Trén PCO1, x6a may in NetworkPT B3- Chose phai vao may in > chon Connect B2- Qua méy PC02, log on Administrator > ‘Truy efip vao may PCOI. 1B4 -Whin vio nit Install driver Windows ead te download ad ine votre se BS- Quan sat thdy d3 cb may in cia PCO oma conpa sama cempourese fe Pntes We lowe | Merie¥S——Sgt 1 PIBobctn Decent ate 4, Phim quyén (Thuc hign trén PCO1) + UI khéng 06 quyén in + Group KeToan c6 quyén in va quin Ij document + Group NhanSu e6 guyén in vé chi x6a diege document do minh tao ra BA - Chudt phai lén may in > Chon See 'B2 - Hop thoai may in xudt ‘what's printing Printer > Chon Pause Printing > Sau d6 ding ® + tere aice yb thogi may in Ii | Addadevice Adda printer See what's | » Devices 2) 4 Printers @)ag TRUNG TAM DAO TAO CNTT NHAT NGHE hE BOI TAC DAO TAO CUA MICROSOFT TAI VIET NAM ah Website: www.nhatnghe.com BS - Chu6t phai lén may in > Chon Printer Properties BG - Phin quyén group KeToan: Print (Allow), Manage document (Allow) [ee el Sear ae {Beret econ Ned BI2- Chon Cancel document cia user KT > Khéng thé thy hign 105 B3 Huyén Thanh Quan, Quén 3, TP.HCM NHATNGHE Tel: 08.39322.735 - 0913.735.906 Microsoft Partner BA - Toi tab Security > Remove eéc group ngoai trit2 group Administrators va Creator Owner , add thém 2 group KeToan va NhanSu vio ‘BS - Phin quyén Group NhanSu: Pr [essai Tete Go twnenet Som BT - Kiém tra: Log on K’ 1a Notepad soan ni ddung bat ki va gi Iénb in 3 Hin BS - Mé Control Panel -> Devices and Printers > Double click vao méy in > Double Click See ‘what's printing > Chugt phi fén cde document ang cb chon cancel 4 hiy lénh in > Hp thogi ‘nh bo chon Yes > Cancel thanh cdng B10 ~ Log on NS1 > Mé notepad sogn noi dung ‘bat ki va git Iénh in 3 lain BLL - Md Control Panel > Devices and Printers > Double click vao may in Lexmark > Double Click See what’s printing > Chugt phai lén cdc document dang c6 cia user NSI chon cancel dé Indy Kah in -> Hop thoai cénh béo chon Yes > Cancel thinh cng, B13 - Log on Ul: Mé Notepad > in thir > khéng ‘thay mAy in do khéng c6 quyén in. Phién Ban Thi Nghigm ~ Luu Hanh NGI BO a‘TRUNG TAM BAO TAO CNTT NHAT NGHE OI'TAC DAO TAO CUA MICROSOFT TAI VIET NAM a 105 Ba Huyén Thanh Quan, Quén 3, TP.! HEM Microsoft Partner Tel; 08.39322.735 - 0913.735.906 “s Website: www.nhatnghe.com ————S————— 5, Printer pooling (Thue hign trén PCO1) ‘Muc dich: Tao ra J printer sie dung chung 2 méy in vit if BI - Thuc hign céc thao tic giéng phin 1dé —_B3- Trong tab Ports - Banh diiu chon vio 2 add thém printer Lexmark trén port LPT2 mye: LPT] va LPT2 > Sau dé anh dau chon ‘yao 6 Enabled printer pooling > OK B2 - Trong phin Printers > Chudt phai len dy in HP - Chon Printer Properties : her 6, Available Time (Thyc hign trén PCO!) BI - Mé phan Devices and Printers > Chudt phai lén may in HP -> Chon Printer Properties. BS - Kiém tra: PCO2: Log on administrator iu chinh gid hg théng la 16:00 PM B4- Logon KT1: Mé notepad > in thir > khéng thé in duge 7. Spool folder (Thue hign tai PCO!) Muc dich: Thay déi noi