The Best Damn Windows Server 2003 Book Period- P46 pdf

10 326 0
The Best Damn Windows Server 2003 Book Period- P46 pdf

Đang tải... (xem toàn văn)

Thông tin tài liệu

the domain, data is retrieved from the computer that is added to the account.This includes such facts as the operating system installed on the machine, the version of the operating systems, and other relevant information. Creating Computer Accounts by Adding a Computer to a Domain Computer accounts can be created when adding a computer to a domain. Computers can be added to a domain by using the same dialog box you use to change the computer’s name. On a Windows 2000 Professional machine, this is done on the Network Identification tab of the System Properties dialog.To access this dialog, you can right-click the My Computer icon located on the desktop, and select Properties on the context menu.You can also access this dialog by double-clicking the System icon in Control Panel. Once the System Properties dialog appears, click the Properties button on the Network Identification tab. As shown in Figure 10.31, the dialog box that appears after clicking the Properties button allows you to modify the name of the computer, and choose whether the computer is part of a workgroup or domain.The Member Of section provides two options.The Domain option enables a text box that allows you to provide the name of a domain this computer will join.The Workgroup option enables a text box that allows you to provide the name of a workgroup this computer will join. At any time, the computer can be switched from being a member of a workgroup or domain. If the computer is joining a domain where a computer account doesn’t exist for this machine, then the Computer name field is used to specify the new Active Directory account’s name. After entering the name of a domain this computer will join, click the OK button.The com- puter then proceeds to connect to a DC for the domain you are attempting to join, and if it finds one, a dialog box will be displayed asking you for the username and password of an account per- mitted to add workstations to the domain. Once this information is provided and you click OK, the 416 Chapter 10 • Working with User, Group, and Computer Accounts Figure 10.31 Identification Changes Dialog Box 301_BD_W2k3_10.qxd 5/12/04 12:28 PM Page 416 username and password you provided will be authenticated and (if the user account has the neces- sary privileges) the workstation will be joined to the domain. If a computer account already exists for the computer, then data is retrieved and the account is updated. If no account exists, the account is created. Creating Computer Accounts Using Active Directory Users and Computers Computers can also be created using Active Directory Users and Computers. Right-click on the container or OU that you want to create the object in, and select New | Computer. Alternatively, you can select the container or OU in which you want to create the computer account, and then click Action | New | Computer. A dialog box similar to the one shown in Figure 10.32 will appear. The first field on this screen is used to identify the computer.The Computer name text box is used to specify the name that you want this computer account to be called in Active Directory. This will be the RDN of the computer.The Computer name (pre-Windows 2000) text box is where you would enter the NetBIOS name of this computer, which older operating systems will use when connecting to this computer. As mentioned before, the NetBIOS name of a computer can be up to 15 characters in length. When you enter a value in the Computer name text box, a NetBIOS name will be suggested based on the first 15 characters of the Computer name field. However, this can be changed to another name. Below this is a field that states which user or group can join the computer to the domain. As we saw in the previous section, when the computer is added to a domain, a username and password of a user account with the necessary rights is required. By default, the Domain Admins group has this ability, but this can be changed.To specify another user or group, click the Change button and enter the name of the user or group that should be given this privilege.The selected user or group will appear in the User or group field of this screen.The final options on this screen deal with Working with User, Group, and Computer Accounts • Chapter 10 417 Figure 10.32 New Object – Computer Dialog Box 301_BD_W2k3_10.qxd 5/12/04 12:28 PM Page 417 older machines in a domain.The Assign this computer account as a pre-Windows 2000 computer designates that this machine is running an older operating system, such as Windows NT. The Assign this computer account as a backup domain controller specifies that this is a Windows NT BDC. Only Windows NT and newer operating systems can have accounts in Active Directory. The remaining screens require little input. Click the Next button to continue to the screen that allows you to specify whether the computer is managed.A managed computer is a Remote Installation Services (RIS) client. If the This is a managed computer check box is checked, you must then enter the client computer’s globally unique identifier (GUID). After providing this infor- mation and clicking Next, a screen will appear that offers the following options: ■ Any available Remote Installation Services (RIS) server, which specifies that any RIS server can provide remote installation services to this computer. ■ The following RIS server, which specifies that only designated RIS servers can service this computer. While the screen with these RIS options will appear if the computer is managed, this will not occur if the This is a managed computer check box isn’t checked. Upon clicking Next,you proceed to the final summary screen, which you can review before creating the computer account. As shown in Figure 10.34, this screen informs you of what the computer will be called in Active Directory, and other information on options you chose during setup. Click the Finish button on this screen to close the wizard and create the account. 418 Chapter 10 • Working with User, Group, and Computer Accounts Figure 10.33 Managed Screen of New Object – Computer 301_BD_W2k3_10.qxd 5/12/04 12:28 PM Page 418 Creating Computer Accounts Using the DSADD Command As was the case with users and groups, computer accounts can also be created using the DSADD command.The command-line method can be used in scripts to automate the addition computer objects to Active Directory.You can use the DSADD command to create computer objects using the following syntax: DSADD COMPUTER ComputerDN In using this command, ComputerDN specifies the DN of the computer that’s being added.This provides information on where in the directory structure this account will be created. However, this isn’t the only parameter that’s available for DSADD. As shown in Table 10.5, each of these parame- ters provides different information that is used to set up the account.To use additional options, the following syntax can be used: dsadd computer ComputerDN [-samid SAMName] [-desc Description] [-loc Location] [-memberof GroupDN ] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-q] [{-uc | -uco | -uci}] Table 10.5 DSADD Parameters for Creating Computers Parameter Description -samid SAMName Specifies the NetBIOS name used by pre-Windows 2000 computers. -desc Description Specifies a description to be used for the account. -loc Location Specifies the location of the computer. -memberof GroupDN Specifies the groups that this new computer account will be a member of. Working with User, Group, and Computer Accounts • Chapter 10 419 Figure 10.34 Final Screen of New Object – Computer Continued 301_BD_W2k3_10.qxd 5/12/04 12:28 PM Page 419 Table 10.5 DSADD Parameters for Creating Computers Parameter Description {-s Server | -d Domain} Specifies a connection to a remote server or domain. By default, the computer is connected to the DC in the domain that the local user is logged on to. -u UserName Specifies the username to use when logging on to a remote server. By default, the username that the user logged on to the local system with is used. The fol- lowing formats can be used for the UserName variable: Username Domain\username User principal name -p {Password | *} Specifies the password to use when logging on to a remote server. If an asterisk (*) is used, you will be prompted for a password. -q Specifies quiet mode, and suppresses output {-uc | -uco | -uci} Specifies Unicode to be used for input or output. If –uc is used, then input or output is to a pipe (|). If –uco is used, then output is to a pipe or file. If –uci is used, then input is from a pipe or file. Managing Computer Accounts As seen previously, accounts can be administered through the properties of the object, which can be accessed using Active Directory Users and Computers.To view the properties, select the object and click Action | Properties.You can also right-click on the object, and select Properties from the context menu. Using either method, a dialog box with nine tabs will be displayed. The General tab of a computer account’s properties allows you to view common information about the computer, as seen in Figure 10.35. 