MCSE Windows ® Server 2003 EXAM GUIDE Brian Culp, Mike Harwood, Jason Berg with Drew Bird McGraw-Hill/Osborne New York • Chicago • San Francisco • Lisbon London • Madrid • Mexico City • Milan • New Delhi San Juan • Seoul • Singapore • Sydney • Toronto Copyright © 2004 by The McGraw-Hill Companies. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. ISBN: 978-0-07-163353-6 MHID: 0-07-163353-7 The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-222406-1, MHID: 0-07-222406-1. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative please visit the Contact Us page at www.mhprofessional.com. Information has been obtained by McGraw-Hill/Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill/Osborne, or others, McGraw-Hill/Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, trans- mit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUD- ING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WAR- RANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, conse- quential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. Disclaimer: This eBook does not include the ancillary media that was packaged with the original printed version of the book. The logo of the CompTIA Authorized Quality Curriculum Program and the status of this or other training material as “Authorized” under the CompTIA Authorized Curriculum Program signifies that, in CompTIA’s opinion, such training material covers the content of the CompTIA’s related certification exam. CompTIA has not reviewed or approved the accuracy of the contents of this training material and specifically disclaims any war- ranties of merchantability or fitness for a particular purpose. CompTIA makes no guar- antee concerning the success of persons using any such “Authorized” or other training material in order to prepare for any CompTIA certification exam. The contents of this training material were created for the CompTIA A+ exams cover- ing CompTIA certification exam objectives that were current as of September 2003. How to Become CompTIA Certified This training material can help you prepare for and pass a related CompTIA certifica- tion exam or exams. In order to achieve CompTIA certification, you must register for and pass a CompTIA certification exam or exams. In order to become CompTIA certified, you must: 1. Select a certification exam provider. For more information please visit http:// www.comptia.org/certification/test_locations.htm. 2. Register for and schedule a time to take the CompTIA certification exam(s) at a convenient location. 3. Read and sign the Candidate Agreement, which will be presented at the time of the exam(s). The text of the Candidate Agreement can be found at www.comptia .org/certification 4. Take and pass the CompTIA certification exam(s). For more information about CompTIA’s certifications, such as their industry accep- tance, benefits, or program news, please visit www.comptia.org/certification. CompTIA is a non-profit information technology (IT) trade association. CompTIA’s certifications are designed by subject matter experts from across the IT industry. Each CompTIA certification is vendor-neutral, covers multiple technologies, and requires demonstration of skills and knowledge widely sought after by the IT industry. To contact CompTIA with any questions or comments: Please call + 1 630 268 1818 questions@comptia.org For Lt. Colonel Lloyd W. Smith, United States Air Force: the bravery it took to face what you did at Pearl Harbor, D-Day, and in Korea is quite literally beyond my comprehension. Thank you. I hope my life honors the gift you helped provide. For happy Jen, for the sweet way you get indignant at the thought of others editing my work. —B.C. This book is dedicated to family and friends whose patience and understanding make all of the difference. —M.H. This book is dedicated to Lloyd. Of all the lessons in life I wish to teach you, the most important one is that you can do anything you set your mind to. If your Dad can write a book, then you can become a marine biologist. Or a baseball player. Or even play football for the Ducks. —J.B. ABOUT THE AUTHORS Brian Culp (MCT, MCSE, A+) worked for a small networking outfit called IBM where he discovered why Dilbert is so popular. He is the author of Mike Meyers’ MCSE Windows 2000 Professional Certification Passport and Mike Meyers’ MCSE Windows XP Professional Certification Passport. He has also contributed to several other computer titles, including books on Windows XP and Outlook 2003. He can be reached for questions or speaking engagements at bculp@everestkc.net. Mike Harwood (MCT, MCSE, A+, Server+) is a system manager for a multi-site network and manages projects for a TecMetrix communications, a systems integration consul- tancy. He performs technical training, writes technical courseware, and is co-author of several computer books. Jason Berg is a