Lab 70-291

TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI MICROSOFT WINDOWS SERVER 2003
CC BI TP THC HNH
HANI APTECH 2006
MC LC
THC HNH 1: TRIN KHAI DCH V DHCP ................. 5
TRC KHI BN BT U .............................................................. 6 KCH BN ............................................................................................. 8 BI TP 1-1: S DNG APIPA .......................................................... 8 BI TP 1-2: CI T DCH V DHCP SERVER......................... 10 BI TP 1-3: U QUYN DCH V DHCP SERVER TRONG ACTIVE DIRECTORY........................................................................ 11 BI TP 1-4: THM, CU HNH V KCH HOT MT PHM VI DHCP.................................................................................................... 12 BI TP 1-5: THM A CH IP DNH SN CHO MY TRM 16 BI TP 1-6: CU HNH CC TU CHN DHCP ........................ 19 BI TP 1-7: CU HNH MT DHCP RELAY AGENT ................ 21 BI TP 1-8: KHI NG DCH V DHCP SERVER .................. 27 CC CU HI N TP ..................................................................... 29 THC HNH NNG CAO 1-1: CHUYN I SANG CP PHT A CH IP NG .............................................................................. 30
THC HNH 2: QUN L & GIM ST DHCP .............. 31

TRC KHI BN BT U ............................................................ 31 KCH BN ........................................................................................... 37 BI TP 2-1: SAO LU & KHI PHC CSDL DHCP ................... 38 BI TP 2-1: NN (COMPACTING) CSDL DHCP ......................... 39 BI TP 2-3: NHT K KIM TON DHCP ................................. 40 BI TP 2-4: THEO DI HIU NNG DHCP................................. 44 BI TP 2-5: GII QUYT VIC CC MY CH V MY TRM B MT CU HNH ............................................................... 47 BI TP 2-6: LOI B S PH THUC GIA CC BI THC HNH ................................................................................................... 50 CU HI N TP............................................................................... 52 THC HNH NNG CAO 2-1: TO CHIN LC SAO LU CHO CONTOSO .................................................................................. 52 THC HNH NNG CAO 2-2: CU HNH CC CP NHT NG ................................................................................................... 52
THC HNH 3: CI T & CU HNH DCH V DNS SERVER................................................................................... 54

KCH BN ........................................................................................... 54 BI TP 3-1: CI T DCH V DNS............................................ 55
BI TP 3-2: TO & CU HNH DNS ZONES............................... 57 BI TP 3-3: TO CC BN GHI DNS .......................................... 67 BI TP 3-4: CU HNH FORWARDING....................................... 70 CU HI N TP............................................................................... 72 THC HNH NNG CAO 3-1: CU HNH DNS............................ 73
THC HNH 4: QUN L & GIM ST DCH V DNS SERVER................................................................................... 74

TRC KHI BN BT U ............................................................ 74 KCH BN ........................................................................................... 77 BI TP 4-1: CC TC V CHUN B .......................................... 77 BI TP 4-2: NG B VNG DNS TH CNG ......................... 79 BI TP 4-3: THEO DI V KHC PHC S C DNS............... 83 BI TP 4-4: QUN L DNS............................................................ 88 BI TP 4-5: BO MT DNS ........................................................... 92 BI TP 4-6: LOI B DCH V DNS SERVER. .......................... 96 CC CU HI N TP ..................................................................... 98 THC HNH NNG CAO 4-1: CI T V QUN L DNS ..... 98 THC HNH KHC PHC S C: TRIN KHAI CC DCH V MNG ................................................................................................ 100
THC HNH 5: BO MT TRONG MNG.................... 103

KCH BN ......................................................................................... 103 BI TP 5-1: KIM SOT BO MT ........................................... 104 BI TP 5-2: P DNG CC MU BO MT............................ 105 BI TP 5-3: GN QUYN CHO NGI S DNG .................. 109 BI TP 5-4: S DNG H THNG FILE M HA .................. 110 BI TP 5-5: CI T V CU HNH MICROSOFT BASELINE SECURITY ANALYZER (MBSA) ................................................... 118 CU HI N TP............................................................................. 121 THC HNH NNG CAO 5-1: LP K HOCH BO MT CHO WINGTIP TOYS ................................................................................ 121
THC HNH 6: S DNG IPSEC BO MT LU THNG MNG .................................................................... 122

KCH BN ......................................................................................... 122 BI TP 6-1: S DNG IPSEC KHA CC LU THNG TCP/IP................................................................................................. 122 BI TP 6-2: S DNG IPSEC M HA CC LU THNG FTP...................................................................................................... 129 BI TP 6-3: MANAGING IPSEC POLICIES................................ 138 BI TP 6-4: THEO DI V KHC PHC S C IPSEC.......... 141
BI TP 6-5: D B CC CHNH SCH IPSEC ......................... 144 CU HI N TP............................................................................. 145 THC HNH NNG CAO 6-1: BO V D LIU BNG IPSEC ............................................................................................................. 146
THC HNH 7: S DNG RRAS CU HNH NH TUYN................................................................................... 148

CC BC CHUN B.................................................................... 148 KCH BN ......................................................................................... 157 BI TP 7-1: KCH HOT ROUTING AND REMOTE ACCESS 157 BI TP 7-2: CU HNH NH TUYN IP................................... 158 BI TP 7-3: TO MT MNG RING O VPN........................ 164 BI TP 7-4: TRIN KHAI CC CHNH SCH TRUY CP T XA ............................................................................................................. 172 BI TP 7-5: CU HNH NAT........................................................ 180 BI TP 7-6: CU HNH CC B LC GI ................................ 184 BI TP 7-7: G B DCH V ROUTING AND REMOTE ACCESS ............................................................................................. 187 CU HI N TP............................................................................. 188 THC HNH NNG CAO 7-1: THIT K MT GII PHP TRUY CP T XA ....................................................................................... 188
THC HNH 8: DUY TR KIN TRC MNG .............. 190

CC BC CHUN B.................................................................... 190 KCH BN ......................................................................................... 194 BI TP 8-1: S DNG CNG C TASK MANAGER............... 194 BI TP 8-2: S DNG MN HNH QUN TR PERFORMANCE ............................................................................................................. 197 BI TP 8-3: GIM ST LU LNG MNG ........................... 202 BI TP 8-4: X L S C KT NI .......................................... 206 BI TP 8-5: CU HNH CC DCH V TRN WINDOWS SERVER 2003 .................................................................................... 209 BI TP 8-6: G B CC THNH PHN CI T................... 213 CU HI N TP............................................................................. 214 THC HNH NNG CAO 8-1: GIM ST V X L S C MNG ................................................................................................ 214
TRIN KHAI DCH V DHCP
THC HNH 1: TRIN KHAI DCH V DHCP

Bi thc hnh ny bao gm cc bi tp v cng vic sau y: Bi tp 1-1: S dng APIPA Bi tp 1-2: Ci t DHCP Server Bi tp 1-3: y quyn dch v DHCP Server trong Active Directory Bi tp 1-4: Thm, cu hnh, v kch hot mt phm vi DHCP Bi tp 1-5: Thm cc DHCP dnh sn cho my trm Bi tp 1-6: Cu hnh cc tu chn DHCP Bi tp 1-7: Cu hnh DHCP Relay Agent Bi tp 1-8: Khi ng dch v DHCP Server Cc cu hi n tp Thc hnh nng cao 1-1: Chuyn i sang c ch Cp pht a ch IP ng Sau khi hon thnh bi thc hnh ny, bn c th: Cu hnh APIPA v cp pht IP th cng Thm v u quyn mt dch v DHCP Server Cu hnh mt phm vi DHCP Cu hnh mt DHCP dnh sn cho my trm Cu hnh cc tu chn phm vi DHCP Cu hnh mt DHCP relay agent. Thi gian d kin: 155 pht (d tnh ny bao gm cc th tc ci t trc khi bn bt u)
TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003
TRC KHI BN BT U
Thi gian d kin hon thnh: 10 pht hon thnh cc bi tp trong Thc hnh 1, bn cn phi ci t mt b giao tip mng th hai trong mi my tnh ca hc vin. Kt ni my tnh ca mi hc vin bng dy cp cho ni cc giao tip mng th hai vi nhau. Bng 1-1 c s dng cu hnh cc my tnh ca hc vin trong bi thc hnh ny. Tuy nhin, khng nht thit phi to ra cc thay i cu hnh ti bc ny. Sau khi hon thnh Thc hnh 1, phi d b cc giao tip mng th hai hoc v hiu (disable) chng trong giao din Microsoft Windows trc khi tip tc cc bc thc hnh tip theo. Bng 1-1 Computer Name Computer01 Computer02 Computer03 Computer04 Computer05 Computer06 Computer07 Computer08 Computer09 Computer10 Computer11 Computer12 Ci t a ch IP cho cc my hc vin Contoso Ltd., Network IP address: 10.1.1.1 Subnet mask: 255.255.0.0 IP address: 10.1.1.2 Subnet mask: 255.255.0.0 IP address: 10.1.1.3 Subnet mask: 255.255.0.0 IP address: 10.1.1.4 Subnet mask: 255.255.0.0 IP address: 10.1.1.5 Subnet mask: 255.255.0.0 IP address: 10.1.1.6 Subnet mask: 255.255.0.0 IP address: 10.1.1.7 Subnet mask: 255.255.0.0 IP address: 10.1.1.8 Subnet mask: 255.255.0.0 IP address: 10.1.1.9 Subnet mask: 255.255.0.0 IP address: 10.1.1.10 Subnet mask: 255.255.0.0 IP address: 10.1.1.11 Subnet mask: 255.255.0.0 IP address: 10.1.1.12 Litware Inc., Network IP address: 192.168.0.1 Subnet mask: 255.255.255.0 IP address: 192.168.0.2 Subnet mask: 255.255.255.0 IP address: 192.168.0.3 Subnet mask: 255.255.255.0 IP address: 192.168.0.4 Subnet mask: 255.255.255.0 IP address: 192.168.0.5 Subnet mask: 255.255.255.0 IP address: 192.168.0.6 Subnet mask: 255.255.255.0 IP address: 192.168.0.7 Subnet mask: 255.255.255.0 IP address: 192.168.0.8 Subnet mask: 255.255.255.0 IP address: 192.168.0.9 Subnet mask: 255.255.255.0 IP address: 192.168.0.10 Subnet mask: 255.255.255.0 IP address: 192.168.0.11 Subnet mask: 255.255.255.0 IP address: 192.168.0.12 6
TRIN KHAI DCH V DHCP Subnet mask: 255.255.0.0 IP address: 10.1.1.13 Subnet mask: 255.255.0.0 IP address: 10.1.1.14 Subnet mask: 255.255.0.0 IP address: 10.1.1.15 Subnet mask: 255.255.0.0 IP address: 10.1.1.16 Subnet mask: 255.255.0.0 IP address: 10.1.1.17 Subnet mask: 255.255.0.0 IP address: 10.1.1.18 Subnet mask: 255.255.0.0 IP address: 10.1.1.19 Subnet mask: 255.255.0.0 IP address: 10.1.1.20 Subnet mask: 255.255.0.0 IP address: 10.1.1.21 Subnet mask: 255.255.0.0 IP address: 10.1.1.22 Subnet mask: 255.255.0.0 IP address: 10.1.1.23 Subnet mask: 255.255.0.0 IP address: 10.1.1.24 Subnet mask: 255.255.0.0 IP address: 10.1.1.25 Subnet mask: 255.255.0.0 IP address: 10.1.1.26 Subnet mask: 255.255.0.0 IP address: 10.1.1.27 Subnet mask: 255.255.0.0 IP address: 10.1.1.28 Subnet mask: 255.255.0.0 IP address: 10.1.1.29 Subnet mask: 255.255.0.0 IP address: 10.1.1.30 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 IP address: 192.168.0.13 Subnet mask: 255.255.255.0 IP address: 192.168.0.14 Subnet mask: 255.255.255.0 IP address: 192.168.0.15 Subnet mask: 255.255.255.0 IP address: 192.168.0.16 Subnet mask: 255.255.255.0 IP address: 192.168.0.17 Subnet mask: 255.255.255.0 IP address: 192.168.0.18 Subnet mask: 255.255.255.0 IP address: 192.168.0.19 Subnet mask: 255.255.255.0 IP address: 192.168.0.20 Subnet mask: 255.255.255.0 IP address: 192.168.0.21 Subnet mask: 255.255.255.0 IP address: 192.168.0.22 Subnet mask: 255.255.255.0 IP address: 192.168.0.23 Subnet mask: 255.255.255.0 IP address: 192.168.0.24 Subnet mask: 255.255.255.0 IP address: 192.168.0.25 Subnet mask: 255.255.255.0 IP address: 192.168.0.26 Subnet mask: 255.255.255.0 IP address: 192.168.0.27 Subnet mask: 255.255.255.0 IP address: 192.168.0.28 Subnet mask: 255.255.255.0 IP address: 192.168.0.29 Subnet mask: 255.255.255.0 IP address: 192.168.0.30 Subnet mask: 255.255.255.0
Computer13 Computer14 Computer15 Computer16 Computer17 Computer18 Computer19 Computer20 Computer21 Computer22 Computer23 Computer24 Computer25 Computer26 Computer27 Computer28 Computer29 Computer30
KCH BN
Bn l mt qun tr mng cho Cng ty Litware. Gy y, cng ty Contoso tip nhn cng ty Litware. Do vy, Litware hin ang m rng mng. Trc y, Litware s dng gii php cp pht a ch IP ng (APIPA). Do c s gia tng v s lng my trm (yu t thc y Contoso tip nhn Litware) v do thc t l cc nh qun tr mng ci t mt b nh tuyn cho php ngi s dng truy cp Internet, bn c yu cu phi lp k hoch v ci t mt h thng cp pht a ch ng bng cch s dng giao thc DHCP (Cu hnh a ch ng cho my trm). Bn hp tc vi mt i tc ci t dch v DHCP Server v cu hnh n gn cc tham s cu hnh cn thit.
BI TP 1-1: S DNG APIPA

Thi gian d kin hon thnh : 15 pht Trong bi tp ny, bn s cu hnh mt a ch IP tnh cho giao tip mng Sau , bn s xem xt v xc nh cc thng tin cu hnh Giao thc (TCP/IP) c gn cho cc giao tip mng
Hin th Thng tin nh a ch IP Th cng

QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. Vic ny s cho php bn hin th cc thng tin nh a ch IP th cng c cu hnh trn my ch. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, chn Run, nhp cmd, v nhn phm Enter 3. Ti du nhc lnh, nhp cu lnh ipconfig /all v sau nhn phm Enter 4. Ghi li cc thng tin a ch IP ca giao tip mng Contoso Ltd. a. IP address b. Subnet mask TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 8
TRIN KHAI DCH V DHCP c. Default gateway d. DNS server CU HI: My tnh nhn c a ch IP cho giao tip mng Contoso Ltd. t u?
Hin th Thng tin cp a ch APIPA

QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. Kim tra cp cho c kt ni gia cc my tnh ca hc vin. 1. S dng cc bc nh trn, ghi li thng tin cu hnh a ch IP ca giao tip mng Litware Inc theo cc bc sau: a. IP address b. Subnet mask c. Default gateway d. DNS server CU HI: My tnh nhn c a ch IP cho giao tip mng Litware Inc. t u? 2. ng ca s du nhc lnh bng cch nhp vo lnh exit
Nhp thng tin a ch IP cho giao tip mng Litware, Inc

QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. Vic ny cho php bn cu hnh a ch IP tnh trn giao tip mng Litware, Inc. s dng thng tin a ch IP trong bng 1-1 nhn c da ch IP ng cho giao tip mng Litware, Inc. 1. Nhn chut phi vo Giao tip mng Litware, Inc 2. Chn Properties. 3. Chn Internet Protocol (TCP/IP) trong danh sch cc thnh phn, v nhn Properties. 4. La chn Use Following IP Address option. 5. Nhp cc thng tin a ch IP t bng 1-1. 6. Nhn OK chp nhn thay i cc thuc tnh a ch IP. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 9
TRIN KHAI DCH V DHCP 7. Nhn Close chp nhn cc thay i kt ni mng.
BI TP 1-2: CI T DCH V DHCP SERVER

Thi gian d kin: 10 pht chun b cho vic cp pht a ch ng, bn phi ci t dch v DHCP Server. QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. iu ny cho php bn cu hnh my ch nh l mt DHCP Server. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, v tip theo nhn p chut vo Administrative Tools. Nhn chut phi vo Manage Your Server, v chn Run As m hp thoi Run As. 3. Trong hp thoi Run As, chn Following User option (Ty chn ngi dng sau) v nhp cc thng tin nh khon nh sau m trang Manage Your Server. a. Trong hp User, nhp administrator@Domain.Contoso.Com b. Trong hp Password, nhp MSPress@LS#1 4. Trn trang Manage Your Server, nhn Add Or Remove A Role, v tip theo nhn Next. 5. Trong Configure Your Server Wizard, chn DHCP Server, v tip theo nhn Next 6. Trn trang Summary of Selection, nhn Next 7. Trong New Scope Wizard, nhn Cancel dng vic to phm vi vo thi im ny 8. Trong Configure Your Server Wizard, nhn Finish. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 10
BI TP 1-3: U QUYN DCH V DHCP SERVER TRONG ACTIVE DIRECTORY

Thi gian d kin hon thnh: 10 pht By gi dch v DHCP Server c ci t, bn phi u quyn cho n trong dch v Active Directory.
U quyn Dch v DHCP Server

QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. Vic ny cho php bn u quyn my ch DHCP ca bn trong dch v th mc Active Directory. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. a. Trong hp User Name, nhp eadmin@contoso.com b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh DHCP 6. Trong cy mn hnh bng iu khin, chn tn my ch Computerxx .Domain.Contoso.Com 7. Nhn chut phi vo tn my ch 8. Trong thc n hin ra, nhn Authorize 9. xc nhn rng DHCP server c u quyn, trong cy mn hnh bng iu khin, nhn F5 10. By gi mn hnh bng iu khin s hin th mt mi tn mu xanh. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 11
TRIN KHAI DCH V DHCP CU HI: Ti sao chng ta phi u quyn cho my ch DHCP?
BI TP 1-4: THM, CU HNH V KCH HOT MT PHM VI DHCP

Thi gian d kin hon thnh: 15 pht By gi dch v DHCP Server c ci t v n c u quyn trong dch v th mc Active Directory. Bc tip theo l cu hnh v kch hot phm vi DHCP. Khi phm vi DHCP c to v kch hot, i tc my tnh c s hiu cao hn s thay i cc thuc tnh trong thit lp giao thc TCP/IP v nhn mt a ch IP t my ch DHCP.
Thm v cu hnh phm vi DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny s cho php bn c thm mt phm vi DHCP cho my tnh ca i tc. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp nh khon sau y m mn hnh bng iu khin DHCP. User a. Trong hp administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. La chn my ch DHCP tng ng t cy mn hnh bng iu khin 7. Trn thc n Action, chn New Scope to mt phm vi DHCP mi. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 12
TRIN KHAI DCH V DHCP 8. Trong New Scope Wizard, nhn Next 9. Trong trang Scope Name, nhp cc thng tin cu hnh nh sau: a. i vi hp Name, nhp partners computer scope b. i vi hp Description, nhp scope for partners computer 10. Trn trang IP Address Range, nhp cc thng tin cu hnh sau: a. i vi mc Start IP Address, nhp a ch IP u tin cho i tc Litware Inc b. i vi mc End Start IP Address, nhp a ch IP cui cng cho i tc Litware Inc c. i vi mc Subnet Mask, nhp 24 bit hoc 255.255.255.0 11. Trn trang Add Exclusion, nhn Next 12. Trn trang Lease Duration, la chn 1 gi, v sau nhn Next 13. Trn trang Configure DHCP Options, chn No, I Will Configure These Option Later. Nhn Next 14. Trn trang Completing New Scope Wizard, nhn Finish.
Kch hot phm vi DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny s cho php bn kch hot phm vi DHCP. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP.
13
TRIN KHAI DCH V DHCP a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. La chn tn my ch DHCP trong cy mn hnh bng iu khin 7. La chn phm vi c tn l Partners Computer Scope 8. Trn thc n Action, chn Activate 9. ng mn hnh bng iu khin MMC. CU HI:: Ti sao bn li phi kch hot phm vi DHCP?
Dng dch v DHCP Server

QUAN TRNG: Hon thnh nhim v ny t my tnh c s hiu cao hn. Vic ny cho php bn nhn mt i ch IP t my ch DHCP server 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. User a. Trong hp administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. Trong ca s mn hnh bng iu khin DHCP, trc tin chn v sau nhn chut phi vo DHCP Server. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 14
TRIN KHAI DCH V DHCP 7. Trn thc n hin ra, la chn All Tasks, v tip theo chn Stop 8. ng tt c cc ca s.
Nhn a ch IP cp pht
QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn nhn mt i ch IP t my ch DHCP server 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, chn biu tng Network connections. 3. Nhn chut phi vo biu tng Litware Inc Network connections. 4. Chn Properties. 5. Chn Internet Protocol (TCP/IP) trong danh sch cc thnh phn, v sau nhn Properties. Chn Obtain An IP Address Automatically. 6. Nhn OK chp nhn cc thay i thuc tnh cu hnh a ch IP. 7. Nhn Close chp nhn cc thay i Network connections. 8. Nhn Start, v chn Run. 9. nh cmd, v nhn Enter. 10. Trong ca s Command Prompt, nh lnh ipconfig /renew. 11. Trong ca s Command Prompt, nh lnh ipconfig /all. 12. Hy kim tra xem a ch IP c hin th cho Litware Inc Network connections c phi l a ch IP c cu hnh trn my ch DHCP. Tng t bn cng kim tra a ch IP trn my tnh ca i tc.
Kim tra a ch IP c cp pht.

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn xem c i ch IP c cp pht t my ch DHCP server
15
TRIN KHAI DCH V DHCP 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. Chn tn my ch trong cy bng iu khin. 7. Chn phm vi c tn l: Partners Computer Scope 8. Chn Address Leases. 9. Kim tra xem Computerxx @Domain.Contoso.Com c lit k bn di ct Name trong Address Leases.
BI TP 1-5: THM A CH IP DNH SN CHO MY TRM

Thi gian d kin hon thnh: 10 pht Trong cc trng hp nht nh, nh cn dnh ring a ch IP cho mt my in, bn cn thit lp mt my trm DHCP lun nhn mt a ch ti mi thi im. Vic ny c th thc hin bng cch cu hnh a ch IP dnh sn cho my trm trong DHCP. Trong bi tp ny, bn s cu hnh a ch IP dnh sn cho my trm trn cc my ch DHCP.
Thm IP dnh sn cho my trm.

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn cu hnh mt i ch IP dnh ring cho my trm. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 16
TRIN KHAI DCH V DHCP 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. User a. Trong hp administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. Chn my ch DHCP cn cu hnh trong cy bng iu khin. 7. M rng my ch DHCP, tip theo m rng phm vi Partners Computer Scope 8. Trong mn hnh cy Bng iu khin, nhn Reservations. Trn thc n Action, chn New Reservation. 9. Trong hp Reservation Name, Nhp tn my tnh i tc. 10. Trong hp IP Address, Nhp i ch IP ca Litware Network connections 11. Trong hp MAC Address, Nhp a ch MAC ca giao tip mng ca i tc. 12. Trong hp Description, Nhp Client Reservation. 13. Trong hp Supported Types, chn DHCP Only. 14. Nhn Add thm Client Reservation. 15. Nhn OK.
17
nhn a ch IP dnh sn cho my trm

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn nhn mt a ch IP m dnh ring cho my trm trn mt my ch DHCP. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn hc vin, domain l tn min) 2. Nhn Start, tr ti All Programs, tr ti Accessories, nhn Command Prompt, tip theo chn Run As m hp thoi Run As. 3. Trong hp thoi Run As, chn Following User potion v nhp cc thng tin nh khon sau y trong hp thoi m ca s Command Prompt: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt 5. Trong ca s Command Prompt, nh lnh ipconfig /renew. 6. Trong ca s Command Prompt, nh lnh ipconfig /all. 7. Hy kim tra xem a ch IP c gn cho Litware Inc Network connections c phi l a ch IP c cu hnh trn my ch DHCP.
Kim tra a ch IP dnh sn cho my trm

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu thp hn. Vic ny cho php bn kim tra rng my ch DHCP dnh ring mt a ch IP cho my trm. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 18
TRIN KHAI DCH V DHCP 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. Trong cy DHCP Bng iu khin, chn my ch DHCP cn cu hnh trong cy bng iu khin, tip theo m rng phm vi Partners Computer Scope 7. Trong mn hnh cy Bng iu khin, nhn Address Lease. 8. Kim tra xem reservation displays c kch hot cha. 9. Trong mn hnh cy Bng iu khin, pha di Address Lease, xa client reservation.
BI TP 1-6: CU HNH CC TU CHN DHCP

Thi gian d kin hon thnh: 10 pht Cc tu chn phm vi DHCP cho php qun tr mng t ng gn thm cc thng tin cu hnh, v d nh a ch IP ca my ch DNS hoc l Cng ra mc nh (Default Gateway). Trong bi tp ny, bn s cu hnh my ch DHCP gn a ch Default Gateway.
Cu hnh cc tu chn phm vi DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu thp hn. Vic ny cho php bn cu hnh cc tu chn mc phm vi DHCP cho cc my trm DHCP. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 19
TRIN KHAI DCH V DHCP 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp nh khon sau y m mn hnh bng iu khin DHCP. a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. Chn my ch DHCP cn cu hnh trong cy bng iu khin, 7. Trong cy DHCP Bng iu khin, m rng phm vi Partners Computer Scope 8. Chn v nhn chut phi vo Scope options, tip theo chn Configure Options. Trong danh sch Scope options, chn 003 Router. 9. Trong hp Data Entry Ip Address, Nhp a ch IP ca i tc Litware Inc Network connection, v nhn Add. 10. Nhn OK CU HI: Cc ty chn DHCP khc c s dng trn mng l g?
nhn mt tu chn cho phm vi DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn nhn cc tu chn mc phm vi DHCP t my ch DHCP. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. T thc n Start, tr ti All Programs, tr ti Accessories, nhn chut phi Command Prompt, tip theo chn Run As m hp thoi Run As. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 20
TRIN KHAI DCH V DHCP 3. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m ca s Command Prompt: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt 5. Trong ca s Command Prompt, nh lnh ipconfig /renew. 6. Trong ca s Command Prompt, nh lnh ipconfig /all. 7. Hy kim tra xem a ch IP c gn cho Gateway c phi l a ch IP ca giao tip mng ca i tc khng.
BI TP 1-7: CU HNH MT DHCP RELAY AGENT

Thi gian d kin hon thnh: 20 pht Trong h thng m cc my trm b ngn cch vi my ch DHCP bng mt router m khng c cu hnh n DHCP m rng tip theo, bn phi cu hnh mt DHCP relay agent. Trong bi tp ny, u tin bn ci t Routing and Remote Access (Truy cp t xa v nh tuyn) trong my ch ca bn. Sau , cu hnh mt DHCP relay agent v m bo my tnh ca i tc cng nhn c a ch IP.
Thm Routing and Remote Access

QUAN TRNG: Phi thc hin cc bc sau y trn my tnh hc vin c s hiu thp hn. iu ny cho php my ch ca bn c vai tr nh mt b nh tuyn trong mng LAN. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn phm Start v chn Control Panel. Trong Control Panel, nhn p vo Administrative Tools. 3. Nhn chut phi Routing And Remote Acces v chn Run As m hp thoi Run As. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 21
TRIN KHAI DCH V DHCP 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh Routing And Remote Access: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin Routing And Remote Access 6. Trong mn hnh bng iu khin Routing And Remote Access, chn tn my tnh, sau chn Action thc n, v chn Configure And Enable Routing And Remote Access. 7. Trong Routing And Remote Access Server Setup Wizard, nhn Next. 8. Trong trang Configuration, nhn LAN Routing, v nhn Next 9. Trn trang Custom Configuration, nhn LAN Routing v sau nhn Next. 10. Trn trang Completing Routing And Remote Access Server Setup Wizard, nhn Finish 11. Khi bn sn sng bt u dch v ny, chn Yes.
Thm Giao thc Thng tin nh tuyn (RIP)

QUAN TRNG: Phi thc hin cc bc sau y trn my tnh ca hc vin c s hiu thp hn. iu ny cho php bn cu hnh my ch vi giao thc nh tuyn RIP gip n nh hng hoc chuyn cc gi tin (packets) 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn phm Start v chn Control Panel. Trong Control Panel, nhn p vo Administrative Tools.
22
TRIN KHAI DCH V DHCP 3. Nhn chut phi Routing And Remote Acces v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh Routing And Remote Access: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin Routing And Remote Access 6. Trong mn hnh bng iu khin Routing And Remote Access, m rng Computerxx , sau chn IP Routing. 7. Pha di IP Routing, nhn chut phi vo General, v sau chn New Routing Protocol. 8. Trong trang New Routing Protocol, nhn RIP Version 2 For Internet Protocol, v sau nhn OK. CU HI: Hai phng php no gip cc gi tin c chuyn ti cc mng (subnet) khc? 9. Trong mn hnh bng iu khin Routing And Remote Access, nhn chut phi vo RIP, v sau chn New Interface. 10. Trong hp thoi New Interface For RIP Version 2 For Internet Protocol, pha di Interfaces, chn Contoso Corp Network, v sau nhn OK. 11. Trn trang RIP Properties-Contoso Corp Network Properties, nhn OK. 12. Trong mn hnh bng iu khin Routing And Remote Access, nhn chut phi vo RIP, v sau chn New Interface. 13. Trong hp thoi New Interface For RIP Version 2 For Internet Protocol, pha di Interfaces, chn Litware Corp Network, v sau nhn OK. 23 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003
TRIN KHAI DCH V DHCP 14. Trn trang RIP Properties-Litware Corp Network Properties, nhn OK.
Thm DHCP Relay Agent

QUAN TRNG: Phi hon thnh cc bc sau y trn my tnh ca hc vin vi s hiu thp hn. iu ny cho php my ch ca bn c cu hnh nh mt DHCP relay agent. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn phm Start v chn Control Panel. Trong Control Panel, nhn p vo Administrative Tools. 3. Nhn chut phi Routing And Remote Acces v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh Routing And Remote Access: c. Trong hp User administrator@Domain.Contoso.Com Name, nhp
d. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin Routing And Remote Access 6. Trong mn hnh bng iu khin Routing And Remote Access, chn IP Routing. 7. Pha di IP Routing, nhn chut phi vo General, v sau chn New Routing Protocol. 8. Trong trang New Routing Protocol, nhn DHCP Relay Agent, v sau nhn OK. 9. c DHCP Relay Agent trn mt giao din ca b nh tuyn router, trong cy mn hnh bng iu khin, chn DHCP Relay Agent. 24 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003
TRIN KHAI DCH V DHCP 10. Nhn chut phi vo DHCP Relay Agent, v sau chn New Interface. 11. Chn Litware Inc Network connection, sau nhn OK. 12. Kim tra xem Relay DHCP Packets option c chn. 13. Nhn OK 14. cu hnh giao din DHCP relay agent vi mt a ch IP ca my ch DHCP, m mn hnh bng iu khin Routing And Remote Access. 15. Nhn chut phi vo DHCP Relay Agent, v sau chn Properties. 16. Trong General th, trong hp Server Address, nhp a ch IP my tnh ca ngi hng dn (10.1.1.200), v sau nhn Add. 17. Nhn OK. CU HI: iu g s xy ra nu a ch IP khng c nhp vo cu hnh DHCP relay agent?
Dng dch v DHCP Server

QUAN TRNG: Hon thnh cc bc sau trn my tnh vi s hiu thp hn. iu ny cho php bn nhn c a ch IP c cp pht t my ch DHCP 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn phm Start v chn Control Panel. Trong Control Panel, nhn p vo Administrative Tools. 3. Nhn chut phi Routing And Remote Acces v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
25
TRIN KHAI DCH V DHCP b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP.
6. Trong ca s bng iu khin DHCP bn tay tri, u tin chn v sau nhn chut phi vo DHCP Server. 7. Trong trnh n bt ln, chn All Tasks, v sau chn Stop. 8. ng tt c cc ca s. CU HI: Ti sao bn phi dng dch v DHCP Server trn DHCP relay agent?
Kim tra DHCP Relay Agent

QUAN TRNG: Phi hon thnh cc bc sau y trn my tnh hc vin vi s hiu cao hn. iu ny cho php my ch ca bn c cu hnh nh mt DHCP relay agent. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn hc vin, domain l tn min) 2. T Start, tr ti All Programs, tr ti Accessories, nhn chut phi vo Command Prompt, tip theo chn Run As m hp thoi Run As. 3. Trong hp thoi Run As, chn Following User potion v nhp cc thng tin nh khon sau y trong hp thoi m ca s Command Prompt: c. Trong hp User administrator@Domain.Contoso.Com Name, nhp
d. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt 5. Trong ca s Command Prompt, nh lnh ipconfig /renew. 6. Trong ca s Command Prompt, nh lnh ipconfig /all. 7. Hy kim tra xem a ch IP c phi l a ch c gn t my tnh ca ngi hng dn. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 26
Loi b Routing and Remote Access