420 Chapter 10 • Working with User, Group, and Computer Accounts Figure 10.35 General Tab in the Properties of a Computer Account 301_BD_W2k3_10.qxd 5/12/04 12:28 PM Page 420 As shown in Figure 10.36, the Operating System tab provides information about the oper- ating system running on the computer that has joined the domain.The Name field provides the name of the operating system, Version provides the version of the operating system, and Service pack displays the service pack level that has been applied to the operating system.These values are retrieved from the computer and can’t be modified. The Member Of tab shown in Figure 10.37 displays existing group memberships for this com- puter and allows you to add the computer to groups in Active Directory. By default, it will be a member of the Domain Computers or Domain Controllers group depending on its network role. The computer account can be made a member of other groups by clicking the Add button.To remove the computer from a group, select the group in the list and click the Remove button. Working with User, Group, and Computer Accounts • Chapter 10 421 Figure 10.36 Operating System Tab in the Properties of a Computer Account Figure 10.37 Member Of Tab in the Properties of a Computer Account 301_BD_W2k3_10.qxd 5/12/04 12:28 PM Page 421 At the bottom of this tab is a section that allows you to set the primary group to which the computer belongs. By default, computers are made a member of the Domain Computers group, which is displayed in the Primary group field on this tab.To change the primary group, you could use the Set Primary Group button, but this generally isn’t required. Primary groups are used by Macintosh computers and POSIX-compliant applications, and aren’t required by other operating systems or applications. The Delegation tab shown in Figure 10.38 is used to control whether services can act on behalf of another user from this computer. Using this tab, you can specify that the account can be used by specific services. By using the account’s credentials, they are able to impersonate the account.This tab has three options relating to delegation: ■ Do not trust this computer for delegation The default value, and doesn’t allow the computer to be used for delegation. ■ Trust this computer for delegation for any service (Kerberos only) Allows any service to use the computer providing Kerberos is used. ■ Trust this computer for delegation to specified services only Only allows the ser- vices you specify to use the computer for delegation. When the final option is selected, two additional options become available: Use Kerberos only and Use any authentication protocol. Use Kerberos only specifies that delegation can only be performed if Kerberos is used for authentication, while Use any authentication protocol allows any protocol to be used. In addition to these options, the two buttons at the bottom will also be enabled.The Add button can be clicked to open a dialog that allows you to specify the services that can use the com- puter for delegation.This dialog is shown in Figure 10.38. By clicking the Users or Computers button, another dialog box will open, allowing you to specify the user or server that has these ser- 422 Chapter 10 • Working with User, Group, and Computer Accounts Figure 10.38 Delegation Tab in the Properties of a Computer Account 301_BD_W2k3_10.qxd 5/12/04 12:28 PM Page 422 vices associated with them.This will populate the Available Services field on this screen. By selecting services in this listing or alternatively clicking Select All, the selected services are dele- gated for the user or computer accounts selected. By selecting a service from this list and clicking the Remove button, a selected service is removed from being able to use this computer. The Location tab of Computer Properties allows you to provide information on the location of the computer within the organization.This tab has a single text box that allows you to enter a location name, and a button labeled Browse. If no locations are available to select using browse, the Browse button will be grayed out. The Managed By tab is similar to the tab we saw earlier in Figure 10.28 when we discussed group accounts. The Object tab provides information about the object, and is similar to the tab we saw in Figure 10.29 when discussing groups. The Security tab is similar to the one in Figure 10.30 that we saw when discussing group accounts.This tab is used to configure the permissions that other accounts have in Active Directory for this computer object. The final tab in a computer’s properties is the Dial-in tab.This tab is similar to the one we saw in Figure 10.19 when we discussed user accounts. It allows you to configure settings that are used when the computer attempts to connect to the network remotely using a dial-up or VPN connection. Managing Multiple Accounts So far, we’ve discussed how you can use tools for Active Directory to create and manage individual objects. In addition to creating and modifying user accounts, computer accounts, and group accounts, you can also perform actions that affect large numbers of accounts at once. Next, we’ll look at how you can manage UPNs, move objects, and how to troubleshoot problems that might result when working with accounts in Active Directory. Working with User, Group, and Computer Accounts • Chapter 10 423 Figure 10.39 Add Services Dialog 301_BD_W2k3_10.qxd 5/12/04 12:28 PM Page 423 Implementing User Principal Name Suffixes As discussed earlier in this chapter, User Principal Names (UPNs) consist of a logon account name and UPN suffix, which is connected together with an @ symbol. When combined they often look just like an e-mail address, and can in fact be used by programs to send messages to Active Directory accounts.The UPN is used when logging on to Windows 2000 and Windows Server 2003 domains from Window 2000 or later clients. In Active Directory, alternative UPN suffixes can be created, so the user can log on using a UPN suffix that is different from the name of the domain in which their user account resides. For example, if a user had to log on to a domain with an exceptionally long name, you could provide an alternate UPN suffix as part of the user’s UPN. In doing so, the UPN is simplified, making it easier for users to enter it when logging on. To add a UPN suffix, you must have the appropriate rights. UPN suffixes can only be added by a member of the Domains Admins group in the forest root domain, a member of the Enterprise Admins group, or a user or group that has been delegated the proper authority. Adding UPN suffixes is done with the Active Directory Domains and Trusts console. It can also be started through MMC, by adding the Active Directory Domains and Trusts snap-in. Figure 10.40 shows the Active Directory Domains and Trusts Properties dialog box. Use the following steps to add and use alternative UPN suffixes. Add and Use Alternative UPN Suffixes 1. From the Windows Start menu, select Administrative Tools | Active Directory Domains and Trusts. 2. When the Active Directory Domains and Trusts console appears, select Active Directory Domains and Trusts from the console tree. 424 Chapter 10 • Working with User, Group, and Computer Accounts Figure 10.40 Active Directory Domains and Trusts Properties Dialog Box 301_BD_W2k3_10.qxd 5/12/04 12:28 PM Page 424 3. From the Action menu, select the Properties menu item. 4. When the Active Directory Domains and Trusts Properties dialog box appears, click in the Alternative UPN suffixes text box, and, enter the alternative UPN suffix you want to use (for example, eu.syngress.com). 5. Click the Add button.The listing should now appear in the lower pane. 6. Click OK to finish and close the Active Directory Domains and Trusts utility. 7. From the Windows Start menu, select Administrative Tools | Active Directory Users and Computers. 8. When Active Directory Users and Computers opens, expand the console tree and then expand your domain. Once this is done, select the TestOU container. 9. In the right pane, select the Jane Doe user that you created previously. 10. From the Action menu, select the Properties menu item. 11. When the Properties dialog box for the Jane Doe user account opens, select the Account tab. 12. In the User logon name field, use the drop-down list to select the new UPN suffix for this user. 13. Click OK to save the change and exit. Moving Account Objects in Active Directory Windows Server 2003 provides a number of tools that allow you to move objects within domains and between them.The tools that can be used for moving objects include Active Directory Users and Computers, and two command-line utilities.As we’ve seen,Active Directory Users and Computers is an MMC snap-in that allows you to interact with Active Directory through a graph- ical interface.The DSMOVE and MOVETREE are command-line tools that allow you to move objects by entering textual commands at the command prompt. In the sections that follow, we will look at these tools, and see how they can be used to move objects within and between domains. Moving Objects with Active Directory Users and Computers Active Directory Users and Computers can be used to move user, computer, and group accounts to other locations of the directory. With this tool, objects can be moved within a domain. It can’t, however, be used to move objects to other domains. Active Directory Users and Computers is the only tool that allows you to move accounts using a GUI. Because it’s a graphical tool, you can move Active Directory objects using your mouse. Select an object by holding down your left mouse button, drag the object to a different container or OU, and release the left mouse button to drop it into the new location. In addition, you can also move objects within the directory by right-clicking on the object, and selecting Move from the context menu.A dialog box will appear asking you to choose the con- tainer or OU the object should be moved to. As seen in Figure 10.41, the Move dialog box displays Working with User, Group, and Computer Accounts • Chapter 10 425 301_BD_W2k3_10.qxd 5/12/04 12:28 PM Page 425 . the domain, data is retrieved from the computer that is added to the account.This includes such facts as the operating system installed on the machine, the version of the operating. will be authenticated and (if the user account has the neces- sary privileges) the workstation will be joined to the domain. If a computer account already exists for the computer, then data is. Specifies the username to use when logging on to a remote server. By default, the username that the user logged on to the local system with is used. The fol- lowing formats can be used for the UserName

