Professional Documents
Culture Documents
Lab 70-291
Lab 70-291
Lab 70-291
CC BI TP THC HNH
MC LC
THC HNH 1: TRIN KHAI DCH V DHCP ................. 5
TRC KHI BN BT U .............................................................. 6 KCH BN ............................................................................................. 8 BI TP 1-1: S DNG APIPA .......................................................... 8 BI TP 1-2: CI T DCH V DHCP SERVER......................... 10 BI TP 1-3: U QUYN DCH V DHCP SERVER TRONG ACTIVE DIRECTORY........................................................................ 11 BI TP 1-4: THM, CU HNH V KCH HOT MT PHM VI DHCP.................................................................................................... 12 BI TP 1-5: THM A CH IP DNH SN CHO MY TRM 16 BI TP 1-6: CU HNH CC TU CHN DHCP ........................ 19 BI TP 1-7: CU HNH MT DHCP RELAY AGENT ................ 21 BI TP 1-8: KHI NG DCH V DHCP SERVER .................. 27 CC CU HI N TP ..................................................................... 29 THC HNH NNG CAO 1-1: CHUYN I SANG CP PHT A CH IP NG .............................................................................. 30
BI TP 3-2: TO & CU HNH DNS ZONES............................... 57 BI TP 3-3: TO CC BN GHI DNS .......................................... 67 BI TP 3-4: CU HNH FORWARDING....................................... 70 CU HI N TP............................................................................... 72 THC HNH NNG CAO 3-1: CU HNH DNS............................ 73
BI TP 6-5: D B CC CHNH SCH IPSEC ......................... 144 CU HI N TP............................................................................. 145 THC HNH NNG CAO 6-1: BO V D LIU BNG IPSEC ............................................................................................................. 146
TRC KHI BN BT U
Thi gian d kin hon thnh: 10 pht hon thnh cc bi tp trong Thc hnh 1, bn cn phi ci t mt b giao tip mng th hai trong mi my tnh ca hc vin. Kt ni my tnh ca mi hc vin bng dy cp cho ni cc giao tip mng th hai vi nhau. Bng 1-1 c s dng cu hnh cc my tnh ca hc vin trong bi thc hnh ny. Tuy nhin, khng nht thit phi to ra cc thay i cu hnh ti bc ny. Sau khi hon thnh Thc hnh 1, phi d b cc giao tip mng th hai hoc v hiu (disable) chng trong giao din Microsoft Windows trc khi tip tc cc bc thc hnh tip theo. Bng 1-1 Computer Name Computer01 Computer02 Computer03 Computer04 Computer05 Computer06 Computer07 Computer08 Computer09 Computer10 Computer11 Computer12 Ci t a ch IP cho cc my hc vin Contoso Ltd., Network IP address: 10.1.1.1 Subnet mask: 255.255.0.0 IP address: 10.1.1.2 Subnet mask: 255.255.0.0 IP address: 10.1.1.3 Subnet mask: 255.255.0.0 IP address: 10.1.1.4 Subnet mask: 255.255.0.0 IP address: 10.1.1.5 Subnet mask: 255.255.0.0 IP address: 10.1.1.6 Subnet mask: 255.255.0.0 IP address: 10.1.1.7 Subnet mask: 255.255.0.0 IP address: 10.1.1.8 Subnet mask: 255.255.0.0 IP address: 10.1.1.9 Subnet mask: 255.255.0.0 IP address: 10.1.1.10 Subnet mask: 255.255.0.0 IP address: 10.1.1.11 Subnet mask: 255.255.0.0 IP address: 10.1.1.12 Litware Inc., Network IP address: 192.168.0.1 Subnet mask: 255.255.255.0 IP address: 192.168.0.2 Subnet mask: 255.255.255.0 IP address: 192.168.0.3 Subnet mask: 255.255.255.0 IP address: 192.168.0.4 Subnet mask: 255.255.255.0 IP address: 192.168.0.5 Subnet mask: 255.255.255.0 IP address: 192.168.0.6 Subnet mask: 255.255.255.0 IP address: 192.168.0.7 Subnet mask: 255.255.255.0 IP address: 192.168.0.8 Subnet mask: 255.255.255.0 IP address: 192.168.0.9 Subnet mask: 255.255.255.0 IP address: 192.168.0.10 Subnet mask: 255.255.255.0 IP address: 192.168.0.11 Subnet mask: 255.255.255.0 IP address: 192.168.0.12 6
TRIN KHAI DCH V DHCP Subnet mask: 255.255.0.0 IP address: 10.1.1.13 Subnet mask: 255.255.0.0 IP address: 10.1.1.14 Subnet mask: 255.255.0.0 IP address: 10.1.1.15 Subnet mask: 255.255.0.0 IP address: 10.1.1.16 Subnet mask: 255.255.0.0 IP address: 10.1.1.17 Subnet mask: 255.255.0.0 IP address: 10.1.1.18 Subnet mask: 255.255.0.0 IP address: 10.1.1.19 Subnet mask: 255.255.0.0 IP address: 10.1.1.20 Subnet mask: 255.255.0.0 IP address: 10.1.1.21 Subnet mask: 255.255.0.0 IP address: 10.1.1.22 Subnet mask: 255.255.0.0 IP address: 10.1.1.23 Subnet mask: 255.255.0.0 IP address: 10.1.1.24 Subnet mask: 255.255.0.0 IP address: 10.1.1.25 Subnet mask: 255.255.0.0 IP address: 10.1.1.26 Subnet mask: 255.255.0.0 IP address: 10.1.1.27 Subnet mask: 255.255.0.0 IP address: 10.1.1.28 Subnet mask: 255.255.0.0 IP address: 10.1.1.29 Subnet mask: 255.255.0.0 IP address: 10.1.1.30 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 IP address: 192.168.0.13 Subnet mask: 255.255.255.0 IP address: 192.168.0.14 Subnet mask: 255.255.255.0 IP address: 192.168.0.15 Subnet mask: 255.255.255.0 IP address: 192.168.0.16 Subnet mask: 255.255.255.0 IP address: 192.168.0.17 Subnet mask: 255.255.255.0 IP address: 192.168.0.18 Subnet mask: 255.255.255.0 IP address: 192.168.0.19 Subnet mask: 255.255.255.0 IP address: 192.168.0.20 Subnet mask: 255.255.255.0 IP address: 192.168.0.21 Subnet mask: 255.255.255.0 IP address: 192.168.0.22 Subnet mask: 255.255.255.0 IP address: 192.168.0.23 Subnet mask: 255.255.255.0 IP address: 192.168.0.24 Subnet mask: 255.255.255.0 IP address: 192.168.0.25 Subnet mask: 255.255.255.0 IP address: 192.168.0.26 Subnet mask: 255.255.255.0 IP address: 192.168.0.27 Subnet mask: 255.255.255.0 IP address: 192.168.0.28 Subnet mask: 255.255.255.0 IP address: 192.168.0.29 Subnet mask: 255.255.255.0 IP address: 192.168.0.30 Subnet mask: 255.255.255.0
Computer13 Computer14 Computer15 Computer16 Computer17 Computer18 Computer19 Computer20 Computer21 Computer22 Computer23 Computer24 Computer25 Computer26 Computer27 Computer28 Computer29 Computer30
KCH BN
Bn l mt qun tr mng cho Cng ty Litware. Gy y, cng ty Contoso tip nhn cng ty Litware. Do vy, Litware hin ang m rng mng. Trc y, Litware s dng gii php cp pht a ch IP ng (APIPA). Do c s gia tng v s lng my trm (yu t thc y Contoso tip nhn Litware) v do thc t l cc nh qun tr mng ci t mt b nh tuyn cho php ngi s dng truy cp Internet, bn c yu cu phi lp k hoch v ci t mt h thng cp pht a ch ng bng cch s dng giao thc DHCP (Cu hnh a ch ng cho my trm). Bn hp tc vi mt i tc ci t dch v DHCP Server v cu hnh n gn cc tham s cu hnh cn thit.
TRIN KHAI DCH V DHCP c. Default gateway d. DNS server CU HI: My tnh nhn c a ch IP cho giao tip mng Contoso Ltd. t u?
TRIN KHAI DCH V DHCP 7. Nhn Close chp nhn cc thay i kt ni mng.
TRIN KHAI DCH V DHCP CU HI: Ti sao chng ta phi u quyn cho my ch DHCP?
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. La chn my ch DHCP tng ng t cy mn hnh bng iu khin 7. Trn thc n Action, chn New Scope to mt phm vi DHCP mi. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 12
TRIN KHAI DCH V DHCP 8. Trong New Scope Wizard, nhn Next 9. Trong trang Scope Name, nhp cc thng tin cu hnh nh sau: a. i vi hp Name, nhp partners computer scope b. i vi hp Description, nhp scope for partners computer 10. Trn trang IP Address Range, nhp cc thng tin cu hnh sau: a. i vi mc Start IP Address, nhp a ch IP u tin cho i tc Litware Inc b. i vi mc End Start IP Address, nhp a ch IP cui cng cho i tc Litware Inc c. i vi mc Subnet Mask, nhp 24 bit hoc 255.255.255.0 11. Trn trang Add Exclusion, nhn Next 12. Trn trang Lease Duration, la chn 1 gi, v sau nhn Next 13. Trn trang Configure DHCP Options, chn No, I Will Configure These Option Later. Nhn Next 14. Trn trang Completing New Scope Wizard, nhn Finish.
13
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. La chn tn my ch DHCP trong cy mn hnh bng iu khin 7. La chn phm vi c tn l Partners Computer Scope 8. Trn thc n Action, chn Activate 9. ng mn hnh bng iu khin MMC. CU HI:: Ti sao bn li phi kch hot phm vi DHCP?
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. Trong ca s mn hnh bng iu khin DHCP, trc tin chn v sau nhn chut phi vo DHCP Server. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 14
TRIN KHAI DCH V DHCP 7. Trn thc n hin ra, la chn All Tasks, v tip theo chn Stop 8. ng tt c cc ca s.
Nhn a ch IP cp pht
QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn nhn mt i ch IP t my ch DHCP server 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, chn biu tng Network connections. 3. Nhn chut phi vo biu tng Litware Inc Network connections. 4. Chn Properties. 5. Chn Internet Protocol (TCP/IP) trong danh sch cc thnh phn, v sau nhn Properties. Chn Obtain An IP Address Automatically. 6. Nhn OK chp nhn cc thay i thuc tnh cu hnh a ch IP. 7. Nhn Close chp nhn cc thay i Network connections. 8. Nhn Start, v chn Run. 9. nh cmd, v nhn Enter. 10. Trong ca s Command Prompt, nh lnh ipconfig /renew. 11. Trong ca s Command Prompt, nh lnh ipconfig /all. 12. Hy kim tra xem a ch IP c hin th cho Litware Inc Network connections c phi l a ch IP c cu hnh trn my ch DHCP. Tng t bn cng kim tra a ch IP trn my tnh ca i tc.
15
TRIN KHAI DCH V DHCP 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. Chn tn my ch trong cy bng iu khin. 7. Chn phm vi c tn l: Partners Computer Scope 8. Chn Address Leases. 9. Kim tra xem Computerxx @Domain.Contoso.Com c lit k bn di ct Name trong Address Leases.
TRIN KHAI DCH V DHCP 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. User a. Trong hp administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. Chn my ch DHCP cn cu hnh trong cy bng iu khin. 7. M rng my ch DHCP, tip theo m rng phm vi Partners Computer Scope 8. Trong mn hnh cy Bng iu khin, nhn Reservations. Trn thc n Action, chn New Reservation. 9. Trong hp Reservation Name, Nhp tn my tnh i tc. 10. Trong hp IP Address, Nhp i ch IP ca Litware Network connections 11. Trong hp MAC Address, Nhp a ch MAC ca giao tip mng ca i tc. 12. Trong hp Description, Nhp Client Reservation. 13. Trong hp Supported Types, chn DHCP Only. 14. Nhn Add thm Client Reservation. 15. Nhn OK.
17
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt 5. Trong ca s Command Prompt, nh lnh ipconfig /renew. 6. Trong ca s Command Prompt, nh lnh ipconfig /all. 7. Hy kim tra xem a ch IP c gn cho Litware Inc Network connections c phi l a ch IP c cu hnh trn my ch DHCP.
TRIN KHAI DCH V DHCP 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. Trong cy DHCP Bng iu khin, chn my ch DHCP cn cu hnh trong cy bng iu khin, tip theo m rng phm vi Partners Computer Scope 7. Trong mn hnh cy Bng iu khin, nhn Address Lease. 8. Kim tra xem reservation displays c kch hot cha. 9. Trong mn hnh cy Bng iu khin, pha di Address Lease, xa client reservation.
TRIN KHAI DCH V DHCP 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp nh khon sau y m mn hnh bng iu khin DHCP. a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. Chn my ch DHCP cn cu hnh trong cy bng iu khin, 7. Trong cy DHCP Bng iu khin, m rng phm vi Partners Computer Scope 8. Chn v nhn chut phi vo Scope options, tip theo chn Configure Options. Trong danh sch Scope options, chn 003 Router. 9. Trong hp Data Entry Ip Address, Nhp a ch IP ca i tc Litware Inc Network connection, v nhn Add. 10. Nhn OK CU HI: Cc ty chn DHCP khc c s dng trn mng l g?
TRIN KHAI DCH V DHCP 3. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m ca s Command Prompt: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt 5. Trong ca s Command Prompt, nh lnh ipconfig /renew. 6. Trong ca s Command Prompt, nh lnh ipconfig /all. 7. Hy kim tra xem a ch IP c gn cho Gateway c phi l a ch IP ca giao tip mng ca i tc khng.
TRIN KHAI DCH V DHCP 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh Routing And Remote Access: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin Routing And Remote Access 6. Trong mn hnh bng iu khin Routing And Remote Access, chn tn my tnh, sau chn Action thc n, v chn Configure And Enable Routing And Remote Access. 7. Trong Routing And Remote Access Server Setup Wizard, nhn Next. 8. Trong trang Configuration, nhn LAN Routing, v nhn Next 9. Trn trang Custom Configuration, nhn LAN Routing v sau nhn Next. 10. Trn trang Completing Routing And Remote Access Server Setup Wizard, nhn Finish 11. Khi bn sn sng bt u dch v ny, chn Yes.
22
TRIN KHAI DCH V DHCP 3. Nhn chut phi Routing And Remote Acces v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh Routing And Remote Access: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin Routing And Remote Access 6. Trong mn hnh bng iu khin Routing And Remote Access, m rng Computerxx , sau chn IP Routing. 7. Pha di IP Routing, nhn chut phi vo General, v sau chn New Routing Protocol. 8. Trong trang New Routing Protocol, nhn RIP Version 2 For Internet Protocol, v sau nhn OK. CU HI: Hai phng php no gip cc gi tin c chuyn ti cc mng (subnet) khc? 9. Trong mn hnh bng iu khin Routing And Remote Access, nhn chut phi vo RIP, v sau chn New Interface. 10. Trong hp thoi New Interface For RIP Version 2 For Internet Protocol, pha di Interfaces, chn Contoso Corp Network, v sau nhn OK. 11. Trn trang RIP Properties-Contoso Corp Network Properties, nhn OK. 12. Trong mn hnh bng iu khin Routing And Remote Access, nhn chut phi vo RIP, v sau chn New Interface. 13. Trong hp thoi New Interface For RIP Version 2 For Internet Protocol, pha di Interfaces, chn Litware Corp Network, v sau nhn OK. 23 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003
TRIN KHAI DCH V DHCP 14. Trn trang RIP Properties-Litware Corp Network Properties, nhn OK.
d. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin Routing And Remote Access 6. Trong mn hnh bng iu khin Routing And Remote Access, chn IP Routing. 7. Pha di IP Routing, nhn chut phi vo General, v sau chn New Routing Protocol. 8. Trong trang New Routing Protocol, nhn DHCP Relay Agent, v sau nhn OK. 9. c DHCP Relay Agent trn mt giao din ca b nh tuyn router, trong cy mn hnh bng iu khin, chn DHCP Relay Agent. 24 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003
TRIN KHAI DCH V DHCP 10. Nhn chut phi vo DHCP Relay Agent, v sau chn New Interface. 11. Chn Litware Inc Network connection, sau nhn OK. 12. Kim tra xem Relay DHCP Packets option c chn. 13. Nhn OK 14. cu hnh giao din DHCP relay agent vi mt a ch IP ca my ch DHCP, m mn hnh bng iu khin Routing And Remote Access. 15. Nhn chut phi vo DHCP Relay Agent, v sau chn Properties. 16. Trong General th, trong hp Server Address, nhp a ch IP my tnh ca ngi hng dn (10.1.1.200), v sau nhn Add. 17. Nhn OK. CU HI: iu g s xy ra nu a ch IP khng c nhp vo cu hnh DHCP relay agent?
25
TRIN KHAI DCH V DHCP b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP.
6. Trong ca s bng iu khin DHCP bn tay tri, u tin chn v sau nhn chut phi vo DHCP Server. 7. Trong trnh n bt ln, chn All Tasks, v sau chn Stop. 8. ng tt c cc ca s. CU HI: Ti sao bn phi dng dch v DHCP Server trn DHCP relay agent?
d. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt 5. Trong ca s Command Prompt, nh lnh ipconfig /renew. 6. Trong ca s Command Prompt, nh lnh ipconfig /all. 7. Hy kim tra xem a ch IP c phi l a ch c gn t my tnh ca ngi hng dn. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 26
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin Routing And Remote Access. 6. Nhn chut phi vo Computerxx server name trong mn hnh bng iu khin Routing And Remote Access, v sau chn Disable Routing And Remote Access. 7. Trong hp thoi Routing And Remote Access, nhn Yes loi b Routing And Remote Access. CH : Cc vai tr ca my trm DHCP v DHCP relay agent c th c hon i nu thi gian cho php.
TRIN KHAI DCH V DHCP QUAN TRNG: Bi tp ny rt cn thit cho s thc hin thnh cng cc bi thc hnh tip theo.
Nhp Thng tin a ch IP Tnh cho Giao tip mng Litware Inc
QUAN TRNG: Hon thnh nhim v ny t my tnh c s hiu cao hn. iu ny cho php bn cu hnh mt a ch IP tnh cho giao tip mng Litware Inc. S dng thng tin nh a ch IP trong Bng 1-1 chn cc a ch thch hp cho giao tip mng Litware Inc 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn phm Start v chn Network connections. 3. Nhn chut phi vo Properties. Network connections, v sau chn
4. Chn Internet Protocol (TCP/IP) trong danh sch cc thnh phn, v sau chn Properties. 5. Chn tu chn Use Following IP Address 6. Nhp thng tin a ch IP t bng 1-1 7. Nhn OK chp nhn thay i cc thuc tnh giao thc TCP/IP.
8. Nhn OK chp nhn cc thay i network connections. Khi ng dch v DHCP Server
QUAN TRNG: Hon thnh cc bc sau y trn cc my tnh ca hc vin. iu ny cho php bn khi ng dch v DHCP. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn phm Start v chn Control Panel. Trong Control Panel, nhn p vo Administrative Tools. 3. Nhn chut phi DHCP v chn Run As m hp thoi Run As. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 28
TRIN KHAI DCH V DHCP 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh DHCP: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP. 6. Chn v nhn chut phi vo DHCP, v sau chn Add Server. 7. Trong hp thoi Add Server, nhp a ch IP cho giao tip mng Litware Inc , sau nhn OK. 8. Chn v sau nhn phm phi vo tn my tnh trong mn hnh bng iu khin DHCP, tr n All Tasks, v sau chn Start. 9. ng tt c cc ca s.
CC CU HI N TP
Thi gian d kin hon thnh: 20 pht 1. Nu tn ba phng php m bn c th gn a ch IP trn mt mng TCP/IP. 2. Bn ci t dch v DHCP server trn mt my tnh Windows Server 2003. Bn cu hnh cc tu chn phm vi v kch hot n, tuy nhin cc my trm vn nhn c mt a ch IP 169.254.x.x. Bn s lm g? 3. Bn cu hnh mt phm vi DHCP vi mt phm vi a ch t 192.168.0.1 n 192.168.0.254. Bn c mt s my ch v my in c s dng gii a ch IP 192.168.0.1 n 192.168.0.20. Vi chi ph qun tr thp nht, bn lm th no ngn cn vic nh a ch IP trng lp? 4. Bn hin ang s dng mt my ch DHCP trn mng. My ch ny gn tu chn phm vi default gateway cho cc my trm. Bn s dng mt router vi a ch IP khc thay th mt router trn mng. Router mi ny cho php cc my trm kt ni vi Internet, tuy nhin TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 29
TRIN KHAI DCH V DHCP cc my trm khng th kt ni vi Internet thng qua router ny. Bn s phi lm g? 5. Bn ci t v cu hnh mt my ch DHCP trn mng. Bn cng c mt my ch Web trn cng mng ny. My ch Web yu cu lun s dng cng mt a ch IP nh my ch DHCP. Bn s phi lm g? 6. Bn phi cu hnh mt DHCP relay agent cho cc my trm trn mt mng subnet IP. Bn ci t dch v Routing And Remote Access, nhng bn phi tin hnh bc no cho php DHCP relay agent thc hin ng chc nng?