QUAN TRNG: Phi hon thnh cc bc sau y trn my tnh ca hc vin vi s hiu thp hn. iu ny cho php bn loi b c dch v Routing and Remote Access khi my ch. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn phm Start v chn Control Panel. Trong Control Panel, nhn p vo Administrative Tools. 3. Nhn chut phi Routing And Remote Access v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh DHCP: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin Routing And Remote Access. 6. Nhn chut phi vo Computerxx server name trong mn hnh bng iu khin Routing And Remote Access, v sau chn Disable Routing And Remote Access. 7. Trong hp thoi Routing And Remote Access, nhn Yes loi b Routing And Remote Access. CH : Cc vai tr ca my trm DHCP v DHCP relay agent c th c hon i nu thi gian cho php.
BI TP 1-8: KHI NG DCH V DHCP SERVER

Thi gian d kin hon thnh: 5 pht By gi, bn s khi ng dch v DHCP Server trn cc my tnh ca hc vin. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 27
TRIN KHAI DCH V DHCP QUAN TRNG: Bi tp ny rt cn thit cho s thc hin thnh cng cc bi thc hnh tip theo.
Nhp Thng tin a ch IP Tnh cho Giao tip mng Litware Inc
QUAN TRNG: Hon thnh nhim v ny t my tnh c s hiu cao hn. iu ny cho php bn cu hnh mt a ch IP tnh cho giao tip mng Litware Inc. S dng thng tin nh a ch IP trong Bng 1-1 chn cc a ch thch hp cho giao tip mng Litware Inc 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn phm Start v chn Network connections. 3. Nhn chut phi vo Properties. Network connections, v sau chn
4. Chn Internet Protocol (TCP/IP) trong danh sch cc thnh phn, v sau chn Properties. 5. Chn tu chn Use Following IP Address 6. Nhp thng tin a ch IP t bng 1-1 7. Nhn OK chp nhn thay i cc thuc tnh giao thc TCP/IP.
8. Nhn OK chp nhn cc thay i network connections. Khi ng dch v DHCP Server
QUAN TRNG: Hon thnh cc bc sau y trn cc my tnh ca hc vin. iu ny cho php bn khi ng dch v DHCP. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn phm Start v chn Control Panel. Trong Control Panel, nhn p vo Administrative Tools. 3. Nhn chut phi DHCP v chn Run As m hp thoi Run As. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 28
TRIN KHAI DCH V DHCP 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh DHCP: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP. 6. Chn v nhn chut phi vo DHCP, v sau chn Add Server. 7. Trong hp thoi Add Server, nhp a ch IP cho giao tip mng Litware Inc , sau nhn OK. 8. Chn v sau nhn phm phi vo tn my tnh trong mn hnh bng iu khin DHCP, tr n All Tasks, v sau chn Start. 9. ng tt c cc ca s.
CC CU HI N TP
Thi gian d kin hon thnh: 20 pht 1. Nu tn ba phng php m bn c th gn a ch IP trn mt mng TCP/IP. 2. Bn ci t dch v DHCP server trn mt my tnh Windows Server 2003. Bn cu hnh cc tu chn phm vi v kch hot n, tuy nhin cc my trm vn nhn c mt a ch IP 169.254.x.x. Bn s lm g? 3. Bn cu hnh mt phm vi DHCP vi mt phm vi a ch t 192.168.0.1 n 192.168.0.254. Bn c mt s my ch v my in c s dng gii a ch IP 192.168.0.1 n 192.168.0.20. Vi chi ph qun tr thp nht, bn lm th no ngn cn vic nh a ch IP trng lp? 4. Bn hin ang s dng mt my ch DHCP trn mng. My ch ny gn tu chn phm vi default gateway cho cc my trm. Bn s dng mt router vi a ch IP khc thay th mt router trn mng. Router mi ny cho php cc my trm kt ni vi Internet, tuy nhin TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 29
TRIN KHAI DCH V DHCP cc my trm khng th kt ni vi Internet thng qua router ny. Bn s phi lm g? 5. Bn ci t v cu hnh mt my ch DHCP trn mng. Bn cng c mt my ch Web trn cng mng ny. My ch Web yu cu lun s dng cng mt a ch IP nh my ch DHCP. Bn s phi lm g? 6. Bn phi cu hnh mt DHCP relay agent cho cc my trm trn mt mng subnet IP. Bn ci t dch v Routing And Remote Access, nhng bn phi tin hnh bc no cho php DHCP relay agent thc hin ng chc nng?
THC HNH NNG CAO 1-1: CHUYN I SANG CP PHT A CH IP NG

Thi gian d kin hon thnh: 30 pht Nh c mt k hoch tt trong vic ci t h thng cp pht a ch IP ng cho Litware Inc., bn c ch nh lm ngi qun tr mng cho chi nhnh Trey Research mi c Litware tip nhn. Bn c yu cu phi chuyn i mng ca Trey Research t cch nh a ch IP tnh sang vic cp pht a ch IP ng s dng DHCP. Trey Research s dng khng gian phm vi IP lp C 192.168.1.0. Mt trm my tnh trm phi nhn thng tin a ch IP t my ch DHCP. Mt router v nm my ch c cu hnh tnh vi 10 a ch u tin trong phm vi. Do cng ty c khng gian a ch ph hp, bn nn tng thi gian cp pht ln 20 ngy. Mi my trm DHCP nn nhn a ch ca default gateway l 192.168.1.1. Phi hp vi i tc ci t kch bn ny. i tc cn c my tnh c s hiu thp hn v c chc nng nh mt my ch DHCP v c my tnh khc ng vai tr ca my trm DHCP. Cn kim tra rng my trm nhn thng tin a ch IP bng cch s dng cu lnh Ipconfig/all ti giao din DOS Command Prompt. Nu thi gian cho php, hon i vai tr hc vin v hon thnh bi thc hnh ny mt ln na.
30
QUN L V GIM ST DHCP
THC HNH 2: QUN L & GIM ST DHCP

Bi thc hnh ny bao gm cc bi tp v cng vic sau y: Bi tp 2-1: Sao lu v khi phc CSDL DHCP. Bi tp 2-2: Nn CSDL my ch DHCP Bi tp 2-3: Nht k kim nh DHCP. Bi tp 2-4: Gim st hot ng DHCP Bi tp 2-5: Gii quyt cc tnh hung my trm v my ch b hng cu hnh. Bi tp 2-6: Loi b s ph thuc gia cc bi thc hnh Bi tp 2-7: Cu hnh DHCP Relay agent Cc cu hi n tp Thc hnh nng cao 2-1: To mt chin lc Sao lu cho Contoso. Thc hnh nng cao 2-1: Cu hnh cp nht ng Sau khi hon thnh bi thc hnh ny, bn c th: Qun l CSDL DHCP Gim st CSDL DHCP Gii quyt cc tnh hung my trm v my ch b hng cu hnh Thi gian d kin: 135 pht (d tnh ny bao gm cc th tc ci t TRC KHI BN BT U)
TRC KHI BN BT U
Thi gian d kin hon thnh: 10 pht QUAN TRNG: Nu bn cha hon thnh cc bi tp trong bi Thc hnh 1, Trin khai DHCP, bn phi hon thnh cc th tc bt buc sau: TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 31
QUN L V GIM ST DHCP hon thnh cc bi tp trong Thc hnh 2, bn cn phi ci t mt b iu khin giao tip mng th hai trong mi my tnh ca hc vin. Kt ni my tnh ca mi hc vin bng dy cp cho ni cc giao tip mng th hai vi nhau. Bng 2-1 c s dng cu hnh cc my tnh ca hc vin trong bi thc hnh ny. Tuy nhin, khng nht thit phi to ra cc thay i cu hnh ti bc ny. Sau khi hon thnh Thc hnh 2, phi d b cc giao tip mng th hai hoc v hiu (disable) chng trong giao din Microsoft Windows trc khi tip tc cc bc thc hnh tip theo. Bng 2-1 Computer Name Computer01 Ci t a ch IP cho cc my hc vin
Contoso Ltd., Network Litware Inc., Network IP address: 10.1.1.1 IP address: 192.168.0.1 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer02 IP address: 10.1.1.2 IP address: 192.168.0.2 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer03 IP address: 10.1.1.3 IP address: 192.168.0.3 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer04 IP address: 10.1.1.4 IP address: 192.168.0.4 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer05 IP address: 10.1.1.5 IP address: 192.168.0.5 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer06 IP address: 10.1.1.6 IP address: 192.168.0.6 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer07 IP address: 10.1.1.7 IP address: 192.168.0.7 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer08 IP address: 10.1.1.8 IP address: 192.168.0.8 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer09 IP address: 10.1.1.9 IP address: 192.168.0.9 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer10 IP address: 10.1.1.10 IP address: 192.168.0.10 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer11 IP address: 10.1.1.11 IP address: 192.168.0.11 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer12 IP address: 10.1.1.12 IP address: 192.168.0.12 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer13 IP address: 10.1.1.13 IP address: 192.168.0.13 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer14 IP address: 10.1.1.14 IP address: 192.168.0.14 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 32 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003
QUN L V GIM ST DHCP Computer15 Computer16 Computer17 Computer18 Computer19 Computer20 Computer21 Computer22 Computer23 Computer24 Computer25 Computer26 Computer27 Computer28 Computer29 Computer30 IP address: 10.1.1.15 Subnet mask: 255.255.0.0 IP address: 10.1.1.16 Subnet mask: 255.255.0.0 IP address: 10.1.1.17 Subnet mask: 255.255.0.0 IP address: 10.1.1.18 Subnet mask: 255.255.0.0 IP address: 10.1.1.19 Subnet mask: 255.255.0.0 IP address: 10.1.1.20 Subnet mask: 255.255.0.0 IP address: 10.1.1.21 Subnet mask: 255.255.0.0 IP address: 10.1.1.22 Subnet mask: 255.255.0.0 IP address: 10.1.1.23 Subnet mask: 255.255.0.0 IP address: 10.1.1.24 Subnet mask: 255.255.0.0 IP address: 10.1.1.25 Subnet mask: 255.255.0.0 IP address: 10.1.1.26 Subnet mask: 255.255.0.0 IP address: 10.1.1.27 Subnet mask: 255.255.0.0 IP address: 10.1.1.28 Subnet mask: 255.255.0.0 IP address: 10.1.1.29 Subnet mask: 255.255.0.0 IP address: 10.1.1.30 Subnet mask: 255.255.0.0 IP address: 192.168.0.15 Subnet mask: 255.255.255.0 IP address: 192.168.0.16 Subnet mask: 255.255.255.0 IP address: 192.168.0.17 Subnet mask: 255.255.255.0 IP address: 192.168.0.18 Subnet mask: 255.255.255.0 IP address: 192.168.0.19 Subnet mask: 255.255.255.0 IP address: 192.168.0.20 Subnet mask: 255.255.255.0 IP address: 192.168.0.21 Subnet mask: 255.255.255.0 IP address: 192.168.0.22 Subnet mask: 255.255.255.0 IP address: 192.168.0.23 Subnet mask: 255.255.255.0 IP address: 192.168.0.24 Subnet mask: 255.255.255.0 IP address: 192.168.0.25 Subnet mask: 255.255.255.0 IP address: 192.168.0.26 Subnet mask: 255.255.255.0 IP address: 192.168.0.27 Subnet mask: 255.255.255.0 IP address: 192.168.0.28 Subnet mask: 255.255.255.0 IP address: 192.168.0.29 Subnet mask: 255.255.255.0 IP address: 192.168.0.30 Subnet mask: 255.255.255.0
QUAN TRNG: Hon thnh nhim v ny t my tnh ca hc vin. iu ny cho php bn cu hnh mt a ch IP tnh cho giao tip mng Litware Inc. S dng thng tinh nh a ch IP trong Bng 21 chn cc a ch thch hp cho giao tip mng Litware Inc TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 33
QUN L V GIM ST DHCP 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn phm Start v chn Network connections. 3. Nhn chut phi vo Network connections. 4. Chn Properties. 5. nh du Internet Protocol (TCP/IP) trong danh sch cc thnh phn, v sau chn Properties. 6. Chn tu chn Use Following IP Address 7. Nhp thng tin a ch IP t bng 2-1 8. Nhn OK chp nhn thay i cc thuc tnh giao thc TCP/IP. 9. Nhn Close chp nhn cc thay i network connections.
CI T DCH V DHCP SERVER

QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. iu ny cho php bn cu hnh my ch nh l mt DHCP Server. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, nhn p chut vo Administrative Tools, v sau nhn vo Manage Your Server. 3. Trong ca s Manage Your Server, nhn Add Or Remove A Role v tip theo nhn Next trn trang cc bc chun b Manage Your Server Wizard. 4. Trn trang Server Role, chn DHCP Server, v sau nhn Next. 5. Trong trang Summary Of Selections, nhn Next 6. Trong New Scope Wizard, Nhn cancel dng vic to phm vi DHCP ti thi im ny TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 34
QUN L V GIM ST DHCP 7. Trong trang Cannot Complete, nhn Finish kt thc ci t dch v DHCP Server
U QUYN DCH V DHCP SERVER

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn u quyn my ch DHCP trong dch v Th mc Active Directory. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, nhn p Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. a. Trong hp User Name, nhp eadmin@contoso.com b. Trong hp Password, nhp MSPress@LS#1 5. Chn tn my ch, Computerxx , trong cy mn hnh bng iu khin DHCP 6. Trn thc n Action, chn Authorize u quyn cho my ch 7. xc nhn My ch DHCP c u quyn, trong cy mn hnh bng iu khin, nhn F5. By gi cy mn hnh bng iu khin s hin th mt mi tn mu xanh xc nhn rng My ch c u quyn.
Thm v Cu hnh phm vi DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny s cho php bn c thm mt phm vi DHCP cho my tnh ca i tc. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 35
QUN L V GIM ST DHCP 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. La chn my ch DHCP tng ng trong cy mn hnh bng iu khin 7. Trn thc n Action, chn New Scope to mt phm vi DHCP mi. 8. Trong New Scope Wizard, nhn Next 9. Trong trang Scope Name, nhp cc thng tin cu hnh nh sau: a. i vi hp Name, nhp partners scope b. i vi hp Description, nhp scope for partners computer 10. Nhn Next 11. Trn trang IP Address Range, nhp cc thng tin cu hnh sau: a. i vi mc Start IP Address, nhp a ch IP cn di cho i tc Litware Inc b. i vi mc End Start IP Address, nhp a ch IP cn trn cho i tc Litware Inc c. i vi mc Subnet Mask, nhp 24 bit hoc 255.255.255.0 12. Nhn Next 13. Trn trang Add Exclusion, nhn Next TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 36
QUN L V GIM ST DHCP 14. Trn trang Lease Duration, la chn 1 gi, v sau nhn Next 15. Trn trang Configure DHCP Options, chn No, I Will Configure These Option Later, sau nhn Next 16. Trn trang Completing New Scope Wizard, nhn Finish.
Kch hot phm vi DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny s cho php bn kch hot mt phm vi DHCP. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. User a. Trong hp administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. La chn v m rng my ch DHCP trong cy mn hnh bng iu khin 7. La chn phm vi c tn l Partners Scope 8. Trn thc n Action, chn Activate 9. ng mn hnh bng iu khin DHCP.
KCH BN
Bn l mt nh qun tr mng cho Cng ty Contoso, Ltd. Bn c mt mng Windows Server 2003 s dng dch v DHCP cp pht a ch IP. C s TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 37
QUN L V GIM ST DHCP mu thun trong s hot ng ca dch v DHCP, v bn c yu cu thc hin vic nh gi chi tit dch v DHCP Server.
BI TP 2-1: SAO LU & KHI PHC CSDL DHCP

Thi gian d kin hon thnh : 15 pht Bn l mt nh qun tr mng cho Cng ty Contoso, Ltd. Bn trin khai mt my ch DHCP trn mng. Sau hai tun, Cc s kin nht k trong Event Viewer ch ra rng c th phi ci li dch v DHCP. Bn cn sao lu CSDL DHCP v khi phc li n sau khi gii quyt xong s c.
To mt bn sao lu CSDL DHCP th cng

QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. Vic ny s cho php bn to mt bn sao lu CSDL DHCP th cng trn my ch. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, nhn vo My Computer. 3. Trong ca s My Computer, nhn p vo C. 4. Trn thanh thc n, chn File, chn New, v sau chn Folder. 5. Trong phn name of folder, nh compterxx (trong Computerxx l tn c gn cho tn my tnh). 6. Nhn Start, v sau nhn Administrative Tools. Nhn DHCP m mn hnh bng iu khin DHCP. 7. Trong cy mn hnh bng iu khin DHCP, chn tn my ch ca bn. 8. Trn thc n Action, chn Backup. 9. Trong hp thoi Browse For Folder, chn Computerxx folder. Bn to folder ny trn C. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 38
QUN L V GIM ST DHCP 10. Nhn OK xc nh rng mt bn sao lu CSDL s c sao chp n Computerxx folder.
Phc hi mt bn sao lu th cng CSDL DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. Vic ny s cho php bn to mt bn sao lu th cng CSDL DHCP trn my ch. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, v sau nhn Administrative Tools. Nhn DHCP m mn hnh bng iu khin DHCP. 3. Trong cy mn hnh bng iu khin DHCP, chn name of your server (tn ca my ch). 4. Trn thc n Action, chn Restore. 5. Trong hp thoi Browse For Folder, tr n th mc: \Computerxx \New (trong Computerxx l tn c gn cho my tnh). 6. Nhn OK xc nh rng dch v DHCP server phi c dng v khi ng li. CU HI: Ti sao h iu hnh phi dng v khi ng li dch v DHCP Server khi bn phc hi CSDL DHCP?
BI TP 2-1: NN (COMPACTING) CSDL DHCP

Thi gian d kin hon thnh : 10 pht Bn l mt nh qun tr mng cho Cng ty Contoso, Ltd. Bn trin khai mt my ch DHCP trn mng. Sau mt vi thng, bn bit rng CSDL DHCP chim mt phn ln dung lng ca a cng. a ny chy chm. V vy, bn quyt nh nn CSDL DHCP duy tr dung lng.
39
QUN L V GIM ST DHCP
Nn CSDL DHCP
QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. Vic ny s cho php bn nn CSDL DHCP trn my ch. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, nhn Run v sau nh lnh cmd. Nhn Enter. 3. Trong ca s DOS Command Prompt, cd\%systemroot%\system32\dhcp, v nhn Enter. nh lnh
4. Ti li nhn %systemroot%\system32\dhcp, nh lnh net stop dhcpserver, v nhn Enter. 5. Ti li nhn %systemroot%\system32\dhcp, nh lnh jetpack dhcp.mdb tmp.mdb, v nhn Enter. 6. Ti li nhn %systemroot%\system32\dhcp, nh lnh net Start dhcpserver, v nhn Enter. 7. ng tt c cc ca s lnh. CU HI: Ti sao chng ta li phi thc hin cu lnh Net Stop trc khi nn CSDL? CU HI: File Tmp.mdb c s dng lm g khi nn CSDL DHCP?
BI TP 2-3: NHT K KIM TON DHCP

Thi gian d kin hon thnh : 15 pht Bn l mt nh qun tr mng cho Cng ty Contoso Ltd v chu trch nhim gim st dch v DHCP trn mng. c th thc hin c nhim v ny, bn phi cu hnh my ch DHCP cp nht cc s liu thng k hng pht v sau xem xt cc s liu thng k s dng nht k audit DHCP.
Loi b dch v DHCP Server khi my trm

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn loi b dch v DHCP Server. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 40
QUN L V GIM ST DHCP 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo Manage Your Server, v sau chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp nh khon vo cc trng hp thoi sau m Manage Your Server: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m ca s Manage Your Server 6. Nhn Add or Remove A Role. 7. Nhn Next trn trang Preliminary Steps ca phn Configure Your Server wizard. 8. Trn trang Server Role ca phn Configure Your Server wizard, chn DHCP Server, v sau nhn Next. 9. Trn trang Role Removal Confirmation, kim tra hp Remove DHCP Server Role 10. Nhn Next 11. Nhn Finish trn trang DHCP Server Role Removed.
To mt file batch cho vic kim tra cu hnh DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn to mt file batch kim tra cu hnh DHCP v to d liu DHCP. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 41
QUN L V GIM ST DHCP 2. Nhn Start, chn All Programs, chn Accessories, nhn chut phi vo Command Prompt, v sau chn Run As m hp thoi Run As. 3. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Command Prompt: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt. Ti li nhn, nh lnh cd c:\, v sau nhn Enter chuyn n th mc gc C. 5. Ti Command Prompt, nh lnh notepad dhcptester.bat, v sau nhn Enter. 6. Nhn Yes ch ra rng bn cn to mt file mi. 7. Trong file Notepad Dhcptester.bat, nh lnh ipconfig /release, v sau nhn Enter. nh ipconfig /renew, v sau nhn Enter. 8. Trn thc n Edit, chn Select All. 9. Trn thc n Edit, chn Copy. 10. Nhn CTRL+V khong 20 ln to 20 bn sao ca on vn bn c chn. 11. Trn thc n File, chn Save 12. Trn thc n File, chn Exit.
Cu hnh DHCP cho my trm

QUAN TRNG: Hon thnh nhim v ny t my tnh hc vin c s hiu cao hn. Vic ny s cho php bn cu hnh my tnh hc vin nh l mt DHCP client. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 42
QUN L V GIM ST DHCP 2. Nhn Start, nhn vo Network connections. 3. Nhn chut phi vo biu tng Network connections, v sau chn Properties. 4. Chn Internet Protocol (TCP/IP) trong danh sch cc thnh phn, sau nhn Properties. 5. Chn Obtain An IP Address Automatically. 6. Chn OK chp nhn nhng thay i thuc tnh ca giao thc TCP/IP. 7. Nhn Close chp nhn cc thay i trn Network connections. 8. Nhn Start, v sau nhn Run. 9. nh cmd, v sau nhn Enter. 10. Trong ca s Command Prompt, nh lnh c:\dhcptester.bat. QUAN TRNG: Chng trnh Dhcptester.bat s thc hin mt lot cc cu lnh Ipconfig /release v /renew c d liu DHCP c ghi chp cho phn cn li ca bi tp ny.
Cu hnh cc cp nht s liu thng k DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin c s hiu thp hn. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, v sau nhn Administrative Tools. Nhn DHCP m mn hnh bng iu khin DHCP. 3. Trong cy mn hnh bng iu khin DHCP, chn tn ca my chca bn. 4. Trn thc n Action, chn Properties. 5. Trong th General ca Server Properties, nh du vo Automatically Update Statistics Every setting. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 43
QUN L V GIM ST DHCP 6. Trong ty chn Minutes, cu hnh cc s liu thng k cp nht tng pht. Nhn OK.
Xem xt nht k kim nh DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu thp hn. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, nhn vo My Computer. 3. Trong ca s My Computer, %systemroot%\system32\dhcp. 4. Tr n DHCP audit log. 5. M file nht k thch hp xem xt ni dung ca n. 6. Ch cc mc vo nht k i vi cc cu lnh Ipconfig/ release v /renew khi chng trnh Dhcptester.bat c thc hin. CU HI: Trong nht k kim nh DHCP, phn u no c s dng m t s hot ng c thc hin bi dch v DHCP Server? tr n th mc
BI TP 2-4: THEO DI HIU NNG DHCP

Thi gian d kin hon thnh : 20 pht Bn l mt nh qun tr mng cho Cng ty Contoso Ltd. Bn trin khai my ch DHCP trn mng. Cc my trm nhn a ch IP t my ch DHCP, nhng cc ngi dng thng bo rng thnh thong h tri qua mt thi gian tr rt lu khi ng nhp v truy nhp cc ti nguyn trn mng. quyt nh xem liu c trc trc tng vt l vi mng khng, bn phi gim st my ch DHCP m bo rng cc my trm nhn a ch IP mt cch hp l v kp thi.
44
QUN L V GIM ST DHCP
Cu hnh cc bin m hiu nng ca DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn to thm cc i tng gim st hiu nng vo bng iu khin System Monitor. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, v sau nhn p vo Administrative Tools. 3. Nhn Performance khi ng chng trnh Performance Monitor. 4. Xo cc bin m trong mn hnh mc nh ca System Monitor (Mo: nhn chut vo du X trn thanh thc n cho n khi n m i) . 5. Chn System Monitor gc Bng iu khin trong ca s pha bn tri. 6. Trong ca s, nhn vo biu tng + v thm DHCP Performance Monitor counters. 7. Trong hp thoi Add Counters, trong ty chn Performance Object , nhn vo mi tn hng xung di, v sau chn DHCP Server. 8. Thm cc bin m sau y bng cch chn bin m v nhn Add: Acks/sec Packets received/sec Releases/sec Request/sec 9. Sau khi thm cc bin m, nhn Close. 10. Chn System Monitor Properties t biu tng thanh thc n hoc nhn CTRL + Q. 11. Trong System Monitor Properties, trong th Graph, pha di Vertical Scale v trong hp Maximum, nh 5 v sau nhn OK TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 45
QUN L V GIM ST DHCP 12. Nhn File, v sau chn Save As lu bng iu khin Performance. 13. Nhn vo biu tng Desktop pha tri, nh dhcp trong hp File Name, v sau nhn Save. 14. Nhn File, v sau chn Exit thot ra khi bng iu khin Performance.
S dng file Dhcptester.bat to hot ng DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn to cc hot ng DHCP xem xt thng tin Performance trong nhim v tip theo. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, chn All Programs, chn Accessories, nhn chut phi vo Command Prompt, v sau chn Run As m hp thoi Run As. 3. Trong hp thoi Run As, chn Following User option v nhp nh khon vo cc trng hp thoi sau m ca s Command Prompt: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt. 5. Trong ca s Command Prompt, nh C:\dhcptester.bat.
Xem xt cc hot ng DHCP trong Performance Console

QUAN TRNG: Hon thnh nhim v ny ngay sau khi kt thc nhim trc t my tnh c s hiu nh hn. Vic ny cho php bn gim st hot ng DHCP vi bng iu khin Performance trong khi n ang hot ng. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 46
QUN L V GIM ST DHCP 1. Trn mn hnh deskstop, nhn p vo biu tng DHCP Performance Monitor. 2. Chn System Monitor trong cy mn hnh bng iu khin, v sau nhn ty chn View Report trn thc n biu tng hoc nhn CTRL + R. Nu cc gi tr c hin th khng thay i, chng trnh Dhcptester.bat trn my tnh c s hiu cao hn chy xong v cn phi c chy li. Xem tc v trc bit ch dn. 3. Khi cc gi tr khng thay i, nhn biu tng Freeze Display (phm mu vi du X trng gia) trong thc n biu tng, v ghi li cc gi tr sau: Acks/sec Packets received/sec Releases/sec Request/sec
BI TP 2-5: GII QUYT VIC CC MY CH V MY TRM B MT CU HNH

Thi gian d kin hon thnh : 15 pht Bn l mt nh qun tr mng cho Cng ty Contoso Ltd. Bn trin khai my ch DHCP trn mng Mng s dng a ch mng 192.168.0.0. Bn cu hnh cc tu chn my ch DHCP cho cc my trm trn mng Litware Inc. Tuy nhin, sau khi bn cu hnh tu chn phm vi DHCP, cc my trm c th truy cp cc ti nguyn mng ch trn mng Litware Inc.
Gii quyt cc li cu hnh my ch DHCP

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn cu hnh cc tu chn DHCP Server trn my ch DHCP.
47
QUN L V GIM ST DHCP 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, nhn p vo Administrative Tools, v sau nhn DHCP m mn hnh bng iu khin DHCP. 3. Trong cy mn hnh bng iu khin DHCP, chn v m rng tn ca my ch DHCP. Chn Scope Options. 4. Trong Scope, chn 003 Router option. 5. Trong thc n Action, chn Properties. 6. Nhn nt Remove nm pha di phn Data Entry. 7. Trong phn Data Entry pha di IP Address, nh 10.1.1.100, nhn Add, v sau nhn OK.
Kim tra cu hnh DHCP

QUAN TRNG: Phi hon thnh cc bc sau y trn my tnh vi s hiu cao hn. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn hc vin, domain l tn min) 2. T Start, tr ti All Programs, tr ti Accessories, nhn chut phi vo Command Prompt, tip theo chn Run As m hp thoi Run As. 3. Trong hp thoi Run As, chn Following User potion v nhp cc thng tin nh khon sau y trong hp thoi m ca s Command Prompt: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt 5. Trong ca s Command Prompt, nh lnh ipconfig /release. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 48
QUN L V GIM ST DHCP 6. Trong ca s Command Prompt, nh lnh ipconfig /renew. 7. Trong ca s Command Prompt, nh lnh ipconfig /all. CU HI: My ch DHCP cp pht a ch Default Gateway cho giao tip mng Litware Inc l g? CU HI: C g sai trong i ch ny?
Chnh sa ph hp cu hnh my ch DHCP

QUAN TRNG: Phi hon thnh cc bc sau y trn my tnh vi s hiu thp hn. iu ny cho php bn cu hnh ng tu chn 003 router trn my ch DHCP. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, nhn p vo Administrative Tools, v sau nhn DHCP m mn hnh bng iu khin DHCP. 3. Trong cy mn hnh bng iu khin DHCP, chn tn ca my ch DHCP. M rng cy mn hnh bng iu khin tr n Server Options. 4. Trong Scope, chn 003 Router option. 5. Trong thc n Action, chn Properties. 6. Nhn nt Remove nm pha di phn Data Entry. 7. Trong phn Data Entry pha di IP Address, nh 192.168.0.101, nhn Add, v sau nhn OK.
Kim tra cu hnh DHCP

QUAN TRNG: Phi hon thnh cc bc sau y trn my tnh vi s hiu cao hn. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn hc vin, domain l tn min)
49
QUN L V GIM ST DHCP 2. T Start, tr ti All Programs, tr ti Accessories, nhn chut phi vo Command Prompt, tip theo chn Run As m hp thoi Run As. 3. Trong hp thoi Run As, chn Following User potion v nhp cc thng tin nh khon sau y trong hp thoi m ca s Command Prompt: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt 5. Trong ca s Command Prompt, nh lnh ipconfig /release. 6. Trong ca s Command Prompt, nh lnh ipconfig /renew. 7. Trong ca s Command Prompt, nh lnh ipconfig /all. CU HI: My ch DHCP cp pht a ch Default Gateway g? CU HI: a ch ny c phi l a ch Default Gateway cho giao tip mng Litware Inc ?
BI TP 2-6: LOI B S PH THUC GIA CC BI THC HNH

Thi gian d kin hon thnh: 5 pht By gi bn s loi b dch v DHCP Server v cu hnh cho giao tip mng Litware Inc trn cc my tnh ca hc vin. iu ny l cn thit cho s thnh cng ca cc bi thc hnh sau ny.
Loi b dch v DHCP Server

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn loi b dch v DHCP Server. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 50
QUN L V GIM ST DHCP 2. Nhn Start, nhn Administrative Tools, v sau nhn Manager Your Server. 3. Trong ca s Manage Your Server, nhn Add or Remove A Role, v sau nhn Next 4. Trn trang Preliminary Steps, nhn Next. 5. Trn trang Server Role, chn DHCP Server, v sau nhn Next. 6. Trn trang Role Removal Confirmation, chn hp kim tra Remove DHCP Server Role. 7. Nhn Next xc nh loi b dch v DHCP Server. 8. Nhn Finish ng Manage Your Server wizard.
QUAN TRNG: Hon thnh nhim v ny t my tnh c s hiu cao hn. iu ny cho php bn cu hnh mt a ch IP tnh cho giao tip mng Litware Inc. S dng thng tinh nh a ch IP trong Bng 21 chn cc a ch thch hp cho giao tip mng Litware Inc 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn phm Start v chn Network connections. 3. Nhn chut phi vo Network connections 4. Chn Properties. 5. Chn Internet Protocol (TCP/IP) trong danh sch cc thnh phn, v sau chn Properties. 6. Chn tu chn Use Following IP Address 7. Nhp thng tin a ch IP t bng 2-1 8. Nhn OK chp nhn thay i cc thuc tnh giao thc TCP/IP. 9. Nhn OK chp nhn cc thay i network connections. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 51
QUN L V GIM ST DHCP
CU HI N TP
Thi gian d kin hon thnh: 15 pht 1. t nht c 3 cng c no gim st hot ng dch v DHCP? 2. ng dn mc nh i vi nht k kim nh DHCP l g? 3. Cng c no c s dng nn CSDL DHCP? 4. Ti sao bn phi dng dch v DHCP Server khi khi phc CSDL DHCP? 5. Khi mt my trm c gng kt ni n mng, nhng n khng th giao tip c vi cc my tnh khc trn mng. Gii php khc phc vn ny l g?
THC HNH NNG CAO 2-1: TO CHIN LC SAO LU CHO CONTOSO

Thi gian d kin hon thnh: 15 pht Gim st vin-qun tr mng cp cao ti Contoso rt quan tm n s n nh ca mng. Anh ta yu cu bn pht trin v thc hin k hoch sao lu cho CSDL DHCP. Anh ta yu cu bn phi thm nh quy trnh sao lu t ng, v anh ta cng mun bn hon thnh vic sao lu th cng vo cui gi lm vic ngy Th hai hng tun. File sao lu th cng s c sao lu trn mt my ch xa trnh s c hng hc phn cng ca my ch DHCP. Bn cng c yu cu phi m bo CSDL khng ln hn mc cn thit.
THC HNH NNG CAO 2-2: CU HNH CC CP NHT NG

Thi gian d kin hon thnh: 20 pht Bn l ngi qun tr mng cho Litware Inc. Mng bao gm my ch iu khin min Windows Server 2003 (DC) v cc my ch thnh vin, cc my trm Windows NT 4. Bn mun chuyn i cc my trm Windows NT 4 ln Windows XP tr 5 my cn li. Bn c yu cu ci t DHCP s dng TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 52
QUN L V GIM ST DHCP cp nht ng an ton. Bn phi m bo rng Dch v DNS c cp nht cho tt c cc my trm v cc my trm Windows XP c th cp nht cc bn ghi my trm ca chng. To v trin khai gii php.
53
CI DT V CU HNH DCH V DNS SERVER
THC HNH 3: CI T & CU HNH DCH V DNS SERVER.

