Windows Server 2012 R2 SETEC INSTITUTE មតិ ក I. Lab 1: New Featuer in Windows Server 2012 R2.................................................................................... 1 1. មុនេពលសិក Windows Server 2012 R2 (Release II) ................................................................... 1 2. Windows Server 2012 R2 .................................................................................................................. 1 3. Windows Server 2012 R2 Requirements and Edition:......................................................................... 2 4. Windows Server 2012 R2 Ugrading..................................................................................................... 3 5. What is Virtual Machine? ................................................................................................................. 4 6. Install Windows Server 2012 R2 ...................................................................................................... 4 II. Lab2: Implement NIC Teaming .............................................................................................................. 5 1. Teaming Mode:..................................................................................................................................... 5 2. Load Balancing Mode: ......................................................................................................................... 6 3. Standby Adapter: .................................................................................................................................. 6 4. រេបៀបតេម្លង ី NIC Teaming ..................................................................................................................... 6 III. Lab 3: Nework Diagram and Type of Network ................................................................................. 7 1. LAN (Local Area Network): ................................................................................................................. 8 2. WLAN (Wireless LAN): ....................................................................................................................... 9 3. WAN (Wide Area Network): ............................................................................................................... 9 4. VPN (Virtual Private Network):............................................................................................................ 9 IV. Lab 4: Network Design (ស្រមប់ករសិក កនុង Lab) .......................................................................... 11 1. Diagram (1 - With Real Machine) ..................................................................................................... 11 2. Diagram (2- with Virtual Machine) ................................................................................................... 12 3. Server Component:............................................................................................................................. 12 4. Function of Server .............................................................................................................................. 15 V. Lab 5: Domain Controller (DC) / Active Directory Domain Services (ADDS): ................................ 19 1. 2. VI. រេបៀបតេម្លីង Domain Controller (DC) | Active Directory (AD) ........................................................... 19 Enable Remote Desktop (Port: 3389) and Change Port Remote Desktop. .................................... 20 Lab6 : PC Client Join Domain to PC Server (Member of Domain) ............................................... 20 1. What’s join Domain?......................................................................................................................... 20 2. Configure join PC to Domain .............................................................................................................. 21 VII. 1. 2. Lab7: Introduction to Active Directory User and Computer ............................................................. 22 What is Security Account Manager (SAM) Database ?........................................................................ 22 Introduction OU (Organiztion Unit) .................................................................................................... 22 Page |I Windows Server 2012 R2 SETEC INSTITUTE 3. 4. Introduciton to User Account Domain: ............................................................................................... 23 Type of User Accounts:........................................................................................................................ 23 VIII. Lab 8: Introduction Group .................................................................................................................. 25 1. What is Group?.................................................................................................................................... 25 A. Create Group & Group Scope: ........................................................................................................ 25 B. Group Type ...................................................................................................................................... 25 C. Add User to Group:.......................................................................................................................... 26 D. Modify User Account: ...................................................................................................................... 26 E. Create Multi-User with Script........................................................................................................... 27 F. IX. 1. 2. 3. X. Create OU, Group, User Account with DC in Server 2012 R2 by CLI: ............................................ 29 Lab 9: Implement PC File Server with PC Server DC..................................................................... 31 What’s File Server?.............................................................................................................................. 31 Windows Server 2012 R2 implementation as DC and File Server ..................................................... 31 Implemenitation on File Server:.......................................................................................................... 31 Lab 10: Structure Folder for Store Data + Security Permission.......................................................... 31 1. 2. 3. XI. 1. 2. 3. 4. 5. Folder Security (1) .............................................................................................................................. 32 Folder Security (2) .............................................................................................................................. 32 Set Security: ........................................................................................................................................ 33 Lab 11: Implement Map Network Drive (Virtual Network Drive) .................................................. 33 What’s Map Network Drive? ............................................................................................................... 33 Local Map Network (LMN) = Short Cut (Workgroup)......................................................................... 33 Redirect / Path Map Network (RMN): Or Online Map Network Drive (OMN) .................................... 36 Script Multi Online Map Network Drive .............................................................................................. 38 Create Script Multi‐ Map Network Drive with GPO ............................................................................ 41 XII. LAB 12: User Profile .......................................................................................................................... 42 1. Local User Profiles: ............................................................................................................................ 42 2. Roaming User accout Profiles........................................................................................................... 43 3. Mandatory User Profiles .................................................................................................................... 44 XIII. LAB 13: Implementation Disk Quota ................................................................................................. 48 What is Quota? ............................................................................................................................................ 