full-time technical instructor and part-time writer. This is his first book, but definitely not his last. He teaches hardware, networking, Cisco, and Microsoft certif- ication courses. Jason is the founder of 2weekmcse.com, a technical training company specializing in certification classes. Jason is a graduate of the University of Oregon. He has earned the MCSE, MCT, and MCDBA certifications from Microsoft and CCNA certif- ication from Cisco. He lives in Portland, Oregon, with his wife, Rebecca, son Lloyd, and dog Shari. You can reach Jason at jberg@2WeekMCSE.com or on his web site, www .2WeekMCSE.com. About the Development Editor Drew Bird has been working in the IT industry since 1988. In addition to writing techni- cal books and exam study guides, he is an established technical trainer with over 500 days of in-classroom experience teaching Microsoft and Novell networking courses. Drew and his wife, Zoë, live in the hills outside of Kelowna, British Columbia, Canada. In his spare time Drew is an avid adventure racer, scuba diver, skier, and snowboarder. He also enjoys watching the odd film or two. About the Technical Reviewer Matteo Rustico (MCSE, MCT, OCP, CNE) has ten years’ experience in the IT industry and is currently working as an instructor and consultant for Destech Consulting and Ed- ucation in Toronto, Canada, as part the Oracle database and Microsoft Networking Im- plementation Teams. About LearnKey LearnKey provides self-paced learning content and multimedia delivery solutions to en- hance personal skills and business productivity. LearnKey claims the largest library of rich streaming-media training content that engages learners in dynamic media-rich in- struction complete with video clips, audio, full motion graphics, and animated illustra- tions. LearnKey can be found on the Web at www.LearnKey.com. CONTENTS AT A GLANCE Part I Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) . . . . . . . . . . . . . . . . . . . 1 Chapter 1 Managing and Maintaining Physical and Logical Devices . . . . . . . . . . 3 Chapter 2 Managing Users, Computers, and Groups . . . . . . . . . . . . . . . . . . . . 69 Chapter 3 Managing and Maintaining Access to Resources . . . . . . . . . . . . . . . . 145 Chapter 4 Managing and Maintaining a Server Environment . . . . . . . . . . . . . . . 203 Chapter 5 Managing and Implementing Disaster Recovery . . . . . . . . . . . . . . . . 259 Part II Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam 70-291) . . . . . . . . . . . . . . . . . . . . . . . 297 Chapter 6 Administering DNS in a Windows Server 2003 Network . . . . . . . . 299 Chapter 7 Implementing, Managing, and Maintaining IP Addressing . . . . . . . . . 315 Chapter 8 Implementing, Managing, and Maintaining Name Resolution . . . . . . 357 Chapter 9 Implementing, Managing, and Maintaining Routing and Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 Chapter 10 Managing Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429 Chapter 11 Maintaining a Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . 467 Part III Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam 70-293) . . . . . . . . . . . 499 Chapter 12 Implementing Server Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 Chapter 13 Planning, Implementing, and Maintaining a Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541 Chapter 14 Planning, Implementing, and Maintaining Routing and Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 Chapter 15 Maintaining Server Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Chapter 16 Planning and Maintaining Network Security . . . . . . . . . . . . . . . . . . . 659 Chapter 17 Planning and Maintaining a Security Infrastructure . . . . . . . . . . . . . . 695 vii Part IV Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure (Exam 70-294) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729 Chapter 18 About Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 731 Chapter 19 Planning and Implementing an Active Directory Infrastructure . . . . 751 Chapter 20 Planning and Implementing User, Computer, and Group Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 791 Chapter 21 Managing and Maintaining an Active Directory Infrastructure . . . . . 839 Chapter 22 Planning and Implementing Group Policy . . . . . . . . . . . . . . . . . . . . . 875 Chapter 23 Managing and Maintaining Group Policy . . . . . . . . . . . . . . . . . . . . . . 921 Appendix About the CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 967 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 971 MCSE Windows Server 2003 All-in-One Exam Guide viii CONTENTS Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi Part I Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) . . . . . . . . . . . . . . . . . . . . . . . 1 Chapter 1 Managing and Maintaining Physical and Logical Devices . . . . . . . . . . . 