Bi thc hnh ny bao gm cc bi tp v cng vic sau y: Bi tp 3-1: Ci t & cu hnh dch v DNS Server. Bi tp 3-2: To & cu hnh DNS zones Bi tp 3-3: To cc bn ghi DNS Bi tp 3-4: Cu hnh Forwarding Cc cu hi n tp Thc hnh nng cao 3-1: Cu hnh DNS Sau khi hon thnh bi thc hnh ny, bn c th: Ci t dch v DNS Server To & cu hnh forward v reverse lookup DNS zones To cc bn ghi DNS Cu hnh Forwarding DNS Thi gian d kin hon thnh: 105 pht
KCH BN
Bn l nh qun tr mng ca mt doanh nghip. Gn y cng ty ca bn ci t cc my ch phn gii tn min DNS cho cc min con (child domain) ngn cn cc lung thng tin DNS khng cn thit truyn qua mi trng mng WAN. Bn phi cu hnh cc min con DNS vi cc forward v reverse lookup DNS zones v to cc bn ghi cho mi min con DNS. Bn cng phi cu hnh my ch DNS chuyn cc yu cu cho min contoso.com n my ch DNS m c u quyn cho min contoso.com.
54
BI TP 3-1: CI T DCH V DNS

Thi gian d kin hon thnh: 10 pht Bn l nh qun tr mng cho cng ty Contoso v bn c yu cu cu hnh cc my ch thc hin phn gii tn. Trc tin bn phi ci t dch v DNS Server cho my ch lu gi cc bn ghi DNS cho cc Min con. Sau khi bn ci t DNS, bn s cu hnh cc DNS zones v cu hnh cc my ch tn thc hin chuyn tip c iu kin.
Ci t dch v DNS
QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny cho php bn ci t dch v DNS Server. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, sau nhn Control Panel 3. Trong khi d phm Shift, Nhn chut phi tu chn Add Or Remove Program, sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m Add Or Remove Program Wizard: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m ca s Add Or Remove Program Wizard 6. Trong Add Or Remove Program Wizard, Nhn vo biu tng add/Remove Windows Components bn tri, chn Netwoking service, v sau nhn Details. 7. Trong hp thoi Netwoking Services, Tch vo hp domain Name System (DNS), v sau nhn OK 8. Trong Windows Components Wizard, Nhn Next TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 55
CI DT V CU HNH DCH V DNS SERVER 9. Khi qu trnh cu hnh hon thnh, nhn Finish v ng tt c cc ca s CU HI: Ba im c to trc tip pha di my ch DNS trong mn hnh bng iu khin qun tr DNS l g?.
Kim tra hu t DNS chnh (Primary DNS Suffix)

QUAN TRNG: Hon thnh nhim v ny trn c hai my tnh ca cc hc vin. Vic ny cho php bn kim tra hu t DNS chnh (Primary DNS Suffix) cho my tnh ca bn. i vi DNS to cc bn ghi my ch tn (NS) v cc bn ghi tn trm (A) khi bn to Forward lookup zone cho tn min ca bn mt cch chnh xc, hu t DNS chnh (Primary DNS Suffix) phi c cu hnh chnh xc. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, sau nhn Control Panel m Control Panel. 3. Trong khi d phm Shift, Nhn chut phi vo biu tng System, v sau nhn Run As m hp thoi Run As. 4. Chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s System Properties: User a. Trong h p administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m ca s System Properties 6. Trong ca s System Properties nhn vo Th Computer Name. 7. m ca s Computer Name Changes, nhn Change 8. Khi hp thoi Computer Name Changes hin ln, bn nhn OK tip tc i tn My ch Qun tr Min ny 9. Trong hp thoi Computer Name Changes, nhn More ca s m DNS Suffix And NetBIOS Computer Name. 56
CI DT V CU HNH DCH V DNS SERVER 10. Trong ca s m DNS SeffixAnd NetBIOS Computer Name, Trong ca s Primary DNS Suffix Of This Computer, kim tra min con ph hp t bng 3-1 (V d: atlanta.contoso.com) 11. Ghi li Primary DNS Suffix Of your Computer. 12. Nhn Cancel ng hp thoi DNS Suffix And NetBIOS Computer Name 13. Nhn Cancel ng hp thoi Computer Name Changes. 14. Nhn Cancel ng hp thoi System Properties
BI TP 3-2: TO & CU HNH DNS ZONES

Thi gian d kin hon thnh: 25 pht By gi bn ci t DNS cho min con ca bn, bn phi to lookup zones m s s dng lu cc bn ghi DNS cho min con ca bn.
To mt Standard Primary DNS Forward Lookup Zone

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn to Standard Primary DNS forward lookup zone trn my ch ca bn. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s System Properties: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 57
CI DT V CU HNH DCH V DNS SERVER 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng tn my ch c tn Computerxx . CU HI: DNS Forward Lookup Zones no c to sau khi ci t dch v DNS Server. 7. Chn v nhn chut phi vo DNS Forward Lookup Zones, v sau chn New Zone 8. Trn trang Welcome to New Zone Wizard, nhn Next 9. Trong trang Zone Type, xc nhn Primary Zone c chn 10. Xo hp kim tra Store Zone In Active Directory, v sau nhn Next. 11. Trn trang Zone Name, trong hp Domain.Contoso.Com, v sau nhn Next. Zone Name, nh
12. Trn trang Zone File, kim tra rng Create A New File With This File Name c chn, v sau nhn Next. 13. Trn trang Dynamic Update, kim tra xem ty chn Do not Allow Dynamic Update c chn, v sau nhn Next. 14. Trn trang Completing new Zone Wizard, nhn Finish
Thm Name Server vo Forward Lookup Zone

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn thm my tnh ca i tc nh l mt my ch phn gii tn min trong vng Domain.Contoso.Com DNS Forward Lookup. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 58
CI DT V CU HNH DCH V DNS SERVER 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s System Properties: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng tn my ch ca bn, m rng Forward Lookup Zones, chn v nhn chut phi vo Domain.Contoso.Com, v sau nhn Properties. 7. Trong trang Domain.Contoso.Com Properties, trong Th Name Server, nhn Add 8. Trong hp Server Fully Qualified domain Name (FQDN) ca hp thoi New Resource Record, nhp a ch IP ca my ch i tc, nhn Add, v sau nhn OK. 9. Nhn OK ng hp thoi Domain.Contoso.Com Properties.
To mt Stub Zone v xc nhn cc thit lp Zone Transfer

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn to mt Stub Zone ti my tnh ca ngi hng dn l my chnh. iu ny s xc nhn rng Domain.Contoso.Com forward lookup zone c cu hnh cho php chuyn tip zone. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As.
59
CI DT V CU HNH DCH V DNS SERVER 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m mn hnh bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng tn my ch ca bn, sau chn v nhn chut phi vo Forward Lookup Zone. Chn New Zone. 7. Trn trang Welcome to New Zone Wizard, nhn Next. 8. Trn trang Zone Type, nhn Stub Zone. 9. Xo hp kim tra Store Zone In Active Directory, v sau nhn Next. 10. Trn trang Zone Name, nh contoso.com, v sau nhn Next. 11. Trn trang Zone File, xc nhn rng ty chn Create A New File With This File Name c la chn, v sau nhn Next. 12. Trong hp IP Address trn trang Master DNS Server, nh a ch IP ca my tnh ca ngi hng dn (10.1.1.200), nhn Add, v sau nhn Next. 13. Trn trang Completing New Zone Wizard, nhn Finish. 14. Trong cy Bng iu khin DNS, m rng Forward Lookup Zone, chn v nhn chut phi vo Domain.Contoso.Com, v sau chn Properties. 15. Trong trang Domain.Contoso.Com Properties, nhn th Zone Transfer, v sau xc nhn rng ty chn Allow Zone Transfer c la chn. 16. Nhn OK.
60
To Standard Secondary DNS Zone

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn to mt Standard Secondary Forward Lookup Zone cho min con s dng my ch DNS ca i tc lm my ch tn ch o. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m mn hnh bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng tn my ch ca bn. 7. Chn v nhn chut phi vo Forward Lookup Zone, v sau chn New Zone. 8. Trn trang Welcome to New Zone Wizard, nhn Next. 9. Trn trang Zone Type, chn Secondary Zone option, v sau nhn Next. 10. Trn trang Zone Name trong hp Domain.Contoso.Com, v sau nhn Next. Zone Name, nh
11. Trong hp IP Address trn trang Master DNS Server, nh a ch IP ca my ch i tc, nhn Add, v sau nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 61
CI DT V CU HNH DCH V DNS SERVER 12. Trn trang Completing New Zone Wizard, nhn Finish.
To mt DNS Reserve Lookup Zone

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn to mt standard primary reserve lookup zone cho mng ca bn. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m mn hnh bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng my ch, sau nhn Reserve Lookup Zones. 7. Chn v nhn chut phi vo Reserve Lookup Zone, v sau nhn New Zone. 8. Trn trang Welcome to New Zone Wizard, nhn Next. 9. Trn trang Zone Type, nhn Primary Zone, xo hp kim tra Store Zone In Active Directory, v sau nhn Next. 10. Trong hp Network ID trn trang Reserve Lookup Zone Name, nh ba phn u ca a ch IP (v d, i vi a ch IP 10.1.1.1, nh 10.1.1), v sau nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 62
CI DT V CU HNH DCH V DNS SERVER 11. Trn trang Zone File, nhn Next chp nhn cc thit t mc nh. 12. Trn trang Dynamic Update, nhn Next chp nhn cc thit t mc nh. 13. Trn trang Completing New Zone Wizard, nhn Finish. 14. ng mn hnh bng iu khin DNS. CU HI: Cc kiu bn ghi DNS zone no c lit k trong file Reserve Lookup zone? CU HI: Cc kiu khc no ca bn ghi DNS zone c to trong file Reserve Lookup zone?
Cu hnh DNS Adapter Settings

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn cu hnh giao tip mng Contoso Ltd vi a ch IP ca DNS server. V vy, my ch ca bn s tr thnh mt my trm DNS ca dch v DNS Server trn my tnh ca bn. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, sau nhn Network connections m ca s Network connections. 3. Nhn chut phi vo biu tng Contoso Ltd Network connections, v sau nhn Properties. 4. Trong ca s Contoso Ltd Network connections, nhn Internet Protocol (TCP/IP), v sau nhn Properties. 5. Trong hp thoi Internet Protocol (TCP/IP) Properties, xc nhn rng tu chn Use Following DNS Server Addresses c chn, nh a ch IP c gn trong hp Preferred DNS Server, v sau nhn OK. 6. Nhn Close ng hp thoi Contoso Ltd Network Properties. 7. ng tt c cc ca s. 63
CI DT V CU HNH DCH V DNS SERVER QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn cu hnh giao tip mng Contoso Ltd Network vi a ch IP DNS server ca my tnh i tc. V vy, my ch ca bn s tr thnh mt my trm DNS ca dch v DNS Server trn my tnh ca i tc. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, sau nhn Network connections m ca s Network connections. 3. Nhn chut phi vo biu tng Contoso Ltd Network connections, v sau nhn Properties. 4. Trong ca s Contoso Ltd Network connections, nhn Internet Protocol (TCP/IP), v sau nhn Properties. 5. Trong hp thoi Internet Protocol (TCP/IP) Properties, xc nhn rng tu chn Use Following DNS Server Addresses c chn, nh a ch IP c gn ca i tc trong hp Preferred DNS Server, v sau nhn OK. 6. Nhn Close ng hp thoi Contoso Ltd Network Properties. 7. ng tt c cc ca s.
Kch hot cp nht ng

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn kch hot cc cp nht ng trn forward lookup zone ca min con. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 64
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Computerxx (trong Computerxx l tn ca my tnh ca bn) 7. M rng Forward Lookup Zones, chn v nhn chut phi vo Domain.Contoso.Com, v sau nhn Properties. 8. Trn trang Domain.Contoso.Com Properties trong th General pha di Dynamic Updates, nhn vo mi tn ch xung di, v sau chn Nonsecure And Secure. 9. Nhn OK ng hp thoi Domain.Contoso.Com Properties. 10. ng mn hnh bng iu khin DNS Management. CU HI: Cp nht ng gim cc chi ph qun tr lin quan n vic qun tr DNS nh th no?
Chuyn i sang Active Directory Integrated Zones

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn thay i standard primary zones sang Active Directory-Integrated Zones. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 65
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. CU HI: Yu cu no l cn thit chuyn i standard primary zones sang Active Directory-integrated zone? 6. Trong cy DNS, m rng tn my tnh ca bn, m rng Forward Lookup Zones, chn v nhn chut phi vo Domain.Contoso.Com, v sau chn Properties. 7. Trong th General, chn Change. 8. Trn trang Change Zone Type, nh du vo hp Store Zone In Active Directory (Available Only If DNS Server Is Domain Controler) v sau nhn OK. 9. Nhn OK ng ca s Domain.Contoso.Com Properties. 10. ng mn hnh bng iu khin DNS Management. QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn chuyn i standard secondary zones sang Active Directory-Integrated Zones. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As.
66
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng tn my tnh ca bn, m rng Forward Lookup Zones, chn v nhn chut phi vo Domain.Contoso.Com, v sau chn Properties. 7. Trong th General, chn Change. 8. Trn trang Change Zone Type, chn Primary Zone, v kim tra hp Store Zone In Active Directory (Available Only If DNS Server Is Domain Controler) v sau nhn OK. 9. Nhn OK ng ca s Domain.Contoso.Com Properties. 10. Nhn Yes khi c hi liu bn c mun vng ny tr thnh mt active directory integrated zone hay khng (if you want this zone to become an active directory integrated zone?). 11. Trong Active Directory Service Warning, nhn Yes chp nhn mc nh. 12. Trong DNS Warning, nhn OK 13. ng mn hnh bng iu khin DNS Management.
BI TP 3-3: TO CC BN GHI DNS

Thi gian d kin hon thnh: 15 pht Sau khi bn to cc DNS lookup zones ph hp, bn c th phi to cc kiu bn ghi khc nhau trong lookup zones.
67
To mt bn ghi my trm (Host Record)

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu thp hn. Vic ny cho php bn to cc bn ghi my trm DNS trn my ch DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m mn hnh bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Forward Lookup Zones, v sau m rng Domain.Contoso.Com. 7. Chn v nhn chut phi vo Domain.Contoso.Com, v sau nhn New Host (A). 8. Trong hp Name (Uses Parent Domain Name If Blank), nh hostrecord. 9. Trong hp IP Address, nh a ch IP ca my tnh ca bn, v sau nhn Add Host. 10. Trong hp thoi DNS ch ra rng bn ghi my trm c to thnh cng, nhn OK. 11. Nhn Done trong hp thoi New Host. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 68
CI DT V CU HNH DCH V DNS SERVER 12. ng mn hnh bng iu khin DNS Management.
Kim tra bn ghi my trm

QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny cho php bn kim tra cc bn ghi DNS trn my ch DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Run, sau nh cmd. 3. Ti du nhc dng lnh, nh nslookup hostrecord. CU HI: a ch ca bn ghi my trm l g? 4. ng ca s du nhc lnh.
To mt bn ghi CNAME
QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu thp hn. Vic ny cho php bn to cc bn ghi DNS Canonical Name (CNAME) trn my ch DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m mn hnh bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
CI DT V CU HNH DCH V DNS SERVER 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m Domain.Contoso.Com. rng Forward Lookup Zones v
7. Chn v nhn chut phi vo Domain.Contoso.Com, v sau nhn New Alias (CNAME). 8. Trong hp thoi New Resource Record, trong hp Alias Name, nh cnamerecord. 9. Trong hp Fully Qualified Domain Name (FQDN) For Target Host, nh Computerxx .dom.contoso.com (trong Computerxx l tn my tnh c gn v domain l tn min c gn). 10. Nhn OK. 11. ng mn hnh bng iu khin DNS Management.
Kim tra bn ghi host

QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny cho php bn kim tra cc bn ghi CNAME DNS trn my ch DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Run, sau nh cmd. 3. Ti du nhc lnh, nh nslookup cnamerecord. CU HI: a ch ca bn ghi CNAME l g? CU HI: Bn ghi CNAME cng c bit l tn my trm no? 4. ng ca s du nhc lnh.
BI TP 3-4: CU HNH FORWARDING

Thi gian d kin hon thnh: 10pht By gi bn ci t v cu hnh DNS Zones lu gi cc bn ghi DNS. Cc bn ghi ny c s dng phn gii cc tn trm thnh cc a ch IP. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 70
CI DT V CU HNH DCH V DNS SERVER Cc my trm trong min con DNS ca bn c th cng cn nh v cc trm khc bao gm nhng trm trn Internet. Trong trng hp ny, bn phi cu hnh my ch DNS chuyn tip cc yu cu n my ch DNS khc. QUAN TRNG: Bi tp i hi bn c kt ni Internet cho lp hc v mt a ch IP ca my ch DNS trn Internet s dng.
Kim tra phn gii DNS bn ngoi mng Internal

QUAN TRNG: Hon thnh nhim v ny t my tnh c s hiu cao hn. Vic ny s minh ho rng vic chuyn tip l cn thit truy cp n cc ti nguyn bn ngoi mng internal.. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Run, sau nh cmd. 3. Ti du nhc dng lnh, nh nslookup microsoft.com. CU HI: Phn hi t cu lnh Nslookup l g?
Cu hnh Chuyn tip c iu kin

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu thp hn. Vic ny cho php bn cu hnh chuyn tip c iu kin trn my ch DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m mn hnh bng iu khin DNS:
71
CI DT V CU HNH DCH V DNS SERVER a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, chn v nhn chut phi vo tn my tnh ca bn, v sau nhn Properties. 7. Trn trang Server Properties trong th Forwarders, nhn New, v trong hp DNS Domain, nh microsoft.com, v sau nhn OK. 8. Trong trang Server Properties trong hp Selected Domains Forwarder IPAddress List, nh a ch IP ca my ch DNS c ngi hng dn cung cp. (My ch DNS ny phi l my ch DNS ca nh cung cp dch v ISP hoc l my ch DNS cng cng khc). 9. Nhn Add thm a ch IP vo danh sch a ch IP. 10. Nhn OK chp nhn nhng thay i i vi chuyn tip c iu kin (conditional forwarding) 11. ng tt c cc ca s.
Kim tra phn gii DNS bn ngoi mng Internal

QUAN TRNG: Hon thnh nhim v ny t my tnh c s hiu cao hn. Vic ny s minh ho rng vic chuyn tip cho php truy cp n cc ti nguyn bn ngoi mng internal. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Run, sau nh cmd. 3. Ti du nhc dng lnh, nh nslookup microsoft.com CU HI: Phn hi t cu lnh Nslookup l g?
CU HI N TP
Thi gian d kin hon thnh: 15pht TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 72
CI DT V CU HNH DCH V DNS SERVER 1. Cc thit t TCP/IP no phi c cu hnh trc khi ci t dch v DNS Server? 2. Ti sao bn phi to stub zone cho min contoso.com trn my ch DNS? 3. Bn mun c duy nht nhng cp nht ng an ton i vi file DNS Zone. Bn phi c kiu file zone no? 4. Khi no bn s dng chuyn tip vi DNS? Nu mt v d. 5. S khc bit g gia chuyn tip v chuyn tip c iu kin?
THC HNH NNG CAO 3-1: CU HNH DNS

Thi gian d kin hon thnh: 30 pht Bn v i tc l cc nh qun tr mng cho Domain.Contoso.Com. Bn c yu cu phi cu hnh DNS cho mng. Sau khi kho st mng, bn xc nh rng mt my ch DNS standard primary v mt my ch DNS standard secondary s p ng c cc yu cu phn gii tn trn mng. Bn khng mun cc my ch DNS phn gii cc tn bn ngoi, nhng li mun cc my ch DNS s dng my tnh ca ngi hng dn phn gii tn bn ngoi. Tt c cc my trm chy h iu hnh Windows XP v c th cp nht cc bn ghi my trm ca chng. Dch v DHCP nn cp nht tt c cc bn ghi ngc PTR. Bn nn trin khai gii php cho mng ca bn nh th no?
73
QUN L V GIM ST DCH V DNS SERVER
THC HNH 4: QUN L & GIM ST DCH V DNS SERVER.

Bi thc hnh ny bao gm cc bi tp v cng vic sau y: Bi tp 4-1: Cc nhim v chun b. Bi tp 4-2: To bn sao th cng DNS zones. Bi tp 4-3: Gim st & G ri DNS. Bi tp 4-4: Qun l DNS Bi tp 4-5: An ninh DNS Bi tp 4-6: Loi b dch v DNS Cc cu hi n tp Thc hnh nng cao 4-1: Ci t & Qun l DNS Sau khi hon thnh bi thc hnh ny, bn c th: Ci t cc cng c h tr Windows Server 2003 Gim st dch v phn gii tn min DNS Server G ri dch v DNS Qun l DNS An ninh DNS Thi gian d kin: 125 pht (Thi gian c tnh ny bao gm c thi gian trc khi bn bt u cc th tc ci t)
TRC KHI BN BT U
Thi gian d kin hon thnh: 10 pht QUAN TRNG: Nu bn cha hon thnh cc bi tp trong phn THC HNH 3 Ci t & cu hnh dch v DNS, bn phi hon thnh cc th tc tin quyt sau
74
Ci t dch v DNS
QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny cho php bn ci t dch v DNS Server trn my tnh ca bn. Sau khi bn ci t dch v DNS Server, bn s cu hnh mt Active Directory-integrated DNS Zones. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, sau nhn Control Panel 3. Trong khi d phm Shift, Nhn chut phi ty chn Add Or Remove Program, sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m Add Or Remove Program Wizard: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m ca s Add Or Remove Program Wizard 6. Trong ca s Add Or Remove Program Wizard, Nhn vo biu tng add/Remove Windows Components. 7. Trong Windows Components Wizard, trn trang Windows Components, pha di Components, nhn Netwoking services, v sau nhn Details. 8. Trong hp thoi Netwoking services, Tch vo hp domain Name System (DNS), v sau nhn OK 9. Trong Windows Components Wizard, Nhn Next 10. Nu xut hin li nhn yu cu cc files ci t HH Windows Server 2003, bn phi cho a chng trnh ci t HH Windows Server 2003 vo CD ROM, v sau nhn OK. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 75
QUN L V GIM ST DCH V DNS SERVER 11. Khi qu trnh cu hnh hon thnh, nhn Finish v ng tt c cc ca s li.
To v Cu hnh Active Directory-Intergrated DNS Zones.

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn to forward lookup zone cho mng ca bn. Zone nn c sao chp n cc my tnh c s hiu cao hn trong vng vi pht. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s System Properties: hp User a. Trong administrator@Domain.Contoso.Com 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng tn my ch c tn Computerxx , v sau nhn vo Forward Lookup Zones. 7. Nhn chut phi vo DNS Forward Lookup Zones, v sau nhn New Zone. 8. Trn trang Welcome to New Zone Wizard, nhn Next 9. Trong trang Zone Type, xc nhn Primary Zone and store Zones In Active directory c chn, v sau nhn Next. Name, nhp
b. Trong hp Password, nhp MSPress@LS#1
76
QUN L V GIM ST DCH V DNS SERVER 10. Trn trang Active Directory Zones Replication Scope, xc nhn to All Domain Controller In Active directory Domainomain.contoso.com c chn, v sau nhn Next. 11. nh Domain.Contoso.Com trong hp Zone Name, trong domain l tn mien ca bn, v sau nhn Next. 12. Trn trang Dynamic Update, kim tra xem tu chn Only Secure Dynamic Update c chn, v sau nhn Next. 13. Trn trang Completing new Zone Wizard, nhn Finish 14. M rng Forward Lookup Zones 15. Chn v nhn chut phi vo Domain.Contoso.Com, v sau chn Properties. 16. Trong trang Properties, trong Th Zone Transfer, chn All Zone Transfer, v sau nhn To Any Server. Nhn OK. 17. ng tt c cc ca s li.
KCH BN
Bn l nh qun tr mng cho cng ty Blue Yonder Airline. Bn trin khai mt s my ch DNS v my ch iu khin min (DC) trn mng. Mi my ch DNS c chy vi cu hnh Active directory-Integrated zones. Do cc yu cu v qun tr nn bn phi m bo dch v DNS phi hot ng hiu qa v an ton. Bn phi qun l, gim st, v m bo an ton cc my ch DNS ang hot ng trn mng. Bn s s dung cc cng c h tr c sn trong a CD ROM Windows Server 2003 qun l v gim st cho dch v DNS.
BI TP 4-1: CC TC V CHUN B
Thi gian d kin: 10 pht Trong bi tp ny, bn s cu hnh cc thit t v ci t thm cc cng c chun b cho cc phn tip theo ca bi Thc hnh. Cc cng c ny c s dng gim st v g ri dch v DNS Server. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 77
Ci t cc cng c h tr Windows Server 2003.

QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny cho php bn ci t cc cng c h tr Windows Server 2003 trn my tnh ca hc vin. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, sau nhn vo My Computer. 3. Trong ca s My Computer, Nhn chut phi a CD ROM, v sau nhn Open (trc bn phi cho a CD ci t h iu hnh Windows Server 2003 vo a CD ROM). 4. M th mc Suppport, v sau nhn vo th mc Tools, v sau nhn p vo file SUPTOOLS.MSI 5. Trong ca s Windows Support Tools Setup Wizard, nhn Next. 6. Trn trang End Uer Agreement, xem qua tho thun bn quyn v sau nhn vo I Agree If you agree with terms, v sau nhn Next. 7. Trn trang User Information, chp nhn Default name and organization, v sau nhn Next tip tc. 8. Trn trang Destination Directory, nhn Install now bt u ci t. 9. Trn trang Completing Windows Support Tools Setup Wizard, nhn Finish kt thc vic ci t cc cng c h tr. 10. ng tt c cc ca s li.
Cu hnh cc thit lp DNS cho giao tip mng

QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. Vic ny cho php bn cu hnh giao tip mng kt ni ti mng Contoso Ltd s dng dch v DNS Server trn my tnh cu ngi hng dn.
78
QUN L V GIM ST DCH V DNS SERVER 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, sau nhn Network connections m ca s Network connections. 3. Nhn chut phi vo biu tng Contoso Ltd Network connections, v sau nhn Properties. 4. Nhn Internet Protocol (TCP/IP), v sau nhn Properties. 5. Trong hp thoi Internet Protocol (TCP/IP) Properties, xc nhn rng tu chn Use Following DNS Server Addresses c chn, v sau nh a ch IP ca my tnh ngi hng dn (10.1.1.200) trong hp Preferred DNS Server, v sau nhn OK. 6. m bo rng hp Default Gateway trng, v hp Alternate DNS cng trng. 7. Nhn Close ng trang Contoso Ltd Network connections. 8. ng tt c cc ca s.
BI TP 4-2: NG B VNG DNS TH CNG

Thi gian d kin: 10 pht Trong bi tp ny, bn thc hin ng b thng tin vng DNS mt cch th cng. Vic ny bnh thng l khng cn thit v vic ng b vng DNS kiu tch hp Active Directory cng c bao hm trong khi ng b Active Directory thng thng. Nhng i khi thng tin DNS Zone c th cn c ng b th cng, v d nh khi bn to cc bn ghi DNS th cng v phi ngay sau truy cp c vo host DNS.
To mt bn ghi my trm (A) mt cch th cng.

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn to mt bn ghi my trm mi trong DNS forward lookup zone. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 79
QUN L V GIM ST DCH V DNS SERVER 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: Trong hp User Name, nhp administrator@Domain.Contoso.Com Trong hp Pasword, nhp MSPress@LS#1 5. Nhn OK m bng iu khin DNS. 6. Trong cy DNS, m rng tn my ch c tn Computerxx , v sau nhn vo Forward Lookup Zones, v sau chn Domain.Contoso.Com 7. Nhn chut phi vo min Domain.Contoso.Com, v sau nhn New Host (A). 8. Trong hp Name, nhp vo newhost. 9. Trong hp IP Address, nhp vo a ch IP ca my tnh bn v sau nhn Add Host. 10. Nhn OK xc nhn rng bn ghi c to thnh cng. 11. Nhn Done. 12. ng ca s DNS Management v ng tt c cc ca s li.
Thc hin ng b vng DNS th cng bng cch s dng Active Directory Sites And Services Snap-In.
QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn sao chp cc thng tin c cha ng trong CSDL AD.
80
QUN L V GIM ST DCH V DNS SERVER 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo Active Directory Sites and Services, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng ca hp thoi sau m ca s Active Directory Sites and Services: Trong hp User administrator@Domain.Contoso.Com Name, nhp
Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh Active Directory Sites and Services. 6. Trong cy Active Directory Sites and Services, m rng Sites, v sau m rng Default-First-Site-Nam. 7. Trong cy Active Directory Sites and Services, m rng Servers, v sau m rng Computerxx trong Computerxx l tn ca my tnh, v sau chn NTDS Settings. 8. Trong phm vi ca Active Directory Sites and Services, nhn chut phi vo mi i tng kt ni (c t ng to ra), v sau chn Replicate Now, v sau nhn OK trong hp thoi Replicate Now. 9. ng ca s Active Directory Sites and Services, v ng tt c cc ca s li.
Xc nhn vic ng b v cho php chuyn giao vng

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn thy rng bn ghi host mi c sao chp trong DNS forward lookup zone. Bn cng s cu hnh vng Domain.Contoso.Com cho php vng (zone) c chuyn giao nhm chun b cho cc nhim v tip theo. 81
QUN L V GIM ST DCH V DNS SERVER 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User Name, nhp administrator@Domain.Contoso.Com b. Trong hp Pasword, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Computerxx trong Computerxx l tn my tnh ca bn, m rng Forward Lookup Zones, v sau chn Domain.Contoso.Com trong Domain.Contoso.Com l tn min ca bn. 7. Trong scope Bng iu khin DNS, xc nhn rng bn ghi host (newhost) c trn mn hnh. 8. Nhn chut phi vo min Domain.Contoso.Com, v sau chn Properties. 9. Trong Zone Transfers th, chn Allow Zone Transfers, chn To Any Server, v sau nhn OK. 10. ng tt c cc ca s li.
Xc nhn vic ng b v cho php chuyn giao vng

QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny s bo m rng vic chuyn giao zone c cho php thc hin ti bt k my ch no.. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 82
QUN L V GIM ST DCH V DNS SERVER 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: User Name, nhp a. Trong hp administrator@Domain.Contoso.Com b. Trong hp Pasword, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Computerxx trong Computerxx l tn my tnh ca bn, m rng Forward Lookup Zones, v sau chn Domain.Contoso.Com trong Domain.Contoso.Com l tn min ca bn. 7. Nhn chut phi vo min Domain.Contoso.Com, v sau chn Properties. 8. Trong th Zone Transfers, m bo rng Allow Zone Transfers v To Any Server c chn, v sau nhn OK. 9. ng tt c cc ca s li.
BI TP 4-3: THEO DI V KHC PHC S C DNS

Thi gian d kin: 25 pht Trong bi tp ny, bn s s dng mt s cng c gim st v g ri dch v DNS Server. i khi, dch v DNS Server h tr mt s cng c nht nh. Bit cch lm th no s dng nhng cng c ny h tr DNS l rt quan trng i vi mt ngi qun tr mng.
Cu hnh cc thit lp DNS trong giao tip mng

QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. Vic ny cho php bn cu hnh cc mng kt ni ti mng Contoso Ltd s dng dch v DNS Server trn my tnh ca bn. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 83
QUN L V GIM ST DCH V DNS SERVER 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, sau nhn Network connections m ca s Network connections. 3. Nhn chut phi vo biu tng Contoso Ltd Network connections, v sau nhn Properties. 4. Nhn Internet Protocol (TCP/IP), v sau nhn Properties. 5. Trong hp thoi Internet Protocol (TCP/IP) Properties, xc nhn rng tu chn Use Following DNS Server Addresses c chn, v sau nhp vo a ch IP ca my tnh ngi hng dn (10.1.1.xx) trong hp Preferred DNS Server, v sau nhn OK. 6. Nhn Close ng trang Contoso Ltd Network connections. 7. ng tt c cc ca s.
S dng Dnscmd hin th cc bn ghi

QUAN TRNG: Hon thnh nhim v ny t cc my tnh. iu ny cho php bn hin th cc thng tin v cc vng (zone) c cu hnh v cc bn ghi c cha trong vng DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, nhn All Programs, nhn Windows Support Tools, v sau nhn Command Prompt. 3. Ti du nhc lnh C:\Program Files\Support Tools, nh dnscmd /enumzones, v sau nhn Enter. 4. Trong biu di y, k tn cc vng v cc c tnh ring ca tng vng: Tn vng (Zone Name) S hiu vng (Zone Count) Loi (Type) Lu gi (Storage) c tnh (Properties)
84
CU HI: Ci g c biu th pha di mc Properties v cc vng? 5. Trong ca s du nhc lnh, nh dnscmd/zoneprint Domain.Contoso.Com trong domain l tn min v sau nhn Enter. CU HI: Loi bn ghi no c lit k trong vng? 6. ng tt c cc ca s.
S dng Nslookup kim tra cc bn ghi DNS

QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny cho php bn lit k tt c cc bn ghi ngun trong mt min v vng cho. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. m ca s du nhc lnh, nhn Start, nhn Run, nh cmd, v sau nhn Enter. 3. Trong ca s du nhc lnh, nh nslookup, v sau nhn Enter. 4. Trong du nhc Nslookup, nh set type=all, v sau nhn Enter. 5. Trong du nhc Nslookup, nh ls Domain.Contoso.Com trong domain l tn min ca bn, v sau nhn Enter. CU HI: iu g s xy ra nu bn s dng tu chn d trong cu lnh ls nslookup? 6. Nhn Start, nhn Control Panel, nhn Admistrative Tools, v sau nhn DNS.
85
QUN L V GIM ST DCH V DNS SERVER 7. Trong cy DNS, m rng Forward Lookup Zones, v m rng Domain.Contoso.Com trong domain l tn min ca bn. S dng phm vi xem cc bn ghi ngun trong vng. 8. S dng mn hnh bng iu khin DNS so snh cc bn ghi ngun vi cc kt qu trong bc 5 s dng Nslookup. 9. ng tt c cc ca s.
Lit k cc bn ghi my trm DNS

QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny cho php bn lit k my trm, hoc A, cc bn ghi ngun trong mt min v vng cho. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. m ca s du nhc lnh, nhn Start, nhn Run, nh cmd, v sau nhn Enter. 3. Trong ca s du nhc lnh, nh nslookup, v sau nhn Enter. 4. Trong du nhc lnh Nslookup, nh set type=a, v sau nhn Enter. 5. Trong du nhc lnh Nslookup, nh ls Domain.Contoso.Com trong domain l tn min ca bn, v sau nhn Enter. 6. Lit k cc bn ghi trm, hoc A, trong trng di y:
CU HI: Nslookup tr v cc bn ghi NS no t truy vn? CU HI: Bn ghi NS c s dng cho mc ch g? 7. nh exit, v sau nhn Enter thot khi Nslookup. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 86
QUN L V GIM ST DCH V DNS SERVER 8. ng tt c cc ca s.
Gim st dch v DNS Server

QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. Vic ny s cho php bn gim st my ch DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Computerxx trong Computerxx l tn my tnh ca hc vin, v sau nhn Clear Cache t trnh n thc n. 7. Trong cy mn hnh bng iu khin DNS, nhn chut phi vo Computerxx , trong Computerxx l tn my tnh ca hc vin, v sau nhn Properties. 8. Trong trang Properties, trong th Monitoring, pha di Select A Test Type, chn c tu chn A Simple Query Against This DNS Server v A Recursive Query To Other DNS Servers, v sau nhn Test Now. CU HI: Ti sao truy vn quy (Recursive Query) tht bi khi n c th? 87 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003
QUN L V GIM ST DCH V DNS SERVER 9. Nhn OK ng trang Computerxx Properties. 10. Trong cy mn hnh bng iu khin DNS, nhn chut phi vo Computerxx , trong Computerxx l tn my tnh ca hc vin, v sau nhn Clear Cache. 11. Trong cy mn hnh bng iu khin DNS, nhn chut phi vo Computerxx , trong Computerxx l tn my tnh ca hc vin, v sau nhn Properties. 12. Trong th Forwarders, trong tu chn Selected Domains Forwarder IP Address List, nh a ch IP ca my tnh ngi hng dn (10.1.1.200), nhn Add, v sau nhn OK. 13. Nhn th Root Hints, v trong phn Name Servers, chn mi my ch mc gc, v sau nhn Remove. 14. Trong th Root Hints, nhn Add. Trong trang New Resource Record, trong trng Server Fully Qualified Domain Name (FQDN), nh instructor01.contoso.com. Trong trng IP address, nh 10.1.1.200, nhn Add, v sau nhn OK. 15. Trong trang Computerxx Properties, nhn Apply. 16. Trong th Monitoring, pha di Select A Test Type, m bo rng c hai tu chn l A Simple Query Against This DNS Server v A Recursive Query To Other DNS Server c chn, v sau nhn Test Now. CU HI: Ti sao Recursive Query thnh cng khi n c th ln ny? 17. Trong th Forwarders, trong tu chn Selected Domains Forwarder IP Address List, nhn Remove, v sau nhn OK. 18. ng tt c cc ca s li.
BI TP 4-4: QUN L DNS

Thi gian d kin hon thnh : 15 pht Trong bi tp ny, bn s s dng mt s cng c qun l my ch DNS. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 88
Cng c IPconfig
QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny s cho php bn hin th cc chuyn i thch hp lin quan n DNS khi s dng cng c Ipconfig. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. m ca s du nhc lnh, Nhn Start, chn Run, nh cmd, v nhn phm Enter 3. Ti du nhc lnh, nh cu lnh ipconfig /? v sau nhn phm Enter CU HI: Cc chuyn i Ipconfig no lin quan n DNS? Lit k v gii thch cc chc nng ca cc chuyn i ny? 4. ng ca s du nhc lnh.
Np sn DNS Resolver Cache.

QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny cho php bn nhp sn DNS resolver cache vo my tnh ca hc vin. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. m ca s du nhc lnh, Nhn phm Start, nhn Run, v sau nh cmd. 3. Trong ca s du nhc lnh, nh ipconfig /displaydns. CU HI: Ti sao c cc mc nhp c lit k? 4. Trong ca s du nhc lnh, nh ipconfig /flushdns, v sau nhn Enter. 5. Nhn Start, v sau nhn My Computer m cc ni dung ca My Computer. 6. nh v tp sau: %systemroot%\System32\Drivers\Etc\Hosts. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 89
QUN L V GIM ST DCH V DNS SERVER 7. Nhn chut phi vo Hosts file, chn Open, v trong ca s Open With, nhn p chut vo Notepad. 8. Trong dng # 102.54.94.97 rhino.acme.com, lc b k hiu #. 9. Nhn File, v sau nhn Save. 10. ng Microsoft Notepad C:\%systemroot%\system32\drivers\etc. v ca s
11. Trong ca s du nhc lnh, nh ipconfig /displaydns. CU HI: C mc nhp no cho rhino.acme.com? Mc ny c nhp vo DNS resolver cache nh th no?
Cu hnh DNS Scavenging

QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny s cho php bn to scavenging cho mt vng DNS c th. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Computerxx trong Computerxx l tn my tnh ca hc vin v sau m rng Forward Lookup Zones. 90
QUN L V GIM ST DCH V DNS SERVER 7. Trong cy DNS, chn v nhn chut phi vo Domain.Contoso.Com trong Domain.Contoso.Com l tn min ca bn, v sau chn Properties. 8. Trong trang Domain.Contoso.Com Properties, chn th General v sau nhn Aging m ca s Zone Aging/Scavenging Properties. 9. Chn tu chn Scavenge Stale Resource Records, v sau nhn OK. 10. Nhn OK. CU HI: Scavenge Stale Resource Records ngha l g? 11. ng tt c cc ca s li.
To iu kin thc hin WINS Lookup

QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny s cho php bn to iu kin cho Internet Naming Service (WINS) lookup trong DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS.
91
QUN L V GIM ST DCH V DNS SERVER 6. Trong cy DNS, m rng Computerxx trong Computerxx l tn my tnh ca hc vin v sau m rng Forward Lookup Zones. 7. Chn v nhn chut phi vo Domain.Contoso.Com trong Domain.Contoso.Com l tn min ca bn, v sau chn Properties. 8. Trong trang Domain.Contoso.Com Properties, nhn th WINS, chn tu chn Use WINS Forward Lookup, v sau nhn a ch IP ca my tnh bn trong mc IP Address. Nhn Add, v sau nhn OK. CU HI: Sau khi to iu kin cho WINS lookup, bn ghi ngun no c b sung vo DNS zone trong mn hnh bng iu khin DNS? 9. ng tt c cc ca s li.
BI TP 4-5: BO MT DNS
Thi gian d kin hon thnh : 10 pht Trong bi tp ny, bn s s dng mt s phng php bo m DNS. Cn thit phi bo m DNS trnh s truy nhp khng c cho php.
Bo mt cho my ch DNS
QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny s cho php bn xem xt vic thit lp bo mt cho nhng ngi s dng v cc nhm hin ang truy nhp qun l v gim st my ch DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As.
92
QUN L V GIM ST DCH V DNS SERVER 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, chn v nhn chut phi vo Computerxx trong Computerxx l tn my tnh ca hc vin v sau nhn Properties. 7. Nhn th Security hin th danh sch DACL cho my ch DNS. CU HI: Ti sao mi ngi trong nhm khng c lit k trong DACL? 8. Nhn OK, v sau ng tt c cc ca s li.
Bo mt cho DNS zone

QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny s cho php bn xem xt vic thit lp bo mt cho DNS zone. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
QUN L V GIM ST DCH V DNS SERVER 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, chn v nhn chut phi vo Computerxx trong Computerxx l tn my tnh ca hc vin v sau m rng Forward Lookup Zones. 7. Trong cy DSN, chn v nhn chut phi vo Domain.Contoso.Com, v sau nhn Properties. 8. Trong trang Domain.Contoso.Com Properties, nhn th Security hin th DACL cho DNS zone. CU HI: Ti sao mi ngi trong nhm c lit k trong DACL? 9. Nhn OK, v sau ng tt c cc ca s li.
Cu hnh mt Listener
QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny s cho php bn cu hnh mt listener cho dch v DNS Server. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, chn v nhn chut phi vo Computerxx trong Computerxx l tn my tnh ca hc vin v sau nhn Properties. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 94
QUN L V GIM ST DCH V DNS SERVER 7. Trong trang Computerxx Properties, trong th Interface, chn Only Following IP Addresses. Xc nhn rng Contoso network adapter IP address (10.1.1.xx) c lit k trong danh sch a ch IP, v sau nhn OK. CU HI: Lm th no m vic cu hnh mt listerner m bo my ch DNS? 8. ng tt c cc ca s li.
Bo mt cc chuyn i vng
QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny s cho php bn bo m cc chuyn i vng DNS cho my ch DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, chn v nhn chut phi vo Computerxx trong Computerxx l tn my tnh ca hc vin v sau m rng Forward Lookup Zones. 7. Chn v nhn chut phi vo Domain.Contoso.Com, trong Domain l tn min ca bn v sau nhn Properties. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 95
QUN L V GIM ST DCH V DNS SERVER 8. Trong trang Domain.Contoso.Com Properties, trong th Zone Transfers, m bo rng Allow Zone Transfers c la chn, v rng Only To Following Servers c la chn. 9. Trong mc IP Address, nh a ch IP ca my tnh ngi hng dn (10.1.1.200), v sau nhn Add. 10. Nhn OK. CU HI: Lm th no vic cu hnh cc chuyn i vng bo m c my ch DNS? 11. ng tt c cc ca s li.
BI TP 4-6: LOI B DCH V DNS SERVER.

Thi gian d kin hon thnh : 5 pht Bn s g b dch v DNS Server t cc my tnh ca hc vin. Vic ny rt cn thit hon thnh thnh cng cc bi Thc hnh sau ny.
Loi b dch v DNS Server

QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny cho php bn loi b dch v DNS Server. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo Manage Your Server, v sau chn Run As m hp thoi Run As. 4. Chn Following User option, v sau nhp cc thng tin nh khon vo cc trng hp thoi sau m Manage Your Server wizard: TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 96
QUN L V GIM ST DCH V DNS SERVER a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m ca s Manage Your Server 6. Trong Manage Your Server, nhn Add or Remove A Role m mn hnh Configure Manage Your Server. 7. Trn trang Preliminary Steps ca phn Configure Your Server wizard, nhn Next 8. Trn trang Server Role, chn DNS Server, v sau nhn Next. 9. Trn trang Role Removal Confirmation, nhn Remove DNS Server Role option, v sau nhn Next. 10. Trn trang DNS Server Role Removed, Nhn Finish. 11. ng tt cc ca s ang m.
Cu hnh cc thit t DNS Adapter.

QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny cho php bn cu hnh cc mng (cc mng c kt ni n Contoso Ltd) vi a ch IP ca my ch DNS. V vy my ch ca bn tr thnh mt my client DNS ca dch v DNS Server ang chy trn my tnh ca ngi hng dn. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com trong domain l tn min. 2. Nhn Start, v sau nhn Network connections m ca s Network connections. 3. Nhn chut phi vo biu tng Contoso Ltd Network connection, v sau nhn Properties. 4. Nhn Internet Protocol (TCP/IP), v sau nhn Properties. 5. Trn trang Internet Protocol (TCP/IP) Properties, xc nhn rng Use Following DNS Server Addresses c la chn, nh a ch IP TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 97
QUN L V GIM ST DCH V DNS SERVER ca my tnh ngi hng dn (10.1.1.200) trong hp Preferred DNS Server, v sau nhn OK. 6. Nhn Close ng trang Contoso Ltd Network Properties. 7. ng tt c cc ca s.
CC CU HI N TP
Thi gian d kin hon thnh: 15 pht 1. Bn c th s dng ba phng php no c trnh by trong bi Thc hnh ny bo mt mt my ch DNS v d liu vng? 2. Tp no c s dng nhp sn DNS resolver cache? 3. Tin ch no c th c s dng xem xt cc s kin DNS c ghi nht k? 4. Hai tin ch no c trnh by phn u bi Thc hnh ny gip cho vic qun l v g ri cc vn v DNS? 5. Khi no cc cp nht i vi file zone kiu tch hp AD c sao chp? 6. S khc nhau no gia mt truy vn thng thng v truy vn quy? 7. Nu tn mt cng c khc vi Active Directory Sites And Services c cp trong cc bi thc hnh m c th c s dng p buc vic sao chp cc zones (vng) tch hp Active Directory?
THC HNH NNG CAO 4-1: CI T V QUN L DNS

Thi gian d kin hon thnh: 30 pht Bn c thu lm nh t vn mng cho Northwind Traders tr gip cng ty ny cu hnh v gim st cc my ch DNS trn mng. Phng Dch v Thng tin ca Cng ty Northwind Traders trin khai mt s my ch iu khin min Active Directory nm trong hai min (domain): nwtraders.com v europe.nwtraders.com. Mt my ch DNS trong min nwtraders.com chy ch standard primary zone c gi l TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 98
QUN L V GIM ST DCH V DNS SERVER nwtraders.com. Hai my ch DNS trong min con europe.nwtraders.com: my ch DNS u tin chy ch standard primary zone, v my ch DNS th hai chy ch standard secondary zone. Mi mng LAN cng cha ng nhiu my ch DHCP v my ch WINS server. Cc my trm trn cc mng LAN s dng DHCP nhn a ch IP. L mt nh t vn, bn c yu cu h tr gii quyt cc vn lin quan n DNS cho phng Dch v Thng tin. Phng ny mun cu hnh dch v h tng mng DNS lm gim cc n lc qun tr lin quan n qun l cc my ch DNS v cc file zone DNS gim bt giao dch mng ni b. Nhn s ca phng ny cng yu cu bn gip h bo mt cc my ch DNS v cc chuyn i vng (zone) trong mng v xc nhn, kim tra v gim st cc hot ng ca DNS. Cui cng, tit kim bng thng ca mng WAN, phng ny mun c kh nng cu hnh cc my ch DNS chuyn tip cc truy vn DNS n cc my ch DNS ni b, thay v tt c cc my ch DNS chuyn tip cc truy vn DNS ra Internet.
99
THC HNH KHC PHC S C: TRIN KHAI CC DCH V MNG

XEM XT D N
Bn l mt thnh vin ca i k s mng ca cng ty Contoso Ltd. Bn ph trch lp k hoch v trin khai mt chin lc dch v mng cho mng ca cng ty ny. Cng vic ca bn l lp k hoch v trin khai mt chin lc cp php a ch IP ng (DHCP) v mt chin lc phn gii tn min (DNS) cho mng. Trin khai hai dch v mng ny s cho php bn giao tip vi cc my trm v my ch s dng cc tn trm v cc a ch IP. Mng Contoso bao gm mt min, contoso.com v mt s min con. Cc my trm v my ch trn mng phi c kh nng phn gii cc tn trm min con ni b. Hin nay, tt c cc my trm v my ch trn mng c cu hnh s dng a ch IP tnh m bao gm cc a ch IP i vi my ch DNS. Bn cng phi hn ch bng thng c s dng bi cc dch v mng ny v cc my trm trong min con ni b. Da trn nhng g bn bit v h tng mng Contoso v nh rng bn phi hn ch giao thng mng, tr li cc cu hi sau y. Bao gm gii thch cho mi cu tr li. 1. 2. 3. 4. C bao nhiu my ch DHCP s cn c cu hnh cho mng Contoso? C bao nhiu my ch DNS s cn c cu hnh cho mng Contoso? Ti thiu, cc tu chn DHCP no bn nn gn cho my trm? Bn c nn cu hnh mt DHCP relay agent trn mi subnet cho php cc my trm DHCP nhn c thng tin a ch IP t mt my ch DHCP xa?
th nghim vi dch v DHCP v DNS trong mt mi trng mng, bn mun cu hnh mt mng th im m s c s dng ci t v cu hnh DHCP v DNS. Mng th im ny s c cu hnh vi mt di a ch IP l 192.168.0.0/24. Mi trng th im ny s bao gm mt my hc TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 100
QUN L V GIM ST DCH V DNS SERVER vin ng vai tr nh mt my ch v mt my hc vin ng vai tr nh mt my trm. Bn nn trin khai theo cc bc sau: Ci t v trin khai mt my ch DHCP trn my tnh Windows Server 2003. Cu hnh mt my ch DHCP phn hi cc yu cu cp pht a ch IP. Cu hnh mt my ch DHCP cung cp cc tu chn di a ch IP thch hp. Ci t v trin khai mt my ch DNS trn mt my tnh Windows Server 2003. Sau khi hon thnh cc bc trn, bn chun b minh ha cho ngi hng dn rng cc my ch ca bn c th thc hin: Giao tip bng cch s dng giao thc TCP/IP. Nhn thng tin a ch IP ng thng qua DHCP. Giao tip bng cch s dng dch v DNS phn gii cc tn trm trong min con ni b.
THIT LP G RI
Trong phn thc hnh g ri, ngi hng dn hoc cc hc vin s gii thiu mt s c trong mng m s cn tr vic cp pht a ch IP v phn gii tn trn mng.
G RI
Trong phn thc hnh g ri ny, bn c giao nhim v gii quyt mt vn giao tip c gii thiu trong phn trc ca bi thc hnh ny. c th x l tin trnh g ri c hiu qu, bn cn phi ti liu ho cc qu trnh bn s dng trong khi khc phc vn . Ghi li cc bc v cc qu trnh g ri, bao gm cc thng tin nh sau: Bn xem xt ci g chn on s c? Lit k cc bc m bn thc hin chn on s c, k c cc bc chun on khng hot ng. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 101
QUN L V GIM ST DCH V DNS SERVER Bn pht hin s c no? Nguyn nhn ca s c? Gii php no? Cc bc gii quyt s c? Cc th nghim no c s dng xc nhn gii php khc phc s c? Kt qu ca th nghim? Lit k cc ti nguyn bn s dng gii quyt s c. Cc s c c gii thiu trn mng c thit k hn ch cc giao tip theo mt cch thc no , hoc gia cc my tnh trong min con hoc gia cc my tnh trong min vi my tnh thuc cc min khc trong lp hc. Bn c th s dng tin ch cu lnh Ping, tin ch Tracert, tin ch Nslookup, tin ch Dnscmd, hoc mt s cc tin ch khc kim tra cc kt ni v gip g ri s c.
102
BO MT TRONG MNG
THC HNH 5: BO MT TRONG MNG

Bi thc hnh ny gm cc bi tp v hot ng sau: Bi tp 5-1: Kim sot bo mt Bi tp 5-2: p dng cc mu bo mt Bi tp 5-3: Gn quyn cho ngi s dng Bi tp 5-4: S dng h thng File m ha (EFS) Bi tp 5-5: Ci t v cu hnh Microsoft Baseline Security Analyzer (MBSA) Cc cu hi tng kt Thc hnh nng cao 5-1: Lp k hoch bo mt cho Wingtip Toys Sau khi hon thnh bi thc hnh ny, bn c th: Kim sot cc s kin bo mt trn my qun tr min (Domain Controller). Phn tch v p dng cc thit lp bo mt cho cc my ch. M ha v gii m File trn my cc b v my khc. S dng MBSA qut v pht hin cc l hng bo mt trong mng. Thi gian d kin: 115 pht
KCH BN
Bn l qun tr mng ca ACNA, Ltd. Bn c yu cu a ra mt s khuyn ngh bo mt nng mc bo mt trong mng. Bn phi thc hin vic nng cp bo mt cho cc my ch v my qun tr min v s dng Microsoft Baseline Security Analyzer(MBSA) pht hin cc l hng bo mt trn my trm v my ch trn mng. m bo mc bo mt d liu trn my cc b v cc my khc, bn phi m ha File bng cch s dng h thng File m ha (EFS) cho my trm v my ch trn mng. Bn cng phi thit lp tc nhn phc hi cho min.
103
BO MT TRONG MNG
BI TP 5-1: KIM SOT BO MT

Thi gian hon thnh d kin: 5 pht Trong bi tp ny, bn s hc cch cu hnh kim sot bo mt, v bn s xem phn kim sot bo mt trn my ch s dng Microsoft Windows Server 2003. Cc s kin kim sot bo mt LU Thc hin bi tp ny trn tt c cc my tnh ca Hc vin. T bn c th hin th cc s kin kim sot bo mt trn my qun tr min. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn) 2. Nhn Start, chn Control Panel, v nhn p vo Administrative Tools. 3. Nhn chut phi vo Event Viewer, sau chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn The Following User v sau nhp cc thng s sau trong cc trng ca hp thoi m bng iu khin Event Viewer. a. Trong phn User Name, nhp administrator@domain.contoso.com ( y domain l tn min ca bn). b. Trong phn Password, nhp MSPress@LS#1 5. Nhn OK m bng iu khin Event Viewer. 6. Trong cy bng iu khin, nhn Security. Cu hi Lit k ba loi (category) s kin lu li trong nht k bo mt trn my ch ca bn. 7. Thu nh (minimize) ca s Event Viewer. 8. Nhn Start, chn Control Panel, sau nhn p Administrative Tools. 9. Nhn chut phi vo Domain Controller Security Policy, sau chn Run As m hp thoi Run As.
104
BO MT TRONG MNG 10. Trong hp thoi Run As, chn The Following User v sau nhp cc thng s sau trong cc trng ca hp thoi m bng iu khin Domain Controller Security Policy: c. Trong phn User Name, nhp administrator@domain.contoso.com ( y domain l tn Min ca bn). d. Trong phn Password, nhp MSPress@LS#1 11. Nhn OK m bng iu khin Domain Controller Security Policy. 12. M Local Policies, sau nhn Audit Policy. 13. Bn trong khung bn phi (detail pane), nhn p vo Audit Object Access. 14. Trong ca s Audit Object Access Properties, nhn la chn Success v sau nhn OK. 15. ng bng iu khin Domain Controller Security Policy. 16. Nhn chut phi vo mn hnh (Desktop) ca bn, chn New v sau chn Folder. 17. Nhp computerxx trong phn tn ca th mc ( y computerxx l tn my tnh ca hc vin). 18. Nhn p vo th mc bn va to ra trn mn hnh. 19. ng th mc Computerxx. 20. M ca s Event Viewer, sau nhn F5. 21. Trong ca s bn phi, lu cc s kin tng ng vi Object Access c lu li trong nht k bo mt. 22. ng Event Viewer.
BI TP 5-2: P DNG CC MU BO MT
Thi gian hon thnh d kin: 10 pht Trong bi tp ny, bn s hc cch s dng Security Configuration And Analysis Microsoft Management Console (MMC) snap-in so snh cc thit lp bo mt trn my tnh ca hc vin. Bn cng s hc cch s dng cng c Gpupdate p dng cc mu bo mt xc nh vo TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 105
BO MT TRONG MNG my tnh ca cc bn. Bn cng s p dng li mu Setup Security h thng ca bn quay li trng thi c, sau khi bn p dng cc mu bo mt mi. To ra bng iu khin thit lp bo mt (Security Setting) Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s gip bn to ra MMC mi bao gm cc snap-in Security Template v Security Configuration And Analysis. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn). 2. Nhn Start, sau nhn Run m hp thoi Run. 3. Trong phn Open, nhp mmc, v sau nhn OK. 4. Trong ca s Console1, trn thc n File, chn Add/Remove Snap-In m hp thoi Add/Remove Snap-In. 5. Nhn Add. 6. Trong danh sch cc snap-in hin c, chn Security Configuration And Analysis, sau nhn Add. 7. Chn Security Templates, sau nhn Add. 8. Nhn Close, dng ca s Add Stand Alone Snap-In, sau nhn OK. 9. Trn thc n File, chn Save As. 10. Trong ca s Save As, nhn vo biu tng mn hnh, sau trong phn File Name nhp security. Nhn Save. 11. ng tt c cc ca s ang m. So snh cc thit lp bo mt s dng MMC Snap-In Security Configuration And Analysis. Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s gip bn so snh cc thit lp bo mt trn cc my tnh ca hc vin vi cc mu bo mt xc nh trc. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn).
106
BO MT TRONG MNG 2. Nhn p vo biu tng security MMC trn desktop m MMC ny. 3. Chn Security Configuration And Analysis trong cy bng iu khin. 4. Trn thc n Action, chn Open Database m ca s Open Database. 5. Trong phn File Name, nhp securedc, sau nhn Open. 6. Trong ca s Import Template, nhn Securedc.inf, sau nhn Open. 7. Chn Security Configuration And Analyssis trong cy bng iu khin nu cha c chn. 8. Trong thc n Action, chn Analyze Computer Now. 9. ng vi ng dn mc nh lu tr cc li gp phi khi phn tch trong ca s Perform Analysis, sau nhn OK. 10. Trong cy bng iu khin, m Security Configuration And Analysis\Local Policies, sau nhn Audit Policy. 11. Trong ca s bn phi, tm Audit Accoun Logon Events. Ghi li cc thit lp vo bng di y Database Setting Computer Setting
12. Gi nguyn cc ca s bng iu khin ang m. Cu hi Ti sao li c ch X mu trn chnh sch Audit Logon Events? Cu hi Ti sao bn li mun ghi li cc s kin ng nhp thnh cng hay tht bi? p dng cc mu bo mt (Security Templates) Lu Hon thnh bi tp ny trn tt c cc my tnh ca hc vin. N s cho php bn p dng cc mu bo mt c nh ngha t trc cho cc my tnh ca hc vin. 1. Chn Security Configuration And Analysis trong cy bng iu khin. 2. Trn thc n Action, chn Configure Computer Now. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 107
BO MT TRONG MNG 3. ng vi ng dn mc nh lu tr cc li gp phi khi p dng trong ca s Configure System, sau nhn OK. 4. Gi nguyn cc ca s bng iu khin ang m. Kim tra cc thit lp bo mt c nhp vo bng cch s dng MMC Snap-In Security Configuration And Analysis Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn so snh cc thit lp bo mt trn cc my tnh ca hc vin vi cc mu bo mt c nh ngha t trc. 1. Ch Security Configuration And Analysis trong cy bng iu khin. 2. Trn thc n Action, chn Analyze Computer Now. 3. ng vi ng dn mc nh lu tr cc li gp phi khi phn tch. 4. Trong cy bng iu khin, m Security Configuration And Analysis\Local Policies, v sau chn Audit Policy. 5. Trong ca s bn phi, tm Audit Logon Event. Ghi li cc thit lp vo bng di y Database Setting Computer Setting
6. Gi nguyn cc ca s bng iu khin ang m Cu hi Ti sao li c nh du mu xanh trn chnh sch Audit Logon Event? p dng li cc thit lp ca mu Setup Security Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php p dng li mu Setup Security my tnh ca tt c hc vin quay li trng thi c, sau khi bn p dng cc mu bo mt mi. 1. Chn Security Configuration And Analysis trong cy bng iu khin. 2. Trn thc n Action, chn Open Database m ca s Open Database. 3. Trong phn File Name, nhp setup security, sau nhn Open. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 108
BO MT TRONG MNG 4. Trong ca s Import Template, nhn Setup Security.inf, sau nhn Open. 5. Trn thc n Action, chn Configure Computer Now. 6. ng vi ng dn mc nh lu tr cc li gp phi khi p dng trong ca s Configure System, sau nhn OK. 7. ng bng iu khin Security
BI TP 5-3: GN QUYN CHO NGI S DNG

Thi gian hon thnh d kin: 5 pht Trong bi tp ny, bn s hc cch cu hnh v gn quyn cho ngi s dng (user right) trn my tnh s dng Windows Server 2003. Gn quyn ng nhp cc b (Logon Locally) Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn cu hnh quyn ca ngi s dng mt ti khon mi ca hc vin c th ng nhp cc b vo my tnh ca hc vin. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn). 2. Nhn Start, nhn Administrative Tools, sau nhn Active Directory Users And Computers. 3. Trong cy bng iu khin Active Directory Users And Computers, chn OU Students. 4. Trong cy bng iu khin Active Directory Users And Computers, nhn chut phi vo OU Students, nhn New, nhn User m ca s New Object - User. 5. Trong ca s New Object - User, trong phn First Name, nhp studentlogon. 6. Trong ca s New Object - User, phn User Logon Name, nhp studentlogon, sau nhn Next. 7. Trong phn Password v Confirm Pasword, nhp studentlogon, xa la chn User Must Change Password At Next Logon, nhn User Cannot Change Password, sau nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 109
BO MT TRONG MNG 8. Trong ca s New Object - User, nhn Finish kt thc qu trnh to ra ti khon mi. 9. ng bng iu khin Active Directory Users And Computers. 10. Nhn Start, nhn Administrative Tools, sau nhn Domain Controller Security Policy. 11. M Local Policies, bn di Security Setting. 12. Chn User Rights Assignment, v trong ca s bn phi nhn p vo Allow Logon Locally. 13. Trn trang Allow Logon Locally, nhn Add User Or Group. 14. Trong ca s Add User Or Group, nhn Browse. 15. Nhn nt Advanced trong ca s Select Users, Computers, Or Groups. 16. Nhn Find Now. 17. Chn ti khon studentlogon trong phn kt qu sau khi tm kim, sau nhn OK. 18. Nhn OK trong ca s Select Users, Computers, Or Groups. 19. Nhn OK trong hp thoi Add User Or Group. 20. Nhn OK ng ca s Allow Logon Locally Properties. 21. ng bng iu khin Domain Controller Security Policy.
BI TP 5-4: S DNG H THNG FILE M HA

