Quản trị Windows Server
Server Manager — Giao diện quản trị trung tâm
Server Manager là dashboard chính để quản lý roles, features và server farm trong Windows Server.
Cài đặt Role/Feature bằng PowerShell
# Xem tất cả roles có sẵn
Get-WindowsFeature | Where-Object {$_.Installed -eq $false} | Select-Object Name
# Cài IIS
Install-WindowsFeature -Name Web-Server -IncludeManagementTools
# Cài IIS với các module phổ biến
Install-WindowsFeature -Name Web-Server,Web-Asp-Net45,Web-Basic-Auth,Web-Windows-Auth `
-IncludeManagementTools
# Cài Active Directory Domain Services
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
# Cài DHCP, DNS
Install-WindowsFeature -Name DHCP,DNS -IncludeManagementTools
# Xoá feature
Uninstall-WindowsFeature -Name Web-Server
Remote Desktop Protocol (RDP)
# Bật RDP
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
-Name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
# Cho phép user kết nối
Add-LocalGroupMember -Group "Remote Desktop Users" -Member "sontn"
# Kiểm tra RDP đang chạy
Get-Service TermService
netstat -an | Select-String ":3389"
# Cấu hình NLA (Network Level Authentication) — bắt buộc auth trước khi kết nối
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' `
-Name "UserAuthentication" -Value 1
WinRM — Windows Remote Management
WinRM là giao thức remote management của Windows — tương đương SSH trên Linux. Dùng HTTP/HTTPS, cho phép remote PowerShell.
# Bật WinRM trên server target
Enable-PSRemoting -Force
# Tự động: start WinRM service, add firewall rule, set permissions
# Kiểm tra
Test-WsMan -ComputerName "server01"
Get-WSManInstance -ResourceURI winrm/config
# Cấu hình HTTPS (production)
$cert = New-SelfSignedCertificate -DnsName "server01.company.com" -CertStoreLocation Cert:\LocalMachine\My
New-WSManInstance -ResourceURI winrm/config/Listener `
-SelectorSet @{Address="*"; Transport="HTTPS"} `
-ValueSet @{CertificateThumbprint=$cert.Thumbprint}
# Kết nối từ admin machine
$cred = Get-Credential
Enter-PSSession -ComputerName "server01" -Credential $cred -UseSSL
# Chạy lệnh remote
Invoke-Command -ComputerName "server01","server02" -Credential $cred -ScriptBlock {
Get-Service | Where-Object {$_.Status -eq "Stopped"}
}
Event Viewer — Xem Log hệ thống
# Xem Event Log
Get-EventLog -LogName System -Newest 50
Get-EventLog -LogName Security -EntryType FailureAudit -Newest 20 # login fail
Get-EventLog -LogName Application -EntryType Error -Source "MSSQLSERVER"
# Windows Event Log (cmdlet mới hơn)
Get-WinEvent -LogName "System" -MaxEvents 100
Get-WinEvent -FilterHashtable @{
LogName = "Security"
Id = 4624 # Successful logon
StartTime = (Get-Date).AddHours(-24)
}
# Export log
wevtutil epl System C:\backup\system.evtx # export
# Clear log (cần quyền Admin)
Clear-EventLog -LogName Application
wevtutil cl Application
# Event ID quan trọng
# Security: 4624 = Login OK | 4625 = Login FAIL | 4648 = Run as | 4720 = User created
# System: 6006 = Clean shutdown | 6008 = Unexpected shutdown | 7036 = Service change
Task Scheduler — Cron của Windows
# Xem scheduled tasks
Get-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\"
Get-ScheduledTask | Where-Object {$_.State -eq "Disabled"}
# Tạo task mới
$action = New-ScheduledTaskAction -Execute "PowerShell.exe" `
-Argument "-NonInteractive -File C:\scripts\backup.ps1"
$trigger = New-ScheduledTaskTrigger -Daily -At "02:00"
$settings = New-ScheduledTaskSettingsSet -ExecutionTimeLimit (New-TimeSpan -Hours 2)
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest
Register-ScheduledTask -TaskName "NightlyBackup" `
-Action $action `
-Trigger $trigger `
-Settings $settings `
-Principal $principal `
-Description "Daily backup at 2 AM"
# Chạy ngay / Dừng / Xoá
Start-ScheduledTask -TaskName "NightlyBackup"
Stop-ScheduledTask -TaskName "NightlyBackup"
Unregister-ScheduledTask -TaskName "NightlyBackup" -Confirm:$false
# Xem kết quả lần chạy cuối
Get-ScheduledTaskInfo -TaskName "NightlyBackup"
Windows Registry
Registry là database cấu hình toàn hệ thống của Windows — không có file text tương đương Linux.
# Đọc registry
Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ProductName
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" | Select-Object fDenyTSConnections
# Ghi registry
Set-ItemProperty -Path "HKLM:\SOFTWARE\MyApp" -Name "Version" -Value "1.0.0"
New-Item -Path "HKLM:\SOFTWARE\MyApp" -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\MyApp" -Name "InstallDir" -Value "C:\MyApp" -PropertyType String
# Xoá
Remove-ItemProperty -Path "HKLM:\SOFTWARE\MyApp" -Name "OldSetting"
Remove-Item -Path "HKLM:\SOFTWARE\MyApp" -Recurse
Performance Monitor & Resource Monitor
# Xem performance counters
Get-Counter "\Processor(_Total)\% Processor Time"
Get-Counter "\Memory\Available MBytes"
Get-Counter "\PhysicalDisk(_Total)\Disk Read Bytes/sec"
Get-Counter "\Network Interface(*)\Bytes Total/sec"
# Liên tục (mỗi 2 giây)
Get-Counter "\Processor(_Total)\% Processor Time" -SampleInterval 2 -MaxSamples 10
# Export performance data
$counters = @(
"\Processor(_Total)\% Processor Time",
"\Memory\Available MBytes",
"\PhysicalDisk(_Total)\% Disk Time"
)
Get-Counter -Counter $counters -SampleInterval 5 -MaxSamples 12 |
Export-Counter -Path C:\reports\perf.blg
Windows Update Management
# Kiểm tra updates
Install-Module PSWindowsUpdate -Force
Get-WindowsUpdate # danh sách update có sẵn
Install-WindowsUpdate -AcceptAll -AutoReboot # cài tất cả và reboot nếu cần
# Cấu hình Windows Update
# Dùng WSUS (Windows Server Update Services) trong enterprise
# Hoặc dùng Group Policy để kiểm soát update schedule
# Xem lịch sử update
Get-Hotfix | Sort-Object InstalledOn -Descending | Select-Object -First 20
Get-Hotfix -Id "KB5001234" # tìm hotfix cụ thể