PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2004 by Microsoft Corporation All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Cataloging-in-Publication Data [ pending.] Printed and bound in the United States of America. 1 2 3 4 5 6 7 8 9 QWE 8 7 6 5 4 3 Distributed in Canada by H.B. Fenn and Company Ltd. A CIP catalogue record for this book is available from the British Library. Microsoft Press books are available through booksellers and distributors worldwide. For further information about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/learning/. Send comments to tkinput@microsoft.com. Active Directory, Brute Force, DirectShow, DirectX, FrontPage, Microsoft, Microsoft Press, MS-DOS, Outlook, PowerPoint, Visio, Visual Basic, Visual Studio, Windows, Windows Media, Windows Mobile, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. This book expresses the author’s views and opinions. The information contained in this book is provided without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book. Acquisitions Editor: Kathy Harding Content Development Manager: Marzena Makuta Project Manager: Rebecca Davis (Volt) Technical Editors: Randall Galloway and Eli Lazich Copyeditor: Mick Alberts Indexer: Seth Maislin SubAssy Part No. X10-42153 About the Authors Tony Northrup, MCSE and CISSP, is a consultant and author living in the Boston, Mas sachusetts, area. During his seven years as Principal Systems Architect at BBN/Genuity, he was ultimately responsible for the reliability and security of hundreds of Windows– based servers and dozens of Windows domains—all connected directly to the Internet. Needless to say, Tony learned the hard way how to keep Windows systems safe in a hostile environment. Tony has authored and co-authored many books on Windows and networking, from NT Network Plumbing in 1998 to the Windows Server 2003 Resource Kit Performance and Troubleshooting Guide. Tony has also written several papers for Microsoft TechNet, covering firewalls, ASP.NET, and other security topics. Orin Thomas is a writer, editor, and systems administrator who works for the certifica tion advice Web site Certtutor.net. His work in IT has been varied: he’s done everything from providing first-level networking support to acting in the role of systems adminis trator for one of Australia’s largest companies. He was co-author of the MCSA/MCSE self-paced training kit for Exam 70-290 and co-editor of the MCSA/MCSE self-paced training kits for exams 70-292 and 70-296, both by Microsoft Press. He holds the MCSE, CCNA, CCDA, and Linux+ certifications. He holds a bachelor’s degree in Science with honors from the University of Melbourne and is currently working toward the comple tion of a PhD in Philosophy of Science. iii Contents Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxi About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxiii Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv About the CD-ROM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv Features of This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv Part 1: Learn at Your Own Pace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv Part 2: Prepare for the Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi Informational Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii Keyboard Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxviii Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxviii Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix Setup Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix The Microsoft Certified Professional Program . . . . . . . . . . . . . . . . . . . . . . . . . . xxx Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi Requirements for Becoming a Microsoft Certified Professional . . . . . . . . . xxxi Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii Evaluation Edition Software Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxxiii Part I Learn at Your Own Pace 1 Planning and Configuring an Authentication Strategy 1-3 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-3 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-4 Lesson 1: Understanding the Components of an Authentication Model . . . . . . . .1-6 The Difference Between Authentication and Authorization . . . . . . . . . . . . . . .1-6 Network Authentication Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Storing User Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 Authentication Features of Windows Server 2003 . . . . . . . . . . . . . . . . . . . .1-9 Authentication Protocols in Windows Server 2003 . . . . . . . . . . . . . . . . . . . .1-9 LM Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-11 NTLM Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 The Kerberos Authentication Process . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13 Storage of Local User Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15 Tools for Troubleshooting Authentication Problems . . . . . . . . . . . . . . . . . . .1-16 vi Contents Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-16 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17 Lesson 2: Planning and Implementing an Authentication Strategy . . . . . . . . . . .1-18 Considerations for Evaluating Your Environment . . . . . . . . . . . . . . . . . . . . .1-18 Guidelines for Creating a Strong Password Policy . . . . . . . . . . . . . . . . . . . .1-19 Options for Account Lockout Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-21 Options for Creating a Kerberos Ticket Policy . . . . . . . . . . . . . . . . . . . . . . .1-22 Windows 2003 Authentication Methods for Earlier Operating Systems . . . .1-24 Using Multifactor Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-27 Practice: Adjusting Authentication Options . . . . . . . . . . . . . . . . . . . . . . . . .1-28 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-30 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31 Lesson 3: Configuring Authentication for Web Users . . . . . . . . . . . . . . . . . . . .1-32 Configuring Anonymous Access for Web Users . . . . . . . . . . . . . . . . . . . . . . 1-32 Configuring Web Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-33 Delegated Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-34 Practice: Configuring Anonymous Authentication . . . . . . . . . . . . . . . . . . . .1-36 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-39 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-40 Lesson 4: Creating Trusts in Windows Server 2003 . . . . . . . . . . . . . . . . . . . . .1-41 Trusts in Windows Server 2003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-43 Practice: Creating Trusts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-49 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-53 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-55 Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-56 Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-57 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-58 Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-60 Key Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-60 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-60 Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-61 Design Activity: Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . .1-65 Design Activity: Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-65 2 Planning and Configuring an Authorization Strategy 2-1 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Lesson 1: Understanding Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Effective Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-4 Inheriting Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-5 Contents vii Standard and Special Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7 Practice: Denying Access Using Group Membership . . . . . . . . . . . . . . . . . .2-14 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-16 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18 Lesson 2: Managing Groups in Windows Server 2003 . . . . . . . . . . . . . . . . . . . 