The Best Damn Windows Server 2003 Book Period
Contents
Foreword
Chapter 1 Overview of Windows Server 2003
Introduction
What's New in Windows Server 2003?
New Features
New Active Directory Features
Improved File and Print Services
Revised IIS Architecture
Enhanced Clustering Technology
New Networking and Communications Features
Improved Security
Better Storage Management
Improved Terminal Services
New Media Services
XML Web Services
The Windows Server 2003 Family
Licensing Issues
Installation and Upgrade Issues
Windows Server 2003 Planning Tools and Documentation
Overview of Network Infrastructure Planning
Developing a Windows Server 2003 Test Network Environment
Documenting the Planning and Network Design Process
Chapter 2 Using Server Management Tools
Introduction
Recognizing Types of Management Tools
Managing Your Server Remotely
Remote Assistance
Using Web Interface for Remote Administration
Remote Desktop for Administration
Administration Tools Pack (adminpak.msi)
Windows Management Instrumentation (WMI)
Using Computer Management to Manage a Remote Computer
Which Tool To Use?
Using Emergency Management Services
Managing Printers and Print Queues
Using the Graphical Interface
Using New Command-Line Tools
The Printer Spooler Service
The Internet Printing Protocol
Using the Graphical Interface
Using New Command-Line Utilities
Sc.exe
Schtasks.exe
Setx.exe
Shutdown.exe
Tasklist.exe
Taskkill.exe
Using Wizards to Configure and Manage Your Server
Chapter 3 Planning Server Roles and Server Security
Introduction
Understanding Server Roles
Domain Controllers (Authentication Servers)
Active Directory
Operations Master Roles
File and Print Servers
Print Servers
File Servers
DHCP, DNS, and WINS Servers
DHCP Servers
DNS Servers
WINS Servers
Web Servers
Web Server Protocols
Web Server Configuration
Database Servers
Mail Servers
Certificate Authorities
Application Servers and Terminal Servers
Application Servers
Terminal Servers
Planning a Server Security Strategy
Choosing the Operating System
Identifying Minimum Security Requirements for Your Organization
Identifying Configurations to Satisfy Security Requirements
Planning Baseline Security
Customizing Server Security
Chapter 4 Security Templates and Software Updates
Introduction
Security Templates
Types of Security Templates
Network Security Settings
Analyzing Baseline Security
Applying Security Templates
Software Updates
Install and Configure Software Update Infrastructure
Install and Configure Automatic Client Update Settings
Supporting Legacy Clients
Testing Software Updates
Chapter 5 Managing Physical and Logical Disks
Introduction
Using Disk Management Tools
Managing Physical and Logical Disks
Managing Basic Disks
Managing Dynamic Disks
Optimizing Disk Performance
Defragmenting Volumes and Partitions
Configuring and Monitoring Disk Quotas
Brief Overview of Disk Quotas
Enabling and Configuring Disk Quotas
Monitoring Disk Quotas
Exporting and Importing Quota Settings
Disk Quota Best Practices
Using Fsutil to Manage Disk Quotas
Implementing RAID Solutions
Understanding and Using Remote Storage
Troubleshooting Disks and Volumes
Troubleshooting Basic Disks
Troubleshooting Dynamic Volumes
Troubleshooting Fragmentation Problems
Computer is Operating Slowly
The Analysis and Defragmentation Reports Do Not Match the Display
My Volumes Contain Unmovable Files
Troubleshooting Disk Quotas
The Quota Tab is Not There
Deleting a Quota Entry Gives you Another Window
A User Gets an "Insufficient Disk Space" Message When Adding Files to a Volume
Troubleshooting Remote Storage
Remote Storage Will Not Install
Remote Storage Is Not Finding a Valid Media Type
Files Can No Longer Be Recalled from Remote Storage
Troubleshooting RAID
Mirrored or RAID-5 Volume's Status is Data Not Redundant
Mirrored or RAID-5 Volume's Status is Failed Redundancy
Mirrored or RAID-5 Volume's Status is Stale Data
Chapter 6 Implementing Windows Cluster Services and Network Load Balancing
Chapter 7 Planning, Implementing, and Maintaining a High-Availability Strategy
Introduction
Understanding Performance Bottlenecks
Identifying System Bottlenecks
Memory
Processor
Disk
Network Components
Using the System Monitor Tool to Monitor Servers
Using Event Viewer to Monitor Servers
Using Service Logs to Monitor Servers
Planning a Backup and Recovery Strategy
Planning System Recovery with ASR
Planning for Fault Tolerance
Network Fault-Tolerance Solutions
Internet Fault-Tolerance Solutions
Disk Fault-Tolerance Solutions
Server Fault-Tolerance Solutions
Chapter 8 Monitoring and Troubleshooting Network Activity
Chapter 9 Active Directory Infrastructure Overview
Introduction
Introducing Directory Services
Terminology and Concepts
Directory Data Store
Protecting Your Active Directory Data
Policy-Based Administration
Directory Access Protocol
Naming Scheme
Installing Active Directory to Create a Domain Controller
Install Active Directory
Understanding How Active Directory Works
Directory Structure Overview
Sites
Domains
Domain Trees
Forests
Organizational Units
Active Directory Components
Logical vs Physical Components
Domain Controllers
Schema
Global Catalog
Replication Service
Using Active Directory Administrative Tools
Implementing Active Directory Security and Access Control
What's New in Windows Server 2003 Active Directory?