48 1. Quota with Driver Properties.............................................................................................................. 49 2. What’s File Server Resource Manager (FRM)? .................................................................................... 49 XIV. Lab 14: General Knowledge on User Account Domain ................................................................... 50 1. 2. 3. User Template..................................................................................................................................... 50 User Logon Hour & User Logon PC ..................................................................................................... 51 Set Day for Reset All Password or Expire Account .............................................................................. 52 XV. LAB 15: Introduction Group Policy Object Editor ............................................................................. 54 1. What’s GPO? ........................................................................................................................................ 54 P a g e | II Windows Server 2012 R2 SETEC INSTITUTE 2. Disable Applications, Programs or any Windows Tools: .................................................................. 57 3. Deploy Application and Pirnter: .......................................................................................................... 60 XVI. LAB 16: Dynnmic Host Configuration Protocol (DHCP ) Server ................................................... 63 1. What’s DHCP?................................................................................................................................... 63 2. DHCP Server Tools ............................................................................................................................. 64 3. ជំ ៊ នកនុងករតេម្លង ី DHCP Server........................................................................................................ 65 4. Disable MAC Address PC Client get IP From PC DHCP Server ......................................................... 66 XVII. Introduction to NAT (Network Address Translate) ..................................................................... 67 1. 2. XVIII. េតី NAT មនតួនទអ ន ី ្វីកុ ងប ្ត ញ Network? ...................................................................................... 67 ករេរៀបចំ Interface េលី Client Inside, RRA (NAT+Routing) នង ិ Client Outside: ........................ 67 Introduciton Web Server................................................................................................................ 72 1. What is Web Server? ...................................................................................................................... 72 2. Install Services Web Server (IIS) .................................................................................................. 73 3. Install Service Web Server (FTP Server)...................................................................................... 82 P a g e | III Windows Server 2012 R2 SETEC INSTITUTE ករ្រគប់្រគង Windows Server 2012 R2 I. Lab 1: New Featuer in Windows Server 2012 R2 1. មុនេពលសិក Windows Server 2012 R2 (Release II) Basic Network Windows Server 2003 R2 Windows Server 2008 R2 2. Windows Server 2012 R2 1.1 new Feature Windows Server 2012 R2 FEATURE Scalablity Tools and Computer Enterprise-Clase Scale Server Server 2012 R2 2012 2008 R2 2003 R2 + + NIC Teaming + Virtual Receive-side Scaling + + Live Migration + + Virtual Machine Live Cloning + + + Storage Spaces + Automtic Stoarage tiers (HDD/SSD) Windows Server Essentials experience + Virtual Desktop Infrastructure power by RDS + + Work Folders Performance Network Storage Low-Cost, Highly available Storage (SMBv3) Vitual hard disk format (VHDD) Business Server + Performance Availability & Server Fail Recovery through Hyper-V replica Contiuity/ Disaster Recovery Simplified Server Manager console Management Flexibel, Affordable Storage Easy, Managed remote access Page | 1 Windows Server 2012 R2 3. SETEC INSTITUTE Windows Server 2012 R2 Requirements and Edition: Item Minimum Recommended Maximum CPU 1.4 GHz for x64 2 GHz 64 processor RAM 512 MB 2 GB or more 32 GB for Standard, 4 TB for Datacenter Edition Hard Disk 32 GB 40 GB plus additional space for applications or data, 10 GB Server Core Installation DVD‐ROM Required to access the installation medie; CD‐ ROM no loger supported Super‐VGA (800‐600) or higher Keyboard and compatible pointing device, such as a mouse Required Display Input Devices Internet Access Page | 2 Windows Server 2012 R2 4. SETEC INSTITUTE Windows Server 2012 R2 Ugrading Page | 3 Windows Server 2012 R2 SETEC INSTITUTE 5. What is Virtual Machine? VM: គជ ំ យូទ័រែក្លងក្លយជេ្រចន ី ម៉សុន ឺ Software ស្រមប់បេងកត ី កុព ី កនុងម៉សុន ី ពត ិ ែតមួយ។ េយង ី េ្របី VM េដីមបក ី ត់បនថយករចំ យេលីម៉សុីនពិតេ្រចីន េហយ ី ្រតូវករ Hardware ធំៗេលឿន។ Requirement VM: ត្រមូវករ Hardware ធំៗដូចជ៖ 6. Install Windows Server 2012 R2 Install Server 2012 R2 with VMware workstation, VMware V-Sphere ESXi, Virtual Box, Hyper-V… Page | 4 Windows Server 2012 R2 SETEC INSTITUTE Demostration Install Server 2012 R2 Activate Using Server manager II. Lab2: Implement NIC Teaming NIC Teaming : ស្រមប់ ផគុំ NIC េដម ី បប ី េងកីនេលប ន Network Traffic េ យេលឿនជងមុន និងេធ្វី LoadBalance, Failover ( Failover េបីមន Network Card មួយខូច នឹង មន NIC េផ ងេទៀត េដរី បំេពញតួនទជ ី ំនួស).. NCI (Ethernet = 10Mbps | FastEthernet = 100Mbps | Gigabite = 1000Mbps) Add NIC on Virtual Machine: (VMware workstation) o Click VM | Settings o Select Apdapter Network Add 1. Teaming Mode: Page | 5 Windows Server 2012 R2 SETEC INSTITUTE Static : ផគុំ Speed របស់ NIC រួមគនេដីមបប ី េលប នឱយកន់ែតេលឿន។ Ex: NIC = 1Gbps, ី េងកន េបី NIC មន ៥ េ្រកយពផ នង ី ុ េគំ ហយ ី ឹ មនេលប ន 5Gbps។ Switch Independent : ផគុំ Speed របស់ NIC រួមគនែដរ, ប៉ុែន្តទុក Network Card មួយស្រមប់ ជំនួស (Ex: ៥ NIC, ចយកែត 4 េទ) ច Switch បនេដីមបេី ធ្វីជ Standby LACP (Link Aggregation Control Protocol): ផគុំ NIC មនមុខងរដូច Startic ែដរ ប៉ុែន្ត ភគេ្រចន ី ្រតូវបនេ្រប្រី បស់ជមួយ Cisco 2. Load Balancing Mode: Address Hash : Divides traffic by address, port etc… Hyper-V Port : Divides traffic based on virtual mahcine Dynamic : Includes features of other 2 balancing modes - Can move network streams between network card - Windowws Server 2012 R2 only 3. Standby Adapter: NIC : Choose NIC for standby support with Switch Independent only 4. រេបៀបតេម្លង ី NIC Teaming Server Manager | Click Local Server | NIC Teaming Disable Click New Team | ក់េឈមះឱយ NIC Team| Ok |Add ចំនួន NIC Click Additional Properties: េដីមបេី ្រជស ី េរស ី Mode NIC Teaming េផ ងៗ Page | 6 Windows Server 2012 R2 SETEC INSTITUTE III.Lab 3: Nework Diagram and Type of Network មុននឹងគូសប្លង់ Network មួយេ យបន្រតម ួ ជមុនសិន។ ឹ ពត ឹ ្រតូវេយង ី ្រតូវដង ី ្រមូវករ និងព័ត៌មនមួយចំនន ត្រមូវករអតជ ិ ន ខទង់ចំ ទី យលុយ ង ំ តេម្លង ី ចំនួន Computer និងឧបករណ៍េ្រប្រី បស់ ្ល ់ែដលបនគូសរួចេដម គូសប្លង់ វ ិភគេលីបង ី បប ី ញជក់ថ េតី្រតឹម្រតូវឬេន? ្របសិនេបេី យង ធ ី មន ិ បនគូសប្លង់្រតម ឹ ្រតូវេទ ្របព័នប ្ត ញរបស់ដំេណីរករនង ច ឹ មន ិ ្រសួលេទ េហយ ី បងករេ យមនបញ្ហេ្រចន ី េទៀតផង។ មយ៉ងេទៀត ឧបករណ៏ែដលេយង ី នង ឹ យកមកសក ិ េ្របី ្របស់េយង ី ្រតូវដឹងពី Technology of Device, Protocol, Service, Layer (L2 switch, L3=Firewall Device or Switch Manage)… ្រសប មត្រមូវកររបស់អតិថិជន។ Page | 7 Windows Server 2012 R2 SETEC INSTITUTE Diagram របស់ប ្ត ញ LAN - WLAN - WAN 1. LAN (Local Area Network): គជ ឺ ករភជប់ប ្ត ញកនុង ថ ប័ន មរយៈែខ (Cable) Page | 8 - VPN Windows Server 2012 R2 SETEC INSTITUTE 2. WLAN (Wireless LAN): គជ ឺ ករភជប់ប ្ត ញកនុង ថ ប័ន មរយៈ WiFi (Signal) 3. WAN (Wide Area Network): គជ ឺ ករភជប់ប ្ត ញរ ង Fiber Optic ឬ Satelite។ ខនម ី ួយៗែដលសថិតេនឆងយពគ ី ន (Multi-Site) មរយៈ ISP ឬ ែខ កប 4. VPN (Virtual Private Network): ស្រមប់បញជពខ ី ងេ្រក្របព័នធ ចូលេទកន់ខងកនុង្របព័នធ (System Server) មរយៈ Internet, 3G, 4G េដម ី បែី កែ្រប ព័ត៌មន នង ិ បញជូ នទន ិ នន័យ។ េហយ ី ករបញចូ លទន ិ នន័យ នង ិ ករបញជ គម ឺ នសុវតថភ ិ ពេ យេដរី បំពុងរបស់ខួ ន។ ្ល ម ករ Remote េគ ចេ្របី TeamViewer ឬកមមវ ិធេី ផ ងៗេទៀតក៏បន ប៉ុែន្តេបយ ី កេទេ្របី្របស់ជរេបៀប Client-Server មន និភ័យេ្រចន ី ទក់ទង់េទនង ឹ សុវតថិភពព័ត៌មន្រកុមហ៊ុន។ Page | 9 Windows Server 2012 R2 SETEC INSTITUTE េ យែឡក VPN ក៏ដូចគនេនះែដរ ែត ្រគន់ែតេយង ី Chanel េ យខ្លួនឯងែដល្រតូវករ Public ី ្រតូវករបេងកត IP ព្រី កុមហ៊ុន ISP។ VPN: មន ៣ ្របេភទ គឺ o VPN Remote Access (Mobile): ករ Remote ចល័តមន ំ ិ ចំបច់េរសទ ី ី ង o VPN Site to Site: ករ Remote online ្រតូវករទី ង ំ ចបស់ ស់ (ឧ. Control ATM…) o DMVPN (Dynamic Mulitpoint VPN): ករ Remote ម៉ូដថម.