2-19 Types of Groups in Windows Server 2003 . . . . . . . . . . . . . . . . . . . . . . . . . 2-19 Group Scopes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20 Domain and Forest Functional Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-22 Built-In Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-24 Special Groups and Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-28 Tools for Administering Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32 Creating Restricted Groups Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-32 Practice: Creating Groups and Assigning Rights . . . . . . . . . . . . . . . . . . . . . 2-34 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-35 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-37 Lesson 3: Planning, Implementing, and Maintaining an Authorization Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-38 Authentication, Authorization, and the Principle of Least Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-38 User/ACL Authorization Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39 Account Group/ACL Authorization Method . . . . . . . . . . . . . . . . . . . . . . . . . 2-39 Account Group/Resource Group Authorization Method . . . . . . . . . . . . . . . . 2-40 Group Naming Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-41 Defining Which Users Can Create Groups . . . . . . . . . . . . . . . . . . . . . . . . . 2-43 Group Nesting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-44 When to Retire Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-44 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-45 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-46 Lesson 4: Troubleshooting Authorization Problems. . . . . . . . . . . . . . . . . . . . . .2-47 Troubleshooting Simple Authorization Problems . . . . . . . . . . . . . . . . . . . . . 2-47 Troubleshooting Complex Authorization Problems. . . . . . . . . . . . . . . . . . . .2-48 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-54 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-55 Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-55 Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-55 Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-56 Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-57 Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-57 Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-57 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-58 Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-59 viii Contents Key Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-59 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-60 Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-61 Design Activity: Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . .2-65 Design Activity: Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-65 3 Deploying and Troubleshooting Security Templates 3-1 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Lesson 1: Configuring Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-4 Predefined Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5 Security Template Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6 Creating and Editing Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Security Template Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9 Security Configuration for Earlier Versions of Windows . . . . . . . . . . . . . . . .3-13 Practice: Create and Examine a New Security Template . . . . . . . . . . . . . . .3-14 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-16 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Lesson 2: Deploying Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 Deploying Security Templates Using Active Directory . . . . . . . . . . . . . . . . .3-18 Deploying Security Templates Without Active Directory . . . . . . . . . . . . . . . .3-25 Practice: Applying and Deploying Security Templates . . . . . . . . . . . . . . . . .3-27 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-29 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30 Lesson 3: Troubleshooting Security Templates. . . . . . . . . . . . . . . . . . . . . . . . . 3-31 Troubleshooting Problems with Applying Group Policy . . . . . . . . . . . . . . . . .3-31 Troubleshooting Unexpected Security Settings . . . . . . . . . . . . . . . . . . . . . . 3-38 Troubleshooting System Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-43 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-44 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45 Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45 Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49 Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50 Key Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-50 Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 Design Activity: Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . .3-54 Design Activity: Troubleshooting Exercise . . . . . . . . . . . . . . . . . . . . . . . . .3-55 Contents ix 4 Hardening Computers for Specific Roles 4-1 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2 Lesson 1: Tuning Security for Client Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Planning Managed Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Software Restriction Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-5 Security for Desktop Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 Security for Mobile Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 Security for Kiosks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-9 Practice: Restricting Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-10 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14 Lesson 2: Tuning Security for Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-16 Perimeter Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19 Security for DHCP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-21 Security for DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-26 Security for Domain Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29 Security for Internet Information Services . . . . . . . . . . . . . . . . . . . . . . . . . 4-31 Security for Internet Authentication Service . . . . . . . . . . . . . . . . . . . . . . . . 