Chapter 10 Working with User, Group, and Computer Accounts
Introduction
Understanding Active Directory Security Principal Accounts
Working with Active Directory User Accounts
Working with Active Directory Group Accounts
Working with Active Directory Computer Accounts
Creating Computer Accounts
Creating Computer Accounts by Adding a Computer to a Domain
Creating Computer Accounts Using Active Directory Users and Computers
Creating Computer Accounts Using the DSADD Command
Managing Computer Accounts
Managing Multiple Accounts
Implementing User Principal Name Suffixes
Moving Account Objects in Active Directory
Moving Objects with Active Directory Users and Computers
Moving Objects with the DSMOVE Command
Moving Objects with the MOVETREE Command
Install MOVETREE with AD Support Tools
Troubleshooting Problems with Accounts
Chapter 11 Creating User and Group Strategies
Introduction
Creating a Password Policy for Domain Users
Creating User Authentication Strategies
Need for Authentication
Single Sign-On
Interactive Logon
Network Authentication
Authentication Types
Smart Card Authentication
Planning a Security Group Strategy
Security Group Best Practices
Designing a Group Strategy for a Single Domain Forest
Designing a Group Strategy for a Multiple Domain Forest
Chapter 12 Working with Forests and Domains
Introduction
Understanding Forest and Domain Functionality
The Role of the Forest
New Forestwide Features
New Domainwide Features
Domain Trees
Forest and Domain Functional Levels
Domain Functionality
Forest Functionality
Raising the Functional Level of a Domain and Forest
Raise the domain fuctional level
Forest Functional Level
Verify the forest functional level
Raise the forest functional level
Optimizing Your Strategy for Raising Functional Levels
Creating the Forest and Domain Structure
Deciding When to Create a New DC
Installing Domain Controllers
Creating a Forest Root Domain
Creating a New Domain Tree in an Existing Forest
Create a new domain tree in an existing forest
Creating a New Child Domain in an Existing Domain
Creating a New DC in an Existing Domain
Create a new domain controller in an existing domain using the conventional across-the-network method
Create a new domain controller in an existing domain using the new system state backup method
Assigning and Transferring Master Roles
Locate the Schema Operations Master
Transfer the Schema Operations Master Role
Locate the Domain Naming Operations Master
Transer the Domain Naming Master Role
Locate the Infrastructure, RID and PDC Operations Masters
Transfer the Infrastructure, RID and PDC Master Roles
Seize the FSMO Master Roles
Using Application Directory Partitions
Administer Application Directory Partitions
Establishing Trust Relationships
Restructuring the Forest and Renaming Domains
Domain Rename Limitations
Domain Rename Limitations in a Windows 2000 Forest
Domain Rename Limitations in a Windows Server 2003 Forest
Domain Rename Dependencies
Domain Rename Conditions and Effects
Rename a Windows Server 2003 Domain Controller
Implementing DNS in the Active Directory Network Environment
DNS and Active Directory Namespaces
DNS Zones and Active Directory Integration
Configuring DNS Servers for Use with Active Directory
Integrating an Existing Primary DNS Server with Active Directory
Creating the Default DNS Application Directory Partitions
Using dnscmd to Administer Application Directory Partitions
Securing Your DNS Deployment
Chapter 13 Working with Trusts and Organizational Units
Chapter 14 Working with Active Directory Sites
Introduction
Understanding the Role of Sites
Relationship of Sites to Other Active Directory Components
Creating Sites and Site Links
Site Planning
Criteria for Establishing Separate Sites
Creating a Site
Create a new site
Renaming a Site
Rename a new site
Creating Subnets
Create subnets
Associating Subnets with Sites
Associate subnets with sites
Creating Site Links
Create site links
Configuring Site Link Cost
Configure site link costs
Site Replication
Types of Replication
Intra-site Replication
Inter-site Replication
Planning, Creating, and Managing the Replication Topology
Planning Replication Topology
Creating Replication Topology
Managing Replication Topology
Configuring Replication between Sites
Configuring Replication Frequency
Configuring Site Link Availability
Configuring Site Link Bridges
Configuring Bridgehead Servers
Troubleshooting Replication Failure
Chapter 15 Working with Domain Controllers