ី .. (CISCO) Page | 10 Windows Server 2012 R2 IV. SETEC INSTITUTE Lab 4: Network Design (ស្រមប់ករសក ិ កនុង Lab) មុននឹងតេម្តីងប ្ត ញេយង ំ ជមុនសិន បនទប់មក ី ្រតូវសិក ពត ី ្រមូវករអតិថិចន តៃម្ល ឧបរណ៍ ទី ង គូសប្លង់ េហយ ្ល ់ែដលគូសរួចថ្រតម ី វ ិភគេលប ី ង ឹ ្រតូវេហយ ី ឬេន។ ្របសិនេបេី យង ិ ្រសួល នង ិ មនបញ្ហេ្រចន ី ី គូសប្លង់មន ិ ្រតម ឹ ្រតូវេទ ្របព័នធប ្ត ញរបស់ដំេណីរករមន េហយ ល់សមភរៈ ល់ឧបករណ៍ែដលនង ី ឹ យកមកេ្របី េយង ី ្រតូវសក ិ ពី Network Device, Protocol, Service, Layer ពីេ្រពះ Technology នីមួយៗេយង ី េធ្វី មត្រមូវកររបស់អតថ ិ ិជន។ 1. Diagram (1 - With Real Machine) Page | 11 Windows Server 2012 R2 SETEC INSTITUTE 2. Diagram (2- with Virtual Machine) 3. Server Component: Server: គជ ឺ ម៉សុន ី េម (Server) មួយស្រមប់បេ្រមី ល់ត្រមូវកររបស់ម៉សុីនកូន (Client) នង ិ ម៉សុន ី េមដ៏ដៃទេទៀត។ ធតុផ ៈំ (Hardware & OS Server [Windows 03, 08, 12, 16../ Linux]) Hardware Components: RAM, CPU, HDD (SATA, SCSI, SSD), RAID Contoller (Smart Array) + Hot Swap SAD Hard Drive, Bus Chache, Redundant Power Supply, Redundant Fans (Coling), NIC Gigabit, Monitor. Server System (Dell, IBM, HP…) Page | 12 Windows Server 2012 R2 SETEC INSTITUTE Dell Server System PowerEdge R730 Systemboard Severs RAM & CPU Servers Comparison Hard Disk SATA‐SAS and SSD Interface Hard Disk for Servers Page | 13 Windows Server 2012 R2 SETEC INSTITUTE Servers Rack & Power Rack Page | 14 Windows Server 2012 R2 SETEC INSTITUTE 4. Function of Server Domain Controller (DC) / Active Directory Domain Services (AD DS) : ស្រមប់្រគប់្រគងេលី ម៉សុីនកូន (client) និងម៉សុីនេម (Server) ដ៏ៃទេទៀង េហយ ី េផទ ងសំេណីរ Login, Authentication Account, េហយ ី DC ពឹងពក់េទេលី DNS Server េដីមបេី ធ្វីករ Record េ យ NetBios Name របស់ Client, េធ្វីករ Checkt េទេលី Permisson និង្រតួតពន ធ ុវត្តភ ិ ិតយ្របព័នស ិ ពេ យ ម៉សុីនេម (Server Domain controller)។ DNS Server (Domain Name System): ស្រមប់បំែលងេឈមះ Domain េទកន់ IP Address និងបំ ែលងពី IP េទកន់េឈមះ Domain វ ិញ។ ជទូេទេគេ្រប្រី បស់ DNS មនពីរ្របេភទគឺ Forward Lookup Zone & Reversed Lookup Zone។ FLZ (ស្រមប់បេងកីត ក់េឈមះ Domain Name), RLZ (ស្រមប់ កំណត់នូវ IP Address ) េដីមបប ចបេងកីត Sub Domain (Host ី ែំ លងពគ ី ន េទវ ិញេទមក។ េយង ី Name), Alais Name (េឈមះ សមបនម មិ ម ្ត ួយែដលេសមន ី ។ ិ ត ី ង ឹ េឈមះ Domain េនះ), Pointer ជេដម Default Port = UDP: 53 Page | 15 Windows Server 2012 R2 SETEC INSTITUTE File Server: ស្រមប់ផុ កទ ទ ន ិ នន័យរបស់ម៉សុន ី កូន (Clients) េ យមនសុវតថភ ិ ព + RAID Controller or DFS (Distribute File System) ស្រមប់ Data Store Link (ករកំណត់ផូ វស្រមប់ ្ល ម៉សុីន Client យកទិននន័យេ្របី និងរក ) Dynamic Host Control Protocol (DHCP) Server: មនតួនទស ី ្រមប់ផ្តល់ IP Address, Subnet Mask, Default Gateway, Preferened DNS េទេ យឧបករណ៍ នង ី ិ កុំពយូទ័រដ៏ៃទេទៀត។ មន ិ ្រតូវបេងកត DHCP Server េ្រចន ី េនេលី Diagram Network ែតមួយេទ។ Default Port = 67, 68 ‐ ករ Configure DHCP Server: o PC Server o Router ADSL o Router Broadband (Cisco) o Layer 3 (Core Switch - Routing / Switching) o Swith Managerment Page | 16 Windows Server 2012 R2 SETEC INSTITUTE Web Server: ស្រមប់បេងកះព័ត៌មន នង ិ ្រគប់្រគងទន ិ នន័យ មរយៈ Web Site (Web មនពរី ្របេភទគឺ Static Web and Dymanic Web=database) ែដលមនដូចជ៖ ‐ ‐ Internal Web (Local Network អនកេនខងេ្រកប ្ត ញមិន ចេបីកេមល ី បនេទ) External Web ្រសេដៀងនិង Internal ែដរ ប៉ុែន្តមនលកខណៈ Multi-site ែដលេយង ី មន Branch ជេ្រចន ី េទៀត ច Access ចូលេមល ី Web េយង ី បន ‐ Internet Wold Wide ។ Default Port = http:/80, proxy:8080, https:/443 Mail Server: ជ Server ស្របប់្រគប់្រគង E-Mail Account េ យេ្របក ី មមវ ិធជ ី ំនួយមួយចំនួនរួមមន (MDaemon/ Ms Exchange េហយ វ ិធី ី េរសកមម ី អនក ចេ្រជស ី មួយ) ស្រមប់្រគប់្រគងព័ត៌មន Email Account ទំងមូល ដូចជ៖ Send/Receive, Monitor, Block/Allow, AntiSpam, Security, Store MailBox, Reduction Problem Send/Receive។ (Default Port = DNS: 53, smtp: 25 (587, 465), PoP3: 110 (995), imap=143}។ Page | 17 Windows Server 2012 R2 SETEC INSTITUTE Database Server: ស្រមប់រក ទុកទិនន ន ័យរបស់ Web Apps Server (Application ែដល Run េលី Web ) និង Windows Apps Server។ Windows Form: Web Form o Microsoft Access: ក្រមិតទប ផ្តុកទិនន ន ័យបនតិច េ្របីជមួយ Windows Form o Microsoft SQL: ក្រមិតខពស់ ផ្តុកទន ិ នន័យបនេ្រចន ី េ្របីជមួយ Windows Form [VB.net, C#..] o Oracle (Open Source ជ្រកុមនហ៊ុនមួយ ច់): ក្រមត ិ ខពស់ ផទុកទន ិ នន័យបនេ្រចន ី េ្របី ជមួយ Windows Form [Java, C++..] o MySQL (Open Source): ក្រមត ិ ខពស់ ផទុកទន ិ នន័យបនេ្រចន ី េ្របជ ី មួយ Web Form [PHP, Framework…] Application Server: ល់ Computer កូនទំងអស់ទទួលបនកមមវ ិធេី ្រប្រី បស់េ យស្វ័យ្របវត្ត។ ិ Page | 18 Windows Server 2012 R2 SETEC INSTITUTE Proxy Server: ស្រមប់្រគប់្រគង Internet, URL [internet shortcut file name extention (ទី ង ំ Web site, Files)], Domain, Bandwidth នង ិ Fillter Package ែដលឆ្លងកត់។ o Proxy Server បំែលង Port http: 80 to 8080 o បេងកត ទ នង ី Cache ស្រមប់ផុ ក ិ Record Webpage ែដលបនេបក ី (Access) o េនេពល Computer េបក ី Website ដែដលៗគឺមនេលប នេលឿនជងធមម o ប៉ុែន្ត Proxy Server មិន ច Filter េទេលី SSL Port https: 443 បនេទ ្រគប់ែត Port: 8080 V. Lab 5: Domain Controller (DC) / Active Directory Domain Services (ADDS): ស្រមប់្រគប់្រគងេលីម៉សុីនកូន (client) និងម៉សុីនេម (Server) ដ៏ៃទេទៀង េហយ ី េផទ ងសំេណីរ Login, Authentication Account, េហយ ី បេី ធ្វីករ Record េ យ ី DC ពឹងពក់េទេលី DNS Server េដម NetBios Name របស់ Client, េធ្វីករ Checkt េទេលី Permisson និង្រតួតពន ធ ុវត្តភ ិ ិតយ្របព័នស ិ ពេ យ ម៉សុីនេម (Server Domain controller)។ សំគល់៖ ម៉សុន ី េម (Server) នង ិ ម៉សុន ី កូន (Client) 1. រេបៀបតេម្លង ី Domain Controller (DC) | Active Directory (AD) 1.1. 1.2. 1.3. 1.4. PC Server or VM + Windowns Server 2012 R2 NIC (2‐5 = Teaming NIC) + Install Driver (Connected = Active) Cable + Connector (Connect Cable From PC to Switch) Set IP Address | Subnet Mask | Preferered DNS Server (Check General PC: Computer Name, Time Zone:+ 7) 1.5. Add DNS Server Role (Domain Name System) and Add Active Directory Domain Services Configure Restart ‐ Note: Server 2012 R2 do not support DCpromo command click notify (if you close Add Role Wizard) to promote Domain controller… 1.6. Check IP Address and Prefered IP DNS Again Page | 19 Windows Server 2012 R2 SETEC INSTITUTE 1.7. Create Reverse Lookup Zone in DNS Server Register DNS (ipconfig /registerdns) Testing DNS (nslookup) Close 1.8. Disable Strong Password and Upate Group Policy (Run | mmc | Add Re. Snapt in | Gro. Po. Mgt. Editor) gpupdate /force 1.9. Change Name of User Administrator and Set Password 2. Enable Remote Desktop (Port: 3389) and Change Port Remote Desktop. ‐ HKEY_Local_Mahchine\System\CurrentControlSet\Control\TerminalServer\Winstation\ RDP‐Tcp\PortNumber (dword Value:3389) ‐ Double‐Click “PortNumber” and Change Ex: 7788 Restart (Demostation how to remote Desktop to Server) VI. Lab6 : PC Client Join Domain to PC Server (Member of Domain) Windows Client: XP, 7Profesional, 8.1 Pro, 10 Pro… (Workgroup) 1. What’s join Domain? គឺេ្របីស្រមប់ម៉សុីន (Client) ជសមជក ិ របស់ម៉សុីនេម (Server)។ • េហតុអប ្វី នជ្រតូវករ Join Domain? ₋ ₋ • ងយ្រសួលកនុងករ្រគប់្រគង User Accounts េផ ងៗ ងយ្រសួល Access Resource ពច ី ំងយ ₋ ច Log on ចូលេទ user ជមួយ Client or Workstation ₋ ចជួយស្រមួលករងរេផ ងៗរបស់ Admin……។ល។ ដូេចនះករ Join Domain: គឺជលកខណៈពិេសសមួយរបស់ប ក៏បន ្ត ញ្របតប ិ ត្តិករអនុញញតិឱយ User ទំនក់ទំនងភជប់ពច ី មងយ េ យមន ិ ចំបច់េទេធ្វក ី រផទល់ជមួយនង ិ Server េឡយ ី ។ Page | 20 ច Windows Server 2012 R2 SETEC INSTITUTE 2. Configure join PC to Domain ‐ ‐ ‐ ‐ ‐ ញ។ ្រតូវមន OS Server ែដលបនតេម្តីង Domain េហយ ី ្រតូវ គ ល់េឈមះ Domain របស់ Server ្រតូវ គ ល់ User Name នង ិ Password របស់ Server ្រតូវមនប ្ត ញ Network និងឱយ Network គ ល់គន ្រតូវកំណត់ IP Prefered DNS របស់ Server េនេលី Client ឧបមថៈ េគមន Computer 3 េ្រគឿន(Server =1, Client=2 នង ិ Switch=1 ស្រមប់ភជប់ ប ្ត Prefered DNS: 192.168.0.1 Prefered DNS: 192.168.0.1 Prefered DNS: 192.168.0.1 1.1. Step to Configure join domain ‐ Online Server ‐ Login to user on client with user local as admin user 1.2. How to Login Local User after joint domain 1.3. How to Login Domain User 1.4. Login one User Domian at the same time 1.5. To make Pc domain to workgroup ‐ Server ្រតូវ Online ‐ ្រតូវ Logon ជមួយ User ែដលមនសទ ធិ Admin (Local user or Domain User) ិ ជ 1.6. េធ្វីករកំណត់សិទេធិ យ User Domain មនសិទធិ ចែកែ្របព័ត៌មនេនេលីម៉សុីន Local បន ‐ ជទូេទេយង ី មន PC + Windows 7. 