30
TRC KHI BN BT U
Thi gian d kin hon thnh: 10 pht QUAN TRNG: Nu bn cha hon thnh cc bi tp trong bi Thc hnh 1, Trin khai DHCP, bn phi hon thnh cc th tc bt buc sau: TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 31
QUN L V GIM ST DHCP hon thnh cc bi tp trong Thc hnh 2, bn cn phi ci t mt b iu khin giao tip mng th hai trong mi my tnh ca hc vin. Kt ni my tnh ca mi hc vin bng dy cp cho ni cc giao tip mng th hai vi nhau. Bng 2-1 c s dng cu hnh cc my tnh ca hc vin trong bi thc hnh ny. Tuy nhin, khng nht thit phi to ra cc thay i cu hnh ti bc ny. Sau khi hon thnh Thc hnh 2, phi d b cc giao tip mng th hai hoc v hiu (disable) chng trong giao din Microsoft Windows trc khi tip tc cc bc thc hnh tip theo. Bng 2-1 Computer Name Computer01 Ci t a ch IP cho cc my hc vin
Contoso Ltd., Network Litware Inc., Network IP address: 10.1.1.1 IP address: 192.168.0.1 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer02 IP address: 10.1.1.2 IP address: 192.168.0.2 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer03 IP address: 10.1.1.3 IP address: 192.168.0.3 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer04 IP address: 10.1.1.4 IP address: 192.168.0.4 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer05 IP address: 10.1.1.5 IP address: 192.168.0.5 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer06 IP address: 10.1.1.6 IP address: 192.168.0.6 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer07 IP address: 10.1.1.7 IP address: 192.168.0.7 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer08 IP address: 10.1.1.8 IP address: 192.168.0.8 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer09 IP address: 10.1.1.9 IP address: 192.168.0.9 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer10 IP address: 10.1.1.10 IP address: 192.168.0.10 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer11 IP address: 10.1.1.11 IP address: 192.168.0.11 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer12 IP address: 10.1.1.12 IP address: 192.168.0.12 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer13 IP address: 10.1.1.13 IP address: 192.168.0.13 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 Computer14 IP address: 10.1.1.14 IP address: 192.168.0.14 Subnet mask: 255.255.0.0 Subnet mask: 255.255.255.0 32 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003
QUN L V GIM ST DHCP Computer15 Computer16 Computer17 Computer18 Computer19 Computer20 Computer21 Computer22 Computer23 Computer24 Computer25 Computer26 Computer27 Computer28 Computer29 Computer30 IP address: 10.1.1.15 Subnet mask: 255.255.0.0 IP address: 10.1.1.16 Subnet mask: 255.255.0.0 IP address: 10.1.1.17 Subnet mask: 255.255.0.0 IP address: 10.1.1.18 Subnet mask: 255.255.0.0 IP address: 10.1.1.19 Subnet mask: 255.255.0.0 IP address: 10.1.1.20 Subnet mask: 255.255.0.0 IP address: 10.1.1.21 Subnet mask: 255.255.0.0 IP address: 10.1.1.22 Subnet mask: 255.255.0.0 IP address: 10.1.1.23 Subnet mask: 255.255.0.0 IP address: 10.1.1.24 Subnet mask: 255.255.0.0 IP address: 10.1.1.25 Subnet mask: 255.255.0.0 IP address: 10.1.1.26 Subnet mask: 255.255.0.0 IP address: 10.1.1.27 Subnet mask: 255.255.0.0 IP address: 10.1.1.28 Subnet mask: 255.255.0.0 IP address: 10.1.1.29 Subnet mask: 255.255.0.0 IP address: 10.1.1.30 Subnet mask: 255.255.0.0 IP address: 192.168.0.15 Subnet mask: 255.255.255.0 IP address: 192.168.0.16 Subnet mask: 255.255.255.0 IP address: 192.168.0.17 Subnet mask: 255.255.255.0 IP address: 192.168.0.18 Subnet mask: 255.255.255.0 IP address: 192.168.0.19 Subnet mask: 255.255.255.0 IP address: 192.168.0.20 Subnet mask: 255.255.255.0 IP address: 192.168.0.21 Subnet mask: 255.255.255.0 IP address: 192.168.0.22 Subnet mask: 255.255.255.0 IP address: 192.168.0.23 Subnet mask: 255.255.255.0 IP address: 192.168.0.24 Subnet mask: 255.255.255.0 IP address: 192.168.0.25 Subnet mask: 255.255.255.0 IP address: 192.168.0.26 Subnet mask: 255.255.255.0 IP address: 192.168.0.27 Subnet mask: 255.255.255.0 IP address: 192.168.0.28 Subnet mask: 255.255.255.0 IP address: 192.168.0.29 Subnet mask: 255.255.255.0 IP address: 192.168.0.30 Subnet mask: 255.255.255.0
Nhp Thng tin a ch IP Tnh cho Giao tip mng Litware Inc
QUAN TRNG: Hon thnh nhim v ny t my tnh ca hc vin. iu ny cho php bn cu hnh mt a ch IP tnh cho giao tip mng Litware Inc. S dng thng tinh nh a ch IP trong Bng 21 chn cc a ch thch hp cho giao tip mng Litware Inc TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 33
QUN L V GIM ST DHCP 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn phm Start v chn Network connections. 3. Nhn chut phi vo Network connections. 4. Chn Properties. 5. nh du Internet Protocol (TCP/IP) trong danh sch cc thnh phn, v sau chn Properties. 6. Chn tu chn Use Following IP Address 7. Nhp thng tin a ch IP t bng 2-1 8. Nhn OK chp nhn thay i cc thuc tnh giao thc TCP/IP. 9. Nhn Close chp nhn cc thay i network connections.
QUN L V GIM ST DHCP 7. Trong trang Cannot Complete, nhn Finish kt thc ci t dch v DHCP Server
QUN L V GIM ST DHCP 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo DHCP v chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon sau y m mn hnh bng iu khin DHCP. a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. La chn my ch DHCP tng ng trong cy mn hnh bng iu khin 7. Trn thc n Action, chn New Scope to mt phm vi DHCP mi. 8. Trong New Scope Wizard, nhn Next 9. Trong trang Scope Name, nhp cc thng tin cu hnh nh sau: a. i vi hp Name, nhp partners scope b. i vi hp Description, nhp scope for partners computer 10. Nhn Next 11. Trn trang IP Address Range, nhp cc thng tin cu hnh sau: a. i vi mc Start IP Address, nhp a ch IP cn di cho i tc Litware Inc b. i vi mc End Start IP Address, nhp a ch IP cn trn cho i tc Litware Inc c. i vi mc Subnet Mask, nhp 24 bit hoc 255.255.255.0 12. Nhn Next 13. Trn trang Add Exclusion, nhn Next TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 36
QUN L V GIM ST DHCP 14. Trn trang Lease Duration, la chn 1 gi, v sau nhn Next 15. Trn trang Configure DHCP Options, chn No, I Will Configure These Option Later, sau nhn Next 16. Trn trang Completing New Scope Wizard, nhn Finish.
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh bng iu khin DHCP 6. La chn v m rng my ch DHCP trong cy mn hnh bng iu khin 7. La chn phm vi c tn l Partners Scope 8. Trn thc n Action, chn Activate 9. ng mn hnh bng iu khin DHCP.
KCH BN
Bn l mt nh qun tr mng cho Cng ty Contoso, Ltd. Bn c mt mng Windows Server 2003 s dng dch v DHCP cp pht a ch IP. C s TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 37
QUN L V GIM ST DHCP mu thun trong s hot ng ca dch v DHCP, v bn c yu cu thc hin vic nh gi chi tit dch v DHCP Server.
QUN L V GIM ST DHCP 10. Nhn OK xc nh rng mt bn sao lu CSDL s c sao chp n Computerxx folder.
39
Nn CSDL DHCP
QUAN TRNG: Hon thnh nhim v ny t cc my tnh hc vin. Vic ny s cho php bn nn CSDL DHCP trn my ch. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, nhn Run v sau nh lnh cmd. Nhn Enter. 3. Trong ca s DOS Command Prompt, cd\%systemroot%\system32\dhcp, v nhn Enter. nh lnh
4. Ti li nhn %systemroot%\system32\dhcp, nh lnh net stop dhcpserver, v nhn Enter. 5. Ti li nhn %systemroot%\system32\dhcp, nh lnh jetpack dhcp.mdb tmp.mdb, v nhn Enter. 6. Ti li nhn %systemroot%\system32\dhcp, nh lnh net Start dhcpserver, v nhn Enter. 7. ng tt c cc ca s lnh. CU HI: Ti sao chng ta li phi thc hin cu lnh Net Stop trc khi nn CSDL? CU HI: File Tmp.mdb c s dng lm g khi nn CSDL DHCP?
QUN L V GIM ST DHCP 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel. Trong Control Panel, nhn p chut vo Administrative Tools. 3. Nhn chut phi vo Manage Your Server, v sau chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp nh khon vo cc trng hp thoi sau m Manage Your Server: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m ca s Manage Your Server 6. Nhn Add or Remove A Role. 7. Nhn Next trn trang Preliminary Steps ca phn Configure Your Server wizard. 8. Trn trang Server Role ca phn Configure Your Server wizard, chn DHCP Server, v sau nhn Next. 9. Trn trang Role Removal Confirmation, kim tra hp Remove DHCP Server Role 10. Nhn Next 11. Nhn Finish trn trang DHCP Server Role Removed.
QUN L V GIM ST DHCP 2. Nhn Start, chn All Programs, chn Accessories, nhn chut phi vo Command Prompt, v sau chn Run As m hp thoi Run As. 3. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Command Prompt: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt. Ti li nhn, nh lnh cd c:\, v sau nhn Enter chuyn n th mc gc C. 5. Ti Command Prompt, nh lnh notepad dhcptester.bat, v sau nhn Enter. 6. Nhn Yes ch ra rng bn cn to mt file mi. 7. Trong file Notepad Dhcptester.bat, nh lnh ipconfig /release, v sau nhn Enter. nh ipconfig /renew, v sau nhn Enter. 8. Trn thc n Edit, chn Select All. 9. Trn thc n Edit, chn Copy. 10. Nhn CTRL+V khong 20 ln to 20 bn sao ca on vn bn c chn. 11. Trn thc n File, chn Save 12. Trn thc n File, chn Exit.
QUN L V GIM ST DHCP 2. Nhn Start, nhn vo Network connections. 3. Nhn chut phi vo biu tng Network connections, v sau chn Properties. 4. Chn Internet Protocol (TCP/IP) trong danh sch cc thnh phn, sau nhn Properties. 5. Chn Obtain An IP Address Automatically. 6. Chn OK chp nhn nhng thay i thuc tnh ca giao thc TCP/IP. 7. Nhn Close chp nhn cc thay i trn Network connections. 8. Nhn Start, v sau nhn Run. 9. nh cmd, v sau nhn Enter. 10. Trong ca s Command Prompt, nh lnh c:\dhcptester.bat. QUAN TRNG: Chng trnh Dhcptester.bat s thc hin mt lot cc cu lnh Ipconfig /release v /renew c d liu DHCP c ghi chp cho phn cn li ca bi tp ny.
QUN L V GIM ST DHCP 6. Trong ty chn Minutes, cu hnh cc s liu thng k cp nht tng pht. Nhn OK.
44
QUN L V GIM ST DHCP 12. Nhn File, v sau chn Save As lu bng iu khin Performance. 13. Nhn vo biu tng Desktop pha tri, nh dhcp trong hp File Name, v sau nhn Save. 14. Nhn File, v sau chn Exit thot ra khi bng iu khin Performance.
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt. 5. Trong ca s Command Prompt, nh C:\dhcptester.bat.
QUN L V GIM ST DHCP 1. Trn mn hnh deskstop, nhn p vo biu tng DHCP Performance Monitor. 2. Chn System Monitor trong cy mn hnh bng iu khin, v sau nhn ty chn View Report trn thc n biu tng hoc nhn CTRL + R. Nu cc gi tr c hin th khng thay i, chng trnh Dhcptester.bat trn my tnh c s hiu cao hn chy xong v cn phi c chy li. Xem tc v trc bit ch dn. 3. Khi cc gi tr khng thay i, nhn biu tng Freeze Display (phm mu vi du X trng gia) trong thc n biu tng, v ghi li cc gi tr sau: Acks/sec Packets received/sec Releases/sec Request/sec
47
QUN L V GIM ST DHCP 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, nhn p vo Administrative Tools, v sau nhn DHCP m mn hnh bng iu khin DHCP. 3. Trong cy mn hnh bng iu khin DHCP, chn v m rng tn ca my ch DHCP. Chn Scope Options. 4. Trong Scope, chn 003 Router option. 5. Trong thc n Action, chn Properties. 6. Nhn nt Remove nm pha di phn Data Entry. 7. Trong phn Data Entry pha di IP Address, nh 10.1.1.100, nhn Add, v sau nhn OK.
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt 5. Trong ca s Command Prompt, nh lnh ipconfig /release. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 48
QUN L V GIM ST DHCP 6. Trong ca s Command Prompt, nh lnh ipconfig /renew. 7. Trong ca s Command Prompt, nh lnh ipconfig /all. CU HI: My ch DHCP cp pht a ch Default Gateway cho giao tip mng Litware Inc l g? CU HI: C g sai trong i ch ny?
49
QUN L V GIM ST DHCP 2. T Start, tr ti All Programs, tr ti Accessories, nhn chut phi vo Command Prompt, tip theo chn Run As m hp thoi Run As. 3. Trong hp thoi Run As, chn Following User potion v nhp cc thng tin nh khon sau y trong hp thoi m ca s Command Prompt: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 4. Nhn OK m ca s Command Prompt 5. Trong ca s Command Prompt, nh lnh ipconfig /release. 6. Trong ca s Command Prompt, nh lnh ipconfig /renew. 7. Trong ca s Command Prompt, nh lnh ipconfig /all. CU HI: My ch DHCP cp pht a ch Default Gateway g? CU HI: a ch ny c phi l a ch Default Gateway cho giao tip mng Litware Inc ?
QUN L V GIM ST DHCP 2. Nhn Start, nhn Administrative Tools, v sau nhn Manager Your Server. 3. Trong ca s Manage Your Server, nhn Add or Remove A Role, v sau nhn Next 4. Trn trang Preliminary Steps, nhn Next. 5. Trn trang Server Role, chn DHCP Server, v sau nhn Next. 6. Trn trang Role Removal Confirmation, chn hp kim tra Remove DHCP Server Role. 7. Nhn Next xc nh loi b dch v DHCP Server. 8. Nhn Finish ng Manage Your Server wizard.
Nhp Thng tin a ch IP Tnh cho Giao tip mng Litware Inc
QUAN TRNG: Hon thnh nhim v ny t my tnh c s hiu cao hn. iu ny cho php bn cu hnh mt a ch IP tnh cho giao tip mng Litware Inc. S dng thng tinh nh a ch IP trong Bng 21 chn cc a ch thch hp cho giao tip mng Litware Inc 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn phm Start v chn Network connections. 3. Nhn chut phi vo Network connections 4. Chn Properties. 5. Chn Internet Protocol (TCP/IP) trong danh sch cc thnh phn, v sau chn Properties. 6. Chn tu chn Use Following IP Address 7. Nhp thng tin a ch IP t bng 2-1 8. Nhn OK chp nhn thay i cc thuc tnh giao thc TCP/IP. 9. Nhn OK chp nhn cc thay i network connections. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 51
CU HI N TP
Thi gian d kin hon thnh: 15 pht 1. t nht c 3 cng c no gim st hot ng dch v DHCP? 2. ng dn mc nh i vi nht k kim nh DHCP l g? 3. Cng c no c s dng nn CSDL DHCP? 4. Ti sao bn phi dng dch v DHCP Server khi khi phc CSDL DHCP? 5. Khi mt my trm c gng kt ni n mng, nhng n khng th giao tip c vi cc my tnh khc trn mng. Gii php khc phc vn ny l g?
QUN L V GIM ST DHCP cp nht ng an ton. Bn phi m bo rng Dch v DNS c cp nht cho tt c cc my trm v cc my trm Windows XP c th cp nht cc bn ghi my trm ca chng. To v trin khai gii php.
53
KCH BN
Bn l nh qun tr mng ca mt doanh nghip. Gn y cng ty ca bn ci t cc my ch phn gii tn min DNS cho cc min con (child domain) ngn cn cc lung thng tin DNS khng cn thit truyn qua mi trng mng WAN. Bn phi cu hnh cc min con DNS vi cc forward v reverse lookup DNS zones v to cc bn ghi cho mi min con DNS. Bn cng phi cu hnh my ch DNS chuyn cc yu cu cho min contoso.com n my ch DNS m c u quyn cho min contoso.com.
54
Ci t dch v DNS
QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny cho php bn ci t dch v DNS Server. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, sau nhn Control Panel 3. Trong khi d phm Shift, Nhn chut phi tu chn Add Or Remove Program, sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m Add Or Remove Program Wizard: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m ca s Add Or Remove Program Wizard 6. Trong Add Or Remove Program Wizard, Nhn vo biu tng add/Remove Windows Components bn tri, chn Netwoking service, v sau nhn Details. 7. Trong hp thoi Netwoking Services, Tch vo hp domain Name System (DNS), v sau nhn OK 8. Trong Windows Components Wizard, Nhn Next TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 55
CI DT V CU HNH DCH V DNS SERVER 9. Khi qu trnh cu hnh hon thnh, nhn Finish v ng tt c cc ca s CU HI: Ba im c to trc tip pha di my ch DNS trong mn hnh bng iu khin qun tr DNS l g?.
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m ca s System Properties 6. Trong ca s System Properties nhn vo Th Computer Name. 7. m ca s Computer Name Changes, nhn Change 8. Khi hp thoi Computer Name Changes hin ln, bn nhn OK tip tc i tn My ch Qun tr Min ny 9. Trong hp thoi Computer Name Changes, nhn More ca s m DNS Suffix And NetBIOS Computer Name. 56
CI DT V CU HNH DCH V DNS SERVER 10. Trong ca s m DNS SeffixAnd NetBIOS Computer Name, Trong ca s Primary DNS Suffix Of This Computer, kim tra min con ph hp t bng 3-1 (V d: atlanta.contoso.com) 11. Ghi li Primary DNS Suffix Of your Computer. 12. Nhn Cancel ng hp thoi DNS Suffix And NetBIOS Computer Name 13. Nhn Cancel ng hp thoi Computer Name Changes. 14. Nhn Cancel ng hp thoi System Properties
b. Trong hp Password, nhp MSPress@LS#1 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 57
CI DT V CU HNH DCH V DNS SERVER 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng tn my ch c tn Computerxx . CU HI: DNS Forward Lookup Zones no c to sau khi ci t dch v DNS Server. 7. Chn v nhn chut phi vo DNS Forward Lookup Zones, v sau chn New Zone 8. Trn trang Welcome to New Zone Wizard, nhn Next 9. Trong trang Zone Type, xc nhn Primary Zone c chn 10. Xo hp kim tra Store Zone In Active Directory, v sau nhn Next. 11. Trn trang Zone Name, trong hp Domain.Contoso.Com, v sau nhn Next. Zone Name, nh
12. Trn trang Zone File, kim tra rng Create A New File With This File Name c chn, v sau nhn Next. 13. Trn trang Dynamic Update, kim tra xem ty chn Do not Allow Dynamic Update c chn, v sau nhn Next. 14. Trn trang Completing new Zone Wizard, nhn Finish
CI DT V CU HNH DCH V DNS SERVER 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s System Properties: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng tn my ch ca bn, m rng Forward Lookup Zones, chn v nhn chut phi vo Domain.Contoso.Com, v sau nhn Properties. 7. Trong trang Domain.Contoso.Com Properties, trong Th Name Server, nhn Add 8. Trong hp Server Fully Qualified domain Name (FQDN) ca hp thoi New Resource Record, nhp a ch IP ca my ch i tc, nhn Add, v sau nhn OK. 9. Nhn OK ng hp thoi Domain.Contoso.Com Properties.
59
CI DT V CU HNH DCH V DNS SERVER 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m mn hnh bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng tn my ch ca bn, sau chn v nhn chut phi vo Forward Lookup Zone. Chn New Zone. 7. Trn trang Welcome to New Zone Wizard, nhn Next. 8. Trn trang Zone Type, nhn Stub Zone. 9. Xo hp kim tra Store Zone In Active Directory, v sau nhn Next. 10. Trn trang Zone Name, nh contoso.com, v sau nhn Next. 11. Trn trang Zone File, xc nhn rng ty chn Create A New File With This File Name c la chn, v sau nhn Next. 12. Trong hp IP Address trn trang Master DNS Server, nh a ch IP ca my tnh ca ngi hng dn (10.1.1.200), nhn Add, v sau nhn Next. 13. Trn trang Completing New Zone Wizard, nhn Finish. 14. Trong cy Bng iu khin DNS, m rng Forward Lookup Zone, chn v nhn chut phi vo Domain.Contoso.Com, v sau chn Properties. 15. Trong trang Domain.Contoso.Com Properties, nhn th Zone Transfer, v sau xc nhn rng ty chn Allow Zone Transfer c la chn. 16. Nhn OK.