Ngày đăng: 04/07/2014, 23:20

Từ khóa liên quan

Mục lục

  • The Best Damn Windows Server 2003 Book Period

    • Cover

  • Contents

  • Foreword

  • Chapter 1 Overview of Windows Server 2003

    • Introduction

      • Windows XP/Server 2003

    • What's New in Windows Server 2003?

      • New Features

        • New Active Directory Features

        • Improved File and Print Services

        • Revised IIS Architecture

        • Enhanced Clustering Technology

        • New Networking and Communications Features

        • Improved Security

        • Better Storage Management

        • Improved Terminal Services

        • New Media Services

        • XML Web Services

    • The Windows Server 2003 Family

      • Why Four Different Editions?

      • Members of the Family

        • Web Edition

        • Standard Edition

        • Enterprise Edition

        • Datacenter Edition

    • Licensing Issues

      • Product Activation

    • Installation and Upgrade Issues

      • Common Installation Issues

      • Common Upgrade Issues

    • Windows Server 2003 Planning Tools and Documentation

    • Overview of Network Infrastructure Planning

      • Planning Strategies

      • Using Planning Tools

      • Reviewing Legal and Regulatory Considerations

      • Calculating TCO

    • Developing a Windows Server 2003 Test Network Environment

      • Planning the Test Network

        • Exploring the Group Policy Management Console (GMPC)

    • Documenting the Planning and Network Design Process

      • Creating the Planning and Design Document

  • Chapter 2 Using Server Management Tools

    • Introduction

    • Recognizing Types of Management Tools

      • Administrative Tools Menu

      • Custom MMC Snap-Ins

        • MMC Console Modes

      • Command-Line Utilities

      • Wizards

      • Windows Resource Kit

      • The Run As command

    • Managing Your Server Remotely

      • Remote Assistance

      • Using Web Interface for Remote Administration

      • Remote Desktop for Administration

      • Administration Tools Pack (adminpak.msi)

      • Windows Management Instrumentation (WMI)

      • Using Computer Management to Manage a Remote Computer

      • Which Tool To Use?

    • Using Emergency Management Services

    • Managing Printers and Print Queues

      • Using the Graphical Interface

        • Creating a Printer

        • Sharing a Printer

        • Adding Printer Drivers for Earlier Operating Systems

        • Setting Permissions

        • Managing Print Queues

        • Managing Printer Pools

        • Scheduling Printers

        • Setting Printing Priorities

      • Using New Command-Line Tools

      • The Printer Spooler Service

      • The Internet Printing Protocol

      • Using the Graphical Interface

      • Using New Command-Line Utilities

        • Sc.exe

        • Schtasks.exe

        • Setx.exe

        • Shutdown.exe

        • Tasklist.exe

        • Taskkill.exe

    • Using Wizards to Configure and Manage Your Server

      • Using the Configure Your Server Wizard and Manage Your Server

  • Chapter 3 Planning Server Roles and Server Security

    • Introduction

    • Understanding Server Roles

    • Domain Controllers (Authentication Servers)

      • Active Directory

      • Operations Master Roles

    • File and Print Servers

      • Print Servers

      • File Servers

    • DHCP, DNS, and WINS Servers

      • DHCP Servers

      • DNS Servers

      • WINS Servers

    • Web Servers

      • Web Server Protocols

      • Web Server Configuration

    • Database Servers

    • Mail Servers

    • Certificate Authorities

      • Certificate Services

    • Application Servers and Terminal Servers

      • Application Servers

      • Terminal Servers

    • Planning a Server Security Strategy

      • Choosing the Operating System

        • Security Features

      • Identifying Minimum Security Requirements for Your Organization

      • Identifying Configurations to Satisfy Security Requirements

    • Planning Baseline Security

    • Customizing Server Security

      • Securing Servers According to Server Roles

        • Security Issues Related to All Server Roles

        • Securing Domain Controllers

        • Securing File and Print Servers

        • Securing DHCP, DNS, and WINS Servers

        • Securing Web Servers

        • Securing Database Servers

        • Securing Mail Servers

        • Securing Certificate Authorities

        • Securing Application and Terminal Servers

  • Chapter 4 Security Templates and Software Updates

    • Introduction

    • Security Templates

      • Types of Security Templates

      • Network Security Settings

      • Analyzing Baseline Security

      • Applying Security Templates

        • Secedit.exe

        • Group Policy

        • Security Configuration and Analysis

    • Software Updates

      • Install and Configure Software Update Infrastructure

      • Install and Configure Automatic Client Update Settings

      • Supporting Legacy Clients

      • Testing Software Updates

  • Chapter 5 Managing Physical and Logical Disks

    • Introduction

      • Working with Microsoft Disk Technologies

        • Physical vs Logical Disks

        • Basic vs Dynamic Disks

        • Partitions vs Volumes

        • Partition Types and Logical Drives

        • Volume Types

    • Using Disk Management Tools

      • Using the Disk Management MMC

      • Using the Command-Line Utilities

        • Using Diskpart.exe

        • Using Fsutil.exe

        • Using Rss.exe

    • Managing Physical and Logical Disks

      • Managing Basic Disks

        • When to Use Basic Disks

        • Creating Partitions and Logical Drives

        • Formatting a Basic Volume

        • Extending a Basic Volume

      • Managing Dynamic Disks

        • Converting to Dynamic Disk Status

        • Creating and Using RAID-5 Volumes

    • Optimizing Disk Performance

      • Defragmenting Volumes and Partitions

        • Using the Graphical Defragmenter

        • Using Defrag.exe

        • Defragmentation Best Practices

      • Configuring and Monitoring Disk Quotas

        • Brief Overview of Disk Quotas

        • Enabling and Configuring Disk Quotas

        • Monitoring Disk Quotas

        • Exporting and Importing Quota Settings

        • Disk Quota Best Practices

        • Using Fsutil to Manage Disk Quotas

      • Implementing RAID Solutions

        • Understanding Windows Server 2003 RAID

        • Hardware RAID

        • RAID Best Practices

    • Understanding and Using Remote Storage

      • What is Remote Storage?