8, 10 ‐ Install Driver (VGA, Sound, NIC…) ‐ េធ្វីករ Jion Client to doamain server Page | 21 Windows Server 2012 R2 ‐ SETEC INSTITUTE Install Software (េបី ចកុំទន់តេម្លង ី ពេី ្រពះេពល Login ជមួយ User Domain មន កមមវ ិធី ខ្លះមន ចេ្រប្រី បស់បន) ិ ‐ VII. Longin on User Local Lab7: Introduction to Active Directory User and Computer 1. What is Security Account Manager (SAM) Database ? SAM Database: គជ ំ យូទ័រ Server Domain ឺ បណុ ំ្ត Objects (container) ែដលេកត ី េឡង ី កនុងកុព Controller… SAM Database: មនដូចជ៖ OU, User, Group, Computer, Contact, Printer,… ‐ Show ADU and Computer interface ‐ Explain Object name and each container… 2. Introduction OU (Organiztion Unit) What is OU? OU: ស្រមប់ផុ ក ទ Sub OU, User Account, Group ឱយមនរេបៀបេរៀបរយ ងយ្រសួលែកែ្រប និង កំណត់នូវសទ ចយក OU េទ Login េនកនុងកុំពយូទ័របនេទ ិ ធេផ ងៗ។ េហយ ី េយង ី មន ិ Ex: េរៀបចំរចនសមព័ន OU (Creat OU, Move OU, Delet OU…) Page | 22 Windows Server 2012 R2 SETEC INSTITUTE 3. Introduciton to User Account Domain: What is User Account? User Account: គជ ឺ Object, ID, Account ស្រមប់ Login កនុងកុំពយូទ័រេដីមបេី ្រប្រី បស់នូវកមមវ ិធី (Program)។ េហយ ី សទ ិ ធិ User Account [Users], [Guests],… ្រស័យេលី Group ដូចជ៖ Group [Administrators], 4. Type of User Accounts: មនពរី ្របេភទគឺ User Account Local & User Domain។ o User Account Local (UAL) : Build-in Windws such as: Administrator & Guest | More [Other user created after install OS]… - Workgroup (Properties on Computer) - User can login this local PC only o User Account Domain (UAD) : Create in Server Domain Controller - Domain (Propeties on Computer Or Server Manager) - User can login all PC member of domaim at the same time + User េម (Administrator): ជសមជក ិ របស់ Group [Administrators] + User កូន (User/ Guest): ជសមជក ិ របស់ Group [Users / Guests] Ex: េរៀបចំរចនសមព័ន User Account Domain. ( Create User in to the each OU) Page | 23 Windows Server 2012 R2 SETEC INSTITUTE Page | 24 Windows Server 2012 R2 SETEC INSTITUTE VIII. Lab 8: Introduction Group 1. What is Group? Group: ស្រមប់្រគប់្រគងេលី User Account ងយ្រសួលកំណត់នូវ Security Permission។ A. Create Group & Group Scope: o G. Domain Local o G. Global : ស្រមប់ភជប់ User / Group Domain Local កនុងប ្ត ្ Domain ែតមួយ : Group េនះេ្របីកុ ង ន Domain របស់េយង ី េហយ ី Workstation of Domain and Server of Domain o G. Universal ចទញយក Group េនះេទបន។ : េយង ច Add user / Group ៃន Domain េផ ងៗជសមជិករបស់េយី ី ង។ ទំង G. Global & G. Universal នមនកលខណៈ្រសេដៀងគន ប៉ុែន្ត ្រតូវករ Sub Domain ដូចជ Child Domain ជេដីម។ B. Group Type មនពីរជេ្រមស ី េរសេនេពលែដល ី កនុងករេ្រជស ី េយង ី បេងកីត Group: ‐ Security: can be used for security with files, folders and other objects to create permission. ‐ Distribution: Can’t be for security. Dose not has SID (Security Identifier), generally distribution group always used with email program like exchange server or mail group… Page | 25 Windows Server 2012 R2 SETEC INSTITUTE C. Add User to Group: េយង ចយក User Account មួយ Add ជសមជិករបស់ Group បនេ្រចីនរហូតដល់ (២២៥ ី Groups) Ex: Implement Add User to Group D. Modify User Account: Rename, Move, Enable / Disable, Delete, Edit,… Page | 26 Windows Server 2012 R2 SETEC INSTITUTE E. Create Multi-User with Script រេបៀបទី ១៖ េធ្វក ី Multi-Users ជមួយ csvde.csv Script ី របេងកត • • មុននឹងដេំ ណីរករ File Script, េយង ី ្រតូវបេងកីត User Account Domain គំរូមួយេនកនុង OU សិន ឧបមថ៖ េយង ី មន user account First name: Roth Last name: Vandoeun User logon name: Vandoeun@setec.edu • បនទប់មកចូលេទកន់ cmd C:\user\administrator>cd\ C:\> csvde –f C:\script.csv (េ្របស ី file script ផទុកកនុង C:\) ី ្រមប់បេងកត • បនទប់មក្រតូវយក File Script េនះេទ Edit កនុង Excel ដូចខងេ្រកម៖ Part1: Row Header Delete data start from Second Row until see you sample user account Must make sure that: What is the user account name are you created? And keept that Account. Part2: Colum Header ្រតូវរក ទុកេឈមះកនុង Colum Name ដូចខងេ្រកម៖ 1.DN | 2. objecClass | 3. distinguishedName | 4. name | 5.objectCategory | 6. cn | 7.displayname | 8. sAMAcountName | 9.sn | 10. givenname | 11. userPrincippalName េ្រកពេី ឈមះទំងេនះ្រតូវលុ បេចលទំងអស់ Page | 27 Windows Server 2012 R2 SETEC INSTITUTE Prepare Name list in excel File: Must add 4 Colums : First_Name, Last_Name, Full_Name and Office_Name. All these Colum is the referent to add information for the file script. Syntax ស្រមប់ែញកេឈមះ First_Name & Last_Name: • Ex: Roth Vandoeun [Roth =First_Name and Vandoeun is the Last_name] • First_Name = lower(left(n3,search(“ “,n3)-1)=roth [n3 is the full name cell] • Last_Name = lower(right(n3,len(n3)-(len(m3))-1))=vandoeun [m3 is the last name cell] • Note: Concatenate: ជរូបមន្តែដលេ្របស ី ្រមប់ភជប់ Cell បញចូ លគន • Ex: = concatenate(b2, “. ” ,c2, “@setec.com”) vandoeun.roth@setec.com • Some time, the User Account that has very long name or Space, must be care full (if long name cut some character and the name has space make to be no space. • Or you can cut out those name and create later… • Page | 28 Windows Server 2012 R2 • SETEC INSTITUTE After prepare script file in Excel, copy new file script to replace old file script C:\ Server Machine • បនទប់មកចូលេទកន់ cmd C:\user\administrator>cd\ C:\> csvde -i -f C:\script.csv (េ្របីស្រមប់បេងកីត import file script ែដល ផទុកកនុង C:\ េដីមបប ី User កនុង AD) ី េងកត • All those User account after created are disable, so can change to Enable by right click on the user account Enable F. Create OU, Group, User Account with DC in Server 2012 R2 by CLI: ករេ្របី្របស់ Comands ស្រមប់បេងកត ី OU, Group, User Account ភគេ្រចន ី េ្របីជមួយពពួក Server Core។ ‐ Create OU : dsadd ou ou=MyOffice,dc=setec,dc=edu : dsadd ou ou= Sales,ou= MyOffice,dc=setec,dc=edu (ស្រមប់បេងកីត Sub OU េនកនុង OU=Sales) ‐ Delete OU : dsrm –noprompt ou=MyOffice,dc=setec,dc=edu (ស្រមប់លុប OU េ យគមន Sub OU) : dsrm –subtree –noprompt –c ou= Sales,ou=MyOffice,dc=setec,dc=edu (ស្រមប់លុប Sub-OU=Sales, េនកនុង OU=MyOffice ែតមួយប៉ុេ Page | 29 ្ណ ះ) Windows Server 2012 R2 SETEC INSTITUTE : dsrm –subtree –noprompt –exclude –c “ou=MyOffice,dc=setec, dc=edu” (ស្រមប់លុប Sub OU & User ទំងអស់ េលក ី ែលង OU=MyOffice) : dsrm –subtree –noprompt –c ou=MyOffice,dc=setec,dc=edu (ស្រមប់លុប OU, Sub OU & User ទំងអស់) ‐ Create Group : dsadd group cn=G_Sales,ou=MyOffice,dc=setec,dc=edu : dsadd group cn=G_Sales,ou=Sales,ou=MyOffice,dc=setec,dc=edu ‐ Delete Group : dsrm “cn=G_Sales,ou=MyOffice,dc=setec,dc=edu” : dsrm “cn=G_Sales,ou=Sales,ou=MyOffice,dc=setec,dc=edu” ‐ Create User Account : dsadd user cn=Sochet,ou=MyOffice,dc=setec,dc=edu –pwd 123 : dsadd user cn=Sochet,ou=Sales,ou=MyOffice,dc=setec,dc=edu ‐ Detete User : dsrm “cn=Sochet,ou=MyOffice,dc=setec,dc=edu” : dsrm “cn=Sochet,ou=Sales,ou=MyOffice,dc=setec,dc=edu” ‐ Rename User : dsmove cn=Sochet,ou=MyOffice,dc=setec,dc=edu –newname RA ‐ Rename OU ‐ Move OU : dsmove ou=Sales,ou=MyStaff,dc=setec,dc=edu –newparent : dsmove ou=MyOffice,dc=setec,dc=edu –newname MyStaff ou=HR,dc=setec,dc=edu រេបៀបទី ២៖ េធ្វក ី Multi-Users ជមួយ .bat File ី របេងកត =“dsadd user cn=“&Fullname&”,ou=“& Child_OU &”, ou=“& Parent_OU &”,dc=setec,dc=edu –samid “&Fullname&” –email “&Emailname&” –fn “&FirstName&” –ln “&Lastname&” –pwd 123456 –mustchpwd yes –office “&Office&”” Page | 30 Windows Server 2012 R2 IX. SETEC INSTITUTE Lab 9: Implement PC File Server with PC Server DC 1. What’s File Server? o File Server: គជ ទ ល់ទន ន ័យ (Data File) របស់ម៉សុន ឺ ម៉សុន ី េមមួយ ស្រមប់ផុ ក ិ ន ី កូន o ្រតូវតេម្លង ី RAID Controller + File Resource Manager េនេលី File Server Implement Structure Folder Security Permission Distribute File System (DFS) Storage (SSD, [Hybrid-Magnetic, Magnetic=rpm-round per minute]) ទំងអស់េនះគឺត្រមូវេ យេយង ី យកម៉សុីន File Server join Domain ជមួយម៉សុីន Server. 2. Windows Server 2012 R2 implementation as DC and File Server Create Group_Local, Group_Global into each OU Add User Account to Global and Add Global to Local Check File System on Hard Drive to prepare store data (NTFS) Configure sharing (Group_Local) with security (Group_Local) each Department 3. Implemenitation on File Server: Configure some information on computer File Server it ‘s eas to identify such as: User Account log in, Password, Computer Name, IP Address, Time Zone… Prepare Jion to Domain to PC Server DC Login with User Account Administratoin of Server DC (Ex: Sadmin_IT) េដីមបេី ្របី សិទធិរបស់ Administation User ម៉សុីន Server ែដលេដីរតួនទីជ DC Server េ យងយ ្រសួលកនុងករេរៀបចំ េរៀបចំ Structure Folder Security Permission X. Lab 10: Structure Folder for Store Data + Security Permission What ‘s Structure Folder Security Permission? o SFSP: គឺជែមកធង និងរចនសមព័នម ធ យ ួ ស្រមប់េរៀបចំផុ កទ ទ ន ិ នន័យរបស់ម៉សុីនកូន (Client) េ យមនរេបៀបេរៀបរយ មែផនកេរៀងៗខ្លួន េហយ ី មនសុ វតថភ ិ ពទន ិ នន័យ។ Page | 31 Windows Server 2012 R2 SETEC INSTITUTE 1. Folder Security (1) 2. Folder Security (2) Page | 32 Windows Server 2012 R2 SETEC INSTITUTE 3. Set Security: Share Everyone Full Control Authenticated users DATA = Administrator: Full Control Security = G.All: List Folder Content Administrator: Full Control Account Security = G. All: List Folder Content, Delete G. Account: List Folder Content Administrator: Full Control A1 Security = G. Account: List Folder Content User A1: Select Permission How to configure (Create OU, User, Group, Create Structure Folder, Set Security Permission testing) XI. Lab 11: Implement Map Network Drive (Virtual Network Drive) 1. What’s Map Network Drive? o Map Network Drive: េ្របស ំ យូទ័រ ដ៏ៃទ ី ្រមប់បំែលង Folder េ យេទជ Drive