60
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng tn my ch ca bn. 7. Chn v nhn chut phi vo Forward Lookup Zone, v sau chn New Zone. 8. Trn trang Welcome to New Zone Wizard, nhn Next. 9. Trn trang Zone Type, chn Secondary Zone option, v sau nhn Next. 10. Trn trang Zone Name trong hp Domain.Contoso.Com, v sau nhn Next. Zone Name, nh
11. Trong hp IP Address trn trang Master DNS Server, nh a ch IP ca my ch i tc, nhn Add, v sau nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 61
CI DT V CU HNH DCH V DNS SERVER 12. Trn trang Completing New Zone Wizard, nhn Finish.
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng my ch, sau nhn Reserve Lookup Zones. 7. Chn v nhn chut phi vo Reserve Lookup Zone, v sau nhn New Zone. 8. Trn trang Welcome to New Zone Wizard, nhn Next. 9. Trn trang Zone Type, nhn Primary Zone, xo hp kim tra Store Zone In Active Directory, v sau nhn Next. 10. Trong hp Network ID trn trang Reserve Lookup Zone Name, nh ba phn u ca a ch IP (v d, i vi a ch IP 10.1.1.1, nh 10.1.1), v sau nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 62
CI DT V CU HNH DCH V DNS SERVER 11. Trn trang Zone File, nhn Next chp nhn cc thit t mc nh. 12. Trn trang Dynamic Update, nhn Next chp nhn cc thit t mc nh. 13. Trn trang Completing New Zone Wizard, nhn Finish. 14. ng mn hnh bng iu khin DNS. CU HI: Cc kiu bn ghi DNS zone no c lit k trong file Reserve Lookup zone? CU HI: Cc kiu khc no ca bn ghi DNS zone c to trong file Reserve Lookup zone?
CI DT V CU HNH DCH V DNS SERVER QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu nh hn. Vic ny cho php bn cu hnh giao tip mng Contoso Ltd Network vi a ch IP DNS server ca my tnh i tc. V vy, my ch ca bn s tr thnh mt my trm DNS ca dch v DNS Server trn my tnh ca i tc. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, sau nhn Network connections m ca s Network connections. 3. Nhn chut phi vo biu tng Contoso Ltd Network connections, v sau nhn Properties. 4. Trong ca s Contoso Ltd Network connections, nhn Internet Protocol (TCP/IP), v sau nhn Properties. 5. Trong hp thoi Internet Protocol (TCP/IP) Properties, xc nhn rng tu chn Use Following DNS Server Addresses c chn, nh a ch IP c gn ca i tc trong hp Preferred DNS Server, v sau nhn OK. 6. Nhn Close ng hp thoi Contoso Ltd Network Properties. 7. ng tt c cc ca s.
CI DT V CU HNH DCH V DNS SERVER 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m mn hnh bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Computerxx (trong Computerxx l tn ca my tnh ca bn) 7. M rng Forward Lookup Zones, chn v nhn chut phi vo Domain.Contoso.Com, v sau nhn Properties. 8. Trn trang Domain.Contoso.Com Properties trong th General pha di Dynamic Updates, nhn vo mi tn ch xung di, v sau chn Nonsecure And Secure. 9. Nhn OK ng hp thoi Domain.Contoso.Com Properties. 10. ng mn hnh bng iu khin DNS Management. CU HI: Cp nht ng gim cc chi ph qun tr lin quan n vic qun tr DNS nh th no?
CI DT V CU HNH DCH V DNS SERVER 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m mn hnh bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. CU HI: Yu cu no l cn thit chuyn i standard primary zones sang Active Directory-integrated zone? 6. Trong cy DNS, m rng tn my tnh ca bn, m rng Forward Lookup Zones, chn v nhn chut phi vo Domain.Contoso.Com, v sau chn Properties. 7. Trong th General, chn Change. 8. Trn trang Change Zone Type, nh du vo hp Store Zone In Active Directory (Available Only If DNS Server Is Domain Controler) v sau nhn OK. 9. Nhn OK ng ca s Domain.Contoso.Com Properties. 10. ng mn hnh bng iu khin DNS Management. QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn chuyn i standard secondary zones sang Active Directory-Integrated Zones. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As.
66
CI DT V CU HNH DCH V DNS SERVER 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m mn hnh bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng tn my tnh ca bn, m rng Forward Lookup Zones, chn v nhn chut phi vo Domain.Contoso.Com, v sau chn Properties. 7. Trong th General, chn Change. 8. Trn trang Change Zone Type, chn Primary Zone, v kim tra hp Store Zone In Active Directory (Available Only If DNS Server Is Domain Controler) v sau nhn OK. 9. Nhn OK ng ca s Domain.Contoso.Com Properties. 10. Nhn Yes khi c hi liu bn c mun vng ny tr thnh mt active directory integrated zone hay khng (if you want this zone to become an active directory integrated zone?). 11. Trong Active Directory Service Warning, nhn Yes chp nhn mc nh. 12. Trong DNS Warning, nhn OK 13. ng mn hnh bng iu khin DNS Management.
67
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Forward Lookup Zones, v sau m rng Domain.Contoso.Com. 7. Chn v nhn chut phi vo Domain.Contoso.Com, v sau nhn New Host (A). 8. Trong hp Name (Uses Parent Domain Name If Blank), nh hostrecord. 9. Trong hp IP Address, nh a ch IP ca my tnh ca bn, v sau nhn Add Host. 10. Trong hp thoi DNS ch ra rng bn ghi my trm c to thnh cng, nhn OK. 11. Nhn Done trong hp thoi New Host. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 68
CI DT V CU HNH DCH V DNS SERVER 12. ng mn hnh bng iu khin DNS Management.
To mt bn ghi CNAME
QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu thp hn. Vic ny cho php bn to cc bn ghi DNS Canonical Name (CNAME) trn my ch DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m mn hnh bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 69
CI DT V CU HNH DCH V DNS SERVER 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m Domain.Contoso.Com. rng Forward Lookup Zones v
7. Chn v nhn chut phi vo Domain.Contoso.Com, v sau nhn New Alias (CNAME). 8. Trong hp thoi New Resource Record, trong hp Alias Name, nh cnamerecord. 9. Trong hp Fully Qualified Domain Name (FQDN) For Target Host, nh Computerxx .dom.contoso.com (trong Computerxx l tn my tnh c gn v domain l tn min c gn). 10. Nhn OK. 11. ng mn hnh bng iu khin DNS Management.
CI DT V CU HNH DCH V DNS SERVER Cc my trm trong min con DNS ca bn c th cng cn nh v cc trm khc bao gm nhng trm trn Internet. Trong trng hp ny, bn phi cu hnh my ch DNS chuyn tip cc yu cu n my ch DNS khc. QUAN TRNG: Bi tp i hi bn c kt ni Internet cho lp hc v mt a ch IP ca my ch DNS trn Internet s dng.
71
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, chn v nhn chut phi vo tn my tnh ca bn, v sau nhn Properties. 7. Trn trang Server Properties trong th Forwarders, nhn New, v trong hp DNS Domain, nh microsoft.com, v sau nhn OK. 8. Trong trang Server Properties trong hp Selected Domains Forwarder IPAddress List, nh a ch IP ca my ch DNS c ngi hng dn cung cp. (My ch DNS ny phi l my ch DNS ca nh cung cp dch v ISP hoc l my ch DNS cng cng khc). 9. Nhn Add thm a ch IP vo danh sch a ch IP. 10. Nhn OK chp nhn nhng thay i i vi chuyn tip c iu kin (conditional forwarding) 11. ng tt c cc ca s.
CU HI N TP
Thi gian d kin hon thnh: 15pht TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 72
CI DT V CU HNH DCH V DNS SERVER 1. Cc thit t TCP/IP no phi c cu hnh trc khi ci t dch v DNS Server? 2. Ti sao bn phi to stub zone cho min contoso.com trn my ch DNS? 3. Bn mun c duy nht nhng cp nht ng an ton i vi file DNS Zone. Bn phi c kiu file zone no? 4. Khi no bn s dng chuyn tip vi DNS? Nu mt v d. 5. S khc bit g gia chuyn tip v chuyn tip c iu kin?
73
TRC KHI BN BT U
Thi gian d kin hon thnh: 10 pht QUAN TRNG: Nu bn cha hon thnh cc bi tp trong phn THC HNH 3 Ci t & cu hnh dch v DNS, bn phi hon thnh cc th tc tin quyt sau
74
Ci t dch v DNS
QUAN TRNG: Hon thnh nhim v ny t cc my tnh ca hc vin. Vic ny cho php bn ci t dch v DNS Server trn my tnh ca bn. Sau khi bn ci t dch v DNS Server, bn s cu hnh mt Active Directory-integrated DNS Zones. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, sau nhn Control Panel 3. Trong khi d phm Shift, Nhn chut phi ty chn Add Or Remove Program, sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m Add Or Remove Program Wizard: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m ca s Add Or Remove Program Wizard 6. Trong ca s Add Or Remove Program Wizard, Nhn vo biu tng add/Remove Windows Components. 7. Trong Windows Components Wizard, trn trang Windows Components, pha di Components, nhn Netwoking services, v sau nhn Details. 8. Trong hp thoi Netwoking services, Tch vo hp domain Name System (DNS), v sau nhn OK 9. Trong Windows Components Wizard, Nhn Next 10. Nu xut hin li nhn yu cu cc files ci t HH Windows Server 2003, bn phi cho a chng trnh ci t HH Windows Server 2003 vo CD ROM, v sau nhn OK. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 75
QUN L V GIM ST DCH V DNS SERVER 11. Khi qu trnh cu hnh hon thnh, nhn Finish v ng tt c cc ca s li.
76
QUN L V GIM ST DCH V DNS SERVER 10. Trn trang Active Directory Zones Replication Scope, xc nhn to All Domain Controller In Active directory Domainomain.contoso.com c chn, v sau nhn Next. 11. nh Domain.Contoso.Com trong hp Zone Name, trong domain l tn mien ca bn, v sau nhn Next. 12. Trn trang Dynamic Update, kim tra xem tu chn Only Secure Dynamic Update c chn, v sau nhn Next. 13. Trn trang Completing new Zone Wizard, nhn Finish 14. M rng Forward Lookup Zones 15. Chn v nhn chut phi vo Domain.Contoso.Com, v sau chn Properties. 16. Trong trang Properties, trong Th Zone Transfer, chn All Zone Transfer, v sau nhn To Any Server. Nhn OK. 17. ng tt c cc ca s li.
KCH BN
Bn l nh qun tr mng cho cng ty Blue Yonder Airline. Bn trin khai mt s my ch DNS v my ch iu khin min (DC) trn mng. Mi my ch DNS c chy vi cu hnh Active directory-Integrated zones. Do cc yu cu v qun tr nn bn phi m bo dch v DNS phi hot ng hiu qa v an ton. Bn phi qun l, gim st, v m bo an ton cc my ch DNS ang hot ng trn mng. Bn s s dung cc cng c h tr c sn trong a CD ROM Windows Server 2003 qun l v gim st cho dch v DNS.
BI TP 4-1: CC TC V CHUN B
Thi gian d kin: 10 pht Trong bi tp ny, bn s cu hnh cc thit t v ci t thm cc cng c chun b cho cc phn tip theo ca bi Thc hnh. Cc cng c ny c s dng gim st v g ri dch v DNS Server. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 77
78
QUN L V GIM ST DCH V DNS SERVER 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, sau nhn Network connections m ca s Network connections. 3. Nhn chut phi vo biu tng Contoso Ltd Network connections, v sau nhn Properties. 4. Nhn Internet Protocol (TCP/IP), v sau nhn Properties. 5. Trong hp thoi Internet Protocol (TCP/IP) Properties, xc nhn rng tu chn Use Following DNS Server Addresses c chn, v sau nh a ch IP ca my tnh ngi hng dn (10.1.1.200) trong hp Preferred DNS Server, v sau nhn OK. 6. m bo rng hp Default Gateway trng, v hp Alternate DNS cng trng. 7. Nhn Close ng trang Contoso Ltd Network connections. 8. ng tt c cc ca s.
QUN L V GIM ST DCH V DNS SERVER 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: Trong hp User Name, nhp administrator@Domain.Contoso.Com Trong hp Pasword, nhp MSPress@LS#1 5. Nhn OK m bng iu khin DNS. 6. Trong cy DNS, m rng tn my ch c tn Computerxx , v sau nhn vo Forward Lookup Zones, v sau chn Domain.Contoso.Com 7. Nhn chut phi vo min Domain.Contoso.Com, v sau nhn New Host (A). 8. Trong hp Name, nhp vo newhost. 9. Trong hp IP Address, nhp vo a ch IP ca my tnh bn v sau nhn Add Host. 10. Nhn OK xc nhn rng bn ghi c to thnh cng. 11. Nhn Done. 12. ng ca s DNS Management v ng tt c cc ca s li.
Thc hin ng b vng DNS th cng bng cch s dng Active Directory Sites And Services Snap-In.
QUAN TRNG: Hon thnh nhim v ny t cc my tnh c s hiu cao hn. Vic ny cho php bn sao chp cc thng tin c cha ng trong CSDL AD.
80
QUN L V GIM ST DCH V DNS SERVER 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo Active Directory Sites and Services, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng ca hp thoi sau m ca s Active Directory Sites and Services: Trong hp User administrator@Domain.Contoso.Com Name, nhp
Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m mn hnh Active Directory Sites and Services. 6. Trong cy Active Directory Sites and Services, m rng Sites, v sau m rng Default-First-Site-Nam. 7. Trong cy Active Directory Sites and Services, m rng Servers, v sau m rng Computerxx trong Computerxx l tn ca my tnh, v sau chn NTDS Settings. 8. Trong phm vi ca Active Directory Sites and Services, nhn chut phi vo mi i tng kt ni (c t ng to ra), v sau chn Replicate Now, v sau nhn OK trong hp thoi Replicate Now. 9. ng ca s Active Directory Sites and Services, v ng tt c cc ca s li.
QUN L V GIM ST DCH V DNS SERVER 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User Name, nhp administrator@Domain.Contoso.Com b. Trong hp Pasword, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Computerxx trong Computerxx l tn my tnh ca bn, m rng Forward Lookup Zones, v sau chn Domain.Contoso.Com trong Domain.Contoso.Com l tn min ca bn. 7. Trong scope Bng iu khin DNS, xc nhn rng bn ghi host (newhost) c trn mn hnh. 8. Nhn chut phi vo min Domain.Contoso.Com, v sau chn Properties. 9. Trong Zone Transfers th, chn Allow Zone Transfers, chn To Any Server, v sau nhn OK. 10. ng tt c cc ca s li.
QUN L V GIM ST DCH V DNS SERVER 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: User Name, nhp a. Trong hp administrator@Domain.Contoso.Com b. Trong hp Pasword, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Computerxx trong Computerxx l tn my tnh ca bn, m rng Forward Lookup Zones, v sau chn Domain.Contoso.Com trong Domain.Contoso.Com l tn min ca bn. 7. Nhn chut phi vo min Domain.Contoso.Com, v sau chn Properties. 8. Trong th Zone Transfers, m bo rng Allow Zone Transfers v To Any Server c chn, v sau nhn OK. 9. ng tt c cc ca s li.
QUN L V GIM ST DCH V DNS SERVER 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. Nhn Start, sau nhn Network connections m ca s Network connections. 3. Nhn chut phi vo biu tng Contoso Ltd Network connections, v sau nhn Properties. 4. Nhn Internet Protocol (TCP/IP), v sau nhn Properties. 5. Trong hp thoi Internet Protocol (TCP/IP) Properties, xc nhn rng tu chn Use Following DNS Server Addresses c chn, v sau nhp vo a ch IP ca my tnh ngi hng dn (10.1.1.xx) trong hp Preferred DNS Server, v sau nhn OK. 6. Nhn Close ng trang Contoso Ltd Network connections. 7. ng tt c cc ca s.
84
CU HI: Ci g c biu th pha di mc Properties v cc vng? 5. Trong ca s du nhc lnh, nh dnscmd/zoneprint Domain.Contoso.Com trong domain l tn min v sau nhn Enter. CU HI: Loi bn ghi no c lit k trong vng? 6. ng tt c cc ca s.
85
QUN L V GIM ST DCH V DNS SERVER 7. Trong cy DNS, m rng Forward Lookup Zones, v m rng Domain.Contoso.Com trong domain l tn min ca bn. S dng phm vi xem cc bn ghi ngun trong vng. 8. S dng mn hnh bng iu khin DNS so snh cc bn ghi ngun vi cc kt qu trong bc 5 s dng Nslookup. 9. ng tt c cc ca s.
CU HI: Nslookup tr v cc bn ghi NS no t truy vn? CU HI: Bn ghi NS c s dng cho mc ch g? 7. nh exit, v sau nhn Enter thot khi Nslookup. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 86
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Computerxx trong Computerxx l tn my tnh ca hc vin, v sau nhn Clear Cache t trnh n thc n. 7. Trong cy mn hnh bng iu khin DNS, nhn chut phi vo Computerxx , trong Computerxx l tn my tnh ca hc vin, v sau nhn Properties. 8. Trong trang Properties, trong th Monitoring, pha di Select A Test Type, chn c tu chn A Simple Query Against This DNS Server v A Recursive Query To Other DNS Servers, v sau nhn Test Now. CU HI: Ti sao truy vn quy (Recursive Query) tht bi khi n c th? 87 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003
QUN L V GIM ST DCH V DNS SERVER 9. Nhn OK ng trang Computerxx Properties. 10. Trong cy mn hnh bng iu khin DNS, nhn chut phi vo Computerxx , trong Computerxx l tn my tnh ca hc vin, v sau nhn Clear Cache. 11. Trong cy mn hnh bng iu khin DNS, nhn chut phi vo Computerxx , trong Computerxx l tn my tnh ca hc vin, v sau nhn Properties. 12. Trong th Forwarders, trong tu chn Selected Domains Forwarder IP Address List, nh a ch IP ca my tnh ngi hng dn (10.1.1.200), nhn Add, v sau nhn OK. 13. Nhn th Root Hints, v trong phn Name Servers, chn mi my ch mc gc, v sau nhn Remove. 14. Trong th Root Hints, nhn Add. Trong trang New Resource Record, trong trng Server Fully Qualified Domain Name (FQDN), nh instructor01.contoso.com. Trong trng IP address, nh 10.1.1.200, nhn Add, v sau nhn OK. 15. Trong trang Computerxx Properties, nhn Apply. 16. Trong th Monitoring, pha di Select A Test Type, m bo rng c hai tu chn l A Simple Query Against This DNS Server v A Recursive Query To Other DNS Server c chn, v sau nhn Test Now. CU HI: Ti sao Recursive Query thnh cng khi n c th ln ny? 17. Trong th Forwarders, trong tu chn Selected Domains Forwarder IP Address List, nhn Remove, v sau nhn OK. 18. ng tt c cc ca s li.
Cng c IPconfig
QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny s cho php bn hin th cc chuyn i thch hp lin quan n DNS khi s dng cng c Ipconfig. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon administrator@Domain.Contoso.Com (trong , domain l tn min) 2. m ca s du nhc lnh, Nhn Start, chn Run, nh cmd, v nhn phm Enter 3. Ti du nhc lnh, nh cu lnh ipconfig /? v sau nhn phm Enter CU HI: Cc chuyn i Ipconfig no lin quan n DNS? Lit k v gii thch cc chc nng ca cc chuyn i ny? 4. ng ca s du nhc lnh.
QUN L V GIM ST DCH V DNS SERVER 7. Nhn chut phi vo Hosts file, chn Open, v trong ca s Open With, nhn p chut vo Notepad. 8. Trong dng # 102.54.94.97 rhino.acme.com, lc b k hiu #. 9. Nhn File, v sau nhn Save. 10. ng Microsoft Notepad C:\%systemroot%\system32\drivers\etc. v ca s
11. Trong ca s du nhc lnh, nh ipconfig /displaydns. CU HI: C mc nhp no cho rhino.acme.com? Mc ny c nhp vo DNS resolver cache nh th no?
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, m rng Computerxx trong Computerxx l tn my tnh ca hc vin v sau m rng Forward Lookup Zones. 90
QUN L V GIM ST DCH V DNS SERVER 7. Trong cy DNS, chn v nhn chut phi vo Domain.Contoso.Com trong Domain.Contoso.Com l tn min ca bn, v sau chn Properties. 8. Trong trang Domain.Contoso.Com Properties, chn th General v sau nhn Aging m ca s Zone Aging/Scavenging Properties. 9. Chn tu chn Scavenge Stale Resource Records, v sau nhn OK. 10. Nhn OK. CU HI: Scavenge Stale Resource Records ngha l g? 11. ng tt c cc ca s li.
91
QUN L V GIM ST DCH V DNS SERVER 6. Trong cy DNS, m rng Computerxx trong Computerxx l tn my tnh ca hc vin v sau m rng Forward Lookup Zones. 7. Chn v nhn chut phi vo Domain.Contoso.Com trong Domain.Contoso.Com l tn min ca bn, v sau chn Properties. 8. Trong trang Domain.Contoso.Com Properties, nhn th WINS, chn tu chn Use WINS Forward Lookup, v sau nhn a ch IP ca my tnh bn trong mc IP Address. Nhn Add, v sau nhn OK. CU HI: Sau khi to iu kin cho WINS lookup, bn ghi ngun no c b sung vo DNS zone trong mn hnh bng iu khin DNS? 9. ng tt c cc ca s li.
