To rect input to this virtual machine, press Ctri+G Server Manager » Dashboard Active Directory Administrative Center Active Directory Domains and Trusts WELCOME TO SERVER MANAGER Act
Trang 1
HOC VIEN CONG NGHE BUU CHINH VIEN THONG
KHOA AN TOAN THONG TIN
Lop D22CQAT03-B
Nhém 03
Mã sinh viên B22DCAT311
Trang 2Mục lục
Bai 2: Quan tri Active Directory trong Windows S€FVe€F 4
2 Tạo các user thuộc ÚU Là HH HH HH HH HH HH HH HH ó
3 Thiết lập chính sách user và password cv t2 1021121111111 xeree ọ
4 Phân quyền người dùng 2:2 22 E1 23112211102112211111112 1 111.1 ngrdee 12
5 Kiểm tra: Đăng nhập máy windows 10 bằng user stul Truy nhập vào máy Windows
Trang 3To rect input to this virtual machine, press Ctri+G
Server Manager » Dashboard
Active Directory Administrative Center
Active Directory Domains and Trusts WELCOME TO SERVER MANAGER Active Directory Module for Windows PowerShell
Local Server oo Active Directory Sites and Services
All Servers R Active Directory Users and Computers
AD Ds Ss Try managing servers with Windows Admin Center = ADSI Edit
a Component Services
ONS Windows Admin Center brings together new and familiar features in one browser-based Computer Management
File and Storage Se 20 Itruns on a server or & PC, and there's no additional cost beyond your Windows Defragment and Optimize Drives
Disk Cleanup Get more info at aka ms/Windows AdminCenter ae Event Viewer
1 Dont show this message again Group Policy Management
\ iSCSI Initiator
Local Security Policy
Microsoft Azure Services ODBC Data Sources (32-bit) ODBC Data Sources (64-bit
ROLES AND SERVER GROUPS Sree
a ties a Performance Monitor
System Configuration Services Services System Information Performance Performance Task Scheduler
Windows Memory Diagnostic
2 chon Active Directory Users and Computers
a
@e\imi at! Bm| $3 ?%s ?xi Ÿ E1 3
GƠI Saved Queries h [Œ Saved Queries Folder to store your favo
Ga dangthihongvan311.it 2a dangthihon Domain
tỳ
Trang 43 Tạo OU: Active Direstory Users and Cơmputers => qtm.it, sau đó ấn chuột phải chọn New => Organizational Unit
DD Active Directory Users and Computers
> Ga Saved —_ 153 Saved Queries Folder to store your favo
- Delegate Control
Find
Change Domain
Change Domain Controlier
Raise domain functional level
Trang 55 Tada thay OU mdi co tén la ptit
Gd Active Directory Users
Bước 2: Tạo các user thuộc OU
1 Tai OU ptit => chuột phải chọn New => User
DD Active Directory Users and Computers
Trang 6New Object - User
2 Create in: dangthihongvan311 it/ptit
© User must change password at next logon
(DC) User cannct change password
(J Pessword never expires
Trang 73 Không đặt được password do yêu cầu pass phải có ít nhất 7 ký tự gồm số, chữ, ký tự đặt biệt, pass phức tạp và phải khỏe
Active Directory Domain Services
Windows cannot set the password for DTHV1 because:
The password does not meet the password policy
requirements Check the minimum password length,
password complexity and password history requirements
OK
4 Ta dat lại mật khẩu: qtm123!
z Create in: dangthihongvan311 it/ptit
[/] User must change password at next logon
[_] User cannot change password
[_] Password never expires
Trang 8© Active Directory Users and Com|| Name Type Description
(9 Saved Queries @ ori ar
Bước 3: Thiết lập chính sách user va password
1 Trong Server Manager vao Tools chon Group Policy Management
Fis Server Manager = ø
Server Manager * Dashboard
All Servers Fe,
WELCOME TO SERVER MANAGER
Try managing servers with Windows Admin Center
Windows Admin Center brings together new and farsliar features in one browser-based
app It runs on a server or a PC, and there's no additional cost beyond your Windows
heenses
S sn ms Avi àdmxp‹
1 Dont show this message again
ROLES AND SERVER GROUPS
AD DS 1 ONS
Active Directory Administrative Center
Active Directory Domains and Trusts Active Directory Module for Windows PowerShell Active Directory Sites and Services Active Directory Users and Computers ADSI Edit
Component Services Computer Management
Defragment and Optimize Drives Disk Cleanup ONS
Group Poli iSCSI InitiatoFY
Local Security Policy
Microsoft Azure Services ODBC Data Sources (32-bit) Performance Monitor
Print Management Recovery Drive
Resource Monitor Services
System Configuration
System Information Task Scheduler
Windows Defender Firewall with Advanced Security Windows Memory Diagnostic
Trang 9Chỉnh chính sách password: Group Policy Management => Forest => Domains => cdit.com.vn
=> Group Policy Objects => Default Domain Policy => chudt phai chon edit
si, Group Policy Management = m x
‘KK File Action View Window Help _-
« =œ | 4 m1 la | on
=i Group Policy Management Group Policy Objects in dangthihongvan311.it
~ & Forest: dangthihongvan31 Contents Delegation
~ iG Domains 7
* đl3 dangthihongvan31 Name GPO Status WM I Fitter Modified Owner
«jf Default Domain sf Default Domain Controller Enabled None 10/11/2024 9:3 Domair
(im Sites Import Settings
@® Group Policy Modeling Save Report
(2) Group Policy Results
Copy Delete Rename Refresh
2 Group Policy Object(s)
Tai Group Policy Management Editor: Computer Configuration => Polices => Windows Settings
=> Security Settings => Account Polices => Password Policy
J Group Policy Management Editor — =1 > File Action View Help
eee | 2m! & tr
~ Mã Potcies Enforce password history 24 passwords remembered
= m.—.— - Name Resolut xã Minimum password age ere me = & 1 days = rice
Scsasis Starts — passwor — os < =
cnet Guplowed Gia inimum password length audit Not Defined
~ ib Security Settir Password must meet complexity requirements Enabled
~ Jd Account P Store passwords using reversible encryption Disabled
J4 Passw‹
CB Softwere Fv
Trong đó:
® Enforce password history: số password hệ thống lưu trữ
® Maximum password age: thời gian có hiệu lực tối đa của một password
® Minimum password age: thoi gian có hiệu lực tối thiêu của một password
¢ Minimum password leghth: độ dài tối thiếu của một password
® Password must meet complexity requirements: yêu cầu password phức tạp
® Store passwords using reversible encryption: độ mạnh cua password.
Trang 10Chỉnh password về dạng không phức tạp, giảm số lượng ký tự và giảm độ mạnh của password
gf Wired Network (IEEE 802
(9) Windows Defender Firev
afi Wireless Network (IEEE &
1 Public Key Policies
(4) Software Restriction Poli
Policy Enforce password history Maximum password age
Minimum password age
Minimum password length Minimum password length audit
Password must meet complexity requirements
Store passwords using reversible encryption
Disabled
Trang 116 Két qua: tao user trong OU ptit
User: DTHV2; password: 1 => OK
|
New Object - User
| 2, Create in: danathihongvan3 11 it /ptit
First name- [DTHV2_ Initials - |
DD Active Directory Users and Computers —
File Action View Help
@eeo| aml ¢ oO|/ xO Sslbm| tBtQannearabe
DD Active Directory Users and Com|| Name
CƠ Saved Queries
& vtHv2 User
Bước 4: Phân quyền người dùng
1 Dung I máy Windows 10 lam may client
Cau hinh join domain dé may Windows 10 tré thanh client
Open Network and Sharinng Center (Chuột phải) => Change Adapter Settings => Ethernet0 (Chudt phai) => Properties => Internet Protocol Version 4 (TCP/IP) => Properties => Use the following IP address