teu cée print job in Devies and Printers > Chon B2- Qua tab Advanced > d8i dug din * “Spool folder” > “C:\PRINTERS” > OK Yes | reson sitspte_tanttiy [Rarer] B3- Kiém tra: Trong 6 C: 06 thu myc Printers > Quan st noi cia print job m Phién Ban Thi Nghigm ~ Lau Hanh NOI BGTRUNG TAM BAO TAO CNTT NHAT NGHE wi re* OI TAC DAO TAO CUA MICROSOFT TAI VIET NAM 105 88 Huyén Thanh Quan, Quén 3, STHGHE Tel: 08.39322.735 - 0913.735.906 NHATNGHE Website: www.nhatnghe,com 8, Priority (Thyc hign tai PCO!) TPAHCM Microsoft Partner BL Thyc hin giéng phiin | dé tao 1 printer _B3 - Trong tab security phn quyén cho group ‘nGi d3¢ tén lb VIP KeToan x B2- Tai mye Printers -> Chudt pha lén Printer VIP -> Chon Printer Properties B4- Qua tab Advanced > Trong phin Priority > dién s6 2 > OK F fee Tie | Heed I Always matale © duo from 9. Additional Driver PCO1: Add thim driver dénh cho Windows 8 Nén mdy in HP > chon Printer Properties Drivers BJ - Ma Devices and Printers > Chust phai BZ - Qua tab Sharing > Nh&n vio nit Additional Diver {Fh pints nare with se ning Sent indng you may wort tat addtional dive, atthe sa det ave te ithe pnt vere ty ‘ard pete, ete Seta det ptr Pring pelrence Phién Ban Thur Nghiém - Luu 'B3 - Dinh du chon vao 6 x86 dé add thém phin driver cho Windows 8 > OK nee Hanh NOI BG a3TRUNG TAM BAO TAO CNTT NHAT NGHE ‘Or TAC BAO TAO CUA MICROSOFT TAI VIET NAM ah 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM Microsoft Partner Tel: 08.39322.735 ~ 0913.735.906 —. Website: www.nhatnghe.com 10, Deploy Printer (Thyc hign tai PCO1) BI - Ma Server Manager-> Menu Manage _B2 - Cac bude dau tién, nhdn Next theo mac dinh > Add Roles and Features > Min hinh Server Roles -> Chon Print and Document Services B3- Chon Add Features > Next theo mge fae 1B4- Man hinh Role Services > dinh du chon vio Print Server > Next TEP Danas Santor Bice aon eearet ig, Eton rcuestcns see BS - Man hinh Confirmation > Banh du chon vio 4 Restart the destination server 7 ~ Bung muc Print Servers > PCO > Printers automatically if required > Nhan Install > > Khung bén phai chudt phai vao may in HP > Close chon Deploy with Group Policy BG -Mé Server Manager > menu Tools > |! 3 ie” | San ww SUS Print Management eh [Here tal BB-GmyeGPOName > Nhin Browse — |, 20 oa | ‘sem 'B9 - Chon Default Domain Policy > OK | oe ne B10 - Dinh déu chon rude 6 The computers that the GPO applies o (per machine) > Chon Add > : look in: [BENHATRGHELOCAL Dowains, QUs ad irked Group Pokey Otel [lise tate 20 re BL - Man hinh can béo chon OK B12 - Kiém tra: Trén may PCO2: log on ‘Administrator > x6a cde méy in 4X cai dat > Restart Iai may B13 - Vao Iai phan Printers > Quan st thy c6 as rméy in HP 68 duge c&i dt li aS a4 Phién Ban Thif Nghigm ~ Luu Hanh NGi BGTRUNG TAM DAO TAO CNTT NHAT NGHE PEL, 201 Thc DA0 TA0 Gia micRosOFT Tal Vier NAM aN bi 2105 B& Huyén Thanh Quan, Quan 3, TP.HCM Microsoft Partner : Tel: 08.39322.735 ~ 0913.735.906 on HAT NGHE Website: www.nhatnghe.com MONITORING CAC BUOC TRIEN KHAI 1. Tyo Data