Introduction
Planning and Deploying Domain Controllers
Understanding Server Roles
Function of Domain Controllers
Determining the Number of Domain Controllers
Using the Active Directory Installation Wizard
Creating Additional Domain Controllers
Upgrading Domain Controllers to Windows Server 2003
Placing Domain Controllers within Sites
Backing Up Domain Controllers
Managing Operations Masters
Chapter 16 Working with Global Catalog Servers and Schema
Chapter 17 Working with Group Policy in an Active Directory Environment
Introduction
Understanding Group Policy
Planning a Group Policy Strategy
Implementing Group Policy
The Group Policy Object Editor MMC
Creating, Configuring, and Managing GPOs
Configuring Application of Group Policy
General
Links
Security
WMI Filter
Delegating Administrative Control
Verifying Group Policy
Performing Group Policy Administrative Tasks
Automatically Enrolling User and Computer Certificates
Redirecting Folders
Configuring User and Computer Security Settings
Using Software Restriction Policies
Applying Group Policy Best Practices
Troubleshooting Group Policy
Using RSoP
Using gpresult.exe
Chapter 18 Deploying Software via Group Policy
Introduction
Understanding Group Policy Software Installation Terminology and Concepts
Using Group Policy Software Installation to Deploy Applications
Preparing for Group Policy Software Installation
Using .zap Setup Files
Working with the GPO Editor
Opening or Creating a GPO for Software Deployment
Assigning and Publishing Applications
Configuring Software Installation Properties
The General Tab
The Advanced Tab
The File Extensions Tab
The Categories Tab
Upgrading Applications
Removing Managed Applications
Managing Application Properties
Categorizing Applications
Adding and Removing Modifications for Application Packages
Troubleshooting Software Deployment
Chapter 19 Ensuring Active Directory Availability
Introduction
Understanding Active Directory Availability Issues
The Active Directory Database
Data Modification to the Active Directory Database
The Tombstone and Garbage Collection Processes
System State Data
Fault Tolerance and Performance
Performing Active Directory Maintenance Tasks
Backing Up and Restoring Active Directory
Troubleshooting Active Directory Availability
Setting Logging Levels for Additional Detail
Using Ntdsutil Command Options
Using the Integrity Command
Using the recover Command
Using the Semantic Database Analysis Command
Using the esentutl Command
Changing the Directory Services Restore Mode Password
Chapter 20 Planning, Implementing, and Maintaining a Name Resolution Strategy
Introduction
Planning for Host Name Resolution
Install Windows Server 2003 DNS Service and Configure Forward and Reverse Lookup Zones
Designing a DNS Namespace
Planning DNS Server Deployment
Planning the Number of DNS Servers
Planning for DNS Server Capacity
Planning DNS Server Placement
Planning DNS Server Roles
Planning for Zone Replication
Active Directory-integrated Zone Replication Scope
Security for Zone Replication
General Guidelines for Planning for Zone Replication
Planning for Forwarding
DNS/DHCP Interaction
Windows Server 2003 DNS Interoperability
DNS Security Issues
Monitoring DNS Servers
Testing DNS Server Configuration with the DNS Console Monitoring Tab
Debug Logging
Event Logging
Monitoring DNS Server Using the Performance Console
Command-line Tools for Maintaining and Monitoring DNS Servers
Planning for NetBIOS Name Resolution
Understanding NETBIOS Naming
NetBIOS Name Resolution Process
Understanding the LMHOSTS File
Understanding WINS
What's New for WINS in Windows Server 2003
Planning WINS Server Deployment
Planning for WINS Replication
Replication Partnership Configuration
Replication Models
WINS Issues
Troubleshooting Name Resolution Issues
Chapter 21 Planning, Implementing, and Maintaining the TCP/IP Infrastructure
Introduction
Understanding Windows 2003 Server Network Protocols
Planning an IP Addressing Strategy
Analyzing Addressing Requirements
Creating a Subnetting Scheme
Troubleshooting IP Addressing
Transitioning to IPv6
IPv6 Utilities
Install TCP/IP Version 6
6to4 Tunneling
IPv6 Helper Service
The 6bone
Teredo (IPv6 with NAT)
Planning the Network Topology
Planning Network Traffic Management
Monitoring Network Traffic and Network Devices
Determining Bandwidth Requirements
Optimizing Network Performance
Chapter 22 Planning, Implementing, and Maintaining a Routing Strategy