BI TP 4-5: BO MT DNS
Thi gian d kin hon thnh : 10 pht Trong bi tp ny, bn s s dng mt s phng php bo m DNS. Cn thit phi bo m DNS trnh s truy nhp khng c cho php.
Bo mt cho my ch DNS
QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny s cho php bn xem xt vic thit lp bo mt cho nhng ngi s dng v cc nhm hin ang truy nhp qun l v gim st my ch DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As.
92
QUN L V GIM ST DCH V DNS SERVER 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, chn v nhn chut phi vo Computerxx trong Computerxx l tn my tnh ca hc vin v sau nhn Properties. 7. Nhn th Security hin th danh sch DACL cho my ch DNS. CU HI: Ti sao mi ngi trong nhm khng c lit k trong DACL? 8. Nhn OK, v sau ng tt c cc ca s li.
b. Trong hp Password, nhp MSPress@LS#1 TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 93
QUN L V GIM ST DCH V DNS SERVER 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, chn v nhn chut phi vo Computerxx trong Computerxx l tn my tnh ca hc vin v sau m rng Forward Lookup Zones. 7. Trong cy DSN, chn v nhn chut phi vo Domain.Contoso.Com, v sau nhn Properties. 8. Trong trang Domain.Contoso.Com Properties, nhn th Security hin th DACL cho DNS zone. CU HI: Ti sao mi ngi trong nhm c lit k trong DACL? 9. Nhn OK, v sau ng tt c cc ca s li.
Cu hnh mt Listener
QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny s cho php bn cu hnh mt listener cho dch v DNS Server. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, chn v nhn chut phi vo Computerxx trong Computerxx l tn my tnh ca hc vin v sau nhn Properties. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 94
QUN L V GIM ST DCH V DNS SERVER 7. Trong trang Computerxx Properties, trong th Interface, chn Only Following IP Addresses. Xc nhn rng Contoso network adapter IP address (10.1.1.xx) c lit k trong danh sch a ch IP, v sau nhn OK. CU HI: Lm th no m vic cu hnh mt listerner m bo my ch DNS? 8. ng tt c cc ca s li.
Bo mt cc chuyn i vng
QUAN TRNG: Hon thnh nhim v ny t cc my tnh. Vic ny s cho php bn bo m cc chuyn i vng DNS cho my ch DNS. 1. Khi ng my tnh Windows Server 2003, v ng nhp vo my vi ti khon studentxx@Domain.Contoso.Com (trong , studentxx l tn ca hc vin, domain l tn min) 2. Nhn Start, nhn Control Panel, sau nhn p chut vo Admistrative Tools. 3. Nhn chut phi vo DNS, v sau nhn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn Following User option v nhp cc thng tin nh khon vo cc trng hp thoi sau m ca s Bng iu khin DNS: a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m Bng iu khin DNS. 6. Trong cy DNS, chn v nhn chut phi vo Computerxx trong Computerxx l tn my tnh ca hc vin v sau m rng Forward Lookup Zones. 7. Chn v nhn chut phi vo Domain.Contoso.Com, trong Domain l tn min ca bn v sau nhn Properties. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 95
QUN L V GIM ST DCH V DNS SERVER 8. Trong trang Domain.Contoso.Com Properties, trong th Zone Transfers, m bo rng Allow Zone Transfers c la chn, v rng Only To Following Servers c la chn. 9. Trong mc IP Address, nh a ch IP ca my tnh ngi hng dn (10.1.1.200), v sau nhn Add. 10. Nhn OK. CU HI: Lm th no vic cu hnh cc chuyn i vng bo m c my ch DNS? 11. ng tt c cc ca s li.
QUN L V GIM ST DCH V DNS SERVER a. Trong hp User administrator@Domain.Contoso.Com Name, nhp
b. Trong hp Password, nhp MSPress@LS#1 5. Nhn OK m ca s Manage Your Server 6. Trong Manage Your Server, nhn Add or Remove A Role m mn hnh Configure Manage Your Server. 7. Trn trang Preliminary Steps ca phn Configure Your Server wizard, nhn Next 8. Trn trang Server Role, chn DNS Server, v sau nhn Next. 9. Trn trang Role Removal Confirmation, nhn Remove DNS Server Role option, v sau nhn Next. 10. Trn trang DNS Server Role Removed, Nhn Finish. 11. ng tt cc ca s ang m.
QUN L V GIM ST DCH V DNS SERVER ca my tnh ngi hng dn (10.1.1.200) trong hp Preferred DNS Server, v sau nhn OK. 6. Nhn Close ng trang Contoso Ltd Network Properties. 7. ng tt c cc ca s.
CC CU HI N TP
Thi gian d kin hon thnh: 15 pht 1. Bn c th s dng ba phng php no c trnh by trong bi Thc hnh ny bo mt mt my ch DNS v d liu vng? 2. Tp no c s dng nhp sn DNS resolver cache? 3. Tin ch no c th c s dng xem xt cc s kin DNS c ghi nht k? 4. Hai tin ch no c trnh by phn u bi Thc hnh ny gip cho vic qun l v g ri cc vn v DNS? 5. Khi no cc cp nht i vi file zone kiu tch hp AD c sao chp? 6. S khc nhau no gia mt truy vn thng thng v truy vn quy? 7. Nu tn mt cng c khc vi Active Directory Sites And Services c cp trong cc bi thc hnh m c th c s dng p buc vic sao chp cc zones (vng) tch hp Active Directory?
QUN L V GIM ST DCH V DNS SERVER nwtraders.com. Hai my ch DNS trong min con europe.nwtraders.com: my ch DNS u tin chy ch standard primary zone, v my ch DNS th hai chy ch standard secondary zone. Mi mng LAN cng cha ng nhiu my ch DHCP v my ch WINS server. Cc my trm trn cc mng LAN s dng DHCP nhn a ch IP. L mt nh t vn, bn c yu cu h tr gii quyt cc vn lin quan n DNS cho phng Dch v Thng tin. Phng ny mun cu hnh dch v h tng mng DNS lm gim cc n lc qun tr lin quan n qun l cc my ch DNS v cc file zone DNS gim bt giao dch mng ni b. Nhn s ca phng ny cng yu cu bn gip h bo mt cc my ch DNS v cc chuyn i vng (zone) trong mng v xc nhn, kim tra v gim st cc hot ng ca DNS. Cui cng, tit kim bng thng ca mng WAN, phng ny mun c kh nng cu hnh cc my ch DNS chuyn tip cc truy vn DNS n cc my ch DNS ni b, thay v tt c cc my ch DNS chuyn tip cc truy vn DNS ra Internet.
99
th nghim vi dch v DHCP v DNS trong mt mi trng mng, bn mun cu hnh mt mng th im m s c s dng ci t v cu hnh DHCP v DNS. Mng th im ny s c cu hnh vi mt di a ch IP l 192.168.0.0/24. Mi trng th im ny s bao gm mt my hc TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 100
QUN L V GIM ST DCH V DNS SERVER vin ng vai tr nh mt my ch v mt my hc vin ng vai tr nh mt my trm. Bn nn trin khai theo cc bc sau: Ci t v trin khai mt my ch DHCP trn my tnh Windows Server 2003. Cu hnh mt my ch DHCP phn hi cc yu cu cp pht a ch IP. Cu hnh mt my ch DHCP cung cp cc tu chn di a ch IP thch hp. Ci t v trin khai mt my ch DNS trn mt my tnh Windows Server 2003. Sau khi hon thnh cc bc trn, bn chun b minh ha cho ngi hng dn rng cc my ch ca bn c th thc hin: Giao tip bng cch s dng giao thc TCP/IP. Nhn thng tin a ch IP ng thng qua DHCP. Giao tip bng cch s dng dch v DNS phn gii cc tn trm trong min con ni b.
THIT LP G RI
Trong phn thc hnh g ri, ngi hng dn hoc cc hc vin s gii thiu mt s c trong mng m s cn tr vic cp pht a ch IP v phn gii tn trn mng.
G RI
Trong phn thc hnh g ri ny, bn c giao nhim v gii quyt mt vn giao tip c gii thiu trong phn trc ca bi thc hnh ny. c th x l tin trnh g ri c hiu qu, bn cn phi ti liu ho cc qu trnh bn s dng trong khi khc phc vn . Ghi li cc bc v cc qu trnh g ri, bao gm cc thng tin nh sau: Bn xem xt ci g chn on s c? Lit k cc bc m bn thc hin chn on s c, k c cc bc chun on khng hot ng. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 101
QUN L V GIM ST DCH V DNS SERVER Bn pht hin s c no? Nguyn nhn ca s c? Gii php no? Cc bc gii quyt s c? Cc th nghim no c s dng xc nhn gii php khc phc s c? Kt qu ca th nghim? Lit k cc ti nguyn bn s dng gii quyt s c. Cc s c c gii thiu trn mng c thit k hn ch cc giao tip theo mt cch thc no , hoc gia cc my tnh trong min con hoc gia cc my tnh trong min vi my tnh thuc cc min khc trong lp hc. Bn c th s dng tin ch cu lnh Ping, tin ch Tracert, tin ch Nslookup, tin ch Dnscmd, hoc mt s cc tin ch khc kim tra cc kt ni v gip g ri s c.
102
BO MT TRONG MNG
KCH BN
Bn l qun tr mng ca ACNA, Ltd. Bn c yu cu a ra mt s khuyn ngh bo mt nng mc bo mt trong mng. Bn phi thc hin vic nng cp bo mt cho cc my ch v my qun tr min v s dng Microsoft Baseline Security Analyzer(MBSA) pht hin cc l hng bo mt trn my trm v my ch trn mng. m bo mc bo mt d liu trn my cc b v cc my khc, bn phi m ha File bng cch s dng h thng File m ha (EFS) cho my trm v my ch trn mng. Bn cng phi thit lp tc nhn phc hi cho min.
103
BO MT TRONG MNG
104
BO MT TRONG MNG 10. Trong hp thoi Run As, chn The Following User v sau nhp cc thng s sau trong cc trng ca hp thoi m bng iu khin Domain Controller Security Policy: c. Trong phn User Name, nhp administrator@domain.contoso.com ( y domain l tn Min ca bn). d. Trong phn Password, nhp MSPress@LS#1 11. Nhn OK m bng iu khin Domain Controller Security Policy. 12. M Local Policies, sau nhn Audit Policy. 13. Bn trong khung bn phi (detail pane), nhn p vo Audit Object Access. 14. Trong ca s Audit Object Access Properties, nhn la chn Success v sau nhn OK. 15. ng bng iu khin Domain Controller Security Policy. 16. Nhn chut phi vo mn hnh (Desktop) ca bn, chn New v sau chn Folder. 17. Nhp computerxx trong phn tn ca th mc ( y computerxx l tn my tnh ca hc vin). 18. Nhn p vo th mc bn va to ra trn mn hnh. 19. ng th mc Computerxx. 20. M ca s Event Viewer, sau nhn F5. 21. Trong ca s bn phi, lu cc s kin tng ng vi Object Access c lu li trong nht k bo mt. 22. ng Event Viewer.
BI TP 5-2: P DNG CC MU BO MT
Thi gian hon thnh d kin: 10 pht Trong bi tp ny, bn s hc cch s dng Security Configuration And Analysis Microsoft Management Console (MMC) snap-in so snh cc thit lp bo mt trn my tnh ca hc vin. Bn cng s hc cch s dng cng c Gpupdate p dng cc mu bo mt xc nh vo TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 105
BO MT TRONG MNG my tnh ca cc bn. Bn cng s p dng li mu Setup Security h thng ca bn quay li trng thi c, sau khi bn p dng cc mu bo mt mi. To ra bng iu khin thit lp bo mt (Security Setting) Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s gip bn to ra MMC mi bao gm cc snap-in Security Template v Security Configuration And Analysis. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn). 2. Nhn Start, sau nhn Run m hp thoi Run. 3. Trong phn Open, nhp mmc, v sau nhn OK. 4. Trong ca s Console1, trn thc n File, chn Add/Remove Snap-In m hp thoi Add/Remove Snap-In. 5. Nhn Add. 6. Trong danh sch cc snap-in hin c, chn Security Configuration And Analysis, sau nhn Add. 7. Chn Security Templates, sau nhn Add. 8. Nhn Close, dng ca s Add Stand Alone Snap-In, sau nhn OK. 9. Trn thc n File, chn Save As. 10. Trong ca s Save As, nhn vo biu tng mn hnh, sau trong phn File Name nhp security. Nhn Save. 11. ng tt c cc ca s ang m. So snh cc thit lp bo mt s dng MMC Snap-In Security Configuration And Analysis. Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s gip bn so snh cc thit lp bo mt trn cc my tnh ca hc vin vi cc mu bo mt xc nh trc. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn).
106
BO MT TRONG MNG 2. Nhn p vo biu tng security MMC trn desktop m MMC ny. 3. Chn Security Configuration And Analysis trong cy bng iu khin. 4. Trn thc n Action, chn Open Database m ca s Open Database. 5. Trong phn File Name, nhp securedc, sau nhn Open. 6. Trong ca s Import Template, nhn Securedc.inf, sau nhn Open. 7. Chn Security Configuration And Analyssis trong cy bng iu khin nu cha c chn. 8. Trong thc n Action, chn Analyze Computer Now. 9. ng vi ng dn mc nh lu tr cc li gp phi khi phn tch trong ca s Perform Analysis, sau nhn OK. 10. Trong cy bng iu khin, m Security Configuration And Analysis\Local Policies, sau nhn Audit Policy. 11. Trong ca s bn phi, tm Audit Accoun Logon Events. Ghi li cc thit lp vo bng di y Database Setting Computer Setting
12. Gi nguyn cc ca s bng iu khin ang m. Cu hi Ti sao li c ch X mu trn chnh sch Audit Logon Events? Cu hi Ti sao bn li mun ghi li cc s kin ng nhp thnh cng hay tht bi? p dng cc mu bo mt (Security Templates) Lu Hon thnh bi tp ny trn tt c cc my tnh ca hc vin. N s cho php bn p dng cc mu bo mt c nh ngha t trc cho cc my tnh ca hc vin. 1. Chn Security Configuration And Analysis trong cy bng iu khin. 2. Trn thc n Action, chn Configure Computer Now. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 107
BO MT TRONG MNG 3. ng vi ng dn mc nh lu tr cc li gp phi khi p dng trong ca s Configure System, sau nhn OK. 4. Gi nguyn cc ca s bng iu khin ang m. Kim tra cc thit lp bo mt c nhp vo bng cch s dng MMC Snap-In Security Configuration And Analysis Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn so snh cc thit lp bo mt trn cc my tnh ca hc vin vi cc mu bo mt c nh ngha t trc. 1. Ch Security Configuration And Analysis trong cy bng iu khin. 2. Trn thc n Action, chn Analyze Computer Now. 3. ng vi ng dn mc nh lu tr cc li gp phi khi phn tch. 4. Trong cy bng iu khin, m Security Configuration And Analysis\Local Policies, v sau chn Audit Policy. 5. Trong ca s bn phi, tm Audit Logon Event. Ghi li cc thit lp vo bng di y Database Setting Computer Setting
6. Gi nguyn cc ca s bng iu khin ang m Cu hi Ti sao li c nh du mu xanh trn chnh sch Audit Logon Event? p dng li cc thit lp ca mu Setup Security Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php p dng li mu Setup Security my tnh ca tt c hc vin quay li trng thi c, sau khi bn p dng cc mu bo mt mi. 1. Chn Security Configuration And Analysis trong cy bng iu khin. 2. Trn thc n Action, chn Open Database m ca s Open Database. 3. Trong phn File Name, nhp setup security, sau nhn Open. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 108
BO MT TRONG MNG 4. Trong ca s Import Template, nhn Setup Security.inf, sau nhn Open. 5. Trn thc n Action, chn Configure Computer Now. 6. ng vi ng dn mc nh lu tr cc li gp phi khi p dng trong ca s Configure System, sau nhn OK. 7. ng bng iu khin Security
BO MT TRONG MNG 8. Trong ca s New Object - User, nhn Finish kt thc qu trnh to ra ti khon mi. 9. ng bng iu khin Active Directory Users And Computers. 10. Nhn Start, nhn Administrative Tools, sau nhn Domain Controller Security Policy. 11. M Local Policies, bn di Security Setting. 12. Chn User Rights Assignment, v trong ca s bn phi nhn p vo Allow Logon Locally. 13. Trn trang Allow Logon Locally, nhn Add User Or Group. 14. Trong ca s Add User Or Group, nhn Browse. 15. Nhn nt Advanced trong ca s Select Users, Computers, Or Groups. 16. Nhn Find Now. 17. Chn ti khon studentlogon trong phn kt qu sau khi tm kim, sau nhn OK. 18. Nhn OK trong ca s Select Users, Computers, Or Groups. 19. Nhn OK trong hp thoi Add User Or Group. 20. Nhn OK ng ca s Allow Logon Locally Properties. 21. ng bng iu khin Domain Controller Security Policy.
110
BO MT TRONG MNG 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn). 2. Nhn chut phi vo mn hnh, nhn New v chn Folder. 3. Nhp Encrypted Folder trong phn tn ca th mc va to ra. 4. Nhn p vo Encrypted Folder, bn va to ra trn mn hnh. 5. Trong ca s Encrypted Folder, nhn File, nhn New, v sau nhn Text Document. 6. Nhp encrypted File trong phn tn ca File mi, sau nhn ENTER. 7. Nhn chut phi vo Encrypted File, sau chn Properties. 8. Trong th General, nhn Advanced m ca s Advanced Atrributes. 9. Trong ca s Advanced Atrributes, nhn Encrypt Content To Secure Data, sau nhn OK. 10. Nhn OK ng ca s Encrypted File Properties. 11. Trong ca s Encryption Warning, chn Encrypt The File Only, sau nhn OK. 12. Lu tn File chuyn sang mu xanh l cy, biu th File c m ha. Cu hi Bn phi lm th no c th thay i mu biu th ca cc File chng t rng chng c m ha? 13. ng ca s Encrypted Folder. S dng Cipher m ha v gii m th mc Lu Hon thnh bi tp ny trn tt c cc my tnh ca hc vin. N s cho php bn m ha v gii m File v th mc bng tin ch Cipher. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn). 2. Nhn p vo th mc Encrypted Folder c to ra trn mn hnh.
111
BO MT TRONG MNG 3. Trong ca s Encrypted Folder, nhn File, nhn New v sau nhn Text Document. 4. Nhp ciphertext-unencrypted l tn ca File, gi nguyn th mc ang m ny. 5. Nhn Start, sau nhn Run m hp thoi Run. 6. Trong phn Open, nhp cmd sau nhn OK m ca s du nhc lnh 7. Ti du nhc lnh, nhp cd desktop chuyn ng dn ca du nhc lnh. 8. Ti du nhc lnh, nhp cd Encrypted Folder thay i ng dn ca du nhc lnh. 9. Ti du nhc lnh, nhp cipher. Ghi li kt qu v bng di y Attribute File Name
Cu hi Thuc tnh no cho bn bit v tnh trng m ha ca cc File? 10. Trong ca s Encrypted Folder, nhn File, nhn New, nhn Folder sau nhp encrypted-subfolder. 11. Ti du nhc lnh, nhp cipher /e /s:encrypted-subfolder. 12. Ti du nhc lnh, nhp cipher. Ghi li kt qu v bng di y Attribute File Name
13. Ti du nhc lnh, nhp cipher /e /s:encrypted-subfolder. 14. Ti du nhc lnh, nhp cipher. Ghi li kt qu v bng di y Attribute 15. ng tt c cc ca s ang m. Nng cp chc nng min TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 112 File Name
BO MT TRONG MNG Lu Hon thnh cng vic ny trn tt c cc my tnh hc vin vi cc s th t u tin. N s gip bn nng cp chc nng min cho Min ca bn. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn). 2. Nhn Start, chn Control Panel, sau nhn p Administrative Tools. 3. Nhn chut phi vo Active Directory Users And Computers, sau chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn The Following User, sau nhp cc thng s sau trong cc trng ca hp thoi m bng iu khin Active Directory Users And Computers: a. Trong phn User Name, administrator@domain.contoso.com ( y domain l tn Min ca bn). Trong phn Password, nhp MSPress@LS#1. nhp
b.
5. Nhn OK m bng iu khin Active Directory Users And Computers. 6. Trong cy bng iu khin, chn v nhy chut phi vo Domain.Contoso.Com ( y Domain l tn Min ca bn), sau nhn Raise Domain Function Level m ca s Raise Domain Function Level. 7. Chn Windows Server 2003 t la chn Select An Available Domain Function Level. 8. Nhn nt Raise nng cp chc nng ca min. 9. Nhn OK trong hp thoi Raise Domain Function Level Warning. 10. Nhn OK trong ca s Raise Domain Function Level. Cho php m ha t xa (Remote Encryption) Lu Hon thnh cng vic ny trn tt c cc my tnh hc vin vi cc s th t u tin. N s cho php bn m ha v gii m cc File v th mc bng cch m ha t xa.