Trang 12General
You can get IP settings assigned automatically if your network supports
this capability Otherwise, you need to ask your network administrator
for the appropriate IP settings
© Obtain an IP address automatically
@ Use the following IP address:
Trang 13System Properties x Computer Name Hardware Advanced System Protection Remote
You must be logged on as an Administrator to make most of these changes
Performance
User Profiles
Desktop settings related to your sign-in
—
Startup and Recovery
System startup, system failure, and debugging information
4 Tai tab Computer Name => change
System Properties x Computer Name Hardware Advanced System Protection Remote
Windows uses the following information to identify your computer
To use a wizard ID to join a domain or workgroup, click Network ID
To rename this computer or change its domain or
Trang 14
Computer Name/Domain Changes x
You can change the name and the membership of this
computer Changes might affect access to network resources
Computer Name/Domain Changes
Enter the name and password of an account with permission to join the domain
Trang 15
Computer Name/Domain Changes x
@ Welcome to the dangthihongvan311.it domain
8 Restart now dé may khoi déng lai => quá trình join domain hoan tat
You must restart your computer to apply these
changes
Before restarting, save any open files and close all programs
Restart Now Restart Later
9 Dang nhap may Client bang user DTHV2
Other user
10 Tai may Windows server tao 3 folder stul1, stu2, all
Trang 16- Foder stu2 chi cho user DTHV2 truy cap
- Foder all cho ca 2 users DTHV1 va DTHV2 truy cap
ta | (2) Bì = Manage Local Disk (C:)
¬ ~ 4® Se > ThisPC > Local Disk (C:) > ~ & | Search Local Disk (C:) 2ò
Name Ầ Date modified Type Size
xế Quick access
C¡ PerLogs File folder
Đesktoi +
m ; | Program Files File folder
-# Download ` [| Program File (x86) File folder
[Ši Documents + E1 Users File folder
=) Pictures + — Windows File folder
stul File folder
General Sharnng Security Previous Versions Customize
Network File and Folder Sharing
stul Not Shared Network Path:
Not Shared
Advanced Sharing
Set custom pernissions create multiple shares and set other
advanced sharing options
Trang 17< * + Sm > ThisPC > } A ise ke £265 ^ Search Local Disk (C:) PP
| & stul Proverties x<
8 items 1 item selected Rey =
12 Nhap 6 check names: DTHV1
Select this object type:
From this location:
|dangthihongvan311 it | _ kecatons Enter the object names to select (examples):
Trang 1813 Sau khi tìm ra tài khoản DTHVI => ấn share => ấn done
Sitems 1 item selected [E3
14 Chia sẻ folder stu2, và phân quyên chí cho user DTHV2 được truy cập: ấn chuột phải vào foder stu2 chọn properties => sharing => share
cà stu2 Propertie:
General Sharing Security Previous Versions Customize
Network File and Folder Sharing
Set custom permissions create multiple shares and set other
advanced sharing options
Trang 19
Select this object type:
|Users, Groups, or Built4in security principals | | Object Types | From this location:
Name ~ Date modified Type Size
Gl This Pc Choose people on your network to share with
o@® Netwo
2 DTHv2 | Read/Write ~
Trang 20properties => sharing => share
General Sharing Securty Previous Versions Customize
Network File and Folder Sharing
Set custom pennissions create multiple shares and set other
advanced sharing options
19 Sau khi tìm ra tai knoan DTHV1 và DTHV2 => 4n share => an done
< ~ TT Se > ThisPC > = uibonein Search Local Disk (C:) P
& Administrator Read/Write ~
Trang 21Bước 5: Kiểm tra: Đăng nhập máy windows 10 bằng user stul Truy nhập vào máy Windows Server
1 Thấy ca 3 floder được chia sẻ là stul, stu2, all
Ss Type the name of a program, folder, document, or Internet
resource, and Windows will open it for you
4 GH» Network > 192.168.0.1 x & Search 192.168.0.1
Trang 22
BIQGe-im - n x
Lm | Home Snare View e
“ * 4 UB > Network » 192168601 › stul - & Search stu
Name Date modified Type Size
Windows cannot access \\192.168.0.1\stu2
You do not have permission to access \\192.168.0.1\stu2 Contact your network administrator
Trang 23This folder is empty
Trang 24
Windows cannot access \\192.168.0.1\stu1
You do not have permission to access \\192.168.0.1\stu1 Contact your network administrator
$b Downloads + [2] Documents #