Introduction
Understanding IP Routing Basics
Evaluating Routing Options
Windows Server 2003 As a Router
Security Considerations for Routing
Analyzing Requirements for Routing Components
Simplifying Network Topology to Provide Fewer Attack Points
Router-to-Router VPNs
Packet Filtering and Firewalls
Logging Level
Troubleshooting IP Routing
Chapter 23 Planning, Implementing, and Maintaining Internet Protocol Security
Chapter 24 Planning, Implementing, and Maintaining a Public Key Infrastructure
Introduction
Planning a Windows Server 2003 Certificate-Based PKI
Understanding Public Key Infrastructure
The Function of the PKI
Components of the PKI
Understanding Digital Certificates
User Certificates
Machine Certificates
Application Certificates
Understanding Certification Authorities
Implementing Certification Authorities
Configure a Certification Authority
Analyzing Certificate Needs within the Organization
Determining Appropriate CA Type(s)
Planning Enrollment and Distribution of Certificates
Implementing Smart Card Authentication in the PKI
How Smart Card Authentication Works
Deploying Smart Card Logon
Using Smart Cards To Log On to Windows
Using Smart Cards for Remote Access VPNs
Using Smart Cards To Log On to a Terminal Server
Chapter 25 Planning, Implementing, Maintaining Routing and Remote Access
Introduction
Planning the Remote Access Strategy
Addressing Dial-In Access Design Considerations
Configuring the Windows 2003 Dial-up RRAS Server
Configuring RRAS Packet Filters
Addressing VPN Design Considerations
PPP Multilink and Bandwidth Allocation Protocol (BAP)
PPP Multilink Protocol
BAP Protocols
Addressing Wireless Remote Access Design Considerations
The 802.11 Wireless Standards
Using IAS for Wireless Connections
Configuring Remote Access Policies for Wireless Connections
Multiple Wireless Access Points
Placing CA on VLAN for New Wireless Clients
Configuring WAPs as RADIUS Clients
Planning Remote Access Security
Domain Functional Level
Selecting Authentication Methods
Disallowing Password-Based Connections (PAP, SPAP, CHAP, MS-CHAP v1)
Disable Password-Based Authentication Methods
Using RADIUS/IAS vs.Windows Authentication
Selecting the Data Encryption Level
Using Callback Security
Managed Connections
Mandating Operating System/File System
Using Smart Cards for Remote Access
Configuring Wireless Security Protocols
RRAS NAT Services
ICMP Router Discovery
Creating Remote Access Policies
Policies and Profiles
Authorizing Remote Access
Restricting Remote Access
Restricting by User/Group Membership
Restricting by Type of Connection
Restricting by Time
Restricting by Client Configuration
Restricting Authentication Methods
Restricting by Phone Number or MAC Address
Controlling Remote Connections
Controlling Idle Timeout
Controlling Maximum Session Time
Controlling Encryption Strength
Controlling IP Packet Filters
Controlling IP Address for PPP Connections
Troubleshooting Remote Access Client Connections
Troubleshooting Remote Access Server Connections
Configuring Internet Authentication Services
Chapter 26 Managing Web Servers with IIS 6.0
Chapter 27 Managing and Troubleshooting Terminal Services
Introduction
Understanding Windows Terminal Services
Using Terminal Services Components for Remote Administration
Installing and Configuring the Terminal Server Role
Using Terminal Services Client Tools
Installing and Using the Remote Desktop Connection (RDC) Utility
Installing the Remote Desktop Connection Utility
Launching and Using the Remote Desktop Connection Utility
Configuring the Remote Desktop Connection Utility
Installing and Using the Remote Desktops MMC Snap-In
Install the Remote Desktops MMC Snap-In
Configure a New Connection in the RD MMC
Configure a Connection's Properties
Connecting and Disconnecting
Installing and Using the Remote Desktop Web Connection Utility
Using Terminal Services Administrative Tools
Use Terminal Services Manager to Connect to Servers
Manage Users with the Terminal Services Manager Tool
Manage Sessions with the Terminal Services Manager Tool
Manage Processes with the Terminal Services Manager Tool
Using the Terminal Services Configuration Tool
Understanding Listener Connections
Modifying the Properties of an Existing Connection
Terminal Services Configuration Server Settings
User Account Extensions
Using Group Policies to Control Terminal Services Users
Using the Terminal Services Command-Line Tools
Troubleshooting Terminal Services
Index
Team DDU