113
BO MT TRONG MNG 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn). 2. Nhn Start, chn Control Panel, sau nhn p Administrative Tools. 3. Nhn chut phi vo Active Directory Users And Computers, sau chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, chn The Following User, sau nhp cc thng s sau trong cc trng ca hp thoi m bng iu khin Active Directory Users And Computers: a. Trong phn User Name, nhp administrator@domain.contoso.com ( y domain l tn Min ca bn) b. Trong phn Password, nhp MSPress@LS#1. 5. Nhn OK m bng iu khin Active Directory Users And Computers. 6. Trong cy bng iu khin, m Domain.contoso.com ( y Domain l tn Min ca bn) 7. Chn Domain Controller trong cy bng iu khin. 8. Trong khung ca s bn phi, nhn chut phi vo Computerxx ( y Computerxx l tn my tnh ca hc vin), sau nhn Properties m ca s Computerxx Properties. 9. Trong th Delegation, xc nhn thuc tnh Trust This Computer For Delegation To Any Service (Kerberos Only) c chn. 10.Nhn OK ng ca s Computer Properties. Lu Hon thnh cng vic di y trn tt c cc my tnh ca hc vin vi cc s hiu nh hn. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn). 2. Nhn chut phi vo mn hnh, nhn New, sau chn Folder. 3. Nhp remote encryption trong phn tn ca th mc. 4. Nhn chut phi vo th mc Remote Encryption, sau chn Properties. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 114
BO MT TRONG MNG 5. Nhn th Sharing, sau chn Share This Folder. 6. Nhp remote encryption trong phn Share Name. 7. Nhn nt Permission m ca s Permission For Remote Encrryption. 8. Chn hp la chn (check box) Allow On Full Control tng ng vi Permission For Everyone. 9. Nhn OK chp nhn thay i cc cp php. 10. Nhn th Security. 11. Nhn Add di Group Or User Names, sau nhn Advanced. 12. Nhn Find Now trong ca s Select Users, Computers, Or Groups. 13. Chn nhm EveryOne trong danh sch, sau nhn OK. 14. Nhn OK ln na ng ca s Select Users, Computers, Or Groups. 15. Trong ca s Remote Encryption Properties, chn Everyone, chn Full Control trong phn Permission For Everyone, sau nhn OK ng trang ny li. Lu Hon thnh cng vic ny trn cc my tnh ca hc vin c s hiu ln hn. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn). 2. Nhn Start, sau chn Run m ca s Run. 3. Trong phn Open, nhp \\10.1.1.xx\remote encryption ( y 10.1.1.xx l a ch IP ca my tnh ca hc vin vi cc s th t u tin). 4. Trong ca s Remote Folder trn computerxx, nhn File, nhn New, sau nhn Text Document. 5. Nhp remote encrypted.txt trong phn tn ca File. 6. Nhn chut phi vo File Remotely Encrypted, sau chn Properties. 7. Trong th General, nhn nt Advanced m ca s Advanced Attribute. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 115
BO MT TRONG MNG 8. Trong ca s Advanced Attribute, nhn la chn Encrypt Content To Secure Data, sau nhn OK. 9. Nhn OK ng ca s Remotely Encrypted.txt Properties. 10. Lu rng mu ca File Remotely Encrypted chuyn t mu en sang mu xanh l cy, chng t rng n c m ha. 11. ng ca s Remote Folder. Cu hnh tc nhn phc hi d liu cho mt OU Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn gn tc nhn phc hi d liu cho OU Students. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn). 2. Nhn Start, nhn Administrative Tools, sau nhn Active Directory Users And Computers. 3. Trong cy bng iu khin, chn Domain.Contoso.Com ( y Domain l tn Min ca bn). 4. Trong khung bn phi, nhn chut phi vo Students, sau chn Properties m ca s Students Properties. 5. Nhn th Group Policy m trang Current Group Policy Links For Students. 6. Nhn New, nhp data recovery agent, sau nhn ENTER. 7. Nhn Edit m ca s Group Policy Object Editor. 8. Trong ca s Group Policy Object Editor, m Computer Configuration \Windows Settings\Security Settings\ Public Key Policies, sau chn Encrypting File System. Cu hi bn phi? ang c bao nhiu chnh sch EFS trong khung ca s
9. Gi nguyn bng iu khin Active Directory Users And Computers. 10. Nhn Start, nhn Run m hp thoi Run. 11. Trong phn Open, nhp mmc, sau nhn OK m ca s Console1. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 116
BO MT TRONG MNG 12. Trn thc n File, chn Add/Remove Snap-In m hp thoi Add/Remove Snap-In. 13. Nhn Add. 14. Trong danh sch cc snap-in c sn, chn Certificates, sau nhn Add. 15. Trong ca s snap-in Certificates, chn My User Account, sau nhn Finish. 16. Nhn Close ng ca s Add Standalone Snap-In, sau nhn OK. 17. Trn thc n File, chn Save As. 18. Trong ca s Save As, nhn chn biu tng desktop, sau trong phn tn File nhp certificates, sau nhn Save. 19. Gi nguyn cc bng iu khin ang m. Xut Certificate (Giy chng nhn) ca tc nhn phc hi d liu Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn gn tc nhn phc hi d liu cho OU Students. 1. Trong bng iu khin Certificate, m Certificates-Current User\ Personal, sau chn Certificates. 2. Trong khung bn phi, tm Administrator trong ct Issued To, sau tm File Recovery trong ct Intended Purposes. 3. Nhn chut phi vo Certificate ny, nhn All Tasks, sau nhn Export m trang Certificate Export Wizard. 4. Trn trang Certificate Export Wizard, nhn Next. 5. Xc nhn li la chn No, Do Not Export The Private Key c chn, sau nhn Next. 6. Xc nhn li la chn DER Encoded Binary X.509 (.CER) c chn, sau nhn Next. 7. Nhn nt Browse m ca s Save As. 8. Nhn biu tng desktop trong ca s Save As, sau trong phn File Name nhp data recovery certificate, sau nhn Save. 9. Trn trang File To Export, nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 117
BO MT TRONG MNG 10. Nhn Finish trn trang Completing The Certificate Export Wizard. 11. Trong hp thoi biu th qu trnh Export thnh cng, nhn OK. Gn tc nhn phc hi d liu cho OU Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn gn tc nhn phc hi d liu cho OU Students. 1. Trong ca s Group Policy Object Editor ca OU Students, m Computer Configuration\ Windows Settings\ Security Settings\ Public Key Policies, sau chn Encrypting File System. 2. Nhn chut phi vo Encrypting File System, sau chn Add Data Recovery Agent m trang Add Recovery Agent Wizard. 3. Trn trang Welcome To The Add Recovery Agent Wizard, nhn Next m trang Select Recovery Agents. 4. Trn trang Select Recovery Agents, nhn nt Browse Folders. 5. Nhn biu tng Desktop bn tri, nhn File Data Recovery Certificate.cer, sau nhn Open. 6. Trong ca s Add Recovery Agent, nhn Yes ci t certificate. 7. Trn trang Select Recovery Agents, nhn Next. 8. Trn trang Completing The Add Recovery Agent Wizard, nhn Finish. 9. ng tt c cc ca s m.
BO MT TRONG MNG Trong bi thc hnh ny, bn s hc cch ci t v cu hnh MBSA v Mbsacli. Bn cng s s dng c hai giao din ny qut cc l hng bo mt trn my tnh ca bn. Ci t MBSA Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn ci t MBSA trn cc my tnh ca hc vin ca bn. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn). 2. Nhn p vo File Mbsasetup.msi m Microsoft Baseline Security Analyzer Setup Wizard. 3. Trn trang Welcome, nhn Next. 4. Trn trang License Agreement, c k v phn bn quyn, sau nhn Accept The License Agreement nu bn ng vi cc iu khon. (Nu bn khng ng vi cc diu khon, bn s khng th tip tc ci t). Nhn Next tip tc ci t. 5. Nhn Next chp nhn cc thit lp mc nh. 6. Trn trang Destination Folder, nhn Next chp nhn th mc ci t mc nh. 7. Trn trang Choose Install Options, xa cc hp chn Place Shortcut On The Desktop, Show Readme File After Installation, v Launch Application After Installation, sau nhn Next. 8. Trn trang Select Features, nhn Next chp nhn cc thit lp mc nh. 9. Trn trang Ready To Install The Application, nhn Next bt u qua trnh ci t. Khi qu trnh ci t kt thc, trang Microsoft Baseline Security Analyzer Has Been Successfully Installed xut hin. 10. Nhn Finish ng wizard. Qut my tnh vi MBSA Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn qut my tnh ca bn vi MBSA pht hin ra cc l hng bo mt. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 119
BO MT TRONG MNG 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon administrator@domain.contoso.com ( y domain l tn Min ca bn). 2. Nhn Start, ch vo All Programs, sau nhn Microsoft Baseline Security Analyzer m ca s Microsoft Baseline Security Analyzer. 3. Trong khung bn tri, nhn lin kt Pick A Computer To Scan m trang Pick A Computer To Scan trong khung bn phi. Theo mc nh MBSA c cu hnh qut my tnh cc b. 4. Nhn lin kt Start Scan cui trang cho php MBSA bt u qut my tnh; khi kt thc, n s hin th kt qu trong trang View Security Report. 5. ng ca s MBSA. Cu hi Lit k mt s l hng bo mt tim n ca my tnh ca bn c a ra bi MBSA. S dng Mbsacli.exe Lu Hon thnh cng vic ny trn tt c cc my tnh ca hc vin. N s cho php bn s dng tin ch Mbsacli qut my tnh ca bn nhm pht hin cc l hng bo mt. nhn c tt c cc phn hi, my tnh ca hc vin phi truy cp c vo Internet. 1. Khi ng my tnh s dng Windows Server 2003, v ng nhp bng ti khon studentxx@domain.contoso.com ( y studentxx l tn ng nhp ca Hc vin v domain l tn min ca bn) 2. Nhn Start, sau nhn Run m ca s Run. 3. Trong phn Open, nhp cmd, sau nhn OK. 4. Trong ca s du nhc lnh, ti du nhc lnh, nhp cd\, sau nhn ENTER. 5. Ti du nhc C:, nhp cd c:\program files\microsoft baseline security analyzer. 6. Ti du nhc C:\Program Files\Microsoft Baseline Security Analyzer, nhp mbsacli /? . Cu hi tin ch Mbsacli.exe c m t nh th no? 7. Ti du nhc C:\Program Files\Microsoft Baseline Security Analyzer, nhp mbsacli, sau nhn ENTER. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 120
BO MT TRONG MNG Ghi kt qu sau khi thc hin lnh trn vo di y: ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ _____________________________________________ 8. ng ca s du nhc lnh.
CU HI N TP
1. Bn c th cho php thc hin kim sot cc s kin bo mt u? 2. Lm th no cc vn bn ca ngi s dng lu tr trn my ch trn mng c th m ha c? 3. Bn hy ch ra mt s phng thc m ha File trn my cc b hoc trn mng hoc c hai? 4. a ra tn ca ba la chn thm (switch) khi bn s dng tin ch Mbsacli? 5. iu g xy ra khi bn chy tin ch Mbsacli m khng c tham bin no?
121
KCH BN
Bn l qun tr mng cho Cng ty thng mi ABC Ltd. Bn ci t v trin khai hai my ch Web s dng IIS 6 dnh cho cc nhn vin ca cng ty s dng. Cc my ch Web ni b ny s phc v Site FTP ca ring cng ty v ch c mt s ngi dng nht nh trong cng ty s dng vi mc ch lu tr v phc hi cc d liu bo mt v ring t ca cng ty. Bn cn chc chn rng ch c cc lu thng FTP trn mng v cc lu thng ny cn c m ha trong qu trnh truyn thng tin trn mng. Sau khi hon thnh bi thc hnh ny, bn c kh nng: S dng IPSec Qun l v Bo mt cc lu thng mng. Theo di v Khc phc s c cc lu thng v kt ni IPSec Thi gian d kin: 130 pht
S DNG IPSEC BO MT LU THNG MNG khng bo mt. Trong bi tp ny, bn cn cu hnh cc chnh sch IPSec kha ton b cc lu thng HTTP ti my ch FTP t ti phng Research
S DNG IPSEC BO MT LU THNG MNG 12. nhn Finish trong ca s Completing The Windows Components Wizard. 13. ng tt c cc ca s ang m.
124
S DNG IPSEC BO MT LU THNG MNG 10. Trong ca s Save As, trong hp File Name, nhp ftpfile, v nhn Save lu file Ftpfile.txt vo th mc C:\Inetpub\Ftproot 11. ng ca s Notepad. 12. nhn Start, tr ti All Programs, v nhn Internet Explorer. 13. Trong thanh a ch ca Microsoft Internet Explorer, nhp http://computerxx v sau nhn ENTER (trong Computerxx l tn my tnh ca i tc nu bn c hi v cc thng tin ng nhp, hy s dng ti khon Administrator trn my tnh i tc v mt khu tng ng) CU HI Trang no xut hin trong ca s Internet Explorer? 14. Trong thanh a ch ca Microsoft Internet Explorer, nhp ftp://computerxx' v nhn ENTER CU HI File no xut hin trong ca s Internet Explorer? 15. ng tt c cc ca s ang m.
S DNG IPSEC BO MT LU THNG MNG 23. trn thanh thc n, nhn File, nhn Save As, v nhn Desktop. 24. Trong hp File Name, nhp ipsec, v nhn Save. 25. ng tt c cc ca s ang m.
S DNG IPSEC BO MT LU THNG MNG 6. Trn trang Requests For Secure Communication, xa ty chn Activate The Default Response Rule, v nhn Next. CU HI Vic v hiu ha Lut p Mc nh nhm mc ch g? 7. Trn trang Completing The IP Security Policy Wizard, nhn Finish. Trang Block HTTP Traffic Properties xut hin. 8. Trong th Rules ca trang Block HTTP Traffic Properties, xa ty chn Use Add Wizard, v nhn nt Add. 9. Trong th IP Filter List ca trang New Rule Properties, nhn nt Add. Trang IP Filter List xut hin. 10. Trn trang IP Filter List page, trong hp Name, nhp blocking http, xa ty chn Use Add Wizard, v nhn nt Add thm b lc. 11. Trong trang IP Filter Properties, trn danh sch x Source Address chn Any IP Address. 12. Trong trang IP Filter Properties, ti danh sch x Destination Address, chn My IP Address, v nhn th Protocol. 13. Trong th Protocol ca trang IP Filter Properties, Trong danh sch x Select A Protocol Type, chn TCP. 14. Trong th Protocol ca trang IP Filter Properties, trong phn Set The IP Protocol Port, nhn ty chn To This Port, nhp 80, v nhn OK. CU HI ti sao vic chn cng 80 l ng? 15. Trn trang IP Filter List, nhn OK xc nhn cc thng s chn. 16. Trong th IP Filter List ca trang New Rule Properties, chn ty chn Blocking HTTP t danh sch, v nhn th Filter Action. CU HI hnh ng b lc thc hin vic g? 17. Trn trang New Rule Properties, xa ty chn Use Add Wizard, v nhn nt Add thm hnh ng b lc. 18. Trong th Security Methods ca trang Filter Actions Propertie, chn ty chn Block. 19. Trong th General ca trang New Rule Filter Actions Properties, nhp block cho tn ca b lc, v nhn OK. 20. Trn trang New Rule Properties, chn th IP Filter List, v nhn Blocking HTTP t phn IP Filter Lists. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 127
S DNG IPSEC BO MT LU THNG MNG 21. Trong th Filter Action ca trang New Rule Properties, chn ty chn Block t danh sch Filter Actions, nhn Apply, v nhn OK. 22. Trn trang Block HTTP Traffic Properties, Kim tra xem ty chn Blocking HTTP c la chn, v nhn OK kt thc vic to chnh sch IPSec. 23. Trong khung chi tit ca bng iu khin IPSec, ti ct Name, nhn chut phi vo chnh sch Block HTTP Traffic IPSec, v nhn Assign. 24. ng bng iu khin v khng lu cc thay i khi c nhc.
S DNG IPSEC BO MT LU THNG MNG CU HI Trang no xut hin ti ca s Internet Explorer? 4. Trong thanh a ch ca Internet Explorer, nhp ftp://computerxx (trong Computerxx l tn my tnh ca i tc), v nhn ENTER. CU HI Trang no xut hin ti ca s Internet Explorer? 5. Nhn p chut ln Ipsec.msc trn mn hnh nn my tnh ca bn, chn IP Security Policies On Local Computer trong khung phm vi v chn chnh sch Block HTTP Traffic IPSec. 6. Trong khung Chi tit, nhn chut phi vo chnh sch IPSec, v chn Unassign t thc n ng cnh. 7. ng tt c cc ca s ang m.
S DNG IPSEC BO MT LU THNG MNG a. Trong hp User Name, nhp administrator@domain (trong domain l tn min ca bn). b. Trong hp Password, nhp MSPress@LS#l. 5. Trong cy bng iu khin Internet Information Services (US) Manager m rng Computerxx ( y Computerxx l tn my tnh ca hc vin), v m rng Site FTP. 6. Chn Default FTP Site, nhn thc n Action, v nhn Properties m ca s Default FTP Site Properties. 7. Trong ca s Default FTP Site Properties, nhn th Security Accounts. 8. Trong th Security Accounts, chc chn rng ty chn Allow Anonymous Connections c xa, v nhn OK. 9. Trong hp thoi cnh bo US Manager, nhn Yes tip tc. 10. Trong th Home Directory trong ca s Default FTP Site Properties di phn FTP Site Directory, chn hp kim tra Write. 11. Nhn OK chp nhn cc thay i. 12. ng tt c cc ca s ang m.
Ci t Network Monitor
QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N cho php bn c th ci t Network Monitor trn my ch chy Windows Server 2003. Trnh Network Monitor ny s c s dng thm st cc gi tin mng m my ch ca bn nhn c. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, chn Control Panel, v nhn Add Or Remove Programs. 3. Trong ca s Add Or Remove Programs, nhn Add/Remove Windows Components. 4. Trn trang Windows Components, di Components, chn ty chn Management And Monitoring Tools, v nhn nt Details. 5. Trong ca s Management And Monitoring Tools, chn hp kim tra Network Monitor Tools, v nhn OK. 6. Trn trang Windows Components, nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 130
S DNG IPSEC BO MT LU THNG MNG 7. Nu c hi v v tr cc File ci t, cho a ci t Windows Server 2003 vo CD-ROM, v nhn OK. 8. Trn ca s Completing The Windows Components Wizard, nhn Finish. 9. ng tt c cc ca s ang m.
S DNG IPSEC BO MT LU THNG MNG 12. Trong th Protocol ti ca s Expression, nhn nt Disable All. 13. Trong phn Disabled Protocols, chn FTP, nhn nt Enable, v nhn OK. 14. Trong ca s Display Filter, nhn OK. 15. Trong ct Description, nh v ti khon ngi dng s dng ng nhp vo my ch FTP (Hng dn: Tm kim administrator v Password trong ct m t.). ghi li kt qu vo di y: a. User: _________________ b. Password: _______________ CU HI Ti sao cc thng s ng nhp li dng tng minh? 16. ng ca s Microsoft Network Monitor. 17. Trong hp thoi Microsoft Network Monitor, khi c nhc lu cc d liu ac thu thp c, nhn No.
132
S DNG IPSEC BO MT LU THNG MNG 9. Trong ca s Microsoft Network Monitor, nhn Capture t thanh thc n, v nhn Start. 10. Nhn Start, tr ti All Programs, v nhn Internet Explorer. 11. Trong thanh a ch ca Microsoft Internet Explorer, nhp http://computerxx v sau nhn ENTER (trong Computerxx l tn my tnh ca i tc).. 12. Trong ca s Log On As, nhp cc thng s ng nhp sau: c. Trong hp User Name, nhp administrator. d. Trong hp Password, nhp MSPress@LS#l. 13. Trong ca s Log On As, nhn nt Log On. 14. Ko file UnencryptedFile.txt vo ca s Internet Explorer c a ch Ftp://Computerxx (trong Computerxx l tn my tnh ca i tc)., v nhn Copy Here. QUAN TRNG Ch cho i tc ca bn hon thnh cc bc trn trc khi ngng thu thp thng tin ( capture) 15. Trong ca s Microsoft Network Monitor, nhn Capture t thanh thc n, v nhn Stop And View. 16. Trong ca s Microsoft Network Monitor, trong ca s Capture: 1 (Summary), nhn Display t thanh thc n, v nhn Filter. 17. Trong ca s Display Filter, nhn ty chn Protocol = = Any, v nhn Edit Expression. 18. Trong th Protocol ti ca s Expression, nhn nt Disable All. 19. Trong phn Disabled Protocols, chn FTP, nhn nt Enable, v nhn OK. 20. Trong ca s Display Filter, nhn OK. 21. Trong mn hnh Microsoft Network Monitor, ti ca s Capture: 1 (Summary), Trong ct Description, nh v UnencryptedFile.txt. CU HI c phi l tn file bn va chuyn n my ch bng FTP?