      • Storage Levels

      • Relationship of Remote Storage and Removable Storage

      • Setting Up Remote Storage

        • Installing Remote Storage

        • Configuring Remote Storage

        • Using Remote Storage

        • Remote Storage Best Practices

    • Troubleshooting Disks and Volumes

    • Troubleshooting Basic Disks

      • New Disks Are Not Showing Up in the Volume List View

      • Disk Status is Not Initialized or Unknown

      • Disk Status is Failed

    • Troubleshooting Dynamic Volumes

      • Disk Status is Foreign

      • Disk Status is Online (Errors)

      • Disk Status is Offline

      • Disk Status is Data Incomplete

    • Troubleshooting Fragmentation Problems

      • Computer is Operating Slowly

      • The Analysis and Defragmentation Reports Do Not Match the Display

      • My Volumes Contain Unmovable Files

    • Troubleshooting Disk Quotas

      • The Quota Tab is Not There

      • Deleting a Quota Entry Gives you Another Window

      • A User Gets an "Insufficient Disk Space" Message When Adding Files to a Volume

    • Troubleshooting Remote Storage

      • Remote Storage Will Not Install

      • Remote Storage Is Not Finding a Valid Media Type

      • Files Can No Longer Be Recalled from Remote Storage

    • Troubleshooting RAID

      • Mirrored or RAID-5 Volume's Status is Data Not Redundant

      • Mirrored or RAID-5 Volume's Status is Failed Redundancy

      • Mirrored or RAID-5 Volume's Status is Stale Data

  • Chapter 6 Implementing Windows Cluster Services and Network Load Balancing

    • Introduction

    • Making Server Clustering Part of Your High-Availability Plan

      • Terminology and Concepts

        • Cluster Nodes

        • Cluster Groups

        • Failover and Failback

        • Cluster Services and Name Resolution

        • How Clustering Works

      • Cluster Models

        • Single Node

        • Single Quorum Device

        • Majority Node Set

      • Server Cluster Deployment Options

        • N-Node Failover Pairs

        • Hot-Standby Server/N+I

        • Failover Ring

        • Random

      • Server Cluster Administration

        • Using the Cluster Administrator Tool

        • Using Command-Line Tools

      • Recovering from Cluster Node Failure

      • Server Clustering Best Practices

        • Hardware Issues

        • Cluster Network Configuration

        • Security

    • Making Network Load Balancing Part of Your High-Availability Plan

      • Terminology and Concepts

        • Hosts/Default Host

        • Load Weight

        • Traffic Distribution

        • Convergence and Heartbeats

        • How NLB Works

      • Relationship of NLB to Clustering

      • Managing NLB Clusters

        • Using the NLB Manager Tool

        • Remote Management

        • Command-Line Tools

        • NLB Error Detection and Handling

      • Monitoring NLB

        • Using the WLBS Cluster Control Utility

      • NLB Best Practices

        • Multiple Network Adapters

        • Protocols and IP Addressing

        • Security

  • Chapter 7 Planning, Implementing, and Maintaining a High-Availability Strategy

    • Introduction

    • Understanding Performance Bottlenecks

      • Identifying System Bottlenecks

        • Memory

        • Processor

        • Disk

        • Network Components

      • Using the System Monitor Tool to Monitor Servers

        • Creating a System Monitor Console

      • Using Event Viewer to Monitor Servers

      • Using Service Logs to Monitor Servers

    • Planning a Backup and Recovery Strategy

      • Understanding Windows Backup

        • Types of Backups

        • Determining What to Back Up

      • Using Backup Tools

        • Using the Windows Backup Utility

        • Using the Command-Line Tools

      • Selecting Backup Media

      • Scheduling Backups

      • Restoring from Backup

        • Create a Backup Schedule

    • Planning System Recovery with ASR

      • What Is ASR?

      • How ASR Works

      • Alternatives to ASR

        • Safe Mode Boot

        • Last Known Good Boot Mode

        • ASR As a Last Resort

      • Using the ASR Wizard

      • Performing an ASR Restore

    • Planning for Fault Tolerance

      • Network Fault-Tolerance Solutions

      • Internet Fault-Tolerance Solutions

      • Disk Fault-Tolerance Solutions

      • Server Fault-Tolerance Solutions

  • Chapter 8 Monitoring and Troubleshooting Network Activity

    • Introduction

    • Using Network Monitor

      • Installing Network Monitor

        • Install Network Monitor

      • Basic Configuration

      • Network Monitor Default Settings

      • Configuring Monitoring Filters

      • Configuring Display Filters

      • Interpreting a Trace

        • Perform a Network Trace

    • Monitoring and Troubleshooting Internet Connectivity

      • NAT Logging

      • Name Resolution

        • NetBIOS Name Resolution

        • Using IPConfig to Troubleshoot Name Resolution

      • IP Addressing

        • Client Configuration Issues

        • Network Access Quarantine Control

        • DHCP Issues

    • Monitoring IPSec Connections

      • IPSec Monitor Console

      • Network Monitor

      • Netsh

      • Ipseccmd

      • Netdiag

      • Event Viewer

  • Chapter 9 Active Directory Infrastructure Overview

    • Introduction

    • Introducing Directory Services

      • Terminology and Concepts

        • Directory Data Store

        • Protecting Your Active Directory Data

        • Policy-Based Administration

        • Directory Access Protocol

        • Naming Scheme

        • Installing Active Directory to Create a Domain Controller

        • Install Active Directory

    • Understanding How Active Directory Works

      • Directory Structure Overview

      • Sites

      • Domains

      • Domain Trees

      • Forests

      • Organizational Units

      • Active Directory Components

      • Logical vs Physical Components

        • Domain Controllers

        • Schema

        • Global Catalog

        • Replication Service

    • Using Active Directory Administrative Tools

      • Graphical Administrative Tools/MMCs

        • Active Directory Users and Computers

        • Active Directory Domains and Trusts

        • Active Directory Sites and Services

      • Command-Line Tools

        • Cacls

        • Cmdkey

        • Csvde

        • Dcgpofix

        • Dsadd

        • Dsget

        • Dsmod

        • Dsmove

        • Ldifde

        • Ntdsutil

        • Whoami

    • Implementing Active Directory Security and Access Control

      • Access Control in Active Directory

        • Set Permissions on AD Objects

        • Role-Based Access Control

        • Authorization Manager

      • Active Directory Authentication

      • Standards and Protocols

        • Kerberos

        • X.509 Certificates

        • LDAP/SSL

        • PKI

    • What's New in Windows Server 2003 Active Directory?