ែក្លងក្លយេនេលីកុព េទៀត េហយ ន ័យេទវ ិញ េទមករ ងម៉សុីនកូន-េម (Client / ី បេងកីតបនជផ្លូវងយ្រសួលបញជូ នទិនន Server)។ 2. Local Map Network (LMN) = Short Cut (Workgroup) o LMN: េ្រចីនេ្របីជមួយប ្ត ញកុំពយូទ័រជទំរង់ Peer to Peer Network (Workgroup)។ Page | 33 Windows Server 2012 R2 SETEC INSTITUTE A. Map Network Drive: គជ ឺ ករទញយក Drive របស់ម៉សុន ី ម៉សុីនរបស់េយង ី ។ មួយមកេ្របប ី េ ្ត ះ សននកុ ង ន Step to Configure Map Network Drive: ‐ ្រតូវេរៀបចំ Network េ យ គ ល់គន (IP Address | Cable | Wireless | Switch/Hub /AP) ‐ ្រតូវ គ ល់ IP Address, User Account’ name, Password របស់ Computer ែដល្រតូវនង ឹ ទញ Drive េនះយកមកេ្របី ‐ Right click on Computer or Network Map Network Drive o Insert IP or Computer Name: \\192.168.0.8 o Type User Name: Reach o Type Password: ***** OK ‐ ចំ ៖ ំ ឯក រែដលសថត ចេ្របីបន Full Control ឬអត់ គឺ ិ េនកនុង Drive េយង ី េលស ី ី ទ ិ រធ បស់ User Accout របស់េគមកេ្រប។ ្រស័យេទ B. Map Network Folder: បំែលង Folder េ យេទជ Drive ែខ្លងក្លយ។ Step to Configure Map Network Foder: ‐ ្រតូវេរៀបចំ Network េ យ គ ល់គន (IP Address | Cable | Wireless | Switch/Hub) ‐ ្រតូវ គ ល់ IP Address, User Account’ name, Password របស់ Computer ែដល្រតូវនង ឹ ទញ Folder េនះយកមកេ្របី ‐ ‐ ្រតូវ Share Folder ជមុនសន ិ ។ ឧទហរណ៍៖ េគមន Folder មួយេឈមះថ Test888 Run \\192.168.0.8 Ok o Type User Name: Reach o Type Password: ***** OK o Click on Foder Test888 Page | 34 Windows Server 2012 R2 ‐ SETEC INSTITUTE Right click on Computer or Network Map Network D rive ‐ Click finish ‐ Then insert user name and password again Page | 35 Windows Server 2012 R2 ‐ ចំ SETEC INSTITUTE ៖ ំ ឯក រែដលសថត ចេ្របីបន Full Control ឬអត់ គឺ ិ េនកនុង Folder េយង ី េទេលីសទ ិ រធ បស់ User Accout របស់េគមកេ្របី។ ្រស័យ ‐ 3. Redirect / Path Map Network (RMN): Or Online Map Network Drive (OMN) o RMN | OMN: េ្រចីនេ្របីជមួយប េលីម៉សុីនកូនមួយ o Concept to Configure: ្ត ញកុំពយូទ័រទំរង់ជ Client / Server េហយ ី User Domain Login និងបង្ហញ Drive េលីម៉សុន ី កូនកេនះ េ្រចីនេ្របីជមួយ Drive Private។ On Local Server ែដលេដរី តូនទជ ី DC + File Server - All compuer client ្រតូវ join ជសមជក ិ domain របស់ DC Server - ករងរេនះ្រតូវ Configure េនេលី DC Server - Folder ្រតូវបន Share - Server Manager Tool Active Directory user and computer - ទញឯក រពម ី ៉ សុន ី ែដលបន Share. Ex: run \\DC enter copy path Page | 36 Windows Server 2012 R2 SETEC INSTITUTE - Right Click on any User Properties. Example User A1 Property click Profile Tab - Click Connect: M to \\DC\Data\A1 - បញចក់្រតូវដង ំ របស់ឯក ឹ ថ េតីទី ង រេនកែន្លង ? ្រតូវកំណត់ Path េ យ្រតូវ!!! - Click Ok Testing with client computer log on with user A1 On File Server ែដលេដរី តូនទជ ី File Server - All compuer client ្រតូវ join ជសមជក ិ domain របស់ DC Server - ករងរេនះ្រតូវ Configure េនេលី DC Server - Foder ្រតូវបន Share - Server Manager Tool Active Directory user and computer - Right Click on any User. Example User A1 Property click Profile - Click Connect: M to \\FileServer\Data\Account\A1 - បញចក់្រតូវដង ំ របស់ឯក ឹ ថ េតទ ី ី ង រេនកែន្លង ? ្រតូវកំណត់ Path េ យ្រតូវ!!! - Click Ok Testing with client computer log on with user A1 *** សំគល់៖ កនុង Profile Properties Tab របស់ User Domain: េបេី គកំណត់ Path: \\FileServer\Data\Account\%UserName% - មនន័យពរី យ៉ង៖ (1)្របសិនេបី Foder=Account កនុងម៉សុន ី Sub Folder ស្រមប់ Private ី File មន ិ ទន់បេងកត User េទ គឺ នង ី Sub Folder’s Private User ឱយេ យស្វ័យ្របវត្តេិ នកនុងម៉សុន ឹ េងកត ី File Server ែដលសថិតេនកនុង \\FileServer\Data\Account េទ មេឈមះរបស់ User Domain - ែដលសថត ិ កនុង OU=Account។ (2) េបម ី ន Folder េហយ ី ករកំណត់េនះ នង ឹ Apply ចូល្រគប់ User Account Domain ទំងអស់របស់ OU=Account។ Page | 37 Windows Server 2012 R2 SETEC INSTITUTE 4. Script Multi Online Map Network Drive o SMOMN: ដូចេទនឹង redirect / Online Map Network Drive ែដរ ប៉ុែន្ត ចបេងកីតបនេ្រចន ី Drive េហយ ចយក File Script (.bat) េទេ្របជ ី េ្រចន ី េ្របជ ី មួយ Drive: Public Share។ េយង ី ី មួយ GPO (Group Policy Object) ក៏បន។ *** ចំ ំ៖ េយង ង Online Map Network Driver៖ ី C: = OS + Application + Driver M: = Private Drive. (only one user: A1) N: = Public any Department (Only one Depart: P_Account) Z: = Public All Despartment (P_Teams) D: = Local Data o Concept to Configure: - All computer client ្រតូវ join ជសមជិក domain របស់ DC Server - ករងរេនះ្រតូវ Configure េនេលី DC Server - ្រតូវដំេណីរករទញយកឯក រពម ំ ជមុនសន ី ៉ សុន ី FileServer េ ដឹងពទ ី ី ង ិ - ឧទហរណ៍៖ Run \\File Ok (ជេឈមះម៉សុន ី File server ែដលបន Share ឯក Page | 38 រ) Windows Server 2012 R2 SETEC INSTITUTE - Open Notepad net use N: \\File\MyData\Account\P_Account Z: \\File\MyData\P_All Department Page | 39 Windows Server 2012 R2 SETEC INSTITUTE - Save file to Location: C:\Windows\Sysvol\sysvol\setec.edu\script\Account.bat - Ok - ចំ ៖ ំ ្រតូវ ក់ Extantion ជ .bat flie (Execute file) - ចូលេទេបក ី Path ែដលបន Save File Page | 40 Windows Server 2012 R2 SETEC INSTITUTE - Copy េឈមះរបស់ File + Extantion (.bat) - Server Manager Toot Active Directory user and computers - Right Click on User: A1 Propeties Profile Log on Script - Click Apply Ok - Testing with client computer log on with user A1 5. Create Script Multi‐ Map Network Drive with GPO o Step to Configure Script Multi-Map Network Drive with GPO o Logon DC Server Page | 41 Account.bat Windows Server 2012 R2 SETEC INSTITUTE o ទញ File ែដលបន Share េដីមបី Copy Path: \\File\MyData\Account --> Copy េដីមបី Past កនុង Notepad o Create Script ម notpad និង Save ម Path ដូចខងេលីែដរ o ចូលេទកន់ទី ង ំ ែដលបន Save File: C:\Windows\sysvol\sysvol\setec.edu\script\ o Copy េឈមះ File មួយ៖ ឧទហរណ៍ Account.bat or Design.bat or Sales.bat o Server manager Tool Group Policy Management o Click Domain: Setec.edu េ្រជីសេរស ី OU ែដលចង់ Apply. Ex: Design Right click Create GPO in this Domain, and Link here… ក់េឈមះ Script: o ScriptGPO Ok o Righ click on File ScriptGPO Edit User Configuration Policy Windows Settings Script (Log on / off) o Click Log on Click Show File Past File Script (Accout.bat or Design.bat) ែដលបន Copy ចូលទី ង ំ ែដលបនេបក ី Close DialogBox o Click Add click Browse េ្រជីសេរស ី File ែដលបន Past (Accout or Design) o Ok Close o Run gpupdate /force Ok o Testing with user on Client XII. LAB 12: User Profile What is user Profile? គឺជសរ ី ងគរបស់ User Account។ ្រគប់ User Account ទំងអស់្រតូវ មន Profies ែដលមនដូចជ៖ (Contacts, Desktop, Download, My Document, Cokkie, Favorite, Picture, Music, Video, NTUSER.DAT…)។ Profile ែចកេចញជ ៣ គឺ៖ Local User Profiles, Roaming User Profiles and Mandatory User Profiles។ 1. Local User Profiles: - LUP: ជ Profiles ែដលេកត ី េឡង ី កនុងម៉សុន ី ខ្លួនឯង (Local PC) េនេពល User Account Login។ - ទី ង ំ ផទុក Profile: WindowsXP: C:\Document and Settinge, Windows 7, 8.1, 10 គឺ C:\Users - េធ្វីករបង្ហញ LUP (Demotration LUP) Page | 42 Windows Server 2012 R2 SETEC INSTITUTE 2. Roaming User accout Profiles - RUP: យក Profiles ខ្លួនឯងេទេផញីរេលីម៉សុីន Files Server េដីមបរី ក ទុកេ យមនសុវតថិ ភព េហយ ី User Domain ច Log in កនុងម៉សុីនកូន User និងបង្ហញកនុងម៉សុីនកូនទំងេនះ។ មួយក៏បន រឯ ី Profile របស់ o Step to Configure RUP: - េធ្វក ី រេរៀបចំ Create New Forlder ស្រមប់ Share user Roaming ‘s Profile Ex: MyProfile Share with Authentication Users Permission (Full, Chenge, Read, …) - Copy Path: \\File\MyProfile$ Note: Share’s Name Folder ្របសិនេបី ក់សញញ ($) េនខងេ្រកយ េឈមះ Folder ស្រមប់ Shared នង ឹ មន ិ បង្ហញជមួយនង ិ ម៉សុន ី ែដលបន ទញយក Folder េនះេទេ្របេី ទ ដូេចនះលុះ្រ ែតេយង ី Type Path របស់ េ - យបន្រតម ឹ ្រតូវ។ ឧទហរណ៍៖ \\File\MyProfile$ Log on DC Server - Server Manager Tools Active Directory User and Computer - េ្រជស ី េរស ី User កនុង OU - មួយស្រមប់នឹងេធ្វីករកំណត់ (RUP) Right Click េលី User Properties Click Profile Past File Copy េនកនុង Profile Path: \\File\MyProfile$\%UserName% Apply Ok Demostration កនុងករ Log on ជមួយ User Domain េនេលី Client Change Desktop, Create File / Folder,… ផទុកេនកនុងសរ ី ងគរបស់ User Profile…។ Page | 43 Windows Server 2012 R2 SETEC INSTITUTE 3. Mandatory User Profiles - MUP: មន ិ រក ព៌ត័មន និងទិននន័យែដលបនែកែ្របកនុង Profile េទ។ េនេពល Restart កុំពយូ ទ័រគឺបត់អស់ ្រសេដៀងនង ិ កមមវ ិធី (DeepFreez) ែដរ។ មនន័យថ Read only Profiles។ ចំេពះ Standard Netword Server េគមន ិ សូវយកមកេ្របេី ទ។ A. Step to Configure on PC workgroup - Log on to Your PC - Create one more user Account. Ex. Dara - Log off into User Dara - Than log off into your Own User. (Ex. Reach) - Tools | View Folder Option View o Show Hidden file or Folder o Hiddent Extention file o Hiddent protect OS (Recommand) - C:\Users\Dara\ (Remane file NTUSER.DAT to other Extention. Ex: NTUSER.MAN) - Restart PC Log on to Dara - Create New File or Folder Restart and Log on to Dara - Page | 44 Windows Server 2012 R2 SETEC INSTITUTE B. Step to Configure on PC Server - Log on PC Server - Create Sample User Account. Ex: Dara - Try: Logon with user Dara Can’t Log on or not? - Go to Server manager Tools Group Policy management - Forest: SETEC.edu | Domain | setec.edu | Domain Controller | Defaulf Domain Controller Policy Right Click Edit Page | 45 Windows Server 2012 R2 - SETEC INSTITUTE Click- on Computer Configuration | Windows Settings | Security Settings | Local Policy | User Rights Assignment - Double Click on allow Logon Locally | Click Add User or Group | Click Browse | Select user Dara Ok - Apply OK Page | 46 Windows Server 2012 R2 SETEC INSTITUTE - Run gpupdate /force - Log in with user Dara (េដីមបប ី េងកីត User Profile ) - Sing out User Dara goto User Admin: េដីមបី ែកែ្រប Profile របស់ User Dara Create Folder on D:\MadatoryProfile (េធ្វីករ Share Folder មួយេនះជមួយ Permission Full control & with Everyone or Authentication Users) - Go to Acive Directory User and Computer េ្រជស ី េរស ី User Dara Properties Profile Profile Path : \\dc\MadatoryProfile\dara - Connect: M: \\dc\Mandatory\dara - Log in to User Dara (េដីមបី បេងកីត Folder ែដលេយង ី បនេធ្វក ី រកំណត់ដូខង - Apply Ok េលី) Sing out User Dara goto User Admin: C:\User\Dara (េធ្វក ី រ View Show File Hidden) - Change file NTUSER.DAT to NTUSER.MAN - Delele file: o Ntuser.dat.LOG1 o Ntuser.dat.LOG2 - - Change Profile Dara to Dara.V2 & Copy to Local path Shared Page | 47 Windows Server 2012 R2 SETEC INSTITUTE - ពន ិ ត ិ យេមល ី Local Profile and Manadatory Profile - Logon with user Dara and test to change information + Login + Logout XIII. LAB 13: Implementation Disk Quota What is Quota? - Quota: គជ ឺ Tools មួយេ្របស ី ្រមប់ែបងែចក Hard Drive េ យ User Account ទំហប ំ ុ៉នមន? េនកនុងម៉សុីន Local or ម៉សុីន Server។ ចផទុកទន ន បន ិ ័យ ករេរៀបចំ Quota មនពីរ្របេភទគឺ Quota with Drive Properties និង Quota with File Resoruce Manager។ - Sovanreach - Kaknika - Dara - Piseth - Kolyan - Sochet Page | 48 Windows Server 2012 R2 SETEC INSTITUTE 1. Quota with Driver Properties A. Quota with User Local (PC Client or Server): Hard Drive must NTFS (File System របស់ Hard Disk) - Demotration on PC Client B. Quota with User Domanin (PC Server): Hard Drive must NTFS - Demotration on PC Server - 2. What’s File Server Resource Manager (FRM)? FRM: ស្រមប់ឱយ User Account ចេធ្វីករកំណត់ Allow / Deny Extention File (*.exe | *.bat | *.avi | *.mp4…) េនផទុកកនុង Storages េហយ ចកំណត់ទហ ំ ំ File ែដលបនផទុក ី ទន ំ ុ៉នមន...។ ិ នន័យម៉សុន ី Server ឬម៉សុន ី File Server េនះបនទំហប ករពរ File Virus មន ិ េ យដំេណីរករកនុង File Server។ Concept to configure ‐ Log on the File Server or DC Machine ‐ Add Role and Feature Next Next ‐ Click on File and Storage Services Click File and iSCSI Services ‐ Click on File Server Resource Manager Add Feature ‐ Click Next Next Installed (Whaiting a few minute) ‐ After finish install Click Tools File Server Resource Manager A. Quota Management o Quota: ស្រមប់បេងកីត Quota ថមីេ យមិនចំបច់ទញពី Quota Template (Quota គំរូ)េទ o Quota Template: បេងកីត Quota Template ឱយមន្រ នឹងបេងកីតថមី។ ប់េទីបទញ ក់េលី Quota ែដល B. File Screening Management o File Screen: ស្រមប់េធ្វក ី បប ី រកំណត់្របេភទ File េដម ី ញចូ លេទកនុង Quota o File Screen Template: ស្រមប់េធ្វីករកំណត់្របេភទ File ទុកជមុន េដម ី បប ី ញចូ លេទកនុង Quota Page | 49 Windows Server 2012 R2 SETEC INSTITUTE o File Group: ស្រមប់បេងកត ួ េដីមបក ី Group ថមីមយ ី ំណត់ Extension File ែដលចង់ Block។ C. Storage Report Management: ស្រមប់្រគប់្រគង Storage ែដល ច Link េទ NAS (Network Attach Storage) or new Technologies Storages េផ ងេទៀត។ XIV. Lab 14: General Knowledge on User Account Domain 1. User Template - េយង ី បេងកីត User Account គំរូមួយ េហយ ី េយង ី Clone User Account េនះែតម្តង Note: បេងកីត User +. Concept: ម Manuale េដម ី បី Test េលី Client ថេតដ ី ូចគំរូ user ចស់ឬេទ? o Server Manager | Tools | Active Directory User and Computer o េ្រជស ី េរស ី User មួយែដលបន Configure េហយ ី (Ex: A1) o Right Click Copy | Type: User name and account Log on o Next to create the User o Check Propert េលី User A7 េដីមបេី មល ី Configuration ដូច user ែដលមន្រ Page | 50 ប់ឬេទ? Windows Server 2012 R2 SETEC INSTITUTE o Testing with log on user 2. User Logon Hour & User Logon PC - កំណត់េពល +. Concept: នង ិ កុំពយូទ័រ ស្រមប់ User Account ច Login បន ឬ មន ិ បន។ o Server Manager | Tools | Active Directory User and Computer o េ្រជស ី េរស ី User របស់ OU o Right Click Properties | Click Account o User Logon Hour | េធ្វីករកំណត់ Schedule ដូចខងេ្រកម o User Logon PC | េធ្វក ី រកំណត់ Schedule ដូចខងេ្រកម Page | 51 Windows Server 2012 R2 SETEC INSTITUTE o Testing with log on user 3. Set Day for Reset All Password or Expire Account - កំណត់ៃថង ែខ ឆន ំ ប្តូរេលខសមងត់ រជថមី និងកំណត់េ យ User Account Expire។ Set Day for Reset All Password: +. Concept: o mmc | File | Add / Remove Snap-in | Group Policy Management Editor | Add | Browse | Default Domain Policy | OK | Finish | OK o Computer Configuration | Policy | Windows Settings | Security Settings | Account Policy | Password Policy Maximum Password Age: 7 Minimum Password Age: 1 o Close gpupdae /force Set Account Expires: o Server Manager | Tools | Active Directory User and Computer o េ្រជស ី េរស ី User របស់ OU o Right Click Properties | Click Account o Account Expires | េធ្វក ី រកំណត់ Schedule ដូចខងេ្រកម Page | 52 Windows Server 2012 R2 SETEC INSTITUTE o Testing with log on user When User Account Domain Login Wrong 3 Time Will Disable / Lock this User (Security Account Login) - កំណត់ចំនួនដងៃនករ Login។ ្របសិនេបី Login ខុសប៉ុនមនដង នង ឹ Disable This User។ +. Concept: o ករកំណត់ user Account Password User Must Change Password at next logon o mmc | File | Add / Remove Snap-in | Group Policy Management Editor | Add | Browse | Default Domain Policy | OK | Finish | OK o Computer Configuration | Policy | Windows Settings | Security Settings | Account Lockout Policy Account Lockout duration : 15 Minute Account Lockout threshold : 3 Invalid logon attempts Reset Acccount Lockout Counter After : 15 Minute Page | 53 Windows Server 2012 R2 SETEC INSTITUTE o Close gpupdae /force XV. LAB 15: Introduction Group Policy Object Editor 1. What’s GPO? - GPO: ស្រមប់្រគប់្រគង នង ិ េរៀបចំរចនសមព័នធ User & Computer េ យមនសុវតថភ ិ ព។ GPO ្រតូវ បនកំណត់េនេលី OU ឬ Child OU េ យ GPO េដីមបប ួ កនុង Windows, ី ទ ិ ករងរមួយចំនន - Application និងករងជេ្រចីនេទៀត....។ GPO: មនេនកនុង Local PC & Active Directory Doamin o Local PC: Run | gpedit.msc | Page | 54 Windows Server 2012 R2 SETEC INSTITUTE o Active Directory Domain: Server Manger | Tools | Group Policy Management Page | 55 Windows Server 2012 R2 - Right Click on OU SETEC INSTITUTE មួយ (Ex: Account) Create A GPO in this Domain, and link it here… - ក់ឱយ GPO (AccountGPO) - Righ Click On AccountGPO Edit (េទកន់ GPO េដម ី បផ ី ្ល ស់បូ រ្ត Policy) - Right Click on OU=Account Link an Existing GPO … - េ្រជស ី េរស ី Ok ី Object Name ែដលេយង ី បនបេងកត Page | 56 Windows Server 2012 R2 - SETEC INSTITUTE Close GPO gpupadate /force 2. Disable Applications, Programs or any Windows Tools: Disable Regedit, Comand Prompt (Cmd), Run: *ចំ :ំ ្រតូវ Log on ជមួយ user Domain េនេលី Clients នង ិ កមមវ ិធេី ផ ងៗ ថេតី ដំេណីរករ ឬ មន ិ ដំេណីរករ? កលបងេ្របី Tools នង ិ Concept: 1) Logon DC Server 2) Server Manager | Tools | Group Policy Management 3) Click Fores:setec.edu | េ្រជស ី េរស ី OU មួយ Ex: Account | Right click Create A GPO in this Doamin, and link it here 4) Type GPO Name: -Disbale Regitid, Cmd, run Ok 5) Right click on GPO Name | Edit | User Configuration | Policy | Administrative Template: Poliycy Difnition… | System | - Prevent Access to registry editing tools Enable - Prevent Access to the command prompt Enable - And if you want to Disable run go to Start Menu and Taskbar Remove Run menu form Start Menu Enable - Close 6) Right Click on OU ែដលេយង ី ចង់ Appley. Ex: Account | Link an Existing GPO … | Ok gpupdate /force 7) Testing with login your user in OU=Account. Page | 57 Windows Server 2012 R2 SETEC INSTITUTE Deny / Allow Application: Concept: 1) អនុវត្តដូចចំនុច (1), (2) and (3) ដូចខងេលី (a) 2) េយង ចបេងកីតេឈមះ GPO ថមីមួយេទៀតក៏បន ឧទ. - Deny application ី 3) Right click on GPO Name | Edit | User Configuration | Policy | Administrative Template: Poliycy Difnition… | System | Don’t run windows specified Windows Applications: ស្រមប់េធ្វី ករកំណត់ Applications or any Program មិនឱយដេំ ណីរករ Run only specified Windows Applications: ស្រមប់េធ្វីករកំណត់ Applications or any Program ឱយដំេណីរករែតប៉ុេ េនះមិនដំេណីរករេទ...