S DNG IPSEC BO MT LU THNG MNG cc lu thng FTP bng IF'Sec. Dnah sch IP Filter List bn to ra s gip cc my tnh bo v ch cc lu thng chn, trong trng hp ny l cc lu thng FTP. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Trn mn hnh nn ca my tnh, nhn p chut ln Ipsec.msc m bng iu khin IPSec. 3. Trong bng iu khin IPSec, nhn chut phi ln IP Security Policies On Local Computer, v chn Create IP Security Policy. Trnh hng dn IP Security Policy Wizard uc m. 4. Trn trang Welcome To The IP Security Policy Wizard, nhn Next. 5. Trn trang IP Security Policy Name, trong hp Name, nhp EncryptFTP, v nhn Next. 6. Trn trang Request For Secure Communication, xa ty chn Activate The Default Response Rule, v nhn Next. 7. Trn trang Completing The IP Security Policy Wizard, nhn Finish. 8. Trn trang EncryptFTP Properties, trong th Rules, m bo rng hp kim tra Use Add Wizard c la chn, v nhn Add thm lut mi. 9. Trn trang Welcome To The Create IP Security Rule Wizard, nhn Next. 10. Trn trang Tunnel Endpoint, xc nhn rng ty chn This Rule Does Not Specify A Tunnel c chn, v nhn Next. 11. Trn trang Network Type, xc nhn rng ty chn All Network Connections c chn, v nhn Next. CU HI Vic la chn ty chn All Network Connections s thc hin vic g? 12. Trn trang IP Filter List, nhn Add thm danh sch b lc. 13. Trn trang IP Filter List, nhp ftp (negotiate), Chc chn rng hp kim tra Use Add Wizard c chn, v nhn Add thm b lc. Trnh hng dn IP Filter Wizard c m. 14. Trn trang Welcome To The IP Filter Wizard, nhn Next. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 134
S DNG IPSEC BO MT LU THNG MNG 15. Trn trang IP Filter Description And Mirrored Property, trong hp Description, nhp ftp encryption filter, v nhn Next. 16. Trn trang IP Traffic Source, trong danh sch x Source Address, chn Any IP Address, v nhn Next. 17. Trn trang IP Traffic Destination, trong danh sch x Destination Address, chn My IP Address, v nhn Next. 18. Trn trang IP Protocol Type, Trong danh sch x Select A Protocol Type, nhn TCP, v nhn Next. 19. Trn trang IP Protocol Port, chn ty chn To This Port, trong hp To This Port, nhp 21, nhn Next, v nhn Finish. CU HI Ti sao cng 21 c s dng? 20. Trong hp thoi IP Filter List, nhn OK tr v trang IP Filter List. 21. Trn trang IP Filter List, chn ty chn FTP (Negotiate), v nhn Next. 22. Trn trang Filter Action, chn ty chn Require Security, v nhn Next. 23. Trn trang Authentication Method, xc nhn rng ty chn Active Directory Default (Kerberos V5 Protocol) c la chn, v nhn Next. 24. Trn trang Completing The Security Rule Wizard, xa ty chn Edit Properties, v nhn Finish. 25. Trn trang EncryptFTP Properties, xa ty chn Use Add Wizard, v nhn OK kt thc qu trnh to lut mi. 26. Trong khung chi tit ca bng iu khin MMC IPSec, Trong ct Name, nhn chut phi ln EncryptFTP IPSec Policy, v nhn Assign. 27. ng tt c cc ca s ang m.
Xa trng thi IKE (Internet Key Exchange): Khi ng li dch v IPSec Policy Agent
QUAN TRNG Hon thnh tc v ny trn my tnh hc vin c s hiu nh hn. N cho php bn dng v khi ng li dch v Policy Agent chc chn rng b lc IPSec l c kch hot.
135
S DNG IPSEC BO MT LU THNG MNG 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, nhn Run, trong hp Open, nhp cmd, v nhn ENTER. 3. Ti du nhc lnh, nhp net stop policyagent, v nhn ENTER dng cc dch v lin quan n IPSec. 4. Ti du nhc lnh, nhp net start policyagent, v nhn ENTER khi ng li cc dch v lin quan n IPSec. 5. Ti du nhc lnh, nhp exit, v nhn ENTER ng ca s du nhc lnh.
S DNG IPSEC BO MT LU THNG MNG 6. Ti du nhc lnh, nhp net stop policyagent, v nhn ENTER dng cc dch v lin quan n IPSec. 7. Ti du nhc lnh, nhp net start policyagent, v nhn ENTER khi ng li cc dch v lin quan n IPSec. 8. Ti du nhc lnh, nhp exit, v nhn ENTER ng ca s du nhc lnh. 26. Nhn chut phi vo khong trng trn mn hnh nn ca bn, chn New, v nhn Text Document. 9. nhp tn File, g Encryptedfile.txt. 10. Nhn p vo EncryptedFile.txt m n trong Notepad. 11. Trong File EncryptedFile.txt, g here is my encrypted data. 12. Nhn File t thanh thc n, nhn Exit, v khi c nhc lu cc thay i, nhn Yes. 13. Nhn Start, nhn Administrative Tools, v nhn Network Monitor. 14. Nu c nhc la chn giao tip mng, chn giao tip mng ABC Ltd, v nhn OK. 15. Trong ca s Microsoft Network Monitor, nhn Capture t thanh thc n, v nhn Start. 16. Nhn Start, tr ti All Programs, v nhn Internet Explorer. 17. Trong thanh a ch ca Microsoft Internet Explorer, nhp http://computerxx v sau nhn ENTER (trong Computerxx l tn my tnh ca i tc).. 18. Trong ca s Log On As, nhp cc thng s ng nhp sau: a. Trong hp User Name, nhp administrator. b. Trong hp Password, nhp MSPress@LS#l. 19. Trong ca s Log On As, nhn nt Log On. 20. Ko file EncryptedFile.txt vo ca s Internet Explorer c a ch Ftp://Computerxx (trong Computerxx l tn my tnh ca i tc)., v nhn Copy Here. QUAN TRNG Hon thnh tc v ny trn my tnh hc vin c s hiu nh hn. N s cho php bn thu thp cc gi tin do giao tip mng trn my tnh hc vin nhn c. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 137
S DNG IPSEC BO MT LU THNG MNG 1. Trong ca s Microsoft Network Monitor, nhn Capture t thanh thc n, v nhn Stop And View. 2. Trong ca s Microsoft Network Monitor, trong ca s Capture: 1 (Summary), nhn Display t thanh thc n, v nhn Filter. 3. Trong ca s Display Filter, nhn ty chn Protocol = = Any, v nhn Edit Expression. 4. Trong th Protocol ti ca s Expression, nhn nt Disable All. 5. Trong phn Disabled Protocols, chn FTP, nhn nt Enable, v nhn OK. 6. Trong ca s Display Filter, nhn OK. CU HI C thu c bt c gi tin no s dng giao thc FTP khng? Ti sao? 7. Trong Microsoft Network Monitor, ti ca s Capture: 1 (Summary), nhn Display t thanh thc n, v nhn Filter. 8. Trong ca s Display Filter, chn ty chn Protocol = = FTP, v nhn Edit Expression. 9. Trong th Protocol ti ca s Expression, nhn nt Disable All. 10. Trong phn Disabled Protocols, chn ESP, nhn nt Enable, v nhn OK. 11. Trong ca s Display Filter, nhn OK. Nhn p chut mt mc vo m mt khung c s 16. CU HI Bn c th nhn ra d liu trong khung c s 16 ca d liu trong cc gi tin thu thp c khng?Can you recognize the data in the hex-pane of the data in the packets 12. ng tt c cc ca s ang m. CU HI IPSec c m ha c cc thng s ng nhp dng tng minh v d liu c vn chuyn qua mng khng? Does IPSec encrypt both the clear-text credentials and the data that are transmitted across the network?
139
S DNG IPSEC BO MT LU THNG MNG 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Trn mn hnh nn ca my tnh, nhn p chut ln Ipsec.msc m bng iu khin IPSec. 3. Trong cy bng iu khin IPSec, nhn chut phi the IP Security Policies On Local Computer, nhn All Tasks, v nhn Restore Default Policies. 4. Trong hp cnh bo IP Security Policy Management, nhn Yes, v nhn OK. 5. Nhn Start, nhn Run, v g \\computerxx\ipsec (trong computerxx l tn my tnh i tc ca bn) trong hp Open. 6. Ko file EncryptFtp. Ipsec vo mn hnh nn, v chn Copy Here. 7. Trong cy bng iu khin IPSec, nhn chut phi IP Security Policies On Local Computer, nhn All Tasks, v nhn Import Policies. 8. Trong ca s Open, nhn Desktop, nhn ln file EncryptFtp.Ipsec, v nhn Open. CU HI Cng TCP no c cu hnh trn b lc IPSec EncrypFtp trn my tnh hc vin?
S DNG IPSEC BO MT LU THNG MNG QUAN TRNG Hon thnh tc v ny trn my tnh hc vin c s hiu ln hn. N cho php bn g b cc chnh sch IPSec gn cho my tnh hc vin. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Trn mn hnh nn ca my tnh, nhn p chut ln Ipsec.msc m bng iu khin IPSec. 3. Trong khung chi tit ca bng iu khin IPSec, chn v nhn chut phi vo chnh sch IPSec Client (Respond Only), v nhn Un-Assign 4. Trong khung chi tit ca bng iu khin IPSec, chn v nhn chut phi vo chnh sch IPSec Server (Request Security), v nhn Assign. 5. ng tt c cc ca s ang m.
S DNG IPSEC BO MT LU THNG MNG 4. Trong kha HKEY_LOCAL_MACHINE, duyt n v tr sau:: System\CurrentControlSet\Services\PolicyAgent. 5. M rng kha ph PolicyAgent. 6. Trong cy bng iu khin, nh v v chn kha ph Oakley. 7. Trn thc n Edit, nhn New, v nhn DWORD Value. 8. Trong hp New Value #1, nhp vo phn Value Name (lu c phn bit ch hoa, ch thng) EnableLogging, v nhn ENTER. 9. Trong khung chi tit, nhn chut phi DWORD Enable Logging, v nhn Modify. 10. Trong hp thoi Edit DWORD Value, trong hp Value Data, g 1, v nhn OK. CU HI iu g s xy ra nu bn nhp 0 cho gi tr ca bin EnableLogging? 11. ng Registry Editor. 12. Nhn Start, nhn Run, trong hp Open, nhp cmd, v nhn ENTER. 13. Ti du nhc lnh, g net stop policyagent, v nhn ENTER dng cc dch v lin quan n IPSec. 14. Ti du nhc lnh, g net Start policyagent, v nhn ENTER khi ng li cc dch v lin quan n IPSec. 15. Ti du nhc lnh, g exit ng ca s du nhc lnh File nht k Oakley s c lu ti %systemroot%\Debug\Oakley.log mt cch mc nh v file Oakley.log.sav l phin bn trc ca nht k sau khi dch v Policy Agent c khi ng li 16. ng tt c cc ca s ang m.
142
S DNG IPSEC BO MT LU THNG MNG 2. Trn mn hnh nn ca my tnh, nhn p chut vo Ipsec.msc m bng iu khin IPSec. 3. Trong bng iu khin IPSec, nhn File, v nhn Add/Remove SnapIn m ca s Add/Remove Snap-In. 4. Trong ca s Add/Remove Snap-In, nhn Add. 5. Trong ca s Add Standalone Snap-In, nhn IP Security Monitor, nhn Add, v nhn Close. 6. Trong ca s Add/Remove Snap-In, nhn OK. 7. Trong cy bng iu khin IPSec, m rng IP Security Monitor, v m rng Computerxx ( y Computerxx l tn ca my tnh ca bn). CU HI My tnh ca hc vin c security associations (SA S Kt hp Bo mt) c thit lp?, nu c, th vi my tnh no? (hng dn: Quan st phn Main Mode bn di Security Associations.) 8. ng tt c cc ca s ang m. 9. Khi c nhc lu cc thit lp bng iu khin IPSec, nhn Yes.
143
144
Xa trng thi IKE (Internet Key Exchange): Khi ng li dch v IPSec Policy Agent
QUAN TRNG Hon thnh tc v ny trn c hai my tnh ca hc vin. N s cho php bn dng v khi ng li cc dch v IPSec trn my tnh ca mnh. 1. Khi ng my tnh ca bn chy Windows Server 2003, v ng nhp vi tn Administrator@domain (trong domain l tn min ca bn). 2. Nhn Start, nhn Run, in the Open box, type cmd, v nhn ENTER. 3. Ti du nhc lnh, nhp net stop policyagent, v nhn ENTER dng cc dch v lin quan n IPSec. 4. Ti du nhc lnh, nhp net start policyagent, v nhn ENTER khi ng li cc dch v lin quan n IPSec. 5. Ti du nhc lnh, nhp exit, v nhn ENTER ng ca s du nhc lnh.
CU HI N TP
Thi gian d kin: 15 pht TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 145
S DNG IPSEC BO MT LU THNG MNG 1. Cc chnh sch IPSec c th s dng hai phng thc no cung cp vic bo v cho cc thng s ng nhp, d liu v my ch? 2. Nguyn nhn m bn mun s dng cc chnh sch IPSec My tnh cc b l g? 3. Hai tin ch bn c th s dng kim tra cc chnh sch IPSec l ang c p dng trn my tnh cc b l g? 4. M t qu trnh s dng xc thc bng Giy chng nhn thc thi vic m ha cc lu thng Telnet gia mt my khch v nhiu my ch Telnet. 5. Bn c th cu hnh chnh sch IPSec ch s dng Triple DES Secure Hash Algorithm version 1 (3DES SHA1) m ha khng? 6. Mo t Kha Chia s trc (preshared key) l g v ti sao n khng l phng php c khuyn co s dng xc thc IPSec. 7. Cc chnh sch bo mt xc nh trc Secure Server (Require Security) v Server (Request Security) c khc nhau khng? 8. Khi no l thch hp s dng phng thc vn chuyn (Transport Mode) v khi no l thch hp s dng phng thc ng hm (Tunnel Mode)? 9. Khi thc hin khc phc s c IPSec, lm th no bn xc nh vn s c trong lin lc gia hai my tnh xy ra do cc thit lp IPSec hay do cc vn v phn cng mng ni chung khc?
S DNG IPSEC BO MT LU THNG MNG Mc d vy, bn khng mun c cc ti ph thm do vic qun tr gy ra, do vy, bn tm kim gii php khc. Ban lnh o thng bo vi bn rng gi ca cc Certificate thng mi hay ca cc i tc th ba m c th ci t ln my ch Web c h tr HTTPS l qu cao. Bn c th cu hnh my ch Web cho php cc nhn vin ca cng ty thc hin cc lin lc bo mt nh th no?
147
CC BC CHUN B
QUAN TRNG Nu bn hon thnh cc bi tp dnh cho bi thc hnh s 5, Bo mt mng, v bi thc hnh s 6, Bo mt lu lng mng bng IPSec th bn ch cn hon thnh mt trong s cc bi tp yu cu di y, Kch hot v cu hnh card mng cho phng hc. hon thnh cc bi tp trong bi thc hnh ny, bn phi ci t mt card mng th hai trn mi my tnh hc vin. Kt ni cc card mng thm ny bng cp cho. Sau khi hon thnh bi thc hnh s 7, g b card mng th TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 148
S DNG RRAS CU HNH NH TUYN hai ny hoc v hiu ha chng bng giao din ca Microsoft Windows trc khi tip tc vi cc bi tp trong bi thc hnh cui cng. Thi gian d kin: 10 pht ======================================================
S DNG RRAS CU HNH NH TUYN ons m ca s Network Connecti ons. 3. Trong ca s Network Connecti ons, nhp chut phi vo kt ni Litware Network ri nhp Enable. 4. Trong ca s Network Connecti ons, nhp chut phi vo kt ni Litware Network ri nhp vo Propertie s m trang Litware Network Propertie s. 5. Trong trang TRIN KHAI, QUN TR V DUY TR C S H TNG MNG 150 VI WINDOWS SERVER 2003
S DNG RRAS CU HNH NH TUYN Litware Network Propertie s, nhp vo TCP/IP ri nhp Propertie s. 6. Trong th General, la chn Use The Followin g IP Address v nhp thng tin a ch IP c cung cp trong bng 7-1.
Bng 7-1: a ch IP ca my tnh hc vin
Contoso Network a ch IP: 10.1.1.1 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.2 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.3 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.4 Mt n mng: 255.255.0.0 a ch IP: 10.1.1.5 Mt n mng: 255.255.0.0
Litware Network a ch IP: 192.168.0.1 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.2 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.3 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.4 Mt n mng: 255.255.255.0 a ch IP: 192.168.0.5 Mt n mng: 255.255.255.0
151
152
7. Sau khi bn nhp thng tin a ch IP, nhp OK ng ca s Internet Protocol (TCP/IP) Propertie s. 8. Nhp OK ng ca TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 153
S DNG RRAS CU HNH NH TUYN s Litware Network Propertie s. 9. ng ca s Network Connecti ons. ======================================================
Ci t dch v WWW
QUAN TRNG Hon thnh cng vic ny trn c hai my tnh hc vin. Qua s cho php bn ci t dch v WWW trn my ch ca bn chy h iu hnh Windows Server 2003. Bn ch lm vic ny khi bn cha hon thnh bi thc hnh s 5 v 6. 6. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ngi s dng hc vin ca bn v domain l tn domain ca bn). 7. Nhp Start ri chn Control Panel. 8. Trong khi gi phm SHIFT, nhp chut phi vo Add Or Remove Programs ri nhp vo Run As m hp thoi Run As. 9. Trong hp thoi Run As, la chn The Following Users ri nhp cc chng thc sau vo trong hp thoi m ca s Add Or Remove Programs: a. Trong hp User Name, nhp administrator@domain.contoso.com (trong domain l tn domain ca bn) b. Trong hp Password nhp MSPress@LS#1. 10. Trong ca s Add Or Remove Programs nhp Add/Remove Windows Components. 11. Trong phn Components ca Windows Components Wizard, la chn Application Server ri nhp nt Details. 12. Trong ca s Application Server, la chn Internet Information Services (IIS) ri nhp nt Details. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG 154 VI WINDOWS SERVER 2003
S DNG RRAS CU HNH NH TUYN 13. Trong ca s Internet Information Services (IIS), la chn hp kim tra World Wide Web Service ri nhp OK. 14. Trong ca s Internet Information Services (IIS) nhp OK. 15. Trong ca s Application Server nhp OK. 16. Trn trang Windows Components nhp Next. 17. Nu h iu hnh yu cu bn ch v tr cc file ci t, a a CD ci t Windows Server 2003 vo a CD-ROM ri nhp OK. 18. Trn trang Completing The Windows Components Wizard nhp Finish. 19. ng tt c cc ca s ang m li. ======================================================
155
4. Trong ca s Untitled Notepad, nhp File ri k chn Save As. 5. Trong ca s Save As, nhp vo My Comouter bn tri ri tr ti th mc C:\Inetpub\Wwwroot. 6. Trong ca s Save As, g default.htm vo trong hp File Name ri nhp vo Save lu file Default.htm vo trong th mc C:\Inetpub\Wwwroot. 7. ng Notepad li. ======================================================
S DNG RRAS CU HNH NH TUYN 8. Nhp OK chp nhn hp cnh bo Raise Domain Funtional Level. 9. Nhp OK mt ln na chp nhn hp thoi Raise Domain Funtional Level.
KCH BN
Bn l nh qun tr mng ca cng ty Contoso, Ltd.Gn y cng ty bn c mua li mt cng ty mi c tn l Litware, Inc. Vn phng chnh ca Contoso, Ltd c t trong mt ta nh Denver. Vn phng chnh ca Litware, Inc pha bn kia thnh ph. Mng ca Litware, Inc ch c t 8 n 10 ngi s dng c kt ni vi mng ca Contoso, Ltd qua ng Frame Relay 56K. kt ni mng ca hai vn phng chnh vi nhau bn cn ci t v cu hnh Routing And Remote Access trn mt my ch Windows Server 2003 c hai bn. iu ny cho php ngi s dng ca c hai mng c th truy cp cc ti nguyn ln nhau, ng thi cung cp truy cp t xa cho cc my trm.
S DNG RRAS CU HNH NH TUYN 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: c. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). o Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trong mn hnh qun tr Routing And Remote Access, kch chut phi vo Computerxx (trong Computerxx l tn my tnh ca bn) ri chn Configure And Enable Routing And Remote Access t menu tt. 7. Trn trang Welcome To Routing And Remote Access Server Setup Wizard nhp Next m trang Configuration. 8. Trn trang ny, nhp Custom Configuration ri nhp Next m trang Custom Configuration. 9. Trn trang Custom Configuration, nhp LAN Routing ri nhp Next m trang Completing The Routing And Remote Access Server Setup Wizard. 10. Trn trang Completing The Routing And Remote Access Server Setup Wizard, nhp Finish ng Routing And Remote Access Server Setup Wizard li. 11. Trong hp thoi Routing And Remote Access, nhp Yes khi to dch v Routing And Remote Access. 12. ng mn hnh Routing And Remote Access li.