4-39 Security for Exchange Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43 Security for SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46 Practice: Hardening Servers and Analyzing Traffic . . . . . . . . . . . . . . . . . . . .4-50 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54 Lesson 3: Analyzing Security Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55 Security Configuration And Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55 Microsoft Baseline Security Analyzer—Graphical Interface . . . . . . . . . . . . .4-56 Microsoft Baseline Security Analyzer—Command-Line Interface . . . . . . . . .4-58 Practice: Analyzing Security Configurations . . . . . . . . . . . . . . . . . . . . . . . .4-58 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-60 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61 Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61 Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-65 Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-66 Key Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-67 Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-68 Design Activity: Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 Design Activity: Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-73 x Contents 5 Planning an Update Management Infrastructure 5-1 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Lesson 1: Updating Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-3 Introduction to Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Types of Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Product Lifecycles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-10 Chaining Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-12 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13 Lesson 2: Updating Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14 The Updating Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-14 Assessing Your Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-15 Deploying Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-16 The Update Test Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-24 Practice: Evaluating Your Updating Infrastructure . . . . . . . . . . . . . . . . . . . .5-25 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-26 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27 Lesson 3: Updating Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-28 Discovering Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29 Evaluating Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30 Retrieving Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32 Testing Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-33 Installing Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-33 Removing Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-34 Auditing Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35 Practice: Evaluating Your Updating Process . . . . . . . . . . . . . . . . . . . . . . . . 5-36 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-36 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37 Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37 Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-39 Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-42 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43 Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43 Key Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-44 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-44 Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45 Design Activity: Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . .5-48 Design Activity: Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-50 [...]... The eBook The CD-ROM includes an electronic version of this training kit The eBook is in porta ble document format (PDF) and can be viewed using Adobe Acrobat Reader To use the eBook 1 Insert the Supplemental CD-ROM into your CD-ROM drive Note If AutoRun is disabled on your computer, refer to the Readme.txt file on the CD-ROM 2 Click Training Kit eBook on the user interface menu You can also review any... that you first press ALT and W at the same time, and then release them and press L Getting Started This training kit contains hands-on exercises to help you learn about deploying, manag ing, and troubleshooting a Windows Server 2003 security infrastructure Use this section to prepare your self-paced training environment Although the requirements for each of the chapters vary, obtaining the hardware and... Server 2000 or later, and Microsoft Office Outlook 2003 Caution The 180-day evaluation edition of Windows Server 2003, Enterprise Edition pro vided with this training kit is not the full retail product and is provided only for the purposes of training and evaluation Microsoft Technical Support does not support this evaluation edition For additional support information regarding this book and the CD-ROMs... second CD-ROM contains a 180-day evaluation edition of Microsoft Windows Server 2003, Enterprise Edition Caution The 180-day evaluation edition provided with this training kit is not the full retail product and is provided only for the purposes of training and evaluation Microsoft Technical Support does not support this evaluation edition For additional support information regarding this book and the CD-ROM... Microsoft software, please connect to http://support.microsoft.com/default.aspx Evaluation Edition Software Support The 180-day evaluation edition provided with this training kit is not the full retail prod uct and is provided only for the purposes of training and evaluation Microsoft and Microsoft Technical Support do not support this evaluation edition Caution The evaluation edition of Windows Server 2003,... explanations of each correct and incorrect answer Note These questions are also available on the companion CD as a practice test Informational Notes Several types of reader aids appear throughout the training kit Tip Contains methods of performing a task more quickly or in a not-so-obvious way Important Contains information that is essential to completing a task About This Book Note xxvii Contains supplemental... so easy and fun Finally, I want to thank the entire Certtutor.net tutor team, who offer great free advice to people who want to get certified Orin Thomas About This Book Welcome to MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Admin istering Security in a Microsoft Windows Server 2003 Network Today’s networks are constantly under attack by a variety of sources Worms and viruses are the... environ ments using Microsoft tools and technologies Note Exam skills are subject to change without prior notice and at the sole discretion of Microsoft xxiii xxiv About This Book Prerequisites This training kit requires that students meet the following prerequisites: ■ Have a solid understanding of networking fundamentals ■ Have at least one year of experience implementing and administering a Windowsbased... Microsoft Learning Support Web site at http://www.microsoft.com/learning/support/default.asp/ You can also e-mail tkinput@microsoft.com or send a letter to Microsoft Learning, Attn: MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a Microsoft Windows Server 2003 Network Editor, One Microsoft Way, Redmond, WA 98052-6399 Setup Instructions Set up your computer hardware... Gulati at Microsoft to put together the team that would create this book I have to thank Marzena Makuta, my editor, for being remarkably patient while I learned the correct style for a Microsoft Press training kit Rebecca Davis did a great job of keeping me (and probably everyone else!) on schedule, even when the schedule needed to be adjusted I was fortunate enough to have two technical reviewers for this . co-author of the MCSA/MCSE self-paced training kit for Exam 70-290 and co-editor of the MCSA/MCSE self-paced training kits for exams 70-292 and 70-296, both. networking, from NT Network Plumbing in 1998 to the Windows Server 2003 Resource Kit Performance and Troubleshooting Guide. Tony has also written several papers