Thi gian hon thnh d kin: 50 pht Trong bi thc hnh ny, bn s m ha v gii m th mc bng Windows Explorer v s dng tin ch dng lnh Cipher. Bn cng s hc cch thc hin EFS trong mt s tnh hung khc nhau, v bn cng s hc cch gn cc tc nhn phc hi trong Min. M ha v gii m File v th mc Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn thc hin m ha v gii m File v th mc bng Windows Explorer.
110
BO MT TRONG MNG 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn). 2. Nhn chut phi vo mn hnh, nhn New v chn Folder. 3. Nhp Encrypted Folder trong phn tn ca th mc va to ra. 4. Nhn p vo Encrypted Folder, bn va to ra trn mn hnh. 5. Trong ca s Encrypted Folder, nhn File, nhn New, v sau nhn Text Document. 6. Nhp encrypted File trong phn tn ca File mi, sau nhn ENTER. 7. Nhn chut phi vo Encrypted File, sau chn Properties. 8. Trong th General, nhn Advanced m ca s Advanced Atrributes. 9. Trong ca s Advanced Atrributes, nhn Encrypt Content To Secure Data, sau nhn OK. 10. Nhn OK ng ca s Encrypted File Properties. 11. Trong ca s Encryption Warning, chn Encrypt The File Only, sau nhn OK. 12. Lu tn File chuyn sang mu xanh l cy, biu th File c m ha. Cu hi Bn phi lm th no c th thay i mu biu th ca cc File chng t rng chng c m ha? 13. ng ca s Encrypted Folder. S dng Cipher m ha v gii m th mc Lu Hon thnh bi tp ny trn tt c cc my tnh ca hc vin. N s cho php bn m ha v gii m File v th mc bng tin ch Cipher. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn). 2. Nhn p vo th mc Encrypted Folder c to ra trn mn hnh.
111
BO MT TRONG MNG 3. Trong ca s Encrypted Folder, nhn File, nhn New v sau nhn Text Document. 4. Nhp ciphertext-unencrypted l tn ca File, gi nguyn th mc ang m ny. 5. Nhn Start, sau nhn Run m hp thoi Run. 6. Trong phn Open, nhp cmd sau nhn OK m ca s du nhc lnh 7. Ti du nhc lnh, nhp cd desktop chuyn ng dn ca du nhc lnh. 8. Ti du nhc lnh, nhp cd Encrypted Folder thay i ng dn ca du nhc lnh. 9. Ti du nhc lnh, nhp cipher. Ghi li kt qu v bng di y Attribute File Name
Cu hi Thuc tnh no cho bn bit v tnh trng m ha ca cc File? 10. Trong ca s Encrypted Folder, nhn File, nhn New, nhn Folder sau nhp encrypted-subfolder. 11. Ti du nhc lnh, nhp cipher /e /s:encrypted-subfolder. 12. Ti du nhc lnh, nhp cipher. Ghi li kt qu v bng di y Attribute File Name
13. Ti du nhc lnh, nhp cipher /e /s:encrypted-subfolder. 14. Ti du nhc lnh, nhp cipher. Ghi li kt qu v bng di y Attribute 15. ng tt c cc ca s ang m. Nng cp chc nng min TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 112 File Name
BO MT TRONG MNG Lu Hon thnh cng vic ny trn tt c cc my tnh hc vin vi cc s th t u tin. N s gip bn nng cp chc nng min cho Min ca bn. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn). 2. Nhn Start, chn Control Panel, sau nhn p Administrative Tools. 3. Nhn chut phi vo Active Directory Users And Computers, sau chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn The Following User, sau nhp cc thng s sau trong cc trng ca hp thoi m bng iu khin Active Directory Users And Computers: a. Trong phn User Name, administrator@domain.contoso.com ( y domain l tn Min ca bn). Trong phn Password, nhp MSPress@LS#1. nhp
b.
5. Nhn OK m bng iu khin Active Directory Users And Computers. 6. Trong cy bng iu khin, chn v nhy chut phi vo Domain.Contoso.Com ( y Domain l tn Min ca bn), sau nhn Raise Domain Function Level m ca s Raise Domain Function Level. 7. Chn Windows Server 2003 t la chn Select An Available Domain Function Level. 8. Nhn nt Raise nng cp chc nng ca min. 9. Nhn OK trong hp thoi Raise Domain Function Level Warning. 10. Nhn OK trong ca s Raise Domain Function Level. Cho php m ha t xa (Remote Encryption) Lu Hon thnh cng vic ny trn tt c cc my tnh hc vin vi cc s th t u tin. N s cho php bn m ha v gii m cc File v th mc bng cch m ha t xa.
113
BO MT TRONG MNG 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn). 2. Nhn Start, chn Control Panel, sau nhn p Administrative Tools. 3. Nhn chut phi vo Active Directory Users And Computers, sau chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn The Following User, sau nhp cc thng s sau trong cc trng ca hp thoi m bng iu khin Active Directory Users And Computers: a. Trong phn User Name, nhp administrator@domain.contoso.com ( y domain l tn Min ca bn) b. Trong phn Password, nhp MSPress@LS#1. 5. Nhn OK m bng iu khin Active Directory Users And Computers. 6. Trong cy bng iu khin, m Domain.contoso.com ( y Domain l tn Min ca bn) 7. Chn Domain Controller trong cy bng iu khin. 8. Trong khung ca s bn phi, nhn chut phi vo Computerxx ( y Computerxx l tn my tnh ca hc vin), sau nhn Properties m ca s Computerxx Properties. 9. Trong th Delegation, xc nhn thuc tnh Trust This Computer For Delegation To Any Service (Kerberos Only) c chn. 10.Nhn OK ng ca s Computer Properties. Lu Hon thnh cng vic di y trn tt c cc my tnh ca hc vin vi cc s hiu nh hn. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn). 2. Nhn chut phi vo mn hnh, nhn New, sau chn Folder. 3. Nhp remote encryption trong phn tn ca th mc. 4. Nhn chut phi vo th mc Remote Encryption, sau chn Properties. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 114
BO MT TRONG MNG 5. Nhn th Sharing, sau chn Share This Folder. 6. Nhp remote encryption trong phn Share Name. 7. Nhn nt Permission m ca s Permission For Remote Encrryption. 8. Chn hp la chn (check box) Allow On Full Control tng ng vi Permission For Everyone. 9. Nhn OK chp nhn thay i cc cp php. 10. Nhn th Security. 11. Nhn Add di Group Or User Names, sau nhn Advanced. 12. Nhn Find Now trong ca s Select Users, Computers, Or Groups. 13. Chn nhm EveryOne trong danh sch, sau nhn OK. 14. Nhn OK ln na ng ca s Select Users, Computers, Or Groups. 15. Trong ca s Remote Encryption Properties, chn Everyone, chn Full Control trong phn Permission For Everyone, sau nhn OK ng trang ny li. Lu Hon thnh cng vic ny trn cc my tnh ca hc vin c s hiu ln hn. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn). 2. Nhn Start, sau chn Run m ca s Run. 3. Trong phn Open, nhp \\10.1.1.xx\remote encryption ( y 10.1.1.xx l a ch IP ca my tnh ca hc vin vi cc s th t u tin). 4. Trong ca s Remote Folder trn computerxx, nhn File, nhn New, sau nhn Text Document. 5. Nhp remote encrypted.txt trong phn tn ca File. 6. Nhn chut phi vo File Remotely Encrypted, sau chn Properties. 7. Trong th General, nhn nt Advanced m ca s Advanced Attribute. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 115
BO MT TRONG MNG 8. Trong ca s Advanced Attribute, nhn la chn Encrypt Content To Secure Data, sau nhn OK. 9. Nhn OK ng ca s Remotely Encrypted.txt Properties. 10. Lu rng mu ca File Remotely Encrypted chuyn t mu en sang mu xanh l cy, chng t rng n c m ha. 11. ng ca s Remote Folder. Cu hnh tc nhn phc hi d liu cho mt OU Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn gn tc nhn phc hi d liu cho OU Students. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn). 2. Nhn Start, nhn Administrative Tools, sau nhn Active Directory Users And Computers. 3. Trong cy bng iu khin, chn Domain.Contoso.Com ( y Domain l tn Min ca bn). 4. Trong khung bn phi, nhn chut phi vo Students, sau chn Properties m ca s Students Properties. 5. Nhn th Group Policy m trang Current Group Policy Links For Students. 6. Nhn New, nhp data recovery agent, sau nhn ENTER. 7. Nhn Edit m ca s Group Policy Object Editor. 8. Trong ca s Group Policy Object Editor, m Computer Configuration \Windows Settings\Security Settings\ Public Key Policies, sau chn Encrypting File System. Cu hi bn phi? ang c bao nhiu chnh sch EFS trong khung ca s
9. Gi nguyn bng iu khin Active Directory Users And Computers. 10. Nhn Start, nhn Run m hp thoi Run. 11. Trong phn Open, nhp mmc, sau nhn OK m ca s Console1. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 116
BO MT TRONG MNG 12. Trn thc n File, chn Add/Remove Snap-In m hp thoi Add/Remove Snap-In. 13. Nhn Add. 14. Trong danh sch cc snap-in c sn, chn Certificates, sau nhn Add. 15. Trong ca s snap-in Certificates, chn My User Account, sau nhn Finish. 16. Nhn Close ng ca s Add Standalone Snap-In, sau nhn OK. 17. Trn thc n File, chn Save As. 18. Trong ca s Save As, nhn chn biu tng desktop, sau trong phn tn File nhp certificates, sau nhn Save. 19. Gi nguyn cc bng iu khin ang m. Xut Certificate (Giy chng nhn) ca tc nhn phc hi d liu Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn gn tc nhn phc hi d liu cho OU Students. 1. Trong bng iu khin Certificate, m Certificates-Current User\ Personal, sau chn Certificates. 2. Trong khung bn phi, tm Administrator trong ct Issued To, sau tm File Recovery trong ct Intended Purposes. 3. Nhn chut phi vo Certificate ny, nhn All Tasks, sau nhn Export m trang Certificate Export Wizard. 4. Trn trang Certificate Export Wizard, nhn Next. 5. Xc nhn li la chn No, Do Not Export The Private Key c chn, sau nhn Next. 6. Xc nhn li la chn DER Encoded Binary X.509 (.CER) c chn, sau nhn Next. 7. Nhn nt Browse m ca s Save As. 8. Nhn biu tng desktop trong ca s Save As, sau trong phn File Name nhp data recovery certificate, sau nhn Save. 9. Trn trang File To Export, nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 117
BO MT TRONG MNG 10. Nhn Finish trn trang Completing The Certificate Export Wizard. 11. Trong hp thoi biu th qu trnh Export thnh cng, nhn OK. Gn tc nhn phc hi d liu cho OU Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn gn tc nhn phc hi d liu cho OU Students. 1. Trong ca s Group Policy Object Editor ca OU Students, m Computer Configuration\ Windows Settings\ Security Settings\ Public Key Policies, sau chn Encrypting File System. 2. Nhn chut phi vo Encrypting File System, sau chn Add Data Recovery Agent m trang Add Recovery Agent Wizard. 3. Trn trang Welcome To The Add Recovery Agent Wizard, nhn Next m trang Select Recovery Agents. 4. Trn trang Select Recovery Agents, nhn nt Browse Folders. 5. Nhn biu tng Desktop bn tri, nhn File Data Recovery Certificate.cer, sau nhn Open. 6. Trong ca s Add Recovery Agent, nhn Yes ci t certificate. 7. Trn trang Select Recovery Agents, nhn Next. 8. Trn trang Completing The Add Recovery Agent Wizard, nhn Finish. 9. ng tt c cc ca s m.
BI TP 5-5: CI T V CU HNH MICROSOFT BASELINE SECURITY ANALYZER (MBSA)

Thi gian hon thnh d kin: 10 pht Lu hon thnh bi thc hnh ny, bn phi download MBSA t th mc chia s ca ngi hng dn. (Bn c th vo trang web http://www.microsoft .com/downloads tm kim thm thng tin v cng c ny). TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 118
BO MT TRONG MNG Trong bi thc hnh ny, bn s hc cch ci t v cu hnh MBSA v Mbsacli. Bn cng s s dng c hai giao din ny qut cc l hng bo mt trn my tnh ca bn. Ci t MBSA Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn ci t MBSA trn cc my tnh ca hc vin ca bn. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn). 2. Nhn p vo File Mbsasetup.msi m Microsoft Baseline Security Analyzer Setup Wizard. 3. Trn trang Welcome, nhn Next. 4. Trn trang License Agreement, c k v phn bn quyn, sau nhn Accept The License Agreement nu bn ng vi cc iu khon. (Nu bn khng ng vi cc diu khon, bn s khng th tip tc ci t). Nhn Next tip tc ci t. 5. Nhn Next chp nhn cc thit lp mc nh. 6. Trn trang Destination Folder, nhn Next chp nhn th mc ci t mc nh. 7. Trn trang Choose Install Options, xa cc hp chn Place Shortcut On The Desktop, Show Readme File After Installation, v Launch Application After Installation, sau nhn Next. 8. Trn trang Select Features, nhn Next chp nhn cc thit lp mc nh. 9. Trn trang Ready To Install The Application, nhn Next bt u qua trnh ci t. Khi qu trnh ci t kt thc, trang Microsoft Baseline Security Analyzer Has Been Successfully Installed xut hin. 10. Nhn Finish ng wizard. Qut my tnh vi MBSA Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn qut my tnh ca bn vi MBSA pht hin ra cc l hng bo mt. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 119
BO MT TRONG MNG 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn). 2. Nhn Start, ch vo All Programs, sau nhn Microsoft Baseline Security Analyzer m ca s Microsoft Baseline Security Analyzer. 3. Trong khung bn tri, nhn lin kt Pick A Computer To Scan m trang Pick A Computer To Scan trong khung bn phi. Theo mc nh MBSA c cu hnh qut my tnh cc b. 4. Nhn lin kt Start Scan cui trang cho php MBSA bt u qut my tnh; khi kt thc, n s hin th kt qu trong trang View Security Report. 5. ng ca s MBSA. Cu hi Lit k mt s l hng bo mt tim n ca my tnh ca bn c a ra bi MBSA. S dng Mbsacli.exe Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn s dng tin ch Mbsacli qut my tnh ca bn nhm pht hin cc l hng bo mt. nhn c tt c cc phn hi, my tnh ca hc vin phi truy cp c vo Internet. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn) 2. Nhn Start, sau nhn Run m ca s Run. 3. Trong phn Open, nhp cmd, sau nhn OK. 4. Trong ca s du nhc lnh, ti du nhc lnh, nhp cd\, sau nhn ENTER. 5. Ti du nhc C:, nhp cd c:\program files\microsoft baseline security analyzer. 6. Ti du nhc C:\Program Files\Microsoft Baseline Security Analyzer, nhp mbsacli /? . Cu hi tin ch Mbsacli.exe c m t nh th no? 7. Ti du nhc C:\Program Files\Microsoft Baseline Security Analyzer, nhp mbsacli, sau nhn ENTER. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 120
BO MT TRONG MNG Ghi kt qu sau khi thc hin lnh trn vo di y: ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ _____________________________________________ 8. ng ca s du nhc lnh.
CU HI N TP
1. Bn c th cho php thc hin kim sot cc s kin bo mt u? 2. Lm th no cc vn bn ca ngi s dng lu tr trn my ch trn mng c th m ha c? 3. Bn hy ch ra mt s phng thc m ha File trn my cc b hoc trn mng hoc c hai? 4. a ra tn ca ba la chn thm (switch) khi bn s dng tin ch Mbsacli? 5. iu g xy ra khi bn chy tin ch Mbsacli m khng c tham bin no?
THC HNH NNG CAO 5-1: LP K HOCH BO MT CHO WINGTIP TOYS

Thi gian hon thnh d kin: 30 pht Bn l qun tr mng cho Wingtip Toys, v bn c yu cu nng cp bo mt cho domain ca bn. C th, bn phi m ha th mc Profits, c t trong C: ca bn, (bn cn to ra th mc Profits). Ch nh cc my tnh thnh vin cn thit l tc nhn phc hi. Ngoi ra bn phi so snh cc thit lp bo mt hin thi vi mu bo mt Hisecdc c nh ngha t trc; bn s thc hin vic ny t dng lnh. Khi bn hon thnh vic so snh, p dng mu bo mt nh ngha trc c cp bo mt trung bnh, t cho php bn vn c th trao i thng tin vi cc my trm dng h iu hnh trc Windows 2000.
121
S DNG IPSEC BO MT LU THNG MNG
THC HNH 6: S DNG IPSEC BO MT LU THNG MNG

Bi thc hnh ny bao gm cc bi tp v hot ng sau: Bi tp 6-1: S dng IPSec kha cc lu thng TCP/IP Bi tp 6-2: S dng IPSec m ha cc lu thng FTP Bi tp 6-3: Qun l cc chnh sch IPSec Bi tp 6-4: Theo di v khc phc s c IPSec Bi tp 6-5: D b cc chnh sch IPSec Cc cu hi n tp Thc hnh nng cao 6-1: S dng IPSec bo v d liu HTTP
KCH BN
Bn l qun tr mng cho Cng ty thng mi ABC Ltd. Bn ci t v trin khai hai my ch Web s dng IIS 6 dnh cho cc nhn vin ca cng ty s dng. Cc my ch Web ni b ny s phc v Site FTP ca ring cng ty v ch c mt s ngi dng nht nh trong cng ty s dng vi mc ch lu tr v phc hi cc d liu bo mt v ring t ca cng ty. Bn cn chc chn rng ch c cc lu thng FTP trn mng v cc lu thng ny cn c m ha trong qu trnh truyn thng tin trn mng. Sau khi hon thnh bi thc hnh ny, bn c kh nng: S dng IPSec Qun l v Bo mt cc lu thng mng. Theo di v Khc phc s c cc lu thng v kt ni IPSec Thi gian d kin: 130 pht
BI TP 6-1: S DNG IPSEC KHA CC LU THNG TCP/IP

Thi gian d kin: 30 pht Bn lo ngi rng cc nhn vin ca cng ty s truy nhp cc my ch FTP vi cc phng thc khng an ton. Bn mun m bo rng h s khng s dng Web Distributed Authoring and Versioning (WebDAV) a trn HTTP hay s dng HTTP truy nhp my ch Web bng cc lin lc TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 122
S DNG IPSEC BO MT LU THNG MNG khng bo mt. Trong bi tp ny, bn cn cu hnh cc chnh sch IPSec kha ton b cc lu thng HTTP ti my ch FTP t ti phng Research
Ci t cc dch v WWW v FTP

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N s cho php bn ci t dch v FTP trn my ch ca bn chy Microsoft Windows Server 2003. Bi tp s xc nhn rng bn c th lin lc vi my tnh ca i tc bng cc giao thc HTTP v FTP 1. Khi ng my tnh chy Windows Server 2003 ca bn v ng nhp vo Min Domain vi User Name l StudentXX, v Domain l tn min ca bn. 2. Nhn Start, v chn Control Panel. 3. Trong khi gi phm SHIFT, nhn chut phi vo Add Or Remove Programs, sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn ty chn The Following User, v nhp cc thng s ng nhp sau trong cc trng ca hp thoi m ca s Add Or Remove Programs: a. Trong hp User Name, nhp administrator@domain (trong domain l tn min ca bn). b. Trong hp Password, nhp MSPress@LS#l. 5. Trong ca s Add Or Remove Programs, nhn Add/Remove Windows Components. 6. Trong Windows Components Wizard, bn di Components, chn ty chn Application Server, v nhn nt Details. 7. Trong ca s Application Server, chn Internet Information Services (US), v nhn nt Details. 8. Trong ca s Internet Information Services (US), nh du vo hp kim tra File Transfer Protocol (FTP) Service v World Wide Web Service, v nhn OK. 9. Trong ca s Application Server window, nhn OK. 10. Trong Windows Components Wizard, nhn Next. 11. Nu c hi v v tr cc File ci t, cho a ci t Windows Server 2003 vo CD-ROM, v nhn OK. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 123
S DNG IPSEC BO MT LU THNG MNG 12. nhn Finish trong ca s Completing The Windows Components Wizard. 13. ng tt c cc ca s ang m.
Cu hnh cc dch v WWW v FTP

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N s cho php bn cu hnh cc dch v WWW v FTP trn cc my ch ca bn chy Windows Server 2003. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. nhn Start, tr ti All Programs, chn Accessories, v nhn Notepad m Microsoft Notepad. 3. Trong ca s Untitled - Notepad, nhp on vn bn sau: <htm1> <head> <tit1e>We1come to the World Wide Web</title> </head> <body> This is the default page for the World Wide Web service! ! </body> </htm1> 4. Trong ca s Untitled - Notepad, nhn File, sau d nhn Save As. 5. Trong ca s Save As, nhn My Computer, v sau duyt n th mc C:\Inetpub\Wwwroot 6. Trong ca s Save As, trong hp File Name, nhp default.htm, v nhn Save lu file Default.htm vo th mc C:\Inetpub\Wwwroot. 7. Trong ca s Default.htm - Notepad, nhp dng sau y vo mt dng mi: This is a File that is stored in the FTP directory. 8. Trong ca s Default.htm - Notepad, nhn File, v sau nhn Save As. 9. Trong ca s Save As, nhn My Computer, v sau duyt n th mc C:\Inetpub\Ftproot.
124
S DNG IPSEC BO MT LU THNG MNG 10. Trong ca s Save As, trong hp File Name, nhp ftpfile, v nhn Save lu file Ftpfile.txt vo th mc C:\Inetpub\Ftproot 11. ng ca s Notepad. 12. nhn Start, tr ti All Programs, v nhn Internet Explorer. 13. Trong thanh a ch ca Microsoft Internet Explorer, nhp http://computerxx v sau nhn ENTER (trong Computerxx l tn my tnh ca i tc nu bn c hi v cc thng tin ng nhp, hy s dng ti khon Administrator trn my tnh i tc v mt khu tng ng) CU HI Trang no xut hin trong ca s Internet Explorer? 14. Trong thanh a ch ca Microsoft Internet Explorer, nhp ftp://computerxx' v nhn ENTER CU HI File no xut hin trong ca s Internet Explorer? 15. ng tt c cc ca s ang m.
To bng iu khin MMC IPSec

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N cho php bn to ra MMC c cha snap-ins IPSec. Bn s s dng n to v gn cc chnh sch IPSec cho cc my ch chy Windows Server 2003. 1. Khi ng my tnh chy Windows Server 2003 ca bn, v ng nhp vi tn Administrator@Domain (trong domain l tn min ca bn). 16. nhn Start, nhn Run, trong hp Open, nhp mmc, v nhn ENTER m MMC. 17. thm snap-in vo bng iu khin, nhn the thc n File, v nhn Add/Remove Snap-In. 18. Trong ca s Add/Remove Snap-In, nhn nt Add. 19. Trong ca s Add Standalone Snap-In, nhn IP Security Policy Management, v nhn Add. 20. Trong ca s Select Computer Or Domain, nhn Local Computer, v nhn Finish. 21. Trong ca s Add Standalone Snap-In, nhn Close. 22. Trong ca s Add/Remove Snap-In, nhn OK. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 125
S DNG IPSEC BO MT LU THNG MNG 23. trn thanh thc n, nhn File, nhn Save As, v nhn Desktop. 24. Trong hp File Name, nhp ipsec, v nhn Save. 25. ng tt c cc ca s ang m.
Xem cc thng s thng k IPSec

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin.N cho php bn xem cc thng s thng k IPSec trn my ch ca bn chy Windows Server 2003. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@Domain (trong domain l tn min ca bn). 2. Nhn Start, nhn Run, trong hp Open, nhp cmd, n nhn ENTER. 3. Ti du nhc lnh, nhp netsh ipsec dynamic show all, v nhn ENTER. CU HI C chnh sch IPSec no c gn cho my tnh ny? 4. ng tt c cc ca s ang m.
To v Gn Chnh sch Kha (Block) IPSec

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. C th s dng cc chnh sch IPSec kha cc lu thng da trn giao thc IP nht nh. Cc chnh sch ny tng t nh chc nng to b lc gi tin. N cho php bn to v gn chnh sch IPSec m kha cc lu thng HTTP n my ch chy Windows Server 2003. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@Domain (trong domain l tn min ca bn). 2. Trn mn hnh nn ca my tnh, nhn p chut vo Ipsec.msc m bng iu khin IPSec. 3. Trn cy bng iu khin IPSec, chn IP Security Policies On Local Computer, nhn thc n Action, v nhn Create IP Security Policy khi ng IP Security Policy Wizard. 4. Trn trang Welcome, nhn Next. 5. Trn trang IP Security Policy Name, trong hp Name, nhp block http traffic, v nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 126
S DNG IPSEC BO MT LU THNG MNG 6. Trn trang Requests For Secure Communication, xa ty chn Activate The Default Response Rule, v nhn Next. CU HI Vic v hiu ha Lut p Mc nh nhm mc ch g? 7. Trn trang Completing The IP Security Policy Wizard, nhn Finish. Trang Block HTTP Traffic Properties xut hin. 8. Trong th Rules ca trang Block HTTP Traffic Properties, xa ty chn Use Add Wizard, v nhn nt Add. 9. Trong th IP Filter List ca trang New Rule Properties, nhn nt Add. Trang IP Filter List xut hin. 10. Trn trang IP Filter List page, trong hp Name, nhp blocking http, xa ty chn Use Add Wizard, v nhn nt Add thm b lc. 11. Trong trang IP Filter Properties, trn danh sch x Source Address chn Any IP Address. 12. Trong trang IP Filter Properties, ti danh sch x Destination Address, chn My IP Address, v nhn th Protocol. 13. Trong th Protocol ca trang IP Filter Properties, Trong danh sch x Select A Protocol Type, chn TCP. 14. Trong th Protocol ca trang IP Filter Properties, trong phn Set The IP Protocol Port, nhn ty chn To This Port, nhp 80, v nhn OK. CU HI ti sao vic chn cng 80 l ng? 15. Trn trang IP Filter List, nhn OK xc nhn cc thng s chn. 16. Trong th IP Filter List ca trang New Rule Properties, chn ty chn Blocking HTTP t danh sch, v nhn th Filter Action. CU HI hnh ng b lc thc hin vic g? 17. Trn trang New Rule Properties, xa ty chn Use Add Wizard, v nhn nt Add thm hnh ng b lc. 18. Trong th Security Methods ca trang Filter Actions Propertie, chn ty chn Block. 19. Trong th General ca trang New Rule Filter Actions Properties, nhp block cho tn ca b lc, v nhn OK. 20. Trn trang New Rule Properties, chn th IP Filter List, v nhn Blocking HTTP t phn IP Filter Lists. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 127
S DNG IPSEC BO MT LU THNG MNG 21. Trong th Filter Action ca trang New Rule Properties, chn ty chn Block t danh sch Filter Actions, nhn Apply, v nhn OK. 22. Trn trang Block HTTP Traffic Properties, Kim tra xem ty chn Blocking HTTP c la chn, v nhn OK kt thc vic to chnh sch IPSec. 23. Trong khung chi tit ca bng iu khin IPSec, ti ct Name, nhn chut phi vo chnh sch Block HTTP Traffic IPSec, v nhn Assign. 24. ng bng iu khin v khng lu cc thay i khi c nhc.
Xc nhn vic gn Chnh sch IPSec

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N cho php bn xem cc thng s thng k IPSec trn my ch ca bn chy Windows Server 2003. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@Domain (trong domain l tn min ca bn). 2. Nhn Start, nhn Run, v trong hp Open, nhp cmd, v nhn ENTER. 3. Ti du nhc lnh, nhp netsh ipsec dynamic show all, v nhn ENTER. CU HI C chnh sch IPSec no c gn cho my tnh ny? (hng dn: Quan st ca s du nhc lnh) 4. ng tt c cc ca s ang m.
Th nghim Chnh sch Kha IPSec

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N s cho php bn th cc lin lc HTTP v FTP gia my tnh ca bn v my ch ca i tc. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@Domain (trong domain l tn min ca bn). 2. Nhn Start, tr ti All Programs, v nhn Internet Explorer. 3. Trong thanh a ch ca Internet Explorer, nhp http://computerxx (trong Computerxx l tn my tnh ca i tc), v nhn ENTER. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 128
S DNG IPSEC BO MT LU THNG MNG CU HI Trang no xut hin ti ca s Internet Explorer? 4. Trong thanh a ch ca Internet Explorer, nhp ftp://computerxx (trong Computerxx l tn my tnh ca i tc), v nhn ENTER. CU HI Trang no xut hin ti ca s Internet Explorer? 5. Nhn p chut ln Ipsec.msc trn mn hnh nn my tnh ca bn, chn IP Security Policies On Local Computer trong khung phm vi v chn chnh sch Block HTTP Traffic IPSec. 6. Trong khung Chi tit, nhn chut phi vo chnh sch IPSec, v chn Unassign t thc n ng cnh. 7. ng tt c cc ca s ang m.
BI TP 6-2: S DNG IPSEC M HA CC LU THNG FTP

Thi gian d kin: 30 pht Bn cn kch hot vic bo mt cc truy nhp FTP dnh cho mt nhm cc ngi dng trn mng ca cng ty. Cc ngi dng mng ny s chuyn cc d liu ln cc my ch FTP ca phng Pht trin Sn phm. bn lo ngi v vic thiu tnh bo mt khng ch trn cc thng s ng nhp m cn vi cc d liu c vn chuyn trn mng. Trong Bi tp ny, bn phi xc nhn rng c d liu vn chuyn trn mng v cc thng s ng nhp n my ch FTP l c bo mt.
Cu hnh dch v FTP

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. This will allow you to configure the FTP service on your server computer that runs Windows Server 2005. 1. Khi ng my tnh chy Windows Server 2003 ca bn v ng nhp vo Min Domain vi User Name l StudentXX, v Domain l tn min ca bn. 2. Nhn Start, v chn Control Panel. 3. Trong khi gi phm SHIFT, nhn chut phi vo Add Or Remove Programs, sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn ty chn The Following User, v nhp cc thng s ng nhp sau trong cc trng ca hp thoi m ca s Add Or Remove Programs: TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 129
S DNG IPSEC BO MT LU THNG MNG a. Trong hp User Name, nhp administrator@domain (trong domain l tn min ca bn). b. Trong hp Password, nhp MSPress@LS#l. 5. Trong cy bng iu khin Internet Information Services (US) Manager m rng Computerxx ( y Computerxx l tn my tnh ca hc vin), v m rng Site FTP. 6. Chn Default FTP Site, nhn thc n Action, v nhn Properties m ca s Default FTP Site Properties. 7. Trong ca s Default FTP Site Properties, nhn th Security Accounts. 8. Trong th Security Accounts, chc chn rng ty chn Allow Anonymous Connections c xa, v nhn OK. 9. Trong hp thoi cnh bo US Manager, nhn Yes tip tc. 10. Trong th Home Directory trong ca s Default FTP Site Properties di phn FTP Site Directory, chn hp kim tra Write. 11. Nhn OK chp nhn cc thay i. 12. ng tt c cc ca s ang m.
Ci t Network Monitor
QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N cho php bn c th ci t Network Monitor trn my ch chy Windows Server 2003. Trnh Network Monitor ny s c s dng thm st cc gi tin mng m my ch ca bn nhn c. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, chn Control Panel, v nhn Add Or Remove Programs. 3. Trong ca s Add Or Remove Programs, nhn Add/Remove Windows Components. 4. Trn trang Windows Components, di Components, chn ty chn Management And Monitoring Tools, v nhn nt Details. 5. Trong ca s Management And Monitoring Tools, chn hp kim tra Network Monitor Tools, v nhn OK. 6. Trn trang Windows Components, nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 130
S DNG IPSEC BO MT LU THNG MNG 7. Nu c hi v v tr cc File ci t, cho a ci t Windows Server 2003 vo CD-ROM, v nhn OK. 8. Trn ca s Completing The Windows Components Wizard, nhn Finish. 9. ng tt c cc ca s ang m.
Thu thp cc thng tin ng nhp dng tng minh

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N cho php bn chp cc thng s ng nhp ang c s dng m phin lm vic vi dch v FTP. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, chn Administrative Tools, v nhn Network Monitor. 3. Nu c nhc la chn mng, chn giao tip mng ABC Ltd, v nhn OK. 4. Trong ca s Microsoft Network Monitor, nhn Capture t thanh thc n, v nhn Start. 5. Nhn Start, tr ti All Programs, v nhn Internet Explorer. 6. Trong thanh a ch ca Microsoft Internet Explorer, nhp http://computerxx v sau nhn ENTER (trong Computerxx l tn my tnh ca i tc). 7. Trong ca s Log On As, nhp cc thng s ng nhp sau: a. Trong hp User Name, nhp administrator. b. Trong hp Password, nhp MSPress@LS#l. 8. Trong ca s Log On As, nhn nt Log On. QUAN TRNG Ch cho i tc ca bn hon thnh cc bc trn trc khi ngng thu thp thng tin ( capture). 9. Trong ca s Microsoft Network Monitor, nhn Capture t thanh thc n, v nhn Stop And View. 10. Trong ca s Microsoft Network Monitor, trong ca s Capture: 1 (Summary), nhn Display t thanh thc n, v nhn Filter. 11. Trong ca s Display Filter, nhn ty chn Protocol = = Any, v nhn Edit Expression. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG 131 VI WINDOWS SERVER 2003
S DNG IPSEC BO MT LU THNG MNG 12. Trong th Protocol ti ca s Expression, nhn nt Disable All. 13. Trong phn Disabled Protocols, chn FTP, nhn nt Enable, v nhn OK. 14. Trong ca s Display Filter, nhn OK. 15. Trong ct Description, nh v ti khon ngi dng s dng ng nhp vo my ch FTP (Hng dn: Tm kim administrator v Password trong ct m t.). ghi li kt qu vo di y: a. User: _________________ b. Password: _______________ CU HI Ti sao cc thng s ng nhp li dng tng minh? 16. ng ca s Microsoft Network Monitor. 17. Trong hp thoi Microsoft Network Monitor, khi c nhc lu cc d liu ac thu thp c, nhn No.
Thu thp cc d liu FTP dng tng minh

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. This will allow you to Start Network Monitor and capture clear-text FTP data on your server computer that runs Windows Server 2005. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn chut phi vo khong trng trn mn hnh nn ca bn, chn New, v nhn Text Document. 3. nhp tn File, g unencryptedfile.txt. 4. Nhn p vo UnencryptedFile.txt m n trong Notepad. 5. Trong File UnencryptedFile.txt, g here is my clear text. 6. Nhn File t thanh thc n, nhn Exit, v khi c nhc lu cc thay i nhn, nhn Yes. 7. Nhn Start, nhn Administrative Tools, v nhn Network Monitor. 8. Nu c nhc la chn giao tip mng, chn giao tip mng ABC Ltd, v nhn OK.
132
S DNG IPSEC BO MT LU THNG MNG 9. Trong ca s Microsoft Network Monitor, nhn Capture t thanh thc n, v nhn Start. 10. Nhn Start, tr ti All Programs, v nhn Internet Explorer. 11. Trong thanh a ch ca Microsoft Internet Explorer, nhp http://computerxx v sau nhn ENTER (trong Computerxx l tn my tnh ca i tc).. 12. Trong ca s Log On As, nhp cc thng s ng nhp sau: c. Trong hp User Name, nhp administrator. d. Trong hp Password, nhp MSPress@LS#l. 13. Trong ca s Log On As, nhn nt Log On. 14. Ko file UnencryptedFile.txt vo ca s Internet Explorer c a ch Ftp://Computerxx (trong Computerxx l tn my tnh ca i tc)., v nhn Copy Here. QUAN TRNG Ch cho i tc ca bn hon thnh cc bc trn trc khi ngng thu thp thng tin ( capture) 15. Trong ca s Microsoft Network Monitor, nhn Capture t thanh thc n, v nhn Stop And View. 16. Trong ca s Microsoft Network Monitor, trong ca s Capture: 1 (Summary), nhn Display t thanh thc n, v nhn Filter. 17. Trong ca s Display Filter, nhn ty chn Protocol = = Any, v nhn Edit Expression. 18. Trong th Protocol ti ca s Expression, nhn nt Disable All. 19. Trong phn Disabled Protocols, chn FTP, nhn nt Enable, v nhn OK. 20. Trong ca s Display Filter, nhn OK. 21. Trong mn hnh Microsoft Network Monitor, ti ca s Capture: 1 (Summary), Trong ct Description, nh v UnencryptedFile.txt. CU HI c phi l tn file bn va chuyn n my ch bng FTP?
To Chnh sch IPSec m ha d liu gia hai my tnh