158
Ci t v cu hnh RIP
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn cu hnh my ch Routing And Remote Access ca bn ng vai tr nh mt router RIP. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trong mn hnh qun tr Routing And Remote Access, m rng phn Computerxx (trong Computerxx l tn my tnh ca bn) ri m rng IP Routing. 7. Trong IP Routing la chn v kch chut phi General ri chn New Routing Protocol. 8. Trn trang New Routing Protocol, nhp RIP Version 2 For Internet Protocol ri nhp OK. 9. Trn trang Routing And Remote Access, kch chut phi vo RIP ri la chn New Interface. 10. Trn ca s New Interface For RIP Version 2 For Internet Protocol trong Interfaces la chn Contoso Ltd Network ri nhp OK. 11. Trn trang RIP Properties-Contoso Ltd Network Properties nhp OK. 12. Trong ca s Routing And Remote Access, nhp chut phi RIP ri la chn New Interface. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 159
S DNG RRAS CU HNH NH TUYN 13. Trn ca s New Interface For RIP Version 2 For Internet Protocol trong Interfaces la chn Litware Inc Network ri nhp OK. 14. Trn trang RIP Properties-Litware Inc Network Properties nhp OK. ======================================================
161
Kim tra cc ng nh tuyn tnh bng cch s dng mn hnh Routing And Remote Access
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn hin th v kim chng rng cc ng nh tuyn tnh c a vo my ch ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trong mn hnh qun tr Routing And Remote Access, m rng phn Computerxx (trong Computerxx l tn my tnh ca bn) ri m rng IP Routing. 7. Trong mn hnh ny, nhp chut phi vo Static Routes ri chn Show IP Routing Table. Hy ghi li thng tin nh tuyn ca mng 172.16.0.0 vo bng di y:
Thng tin nh tuyn Destination (ch) Subnet Mask (Mt n mng) Cng ra (Gateway) Interface (Giao din) Gi tr ng nh tuyn (Metric) ng nh tuyn 1 ng nh tuyn 2
162
Xa cc ng nh tuyn tnh
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn xa cc ng nh tuyn tnh trn my ch ci t Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As.
163
S DNG RRAS CU HNH NH TUYN 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trong mn hnh qun tr Routing And Remote Access, m rng phn Computerxx (trong Computerxx l tn my tnh ca bn) ri m rng IP Routing. 7. Trong mn hnh ny, nhp vo Static Routes. 8. Trong trang lit k chi tit ca mn hnh qun tr Routing And Remote Access, nhp chut phi vo ng nh tuyn tnh 172.16.0.0 ri nhp Delete. 9. ng mn hnh Routing And Remote Access li.
Cu hnh mt my ch VPN
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh Routing And Remote Access vi cc cng VPN. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 164
S DNG RRAS CU HNH NH TUYN 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, nhp chut phi vo Computerxx (trong Computerxx l tn my tnh ca bn) ri nhp vo Properties m trang Computerxx (Local) Properties. 7. Trn trang Computerxx (Local) Properties, trong th General la chn hp kim tra Remote Access Server ri nhp OK. 8. Trong hp thoi Routing And Remote Access, nhp Yes khi ng li router. CU HI Mc nh, c tt c bao nhiu cng VPN c php sau khi bn cu hnh dch v Routing And Remote Access? CU HI Bn s lm g cu hnh thm cc cng VPN? 9. ng tt c cc ca s ang m. ======================================================
165
S DNG RRAS CU HNH NH TUYN 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Active Directory Users And Computers ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Active Directory Users And Computers: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS1. 5. Nhp OK m mn hnh Active Directory Users And Computers. 6. Trn mn hnh qun tr Active Directory Users And Computers, nhp chut phi vo domain.contoso.com (trong domain l tn domain ca bn) la chn New ri nhp vo Organizational Unit. 7. Trong ca s New Object-Organizational Unit, trn hp Name g vpn users ri nhp OK. 8. Trn mn hnh qun tr Active Directory Users And Computers, nhp chut phi vo OU VPN Users, nhp New ri nhp vo Users m ca s New Object-User. 9. Trong ca s New Object-User trong hp First Name g VPNUser. 10. Trong ca s New Object-User trong hp User Logon Name g VPNUser ri nhp Next. 11. Trong hp Password and Confirm Password g MSPress#1. Xa la chn User Must Change Password At Next Logon v la chn User Can not Change Password ri nhp Next. 12. Trong ca s New Object-User nhp Finish kt thc qu trnh to ti khon ngi s dng mi. 13. ng tt c cc ca s ang m. ======================================================
S DNG RRAS CU HNH NH TUYN 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start ri chn Network Connections m ca s Network Connections. 3. Trong ca s Network Connections, trn menu File nhp New Connections m New Connections Wizard. 4. Trong New Connections Wizard nhp Next m trang Network Connections Type. 5. Trong trang Network Connections Type nhp Connect To The Network At My Workplace ri nhp Next. 6. Trn trang Network Connections nhp vo kt ni Virtual Private Network ri nhp Next m trang Connection Name. 7. Trn trang Connection Name, trong hp Company Name nhp vpn to contoso ltd ri nhp Next. 8. Trn trang VPN Server Selection, trong trng Host Name Or IP Address nhp a ch IP my tnh i tc ca bn (10.1.1.x) ri nhp Next. 9. Trn trang Connection Availability la chn Anyones Use ri nhp Next. 10. Trn trang Completing The New Connection Wizard la chn hp kim tra Add A Shortcut To This Connection To My Desktop ri nhp Finish ng New Connection Wizard li. 11. Trong ca s Connect To VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPRess#1. 12. Nhp Connect thc hin kt ni VPN. CU HI C li no xut hin khi bn c gng kt ni ti my ch VPN? 13. Trn trang Error Connecting To VPN To Contoso Ltd nhp Close. ====================================================== TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 167
S DNG RRAS CU HNH NH TUYN 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Trn mt mn hnh, kch p vo biu tng kt ni quay s VPN To Contoso Ltd. 3. Trong ca s Connect VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPress#1. 4. Nhp Connect thc hin kt ni VPN. CU HI Bn nhn c thng bo li g khi c gng kt ni ti my ch VPN? 5. Trn trang Error Connecting To VPN To Contoso Ltd nhp Close. CU HI Ti sao VPNUser khng c php kt ni vi la chn quay s Control Access Through Remote Access Policy c kch hot cho ti khon VPNUser? ======================================================
Cu hnh li my ch VPN
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn chp nhn cc kt ni VPN ti my ch. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access:
169
S DNG RRAS CU HNH NH TUYN 5. Trong hp User Name, nhp administrator@domain.conto-so.com ( trong domain l tn domain ca bn). 6. Trong hp Password, nhp MSPress@LS#1. 7. Nhp OK m mn hnh Routing And Remote Access. 8. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn). 9. Trong mn hnh Routing And Remote Access, nhp chut phi vo Ports ri chn Properties. 10. Trong ca s Ports Properties la chn WAN Miniport (PPTP) ri nhp vo Configure. 11. Trn ca s Configure Device-WAN Miniport (PPTP), xem li hp kim tra Remote Access Connections (Inbound Only) ri nhp OK. 12. Trong ca s Ports Properties la chn WAN Miniport (L2TP) ri nhp vo Configure. 13. Trn ca s Configure Device-WAN Miniport (L2TP), la chn hp kim tra Remote Access Connections (Inbound Only) ri nhp OK. 14. Trong ca s Ports Properties nhp OK ghi li nhng thay i ca bn. 15. ng tt c cc ca s ang m li. ======================================================
S DNG RRAS CU HNH NH TUYN 4. Nhp Connect thc hin kt ni VPN ti Contoso Ltd. 5. Mt biu tng kt ni mng xut hin trong khu vc thng bo. CU HI Giao thc VPN v phng php m ha no c kt ni VPN ny s dng? (nu biu tng kt ni b n th bn c th kch p vo n trn thanh tc v) 6. ng ca s VPN To Contoso Ltd Status li. ======================================================
Hin th kt ni truy cp t xa
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn hin th mt kt ni VPN.. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn) ri nhp vo Remote Access Clients. CU HI Trong phn lit k chi tit ca mn hnh Routing And Remote Access, tn ca ngi s dng hin ang kt ni l g? ====================================================== 171
Dng mt kt ni truy cp t xa
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu ln hn. Qua s cho php bn ngt mt kt ni ra khi my ch VPN. 1. Nhp chut phi vo biu tng Network Connection ca VPN To Contoso Ltd ri nhp Disconnect. 2. ng tt c cc ca s ang m li.
172
S DNG RRAS CU HNH NH TUYN 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Active Directory Users And Computers: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Active Directory Users And Computers. 6. Trn mn hnh qun tr Active Directory Users And Computers, m rng domain.contoso.com (trong domain l tn domain ca bn) ri la chn VPN Users. 7. Trong phn chi tit ca mn hnh Active Directory Users And Computers nhp chut phi vo VPNUser ri chn Properties. 8. Trn trang VPNUser Properties chn th Dial-In v chn la chn Control Access Through Remote Access Policy ri k nhp OK. 9. ng mn hnh Active Directory Users And Computers li. CU HI Bng cch thay i ti khon ngi s dng theo cch ny, anh ta c kh nng truy cp ti my ch khng? ======================================================
S DNG RRAS CU HNH NH TUYN 5. Nhp Connect thc hin kt ni VPN ti Contoso Ltd. CU HI Bn nhn c thng bo li g? 6. ng ca s Error Connecting To VPN To Contoso Ltd li. ======================================================
174
S DNG RRAS CU HNH NH TUYN 9. Trn trang Policy Configuration Method, nhp Set Up A Custom Policy. Trong hp Policy Name, nhp pptp only connections ri nhp Next. 10. Trn trang Policy Conditions, nhp Add m trang Select Attribute. 11. Trn trang Select Attribute, nhp Tunnel-Type ri nhp Add m trang Tunnel-Type. 12. Trn trang Tunnel-Type, nhp Point-To-Point Tunneling Protocol (PPTP). Trong Selected Types, nhp Add thm Point-To-Point Tunneling Protocol (PPTP) vo trong danh sch ri nhp OK. 13. Trn trang Policy Conditions, nhp Next m trang Permissions. 14. Trn trang Permissions nhp Grant Remote Access Permission ri k nhp Next. 15. Trn trang Profile nhp Next m trang Completing The New Remote Access Policy Wizard. 16. Trn trang Completing The New Remote Access Policy Wizard, nhp Finish ng New Remote Access Policy Wizard. 17. ng mn hnh Routing And Remote Access li. ======================================================
S DNG RRAS CU HNH NH TUYN CU HI Kt ni VPN c kt ni c ti my ch truy cp t xa khng? 5. Nhp chut phi vo biu tng VPN To Contoso Ltd trn mt mn hnh ri la chn Disconnect. 6. Nhp p vo biu tng VPN To Contoso Ltd trn mt mn hnh ri tip theo trong ca s Connect VPN To Contoso Ltd nhp Properties. 7. Trn trang VPN To Contoso Ltd Properties nhp vo th Networking v trong danh sch th xung Type Of VPN la chn L2TP IPSec VPN ri nhp OK. 8. Trong ca s Connect VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPress#1. CU HI Kt ni VPN c kt ni c ti my ch truy cp t xa khng?Ti sao khng? 9. ng ca s Error Connecting To VPN To Contoso Ltd li. 10. Nhp p vo biu tng VPN To Contoso Ltd trn mt mn hnh ri tip theo trong ca s Connect VPN To Contoso Ltd nhp Properties. 11. Trn trang VPN To Contoso Ltd Properties nhp vo th Networking v trong danh sch th xung Type Of VPN la chn PPTP VPN ri nhp OK. 12. Nhp Cancel ng ca s Connect VPN To Contoso Ltd li. ======================================================
S DNG RRAS CU HNH NH TUYN 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn). 7. La chn Remote Access Policies v trong mn hnh hin th chi tit nhp chut phi vo chnh sch PPTP Only Connections Remote Access ri la chn Properties. 8. Trn trang PPTP Only Connections Properties nhp Edit Profile m ca s Edit Dial-In Profile. 9. Trong ca s Edit Dial-In Profile la chn hp kim tra Allow Access Only On These Days And At These Times ri nhp Edit m ca s Dial-In Hours. 10. Trong ca s Dial-In Hours ch cho php cc kt ni c thc hin t 6:00 AM n 7:00 AM ri nhp OK. 11. Trn trang Edit Dial-In Profile nhp OK. 12. Trn trang PPTP Only Connections Properties nhp OK. 13. ng mn hnh Routing And Remote Access li. CU HI Ch nhng gi c lit k trong hp Allow Access Only On These Days And At These Times thay i tng ng thnh Sunday-Saturday v 6:00 A.M. n 7:00 A.M. ======================================================
S DNG RRAS CU HNH NH TUYN 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Trn mt mn hnh, kch p vo biu tng kt ni quay s VPN To Contoso Ltd. 3. Trong ca s Connect VPN To Contoso Ltd nhp cc chng thc sau: a. Trong hp User Name, nhp VPNUser. b. Trong hp Password, nhp MSPress#1. 4. Nhp Connect thc hin kt ni VPN ti Contoso Ltd. CU HI Bn nhn c thng bo li g v ti sao li nhn c n? 5. ng ca s Error Connecting To VPN To Contoso Ltd li. ======================================================
S DNG RRAS CU HNH NH TUYN 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn). 7. La chn Remote Access Policies v trong mn hnh hin th chi tit nhp chut phi vo chnh sch PPTP Only Connections Remote Access ri la chn Properties. 8. Trn trang PPTP Only Connections Properties nhp Edit Profile m ca s Edit Dial-In Profile. 9. Trong ca s Edit Dial-In Profile b la chn Allow Access Only On These Days And At These Times ri nhp OK. 10. Trn trang PPTP Only Connections Properties nhp OK. 11. ng tt c cc mn hnh ang m li. ======================================================
179
Ci t v cu hnh NAT
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh ci t v cu hnh NAT trn my ch ci t Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: 5. Trong hp User Name, nhp administrator@domain.conto-so.com ( trong domain l tn domain ca bn). a. Trong hp Password, nhp MSPress@LS#1. b. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn) v m rng IP Routing. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 180
S DNG RRAS CU HNH NH TUYN 7. Trong mn hnh Routing And Remote Access, la chn v nhp chut phi vo NAT/Basic Firewall ri chn New Interface. 8. Trong ca s New Interface For Network Address Translation (NAT) nhp vo card mng Contoso Ltd Network ri k nhp OK. 9. Trn trang Network Address Translation (NAT) Properties-Contoso Ltd Network, nhp Public Interface Connected To The Internet, la chn hp kim tra Enable NAT On This Interface ri nhp OK. 10. Trong mn hnh Routing And Remote Access, nhp chut phi vo NAT/Basic Firewall ri la chn New Interface. 11. Trong ca s New Interface For Network Address Translation (NAT) nhp vo kt ni Litware Inc Network ri nhp OK. 12. Trn trang Network Address Translation (NAT) Properties-Litware Inc Network, xc nhn rng la chn Private Interface Connected To Private Network c chn ri nhp OK. 13. ng tt c cc mn hnh ang m li. ======================================================
181
S DNG RRAS CU HNH NH TUYN 5. Trn ca s Internet Protocol (TCP/IP) Properties, trong hp Default Gateway nhp a ch IP kt ni Litware Inc Network ca i tc ri nhp OK. 6. Trn trang Litware Inc Network Properties nhp Close xc nhn nhng thay i ca bn. ======================================================
Cu hnh IIS
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh dch v IIS trn my ch ca bn ci t h iu hnh Windows Server 2003. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn). 2. Nhp Start chn Administrative Tools ri la chn Internet Information Services (IIS) Manager. 3. Trong mn hnh qun tr Internet Information Services (IIS) Manager m rng Computerxx (trong Computerxx l tn my tnh ca bn) ri k tip m rng Web Sites. 4. Trong mn hnh qun tr Internet Information Services (IIS) Manager, nhp chut phi vo Default Web Site ri nhp Properties. 5. Trong th Web Site, trong danh sch th xung IP Address chn a ch IP ca card mng Contoso Ltd Network c gn cho my tnh hc vin ca bn (10.1.1.xx) ri nhp OK. 6. ng mn hnh qun tr Internet Information Services (IIS) Manager li. ======================================================
S DNG RRAS CU HNH NH TUYN 2. Nhp Start, tr ti All Programs v nhp vo Internet Explorer m ca s Microsoft Internet Explorer. Nu hp thoi Internet Explorer Enhanced Security Configure th nhp OK. 3. Trong phn Internet Explorer Address, nhp http://10.1.1.xx (trong 10.1.1.xx l a ch IP card mng Contoso Ltd Network ca i tc ca bn) ri nhp phm ENTER. CU HI Bn c nhn c trang mc nh ca dch v Web ang chy trn my tnh i tc ca bn khng? Ti sao c hoc ti sao khng? 4. ng Internet Explorer li. ======================================================
G b dch v NAT
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn g b NAT ra khi my tnh hc vin. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon studentxx@domain.contoso.com (trong studentxx l tn ti khon hc vin ca bn v domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Kch chut phi vo Routing And Remote Access ri chn Run As m hp thoi Run As. 4. Trong hp thoi Run As, la chn The Following User ri nhp cc chng thc sau vo trong cc trng ca hp thoi m mn hnh qun tr Routing And Remote Access: a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn) v m rng IP Routing. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 183
S DNG RRAS CU HNH NH TUYN 7. Trong mn hnh Routing And Remote Access, la chn NAT/Basic Firewall ri nhp Delete. 8. Trong hp thoi Routing And Remote Access, nhp Yes g b NAT/Basic Firewall. 9. ng mn hnh qun tr Routing And Remote Access li. ======================================================
Cu hnh li IIS
QUAN TRNG Hon thnh cng vic ny trn my tnh ca hc vin c s hiu nh hn. Qua s cho php bn cu hnh dch v IIS trn my ch ca bn ci t h iu hnh Windows Server 2003. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn). 2. Nhp Start chn Administrative Tools ri la chn Internet Information Services (IIS) Manager. 3. Trong mn hnh qun tr Internet Information Services (IIS) Manager m rng Computerxx (trong Computerxx l tn my tnh ca bn) ri k tip m rng Web Sites. 4. Trong mn hnh qun tr Internet Information Services (IIS) Manager, nhp chut phi vo Default Web Site ri nhp Properties. 5. Trong th Web Site, trong danh sch th xung IP Address chn All Unassigned ri nhp OK. 6. ng mn hnh qun tr Internet Information Services (IIS) Manager li. QUAN TRNG Bn phi kt ni li cp mng ti card Contoso Ltd Network trn my trm NAT hon thnh cc bi tp sau.
BI TP 7-6: CU HNH CC B LC GI
Thi gian d kin: 10 pht Bn ang kim tra cc b lc gi tin trn Routing And Remote Access xc nh xem n cm lu lng trn cc cng TCP nh th no trn my ch ci t Windows Server 2003. kim tra vn ny, bn ci t IIS v by gi mun s dng cc b lc gi tin cm lu lng HTTP trn cng 80. ====================================================== TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 184
S DNG RRAS CU HNH NH TUYN a. Trong hp User Name, nhp administrator@domain.contoso.com ( trong domain l tn domain ca bn). b. Trong hp Password, nhp MSPress@LS#1. 5. Nhp OK m mn hnh Routing And Remote Access. 6. Trn mn hnh qun tr Routing And Remote Access, m rng Computerxx (trong Computerxx l tn my tnh ca bn) v m rng IP Routing. 7. Trong mn hnh Routing And Remote Access, nhp General. Trong mn hnh hin th chi tit, nhp chut phi vo Contoso Ltd Network ri la chn Properties. 8. Trong th General ca trang Contoso Ltd Network Properties, nhp Inbound Filters m trang Inbound Filters. 9. Trong hp thoi Inbound Filters, nhp New m trang Add IP Filter. 10. Trn trang Add IP Filter, la chn hp kim tra Destination Network nhp 10.1.0.0 trong trng IP Address v k nhp 255.255.0.0 vo trng Subnet Mask. 11. Trong danh sch th xung Protocol, la chn TCP. 12. Trong hp Destination Port nhp 80 ri nhp OK. 13. Trong trang Inbound Filters, xc nhn rng la chn Receive All Packets Except Those That Meet The Criteria Below c chn ri nhp OK. 14. Trn trang Contoso Ltd Properties nhp OK. 15. ng mn hnh qun tr Routing And Remote Access li. ======================================================
186
S DNG RRAS CU HNH NH TUYN 2. Nhp Start, tr ti All Programs v nhp vo Internet Explorer m ca s Microsoft Internet Explorer. Nu hp thoi Internet Explorer Enhanced Security Configure th nhp OK. 3. Trong phn Internet Explorer Address, nhp http://10.1.1.xx (trong 10.1.1.xx l a ch IP kt ni Contoso Ltd Network ca i tc ca bn) ri nhp phm ENTER. CU HI Bn c nhn c trang mc nh ca dch v Web ang chy trn my tnh i tc ca bn khng? Ti sao c hoc ti sao khng? 4. ng Internet Explorer li.