។ - ្ណ ះ េហយ ី េ្រកពី Don’t run windows specified Appliction: Show.. Add file execute of any application. Ex: winword.exe, notepad.exe… Enable - Run only specified Windows Applications: Show.. Add file execute of any application. Ex: winword.exe, notepad.exe… Enable - Ok | Close GPO | gpupdate /force 4) Testing with lonin your user in OU=Account Deploy Image on Desktop Concept: 1) Create Foler ស្រមប់ Share រូបភព: ឧទហរណ៍៖ Image_Desktop 2) អនុវត្តដូចចំនុច (1), (2) and (3) ដូចខងេលី (a) 3) េយង ចបេងកីតេឈមះ GPO ថមីមួយេទៀត ឧទ. – Deploy Image ី 4) Right click on GPO Name | Edit | User Configuration | Policy | Administrative Template: Poliycy Difnition… | Desktop | Desktop - Desktop Wallpaper Enable Option: Wallpaper name: \\dc\Image_Desktop\Angkor.jpg | Wallpaper Style: េធ្វី ករកំណត់រូបភពកនុងករបង្ហញ៖ Center, Fill, Fit, Span and Stretch, Title Ok 5) gpupdate /force | Testing Page | 58 Windows Server 2012 R2 SETEC INSTITUTE Hide and Prevent Local Drive in PC Clients Concept: 1) អនុវត្តដូចចំនុច (1), (2) and (3) ដូចខងេលី (a) 2) េយង ចបេងកីតេឈមះ GPO ថមីមួយេទៀត ឧទ. – Disable & Hide Drive ី 3) Right click on GPO Name | Edit | User Configuration | Policy | Administrative Template: Poliycy Difnition… | Windows Component | File Explore | - Hide these specified drives in My Computer Enable - Prevent access to drives from My Computer Enable 4) Ok | Close GPO | gpupdate /force 5) Testing Deny Removable Storage Access: (Flash, Hard Disk External = USB port) Concept: 1) អនុវត្តដូចចំនុច (1), (2) and (3) ដូចខងេលី (a) 2) េយង ចបេងកីតេឈមះ GPO ថមីមួយេទៀត ឧទ. – Disable Removable ី 3) Right click on GPO Name | Edit | User Configuration | Policy | Administrative Template: Poliycy Difnition… | System | Removable Storage Access | - All Removable Storage Classes: Deny all access Enable 4) Ok | Close GPO | gpupdate /force 5) Testing ចំណុចគួរបែនថម៖ កនុងករេ្រប្រី បស់ GPO េដម ី បី Disable Tools និង Application េទបនល្អ េយង ី គួែតសក ិ េ យបនចបស់ពរី េបៀប្រគប់្រគង់ Network េនកនុង ថ ប័នរបស់េយង ី ជមុនសន ិ ថេតម ី ន អ្វីខ្លះ Deploy ឱយេ្របី និង Disable មន ិ ឱយេ្របី។ មយ៉ងេទៀតេយង ី ្រតូវែស្វងយល់បែនថមេលីករ េ្រប្រី បស់ Tools េនកនុង GPO ទំងេនកនុង Computer Configuration and User Configuration។ Page | 59 Windows Server 2012 R2 SETEC INSTITUTE 3. Deploy Application and Pirnter: a. Deploy Application to PC Client [.msi, .zap (.exe)] Concept: 1) ្រតូវ Download កមមវ ិធស ី ្រមប់តេម្លីងែដលមន Extention .msi 2) Create Folder ស្រមប់ Share កមមវ ិធទ ំ េនះ Everyone ី ង 3) Server Manager | Tools | Group Policy Management 4) Click Forest: setec.edu | Domain | setec.edu 5) Right-Click on Group Policy Object New Create Ojecte Name: - Deploy App, Soft, Pro 6) Right-Click on Object Name | Edit | User Configuration | Policy | Software Setting 7) Right-Click on Software Installation New Package 8) េធ្វក ំ Path របស់ File ែដលបន Share . Ex: ី េរសទ ី រេ្រជស ី ី ង \\dc\Deploy_Software េ្រជស ី េរស ី កមមវ ិធី មួយ 7z1512.mis | Open | Assign Ok 9) Right-Click on file 7z1512.msi Properties | Deployment | Install application at Logon & Basic or Maximum Ok 10) Apply Object on any OU. Ex: OU=Account Right-Click Create an Existing GPO… េ្រជស ី េរស ី Object Name: -Deploy App, Soft, Pro 11) Update Policy gpupdate /force | Testing with user domain on clients` b. Share or Deploy Printer - ករ Share Printer េនេលី Network មនន័យថ ល់ម៉សុីននីមយ ួ ៗ មិនចំបច់េ្របី Printer ផទល់េទ គឺេ្របី Printer រួមគន។ េធ្វីេ យចំេណញេពលេវ Interface ស្រមប់ភជប់៖ និងចំ • Paralleled Port • USB ports | Network Ports • IEEE 1394 |FireWire port • Wireless Page | 60 យ ថវ ិកតិច។ Windows Server 2012 R2 - SETEC INSTITUTE Printer: មួយចំនួនមុនេពល តេម្លីង Driver ្រតូវែតភជប់ជមួយកុព ំ យូទ័រ នង ួ េទៀតេពល តេម្លង ំ ច់ភជប់ជមួយកុំពយូទ័រែដរ ិ Printer: មួយចំនន ី Driver ក៏ពុំចប ករ Share Printer មនេ្រចន ី ្របេភទេនកនុង Network ដូចជ៖ • Share Printer មរយៈែខ (Cable | Wires) • Share Printer េ យមន ិ េ្របីែខ (Wireless) • Share Printer ជមួយឧបករណ៍ Print Server • Share Printer េគ ច Configure បនទំងកនុង Local ជមួយ PC=Client or PC = Servers នង ិ Deploy Serviece េ យ OS=Server ែដល្រតូវករ Add Role | Feature Services…។ វ ិធិ ្រស្តទ១ ី ៖ (Support បនែត Windows 8 or Windows 10 េទ) Concept: 1) ្រតូវភជប់ Printer ជមួយ PC + Setup Driver 2) េធ្វីករេរៀបចំប ្ត ញ PC ឱយ គ ល់គន 3) Logon DC Server 4) Click-Control Panel | Devices and Printer | េ្រជស ី េរស ី Printer Ex: HP Color (ឬ េយង ច Add new Printer, if we on virtual manchine) ី 5) Right-Click Printer Properties Sharing (េយង ចេធ្វក ី រ Share ី Printer េលីសពីមួយបន) | Share this Printer | ក់េឈមះេ យ Printer Ex: HPColor | េបី ចបនចូេធ្វីករកំណត់្របេភទ្រក សជ A4 | Ok 6) Server Manager | Tools | Group Policy Management | Forest: setec.edu | Domain |Right-Click on Group Policy Object New | Create Oject Name: - Deploy Printer 7) Rith-Click on Object Name Edit | User Configuration | Prefferent | Control Panel Settings | Printer Page | 61 Windows Server 2012 R2 SETEC INSTITUTE 8) Right-Click on Printer New Share Printer o Action: Create o Path Share: \\dc\HPColor2500 o Set this printer as default printe.. o Locol Port: LPT1: Reconnect Apply Ok 9) Close Sharing Printer េ្រជស ី េរស ី OU Ex: Right-Click on OU=Account Create Link an Existing GPO… | Select – Deploy Printer | Ok 10) Gpupdate /force 11) Logon PC client gpupdate /force 12) Run cmd gpupdate (េដីមបេី មល ី Information ថេតីមន Deploy Policy អ្វីខ្លះ?) 13) Logoff PC Client (Win7 Pro, Win 8.1 or Win 10 and other old windows it can not) 14) ចូលេទកន់ Control Panel Device and Printer (េដីមបេី មល ី េឈមះ Printer ែដលបន Share) 15) Testing on PC clint or other PC on Network 16) ស្រមប់ Windows Old Version on PC Client ែដលមន ិ េឃញ ី េឈមះ Printer ្រតូវចូលេទកន់ Run \\dc េ្រជស ី េរស ី េឈមះ Printer Click-Connect (េដីមបី Install Driver …) េបី Logon េលី User Domain នង ឹ ទមទសិទធិ User Admin.មកេធ្វក ី រ Install 17)Open your document and Print After install Finish. វ ិធី ្រស្តទ២ ី ៖ (Add Role and Feature) Print and document Service Concept: 1) ្រតូវភជប់ Printer ជមួយ PC + Setup Driver (Or Add Virtual Printer) Ex: Canon_Inject 2) ្រតូវភជប់ Printer ជមួយ PC + Setup Driver (ស្រមប់ម៉សុន ី ពត ិ ) 3) េធ្វក ី រ Share Printer (េរៀបចំេឈមះ Printer)+ េរៀបចំ្របេភទ្រក ស់េផ ងៗ (A4) 4) េធ្វីករេរៀបចំប ្ត ញ PC ឱយ គ ល់គន 5) Server Manager | tools | Group Policy Management| Right-Click on Group Policy Managerment New Create Object Name: - Deploy Printer Cannon 6) េ Function – Deploy Printer Cannon េទ Apply េលី OU Page | 62 មួយ Windows Server 2012 R2 SETEC INSTITUTE 7) Add Role / Feature Print and Document Services 8) Search Printer management Printer េ្រជស ី េរស ី Printer Cannon Right-Click Printer (Cannon) Deploy with group policy Click-Browse Click (Domains/OUs | Sites | All Tab េ្រជស ី េរស ី Object Name: - Deploy Printer Cannon Ok The user that this GPO applies to (per user) The compute that this GPO applies to (per manchine) Add OK 9) Gpupdate /force 10) Logon PC Client | gpupdate /force | Check Printer name and Testing print XVI. LAB 16: Dynnmic Host Configuration Protocol (DHCP ) Server 1. What’s DHCP? - DHCP: មនតួនទស ី ្រមប់ផ្តល់ IP Address, Subnet mask, Gateway, Preferered DNS េ យេទ ឧបករណ៍ នង ិ ម៉សុន ី កុំពយូទ័រដៃទេទៀតេ យស្វ័យ្របវត្ត។ ិ Page | 63 Windows Server 2012 R2 SETEC INSTITUTE - DHCP: មនពីរគឺ DHCP Client = Default Port 67 និង DHCP Server = Defaulf Port 68 - ដំេណីរកររបស់ DHCP មន ៤ គឺ IP Lease Discover / Request | IP Lease Offer | IP Lease Selection | IP Acknowledgment។ - េយង ចេធ្វី DHCP Server េនេលី OS Server, Router ADSL, Layer3, Cisco S/R, Other ី Product… - សំគល់៖ សូមកុំេ្របី DHCP Server េ្រចីន Devices កនុងប ្ត ញែតមួយេ្រពះ Conflic DHCP ។ 2. DHCP Server Tools - Address Pool with Exclustion Range IP: Address Pool: ស្រមប់កណ ំ ត់េ យ IP Address ចប់េផ្តម ី េលខប៉ុនមន នង ិ បញច ប់ េលខប៉ុនមន? ឧទ៖ Start: 192.168.0.30 – End: 192.168.0.254 Exclusion Range IP: ស្រមប់ដក IP Address ទុកបែនថមេទៀត។ ឧទ៖ Start: 192.168.0.30 – End: 192.168.0.49 ដូេចនះ IP Address របស់េយង ី - នឹង Start: 192.168.0.50 – End: 192.168.0.254 Address Lease: ស្រមប់្រតួតពន ិ ត ិ យេមល ី ថ មនកុំពយូទ័រ ខ្លះបនទទួល IP Address. Reservation: េ្របស ី ្រមប់កំណត់ Static IP េ យ កុំពយូទ័រ មួយ មរយៈ MAC Address. Scope Option: េ្របស ី ្រមប់ផ្តល់ Default Gateway ( 003 Router), Preffered DNS Server ( 006 DNS Server) and ( 015 DNS Domain Name) Page | 64 Windows Server 2012 R2 - SETEC INSTITUTE Filters: (Allow and Deny) 3. ជំ ៊ នកនុងករតេម្លីង DHCP Server - Logon Server 2012 R2 (DC or DHCP Server) - ្រតូវ្របកដថ Server បនេរៀបចំ Computer Name, IP Address, Time Zone,… - Join Domain with DC + Logon in with User Sadmin_IT and Password - Server Manager | Dadhboard | Add Role and Feature | Next Next| DHCP Server Add Feature Next Next Next Install | Close - Click Notify Complete DHCP Configuration Next Next Next Commite (េដីមបទ ី ទួលយក Protocol DHCP) Close Click-Tools | DHCP | េ្រជស ី េរស ី Domain or Computer Name | Right-Click on IPv4 New Scope (េដីមបប ី េងកីតេឈមះថមី) Next ក់េឈមះេ យ Scope. Ex: (DeployIP) េធ្វក ី រកំណត់ Range េ យ IP Address: Ex: Stat IP Address: 192.168.0.30 End IP Address: 192.168.0.254 - េធ្វីករកំណត់ Prefect Length of Sunet Mask: Length: 8=255.0.0.0, 16=255.255.0.0 and 24=255.255.255.0 Subnet Mask: 255.255.255.0 - Next េធ្វីករកំណត់ Add Exclusion and Deley (ស្រមប់ ដក IP Address េចញ) Start IP: 192.168.0.30 – End IP: 192.168.0.49 ដូេចនះ IP Address ែដលនង ឹ េបះ េ យ Client គឺ Start ពី 192.168.0.50 – 192.168.0.254 - Click –Next Duration [8 Day] Next - Configure DHCP Options: Yes, I want to configure this option now: ទទួលបនែត IP និង Subnet Mask េទ No, I will configure these opton later: - Click-Next Close ្រតួតពន ិ យ Scope name េឡង ី ិវញថេតម ី នអ្វីែដកនង ឹ Configure បន្ត - ចំេពះ Client Side ្រតូវកំណត់ Obtain an IP to assign automatically - ពិនិតយ DHCP របស់ VMware Edit Virtual Editor Host Only Use Local DHCP Services to Distribute IP Address to VMs OK - Testing: (Address Pool, Exclusion, Address Leases, …) - Command: C:\>ipconfig /release | C:\>ipconfig /renew Page | 65 Windows Server 2012 R2 SETEC INSTITUTE 4. Disable MAC Address PC Client get IP From PC DHCP Server - ករពរកុំពយូរទ័រខងេ្រកទទួលបន IP Address របស់េយង ី Concept: 1) Logon to DHCP Server 2) Server Manger | Tools | DHCP | េ្រជស ី េរស ី េរស ី Computer Name | IPv4 | េ្រជស ី Scope Name 3) Filters មនពរី េ្របេី ភទៈ (Allow and Deny Enable) a. Allow: អនុញញតេ យ PC ែដល Add ចូលប៉ុេ ្ណ ះ ទទួល IP Address b. Deny: មន ិ អនុញញតេ យ PC ទទួល IP Address 4) Click on Address Leases Rigth-Click េលី IP Address ែដល PC ធ្លប់ទទួលបន Add to Filter Deny 5) Testing with PC Client by take network cable out and reconnectec or using command ipconfi /release and renew and see that PC can take IP Address from Server or Not?) ចំ ៖ំ េបើមន IP Address ្រតូវបន Block េនកនុង Reservation េហើយេយើងចង ់យក IP េនះមក Deny Detete េចញពីកែន្លង Reservation។ មយ៉ ងេទៀតេបើ PC Client មិន េយើង ចេធ្វករកំ ណត់ IP address េ ើ យ Static បន។ Page | 66 នឹង ចទទួល IP Address ពី DHCP Server េទ Windows Server 2012 R2 SETEC INSTITUTE XVII. Introduction to NAT (Network Address Translate) 1. េតី NAT មនតួនទអ ្វី ះ្ល កនុងប ី ខ ្ត ញ Network? NAT: មនតួនទស ី ្រមប់ភជប់ IP Address ែដលមន IP Network ខុសគនឱយ បនថយករេ្រប្រី បស់ IP Address េ្រចន ី នង ិ Security។ េយង ី Router, Firewall, Layer 3 Routing…។ - - េយង ី ចេធ្វី NAT គ ល់គន។ NAT កត់ ចេធ្វី NAT េនេលម ី ៉ សុីន Server, មលកខណៈ Point to Point (IP មួយេទកន់ IP មួយ), Mutil Point to Point (IP មួយេទកន់ IP េ្រចីន, IP េ្រចីន េទកន់ IP េ្រចីន)។ NAT: ែបងែចកជពីរ្របេភទគឺៈ Static NAT: ករកំណត់េ យខ្លួនឯង Dynamic NAT: NAT Overload (Port Address Translate) RRAS: Routing and Remote Access Service: មនតួនទស ី ្រមប់ Rout Network LAN (Private Network ) & WAN (Public Network) LAN = Private WAN = Public RRAS WAN: 172.16.1.10/24 DC + DHCP 192.168.0.1/24 LAN: 192.168.0.10/24 WAN: 172.16.1.15/24 LAN: 192.168.0.15/24 2. ករេរៀបចំ Interface េលី Client Inside, RRA (NAT+Routing) នង ិ Client Outside: ករេរៀបចំ េនេលី Client ែផនក Inside (LAN = Private) Configure NIC Interface Host only. IP: 192.168.0.15/24 Check firewall (Advance Firewall | (Public Profile) Allow) Page | 67 Windows Server 2012 R2 SETEC INSTITUTE ករេរៀបចំ េនេលី Client ែផនក Outside (WAN = Public) Configure NIC Interface Create New Segement. IP: 172.16.1.15/24 Check firewall (Advance Firewall | (Private + Pulick Profie) Allow) េរៀបចំ េនេលី RRAS Server (Rounting+NAT) RRAS Server េយង ី Joint Domain ក៏បន មន ិ ចំបច់ Joint Domain ក៏បន ឬអនុវត្តេនេលី ឧបករណ៍ Layer 3 Routing។ RRAS: ្រតូវ Add NIC = 2 Check NIC មួយ Primary = LAN and Secondary = WAN - ជ Primay NIC Going to run ncpa.cpl Click Alt Advance Advance Settings Contigure NIC Interface - LAN = Host only IP: 192.168.0.2 - WAN = Create New Segement. Ex: For WAN 172.16.1.2 Add Role Remote Access ( Direct Access and VPN , Routing) Sever Manager | Tools | Routing and Remote Access Page | 68 Windows Server 2012 R2 SETEC INSTITUTE DHCP (Disable) Right-Click on DHCP-PC (Local) Configure and Enable Remote Access Routing Next Custom Configuration Next NAT Next Finish Start Services Create NAT interface on RRAS Server - Server Manager | Tools | Routing and Remote Access Page | 69 Windows Server 2012 R2 - Right-Clikc NAT | New Interface - Select LAN OK Private Interface Connection to Private Network (ស្រមប់ - - SETEC INSTITUTE Network ខងកនុង គ ល់ Network ខងេ្រក) Click-OK Right-Clikc NAT | New Interface (ម្តងេទៀតេដីមបី Add WAN) Select WAN OK Publick Interface Connected to the Internet Enable NAT on the Interface (ស្រមប់មន ិ អនុញញតឱយ Network ខងេ្រក គ ល់ Network ខងកនុង) Page | 70 Windows Server 2012 R2 - SETEC INSTITUTE Click-OK Note: ្រតូវ ក់ Default Gateway ស្រមប់ម៉សុីន In_side & Out_Side (Demotration Ping & Share Data form Network ខងកនុង នង ិ Network េ្រក) Page | 71 Windows Server 2012 R2 SETEC INSTITUTE XVIII. Introduciton Web Server 1. What is Web Server? Web Server ស្រមប់បេង្ហះ នង ិ ផ ព្វផ យព័ត៌មន មរយៈ Website។ ជទូេទ Web Server ែចក េចញជ៣ គឺ៖ - Intranet : ស្រមប់បេង្ហះព័ត៌មនកនុង Local។ : Ex: Login Open Browser //localhost - Extranet : ដូច Intranet ែដរ ប៉ុែន្ត មនប ្ត ញ Head Office េទកន់ Branch េទ...។ or //172.0.0.1 ខជេ្រចីន - Internet : ស្រមប់បេង្ហះព័ត៌មន Wold Wide អនក - Default Port Web Browser: http = 80 | https = 443 ចេមីលរួមគន ែដលបនែត ក៏ ចេមល ី បនែដរ។ *. ត្រមូវកររបស់ Web Server - Web Service : គឺជកមមវ ិធី នង ិ ជ Protocol ស្រមប់ដំេណីរករ Webpage។ Web Service មន IIS : Internet Information Services WAMP : ជ្របេភទកមមវ ិធី XAMPP : ជ្របេភទកមមវ ិធី - Web Browser: ជកមមវ ិធស ី ្រមប់េបក ី URL Address ៃនេឈមះ Website នម ី ួយៗ។ េហយ ី Browser មនដូចជ (Firefox, Internet Explore, Chrome, Opera, Torch Browser, Safari…) - DNS Server : េដីមបប ី េងកីត Sub Domain / Alias Name ងយ្រសួល Access Website។ *. Standard Web Hosting: គឺជករបេង្ហះ Website ឱយេគេមីលេឃញ ី - Design Webpage : េយង ី េ្រប្រី បស់ភ មួយេដីមបប ី េងកីត Website (Ex: HTML, ASP, PHP, CSS, Java, MySQL, Joomla, Wordpress, BlockSport ឬ Framework ជេ្រចន ី េទៀត...) * Webpage មនពីរ្របេភទ Static: ជ Webpage ធមម មនែតព័ត៌មនេទ Dynamic: ជ Webpage ែដលមនទំងព័ត៌មន មនទំងទិនន ន ័យ ដូចជេយង ី ករបញចូ ល Data, Delete Data and Search Data… ច េធ្វី - Buy Domain Name : (ទក់ទងេទនង ិ ករទញ ិ Space ស្រមប់ Store) ករទិញ Domain Name េយង ី ចូលេទកន់ Website www.domains.com េដីមបី Search Page | 72 Windows Server 2012 R2 SETEC INSTITUTE រកេឈមះ Domain ែដល ច .Com, .Net េយង ី ក់បន។ ចំេពះ Domain Name ដូចជ ចទញ ិ Wold Wide បន្រគន់ែតមន Master Card or Visa Card ប៉ុែន្តចេំ ពះ្រកុមហ៊ុនែដលមនលកខណៈ Business េបី្រតូវករ(.kh) - Buy Hosting ្រតូវទិញេន្រកសួង្របិយសនីយ.៍ ..។ : (ទក់ទងេទនឹងេស កមម Host) េ្របៀបបនេទនឹង Server Cloud (cPanel, Web Server, SQL, MySQL, PHP, FTP Server, Mailbox, DNS Server,…)។ ្រកុមហ៊ុនែដលលក់ Hosting មន៖ www.justhost.com, www.bluehost.com, www.godaddy.com 2. Install Services Web Server (IIS) - - Log on Web Server Machine and Joint Domain to DC Machine - Server Manager | Manage | Add Role and Feature Next Next Next - Tick: Web Server IIS Add Feature OK Next Next កនុង Role Service (Tick ) Web Services HTT Redirection WebDAV Publishing Page | 73 Windows Server 2012 R2 - SETEC INSTITUTE កនុង Management Tools (Tick ) IIS Management Console IIS 6 Management Compatibility IIS Management Script and Tools Managemt Services - Click Next Install - Server manager | Tools | Internet Information Service (IIS) Manager Page | 74 Windows Server 2012 R2 SETEC INSTITUTE - Testing with I.E Browser http://localhost - Go to Drive C:\Inetpub\wwwroot (ជទី ង ំ របស់ Websit Store) Page | 75 Windows Server 2012 R2 SETEC INSTITUTE A. ករេរៀបចំ Webpage ផទុកេលី Web Server - Log on to PC Web Server - Copy Webpage ែដលចង់ Host េទកនុង Path = C:\Inetpub\wwwroot - Server Manger | Tools | Internet Informaiton Services (IIS) WEB (Compuer Name) Site Add Web Site Page | 76 Windows Server 2012 R2 SETEC INSTITUTE - េធ្វីករកំណត់ព័ត៌មនដូចខងេ្រកម៖ - Click Default Document: េដម ី បី Page | 77 Windows Server 2012 R2 SETEC INSTITUTE - Testing Acess Website by IP Address របស់ Web Server: 192.168.0.5 - Testing Access Website by Host Name: Log on to PC Web Server Page | 78 Windows Server 2012 R2 SETEC INSTITUTE Assing IP: Alternate DNS Server: 192.168.0.5 Server Manger | Tools | Internet Informaiton Services (IIS) WEB (Compuer Name) Site Click on website name. Ex: setec Binding.. Setec webpage (192.168.0.9) Edit Type HostName: school.setec.edu Page | 79 Windows Server 2012 R2 SETEC INSTITUTE Log on to PC Domain Controller Server Manager | Tools | DNS o Forward Lookup Zone: Right-Click New Host (A or AAAA…) o Reverse Lookup Zone: Right-Click New Pointer (PTR)… Page | 80 Windows Server 2012 R2 SETEC INSTITUTE o Cmd ipconfig /flushdns (េដីមបី Resole Cache DNS) Testing with host name: school.setec.edu - General Option Page | 81 Windows Server 2012 R2 SETEC INSTITUTE 3. Install Service Web Server (FTP Server) - What is FTP Server? FTP Server ្រ - ប់ Download | Upload File + Folder ពី Client ខងេ្រក េទកន់ Web Server ខងកនុង ឬ េយង ី េ ថ Sharing Data មរយៈ Web Server។ Default Port FTP Server គឺ FTP: Port = 21 | TFTP = 69 Login: Opent Browser ftp://setec.edu or ftp://192.168.0.6 Page | 82