Collector Set 2. Lap lich chay Data Collector Set A- CHUAN B] ‘M6 hinh bai lab bao gdm 1 miy Windows Server 2012 R2 + Tit User Account Control ~ Log on Administrator B-THYCHIEN 1. Teo Data Collector Set BI - Mé Server Manager -> menu Tools -> _B2 - Chu§t phai lén User Defined - New > Data ‘chen Performance Monitor Tim [Beene Pt BS - Dt tén la NhatNghe > Chon Create B4- Chon Create data logs > Dénh dau chon vao_ semen 2.6 Performance counter va System Configuration Information > Next BS ~Nhén nit Add BG - Bung phin Processor > Chon % Processor Time > Add Phién Ban Thi Nghigm ~ Luu Hanh NGi.B9 usTRUNG-TAM DAO TAO CNTT NHATNGHE _ Uh '% pOL TAC DAO TAO CUA MICROSOFT TAI VIET NAM ah id & 105 Ba Huyén Thanh Quan, Quén 3, TP.HCM ‘Microsoft Partner Tel: 08.39322.735 - 0913.735.906 Se Website: www.nhatnghe.com NHAT NGHE BS — Bung phan Physical Disk > Chon % — B9~ Bung phin Network Interface > Chon Bytes Time va Avg. Disk Queu Length-> Total/see > Add Add —_ fa = ame Ms 5 Ss ree “i so exec Peper = (ante aa 4 B10 - Kim tra cdc counter di Add > OK > [Frestoraan oa B11 - Chon Browse > Make New Folder > Monitoring > OK -> Next B12 - Nhin Finish ‘BIB - Chupt phai lén Data Collector Nhat Nghe vita tao Start B14 Sau khi Start khong 5 phit > Chu FE fie—eton View Wado hai chon Stop = = [Se em tor Wen ta je >| ale] Xe ae ela kG 6s) Oe \@Petoomnce “Gi Monitoring Tools Id Performance Monitor 4 © Data Collector Sets ‘Sere Tonga] 16 Phién Ban Thr Nghiém ~ Luu Hanh NGI BOWebsite: www.nhatnghe.com TRUNG TAM DAO TAO CNTT NHAT NGHE OT TAC BAO TAO CUA MICROSOFT TAI VIET NAM ah 105 BA Huyén Thanh Quan, Quén 3, TP.HCM, Tel: 08,39322,735 ~ 0913.735.906 Microsoft Partner ‘eport -> User Defined > NhatNghe > 0001 : Quan sit ed chi s6 43 duge ru Iai cia Processor, Memory, Physical Harkdisk, Network Interface L4p lich chay Data Collector Set BI -Mé theo dung dn Data Collector Sets > User Defined > Chust phai vio NhatNghe > Proper esicwwenanTRUNG TAM BAO TAO CNTT NHAT NGHE J, BOrTAC BAO TAO CoA MICROSOFT Tar viET NAM © 105 Ba Huyén Thanh Quan, Quin 3, TP.HCM Microsoft Parte ART NGRE Tel: 08.29322.735 - 0913.735.906 BACKUP & SHADOW COPY CAC BUOC TRIEN KHAL 1. Cai d3t Windows Server Backup 2, Backup - Recovery Fille 3. Backup ~ Recovery System State 4, Lip lich backup 5. Shadow Copy A- CHUAN BI 'Mé hin bai lab bao gbm 2 méy: PCO}: Windows Server 2012 R2— DC (Domain: NHATNGHE.LOCAL) + PCO3: Windows Server 2012 R2 ~ PCO]: Tao thur muc CADATA. Trong DATA tao 2 file: DATAL.TXT va DATA2.TXT. 5 CADATA 2 Favorites HS Desitop 1% Downloads Name (i oara Li paraz Date mediied sya von ps 24/2014 091 9A Recent places WE This PC Ge Network 2items ~PCO1: Tao user Ul/password: 123 ~PCO3: Teo 2 thur mye Backup vi BackupSystem trong 6 C:, Share full ed 2 thu mye ————— us Phién Ban Thit Nghigm ~ Luu Hanh NGi BS

Nhat Nghe 70-410 Windows Server 2012 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Nhat Nghe 70-410 Windows Server 2012 PDF

Uploaded by

Copyright:

Available Formats

You might also like