      • New Features Available Only with Windows Server 2003 Domain/Forest Functionality

        • Domain Controller Renaming Tool

        • Domain Rename Utility

        • Forest Trusts

        • Dynamically Links Auxiliary Classes

        • Disabling Classes

        • Replication

        • Raise Domain and Forest Functionality

  • Chapter 10 Working with User, Group, and Computer Accounts

    • Introduction

    • Understanding Active Directory Security Principal Accounts

      • Security Principals and Security Identifiers

        • Tools to View and Manage Security Identifiers

      • Naming Conventions and Limitations

    • Working with Active Directory User Accounts

      • Built-In Domain User Accounts

        • Administrator

        • Guest

        • HelpAssistant

        • SUPPORT_388945a0

      • InetOrgPerson

      • Creating User Accounts

        • Creating Accounts Using Active Directory Users and Computers

        • Create a User Object in Active Directory

        • Creating Accounts Using the DSADD Command

      • Managing User Accounts

        • Personal Information Tabs

        • Account Settings

        • Terminal Services Tabs

        • Security-Related Tabs

    • Working with Active Directory Group Accounts

      • Group Types

        • Security Groups

        • Distribution Groups

      • Group Scopes in Active Directory

        • Universal

        • Global

        • Domain Local

      • Built-In Group Accounts

        • Default Groups in Builtin Container

        • Default Groups in Users Container

      • Creating Group Accounts

        • Creating Groups Using Active Directory Users and Computers

        • Creating Groups Using the DSADD Command

      • Managing Group Accounts

    • Working with Active Directory Computer Accounts

      • Creating Computer Accounts

        • Creating Computer Accounts by Adding a Computer to a Domain

        • Creating Computer Accounts Using Active Directory Users and Computers

        • Creating Computer Accounts Using the DSADD Command

        • Managing Computer Accounts

      • Managing Multiple Accounts

      • Implementing User Principal Name Suffixes

        • Add and Use Alternative UPN Suffixes

      • Moving Account Objects in Active Directory

        • Moving Objects with Active Directory Users and Computers

        • Moving Objects with the DSMOVE Command

        • Moving Objects with the MOVETREE Command

        • Install MOVETREE with AD Support Tools

      • Troubleshooting Problems with Accounts

  • Chapter 11 Creating User and Group Strategies

    • Introduction

    • Creating a Password Policy for Domain Users

      • Creating an Extensive Defense Model

        • Strong Passwords

        • System Key Utility

      • Defining a Password Policy

        • Create a domain password policy

        • Modifying a Password Policy

        • Applying an Account Lockout Policy

        • Create an account lockout policy

    • Creating User Authentication Strategies

      • Need for Authentication

      • Single Sign-On

        • Interactive Logon

        • Network Authentication

    • Authentication Types

      • Kerberos

        • Understanding the Kerberos Authentication Process

      • Secure Sockets Layer/Transport Layer Security

      • NT LAN Manager

      • Digest Authentication

      • Passport Authentication

      • Educating Users

    • Smart Card Authentication

    • Planning a Security Group Strategy

      • Security Group Best Practices

      • Designing a Group Strategy for a Single Domain Forest

      • Designing a Group Strategy for a Multiple Domain Forest

  • Chapter 12 Working with Forests and Domains

    • Introduction

    • Understanding Forest and Domain Functionality

      • The Role of the Forest

        • New Forestwide Features

        • New Domainwide Features

      • Domain Trees

      • Forest and Domain Functional Levels

        • Domain Functionality

        • Forest Functionality

      • Raising the Functional Level of a Domain and Forest

        • Domain Functional Level

        • Verify the domain functional level

      • Raise the domain fuctional level

      • Forest Functional Level

      • Verify the forest functional level

      • Raise the forest functional level

      • Optimizing Your Strategy for Raising Functional Levels

    • Creating the Forest and Domain Structure

      • Deciding When to Create a New DC

      • Installing Domain Controllers

        • Creating a Forest Root Domain

        • Creating a New Domain Tree in an Existing Forest

        • Create a new domain tree in an existing forest

        • Creating a New Child Domain in an Existing Domain

        • Creating a New DC in an Existing Domain

        • Create a new domain controller in an existing domain using the conventional across-the-network method

        • Create a new domain controller in an existing domain using the new system state backup method