QUAN TRNG Hon thnh tc v ny trn my tnh hc vin c s hiu nh hn. Khi cu hnh IF5ec, my tnh ny s ng vai tr mt my chu IPSec. Tc v ny cho php bn bt u qu trnh bo v TRIN KHAI, QUN TR V DUY TR C S H TNG MNG 133 VI WINDOWS SERVER 2003
S DNG IPSEC BO MT LU THNG MNG cc lu thng FTP bng IF'Sec. Dnah sch IP Filter List bn to ra s gip cc my tnh bo v ch cc lu thng chn, trong trng hp ny l cc lu thng FTP. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Trn mn hnh nn ca my tnh, nhn p chut ln Ipsec.msc m bng iu khin IPSec. 3. Trong bng iu khin IPSec, nhn chut phi ln IP Security Policies On Local Computer, v chn Create IP Security Policy. Trnh hng dn IP Security Policy Wizard uc m. 4. Trn trang Welcome To The IP Security Policy Wizard, nhn Next. 5. Trn trang IP Security Policy Name, trong hp Name, nhp EncryptFTP, v nhn Next. 6. Trn trang Request For Secure Communication, xa ty chn Activate The Default Response Rule, v nhn Next. 7. Trn trang Completing The IP Security Policy Wizard, nhn Finish. 8. Trn trang EncryptFTP Properties, trong th Rules, m bo rng hp kim tra Use Add Wizard c la chn, v nhn Add thm lut mi. 9. Trn trang Welcome To The Create IP Security Rule Wizard, nhn Next. 10. Trn trang Tunnel Endpoint, xc nhn rng ty chn This Rule Does Not Specify A Tunnel c chn, v nhn Next. 11. Trn trang Network Type, xc nhn rng ty chn All Network Connections c chn, v nhn Next. CU HI Vic la chn ty chn All Network Connections s thc hin vic g? 12. Trn trang IP Filter List, nhn Add thm danh sch b lc. 13. Trn trang IP Filter List, nhp ftp (negotiate), Chc chn rng hp kim tra Use Add Wizard c chn, v nhn Add thm b lc. Trnh hng dn IP Filter Wizard c m. 14. Trn trang Welcome To The IP Filter Wizard, nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 134
S DNG IPSEC BO MT LU THNG MNG 15. Trn trang IP Filter Description And Mirrored Property, trong hp Description, nhp ftp encryption filter, v nhn Next. 16. Trn trang IP Traffic Source, trong danh sch x Source Address, chn Any IP Address, v nhn Next. 17. Trn trang IP Traffic Destination, trong danh sch x Destination Address, chn My IP Address, v nhn Next. 18. Trn trang IP Protocol Type, Trong danh sch x Select A Protocol Type, nhn TCP, v nhn Next. 19. Trn trang IP Protocol Port, chn ty chn To This Port, trong hp To This Port, nhp 21, nhn Next, v nhn Finish. CU HI Ti sao cng 21 c s dng? 20. Trong hp thoi IP Filter List, nhn OK tr v trang IP Filter List. 21. Trn trang IP Filter List, chn ty chn FTP (Negotiate), v nhn Next. 22. Trn trang Filter Action, chn ty chn Require Security, v nhn Next. 23. Trn trang Authentication Method, xc nhn rng ty chn Active Directory Default (Kerberos V5 Protocol) c la chn, v nhn Next. 24. Trn trang Completing The Security Rule Wizard, xa ty chn Edit Properties, v nhn Finish. 25. Trn trang EncryptFTP Properties, xa ty chn Use Add Wizard, v nhn OK kt thc qu trnh to lut mi. 26. Trong khung chi tit ca bng iu khin MMC IPSec, Trong ct Name, nhn chut phi ln EncryptFTP IPSec Policy, v nhn Assign. 27. ng tt c cc ca s ang m.
Xa trng thi IKE (Internet Key Exchange): Khi ng li dch v IPSec Policy Agent
QUAN TRNG Hon thnh tc v ny trn my tnh hc vin c s hiu nh hn. N cho php bn dng v khi ng li dch v Policy Agent chc chn rng b lc IPSec l c kch hot.
135
S DNG IPSEC BO MT LU THNG MNG 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, nhn Run, trong hp Open, nhp cmd, v nhn ENTER. 3. Ti du nhc lnh, nhp net stop policyagent, v nhn ENTER dng cc dch v lin quan n IPSec. 4. Ti du nhc lnh, nhp net start policyagent, v nhn ENTER khi ng li cc dch v lin quan n IPSec. 5. Ti du nhc lnh, nhp exit, v nhn ENTER ng ca s du nhc lnh.
Thu thp cc thng tin ng nhp v d liu m ha

QUAN TRNG Hon thnh tc v ny trn my tnh hc vin c s hiu nh hn. N s cho php bn thu thp cc gi tin do giao tip mng trn my tnh hc vin nhn c. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, nhn Administrative Tools, v nhn Network Monitor. 3. Trong ca s Microsoft Network Monitor, nhn Capture t thanh thc n, v nhn Start. QUAN TRNG Hon thnh cc tc v sau trn my tnh hc vin c s hiu ln hn. N s cho php bn cu hnh my tnh hc vin ng vai tr nh l mt my khch IP'Sec. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Trn mn hnh nn ca my tnh, nhn p chut vo Ipsec.msc m bng iu khin IPSec. 3. Trong khung phm vi ca bng iu khin IPSec, nhn p chut ln IP Security Policies On Local Computer, nhn chut phi vo chnh sch Client (Respond Only) IPSec, v nhn Assign. 4. ng tt c cc ca s ang m. 5. Nhn Start, nhn Run, trong hp Open, nhp cmd, v nhn ENTER. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 136
S DNG IPSEC BO MT LU THNG MNG 6. Ti du nhc lnh, nhp net stop policyagent, v nhn ENTER dng cc dch v lin quan n IPSec. 7. Ti du nhc lnh, nhp net start policyagent, v nhn ENTER khi ng li cc dch v lin quan n IPSec. 8. Ti du nhc lnh, nhp exit, v nhn ENTER ng ca s du nhc lnh. 26. Nhn chut phi vo khong trng trn mn hnh nn ca bn, chn New, v nhn Text Document. 9. nhp tn File, g Encryptedfile.txt. 10. Nhn p vo EncryptedFile.txt m n trong Notepad. 11. Trong File EncryptedFile.txt, g here is my encrypted data. 12. Nhn File t thanh thc n, nhn Exit, v khi c nhc lu cc thay i, nhn Yes. 13. Nhn Start, nhn Administrative Tools, v nhn Network Monitor. 14. Nu c nhc la chn giao tip mng, chn giao tip mng ABC Ltd, v nhn OK. 15. Trong ca s Microsoft Network Monitor, nhn Capture t thanh thc n, v nhn Start. 16. Nhn Start, tr ti All Programs, v nhn Internet Explorer. 17. Trong thanh a ch ca Microsoft Internet Explorer, nhp http://computerxx v sau nhn ENTER (trong Computerxx l tn my tnh ca i tc).. 18. Trong ca s Log On As, nhp cc thng s ng nhp sau: a. Trong hp User Name, nhp administrator. b. Trong hp Password, nhp MSPress@LS#l. 19. Trong ca s Log On As, nhn nt Log On. 20. Ko file EncryptedFile.txt vo ca s Internet Explorer c a ch Ftp://Computerxx (trong Computerxx l tn my tnh ca i tc)., v nhn Copy Here. QUAN TRNG Hon thnh tc v ny trn my tnh hc vin c s hiu nh hn. N s cho php bn thu thp cc gi tin do giao tip mng trn my tnh hc vin nhn c. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 137
S DNG IPSEC BO MT LU THNG MNG 1. Trong ca s Microsoft Network Monitor, nhn Capture t thanh thc n, v nhn Stop And View. 2. Trong ca s Microsoft Network Monitor, trong ca s Capture: 1 (Summary), nhn Display t thanh thc n, v nhn Filter. 3. Trong ca s Display Filter, nhn ty chn Protocol = = Any, v nhn Edit Expression. 4. Trong th Protocol ti ca s Expression, nhn nt Disable All. 5. Trong phn Disabled Protocols, chn FTP, nhn nt Enable, v nhn OK. 6. Trong ca s Display Filter, nhn OK. CU HI C thu c bt c gi tin no s dng giao thc FTP khng? Ti sao? 7. Trong Microsoft Network Monitor, ti ca s Capture: 1 (Summary), nhn Display t thanh thc n, v nhn Filter. 8. Trong ca s Display Filter, chn ty chn Protocol = = FTP, v nhn Edit Expression. 9. Trong th Protocol ti ca s Expression, nhn nt Disable All. 10. Trong phn Disabled Protocols, chn ESP, nhn nt Enable, v nhn OK. 11. Trong ca s Display Filter, nhn OK. Nhn p chut mt mc vo m mt khung c s 16. CU HI Bn c th nhn ra d liu trong khung c s 16 ca d liu trong cc gi tin thu thp c khng?Can you recognize the data in the hex-pane of the data in the packets 12. ng tt c cc ca s ang m. CU HI IPSec c m ha c cc thng s ng nhp dng tng minh v d liu c vn chuyn qua mng khng? Does IPSec encrypt both the clear-text credentials and the data that are transmitted across the network?
BI TP 6-3: MANAGING IPSEC POLICIES

Thi gian d kin: 10 pht Bn bt buc phi cu hnh cng cc chnh sch IPSec bn va to cho my ch FTP ca bn cho cc my ch FTP khc ca phng Bn hng. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 138
Xut Chnh sch IPSec

QUAN TRNG Hon thnh tc v ny trn my tnh hc vin c s hiu nh hn. N cho php bn xut chnh sch IPSec bn to ra ban u sang cc my tnh khc. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Trn mn hnh nn ca my tnh, nhn chut phi vo vng trng, chn New, v nhn Folder to th mc mi. 3. Nhp ipsec cho tn ca th mc. 4. Nhn chut phi ln th mc Ipsec trm mn hnh nn ca bn, v nhn Sharing And Security t thc n ng cnh. 5. Trong th Sharing ca trang Ipsec Properties, nhn Share This Folder, v nhn OK. 6. Trn mn hnh nn ca my tnh, nhn p chut Ipsec.msc m bng iu khin IPSec. 7. Trong cy bng iu khin IPSec, nhn chut phi vo IP Security Policies On Local Computer, nhn All Tasks, v nhn Export Policies. 8. trong ca s Save As, nhn Desktop, v nhn p chut vo th mc chia s Ipsec. 9. Trong hp File Name, nhp encryptftp, v nhn Save. 10. Trong cy bng iu khin IPSec, nhn chut phi vo IP Security Policies On Local Computer, nhn All Tasks, v nhn Restore Default Policies. 11. Trong hp thoi IP Security Policy Management, nhn Yes, v nhn OK. 12. ng tt c cc ca s ang m.
Nhp Chnh sch IPSec

QUAN TRNG Hon thnh tc v ny trn my tnh c s hiu ln hn ca hc vin, N cho php bn nhp chnh sch FTP IPSec t my tnh i tc ca bn.
139
S DNG IPSEC BO MT LU THNG MNG 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Trn mn hnh nn ca my tnh, nhn p chut ln Ipsec.msc m bng iu khin IPSec. 3. Trong cy bng iu khin IPSec, nhn chut phi the IP Security Policies On Local Computer, nhn All Tasks, v nhn Restore Default Policies. 4. Trong hp cnh bo IP Security Policy Management, nhn Yes, v nhn OK. 5. Nhn Start, nhn Run, v g \\computerxx\ipsec (trong computerxx l tn my tnh i tc ca bn) trong hp Open. 6. Ko file EncryptFtp. Ipsec vo mn hnh nn, v chn Copy Here. 7. Trong cy bng iu khin IPSec, nhn chut phi IP Security Policies On Local Computer, nhn All Tasks, v nhn Import Policies. 8. Trong ca s Open, nhn Desktop, nhn ln file EncryptFtp.Ipsec, v nhn Open. CU HI Cng TCP no c cu hnh trn b lc IPSec EncrypFtp trn my tnh hc vin?
Gn v d b vic gn cc Chnh sch IPSec

QUAN TRNG Hon thnh tc v ny trn my tnh hc vin c s hiu nh hn. N cho php bn g b cc chnh sch IPSec gn cho my tnh hc vin. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Trn mn hnh nn ca my tnh, nhn p chut ln file Ipsec.msc m bng iu khin IPSec. 3. Trong khung chi tit ca bng iu khin IPSec, nhn chut phi ln chnh sch IPSec EncryptFtp, v nhn Un-Assign. 4. Trong khung chi tit ca bng iu khin IPSec, chn v nhn chut phi vo chnh sch IPSec Client (Respond Only), v nhn Assign. 5. ng tt c cc ca s ang m. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 140
S DNG IPSEC BO MT LU THNG MNG QUAN TRNG Hon thnh tc v ny trn my tnh hc vin c s hiu ln hn. N cho php bn g b cc chnh sch IPSec gn cho my tnh hc vin. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Trn mn hnh nn ca my tnh, nhn p chut ln Ipsec.msc m bng iu khin IPSec. 3. Trong khung chi tit ca bng iu khin IPSec, chn v nhn chut phi vo chnh sch IPSec Client (Respond Only), v nhn Un-Assign 4. Trong khung chi tit ca bng iu khin IPSec, chn v nhn chut phi vo chnh sch IPSec Server (Request Security), v nhn Assign. 5. ng tt c cc ca s ang m.
BI TP 6-4: THEO DI V KHC PHC S C IPSEC

Thi gian d kin: 15 pht Sau khi bn ci t v cu hnh IPSec cho cc my ch FTP trn mng ni b ca bn, bn cn c kh nng s dng cc cng c v tin ch theo di v khc phc cc s c xy ra i vi cc kt ni IPSec ti my ch FTP. Trong Bi tp ny, bn s s dng cc cng c IPSec c sn theo di v khc phc cc s c xy ra i vi cc kt ni IPSec.
Kch hat vic ln vt sa li IKE

QUAN TRNG Hon thnh cc tc v ny trn my tnh hc vin c s hiu ln hn. N s cho php bn kch hot vic ghi nht k vo nht k Oakley. Vic kch hot ny c th thc hin bng cch thay i registry. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, nhn Run, in the Open box, type regedt32, v nhn OK to open Registry Editor. 3. Trong bng iu khin Registry Editor, duyt v m rng HKEY_LOCAL_MACHINE. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 141
S DNG IPSEC BO MT LU THNG MNG 4. Trong kha HKEY_LOCAL_MACHINE, duyt n v tr sau:: System\CurrentControlSet\Services\PolicyAgent. 5. M rng kha ph PolicyAgent. 6. Trong cy bng iu khin, nh v v chn kha ph Oakley. 7. Trn thc n Edit, nhn New, v nhn DWORD Value. 8. Trong hp New Value #1, nhp vo phn Value Name (lu c phn bit ch hoa, ch thng) EnableLogging, v nhn ENTER. 9. Trong khung chi tit, nhn chut phi DWORD Enable Logging, v nhn Modify. 10. Trong hp thoi Edit DWORD Value, trong hp Value Data, g 1, v nhn OK. CU HI iu g s xy ra nu bn nhp 0 cho gi tr ca bin EnableLogging? 11. ng Registry Editor. 12. Nhn Start, nhn Run, trong hp Open, nhp cmd, v nhn ENTER. 13. Ti du nhc lnh, g net stop policyagent, v nhn ENTER dng cc dch v lin quan n IPSec. 14. Ti du nhc lnh, g net Start policyagent, v nhn ENTER khi ng li cc dch v lin quan n IPSec. 15. Ti du nhc lnh, g exit ng ca s du nhc lnh File nht k Oakley s c lu ti %systemroot%\Debug\Oakley.log mt cch mc nh v file Oakley.log.sav l phin bn trc ca nht k sau khi dch v Policy Agent c khi ng li 16. ng tt c cc ca s ang m.
Xem cc thng s thng k IPSec bng Snap-In IPSec Monitor

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N cho php bn c th xem cc thng s thng k IPSec bng cch s dng IPSec Monitor. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn).
142
S DNG IPSEC BO MT LU THNG MNG 2. Trn mn hnh nn ca my tnh, nhn p chut vo Ipsec.msc m bng iu khin IPSec. 3. Trong bng iu khin IPSec, nhn File, v nhn Add/Remove SnapIn m ca s Add/Remove Snap-In. 4. Trong ca s Add/Remove Snap-In, nhn Add. 5. Trong ca s Add Standalone Snap-In, nhn IP Security Monitor, nhn Add, v nhn Close. 6. Trong ca s Add/Remove Snap-In, nhn OK. 7. Trong cy bng iu khin IPSec, m rng IP Security Monitor, v m rng Computerxx ( y Computerxx l tn ca my tnh ca bn). CU HI My tnh ca hc vin c security associations (SA S Kt hp Bo mt) c thit lp?, nu c, th vi my tnh no? (hng dn: Quan st phn Main Mode bn di Security Associations.) 8. ng tt c cc ca s ang m. 9. Khi c nhc lu cc thit lp bng iu khin IPSec, nhn Yes.
S dng Netsh xem cc thng s thng k IPSec

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N cho php bn xem cc thng s thng k IPSec bng Netsh. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, nhn Run, trong hp Open, g cmd, v nhn ENTER. 3. Ti du nhc lnh, g netsh ipsec static show policy all >c:\ipsec.txt. 4. Nhn Start, v nhn My Computer m ca s My Computer. 5. Trong ca s My Computer, nh v v nhn p chut ln C. 6. Trong ca s C, nhn p chut ln file Ipsec. txt m n. CU HI C bao nhiu chnh sch IPSec c gn? CU HI C bao nhiu chnh sch IPSec trn my tnh cc b?
143
Xem cc thng s thng k IPSec bng nht k Oakley

QUAN TRNG Hon thnh cc tc v ny trn my tnh hc vin c s hiu ln hn. N s cho php bn quan st cc thng s thng k IPSec bng cch s dng file nht k Oakley. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, v nhn My Computer m ca s My Computer. 3. Trong ca s My Computer, duyt n file %systemroot%\Debug \ Oakley. log. 4. Nhn p chut ln file Oakley.log m n. CU HI Chnh sch EncryptFTP hin ti c c gn? 5. ng tt c cc ca s ang m.
BI TP 6-5: D B CC CHNH SCH IPSEC

Thi gian d kin: 5 pht Trong Bi tp ny, bn s d b cc chnh sch IPSEc bn to v cu hnh trong cc bi tp trc. lm nh vy s li b c cc ph thuc c th nh hng n cc bi tp tip theo.
S dng Netsh d b cc chnh sch IPSec

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N cho php bn loi b cc chnh sch IPSec to. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, nhn Run, trong hp Open, g cmd, v nhn ENTER. 3. Ti du nhc lnh, g netsh ipsec static delete policy all. 4. ng tt c cc ca s ang m.
144
Khi phc cc Chnh sch IPSec mc nh

QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N cho php bn khi phc cc chnh sch IPSec mc nh trn my tnh ca hc vin. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Trn mn hnh nn ca my tnh, nhn p chut ln Ipsec.msc m bng iu khin IPSec. 3. Trong cy bng iu khin IPSec, chn v nhn chut phi ln IP Security Policies On Local Computer, nhn All Tasks, v nhn Restore Default Policies. 4. Trong hp thoi IP Security Policy Management, nhn Yes, v nhn OK. 5. ng tt c cc ca s ang m.
Xa trng thi IKE (Internet Key Exchange): Khi ng li dch v IPSec Policy Agent
QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N s cho php bn dng v khi ng li cc dch v IPSec trn my tnh ca mnh. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, nhn Run, in the Open box, type cmd, v nhn ENTER. 3. Ti du nhc lnh, nhp net stop policyagent, v nhn ENTER dng cc dch v lin quan n IPSec. 4. Ti du nhc lnh, nhp net start policyagent, v nhn ENTER khi ng li cc dch v lin quan n IPSec. 5. Ti du nhc lnh, nhp exit, v nhn ENTER ng ca s du nhc lnh.
CU HI N TP
Thi gian d kin: 15 pht TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 145
S DNG IPSEC BO MT LU THNG MNG 1. Cc chnh sch IPSec c th s dng hai phng thc no cung cp vic bo v cho cc thng s ng nhp, d liu v my ch? 2. Nguyn nhn m bn mun s dng cc chnh sch IPSec My tnh cc b l g? 3. Hai tin ch bn c th s dng kim tra cc chnh sch IPSec l ang c p dng trn my tnh cc b l g? 4. M t qu trnh s dng xc thc bng Giy chng nhn thc thi vic m ha cc lu thng Telnet gia mt my khch v nhiu my ch Telnet. 5. Bn c th cu hnh chnh sch IPSec ch s dng Triple DES Secure Hash Algorithm version 1 (3DES SHA1) m ha khng? 6. Mo t Kha Chia s trc (preshared key) l g v ti sao n khng l phng php c khuyn co s dng xc thc IPSec. 7. Cc chnh sch bo mt xc nh trc Secure Server (Require Security) v Server (Request Security) c khc nhau khng? 8. Khi no l thch hp s dng phng thc vn chuyn (Transport Mode) v khi no l thch hp s dng phng thc ng hm (Tunnel Mode)? 9. Khi thc hin khc phc s c IPSec, lm th no bn xc nh vn s c trong lin lc gia hai my tnh xy ra do cc thit lp IPSec hay do cc vn v phn cng mng ni chung khc?
THC HNH NNG CAO 6-1: BO V D LIU BNG IPSEC

Thi gian d kin: 25 pht Bn l qun tr bo mt cho cng ty ABC Ltd. Mt vi nhn vin ca cng ty chuyn s dng Web cn cp nht ln v ti v cc thng tin t my ch Web chy Windows Server 2003. Tt c cc nhn vin ni trn u s dng cc my tnh chy Microsoft Windows XP Professional, m u b tr trong cng mt phn on mng. Mng ni b ca bn c bo mt s dng tng la da trn RRAS v NAT, nhng mng c cu hnh cho php cc lu thng UDP ESP. cc thng s ng nhp v d liu c vn chuyn bng HTTP bt buc phi s dng cp m ha cao nht v cp bo mt ca vic xc thc. mng ca bn khng s dng cc dch v Certificate nhng bn ang cn nhc vic ci CA. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 146
S DNG IPSEC BO MT LU THNG MNG Mc d vy, bn khng mun c cc ti ph thm do vic qun tr gy ra, do vy, bn tm kim gii php khc. Ban lnh o thng bo vi bn rng gi ca cc Certificate thng mi hay ca cc i tc th ba m c th ci t ln my ch Web c h tr HTTPS l qu cao. Bn c th cu hnh my ch Web cho php cc nhn vin ca cng ty thc hin cc lin lc bo mt nh th no?
147
S DNG RRAS CU HNH NH TUYN
THC HNH 7: S DNG RRAS CU HNH NH TUYN

Lab ny gm c cc bi tp v cc hot ng sau: Bi tp 7-1: Kch hot dch v Routing And Remote Access Bi tp 7-2: Cu hnh nh tuyn IP Bi tp 7-3: To mt VPN Bi tp 7-4: Trin khai cc chnh sch truy cp t xa Bi tp 7-5: Cu hnh NAT Bi tp 7-6: Cu hnh cc b lc gi tin Bi tp 7-7: Loi b dch v Routing And Remote Access Cc cu hi n tp cho bi thc hnh Thc hnh nng cao 7-1: Thit k mt gii php truy cp t xa Sau khi hon thnh bi thc hnh ny, bn c th: Ci t v cu hnh dch v Routing And Remote Access Cu hnh nh tuyn tnh v nh tuyn ng To mt mng ring o VPN S dng cc chnh sch truy cp t xa hn ch cc kt ni t xa Cu hnh NAT chuyn i a ch IP trong cc mng ring thnh cc a ch cng cng Internet v ngc li To cc b lc gi tin hn ch lu lng IP Thi gian d kin: 145 pht (thi gian ny bao gm c qu trnh thit lp chun b trc khi bt u bi tp)
CC BC CHUN B
QUAN TRNG Nu bn hon thnh cc bi tp dnh cho bi thc hnh s 5, Bo mt mng, v bi thc hnh s 6, Bo mt lu lng mng bng IPSec th bn ch cn hon thnh mt trong s cc bi tp yu cu di y, Kch hot v cu hnh card mng cho phng hc. hon thnh cc bi tp trong bi thc hnh ny, bn phi ci t mt card mng th hai trn mi my tnh hc vin. Kt ni cc card mng thm ny bng cp cho. Sau khi hon thnh bi thc hnh s 7, g b card mng th TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 148
S DNG RRAS CU HNH NH TUYN hai ny hoc v hiu ha chng bng giao din ca Microsoft Windows trc khi tip tc vi cc bi tp trong bi thc hnh cui cng. Thi gian d kin: 10 pht ======================================================
Kch hot v cu hnh card mng cho kt ni mng Litware

QUAN TRNG Nu bn hon thnh cc bi tp dnh cho bi thc hnh s 5, Bo mt mng, v bi thc hnh s 6, Bo mt lu lng mng bng IPSec bn vn phi hon thnh bi tp yu cu di y, Kch hot v cu hnh card mng cho Litware. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administ rator@d omain.co ntoso .com (trong domain l tn domain ca bn). 2. Nhp Start ri nhp vo Network Connecti TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 149
S DNG RRAS CU HNH NH TUYN ons m ca s Network Connecti ons. 3. Trong ca s Network Connecti ons, nhp chut phi vo kt ni Litware Network ri nhp Enable. 4. Trong ca s Network Connecti ons, nhp chut phi vo kt ni Litware Network ri nhp vo Propertie s m trang Litware Network Propertie s. 5. Trong trang TRIN KHAI, QUN TR V DUY TR C S H TNG MNG 150 VI WINDOWS SERVER 2003
S DNG RRAS CU HNH NH TUYN Litware Network Propertie s, nhp vo TCP/IP ri nhp Propertie s. 6. Trong th General, la chn Use The Followin g IP Address v nhp thng tin a ch IP c cung cp trong bng 7-1.
Bng 7-1: a ch IP ca my tnh hc vin
Tn my tnh Computer01 Computer02 Computer03 Computer04 Computer05
Contoso Network a ch IP: 10.1.1.1 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.2 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.3 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.4 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.5 Mt n mng: 255.255.0.0
Litware Network a ch IP: 192.168.0.1 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.2 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.3 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.4 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.5 Mt n mng: 255.255.255.0
151

Computer06 Computer07 Computer08 Computer09 Computer10 Computer11 Computer12 Computer13 Computer14 Computer15 Computer16 Computer17 Computer18 Computer19 Computer20 Computer21 a ch IP: 10.1.1.6 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.7 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.8 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.9 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.10 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.11 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.12 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.13 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.14 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.15 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.16 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.17 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.18 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.19 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.20 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.21 Mt n mng: 255.255.0.0 a ch IP: 192.168.0.6 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.7 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.8 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.9 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.10 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.11 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.12 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.13 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.14 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.15 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.16 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.17 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.18 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.19 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.20 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.21 Mt n mng: 255.255.255.0
152

Computer22 Computer23 Computer24 Computer25 Computer26 Computer27 Computer28 Computer29 Computer30 a ch IP: 10.1.1.22 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.23 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.24 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.25 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.26 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.27 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.28 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.29 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.30 Mt n mng: 255.255.0.0 a ch IP: 192.168.0.22 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.23 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.24 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.25 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.26 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.27 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.28 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.29 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.30 Mt n mng: 255.255.255.0
7. Sau khi bn nhp thng tin a ch IP, nhp OK ng ca s Internet Protocol (TCP/IP) Propertie s. 8. Nhp OK ng ca TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 153
S DNG RRAS CU HNH NH TUYN s Litware Network Propertie s. 9. ng ca s Network Connecti ons. ======================================================
Ci t dch v WWW
QUAN TRNG Hon thnh cng vic ny trn c hai my tnh hc vin. Qua s cho php bn ci t dch v WWW trn my ch ca bn chy h iu hnh Windows Server 2003. Bn ch lm vic ny khi bn cha hon thnh bi thc hnh s 5 v 6. 6. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ngi s dng hc vin ca bn v domain l tn domain ca bn). 7. Nhp Start ri chn Control Panel. 8. Trong khi gi phm SHIFT, nhp chut phi vo Add Or Remove Programs ri nhp vo Run As m hp thoi Run As. 9. Trong hp thoi Run As, la chn The Following Users ri nhp cc chng thc sau vo trong hp thoi m ca s Add Or Remove Programs: a. Trong hp User Name, nhp administrator@domain.contoso.com (trong domain l tn domain ca bn) b. Trong hp Password nhp MSPress@LS#1. 10. Trong ca s Add Or Remove Programs nhp Add/Remove Windows Components. 11. Trong phn Components ca Windows Components Wizard, la chn Application Server ri nhp nt Details. 12. Trong ca s Application Server, la chn Internet Information Services (IIS) ri nhp nt Details. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG 154 VI WINDOWS SERVER 2003
S DNG RRAS CU HNH NH TUYN 13. Trong ca s Internet Information Services (IIS), la chn hp kim tra World Wide Web Service ri nhp OK. 14. Trong ca s Internet Information Services (IIS) nhp OK. 15. Trong ca s Application Server nhp OK. 16. Trn trang Windows Components nhp Next. 17. Nu h iu hnh yu cu bn ch v tr cc file ci t, a a CD ci t Windows Server 2003 vo a CD-ROM ri nhp OK. 18. Trn trang Completing The Windows Components Wizard nhp Finish. 19. ng tt c cc ca s ang m li. ======================================================
Cu hnh dch v WWW

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh hc vin. Qua s cho php bn cu hnh dch v WWW trn my ch ca bn chy h iu hnh Windows Server 2003. Bn ch lm vic ny khi bn cha hon thnh bi thc hnh s 5 v 6. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, tr ti All Programs, la chn Accessories ri nhp vo Notepad m Microsoft Notepad. 3. Trong ca s Untitled Notepad, g on vn bn sau:
<html> <head> <title>Welcome to the World Wide Web </title> </head> <body> This is the default page for the World Wide Web service!! </body>
155

</html>
4. Trong ca s Untitled Notepad, nhp File ri k chn Save As. 5. Trong ca s Save As, nhp vo My Comouter bn tri ri tr ti th mc C:\Inetpub\Wwwroot. 6. Trong ca s Save As, g default.htm vo trong hp File Name ri nhp vo Save lu file Default.htm vo trong th mc C:\Inetpub\Wwwroot. 7. ng Notepad li. ======================================================
Nng cp chc nng hot ng ca domain

QUAN TRNG Hon thnh cng vic ny trn my tnh hc vin c s hiu nh hn. Qua s cho php bn trin khai cc chnh sch Routing And Remote Access. Bn ch lm vic ny khi bn cha hon thnh bi thc hnh s 5 v 6. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, la chn Control Panel ri k tip kch p vo Administrative Tools. 3. Kch chut phi vo Active Directory Users And Computers ri chn Run As. Hp thoi Run As xut hin. 4. La chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Kch chut phi vo domain.contoso.com (trong domain l tn domain ca bn) ri nhp vo Raise Domain Funtional Level m ca s Raise Domain Funtional Level. 6. Trong ca s Raise Domain Funtional Level, la chn Windows Server 2003 t la chn Select An Available Domain Funtional Level. 7. Nhp vo nt Raise nng cp chc nng hot ng ca domain. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 156
S DNG RRAS CU HNH NH TUYN 8. Nhp OK chp nhn hp cnh bo Raise Domain Funtional Level. 9. Nhp OK mt ln na chp nhn hp thoi Raise Domain Funtional Level.
KCH BN
Bn l nh qun tr mng ca cng ty Contoso, Ltd.Gn y cng ty bn c mua li mt cng ty mi c tn l Litware, Inc. Vn phng chnh ca Contoso, Ltd c t trong mt ta nh Denver. Vn phng chnh ca Litware, Inc pha bn kia thnh ph. Mng ca Litware, Inc ch c t 8 n 10 ngi s dng c kt ni vi mng ca Contoso, Ltd qua ng Frame Relay 56K. kt ni mng ca hai vn phng chnh vi nhau bn cn ci t v cu hnh Routing And Remote Access trn mt my ch Windows Server 2003 c hai bn. iu ny cho php ngi s dng ca c hai mng c th truy cp cc ti nguyn ln nhau, ng thi cung cp truy cp t xa cho cc my trm.
BI TP 7-1: KCH HOT ROUTING AND REMOTE ACCESS

Thi gian d kin: 5 pht Bn l nh qun tr mng ca Contoso, Ltd. Trc khi kt ni hai mng vi nhau bn phi ci t dch v Routing And Remote Access. ======================================================
Ci t dch v Routing And Remote Access

QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn ci t dch v Routing And Remote Access trn my tnh hc vin ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 157
S DNG RRAS CU HNH NH TUYN 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: c. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). o Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trong mn hnh qun tr Routing And Remote Access, kch chut phi vo Computerxx (trong Computerxx l tn my tnh ca bn) ri chn Configure And Enable Routing And Remote Access t menu tt. 7. Trn trang Welcome To Routing And Remote Access Server Setup Wizard nhp Next m trang Configuration. 8. Trn trang ny, nhp Custom Configuration ri nhp Next m trang Custom Configuration. 9. Trn trang Custom Configuration, nhp LAN Routing ri nhp Next m trang Completing The Routing And Remote Access Server Setup Wizard. 10. Trn trang Completing The Routing And Remote Access Server Setup Wizard, nhp Finish ng Routing And Remote Access Server Setup Wizard li. 11. Trong hp thoi Routing And Remote Access, nhp Yes khi to dch v Routing And Remote Access. 12. ng mn hnh Routing And Remote Access li.
BI TP 7-2: CU HNH NH TUYN IP