3 Installing, Configuring, and Troubleshooting Devices . . . . . . . . . . . . . . . 4 Installing Devices Using Plug-and-Play . . . . . . . . . . . . . . . . . . . . . . 4 Installing Hardware Detected by Server 2003 . . . . . . . . . . . . . . . . . 5 Installing Devices Using the Add Hardware Wizard . . . . . . . . . . . . 7 Lab Exercise 1.1: Installing a New Device Using the Add Hardware Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Using the Help and Support Center to Install Hardware . . . . . . . . 10 Using Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Updating Drivers Using Device Manager . . . . . . . . . . . . . . . . . . . . 12 Managing Device Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Hardware Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Driver Signing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Signature Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Windows Update and Automatic Update . . . . . . . . . . . . . . . . . . . . . . . . . 18 Installing Multiple Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Managing Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Installing and Managing Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Installing a Network Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Installing a Local Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Lab Exercise 1.2: Installing a Local Printer . . . . . . . . . . . . . . . . . . . 22 Configuring Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Installing Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Lab Exercise 1.3: Adding a Unix Printer to a Windows 2003 Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Loading Additional Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Allowing Access to Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Sharing a Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Print Priorities and Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Printer Pooling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Managing Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Managing Printers Using Internet Explorer . . . . . . . . . . . . . . . . . . . 30 ix [...]... Domain Accounts Lab Exercise 20.1: Creating a Domain User Adding Groups in Windows Server 2003 792 792 793 795 801 758 759 760 761 763 764 765 MCSE Windows Server 2003 All-in-One Exam Guide xxiv Lab Exercise 20.2: Adding Members to a Group Domain and Forest Functional Modes ... Answers 290 291 294 Part II Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam 70-291) 297 Chapter 6 Administering DNS in a Windows Server 2003 Network 299 The NetBIOS Namespace The DNS Namespace ... DHCP Server DHCP Overview DHCP Clients and Leases DHCP Server Configuration Scopes Manage Reservations and Reserved Clients 316 316 317 320 321 323 325 329 330 332 335 335 336 337 338 338 338 MCSE Windows Server 2003. .. 124 125 125 127 128 128 MCSE Windows Server 2003 All-in-One Exam Guide xii Lab Exercise 2.4: Creating Groups and Adding Members to Groups Granting Access Between Domains Trust Relationships How Groups Are Used to Grant Access to Resources Windows 2000 and 2003 Group Rules ... 467 468 476 477 487 489 491 493 494 496 Part III Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam 70-293) 499 Chapter 12 Implementing Server Security 501 Configuring and Planning Security for Servers Securing Local Group Access Securing Global Groups... 921 924 927 928 929 893 893 898 930 MCSE Windows Server 2003 All-in-One Exam Guide xxvi Lab Exercise 23.4: Exporting a Database of Settings into a New Security Template Configuring an Audit Policy Deploying Software Through Group Policy Exploring Windows Installer Technology Lab.. .MCSE Windows Server 2003 All-in-One Exam Guide x Redirecting Print Jobs Troubleshooting Printers Physical Disks ... Translation Internet Connection Sharing 541 542 543 548 549 550 551 553 554 555 556 557 559 562 563 564 564 566 566 567 569 569 573 MCSE Windows Server 2003 All-in-One Exam Guide xx Troubleshooting Internet Connectivity Troubleshooting Basics Troubleshooting NAT ... Troubleshooting Security for Data Transmission IP Security Monitor 659 660 661 664 676 679 679 681 681 683 684 684 685 686 686 MCSE Windows Server 2003 All-in-One Exam Guide xxii Using the Resultant Set of Policy Configuring IPSec with NETSH Chapter Review ... How Delta Airlines Uses Web Certificates 204 204 209 212 212 213 217 219 219 220 221 222 222 224 226 226 228 231 232 232 233 233 234 235 237 242 246 247 251 MCSE Windows Server 2003 All-in-One Exam Guide xiv Chapter Review Questions Answers . Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam 70-291) . . . 297 Chapter 6 Administering DNS in a Windows Server 2003 Network . . Microsoft Windows Server 2003 Network Infrastructure (Exam 70-291) . . . . . . . . . . . . . . . . . . . . . . . 297 Chapter 6 Administering DNS in a Windows Server