        • Assigning and Transferring Master Roles

        • Locate the Schema Operations Master

        • Transfer the Schema Operations Master Role

        • Locate the Domain Naming Operations Master

        • Transer the Domain Naming Master Role

        • Locate the Infrastructure, RID and PDC Operations Masters

        • Transfer the Infrastructure, RID and PDC Master Roles

        • Seize the FSMO Master Roles

        • Using Application Directory Partitions

        • Administer Application Directory Partitions

      • Establishing Trust Relationships

        • Direction and Transitivity

        • Types of Trusts

      • Restructuring the Forest and Renaming Domains

        • Domain Rename Limitations

        • Domain Rename Limitations in a Windows 2000 Forest

        • Domain Rename Limitations in a Windows Server 2003 Forest

        • Domain Rename Dependencies

        • Domain Rename Conditions and Effects

        • Rename a Windows Server 2003 Domain Controller

    • Implementing DNS in the Active Directory Network Environment

      • DNS and Active Directory Namespaces

      • DNS Zones and Active Directory Integration

      • Configuring DNS Servers for Use with Active Directory

        • Integrating an Existing Primary DNS Server with Active Directory

        • Creating the Default DNS Application Directory Partitions

        • Using dnscmd to Administer Application Directory Partitions

      • Securing Your DNS Deployment

  • Chapter 13 Working with Trusts and Organizational Units

    • Introduction

    • Working with Active Directory Trusts

      • Types of Trust Relationships

        • Default Trusts

        • Shortcut Trust

        • Realm Trust

        • External Trust

        • Forest Trust

      • Creating,Verifying, and Removing Trusts

        • Create a transitive, one-way incoming realm trust

      • Securing Trusts Using SID Filtering

      • Understanding the Role of Container Objects

      • Creating and Managing Organizational Units

        • Create an Organizational Unit

        • Applying Group Policy to OUs

        • Delegating Control of OUs

    • Planning an OU Structure and Strategy for Your Organization

      • Delegation Requirements

        • Delegate authority for an OU

      • Security Group Hierarchy

  • Chapter 14 Working with Active Directory Sites

    • Introduction

    • Understanding the Role of Sites

      • Replication

      • Authentication

      • Distribution of Services Information

    • Relationship of Sites to Other Active Directory Components

      • Relationship of Sites and Domains

        • Physical vs Logical Structure of the Network

      • The Relationship of Sites and Subnets

    • Creating Sites and Site Links

      • Site Planning

        • Criteria for Establishing Separate Sites

        • Creating a Site

        • Create a new site

        • Renaming a Site

        • Rename a new site

        • Creating Subnets

        • Create subnets

        • Associating Subnets with Sites

        • Associate subnets with sites

        • Creating Site Links

        • Create site links

        • Configuring Site Link Cost

        • Configure site link costs

    • Site Replication

      • Types of Replication

      • Intra-site Replication

      • Inter-site Replication

      • Planning, Creating, and Managing the Replication Topology

        • Planning Replication Topology

        • Creating Replication Topology

        • Managing Replication Topology

      • Configuring Replication between Sites

        • Configuring Replication Frequency

        • Configuring Site Link Availability

        • Configuring Site Link Bridges

        • Configuring Bridgehead Servers

      • Troubleshooting Replication Failure

        • Troubleshooting Replication

        • Using Replication Monitor

        • Using Event Viewer

        • Using Support Tools

  • Chapter 15 Working with Domain Controllers

    • Introduction

    • Planning and Deploying Domain Controllers

      • Understanding Server Roles

      • Function of Domain Controllers

      • Determining the Number of Domain Controllers

      • Using the Active Directory Installation Wizard

      • Creating Additional Domain Controllers

      • Upgrading Domain Controllers to Windows Server 2003

      • Placing Domain Controllers within Sites

    • Backing Up Domain Controllers

      • Restoring Domain Controllers

    • Managing Operations Masters

  • Chapter 16 Working with Global Catalog Servers and Schema

    • Introduction

    • Working with the Global Catalog and GC Servers

      • Functions of the GC

        • UPN Authentication

        • Directory Information Search

        • Universal Group Membership Information

      • Customizing the GC Using the Schema MMC Snap-In

        • Setup Active Directory Schema MMC Snap-in

      • Creating and Managing GC Servers

      • Understanding GC Replication

        • Universal Group Membership

        • Attributes in GC

      • Placing GC Servers within Sites

        • Bandwidth and Network Traffic Considerations

        • Universal Group Caching

      • Troubleshooting GC Issues

    • Working with the Active Directory Schema

      • Understanding Schema Components

        • Classes

        • Attributes

        • Naming of Schema Objects

      • Working with the Schema MMC Snap-In

      • Modifying and Extending the Schema

      • Deactivating Schema Classes and Attributes

        • Create and deactivate classes or attributes

      • Troubleshooting Schema Issues

  • Chapter 17 Working with Group Policy in an Active Directory Environment

    • Introduction

    • Understanding Group Policy

      • Terminology and Concepts

        • Local and Non-Local Policies

        • User and Computer Policies

        • Group Policy Objects

        • Scope and Application Order of Policies

      • Group Policy Integration in Active Directory

      • Group Policy Propagation and Replication

    • Planning a Group Policy Strategy

      • Using RSoP Planning Mode

        • Opening RSoP in Planning Mode

        • Reviewing RSoP Results

      • Strategy for Configuring the User Environment

      • Strategy for Configuring the Computer Environment

        • Run an RSoP Planning Query

    • Implementing Group Policy

      • The Group Policy Object Editor MMC

      • Creating, Configuring, and Managing GPOs

        • Creating and Configuring GPOs

        • Naming GPOs

        • Managing GPOs

      • Configuring Application of Group Policy

        • General

        • Links

        • Security

        • WMI Filter

      • Delegating Administrative Control

      • Verifying Group Policy

        • Delegate Control for Group Policy to a Non-Administrator

    • Performing Group Policy Administrative Tasks

      • Automatically Enrolling User and Computer Certificates

      • Redirecting Folders

      • Configuring User and Computer Security Settings

        • Computer Configuration

        • User Configuration

        • Redirect the My Documents Folder

      • Using Software Restriction Policies

        • Setting Up Software Restriction Policies

        • Software Policy Rules

        • Precedence of Policies

        • Best Practices

    • Applying Group Policy Best Practices

    • Troubleshooting Group Policy

      • Using RSoP

      • Using gpresult.exe

        • Run an RSoP Query in Logging Mode

  • Chapter 18 Deploying Software via Group Policy

    • Introduction

    • Understanding Group Policy Software Installation Terminology and Concepts

      • Group Policy Software Installation Concepts

        • Assigning Applications

        • Publishing Applications

        • Document Invocation

        • Application Categories

        • Group Policy Software Deployment vs SMS Software Deployment

      • Group Policy Software Installation Components

        • Windows Installer Packages (.msi)

        • Transforms (.mst)

        • Patches and Updates (.msp)

        • Application Assignment Scripts (.aas)

        • Deploying Software to Users

        • Deploying Software to Computers

    • Using Group Policy Software Installation to Deploy Applications

      • Preparing for Group Policy Software Installation

        • Creating Windows Installer Packages

      • Using .zap Setup Files

        • Publish Software Using a .ZAP File

        • Creating Distribution Points

      • Working with the GPO Editor

      • Opening or Creating a GPO for Software Deployment

      • Assigning and Publishing Applications

        • Assign Software to a Group

      • Configuring Software Installation Properties

        • The General Tab

        • The Advanced Tab

        • The File Extensions Tab

        • The Categories Tab

      • Upgrading Applications

        • Configuring Required Updates

      • Removing Managed Applications

      • Managing Application Properties

      • Categorizing Applications

      • Adding and Removing Modifications for Application Packages

        • Apply a Transform to a Software Package

    • Troubleshooting Software Deployment

      • Verbose Logging

      • Software Installation Diagnostics Tool

  • Chapter 19 Ensuring Active Directory Availability

    • Introduction

    • Understanding Active Directory Availability Issues

      • The Active Directory Database

      • Data Modification to the Active Directory Database

      • The Tombstone and Garbage Collection Processes

      • System State Data

      • Fault Tolerance and Performance

    • Performing Active Directory Maintenance Tasks

      • Defragmenting the Database

        • The Offline Defragmentation Process

        • Perform an Offline Defragmentation of the Active Directory Database

      • Moving the Database or Log Files

      • Monitoring the Database

        • Using Event Viewer to Monitor Active Directory

        • Using the Performance Console to Monitor Active Directory

        • Use System Monitor to Monitor Active Directory

    • Backing Up and Restoring Active Directory

      • Backing Up Active Directory

        • Backing Up at the Command Line

      • Restoring Active Directory

        • Directory Services Restore Mode

        • Normal Restore

        • Authoritative Restore

        • Primary Restore

    • Troubleshooting Active Directory Availability

      • Setting Logging Levels for Additional Detail

      • Using Ntdsutil Command Options

        • Using the Integrity Command

        • Using the recover Command

        • Using the Semantic Database Analysis Command

        • Using the esentutl Command

      • Changing the Directory Services Restore Mode Password

  • Chapter 20 Planning, Implementing, and Maintaining a Name Resolution Strategy

    • Introduction

    • Planning for Host Name Resolution

      • Install Windows Server 2003 DNS Service and Configure Forward and Reverse Lookup Zones