Thi gian d kin: 15 pht kt ni cc mng ca Litware v Contoso, bn phi cu hnh c hai my ch Routing And Remote Access sao cho trn bng nh tuyn ca chng phi cha cc ng nh tuyn ng ti c hai mng. By gi, bn phi thm giao thc nh tuyn RIP cho c hai my ch ny cho php hai mng lin kt vi nhau. ======================================================
158
Ci t v cu hnh RIP
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn cu hnh my ch Routing And Remote Access ca bn ng vai tr nh mt router RIP. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trong mn hnh qun tr Routing And Remote Access, m rng phn Computerxx (trong Computerxx l tn my tnh ca bn) ri m rng IP Routing. 7. Trong IP Routing la chn v kch chut phi General ri chn New Routing Protocol. 8. Trn trang New Routing Protocol, nhp RIP Version 2 For Internet Protocol ri nhp OK. 9. Trn trang Routing And Remote Access, kch chut phi vo RIP ri la chn New Interface. 10. Trn ca s New Interface For RIP Version 2 For Internet Protocol trong Interfaces la chn Contoso Ltd Network ri nhp OK. 11. Trn trang RIP Properties-Contoso Ltd Network Properties nhp OK. 12. Trong ca s Routing And Remote Access, nhp chut phi RIP ri la chn New Interface. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 159
S DNG RRAS CU HNH NH TUYN 13. Trn ca s New Interface For RIP Version 2 For Internet Protocol trong Interfaces la chn Litware Inc Network ri nhp OK. 14. Trn trang RIP Properties-Litware Inc Network Properties nhp OK. ======================================================
Kim tra cc router hng xm qua RIP

QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn hin th cc router hng xm cng s dng giao thc nh tuyn RIP. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trong mn hnh qun tr Routing And Remote Access, m rng phn Computerxx (trong Computerxx l tn my tnh ca bn) ri m rng IP Routing. 7. Trong mn hnh ny, nhp chut phi vo RIP ri la chn Show Neighbors. CU HI a ch IP my tnh i tc ca bn c c hin th trong ca s Computerxx-RIP Neighbors khng? 8. ng mn hnh Routing And Remote Access li. ====================================================== 160
Thm cc ng nh tuyn tnh

QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn thm cc ng nh tuyn tnh trn my ch ci t Windows Server 2003 ca bn.. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trong mn hnh qun tr Routing And Remote Access, m rng phn Computerxx (trong Computerxx l tn my tnh ca bn) ri m rng IP Routing. 7. Trong mn hnh ny, nhp chut phi vo Static Routes ri nhp New Static Routes m ca s Static Route. 8. Trong danh sch th xung ca trng Static Route Interface la chn card mng Litware Inc Network. 9. Trong hp Static Route Destination nhp 172.16.0.0. 10. Trong hp Static Route Network Mask nhp 255.255.255.0. 11. Trong hp Static Route Gateway nhp a ch IP ca card mng Litware Inc Network. 12. Nhp OK trong ca s Static Route. ======================================================
161
Kim tra cc ng nh tuyn tnh bng cch s dng mn hnh Routing And Remote Access
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn hin th v kim chng rng cc ng nh tuyn tnh c a vo my ch ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trong mn hnh qun tr Routing And Remote Access, m rng phn Computerxx (trong Computerxx l tn my tnh ca bn) ri m rng IP Routing. 7. Trong mn hnh ny, nhp chut phi vo Static Routes ri chn Show IP Routing Table. Hy ghi li thng tin nh tuyn ca mng 172.16.0.0 vo bng di y:
Thng tin nh tuyn Destination (ch) Subnet Mask (Mt n mng) Cng ra (Gateway) Interface (Giao din) Gi tr ng nh tuyn (Metric) ng nh tuyn 1 ng nh tuyn 2
162

Protocol (Giao thc)
CU HI y c phi l ng nh tuyn tnh m bn thm trong cc bc trc? ======================================================
Kim tra cc ng nh tuyn tnh ch ca s dng lnh

QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn hin th v kim chng rng cc ng nh tuyn tnh c a vo my ch ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Run ri g cmd vo trong hp Open ri nhp phm ENTER. 3. Trong ca s ch dng lnh, ti du nhc lnh g route print. CU HI C mt ng nh tuyn tnh dnh cho mng 172.16.0.0 m bn thm vo trong cc bc trc khng? 4. ng ca s ch dng lnh li. ======================================================
Xa cc ng nh tuyn tnh
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn xa cc ng nh tuyn tnh trn my ch ci t Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As.
163
S DNG RRAS CU HNH NH TUYN 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trong mn hnh qun tr Routing And Remote Access, m rng phn Computerxx (trong Computerxx l tn my tnh ca bn) ri m rng IP Routing. 7. Trong mn hnh ny, nhp vo Static Routes. 8. Trong trang lit k chi tit ca mn hnh qun tr Routing And Remote Access, nhp chut phi vo ng nh tuyn tnh 172.16.0.0 ri nhp Delete. 9. ng mn hnh Routing And Remote Access li.
BI TP 7-3: TO MT MNG RING O VPN

Thi gian d kin: 20 pht C mt vi nhn vin ca phng ti chnh bt buc phi chuyn d liu ti chnh v k ton mt cch an ton t mng Litware ti mng Contoso. Bn phi to mt kt ni VPN bo mt cho nhng my trm ny sao cho nhng ngi s dng c th chuyn d liu ti chnh mt cch an ton ti my ch trn mng Contoso. ======================================================
Cu hnh mt my ch VPN
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh Routing And Remote Access vi cc cng VPN. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 164
S DNG RRAS CU HNH NH TUYN 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, nhp chut phi vo Computerxx (trong Computerxx l tn my tnh ca bn) ri nhp vo Properties m trang Computerxx (Local) Properties. 7. Trn trang Computerxx (Local) Properties, trong th General la chn hp kim tra Remote Access Server ri nhp OK. 8. Trong hp thoi Routing And Remote Access, nhp Yes khi ng li router. CU HI Mc nh, c tt c bao nhiu cng VPN c php sau khi bn cu hnh dch v Routing And Remote Access? CU HI Bn s lm g cu hnh thm cc cng VPN? 9. ng tt c cc ca s ang m. ======================================================
Thm mt ti khon ngi s dng VPN

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn to mt ti khon ngi s dng c s dng thit lp mt kt ni VPN vi my ch VPN.. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn).
165
S DNG RRAS CU HNH NH TUYN 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Active Directory Users And Computers ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Active Directory Users And Computers: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Active Directory Users And Computers. 6. Trn mn hnh qun tr Active Directory Users And Computers, nhp chut phi vo domain.contoso.com (trong domain l tn domain ca bn) la chn New ri nhp vo Organizational Unit. 7. Trong ca s New Object-Organizational Unit, trn hp Name g vpn users ri nhp OK. 8. Trn mn hnh qun tr Active Directory Users And Computers, nhp chut phi vo OU VPN Users, nhp New ri nhp vo Users m ca s New Object-User. 9. Trong ca s New Object-User trong hp First Name g VPNUser. 10. Trong ca s New Object-User trong hp User Logon Name g VPNUser ri nhp Next. 11. Trong hp Password and Confirm Password g MSPress#1. Xa la chn User Must Change Password At Next Logon v la chn User Can not Change Password ri nhp Next. 12. Trong ca s New Object-User nhp Finish kt thc qu trnh to ti khon ngi s dng mi. 13. ng tt c cc ca s ang m. ======================================================
Thit lp kt ni VPN trn my trm

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn kt ni ti mt my ch VPN. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 166
S DNG RRAS CU HNH NH TUYN 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start ri chn Network Connections m ca s Network Connections. 3. Trong ca s Network Connections, trn menu File nhp New Connections m New Connections Wizard. 4. Trong New Connections Wizard nhp Next m trang Network Connections Type. 5. Trong trang Network Connections Type nhp Connect To The Network At My Workplace ri nhp Next. 6. Trn trang Network Connections nhp vo kt ni Virtual Private Network ri nhp Next m trang Connection Name. 7. Trn trang Connection Name, trong hp Company Name nhp vpn to contoso ltd ri nhp Next. 8. Trn trang VPN Server Selection, trong trng Host Name Or IP Address nhp a ch IP my tnh i tc ca bn (10.1.1.x) ri nhp Next. 9. Trn trang Connection Availability la chn Anyones Use ri nhp Next. 10. Trn trang Completing The New Connection Wizard la chn hp kim tra Add A Shortcut To This Connection To My Desktop ri nhp Finish ng New Connection Wizard li. 11. Trong ca s Connect To VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPRess#1. 12. Nhp Connect thc hin kt ni VPN. CU HI C li no xut hin khi bn c gng kt ni ti my ch VPN? 13. Trn trang Error Connecting To VPN To Contoso Ltd nhp Close. ====================================================== TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 167
Cu hnh ti khon VPN User

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh cc quyn quay s cho ti khon ca ngi s dng. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Active Directory Users And Computers ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Active Directory Users And Computers: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Active Directory Users And Computers. 6. Trn mn hnh qun tr Active Directory Users And Computers, m rng domain.contoso.com (trong domain l tn domain ca bn) ri la chn VPN Users. 7. Trong phn chi tit ca mn hnh Active Directory Users And Computers nhp chut phi vo VPNUser ri chn Properties. 8. Trn trang VPNUser Properties chn th Dial-In v nhp vo Allow Access ri k nhp OK. CU HI La chn quay s no c kch hot theo mc nh? 9. ng tt c cc ca s ang m li. ======================================================
Thit lp li kt ni VPN trn my trm

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn to mt kt ni ti my ch VPN. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 168
S DNG RRAS CU HNH NH TUYN 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Trn mt mn hnh, kch p vo biu tng kt ni quay s VPN To Contoso Ltd. 3. Trong ca s Connect VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPress#1. 4. Nhp Connect thc hin kt ni VPN. CU HI Bn nhn c thng bo li g khi c gng kt ni ti my ch VPN? 5. Trn trang Error Connecting To VPN To Contoso Ltd nhp Close. CU HI Ti sao VPNUser khng c php kt ni vi la chn quay s Control Access Through Remote Access Policy c kch hot cho ti khon VPNUser? ======================================================
Cu hnh li my ch VPN
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn chp nhn cc kt ni VPN ti my ch. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access:
169
S DNG RRAS CU HNH NH TUYN 5. Trong hp User Name, nhp administrator@domain.conto-so.com ( trong domain l tn domain ca bn). 6. Trong hp Password, nhp MSPress@LS#1. 7. Nhp OK m mn hnh Routing And Remote Access. 8. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn). 9. Trong mn hnh Routing And Remote Access, nhp chut phi vo Ports ri chn Properties. 10. Trong ca s Ports Properties la chn WAN Miniport (PPTP) ri nhp vo Configure. 11. Trn ca s Configure Device-WAN Miniport (PPTP), xem li hp kim tra Remote Access Connections (Inbound Only) ri nhp OK. 12. Trong ca s Ports Properties la chn WAN Miniport (L2TP) ri nhp vo Configure. 13. Trn ca s Configure Device-WAN Miniport (L2TP), la chn hp kim tra Remote Access Connections (Inbound Only) ri nhp OK. 14. Trong ca s Ports Properties nhp OK ghi li nhng thay i ca bn. 15. ng tt c cc ca s ang m li. ======================================================
Thit lp li kt ni VPN trn my trm

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn to mt kt ni ti my ch VPN. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Trn mt mn hnh, kch p vo biu tng kt ni quay s VPN To Contoso Ltd. 3. Trong ca s Connect VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPress#1. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 170
S DNG RRAS CU HNH NH TUYN 4. Nhp Connect thc hin kt ni VPN ti Contoso Ltd. 5. Mt biu tng kt ni mng xut hin trong khu vc thng bo. CU HI Giao thc VPN v phng php m ha no c kt ni VPN ny s dng? (nu biu tng kt ni b n th bn c th kch p vo n trn thanh tc v) 6. ng ca s VPN To Contoso Ltd Status li. ======================================================
Hin th kt ni truy cp t xa
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn hin th mt kt ni VPN.. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn) ri nhp vo Remote Access Clients. CU HI Trong phn lit k chi tit ca mn hnh Routing And Remote Access, tn ca ngi s dng hin ang kt ni l g? ====================================================== 171
Dng mt kt ni truy cp t xa
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn ngt mt kt ni ra khi my ch VPN. 1. Nhp chut phi vo biu tng Network Connection ca VPN To Contoso Ltd ri nhp Disconnect. 2. ng tt c cc ca s ang m li.
BI TP 7-4: TRIN KHAI CC CHNH SCH TRUY CP T XA

Thi gian d kin: 25 pht Bn l qun tr v vn bo mt cho Litware, Inc. Mt s ngi s dng trong phng ti chnh cn truy cp VPN t xa ti my ch t ti tr s chnh Contoso. Bn phi iu khin qu trnh truy cp ca ngi s dng ti my ch VPN ch khng n thun cho php h kt ni ti n. Bn cng ch cho php cc kt ni kiu PPTP c php truy cp ti my ch. Bn mun trin khai cc chnh sch truy cp t xa trn my ch VPN c th iu khin c ngi s dng v kt ni c cc c tnh xc nh. ======================================================
Cu hnh cc c tnh quay s trn ti khon ca ngi s dng

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh cc quyn quay s cho ti khon ca ngi s dng. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Active Directory Users And Computers ri chn Run As m hp thoi Run As.
172
S DNG RRAS CU HNH NH TUYN 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Active Directory Users And Computers: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Active Directory Users And Computers. 6. Trn mn hnh qun tr Active Directory Users And Computers, m rng domain.contoso.com (trong domain l tn domain ca bn) ri la chn VPN Users. 7. Trong phn chi tit ca mn hnh Active Directory Users And Computers nhp chut phi vo VPNUser ri chn Properties. 8. Trn trang VPNUser Properties chn th Dial-In v chn la chn Control Access Through Remote Access Policy ri k nhp OK. 9. ng mn hnh Active Directory Users And Computers li. CU HI Bng cch thay i ti khon ngi s dng theo cch ny, anh ta c kh nng truy cp ti my ch khng? ======================================================
Kim tra chnh sch truy cp t xa mc nh

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn kim tra chnh sch truy cp t xa mc nh trn my ch Routing And Remote Access. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Trn mt mn hnh, kch p vo biu tng kt ni quay s VPN To Contoso Ltd. 3. Trong ca s Connect VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPress#1. 4. Trong trng Domain, nhp domain.contoso.com (trong domain l tn domain ca bn). TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 173
S DNG RRAS CU HNH NH TUYN 5. Nhp Connect thc hin kt ni VPN ti Contoso Ltd. CU HI Bn nhn c thng bo li g? 6. ng ca s Error Connecting To VPN To Contoso Ltd li. ======================================================
Cu hnh cc iu kin trong chnh sch truy cp t xa

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh my ch Routing And Remote Access ch chp nhn cc kt ni VPN kiu PPTP.. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn). 7. La chn v nhp chut phi vo Remote Access Policies ri la chn New Remote Access Policy m New Remote Access Policy Wizard. 8. Trn trang Welcome To The New Remote Access Policy Wizard nhp Next m trang Policy Configuration Method.
174
S DNG RRAS CU HNH NH TUYN 9. Trn trang Policy Configuration Method, nhp Set Up A Custom Policy. Trong hp Policy Name, nhp pptp only connections ri nhp Next. 10. Trn trang Policy Conditions, nhp Add m trang Select Attribute. 11. Trn trang Select Attribute, nhp Tunnel-Type ri nhp Add m trang Tunnel-Type. 12. Trn trang Tunnel-Type, nhp Point-To-Point Tunneling Protocol (PPTP). Trong Selected Types, nhp Add thm Point-To-Point Tunneling Protocol (PPTP) vo trong danh sch ri nhp OK. 13. Trn trang Policy Conditions, nhp Next m trang Permissions. 14. Trn trang Permissions nhp Grant Remote Access Permission ri k nhp Next. 15. Trn trang Profile nhp Next m trang Completing The New Remote Access Policy Wizard. 16. Trn trang Completing The New Remote Access Policy Wizard, nhp Finish ng New Remote Access Policy Wizard. 17. ng mn hnh Routing And Remote Access li. ======================================================
Kim tra cc iu kin trong chnh sch truy cp t xa

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn kim tra chnh sch truy cp t xa c cu hnh trn my ch Routing And Remote Access. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn). 2. Trn mt mn hnh, kch p vo biu tng kt ni quay s VPN To Contoso Ltd. 3. Trong ca s Connect VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPress#1. 4. Nhp Connect thc hin kt ni VPN ti Contoso Ltd. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 175
S DNG RRAS CU HNH NH TUYN CU HI Kt ni VPN c kt ni c ti my ch truy cp t xa khng? 5. Nhp chut phi vo biu tng VPN To Contoso Ltd trn mt mn hnh ri la chn Disconnect. 6. Nhp p vo biu tng VPN To Contoso Ltd trn mt mn hnh ri tip theo trong ca s Connect VPN To Contoso Ltd nhp Properties. 7. Trn trang VPN To Contoso Ltd Properties nhp vo th Networking v trong danh sch th xung Type Of VPN la chn L2TP IPSec VPN ri nhp OK. 8. Trong ca s Connect VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPress#1. CU HI Kt ni VPN c kt ni c ti my ch truy cp t xa khng?Ti sao khng? 9. ng ca s Error Connecting To VPN To Contoso Ltd li. 10. Nhp p vo biu tng VPN To Contoso Ltd trn mt mn hnh ri tip theo trong ca s Connect VPN To Contoso Ltd nhp Properties. 11. Trn trang VPN To Contoso Ltd Properties nhp vo th Networking v trong danh sch th xung Type Of VPN la chn PPTP VPN ri nhp OK. 12. Nhp Cancel ng ca s Connect VPN To Contoso Ltd li. ======================================================
Cu hnh profile trong chnh sch truy cp t xa

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh my ch Routing And Remote Access ch chp nhn cc kt ni VPN kiu PPTP trong khong thi gian c th. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 176
S DNG RRAS CU HNH NH TUYN 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn). 7. La chn Remote Access Policies v trong mn hnh hin th chi tit nhp chut phi vo chnh sch PPTP Only Connections Remote Access ri la chn Properties. 8. Trn trang PPTP Only Connections Properties nhp Edit Profile m ca s Edit Dial-In Profile. 9. Trong ca s Edit Dial-In Profile la chn hp kim tra Allow Access Only On These Days And At These Times ri nhp Edit m ca s Dial-In Hours. 10. Trong ca s Dial-In Hours ch cho php cc kt ni c thc hin t 6:00 AM n 7:00 AM ri nhp OK. 11. Trn trang Edit Dial-In Profile nhp OK. 12. Trn trang PPTP Only Connections Properties nhp OK. 13. ng mn hnh Routing And Remote Access li. CU HI Ch nhng gi c lit k trong hp Allow Access Only On These Days And At These Times thay i tng ng thnh Sunday-Saturday v 6:00 A.M. n 7:00 A.M. ======================================================
Kim tra profile ca chnh sch truy cp t xa

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn kim tra profile ca chnh sch truy cp t xa c cu hnh trn my ch Routing And Remote Access. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 177
S DNG RRAS CU HNH NH TUYN 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Trn mt mn hnh, kch p vo biu tng kt ni quay s VPN To Contoso Ltd. 3. Trong ca s Connect VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPress#1. 4. Nhp Connect thc hin kt ni VPN ti Contoso Ltd. CU HI Bn nhn c thng bo li g v ti sao li nhn c n? 5. ng ca s Error Connecting To VPN To Contoso Ltd li. ======================================================
Cu hnh li profile trong chnh sch truy cp t xa

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh li my ch Routing And Remote Access ch chp nhn cc kt ni VPN kiu PPTP. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 178
S DNG RRAS CU HNH NH TUYN 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn). 7. La chn Remote Access Policies v trong mn hnh hin th chi tit nhp chut phi vo chnh sch PPTP Only Connections Remote Access ri la chn Properties. 8. Trn trang PPTP Only Connections Properties nhp Edit Profile m ca s Edit Dial-In Profile. 9. Trong ca s Edit Dial-In Profile b la chn Allow Access Only On These Days And At These Times ri nhp OK. 10. Trn trang PPTP Only Connections Properties nhp OK. 11. ng tt c cc mn hnh ang m li. ======================================================
Kim tra li profile ca chnh sch truy cp t xa

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn kim tra li profile ca chnh sch truy cp t xa c cu hnh trn my ch Routing And Remote Access. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Trn mt mn hnh, kch p vo biu tng kt ni quay s VPN To Contoso Ltd. 3. Trong ca s Connect VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPress#1. 4. Nhp Connect thc hin kt ni VPN ti Contoso Ltd. CU HI Bn c c php kt ni ti my ch truy cp t xa khng? Ti sao c hoc ti sao khng? 5. Ngt kt ni VPN To Contoso Ltd.
179
BI TP 7-5: CU HNH NAT

Thi gian d kin: 15 pht QUAN TRNG t c mc tiu ca bi tp ny, gi thit domain hc vin ca bn l mng Litware, Inc cn mng phng hc l mng Contoso, Ltd. My tnh ca hc vin c s hiu nh hn s ng vai tr l my ch NAT v my tnh ca hc vin c s hiu ln hn s ng vai tr l my trm NAT. Bn ang trong qu trnh trin khai tnh nng NAT nh mt phng tin cho php cc my trm kt ni ti mng Contoso. By gi, bn phi cu hnh Routing And Remote Access vi tnh nng NAT v hai giao din mng khc nhau cho php cc my trm kt ni ti. ======================================================
Ci t v cu hnh NAT
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh ci t v cu hnh NAT trn my ch ci t Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: 5. Trong hp User Name, nhp administrator@domain.conto-so.com ( trong domain l tn domain ca bn). a. Trong hp Password, nhp MSPress@LS#1. b. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn) v m rng IP Routing. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 180
S DNG RRAS CU HNH NH TUYN 7. Trong mn hnh Routing And Remote Access, la chn v nhp chut phi vo NAT/Basic Firewall ri chn New Interface. 8. Trong ca s New Interface For Network Address Translation (NAT) nhp vo card mng Contoso Ltd Network ri k nhp OK. 9. Trn trang Network Address Translation (NAT) Properties-Contoso Ltd Network, nhp Public Interface Connected To The Internet, la chn hp kim tra Enable NAT On This Interface ri nhp OK. 10. Trong mn hnh Routing And Remote Access, nhp chut phi vo NAT/Basic Firewall ri la chn New Interface. 11. Trong ca s New Interface For Network Address Translation (NAT) nhp vo kt ni Litware Inc Network ri nhp OK. 12. Trn trang Network Address Translation (NAT) Properties-Litware Inc Network, xc nhn rng la chn Private Interface Connected To Private Network c chn ri nhp OK. 13. ng tt c cc mn hnh ang m li. ======================================================
Cu hnh mt my trm NAT

QUAN TRNG Vi phn cn li ca bi tp ny, bn hy b cp mng ra khi card Contoso Ltd Network trn my tnh c s hiu ln hn. Ti phn cui ca bi tp ny, bn kt ni cp mng ny li. Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn cu hnh my tnh ca bn hot ng nh mt my trm NAT.. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn). 2. Nhp Start ri nhp vo Network Connections m ca s Network Connections. 3. Trong ca s Network Connections, nhp chut phi vo kt ni Litware Inc Network ri nhp Properties. 4. Trn trang Litware Inc Network Connection Properties nhp Internet Protocol (TCP/IP) ri nhp Properties.
181
S DNG RRAS CU HNH NH TUYN 5. Trn ca s Internet Protocol (TCP/IP) Properties, trong hp Default Gateway nhp a ch IP kt ni Litware Inc Network ca i tc ri nhp OK. 6. Trn trang Litware Inc Network Properties nhp Close xc nhn nhng thay i ca bn. ======================================================
Cu hnh IIS
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh dch v IIS trn my ch ca bn ci t h iu hnh Windows Server 2003. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn). 2. Nhp Start chn Administrative Tools ri la chn Internet Information Services (IIS) Manager. 3. Trong mn hnh qun tr Internet Information Services (IIS) Manager m rng Computerxx (trong Computerxx l tn my tnh ca bn) ri k tip m rng Web Sites. 4. Trong mn hnh qun tr Internet Information Services (IIS) Manager, nhp chut phi vo Default Web Site ri nhp Properties. 5. Trong th Web Site, trong danh sch th xung IP Address chn a ch IP ca card mng Contoso Ltd Network c gn cho my tnh hc vin ca bn (10.1.1.xx) ri nhp OK. 6. ng mn hnh qun tr Internet Information Services (IIS) Manager li. ======================================================
Kim tra kt ni ca my trm NAT

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn kim tra v xc nhn rng my trm NAT c th lin lc c vi mt Web site trn mt mng khc. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn). TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 182
S DNG RRAS CU HNH NH TUYN 2. Nhp Start, tr ti All Programs v nhp vo Internet Explorer m ca s Microsoft Internet Explorer. Nu hp thoi Internet Explorer Enhanced Security Configure th nhp OK. 3. Trong phn Internet Explorer Address, nhp http://10.1.1.xx (trong 10.1.1.xx l a ch IP card mng Contoso Ltd Network ca i tc ca bn) ri nhp phm ENTER. CU HI Bn c nhn c trang mc nh ca dch v Web ang chy trn my tnh i tc ca bn khng? Ti sao c hoc ti sao khng? 4. ng Internet Explorer li. ======================================================
G b dch v NAT
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn g b NAT ra khi my tnh hc vin. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn) v m rng IP Routing. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 183
S DNG RRAS CU HNH NH TUYN 7. Trong mn hnh Routing And Remote Access, la chn NAT/Basic Firewall ri nhp Delete. 8. Trong hp thoi Routing And Remote Access, nhp Yes g b NAT/Basic Firewall. 9. ng mn hnh qun tr Routing And Remote Access li. ======================================================
Cu hnh li IIS
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh dch v IIS trn my ch ca bn ci t h iu hnh Windows Server 2003. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn). 2. Nhp Start chn Administrative Tools ri la chn Internet Information Services (IIS) Manager. 3. Trong mn hnh qun tr Internet Information Services (IIS) Manager m rng Computerxx (trong Computerxx l tn my tnh ca bn) ri k tip m rng Web Sites. 4. Trong mn hnh qun tr Internet Information Services (IIS) Manager, nhp chut phi vo Default Web Site ri nhp Properties. 5. Trong th Web Site, trong danh sch th xung IP Address chn All Unassigned ri nhp OK. 6. ng mn hnh qun tr Internet Information Services (IIS) Manager li. QUAN TRNG Bn phi kt ni li cp mng ti card Contoso Ltd Network trn my trm NAT hon thnh cc bi tp sau.
BI TP 7-6: CU HNH CC B LC GI
Thi gian d kin: 10 pht Bn ang kim tra cc b lc gi tin trn Routing And Remote Access xc nh xem n cm lu lng trn cc cng TCP nh th no trn my ch ci t Windows Server 2003. kim tra vn ny, bn ci t IIS v by gi mun s dng cc b lc gi tin cm lu lng HTTP trn cng 80. ====================================================== TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 184
Kim tra kt ni ca my trm IIS

QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn kim tra v xc nhn rng my trm c th lin lc c vi my ch Web. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn). 2. Nhp Start, tr ti All Programs v nhp vo Internet Explorer m ca s Internet Explorer. 3. Trong phn Internet Explorer Address, nhp http://10.1.1.xx (trong 10.1.1.xx l a ch IP card mng Contoso Ltd Network ca i tc ca bn) ri nhp phm ENTER. CU HI Bn c nhn c trang mc nh ca dch v Web ang chy trn my tnh i tc ca bn khng? 4. ng Internet Explorer li. QUAN TRNG Nu hp thoi Internet Explorer Enhanced Security Configure th nhp OK. ======================================================
Cu hnh mt b lc gi tin cho lu lng HTTP

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh ca hc vin. Qua s cho php bn to ra mt b lc gi tin Routing And Remote Access cm lu lng HTTP. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 185
S DNG RRAS CU HNH NH TUYN a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn) v m rng IP Routing. 7. Trong mn hnh Routing And Remote Access, nhp General. Trong mn hnh hin th chi tit, nhp chut phi vo Contoso Ltd Network ri la chn Properties. 8. Trong th General ca trang Contoso Ltd Network Properties, nhp Inbound Filters m trang Inbound Filters. 9. Trong hp thoi Inbound Filters, nhp New m trang Add IP Filter. 10. Trn trang Add IP Filter, la chn hp kim tra Destination Network nhp 10.1.0.0 trong trng IP Address v k nhp 255.255.0.0 vo trng Subnet Mask. 11. Trong danh sch th xung Protocol, la chn TCP. 12. Trong hp Destination Port nhp 80 ri nhp OK. 13. Trong trang Inbound Filters, xc nhn rng la chn Receive All Packets Except Those That Meet The Criteria Below c chn ri nhp OK. 14. Trn trang Contoso Ltd Properties nhp OK. 15. ng mn hnh qun tr Routing And Remote Access li. ======================================================
Kim tra kt qu ca b lc gi i vi lu lng HTTP

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh hc vin. Qua s cho php bn kim tra b lc gi tin HTTP m bn va to ra. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn).
186
S DNG RRAS CU HNH NH TUYN 2. Nhp Start, tr ti All Programs v nhp vo Internet Explorer m ca s Microsoft Internet Explorer. Nu hp thoi Internet Explorer Enhanced Security Configure th nhp OK. 3. Trong phn Internet Explorer Address, nhp http://10.1.1.xx (trong 10.1.1.xx l a ch IP kt ni Contoso Ltd Network ca i tc ca bn) ri nhp phm ENTER. CU HI Bn c nhn c trang mc nh ca dch v Web ang chy trn my tnh i tc ca bn khng? Ti sao c hoc ti sao khng? 4. ng Internet Explorer li.
BI TP 7-7: G B DCH V ROUTING AND REMOTE ACCESS

Thi gian d kin: 10 pht Trong bi tp ny, bn s g b cc cu hnh trn dch v Routing And Remote Access m bn to ra trong cc bi tp trc. Thc hin cng vic ny s gip bn loi b nhng s ph thuc c th nh hng n cc bi tp sau. ======================================================
G b dch v Routing And Remote Access

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh ca hc vin. Qua s cho php bn g b bt k thng s cu hnh no trn dch v Routing And Remote Access trong bi thc hnh s 8 ny. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. K kch p vo Routing And Remote Access. 3. Trong mn hnh qun tr Routing And Remote Access, nhp chut phi vo Computerxx (trong Computerxx l tn my tnh ca bn) ri chn Disable Routing And Remote Access. 4. Trong hp thoi Routing And Remote Access, nhp Yes tip tc. 5. ng tt c cc ca s ang m li. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 187
CU HI N TP
Thi gian d kin: 15 pht 1. Hai giao thc VPN no c th s dng c trn h iu hnh Windows Server 2003? 2. Hai kiu ng nh tuyn no m bn c th thm vo trong mt bng nh tuyn? 3. Mt phng php m bn c th s dng cu hnh mt b lc gi tin cho php cm lu lng Telnet thng qua dch v Routing And Remote Access l g? 4. Hai kiu giao din no c thm vo mt cu hnh NAT? 5. Ba thit lp quay s c cu hnh trn cc c tnh ti khon ca mt ngi s dng c th l g? 6. Hai thnh phn ca mt chnh sch truy cp t xa l g? 7. iu g s xy ra nu hai giao din mng s dng trong NAT tro i vai tr cho nhau?
THC HNH NNG CAO 7-1: THIT K MT GII PHP TRUY CP T XA

Thi gian d kin: 20 pht Bn l nh qun tr mng cho cng ty Trey Research t ti Denver. Gn y phc v cho nhu cu m rng hot ng, cng ty c t thm hai vn phng cho chi nhnh mi. Vn phng ca chi nhnh th nht iu hnh hot ng sn xut ch to v nghin cu c t ti Dallas. Ngi s dng trn mng Dallas phi c kh nng chuyn cc thng tin rt quan trng v vn phng chnh Denver. Vn phng ca chi nhnh th hai iu hnh hot ng qun tr v ti chnh c t ti Kansas City. Ngi s dng trn mng Kansas City phi c kh nng chuyn cc thng tin ti chnh v vn phng chnh Denver. Nhng ngi s dng cng s s dng cc my tnh xch tay khi h ti vn phng chnh. Bn phi iu khin qung thi gian h c php kt ni khi h kt ni ti my ch Routing And Remote Access Denver thng qua cc card khng dy. Mi chi nhnh c hai my ch ci t h iu hnh Windows Server 2003. Mi vn phng ca chi nhnh mi s c kt ni ti mt nh cung cp dch v Internet (ISP) bng ng thu bao s (DSL) 256 Kbps. Mi ng kt ni ny phi c bo mt bng phng php m ha cao nht c th. a ch IP dnh cho Trey Research nh sau: TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 188
S DNG RRAS CU HNH NH TUYN Vn phng chnh: 172.16.0.0/24 Dallas: 10.10.10.0/24 Kansas City: 172.16.0.0/16 Gn y, Trey Research c mua mt trung tm phn phi t ti Atlanta. Cng ty khng mun xy ra cc chi ph khng cn thit khi kt ni trung tm phn phi ti vn phng chnh. Tt c cc n t hng s c fax ti trung tm ny. K ngi s dng Atlanta phi c kh nng truy cp vo trng thi ca n t hng v thng tin v vic x l n t hng bng cch s dng IIS 6 trn mt my tnh t ti vn phng chnh ci t Windows Server 2003. Vn phng ca chi nhnh Atlanta c kt ni ti vn phng Denver bng ng kt ni Frame Relay 56 Kbps. Mng Atlanta hin nay ang s dng a ch mng 192.168.0.0/24. C hai my ch Windows Server 2003 t ti Atlanta. Bn c th s dng phng tin trong bi thc hnh ny nh th no cu hnh mt mng p ng tt c nhng yu cu ny?
189
DUY TR KIN TRC MNG
THC HNH 8: DUY TR KIN TRC MNG

Thc hnh ny gm c cc bi tp v cc hot ng sau: Bi tp 8-1: S dng cng c Task Manager Bi tp 8-2: S dng mn hnh qun tr Performance Bi tp 8-3: Gim st lu lng mng Bi tp 8-4: X l s c kt ni Bi tp 8-5: Cu hnh cc dch v trn Windows Server 2003 Bi tp 8-6: G b cc thnh phn c ci t Cc cu hi n tp cho bi thc hnh Thc hnh nng cao 8-1: Gim st v x l s c mng Sau khi hon thnh bi thc hnh ny, bn c th: S dng cng c Task Manager hin th cc thng k theo thi gian thc. Thm v g b cc b m hiu nng h thng. Cu hnh cc cnh bo v hiu nng h thng. S dng cng c Network Monitor gim st lu lng mng. S dng cc cng c x l s c khc nhau. Cu hnh cc dch v trn Windows Server 2003. Thi gian d kin: 115 pht (thi gian ny bao gm c qu trnh thit lp chun b trc khi bt u bi tp)
CC BC CHUN B
Thi gian d kin: 10 pht
190
DUY TR KIN TRC MNG QUAN TRNG Nu bn cha hon thnh cc bi tp trong Lab4, Qun tr v gim st dch v DNS, bn phi hon thnh cc bi tp chun b di y. ======================================================
Ci t cc cng c h tr Windows Server 2003

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh hc vin. Qua s cho php bn ci t cng c h tr Windows Server 2003 trn my tnh ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start ri nhp vo My Computer. 3. Trong ca s My Computer, nhp chut phi vo a CD-ROM ca bn ri nhp Open. (a CD-ROM ci t Windows Server 2003 phi c a vo trong a CD) 4. M th mc Support, m th mc Tools ri nhp p vo file Support.msi. 5. Trong ca s Windows Support Tools Setup Wizard, nhp Next. 6. Trn trang End User Licence Agreement, xem xt cc quy nh v licence ri nhp I Agree nu bn chp nhn nhng quy nh ny. (Nu bn khng chp thun nhng quy nh ni trn, bn s khng th tip tc qu trnh ci t). Nhp Next. 7. Trn trang User Information chp nhn tn v t chc mc nh ri nhp Next tip tc. 8. Trn trang Destination Directory, nhp Install Now bt u qu trnh ci t. 9. Trn trang Completing The Windows Support Tools Setup Wizard nhp Finish hon thnh qu trnh ci t cng c h tr. 10. ng tt c ca s ang m. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 191
DUY TR KIN TRC MNG ======================================================
Ci t dch v WWW v FTP

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh hc vin. Qua s cho php bn ci t dch v WWW v FTP trn my ch ca bn chy h iu hnh Windows Server 2003. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start ri chn Control Panel ri nhp vo Add Or Remove Programs. 3. Trong ca s Add Or Remove Programs nhp Add/Remove Windows Components. 4. Trong phn Components ca Windows Components Wizard, la chn Application Server ri nhp nt Details. 5. Trong ca s Application Server, la chn Internet Information Services (IIS) ri nhp nt Details. 6. Trong ca s Internet Information Services (IIS), la chn File Transfer Protocol (FTP) Service v World Wide Web Service ri nhp OK. 7. Trong ca s Internet Information Services (IIS) nhp OK. 8. Trong ca s Application Server nhp OK. 9. Trong Windows Components Wizard nhp Next. 10. Nu h iu hnh yu cu bn ch v tr cc file ci t, a a CD ci t Windows Server 2003 vo a CD-ROM ri nhp OK. 11. Trn trang Completing The Windows Components Wizard nhp Finish. 12. ng tt c cc ca s ang m li. ====================================================== TRIN KHAI, QUN TR V DUY TR C S H TNG MNG 192 VI WINDOWS SERVER 2003
DUY TR KIN TRC MNG
Cu hnh dch v WWW v FTP

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh hc vin. Qua s cho php bn cu hnh dch v WWW v FTP trn my ch ca bn ci t h iu hnh Windows Server 2003. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, tr ti All Programs, la chn Accessories ri nhp vo Notepad m Microsoft Notepad. 3. Trong ca s Untitled Notepad, g on vn bn sau:
<html> <head> <title>Welcome to the World Wide Web </title> </head> <body> This is the default page for the World Wide Web service!! </body> </html>
4. Trong ca s Untitled Notepad, nhp File ri k chn Save As. 5. Trong ca s Save As, nhp vo My Comouter bn tri ri tr ti th mc C:\Inetpub\Wwwroot. 6. Trong ca s Save As, g default.htm vo trong hp File Name ri nhp vo Save lu file Default.htm vo trong th mc C:\Inetpub\Wwwroot. Nu c thng bo v vic ghi ln file Default.htm sn c nhp Yes tip tc tin trnh. 7. ng tt c cc ca s ang m li.
193
DUY TR KIN TRC MNG
KCH BN
Bn l nh qun tr mng ca cng ty Contoso, Ltd. Vi thng gn y bn c trin khai mt vi my ch ci t h iu hnh Windows Server 2003 trn mng ca bn. Mi my ch cung cp cc dch v mng khc nhau. Bn nhn c mt vi phn hi t pha ngi s dng rng cc my ch dng nh c vn . Windows Server 2003 v Support Tools bao gm mt vi cng c c th c s dng thu thp cc con s thng k v x l s c lin quan n li kt ni. Vi chng bn quyt nh gim st mc s dng ti nguyn trn my ch v x l s c v kt ni mng.
BI TP 8-1: S DNG CNG C TASK MANAGER

Thi gian d kin: 10 pht Khi nhng ngi s dng ca bn phn hi rng h c vn v mng, trc ht bn phi thu thp cc con s thng k theo thi gian thc trn my ch ca bn. ======================================================
Hin th cc tin trnh

QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn hin th tin trnh hin ang hot ng trn my tnh Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. S dng t hp phm CTRL+ALT+DEL m ca s Windows Security. 3. Trong ca s Windows Security, nhp Task Manager m ca s Windows Task Manager. Gi nguyn mn hnh Task Manager ang m. 4. Nhp Start, chn Run ri nhp notepad vo trong hp Open ri nhp phm ENTER. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 194
DUY TR KIN TRC MNG 5. Nhp Start, chn Run ri nhp wordpad vo trong hp Open ri nhp phm ENTER. CU HI Cc ng dng Microsoft Notepad v Microsoft Wordpad c c lit k trong th Applications trong Windows Task Manager khng? 6. Trong ca s Windows Task Manager nhp vo th Processes. CU HI Cc tin trnh Notepad.exe v Wordpad.exe c c lit k trong th Processes trong Windows Task Manager khng? 7. Trong th Processes, trong ct Image Name nhp vo Notepad.exe ri nhp End Process. 8. Trong hp thoi Task Manager Warning nhp Yes xc nhn vic kt thc tin trnh ny. Ch rng ca s Notepad c ng li. 9. Trong th Processes, trong ct Image Name nhp vo Wordpad.exe ri nhp End Process. 10. Trong hp thoi Task Manager Warning nhp Yes xc nhn vic kt thc tin trnh ny. Ch rng ca s Wordpad c ng li. 11. ng ca s Windows Task Manager li. ======================================================
Hin th d liu hiu nng hot ng h thng theo thi gian thc
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn hin th mc s dng CPU theo thi gian thc trn my tnh ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. S dng t hp phm CTRL+ALT+DEL m ca s Windows Security.
195
DUY TR KIN TRC MNG 3. Trong ca s Windows Security, nhp Task Manager m ca s Windows Task Manager. Gi nguyn mn hnh Task Manager ang m. 4. Trong ca s Windows Task Manager nhp vo th Performance. 5. Nhp Start, chn Run ri nhp calc vo trong hp Open ri nhp phm ENTER m Microsoft Calculator. 6. Trong ca s Calculator, nhp View ri k nhp Scientific. 7. Trn bn phm s trong Calcuator, nhp 999 ri k nhp x^3 mt vi ln to cc con s thng k v CPU v page file. Ch rng mc s dng CPU tng ln qua mn hnh hin th Task Manager. 8. ng tt c cc ca s ang m li. ======================================================
Hin th d liu mng theo thi gian thc

QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn hin th mc s dng mng trn my ch ci t h iu hnh Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. S dng t hp phm CTRL+ALT+DEL m ca s Windows Security. 3. Trong ca s Windows Security, nhp Task Manager m ca s Windows Task Manager. Gi nguyn mn hnh Task Manager ang m. 4. Trong ca s Windows Task Manager nhp vo th Networking. 5. Nhp Start, chn Run ri nhp \\computerxx\c$ (trong computerxx l tn my tnh i tc ca bn) vo trong hp Open. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 196
DUY TR KIN TRC MNG 6. Trong ca s Computerxx (trong computerxx l tn my tnh i tc ca bn), nhp chut phi vo th mc Program Files ri nhp Copy. 7. Nhp chut phi vo vng khng gian trng trn mt mn hnh my ch ca bn ri nhp Paste. Trong qu trnh cc file c copy ti my tnh ca bn, ch rng mc s dng ca card mng LAN gia tng. 8. Xa th mc Program Files trn mt mn hnh. 9. ng tt c cc ca s ang m li.
BI TP 8-2: S DNG MN HNH QUN TR PERFORMANCE

Thi gian d kin: 15 pht Bc tip theo trong qu trnh thu thp thng tin v hiu sut hot ng my tnh ci t h iu hnh Windows Server 2003 ca bn l x l s c cc vn trn my ch bng cch s dng mn hnh qun tr Performance vi cc b m xc nh. ======================================================
Thm v g b cc b m
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn thm v g b cc b m hiu sut. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Administrative Tools ri chn Performance khi to mn hnh qun tr Performance. 3. Trong mn hnh Performance, xa cc b m trong mn hnh mc nh System Monitor. (Gi : nhp vo biu tng X trn thanh menu) TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 197
DUY TR KIN TRC MNG 4. Trong mn hnh qun tr, la chn System Monitor trong Console Root. 5. Trong mn hinh Performance, trong phn hin th chi tit nhp vo biu tng (+) thm cc b m Performance Monitor. 6. Trong hp thoi Add Counters, trong danh sch th xung Performance Object nhp Processor. Trong phn Select Counters From List nhp %Processor Time ri nhp Add. 7. Trong hp thoi Add Counters, trong danh sch th xung Performance Object nhp Memory. Trong phn Select Counters From List nhp Available Bytes ri nhp Add. 8. Trong hp thoi Add Counters, trong danh sch th xung Performance Object nhp PhysicalDisk. Trong phn Select Counters From List nhp % Disk Read Time ri nhp Add. 9. Trong hp thoi Add Counters, trong danh sch th xung Performance Object nhp Network Interface. Trong phn Select Counters From List nhp Bytes Total/s ri nhp Add. 10. Nhp Close ng hp thoi Add Counters ri thu nh mn hnh Performance li. ======================================================
Hin th cc s liu thng k v hiu sut hot ng

QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn hin th cc s liu thng k v hiu sut hot ng ca h thng. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Administrative Tools ri k tip chn Computer Management. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 198
DUY TR KIN TRC MNG 3. Trn mn hnh Computer Management, trong phn Storage nhp Disk Defragmenter. 4. Trong mn hnh hin th chi tit nhp Analyze. 5. Khi tin trnh phn tich chng phn mnh a kt thc, nhp Close ng thng bo Analysis Complete li. 6. ng mn hnh Computer Management li ri thu nh mn hnh Performance. 7. Trong mn hnh hin th chi tit, nhp nt Freeze Display (vng trn vi ch X mu trng) hoc nhp CTRL+F. 8. Ti pha di ca mn hnh hin th chi tit, trong phn Counter xc nhn rng %Processor Time c la chn. 9. Gi phm CTRL ri nhp H lm sng b m c chn hin ti. 10. S dng cc phm mi tn ln v xung trn bn phm hin th cc b m khc. CU HI Cc ti nguyn h thng no m Disk Defragmenter s dng? ======================================================
To v cu hnh mt cnh bo
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn cu hnh mt cnh bo c gi ti ngi qun tr h thng. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Administrative Tools ri chn Performance khi to mn hnh qun tr Performance. 3. Trong mn hnh Performance, m rng phn Performance Log And Alerts ri nhp chut phi vo Alerts. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 199
DUY TR KIN TRC MNG 4. Trn menu tt, chn New Alert Settings. 5. Trong hp thoi New Alert Settings, nhp disk time ri nhp OK. 6. Trong trang Disk Time, trong th General nhp Add. 7. Trong trang Add Counters, t danh sch th xung Performance object chn PhysicalDisk. 8. Trong danh sch Select Counters From chn %Disk Time ri nhp Add. 9. Nhp Close ng trang Add Counters li. 10. Trn trang Disk Time, trong th General, trong hp Limit nhp 50. 11. Trn trang Disk Time, trong th General, trong hp Interval nhp 5. 12. Trong hp Run As xc nhn rng bn chn <Default>. 13. Trong th Action, chn Send A Network Message To ri g administrator. 14. Trong th Schedule, trong Start Scan xc nhn rng bn chn Manually ri nhp OK. 15. Trong mn hnh Performance chn Alerts v trong mn hnh hin th chi tit nhp chut phi vo cnh bo Disk Time v chn Start. Cnh bo Disk Time chuyn thnh mu xanh ch rng cnh bo c khi to. 16. ng mn hnh Performance li. ======================================================
Cu hnh khi to dch v truyn thng ip Messenger

QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn nhn thng bo ca cnh bo m bn cu hnh trong bi tp trc:To v cu hnh mt cnh bo.
200
DUY TR KIN TRC MNG 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools v cui cng chn Services. 3. Trong phn hin th chi tit ca mn hnh Services, xc nh ri kch p vo dch v Messenger trong danh sch cc dch v cc b ca my tnh. 4. Trn trang Messenger Properties (Local Computer), trong th General, t danh sch Startup Type chn Manual ri nhp Apply. 5. Nhp Start khi to dch v Messenger trn my tnh cc b. 6. Nhp OK ng trang Messenger Properties (Local Computer) li. 7. ng mn hnh Services li. ======================================================
Khi to mt cnh bo
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn khi to mt cnh bo v nhn thng bo . 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start ri nhp vo My Computer m ca s My Computer. 3. Trong ca s My Computer, nhp chut phi vo a C ri nhp Properties. 4. Trong trang Local Disk (C;) Properties nhp th Tools. 5. Trong th Tools, trong phn Defragmentation, nhp Defragment Now m ca s Disk Defragmenter. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 201
DUY TR KIN TRC MNG 6. Trong ca s Disk Defragmenter, nhp Defragment. xem mt cnh bo, i trc khi ng tt c cc ca s ang m. 7. Sau khi bn nhn c cnh bo, ng tt c cc ca s ang m li. ======================================================
Dng qu trnh cnh bo

QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn dng cnh bo m bn to trong bi trc. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch p vo Performance khi to mn hnh Performance. 4. Trong mn hnh Performance, m rng phn Performance Logs And Alerts ri nhp Alerts. 5. Trong phn hin th chi tit, chn Disk Time alert, nhp chut phi vo n ri nhp Stop.
BI TP 8-3: GIM ST LU LNG MNG

Thi gian d kin: 15 pht Sau khi thu thp thng tin my tnh cc b v cc s liu thng k x l s c kt ni mng, gi y bn phi thng tin v lu lng mng. ======================================================
Ci t Network Monitor
QUAN TRNG Hon thnh cng vic ny trn c hai my tnh ca hc vin. Qua s cho php bn ci t Network Monitor trn my ch ci t Windows Server 2003 ca bn. K , Network Monitor cn c s dng d on cc gi tin m my ch nhn c. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 202
DUY TR KIN TRC MNG 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start chn Control Panel ri nhp vo Add Or Remove Programs. 3. Trong ca s Add Or Remove Programs nhp Add/Remove Windows Components. 4. Trong phn Components ca Windows Components Wizard, la chn Management And Monitoring Tools ri nhp nt Details. 5. Trong ca s Management And Monitoring Tools, chn hp kim tra Network Monitor Tools ri nhp OK. 6. Trong Windows Components Wizard nhp Next. 7. Nu h iu hnh yu cu bn ch v tr cc file ci t, a a CD ci t Windows Server 2003 vo a CD-ROM ri nhp OK. 8. Trn trang Completing The Windows Components Wizard nhp Finish. 9. ng tt c cc ca s ang m li. ======================================================
Thu thp v lc d liu FTP bng Network Monitor

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh ca hc vin. Qua s cho php bn m mt phin vi dch v FTP trn my tnh i tc ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Chn Start -> Control Panel -> Administrative Tools -> Network Monitor.
203
DUY TR KIN TRC MNG 3. Nu nhn c thng bo v card mng, nhp vo card Contoso Ltd Network ri nhp OK. 4. Trong ca s Microsoft Network Monitor, nhp Capture trn thanh cng c ri nhp Start. QUAN TRNG i i tc ca bn hon thnh cc bc trn ri mi tip tc. 5. Chn Start -> All Programs -> Internet Explorer m Microsoft Internet Explorer. 6. Trong hp thoi Internet Explorer, la chn In The Future, Do Not Show This Message ri nhp OK. 7. Trong thanh bar Internet Explorer Address, nhp ftp://computerxx (trong computerxx l tn my tnh i tc ca bn) QUAN TRNG i i tc ca bn hon thnh cc bc trn ri mi tip tc. 8. Trong ca s Microsoft Network Monitor, nhp Capture trn thanh cng c ri nhp Stop And View. 9. Trong ca s Microsoft Network Monitor, ca s Capture:1 (Summary) nhp Display trn thanh cng c ri nhp Filter. 10. Trong ca s Display Filter, nhp Protocol == Any ri nhp Edit Expression. 11. Trong ca s Expression, trong th Protocol, nhp vo nt Disable All. 12. Trong phn Disable Protocols, chn FTP, nhp nt Enable ri nhp OK. i mt pht quan st nhng loi d liu no c Network Monitor thu thp. 13. Trong ca s Display Filter nhp OK. 14. ng ca s Network Monitor li.
204
DUY TR KIN TRC MNG 15. Khi bn nhn c thng bo v vic lu vic thu thp trong hp thoi Microsoft Network Monitor, nhp No. 16. ng tt c cc ca s ang m li. ======================================================
Thu thp v lc d liu HTTP bng Network Monitor

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh ca hc vin. Qua s cho php bn m mt phin vi dch v HTTP trn my tnh i tc ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Chn Start -> Control Panel -> Administrative Tools -> Network Monitor. 3. Nu nhn c thng bo v card mng, nhp vo card Contoso Ltd Network ri nhp OK. 4. Trong ca s Microsoft Network Monitor, nhp Capture trn thanh cng c ri nhp Start. QUAN TRNG i i tc ca bn hon thnh cc bc trn ri mi tip tc. 5. Chn Start -> All Programs -> Internet Explorer m Microsoft Internet Explorer. 6. Trong hp thoi Internet Explorer, la chn In The Future, Do Not Show This Message ri nhp OK. 7. Trong thanh bar Internet Explorer Address, nhp http://computerxx (trong computerxx l tn my tnh i tc ca bn) QUAN TRNG i i tc ca bn hon thnh cc bc trn ri mi tip tc. 8. Trong ca s Microsoft Network Monitor, nhp Capture trn thanh cng c ri nhp Stop And View. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 205
DUY TR KIN TRC MNG 9. Trong ca s Microsoft Network Monitor, ca s Capture:1 (Summary) nhp Display trn thanh cng c ri nhp Filter. 10. Trong ca s Display Filter, nhp Protocol == Any ri nhp Edit Expression. 11. Trong ca s Expression, trong th Protocol, nhp vo nt Disable All. 12. Trong phn Disable Protocols, chn HTTP, nhp nt Enable ri nhp OK. 13. Trong ca s Display Filter nhp OK. i mt pht quan st d liu m Network Monitor thu thp. 14. ng ca s Network Monitor li. 15. Khi bn nhn c thng bo v vic lu vic thu thp trong hp thoi Microsoft Network Monitor, nhp No. 16. ng tt c cc ca s ang m li.
BI TP 8-4: X L S C KT NI
Thi gian d kin: 15 pht Ngi s dng trn mng Contoso thng bo rng c vn khi kt ni ti my ch v cc ti nguyn khc nh Internet chng hn. Trong bi ny, bn s s dng mt vi cng c trn Windows Server 2003 x l s c lin quan n vn kt ni. ======================================================
S dng Ipconfig
QUAN TRNG Hon thnh cng vic ny trn my tnh ca c hai hc vin. Qua s cho php bn kim tra cu hnh a ch IP trn cc my ch ci t Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 206
DUY TR KIN TRC MNG 2. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 3. Trong ca s ch dng lnh, ti du nhc lnh, g ipconfig /? ri nhp phm ENTER. CU HI C nhng la chn no khi bn s dng cng c Ipconfig? 4. Trong ca s ch dng lnh, ti du nhc lnh, g ipconfig /all. Ghi li thng tin m cu lnh cung cp v card mng Contoso Ltd Network vo phn di y: IP address:_____________________________________________ Subnet mask:___________________________________________ Default gateway:________________________________________ DNS servers:___________________________________________ Host name:_____________________________________________ Physical address:________________________________________ 5. ng tt c cc ca s ang m li. ======================================================
S dng Tracert
QUAN TRNG Hon thnh cng vic ny trn my tnh ca c hai hc vin. Qua s cho php bn s dng cng c Tracert kim tra kt ni ti my khc ci t chng giao thc TCP/IP. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 3. Trong ca s ch dng lnh, ti du nhc lnh, g tracert instructor01.contoso.com ri nhp phm ENTER. CU HI ti ch n phi i qua bao nhiu bc nhy (hop)? CU HI a ch IP ca host instructor.contoso.com l g? TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 207
DUY TR KIN TRC MNG 4. ng tt c cc ca s ang m li. ======================================================
S dng PathPing
QUAN TRNG Hon thnh cng vic ny trn my tnh ca c hai hc vin. Qua s cho php bn s dng cng c PathPing kim tra kt ni ti my khc ci t chng giao thc TCP/IP. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 3. Trong ca s ch dng lnh, ti du nhc lnh, g pathping instructor01.contoso.com ri nhp phm ENTER. CU HI Phn trm gi tin b mt l bao nhiu? 4. ng tt c cc ca s ang m li. ======================================================
S dng Netstat
QUAN TRNG Hon thnh cng vic ny trn my tnh ca c hai hc vin. Qua s cho php bn s dng cng c Netstat hin th giao thc v thng tin v cc cng TCP/UDP trn my ch ci t Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 3. Trong ca s ch dng lnh, ti du nhc lnh, g netstat -na ri nhp phm ENTER. CU HI Cc cng TCP/UDP no c s dng trn my tnh ca bn? TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 208
DUY TR KIN TRC MNG 17. ng tt c cc ca s ang m li. ======================================================
S dng Netdiag
QUAN TRNG Hon thnh cng vic ny trn my tnh ca c hai hc vin. Qua s cho php bn s dng cng c Netdiag trong qu trnh tr gip x l s c v kt ni mng. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Chn Start -> All Programs -> Windows Support Tools -> Command Prompt. 3. Trong ca s ch dng lnh, ti du nhc lnh, g netdiag /l ri nhp phm ENTER. 4. Nhp Start, chn My Computer ri tr n th mc C:\Documents And Settings\Administrator v kch p vo th mc ny. 5. Trong ca s C:\Program Files\Support Tools, xc nh v kch p vo file Netdiag.log. CU HI Loi thng tin g m cng c Netdiag hin th? (Gi : s dng file log ni trn ghi li cu tr li ca bn)
BI TP 8-5: CU HNH CC DCH V TRN WINDOWS SERVER 2003

Thi gian d kin: 15 pht Bn thc hin mt vi thay i cu hnh trong cc bi tp trc trong qu trnh x l s c v mt s trong yu cu dng v khi ng cc dch v trn Windows Server 2003. Sau khi hon thnh cc bc ci t v cu hnh, by gi bn phi xem v cu hnh cc dch v trn my ch ca bn. ======================================================
209
DUY TR KIN TRC MNG
Xem tnh ph thuc ca dch v

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh ca hc vin. Qua s cho php bn xem tnh ph thuc ca dch v trn Windows Server 2003. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Trong ca s Administrative Tools, kch p vo Services. 4. Trong mn hnh hin th chi tit, kch p vo dch v World WideWeb Publishing Service. 5. Trn trang World Wide Web Publishing Service (Local Computer), nhp vo th Dependencies. CU HI Dch v World Wide Web Publishing Service ph thuc vo nhng dch v no? (Gi : tm trong phn This Service Depends On The Following System Components) CU HI Nhng dch v no ph thuc vo dch v World Wide Web Publishing Service? (Gi : tm trong phn Following System Components Depend On This Service) 6. Trong trang World Wide Web Publishing Service (Local Computer), nhp OK. ======================================================
Cu hnh cc la chn khi to dch v

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh ca hc vin. Qua s cho php bn cu hnh cc la chn v khi to dch v trn h iu hnh Windows Server 2003. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 210
DUY TR KIN TRC MNG 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Trong ca s Administrative Tools, kch p vo Services. 4. Trong mn hnh hin th chi tit, kch p vo dch v Telnet. CU HI Trng thi ca dch v Telnet trn my tnh ca bn l g? 5. Nhp OK ng trang Telnet Properties. 6. Gi nguyn mn hnh Services ang m. 7. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 8. Trong ca s ch dng lnh, ti du nhc lnh, g telnet computerxx (trong computerxx l tn my tnh ca bn) ri nhp phm ENTER. CU HI Bn nhn c thng bo li g khi c gng kt ni s dng Telnet? 9. ng ca s ch dng lnh li. 10. Trong mn hnh Services kch p vo dch v Telnet. 11. Trn trang Telnet Properties (Local Computer), trong danh sch th xung Startup Type, la chn Automatic ri nhp OK ng trang Telnet Properties. 12. ng tt c cc ca s ang m li ri khi ng my ch ca bn. 13. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 14. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 15. Trong ca s Administrative Tools, kch p vo Services. 16. Trong mn hnh hin th chi tit, kch p vo dch v Telnet. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 211
DUY TR KIN TRC MNG CU HI Trng thi ca dch v Telnet trn my tnh ca bn l g? 17. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 18. Trong ca s ch dng lnh, ti du nhc lnh, g telnet computerxx (trong computerxx l tn my tnh ca bn) ri nhp phm ENTER. Nu bn nhn c thng bo yu cu nhp cc chng thc, cung cp cc thng s sau: a. Login: administrator b. Password: MSPress@LS#1 CU HI Bn c th kt ni ti dch v Telnet ang chy trn my tnh hc vin ca bn khng? 19. ng tt c cc ca s ang m li. ======================================================
Khi to v dng cc dch v

QUAN TRNG Hon thnh cng vic ny trn c hai my tnh ca hc vin. Qua s cho php bn khi to v dng mt dch v trn h iu hnh Windows Server 2003. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Trong ca s Administrative Tools, kch p vo Services. 4. Trong mn hnh hin th chi tit, kch p vo dch v Telnet. 5. Trn trang Telnet Properties, trong phn Service Status nhp Stop dng dch v Telnet. 6. Trn trang Telnet Properties, trong phn Service Status nhp Start khi to dch v Telnet. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 212
DUY TR KIN TRC MNG 7. ng tt c cc ca s ang m li.
BI TP 8-6: G B CC THNH PHN CI T

Thi gian d kin: 5 pht Trong bi tp ny, bn s g b cc thit lp cu hnh m bn to ra hoc cu hnh trong cc bi tp trc. Thc hin cng vic ny s gip bn loi b nhng s ph thuc c th nh hng n cc bi tp sau. ======================================================
G b dch v IIS
QUAN TRNG Hon thnh cng vic ny trn c hai my tnh ca hc vin. Qua s cho php bn g b dch v IIS ra khi my ch ci t Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri nhp vo Add Or Remove Programs. 3. Trong ca s Add Or Remove Programs, nhp Add/Remove Windows Components. 4. Trong Windows Components Wizard, trong phn Components, la chn Application Server ri nhp vo nt Details. 5. Trong ca s Application Server, xa hp kim tra Internet Information Services (IIS) ri nhp OK. 6. Trong Windows Components Wizard nhp Next. 7. Trn trang Completing The Windows Components Wizard nhp Finish. 8. ng tt c cc ca s ang m li.
213
DUY TR KIN TRC MNG
CU HI N TP
Thi gian d kin: 15 pht 1. Tn ca nm cng c c th c s dng trn mt my tnh ci t h iu hnh Windows Server 2003 nhm h tr bn trong vic x l s c lin quan ti cc vn mng l g? 2. Cc kiu gi tin no m Network Monitor c th s dng thu thp? 3. Ba s la chn cho qu trnh khi to ca mt dch v trn h iu hnh Windows Server 2003 l g? 4. Bn th trong cng c Task Manager c th c s dng x l s c l g? 5. Cc cng c no trn Windows Server 2003 c th c s dng kim tra kt ni ti my tnh TCP/IP khc? 6. Cc cng c no trn Windows Server 2003 c th c s dng hin th cc con s thng k IP v thng tin cu hnh v mt my ch? 7. Hai cng c no c th c s dng hin th cc con s thng k v hiu nng hot ng theo thi gian thc trn mt my tnh ci t Windows Server 2003?
THC HNH NNG CAO 8-1: GIM ST V X L S C MNG

Thi gian d kin: 15 pht Bn l nh qun tr mng min con ca contoso.com. Hin ti bn c hai my ch iu khin vng DC cho min con ny. Do cng vic kim nh mng nn bn phi ghi li cu hnh cc my ch DC ny. Thng tin ny bao gm: a ch IP, a ch MAC, cc cng TCP/UDP m v cu hnh DNS trn mi my ch. Bn trin khai tnh nng Remote Desktop for Administration trn cc my ch nhng by gi bn cn telnet t mt DC ny ti mt DC khc copy mt vi ti liu. Bn phi cu hnh Telnet sao cho dch v ny khng c khi ng sau khi h thng c khi ng li do nhng l hng v bo mt gy ra. Lp mt k hoch thc hin chnh sch kim nh ny v cu hnh dch v Telnet mt cch chnh xc. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 214
DUY TR KIN TRC MNG
215

Lab 70-291

Uploaded by

Copyright:

Available Formats

You might also like

Lab 70-291

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lab 70-291

Uploaded by

Copyright:

Available Formats

TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI MICROSOFT WINDOWS SERVER 2003

HANI APTECH 2006

THC HNH 2: QUN L & GIM ST DHCP .............. 31

THC HNH 3: CI T & CU HNH DCH V DNS SERVER................................................................................... 54

THC HNH 4: QUN L & GIM ST DCH V DNS SERVER................................................................................... 74

THC HNH 5: BO MT TRONG MNG.................... 103

THC HNH 6: S DNG IPSEC BO MT LU THNG MNG .................................................................... 122

THC HNH 7: S DNG RRAS CU HNH NH TUYN................................................................................... 148

THC HNH 8: DUY TR KIN TRC MNG .............. 190

TRIN KHAI DCH V DHCP

THC HNH 1: TRIN KHAI DCH V DHCP

TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003

TRIN KHAI DCH V DHCP

TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003

TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003

TRIN KHAI DCH V DHCP

BI TP 1-1: S DNG APIPA

Hin th Thng tin nh a ch IP Th cng

Hin th Thng tin cp a ch APIPA

Nhp thng tin a ch IP cho giao tip mng Litware, Inc

BI TP 1-2: CI T DCH V DHCP SERVER

TRIN KHAI DCH V DHCP

BI TP 1-3: U QUYN DCH V DHCP SERVER TRONG ACTIVE DIRECTORY

U quyn Dch v DHCP Server

BI TP 1-4: THM, CU HNH V KCH HOT MT PHM VI DHCP

Thm v cu hnh phm vi DHCP

Kch hot phm vi DHCP

TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003

TRIN KHAI DCH V DHCP a. Trong hp User administrator@Domain.Contoso.Com Name, nhp

Dng dch v DHCP Server

Kim tra a ch IP c cp pht.

TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003

BI TP 1-5: THM A CH IP DNH SN CHO MY TRM

Thm IP dnh sn cho my trm.

TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003

TRIN KHAI DCH V DHCP

nhn a ch IP dnh sn cho my trm

Kim tra a ch IP dnh sn cho my trm

BI TP 1-6: CU HNH CC TU CHN DHCP

Cu hnh cc tu chn phm vi DHCP

nhn mt tu chn cho phm vi DHCP

BI TP 1-7: CU HNH MT DHCP RELAY AGENT

Thm Routing and Remote Access

Thm Giao thc Thng tin nh tuyn (RIP)

TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003

Thm DHCP Relay Agent

Dng dch v DHCP Server

TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003

Kim tra DHCP Relay Agent

TRIN KHAI DCH V DHCP

Loi b Routing and Remote Access

BI TP 1-8: KHI NG DCH V DHCP SERVER

THC HNH NNG CAO 1-1: CHUYN I SANG CP PHT A CH IP NG

TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003

QUN L V GIM ST DHCP

THC HNH 2: QUN L & GIM ST DHCP

CI T DCH V DHCP SERVER

U QUYN DCH V DHCP SERVER

Thm v Cu hnh phm vi DHCP