CU HI N TP
Thi gian d kin: 15 pht 1. Hai giao thc VPN no c th s dng c trn h iu hnh Windows Server 2003? 2. Hai kiu ng nh tuyn no m bn c th thm vo trong mt bng nh tuyn? 3. Mt phng php m bn c th s dng cu hnh mt b lc gi tin cho php cm lu lng Telnet thng qua dch v Routing And Remote Access l g? 4. Hai kiu giao din no c thm vo mt cu hnh NAT? 5. Ba thit lp quay s c cu hnh trn cc c tnh ti khon ca mt ngi s dng c th l g? 6. Hai thnh phn ca mt chnh sch truy cp t xa l g? 7. iu g s xy ra nu hai giao din mng s dng trong NAT tro i vai tr cho nhau?
S DNG RRAS CU HNH NH TUYN Vn phng chnh: 172.16.0.0/24 Dallas: 10.10.10.0/24 Kansas City: 172.16.0.0/16 Gn y, Trey Research c mua mt trung tm phn phi t ti Atlanta. Cng ty khng mun xy ra cc chi ph khng cn thit khi kt ni trung tm phn phi ti vn phng chnh. Tt c cc n t hng s c fax ti trung tm ny. K ngi s dng Atlanta phi c kh nng truy cp vo trng thi ca n t hng v thng tin v vic x l n t hng bng cch s dng IIS 6 trn mt my tnh t ti vn phng chnh ci t Windows Server 2003. Vn phng ca chi nhnh Atlanta c kt ni ti vn phng Denver bng ng kt ni Frame Relay 56 Kbps. Mng Atlanta hin nay ang s dng a ch mng 192.168.0.0/24. C hai my ch Windows Server 2003 t ti Atlanta. Bn c th s dng phng tin trong bi thc hnh ny nh th no cu hnh mt mng p ng tt c nhng yu cu ny?
189
CC BC CHUN B
Thi gian d kin: 10 pht
190
DUY TR KIN TRC MNG QUAN TRNG Nu bn cha hon thnh cc bi tp trong Lab4, Qun tr v gim st dch v DNS, bn phi hon thnh cc bi tp chun b di y. ======================================================
4. Trong ca s Untitled Notepad, nhp File ri k chn Save As. 5. Trong ca s Save As, nhp vo My Comouter bn tri ri tr ti th mc C:\Inetpub\Wwwroot. 6. Trong ca s Save As, g default.htm vo trong hp File Name ri nhp vo Save lu file Default.htm vo trong th mc C:\Inetpub\Wwwroot. Nu c thng bo v vic ghi ln file Default.htm sn c nhp Yes tip tc tin trnh. 7. ng tt c cc ca s ang m li.
193
KCH BN
Bn l nh qun tr mng ca cng ty Contoso, Ltd. Vi thng gn y bn c trin khai mt vi my ch ci t h iu hnh Windows Server 2003 trn mng ca bn. Mi my ch cung cp cc dch v mng khc nhau. Bn nhn c mt vi phn hi t pha ngi s dng rng cc my ch dng nh c vn . Windows Server 2003 v Support Tools bao gm mt vi cng c c th c s dng thu thp cc con s thng k v x l s c lin quan n li kt ni. Vi chng bn quyt nh gim st mc s dng ti nguyn trn my ch v x l s c v kt ni mng.
DUY TR KIN TRC MNG 5. Nhp Start, chn Run ri nhp wordpad vo trong hp Open ri nhp phm ENTER. CU HI Cc ng dng Microsoft Notepad v Microsoft Wordpad c c lit k trong th Applications trong Windows Task Manager khng? 6. Trong ca s Windows Task Manager nhp vo th Processes. CU HI Cc tin trnh Notepad.exe v Wordpad.exe c c lit k trong th Processes trong Windows Task Manager khng? 7. Trong th Processes, trong ct Image Name nhp vo Notepad.exe ri nhp End Process. 8. Trong hp thoi Task Manager Warning nhp Yes xc nhn vic kt thc tin trnh ny. Ch rng ca s Notepad c ng li. 9. Trong th Processes, trong ct Image Name nhp vo Wordpad.exe ri nhp End Process. 10. Trong hp thoi Task Manager Warning nhp Yes xc nhn vic kt thc tin trnh ny. Ch rng ca s Wordpad c ng li. 11. ng ca s Windows Task Manager li. ======================================================
Hin th d liu hiu nng hot ng h thng theo thi gian thc
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn hin th mc s dng CPU theo thi gian thc trn my tnh ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. S dng t hp phm CTRL+ALT+DEL m ca s Windows Security.
195
DUY TR KIN TRC MNG 3. Trong ca s Windows Security, nhp Task Manager m ca s Windows Task Manager. Gi nguyn mn hnh Task Manager ang m. 4. Trong ca s Windows Task Manager nhp vo th Performance. 5. Nhp Start, chn Run ri nhp calc vo trong hp Open ri nhp phm ENTER m Microsoft Calculator. 6. Trong ca s Calculator, nhp View ri k nhp Scientific. 7. Trn bn phm s trong Calcuator, nhp 999 ri k nhp x^3 mt vi ln to cc con s thng k v CPU v page file. Ch rng mc s dng CPU tng ln qua mn hnh hin th Task Manager. 8. ng tt c cc ca s ang m li. ======================================================
DUY TR KIN TRC MNG 6. Trong ca s Computerxx (trong computerxx l tn my tnh i tc ca bn), nhp chut phi vo th mc Program Files ri nhp Copy. 7. Nhp chut phi vo vng khng gian trng trn mt mn hnh my ch ca bn ri nhp Paste. Trong qu trnh cc file c copy ti my tnh ca bn, ch rng mc s dng ca card mng LAN gia tng. 8. Xa th mc Program Files trn mt mn hnh. 9. ng tt c cc ca s ang m li.
Thm v g b cc b m
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn thm v g b cc b m hiu sut. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Administrative Tools ri chn Performance khi to mn hnh qun tr Performance. 3. Trong mn hnh Performance, xa cc b m trong mn hnh mc nh System Monitor. (Gi : nhp vo biu tng X trn thanh menu) TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 197
DUY TR KIN TRC MNG 4. Trong mn hnh qun tr, la chn System Monitor trong Console Root. 5. Trong mn hinh Performance, trong phn hin th chi tit nhp vo biu tng (+) thm cc b m Performance Monitor. 6. Trong hp thoi Add Counters, trong danh sch th xung Performance Object nhp Processor. Trong phn Select Counters From List nhp %Processor Time ri nhp Add. 7. Trong hp thoi Add Counters, trong danh sch th xung Performance Object nhp Memory. Trong phn Select Counters From List nhp Available Bytes ri nhp Add. 8. Trong hp thoi Add Counters, trong danh sch th xung Performance Object nhp PhysicalDisk. Trong phn Select Counters From List nhp % Disk Read Time ri nhp Add. 9. Trong hp thoi Add Counters, trong danh sch th xung Performance Object nhp Network Interface. Trong phn Select Counters From List nhp Bytes Total/s ri nhp Add. 10. Nhp Close ng hp thoi Add Counters ri thu nh mn hnh Performance li. ======================================================
DUY TR KIN TRC MNG 3. Trn mn hnh Computer Management, trong phn Storage nhp Disk Defragmenter. 4. Trong mn hnh hin th chi tit nhp Analyze. 5. Khi tin trnh phn tich chng phn mnh a kt thc, nhp Close ng thng bo Analysis Complete li. 6. ng mn hnh Computer Management li ri thu nh mn hnh Performance. 7. Trong mn hnh hin th chi tit, nhp nt Freeze Display (vng trn vi ch X mu trng) hoc nhp CTRL+F. 8. Ti pha di ca mn hnh hin th chi tit, trong phn Counter xc nhn rng %Processor Time c la chn. 9. Gi phm CTRL ri nhp H lm sng b m c chn hin ti. 10. S dng cc phm mi tn ln v xung trn bn phm hin th cc b m khc. CU HI Cc ti nguyn h thng no m Disk Defragmenter s dng? ======================================================
To v cu hnh mt cnh bo
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn cu hnh mt cnh bo c gi ti ngi qun tr h thng. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Administrative Tools ri chn Performance khi to mn hnh qun tr Performance. 3. Trong mn hnh Performance, m rng phn Performance Log And Alerts ri nhp chut phi vo Alerts. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 199
DUY TR KIN TRC MNG 4. Trn menu tt, chn New Alert Settings. 5. Trong hp thoi New Alert Settings, nhp disk time ri nhp OK. 6. Trong trang Disk Time, trong th General nhp Add. 7. Trong trang Add Counters, t danh sch th xung Performance object chn PhysicalDisk. 8. Trong danh sch Select Counters From chn %Disk Time ri nhp Add. 9. Nhp Close ng trang Add Counters li. 10. Trn trang Disk Time, trong th General, trong hp Limit nhp 50. 11. Trn trang Disk Time, trong th General, trong hp Interval nhp 5. 12. Trong hp Run As xc nhn rng bn chn <Default>. 13. Trong th Action, chn Send A Network Message To ri g administrator. 14. Trong th Schedule, trong Start Scan xc nhn rng bn chn Manually ri nhp OK. 15. Trong mn hnh Performance chn Alerts v trong mn hnh hin th chi tit nhp chut phi vo cnh bo Disk Time v chn Start. Cnh bo Disk Time chuyn thnh mu xanh ch rng cnh bo c khi to. 16. ng mn hnh Performance li. ======================================================
200
DUY TR KIN TRC MNG 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools v cui cng chn Services. 3. Trong phn hin th chi tit ca mn hnh Services, xc nh ri kch p vo dch v Messenger trong danh sch cc dch v cc b ca my tnh. 4. Trn trang Messenger Properties (Local Computer), trong th General, t danh sch Startup Type chn Manual ri nhp Apply. 5. Nhp Start khi to dch v Messenger trn my tnh cc b. 6. Nhp OK ng trang Messenger Properties (Local Computer) li. 7. ng mn hnh Services li. ======================================================
Khi to mt cnh bo
QUAN TRNG Hon thnh cng vic ny trn c hai my ca hc vin. Qua s cho php bn khi to mt cnh bo v nhn thng bo . 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start ri nhp vo My Computer m ca s My Computer. 3. Trong ca s My Computer, nhp chut phi vo a C ri nhp Properties. 4. Trong trang Local Disk (C;) Properties nhp th Tools. 5. Trong th Tools, trong phn Defragmentation, nhp Defragment Now m ca s Disk Defragmenter. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 201
DUY TR KIN TRC MNG 6. Trong ca s Disk Defragmenter, nhp Defragment. xem mt cnh bo, i trc khi ng tt c cc ca s ang m. 7. Sau khi bn nhn c cnh bo, ng tt c cc ca s ang m li. ======================================================
Ci t Network Monitor
QUAN TRNG Hon thnh cng vic ny trn c hai my tnh ca hc vin. Qua s cho php bn ci t Network Monitor trn my ch ci t Windows Server 2003 ca bn. K , Network Monitor cn c s dng d on cc gi tin m my ch nhn c. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 202
DUY TR KIN TRC MNG 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start chn Control Panel ri nhp vo Add Or Remove Programs. 3. Trong ca s Add Or Remove Programs nhp Add/Remove Windows Components. 4. Trong phn Components ca Windows Components Wizard, la chn Management And Monitoring Tools ri nhp nt Details. 5. Trong ca s Management And Monitoring Tools, chn hp kim tra Network Monitor Tools ri nhp OK. 6. Trong Windows Components Wizard nhp Next. 7. Nu h iu hnh yu cu bn ch v tr cc file ci t, a a CD ci t Windows Server 2003 vo a CD-ROM ri nhp OK. 8. Trn trang Completing The Windows Components Wizard nhp Finish. 9. ng tt c cc ca s ang m li. ======================================================
203
DUY TR KIN TRC MNG 3. Nu nhn c thng bo v card mng, nhp vo card Contoso Ltd Network ri nhp OK. 4. Trong ca s Microsoft Network Monitor, nhp Capture trn thanh cng c ri nhp Start. QUAN TRNG i i tc ca bn hon thnh cc bc trn ri mi tip tc. 5. Chn Start -> All Programs -> Internet Explorer m Microsoft Internet Explorer. 6. Trong hp thoi Internet Explorer, la chn In The Future, Do Not Show This Message ri nhp OK. 7. Trong thanh bar Internet Explorer Address, nhp ftp://computerxx (trong computerxx l tn my tnh i tc ca bn) QUAN TRNG i i tc ca bn hon thnh cc bc trn ri mi tip tc. 8. Trong ca s Microsoft Network Monitor, nhp Capture trn thanh cng c ri nhp Stop And View. 9. Trong ca s Microsoft Network Monitor, ca s Capture:1 (Summary) nhp Display trn thanh cng c ri nhp Filter. 10. Trong ca s Display Filter, nhp Protocol == Any ri nhp Edit Expression. 11. Trong ca s Expression, trong th Protocol, nhp vo nt Disable All. 12. Trong phn Disable Protocols, chn FTP, nhp nt Enable ri nhp OK. i mt pht quan st nhng loi d liu no c Network Monitor thu thp. 13. Trong ca s Display Filter nhp OK. 14. ng ca s Network Monitor li.
204
DUY TR KIN TRC MNG 15. Khi bn nhn c thng bo v vic lu vic thu thp trong hp thoi Microsoft Network Monitor, nhp No. 16. ng tt c cc ca s ang m li. ======================================================
DUY TR KIN TRC MNG 9. Trong ca s Microsoft Network Monitor, ca s Capture:1 (Summary) nhp Display trn thanh cng c ri nhp Filter. 10. Trong ca s Display Filter, nhp Protocol == Any ri nhp Edit Expression. 11. Trong ca s Expression, trong th Protocol, nhp vo nt Disable All. 12. Trong phn Disable Protocols, chn HTTP, nhp nt Enable ri nhp OK. 13. Trong ca s Display Filter nhp OK. i mt pht quan st d liu m Network Monitor thu thp. 14. ng ca s Network Monitor li. 15. Khi bn nhn c thng bo v vic lu vic thu thp trong hp thoi Microsoft Network Monitor, nhp No. 16. ng tt c cc ca s ang m li.
BI TP 8-4: X L S C KT NI
Thi gian d kin: 15 pht Ngi s dng trn mng Contoso thng bo rng c vn khi kt ni ti my ch v cc ti nguyn khc nh Internet chng hn. Trong bi ny, bn s s dng mt vi cng c trn Windows Server 2003 x l s c lin quan n vn kt ni. ======================================================
S dng Ipconfig
QUAN TRNG Hon thnh cng vic ny trn my tnh ca c hai hc vin. Qua s cho php bn kim tra cu hnh a ch IP trn cc my ch ci t Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 206
DUY TR KIN TRC MNG 2. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 3. Trong ca s ch dng lnh, ti du nhc lnh, g ipconfig /? ri nhp phm ENTER. CU HI C nhng la chn no khi bn s dng cng c Ipconfig? 4. Trong ca s ch dng lnh, ti du nhc lnh, g ipconfig /all. Ghi li thng tin m cu lnh cung cp v card mng Contoso Ltd Network vo phn di y: IP address:_____________________________________________ Subnet mask:___________________________________________ Default gateway:________________________________________ DNS servers:___________________________________________ Host name:_____________________________________________ Physical address:________________________________________ 5. ng tt c cc ca s ang m li. ======================================================
S dng Tracert
QUAN TRNG Hon thnh cng vic ny trn my tnh ca c hai hc vin. Qua s cho php bn s dng cng c Tracert kim tra kt ni ti my khc ci t chng giao thc TCP/IP. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 3. Trong ca s ch dng lnh, ti du nhc lnh, g tracert instructor01.contoso.com ri nhp phm ENTER. CU HI ti ch n phi i qua bao nhiu bc nhy (hop)? CU HI a ch IP ca host instructor.contoso.com l g? TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 207
S dng PathPing
QUAN TRNG Hon thnh cng vic ny trn my tnh ca c hai hc vin. Qua s cho php bn s dng cng c PathPing kim tra kt ni ti my khc ci t chng giao thc TCP/IP. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 3. Trong ca s ch dng lnh, ti du nhc lnh, g pathping instructor01.contoso.com ri nhp phm ENTER. CU HI Phn trm gi tin b mt l bao nhiu? 4. ng tt c cc ca s ang m li. ======================================================
S dng Netstat
QUAN TRNG Hon thnh cng vic ny trn my tnh ca c hai hc vin. Qua s cho php bn s dng cng c Netstat hin th giao thc v thng tin v cc cng TCP/UDP trn my ch ci t Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 3. Trong ca s ch dng lnh, ti du nhc lnh, g netstat -na ri nhp phm ENTER. CU HI Cc cng TCP/UDP no c s dng trn my tnh ca bn? TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 208
S dng Netdiag
QUAN TRNG Hon thnh cng vic ny trn my tnh ca c hai hc vin. Qua s cho php bn s dng cng c Netdiag trong qu trnh tr gip x l s c v kt ni mng. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 2. Chn Start -> All Programs -> Windows Support Tools -> Command Prompt. 3. Trong ca s ch dng lnh, ti du nhc lnh, g netdiag /l ri nhp phm ENTER. 4. Nhp Start, chn My Computer ri tr n th mc C:\Documents And Settings\Administrator v kch p vo th mc ny. 5. Trong ca s C:\Program Files\Support Tools, xc nh v kch p vo file Netdiag.log. CU HI Loi thng tin g m cng c Netdiag hin th? (Gi : s dng file log ni trn ghi li cu tr li ca bn)
209
DUY TR KIN TRC MNG 2. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 3. Trong ca s Administrative Tools, kch p vo Services. 4. Trong mn hnh hin th chi tit, kch p vo dch v Telnet. CU HI Trng thi ca dch v Telnet trn my tnh ca bn l g? 5. Nhp OK ng trang Telnet Properties. 6. Gi nguyn mn hnh Services ang m. 7. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 8. Trong ca s ch dng lnh, ti du nhc lnh, g telnet computerxx (trong computerxx l tn my tnh ca bn) ri nhp phm ENTER. CU HI Bn nhn c thng bo li g khi c gng kt ni s dng Telnet? 9. ng ca s ch dng lnh li. 10. Trong mn hnh Services kch p vo dch v Telnet. 11. Trn trang Telnet Properties (Local Computer), trong danh sch th xung Startup Type, la chn Automatic ri nhp OK ng trang Telnet Properties. 12. ng tt c cc ca s ang m li ri khi ng my ch ca bn. 13. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso .com (trong domain l tn domain ca bn). 14. Nhp Start, chn Control Panel ri kch p vo Administrative Tools. 15. Trong ca s Administrative Tools, kch p vo Services. 16. Trong mn hnh hin th chi tit, kch p vo dch v Telnet. TRIN KHAI, QUN TR V DUY TR C S H TNG MNG VI WINDOWS SERVER 2003 211
DUY TR KIN TRC MNG CU HI Trng thi ca dch v Telnet trn my tnh ca bn l g? 17. Nhp Start, chn Run ri g cmd vo trong hp Open k nhp phm ENTER. 18. Trong ca s ch dng lnh, ti du nhc lnh, g telnet computerxx (trong computerxx l tn my tnh ca bn) ri nhp phm ENTER. Nu bn nhn c thng bo yu cu nhp cc chng thc, cung cp cc thng s sau: a. Login: administrator b. Password: MSPress@LS#1 CU HI Bn c th kt ni ti dch v Telnet ang chy trn my tnh hc vin ca bn khng? 19. ng tt c cc ca s ang m li. ======================================================
G b dch v IIS
QUAN TRNG Hon thnh cng vic ny trn c hai my tnh ca hc vin. Qua s cho php bn g b dch v IIS ra khi my ch ci t Windows Server 2003 ca bn. 1. Khi ng my tnh ca bn s dng h iu hnh Windows Server 2003 v ng nhp vi ti khon administrator@domain.contoso.com (trong domain l tn domain ca bn). 2. Nhp Start, chn Control Panel ri nhp vo Add Or Remove Programs. 3. Trong ca s Add Or Remove Programs, nhp Add/Remove Windows Components. 4. Trong Windows Components Wizard, trong phn Components, la chn Application Server ri nhp vo nt Details. 5. Trong ca s Application Server, xa hp kim tra Internet Information Services (IIS) ri nhp OK. 6. Trong Windows Components Wizard nhp Next. 7. Trn trang Completing The Windows Components Wizard nhp Finish. 8. ng tt c cc ca s ang m li.
213
CU HI N TP
Thi gian d kin: 15 pht 1. Tn ca nm cng c c th c s dng trn mt my tnh ci t h iu hnh Windows Server 2003 nhm h tr bn trong vic x l s c lin quan ti cc vn mng l g? 2. Cc kiu gi tin no m Network Monitor c th s dng thu thp? 3. Ba s la chn cho qu trnh khi to ca mt dch v trn h iu hnh Windows Server 2003 l g? 4. Bn th trong cng c Task Manager c th c s dng x l s c l g? 5. Cc cng c no trn Windows Server 2003 c th c s dng kim tra kt ni ti my tnh TCP/IP khc? 6. Cc cng c no trn Windows Server 2003 c th c s dng hin th cc con s thng k IP v thng tin cu hnh v mt my ch? 7. Hai cng c no c th c s dng hin th cc con s thng k v hiu nng hot ng theo thi gian thc trn mt my tnh ci t Windows Server 2003?
215