      • Designing a DNS Namespace

        • Host Naming Conventions and Limitations

        • Supporting Multiple Namespaces

      • Planning DNS Server Deployment

        • Planning the Number of DNS Servers

        • Planning for DNS Server Capacity

        • Planning DNS Server Placement

        • Planning DNS Server Roles

      • Planning for Zone Replication

        • Active Directory-integrated Zone Replication Scope

        • Security for Zone Replication

        • General Guidelines for Planning for Zone Replication

      • Planning for Forwarding

        • Conditional Forwarding

        • General Guidelines for Using Forwarders

      • DNS/DHCP Interaction

        • Security Considerations for DDNS and DHCP

        • Aging and Scavenging of DNS Records

      • Windows Server 2003 DNS Interoperability

        • BIND and Other DNS Server Implementations

        • Zone Transfers with BIND

        • Supporting AD with BIND

        • Split DNS Configuration

        • Interoperability with WINS

      • DNS Security Issues

        • Common DNS Threats

        • Securing DNS Deployment

        • DNS Security Levels

        • General DNS Security Guidelines

      • Monitoring DNS Servers

        • Testing DNS Server Configuration with the DNS Console Monitoring Tab

        • Debug Logging

        • Event Logging

        • Monitoring DNS Server Using the Performance Console

        • Command-line Tools for Maintaining and Monitoring DNS Servers

    • Planning for NetBIOS Name Resolution

      • Understanding NETBIOS Naming

        • NetBIOS Name Resolution Process

        • Understanding the LMHOSTS File

        • Understanding WINS

        • What's New for WINS in Windows Server 2003

      • Planning WINS Server Deployment

        • Server Number and Placement

      • Planning for WINS Replication

      • Replication Partnership Configuration

      • Replication Models

    • WINS Issues

      • Static WINS Entries

      • Multihomed WINS Servers

      • Client Configuration

      • Preventing Split WINS Registrations

      • Performance Issues

      • Security Issues

      • Planning for WINS Database Backup and Restoration

    • Troubleshooting Name Resolution Issues

      • Troubleshooting Host Name Resolution

        • Issues Related to Client Computer Configuration

        • Issues Related to DNS Services

      • Troubleshooting NetBIOS Name Resolution

        • Issues Related to Client Computer Configuration

        • Issues Related to WINS Servers

  • Chapter 21 Planning, Implementing, and Maintaining the TCP/IP Infrastructure

    • Introduction

    • Understanding Windows 2003 Server Network Protocols

      • The Multiprotocol Network Environment

      • What's New in TCP/IP for Windows Server 2003

        • IGMPv3

        • IPv6

        • Alternate Configuration

        • Automatic Determination of Interface Metric

    • Planning an IP Addressing Strategy

      • Analyzing Addressing Requirements

      • Creating a Subnetting Scheme

      • Troubleshooting IP Addressing

        • Client Configuration Issues

        • DHCP Issues

      • Transitioning to IPv6

        • IPv6 Utilities

        • Install TCP/IP Version 6

        • 6to4 Tunneling

        • IPv6 Helper Service

        • The 6bone

        • Teredo (IPv6 with NAT)

    • Planning the Network Topology

      • Analyzing Hardware Requirements

      • Planning the Placement of Physical Resources

    • Planning Network Traffic Management

      • Monitoring Network Traffic and Network Devices

        • Using System Monitor

      • Determining Bandwidth Requirements

      • Optimizing Network Performance

  • Chapter 22 Planning, Implementing, and Maintaining a Routing Strategy

    • Introduction

    • Understanding IP Routing Basics

      • Routing Tables

      • Static versus Dynamic Routing

      • Gateways

      • Routing Protocols

      • Using Netsh Commands

    • Evaluating Routing Options

      • Selecting Connectivity Devices

      • Switches

      • Routers

    • Windows Server 2003 As a Router

      • Configure a Windows Server 2003 Computer As a Static Router

      • Configure RIP Version 2

    • Security Considerations for Routing

      • Analyzing Requirements for Routing Components

      • Simplifying Network Topology to Provide Fewer Attack Points

        • Minimizing the Number of Network Interfaces and Routes

        • Minimizing the Number of Routing Protocols

      • Router-to-Router VPNs

        • Install and Enable Windows Server 2003 VPN Server

        • Set Up Windows Server 2003 As Router-to-Router VPN Server

      • Packet Filtering and Firewalls

      • Logging Level

    • Troubleshooting IP Routing

      • Identifying Troubleshooting Tools

      • Common Routing Problems

        • Interface Configuration Problems

        • RRAS Configuration Problems

        • Routing Protocol Problems

        • TCP/IP Configuration Problems

        • Routing Table Configuration Problems

  • Chapter 23 Planning, Implementing, and Maintaining Internet Protocol Security

    • Introduction

    • Understanding IP Security (IPSec)

      • How IPSec Works

        • Securing Data in Transit

        • IPSec Cryptography

      • IPSec Modes

        • Tunnel Mode

        • Transport Mode

      • IPSec Protocols

        • Determine IPSec Protocol

        • Additional Protocols

      • IPSec Components

        • IPSec Policy Agent

        • IPSec Driver

      • IPSec and IPv6

    • Deploying IPSec

      • Determining Organizational Needs

      • Security Levels

    • Managing IPSec

      • Using the IP Security Policy Management MMC Snap-in

      • Install the IP Security Policy Management Console

      • Using the netsh Command-line Utility

      • Default IPSec Policies

      • Client (Respond Only)

      • Server (Request Security)

      • Secure Server (Require Security)

      • Custom Policies

        • Customize IP Security Policy

        • Using the IP Security Policy Wizard

        • Create an IPSec Policy with the IP Security Policy Wizard

        • Defining Key Exchange Settings

        • Managing Filter Lists and Filter Actions

      • Assigning and Applying Policies in Group Policy

      • Active Directory Based IPSec Policies

      • IPSec Monitoring

        • Using the netsh Utility for Monitoring

        • Using the IP Security Monitor MMC Snap-in

      • Troubleshooting IPSec

        • Using netdiag for Troubleshooting Windows Server 2003 IPSec

        • Viewing Policy Assignment Information

        • Viewing IPSec Statistics

        • Using Packet Event Logging to Troubleshoot IPSec

        • Using IKE Detailed Tracing to Troubleshoot IPSec

        • Using the Network Monitor to Troubleshoot IPSec

        • Disabling TCP/IP and IPSec Hardware Acceleration to Solve IPSec Problems

    • Addressing IPSec Security Considerations

      • Strong Encryption Algorithm (3DES)

      • Firewall Packet Filtering

      • Diffie-Hellman Groups

      • Pre-shared Keys

        • Advantages and Disadvantages of Pre-shared Keys

        • Considerations when Choosing a Pre-shared Key

      • Soft Associations

      • Security and RSoP

  • Chapter 24 Planning, Implementing, and Maintaining a Public Key Infrastructure

    • Introduction

    • Planning a Windows Server 2003 Certificate-Based PKI

      • Understanding Public Key Infrastructure

        • The Function of the PKI

        • Components of the PKI

      • Understanding Digital Certificates

        • User Certificates

        • Machine Certificates

        • Application Certificates

      • Understanding Certification Authorities

        • CA Hierarchy

        • How Microsoft Certificate Services Works

        • Install Certificate Services

    • Implementing Certification Authorities

      • Configure a Certification Authority

      • Analyzing Certificate Needs within the Organization

      • Determining Appropriate CA Type(s)

        • Enterprise CAs

        • Stand-Alone CAs

        • Planning the CA Hierarchy

        • Planning CA Security

        • Certificate Revocation

    • Planning Enrollment and Distribution of Certificates

      • Certificate Templates

      • Certificate Requests

      • Auto-Enrollment Deployment

      • Role-Based Administration

    • Implementing Smart Card Authentication in the PKI

      • How Smart Card Authentication Works

      • Deploying Smart Card Logon

        • Smart Card Readers

        • Smart Card Enrollment Station

      • Using Smart Cards To Log On to Windows

        • Implement and Use Smart Cards

      • Using Smart Cards for Remote Access VPNs

      • Using Smart Cards To Log On to a Terminal Server

  • Chapter 25 Planning, Implementing, Maintaining Routing and Remote Access

    • Introduction

    • Planning the Remote Access Strategy

      • Analyzing Organizational Needs

      • Analyzing User Needs

      • Selecting Remote Access Types To Allow

        • Dial-In

        • VPN

        • Wireless Remote Access

    • Addressing Dial-In Access Design Considerations

      • Allocating IP Addresses

        • Static Address Pools

        • Using DHCP for Addressing

        • Using APIPA

      • Determining Incoming Port Needs

        • Multilink and BAP

      • Selecting an Administrative Model

        • Access by User

        • Access by Policy

    • Configuring the Windows 2003 Dial-up RRAS Server

    • Configuring RRAS Packet Filters

      • RRAS Packet Filter Configuration

    • Addressing VPN Design Considerations

      • Selecting VPN Protocols

        • Client Support

        • Data Integrity and Sender Authentication

        • PKI Requirements

      • Installing Machine Certificates

      • Configuring Firewall Filters

    • PPP Multilink and Bandwidth Allocation Protocol (BAP)

      • PPP Multilink Protocol

      • BAP Protocols

    • Addressing Wireless Remote Access Design Considerations

      • The 802.11 Wireless Standards

      • Using IAS for Wireless Connections

      • Configuring Remote Access Policies for Wireless Connections

        • Create a Policy for Wireless Access

      • Multiple Wireless Access Points

      • Placing CA on VLAN for New Wireless Clients

      • Configuring WAPs as RADIUS Clients

    • Planning Remote Access Security

      • Domain Functional Level

      • Selecting Authentication Methods

        • Disallowing Password-Based Connections (PAP, SPAP, CHAP, MS-CHAP v1)

        • Disable Password-Based Authentication Methods

        • Using RADIUS/IAS vs.Windows Authentication

      • Selecting the Data Encryption Level

      • Using Callback Security

      • Managed Connections

      • Mandating Operating System/File System

      • Using Smart Cards for Remote Access

    • Configuring Wireless Security Protocols

      • Configure Wireless Networking

    • RRAS NAT Services

      • Configure NAT and Static NAT Mapping

    • ICMP Router Discovery

      • Configure ICMP Router Discovery

    • Creating Remote Access Policies

      • Policies and Profiles

      • Authorizing Remote Access

        • Authorizing Access By Group

      • Restricting Remote Access

        • Restricting by User/Group Membership

        • Restricting by Type of Connection

        • Restricting by Time

        • Restricting by Client Configuration

        • Restricting Authentication Methods

        • Restricting by Phone Number or MAC Address

      • Controlling Remote Connections

        • Controlling Idle Timeout

        • Controlling Maximum Session Time

        • Controlling Encryption Strength

        • Controlling IP Packet Filters

        • Controlling IP Address for PPP Connections

    • Troubleshooting Remote Access Client Connections

    • Troubleshooting Remote Access Server Connections

    • Configuring Internet Authentication Services

      • Configure IAS

  • Chapter 26 Managing Web Servers with IIS 6.0

    • Introduction

    • Installing and Configuring IIS 6.0

      • Pre-Installation Checklist

        • Internet Connection Firewall

      • Installation Methods

        • Using the Configure Your Server Wizard

        • Using the Add or Remove Programs Applet

        • Using Unattended Setup

      • Installation Best Practices

    • What's New in IIS 6.0?

      • New Security Features

        • Advanced Digest Authentication

        • Server-Gated Cryptography (SGC)

        • Selectable Cryptographic Service Provider (CSP)

        • Configurable Worker Process Identity

        • Default Lockdown Status

        • New Authorization Framework

      • New Reliability Features

        • Health Detection

        • New Request Processing Architecture: HTTP.SYS Kernel Mode Driver

      • Other New Features

        • ASP.NET and IIS Integration

        • Unicode Transformation Format-8 (UTF-8)

        • XML Metabase

    • Managing IIS 6.0

      • Performing Common Management Tasks

        • Site Setup

        • Common Administrative Tasks

        • Enable Health Detection

      • Managing IIS Security

        • Configuring Authentication Settings

    • Troubleshooting IIS 6.0

      • Troubleshooting Content Errors

        • Static Files Return 404 Errors

        • Dynamic Content Returns a 404 Error

        • Sessions Lost Due to Worker Process Recycling

        • Configure Worker Process Recycling

        • ASP.NET Pages are Returned as Static Files

      • Troubleshooting Connection Errors

        • 503 Errors

        • Extend The Queue Length of An Application Pool

        • Extend The Error Count and Timeframe

        • Clients Cannot Connect to Server

        • 401 Error-Sub Authentication Error

        • Client Requests Timing Out

      • Troubleshooting Other Errors

        • File Not Found Errors for UNIX and Linux Files

        • ISAPI Filters Are Not Automatically Visible as Properties of the Web Site

        • The Scripts and Msadc Virtual Directories Are Not Found in IIS 6.0

    • Using New IIS Command-Line Utilities

      • iisweb.vbs

      • iisvdir.vbs

      • iisftp.vbs

      • iisftpdr.vbs

      • iisback.vbs

      • iiscnfg.vbs

  • Chapter 27 Managing and Troubleshooting Terminal Services

    • Introduction

    • Understanding Windows Terminal Services

      • Terminal Services Components

        • Remote Desktop for Administration

        • Remote Assistance

        • The Terminal Server Role

    • Using Terminal Services Components for Remote Administration

      • Configuring RDA

      • Enabling RDA Access

      • Remote Desktop Security Issues

      • Using Remote Assistance

        • Configuring Remote Assistance for Use

        • Asking for Assistance

        • Managing Open Invitations

        • Remote Assistance Security Issues

    • Installing and Configuring the Terminal Server Role

      • Install the Terminal Server Role

      • Install Terminal Server Licensing

    • Using Terminal Services Client Tools

      • Installing and Using the Remote Desktop Connection (RDC) Utility

        • Installing the Remote Desktop Connection Utility

        • Launching and Using the Remote Desktop Connection Utility

        • Configuring the Remote Desktop Connection Utility

      • Installing and Using the Remote Desktops MMC Snap-In

        • Install the Remote Desktops MMC Snap-In

        • Configure a New Connection in the RD MMC

        • Configure a Connection's Properties

        • Connecting and Disconnecting

      • Installing and Using the Remote Desktop Web Connection Utility

        • Install the Remote Desktop Web Connection Utility

        • Using the Remote Desktop Web Connection Utility from a Client

    • Using Terminal Services Administrative Tools

      • Use Terminal Services Manager to Connect to Servers

        • Manage Users with the Terminal Services Manager Tool

        • Manage Sessions with the Terminal Services Manager Tool

        • Manage Processes with the Terminal Services Manager Tool

      • Using the Terminal Services Configuration Tool

        • Understanding Listener Connections

        • Modifying the Properties of an Existing Connection

        • Terminal Services Configuration Server Settings

      • User Account Extensions

        • The Terminal Services Profile Tab

        • The Sessions Tab

        • The Environment Tab

        • The Remote Control Tab

      • Using Group Policies to Control Terminal Services Users

      • Using the Terminal Services Command-Line Tools

        • Use Terminal Services Manager to Reset a Session

    • Troubleshooting Terminal Services

      • Not Automatically Logged On

      • "This Initial Program Cannot Be Started"

      • Clipboard Problems

      • License Problems

  • Index

  • Team DDU

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan