1383
Index
Symbol128-bit IP address space, 492–49432-bit
operating systems, 5printer driver support, 214registry considerations, 1269
64-bitoperating systems, 5printer driver support, 214registry considerations, 1269
802.11 protocols listed, 867–868802.1X authentication, 868, 872–874
Aabstract classes, 452acceptable-use policies, 1159access-by-policy administrative model, 840–847access-by-user administrative model, 838–840access control, 709, 757–759access control entries (ACEs), 25, 26access control lists (ACLs), 25, 307access rights. See permissionsAccessibility Wizard, 1346Accessories And Utilities grouping, 1346–1348accessories grouping, 1346account domains, 118Account Policies security area, 741accounting, RADIUS, 862accounts
managed computers, 948–950security planning, 69–70user
deleting, 255disabling, 254domains, 250–251enabling, 254finding, 253–254local, 251managing, 253–257moving, 255names, 247, 256options, 248overview, 247
passwords, 249–250, 256properties, setting, 251–252remote access permissions, 838–840testing, 252–253unlocking, 257
user objects, 420ACPI (Advanced Configuration Power Interface),
945ACPI BIOS, 100, 112acronyms, password, 71activating products, 64–65activating scopes, 504active caching, 1126Active Directory
architecture, 23–27attributes, 21containers, 21data model, 24delegation, 26Directory System Agent, 23–24distinguished names, 22–23DNS zone storage, 486–487federated identity management, 430forests, 109, 121–131, 395–403functional testing, 140–141global catalogs, 26–27inheritance, 26LDAP, 487management tools, 377–378name formats, 24namespaces, 20–21naming contexts, 26new services, 1347organizational units, 108overview, 11–12, 19–23partitions, 26printer publishing, 198publishing shares, 292–293restore modes, 1244–1245security, 25trust relationships, 109–112, 400–402upgrading to, 107–112
Active Directory Application Mode (ADAM), 19
Z07I620474.fm Page 1383 Wednesday, January 18, 2006 4:56 PM
1384
Active Directory domainschild, 388–389creating, 384domain controller names, 428–429domain managers, 402functionality, 396–400managing, 403models, 121–128names, 384–386, 429
Active Directory Domains and Trusts snap-indomain functionality, 396–400domain management, 403domain managers, 402forest functionality, 396–400launching, 395overview, 395trust relationships, 400–402UPNs, 402
Active Directory Federation Services (ADFS), 430Active Directory Installation Wizard, 378–379Active Directory installations
DNS servers, 379–381domain controllers
demotions, 392–393identification, 394replicas, 387–388server promotion to, 381–386upgrades, 391
domainschild, 388–389creating, 384names, 384–386
forests, 390Global Catalog servers, 394–395options, 386–390overview, 377–379partitions, 379trees, 390
Active Directory Management console, 324Active Directory Migration Tool (ADMT), 12, 115Active Directory objects
computers, 425–426default, 409–411delegating control, 400–416deleting, 428filters, 406–407finding, 408groups, 423–425moving, 428organizational units, 411–414overview, 21, 404–411
printers, 427remote computer management, 426renaming, 428shared folders, 427types, 404–405users, 417–423
Active Directory schemaattributes
adding, 452auxiliary class, adding, 452–453creating, 449–450display specifiers, 454–456object classes, creating, 451–452overview, 448
batch imports and exports, 457display specifiers, modifying, 454–456domain controller accessed, 447implementing, 25launching, 446–448LDIF, 457–459modifying, 448–453operations master roles, 460–467overview, 23, 445security, 445–446updates, 140–147
Active Directory Services Interface (ADSI), 19, 354, 356
Active Directory sitesconnection objects, 439–440domain replication, 436–438overview, 108, 433–434replication objects, 438server objects, 439–440site link bridge objects, 444site link objects, 443site links, 444site objects, 434–436, 438–439subnet objects, 441–442
Active Directory Sites and Services snap-in, 433, 438–445
Active Directory Users and Computers snap-inadvanced mode, 405computer objects, 425–426delegating object control, 400–416deleting objects, 428domain management, 406groups, 423–425launching, 403moving objects, 428normal mode, 405organizational units, 411–414
Active Directory domains
Z07I620474.fm Page 1384 Wednesday, January 18, 2006 4:56 PM
1385
overview, 403printer objects, 427remote computer management, 426renaming objects, 428shared folder objects, 427User Manager for Domains, 1342user objects, 417–423viewing objects
default objects, 409–411filters, 406–407finding objects, 408overview, 404types, 404–405
Active Scripting, 353, 354–355Add Printer Wizard, 195Add To A Group command, 419address pairs, Network Monitor, 1194Address Resolution Protocol (ARP), 480addressable memory limits, 15addresses. See also DNS (Domain Name System);
name resolution; TCP/IPadding, 173analyzing, 47DNS settings, configuring, 175–176dynamic addressing, 171–172firewalls, 476–477IPv6, 492–494loopback, 475managing, 487–489network address translation, 1124–1125network classes, 474–476Network Monitor databases, 1191overview, 474private, 1125remote access policies, 851reservations, 504restrictions, 1088–1089routers, 479routing protocols, 480server clusters, 593static addressing, 173subnets, 477–478Web sites, 1079–1080WINS, 176–177, 532–537
ADMIN$ share, 286administering remotely
Active Directory objects, 426consoles, custom, 329–330Device Manager, 1339disk management, 545
Emergency Management Servicesoverview, 1312–1313requirements, 1314security, 1315setting up, 1315–1320
enabling, 162–163IIS, 1119–1120shares, 286tool installations, 335
administrative options. See also administrative tools; groups
printing, 199–208Terminal Services Manager, 992–1000Virtual Server, 978–979Windows Terminal Services, 982–983, 992
administrative shares, 286administrative tasks, 1062–1068administrative templates, Group Policy, 296, 298administrative tools
auditing eventsarchiving logs, 342categories, 336–338enabling, 337–338filtering logs, 341log size, 341–342object settings, 338–339overview, 336–338searching logs, 340viewing logs, 339
AT command, 347–348cron, 348delegating control, 26, 343–344IIS, 1044–1047installing locally, 334installing remotely, 335Management And Monitoring Tools, 1349MMC, 323–330overview, 323remote access policies, 838–847scripts, 335–336, 1047secondary logons, 323–330Support Tools, 335Task Scheduler, 344–347
administrator account security, 69–70, 185administrator disk quotas, 632–633Administrator Website, Virtual Server, 961–962Advanced Encryption Standard (AES), 869, 870Advanced RISC Computing (ARC), 1217alerts, 1184–1186allocation units, 539
allocation units
Z07I620474.fm Page 1385 Wednesday, January 18, 2006 4:56 PM
1386
allowing Web browsing, 1136–1138alternate file restore locations, 1240analyzing system security, 747–749anonymous access
FTP sites, 1098–1099SMTP virtual servers, 1113Web sites, 1086–1087
answer filescomponent installations, 80distribution shares, 83–84headless servers, 1318–1319overview, 57–58RIS images, 940–942Setup Manager, 83–84types, 72Windows Setup, initiating, 94
Apple Macintosh interoperability, 899application-layer filtering, 1126application-layer protocols, 1037–1043, 1102–1117application logs, 1167Application server, 1044–1045, 1347application server mode, 988–992application settings, Web, 1085applications. See also software management; Virtual
Serverassigning, 906–907available on network computers, 902deployment planning, 5–6inventorying, 48media pools, 678printing failures, 223publishing, 906–907restriction policies, 923–926support improvements, 113updating, 907–908
approving certificate requests, 822architecture changes
Active Directory, 107–112domain controllers, 106–107hardware, 112–113server roles, 106–107software, 113
archiveattributes, 1225–1226backups, 1223event logs, 342, 1170security logs, 781
ARP (Address Resolution Protocol), 480ASR (Automated System Recovery), 1212–1215,
1292, 1301–1302Asrpnp.sif, 1215
Asr.sif, 1215assess phase, patch management, 785–786assessing business needs, 45–46assessing current systems, 46–48assigning addresses. See addressesassigning applications, 906–907asymmetric encryption, 713, 722AT command, 347–348At Logon backup option, 1235At System Startup backup option, 1235ATA (Advanced Technology Attachment), 541attributes
Active Directory, 21Active Directory schema
adding, 452auxiliary class, adding, 452–453creating, 449–450object classes, creating, 451–452overview, 448
remote access policies, 848–850audio files, saving, 625auditing
eventsarchiving logs, 342categories, 336–338enabling, 337–338filtering logs, 341log size, 341–342object settings, 338–339overview, 336–338searching logs, 340viewing logs, 339
network resources, 46–48overview, 710security, 737, 778–781
authentication. See also connection services; protocols
access control, implementing, 757–759Active Directory sites, 434combining methods, 1088defined, 837enabling, 751–757FTP sites, 1098–1099hardware-enabled, 706IPSec policies, 771mutual, 706NNTP virtual servers, 1107overview, 704, 751proof of identity, 704requests, 861scripts, 362–363, 370
allowing Web browsing
Z07I620474.fm Page 1386 Wednesday, January 18, 2006 4:56 PM
1387
smart cards, 752–756SMTP virtual servers, 1113trust relationships, 109–112Web sites, 1086–1087wireless networking, 868–870
Authentication Header (AH), 727authoritative restore mode, 1245authorizations, 837authorizing DHCP servers, 503auto apply quotas, 619–621autoenrollment, certificates, 816–817Automated Deployment Services (ADS), 59–60, 67automated installations
answer files, 94components, 80image-based installations, 58–60optional components, installing, 80Setup-based installations, 57–58Windows Server 2003 R2, 78–79
automatic. See also scriptsaddress management, 487–489application deployments, 902certificate enrollments, 816–817log ons, 940printer driver updates, 215Remote Desktop enabling, 163software package upgrades, 919–920updates, 62–63, 791–795
Automatic Certificate Request Setup Wizard, 816–817
Automatic Updates, 62, 160auxiliary classes, 448, 452–453availability. See also clusters
clustering, 1263DFS, 1262disk arrays, 1256–1262failure measurements, 1250–1251load balancing, 595overview, 11, 1249power supply problems, 1251–1256printers, 209–210RAID levels, 1261
available patches, finding, 786–788
Bbackup accounts, 71Backup CA command, 810backup domain controllers, 20, 37, 40, 106–107,
135backup power supplies, 1251–1256
backup print servers, 218–219Backup program, 1228–1236Backup Utility, 1290–1291backup windows, 1224Backup Wizard, 1237backups
archival, 1223certificate authorities, 810–812command line, 1237–1239disaster preparation, 1212domain upgrades, 131–133encrypted files, 1243excluding files, 1232failure, planning for, 1242–1243launching, 1227logs, 1231media rotation, 1227, 1247options, 1230overview, 1221permissions, 1229, 1246recovery drives, 1220registry, 1290–1291restoring from, 1311scheduling, 1234–1236scripts, 1229server configuration settings, 1072–1073steps, 1227–1228storage medium, 1221–1223, 1230strategy planning, 1224–1227system state, 1242–1243third-party utilities, 1246–1247types, 1225–1226
bandwidth, 984, 1082BAP (Bandwidth Allocation Protocol), 851barcodes, 678–679baseline performance, 1159, 1160baseline security analysis, 781–782basic authentication, 1087, 1098–1099basic disks, 540batch imports and exports, 457beta user deployments, patches, 791BIND (Berkeley Internet Name Domain), 506biometrics, 706BIOS compatibility, 100.BKF files, 1223blocking
file types saved, 624–630Group Policy inheritance, 303inherited permissions, 272–273software access, 923–926
blocking
Z07I620474.fm Page 1387 Wednesday, January 18, 2006 4:56 PM
1388
boot diskscreating, 1216–1217mirrored boot partitions, 1299–1300recovery with, 1298remote, 951
boot logs, 1298Boot menus, displaying, 101–102boot timeouts, changing, 102booting computer for installations, 61booting previous operating systems, 101–103Boot.ini files, 1299BOOTP ROM chips, 930bottlenecks, 1158, 1163–1164boundaries, site, 436branch office replication groups, 656–655breaking mirrors, 565bridges, network, 480Briefcase, 1340brownouts, 1254–1255Browsing (Computer Browser service), 491built-in Administrator accounts, 71built-in groups, 237–241business needs, identifying, 45–46
Ccache
catalogs, 1019–1020disabling, 99file system settings, 1199–1200ISA 2004, 1126, 1139–1140size, 1201
caching-only servers, 531–532calculating future business needs, 46CALs (Client Access Licenses), 63–64canceling print jobs, 205capacities
NLB clusters, 588–589server clusters, 597–598Windows Terminal Services, 982–984
CAPICOM, 731capture
buffers, 1190filters, 1192–1195triggers, 1198–1199
Capture window, Network Monitor, 1188–1189capturing network frames, 1187–1188capturing physical devices, 969CAs (certificate authorities). See certificate
authorities (CAs)
catalogsconfiguring, 1016–1017corrupted, 1032creating, 1015–1016defined, 1010directories, 1017–1018global, 26–27new Web site indexing, 1027No Documents Matched Query error, 1030–1031overview, 1015properties, adding, 1019–1020property cache, configuring, 1019–1020restarting, 1017scanning indexes, 1020–1021security, 1018
CBC-MAC (Counter Mode Cipher Block Chaining Message Authentication Code), 870
CCE (Compute Cluster Edition), 611CCMP (CBC-MAC protocol), 870CCS (Compute Cluster Server), 611CDs
backups, 1223, 1247installations, 56, 94operating system images, 936–939virtual machines and, 969–971
certificate authorities (CAs)backups, 810–812certificate publishers, 798certificate registration, 717–718certificate templates, 799–801command-line tools, 825–827configuring, 805–809enterprise, 801–802exit modules, 798, 814hierarchies, 823–825installing, 805–809overview, 715pending requests, changing, 822policy modules, 798, 813preinstallation, 803–805properties, 812–815renewing, 812restores, 812roles, 803root, 715–717, 803security, 804, 815standalone, 802, 822starting, 810stopping, 810subordinate, 715–717, 803types, 801–802updating, 1352
boot disks
Z07I620474.fm Page 1388 Wednesday, January 18, 2006 4:56 PM
1389
certificate revocation lists (CRLs), 719–721, 817–819Certificate Services
CA hierarchies, 823–825Certificates snap-in, 760–763, 822Certification Authority snap-in, 809–822command-line tools, 825–827configuring, 805–809installing, 805–809overview, 1348preinstallation, 803–805
certificate trust lists (CTLs), 820–822certificates
categories, 760chain verifications, 716–717directories, 718editing, 819exporting, 761importing, 762, 819managing, 760–763overview, 711–712public-key, 714–715publishers, 798publishing, 814recovery agents, 773–774registering, 717–718removing, 819renewals, 720requesting, 762–763, 825–827revocation, 719–721, 817–819S/MIME, 721–722smart cards, 752–756specific purposes, 763SSL, 1089–1092templates, 719, 799–801, 815–817trusted, 819–822Update Root Certificates option, 1352
Certificates snap-in, 760–763, 822Certification Authority Backup Wizard, 810–812Certification Authority Restore Wizard, 812Certification Authority snap-in, 809–822Certreq tool, 825–827Certsrv tool, 825Certutil tool, 827chain verifications, 716–717Change command, 990–992changed interface items, 1331–1335characters
passwords, 71, 249printer names, 188UNIX file listing, 880–882user names, 248
Chat tool, 1347checking print server status, 224
checking system file versions, 1311child domains, 39, 388–389CiDaemon, 1010CIDR (Classless Internet Domain Routing), 475class A addresses, 474class B addresses, 475class C addresses, 475class D addresses, 476class E addresses, 476cleaning libraries, 682Client for NFS component, 887, 894–895Client (Respond Only) policy, 765client/server protocols, 1038–1043clients. See also software management
address leases, 514deployment planning, 5–6DFS, 642ISA 2004, 1126printing problems, 219–223Web site restrictions, 1088–1089Windows XP upgrades, 147–148wireless security, 873, 874
Clipboard Viewer, 1338ClipBook Viewer, 1338cluster-unaware applications, 594clustered resources, creating, 604–611clusters. See also Network Load Balancing (NLB)
clustersbusiness goals, 579checklists, 580compute, 611DHCP servers, 508–510Internet, 577intranet, 577mission-critical availability, 578–579overview, 11, 575–576planning, 579–580risk assessments, 580scenarios, 577–579server
capacities, 597–598configuring, 595–597creating, 598–611failback policies, 595failover policies, 595groups, 591networks, 590nodes, 591overview, 576, 590–592, 1263resources, 592–595
size, 569Terminal Services, 578types, 1263
clusters
Z07I620474.fm Page 1389 Wednesday, January 18, 2006 4:56 PM
1390
CoCreateInstance API, 371COM scripts, 354, 371combining authentication methods, 1088command prompt, 1340commands
alternative shell, 355backup jobs, 1237–1239Certificate Services tools, 825–827Cmd.exe, supported by, 353device administration, 165DHCP administration, 514discovery process, 363disk management, 545enhancements, 354–355error information, 369help switches, 353overview, 353passwords, 362path management, 363–365printer management, 207–208Recovery Console, 1218, 1355–1356registry, 1288–1289Setup parameters, 95–98supported, 353System File Checker, 1311user object creation, 418what’s new, 356working directories, 363
comment frames, 1191–1192commercial authoring packages, 905Common Log File System (CLFS), 567common names (CN), 22communications, 13–14, 1347compacting databases, 537company structure-based naming conventions, 32compatibility. See also Virtual Server
security templates, 743servers, 118–120Windows NT domain upgrades, 118–120
Complementary Code Keying (CCK), 867complete-trust domain model, 128components
configuring, 170–171installing, 80, 171optional, 1345–1352
compression, 438, 1338–1339Compression Agent, 1338–1339compromised security, handling, 782Compute Cluster Edition (CCE), 611Compute Cluster Server (CCS), 611compute clusters, 611Computer Browser service, 491
Computer Configuration node, 304–305Computer Management console, 543, 546computer-related policies, GPOs, 296computers. See also software management;
upgrading clients to Windows XP; upgrading to Windows Server 2003
Active Directory objects, 425–426booting, 61names, 170preparing to upgrade, 138–140restarts, 913RIS account locations, 934
Computers Near Me, 1339concurrent connection licensing, 63–64concurrent Terminal Services users, 985confidentiality, data, 707–708configuration backups, servers, 1072–1073configuration settings. See registryConfigure A DNS Server Wizard, 516–520Configure Your Server Wizard, 178–181, 498configuring new installations
devices, 164–169network settings, 169–177overview, 159problems, checking for, 164remote administration, 162–163security precautions, 184server roles, 178–181storage, 168–169updates, installing, 159–161
conflict detection, DHCP servers, 511conflict resolution, replication, 653connection objects, Active Directory sites, 439–440connection services
dial-up remote access, 830, 834–835IAS, 858–863NAT servers, 835–836overview, 829–830RADIUS
how it works, 860multiple remote access servers, 861–863proxy, 863–864
remote access policiesconfiguring, 848–852default, 837–838setting, 836
remote access servers, 833–834, 852–853Terminal Services sessions
Terminal Services Configuration MMC, 1000–1004
Terminal Services Manager, 993–1000
CoCreateInstance API
Z07I620474.fm Page 1390 Wednesday, January 18, 2006 4:56 PM
1391
Virtual Serveradministering, 978–979alternatives to, 979properties, configuring, 965–966
VPNs, 727–729, 831–833, 853–858connectivity. See also protocols; wireless
external, 47IIS servers, 1072–1073network activity monitoring, 1165–1166NFS shares, 892–894NNTP virtual servers, 1109operating systems, 47overview, 13–14print servers, 188, 207printers, 199, 202–204simultaneous, 284–285Storage Manager For SANs, 670–671timeout values, 1081UNIX interoperability, 883–884Web sites, 1048–1049
console redirection, firmware-based, 1316console wrappers, 358–362consoles. See Microsoft Management Console (MMC)consolidating domains, 126constant voltage transformers, 1254–1255containers
Active Directory, 21Group Policy, 298, 301
content expirations, Web sites, 1093content indexing. See Indexing Servicecontent ratings, Web sites, 1093continuous namespaces, 41control set registry information, 1276Convenience Consoles, 324converting
disk to dynamic disks, 558–559FAT to NTFS, 565filenames, 88–89partitions, 379
copy backups, 1226Copy command, 419copying
lockups during, 100–101mass storage drivers, 87–88Recovery Console functionality, 1353updates to distribution share, 83user profiles, 946Windows installations, 58–60
corpus, 1010, 1012corrupted catalogs, 1032corrupted databases, 637
countersdisk activity, 1164–1165Indexing Service, 1029–1030logs, 1181–1184memory usage, 1162–1163network activity, 1165–1166processor activity, 1163–1164System Monitor, 1177–1178
CPUsactivity monitoring, 1163–1164Windows Terminal Services, 983–984
credentials. See authenticationcritical device databases, 86critical updates, 783cron, 348cross-root certifications, 717CryptoAPI, 730cryptographic service providers (CSPs), 730cryptography. See also encryption keys
backups, 1243CAPICOM, 731certificate authorities, 805DPAPI, 731file system level, 571–573indexing, 1018IPSec, 725–727local data, 773–778overview, 571–573recovery policies, 773–774remote access policies, 852S/MIME, 721–722smart cards, 710–711SSL, 724–725VPNs, 831Web sites, 1086WEP, 869wireless networking, 868–870WPA, 869–870WPA2, 870
cscript, 358–362Cscript.exe, 336CSMA/CA (carrier sense multiple access with
collision avoidance), 867current
control set registry information, 1276FTP site connections, 1097network structure, documenting, 116–120performance tracking, 1175–1180security status, 781–782systems, assessing, 46–48Web settings, 1117–1119
CurrentControlSet subkeys, 1276Custom Installation Wizard, 921
Custom Installation Wizard
Z07I620474.fm Page 1391 Wednesday, January 18, 2006 4:56 PM
1392
custom query forms, 1024–1027custom subnet masks, 478custom topology, 641customizing. See also user profiles
Active Directory object filters, 406–407console layouts, 327–328consoles, MMC-based, 324–330HTTP headers, 1093IPSec policies, 767–768network entities, 1147–1148Network Monitor, 1190–1192object delegation tasks, 415–416performance reports, 1172quotas, 619–621roaming profiles, 263security templates, 744–745separator pages, 211–212Start menu, 1341
Ddaily backups, 1226, 1235daily operations. See administrative toolsDAP (Directory Access Protocol), 19Dashboard, ISA 2004, 1144data available on network computers, 902data backups
archival, 1223command line, 1237–1239encrypted files, 1243Exchange servers, 1243excluding files, 1232failure, planning for, 1242–1243launching, 1227logs, 1231media rotation, 1227, 1247options, 1230overview, 1221permissions, 1229, 1246scheduling, 1234–1236scripts, 1229steps, 1227–1228storage medium, 1221–1223, 1230strategy, planning, 1224–1227system state, 1242–1243third-party utilities, 1246–1247types, 1225–1226Windows Server 2003 Backup program,
1228–1236Windows Server 2003 Backup Wizard, 1237
data centers, deployments in, 59–60data collection groups, 1171, 1173data confidentiality, 707–708data encryption. See encryption
data integrity, 708–709, 870data mirrors
adding, 561–562breaking, 565drive failures, 563–564removing, 564
Data Protection API (DPAPI), 731Data Protection Manager (DPM), 1247data restores
file destinations, 1240file selections, 1239options, 1241–1242overview, 1239
data security. See also authentication; certificates; firewalls; permissions; wireless
access control, 709, 757–759analyzing, 747–749, 781–782compromised systems, handling, 782deployment policies, 739IIS, 1062–1065IPSec policies, 764–772ISA 2004 server, 1131, 1136–1138iSCSI, 673local data, 773–778nonrepudiation, 710overview, 9–10, 703–704, 707–709, 733planning, 69–70precautions, 184
data storage. See also disk managementbackups, 1221–1223, 1230certificates, 814configuring, 168–169DFS, 1262disk activity monitoring, 1164–1165Distributed File System
installations, 644overview, 634–635terminology, 637–641what’s new, 636
File Server Resource Managerdisk quotas, 630–634file screens, 624–630global options, 614–615overview, 614quotas, 618–624reports, 615–617
GPO information, 297Indexing Services, 1012–1013overview, 13, 613registry, 1277–1279Remote Storage, 686–699, 1351Removable Storage, 676–686Storage Manager For SANs, 663–676
custom query forms
Z07I620474.fm Page 1392 Wednesday, January 18, 2006 4:56 PM
1393
data typesprinters, 213–214registry, 1277–1278
database compacting, WINS, 537database security, 746–747Datacenter Edition, Windows Server 2003, 4–5datagrams, 470DCOM scripting, 356dcpromo.exe. See Active Directory Installation
Wizarddeactivating scopes, 504, 510decoy accounts, 71decryption, 713dedicated forest root domains, 123, 134default
Active Directory objects, 409–411certificate publishers, 798FTP sites, 1058Group Policy, 298home directory files, 1085–1086operation systems, changing, 102principal name suffix, 248remote access policies, 837–838saved file location, 1340software package options, 911–913standalone CA action, 822subnet masks, 478System Monitor sampling intervals, 1180user profiles, 259–260virtual machine settings, 968–973VMRC key bindings, 974–975Web sites, 1047–1048
Default-First-Site-Name sites, 434DEFAULT hive, 1279Default NNTP Virtual Server, 1102, 1105–1109Default SMTP Virtual Server, 1112–1116Defaultipsitelink object, 438, 443delegating
Active Directory, 26Active Directory object control, 400–416administrative controls, 26, 343–344authority, DNS, 522–524permissions, GPOs, 308–311
Delegation of Control Wizard, 343, 400–416delta CRLs, 721, 818demand-dial interfaces, 856, 857–858demoting domain controllers, 392–393density, network, 866denying permissions. See permissions; remote
access policiesdependencies, server clusters, 597
deploy phase, patch management, 788deployment environments. See also configuring
new installationsapplication deployments, 62–63creating
disk imaging, 89–90distribution shares, 80–89overview, 72Setup Manager, 72–77Windows Server 2003 R2 and, 78–79
designing, 55install methods, choosing, 57–60installation process, 91licensing modes, 63–64overview, 55partitions, 68–69preinstallation, 61product activations, 64–65security, 69–70server configurations, 66–70software updates, 61–62system requirements, 67–68test labs, 65–66
deployment planningcurrent systems, assessing, 46–48goals, defining, 50IT changes, problems with, 44, 45–46overview, 5–6, 43–44plans, creating, 71–72risk assessments, 50–51roadmap, making, 49–51
deployment printers, 187–193deployment restriction policies, 923–926deployment technologies. See also Group Policy;
RIS (Remote Installation Services)Microsoft Operations Manager, 903options, 903–908packages
application property changes, 918–919Group Policy, adding to, 915–916modifications, 920–922native Windows Installer, 904overview, 915redeploying, 922removing, 922upgrades, 919–920
repackaged applications, 905–908Systems Management Server, 903.zap files, 904–905
deployment testing, patches, 789–791desktop appearance, 1342
desktop appearance
Z07I620474.fm Page 1393 Wednesday, January 18, 2006 4:56 PM
1394
device CALs, 63–64device drivers
improvements, 112–113installing, 166rolling back recently installed, 1302–1303
Device Manager, 165–168, 1339devices. See also Remote Storage
backup storage, 1222configuring, 164–169Device Manager, 165–168disabling, 166displaying, 165–166errors, checking for, 164failure metrics, 1250–1251hardware changes, viewing, 166properties, 167removable storage, 677storage, configuring, 168–169troubleshooting, 168uninstalling, 166virtual machine captures, 969
Devices tool, 1339DFS (Distributed File System)
clients, 642folders, 639, 648, 651infrastructure upgrades, 643installations, 644namespace roots, 638–639, 645–646namespace servers, 647namespaces, 644–652overview, 634–635, 1262, 1348requirements, 641–644roots, 638–639servers, 642targets, 640terminology, 637–641what’s new, 636without NetBIOS or WINS, 644
DFS Management, 643, 644DFS Namespaces
folders, 639namespace roots, 638–639overview, 634–635performance, 636targets, 640
DFS Replicationgroup creation, 652–660group management, 661–663installing, 644overview, 640–641, 652
DHCP (Dynamic Host Configuration Protocol)address reservations, 504backups, 513client address leases, 514command-line administration, 514IP address ranges and exclusions, 498legacy client support, 505–506multiple servers, 507–510networks, 496–498options, 499overview, 18, 487–489, 496relay agents, 511–513resource type, 593restores, 514scopes, 499–503, 504, 510, 513security, 497server-based conflict detection, 511service setup, 498steps, 171–172
DHCP serversauthorizations, 503deployment role, 67dynamic addressing, 171–177reliability, 489
diagnostic mode, Safe Mode option, 1297–1298dial-up connections
authentications, 754–756denying access, 69IAS, 858–863overview, 830remote access limitations, 851server setup, 834–835
dictionary attacks, 711different internal and external namespaces, 34–36differential backups, 1226Digest Authentication, 705Digest Authentication For Windows Domain
Servers, 1086digital signatures
encryption, 713IPSec, 725–727overview, 708–709S/MIME, 721–722
directories. See also backups; directory servicescatalogs, 1017–1018certificates, 718SMTP service, 1111
Directory Access Protocol (DAP), 19Directory Browsing permissions, 1084directory-enabled applications, 19directory-integrated zone storage, 486–487
device CALs
Z07I620474.fm Page 1394 Wednesday, January 18, 2006 4:56 PM
1395
directory-level administration, IIS, 1076, 1101Directory Service Protocol (DSP), 19directory services. See also Active Directory
abilities needed, 18overview, 17–18protocols, 18, 19, 20restore mode, 1244Windows and, 18X.500 standard, 19
Directory System Agent (DSA), 23–24Disable Account command, 419disallowed security level, 925disaster planning
iterating, 1210–1211overview, 1203–1204resource identification, 1205responses, developing, 1206–1209risk identification, 1204–1205testing procedures, 1209–1210
disaster preparationAutomated System Recovery disks, 1212–1215backups, 1212boot disks, 1216–1217fault tolerant system, 1211overview, 1211Recovery Console, 1218recovery drives, 1220recovery options, specifying, 1219–1220
disaster recoverycompromised systems, handling, 782encrypted files and folders, 773–774power supply problems, 1251–1256Remote Storage, 698–699Windows NT domain upgrades, 131–133
Disk Administrator, 1340disk arrays
availability, 1261costs, 1261fault tolerance levels, 1260hardware vs. software, 1256–1257hot-spare systems, 1262hot-swap systems, 1262intended use, 1259overview, 1256performance considerations, 1261RAID levels, 1257–1259
disk-based registry keys, 1278disk imaging, 58–60, 89–90
disk management. See also disksactivity monitoring, 1164–1165command line, 545dynamic disks, 545, 558–559enhancements, 543NTFS, 571–574overview, 539, 542–546RAID, 542, 544remote, 545tasks
drive letters, 569–570formatting options, 555mirrors, 561–565new disks, adding, 547–549overview, 546partitions, 546–558, 565–568, 569–570volumes, 549–551, 559–560, 565–568,
569–571technology options, 541terminology, 539–541
Disk Management snap-in, 543, 546, 1340Diskpart.exe, 545disks
Automated System Recovery, 1212–1215backups, 1222controllers fault tolerance, 1260naming conventions, 1217quotas, 574, 630–634
dismounting media, 684display filters, capture frames, 1196–1198display specifiers, Active Directory, 454–456displaying
Active Directory objects, 404–411Boot menus, 101–102captured frames, 1189–1190current Web settings, 1117–1119device properties, 167devices, 165–166network components, 170–171newsgroups, 1108NNTP sessions, 1110physical memory usage, 1162print status, 200quotas, 621recorded performance data, 1173scheduled tasks, 347security analysis, 747–749security logs, 780–781servers, 993service status information, 1307–1308
displaying
Z07I620474.fm Page 1395 Wednesday, January 18, 2006 4:56 PM
1396
displaying, continuedSystem Information, 1341–1342System Monitor information, 1178–1180Terminal Services information, 992–1000Terminal Services session data, 996–984virtual networks, 962
distance vector-based routing protocols, 480distinguished names (DN), 22–23Distributed File System (DFS). See DFS (Distributed
File System)distributing consoles, 329distribution folders, 73–77distribution groups, 228, 424distribution points, 819distribution shares
creating, 80–82filename conversions, 88–89mass storage drivers, 87–88OEM drivers in RIPrep images, 85–86overview, 57, 80Plug and Play drivers, 84–85required files, 80service packs, applying, 82–83software updates, 83–84subfolders, 81unattended installations, 94
DNS (Domain Name System)Active Directory domain names, 384–386Active Directory installations, 379–381address assignments, 172caching-only servers, 531–532delegating authority, 522–524domains, 108, 482, 483dynamic DNS, 485forwarders, 529–531installing, 515–516interoperation, 528LDAP, 487name resolution, 34–36, 482–484namespaces, 118overview, 481, 515poisoning attacks, 520resource records, 380–381, 524–527reverse lookups, 484–485root hints, 531secondary servers, 516servers, 67, 119, 516–520settings, configuring, 175–176subdomains, 522–524top level domains, 482Windows NT domain upgrades, 128–129WINS resolution, 529zones, 486–487, 521–522, 527
do-it-yourself registry backups, 1291document indexing. See Indexing Servicedocument options, sites, 1085–1086documenting
installations, 161network resources, 46–48networks, 116–120, 1158–1159recovery procedures, 1207
dollar signs, hidden shares, 283domain controllers. See also Active Directory sites
architecture improvements, 106–107demoting, 392–393DFS, 1262DNS servers, 379–381first, 183functional levels, 151–158, 396–400Global Catalog servers, 26–27, 394–395identification, 394multiple domains, 40names, 428–429operations master roles, 460–467overview, 37printer publishing, 198promoting servers to, 381–386remote access, 848replicas, creating, 387–388servers, 66shared resources, 286upgrading, 105, 118, 391Windows NT domain upgrades, 118
Domain Local group, 424domain local groups, 239–240domain local scope, 228, 233domain managers, 402Domain Name System (DNS). See DNS (Domain
Name System)domain namespaces, 482, 638domain naming master, 463–464domain replication, 436–438domain user accounts, 250–252domains. See also groups; Windows NT domain
upgradesActive Directory, 108, 145–147, 395–403consolidating, 126creating, 384designing, 38–39forest root, 109functional levels, 154–158, 396–400managing, 406model types, 117multiple domain tree structure, 39, 40–42names, 108, 384–386, 429, 483, 1088–1089organizational units, 36–38, 40
distance vector-based routing protocols
Z07I620474.fm Page 1396 Wednesday, January 18, 2006 4:56 PM
1397
overview, 37preparing to upgrade, 137–138root, 38security, 36–38, 39–40server promotion to domain controller, 381–386single domain tree structure, 38–39SMTP virtual servers, 1116–1117structure, planning, 36–40trees, creating, 390trust relationships, 109–112, 400–402upgrade guidelines, 133–137
DOS prompt. See commandsdowntime measurements, 1250–1251DPAPI (Data Protection API), 731DPM (Data Protection Manager), 1247driveletter$ share, 286drivers
improvements, 112–113installing, 166printers, 214–216, 220rolling back recently installed, 1302–1303
drives. See also backups; Remote Storageletters, 365, 569–570partitions, 68–69recovery, 1220
dual boots, 101duplexing, 541, 1256–1262duplicate files, SIS monitoring, 928dynamic
disks, 545, 558–559DNS, 485volumes, 68, 1277
dynamic address databases. See WINS (Windows Internet Name Service)
dynamic addressing. See DHCP (Dynamic Host Configuration Protocol)
Dynamic Update protocol, 380
Ee-mail
distribution groups, 228forwarding, SMTP
access options, 1113Default SMTP Virtual Server, 1112–1116delivery options, 1115–1116directories, 1111domains, 1116–1117examples, 1041–1042identities, 1113LDAP Routing, 1116message limitations, 1114overview, 1110–1111site link objects, 443
proof of receipt, 710protocols, 1041–1042S/MIME, 721–722software patch alerts, 787storage reports, 614–615
E-mail services, 1348Echo method, 367editing registry
adding keys or values, 1283best practices, 1267exporting data, 1283hives, 1285importing data, 1283overview, 1279.REG files, 1284Reg utility, 1288–1289Registry Editor, 1280–1288remote machines, 1285removing keys or values, 1283renaming, 1285search options, 1281–1282security, 1286–1288value contents, 1282
editions, Windows Server 2003, 4–5ejecting media, 684Emergency Management Services (EMS)
answer files, 1318–1319enabling, 1315, 1319–1320firmware-based console redirection, 1316headless servers, 1316–1319manual installations, 1316–1317out-of-band administration, 1321–1323overview, 1312–1313requirements, 1314RIS-based installations, 1317–1318security, 1315setting up, 1315–1320version upgrades and, 1319–1320
emergency preparedness. See disaster planningemergency repair disks (ERDs), 1212–1215emulating test networks, patches, 789–790Encapsulating Security Payload (ESP), 727Encrypting File System (EFS), 773–778encryption
backups, 1243CAPICOM, 731certificate authorities, 805CryptoAPI, 730cryptographic service providers, 730DPAPI, 731file system level, 571–573indexing, 1018IPSec, 725–727local data, 773–778
encryption
Z07I620474.fm Page 1397 Wednesday, January 18, 2006 4:56 PM
1398
encryption, continuedoverview, 571–573recovery policies, 773–774remote access policies, 852S/MIME, 721–722smart cards, 710–711SSL, 724–725VPNs, 831Web sites, 1086WEP, 869wireless networking, 868–870WPA, 869–870WPA2, 870
encryption keysdata confidentiality, 707–708digital signatures, 708–709overview, 706private, 714–715public-key certificates, 714–715public-key vs. symmetric-key, 713symmetric-key encryption, 713
enforcing GPO links, 302enhanced metafile (EMF), 213enrollment agent certificates, 752enterprise
CAs, 716, 801–802deployments, wireless security, 872–874root CAs, 803subordinate CAs, 803
Enterprise Admins group, 109Enterprise And Stand-Alone Policy module, 813Enterprise Edition, Windows Server 2003, 4–5equipment audits, 46–48errors
file not found, 1026HTTP, 1094–1095Indexing Service, 1030–1033installations, 164scripts, 367–369
escalation procedures, disaster, 1208–1209estimating future business needs, 46evaluate and plan phase, patch management, 788event auditing
archiving logs, 342categories, 336–338enabling, 337–338filtering logs, 341log size, 341–342object settings, 338–339overview, 336–338searching logs, 340security policies, 778–781viewing logs, 339
event components, 1167–1169event descriptions, 1168event headers, 1167–1168Event Log security area, 741event logs. See also event auditing
archiving, 1170changing settings, 1170overview, 1167remote machines, 1169viewing, 339
event server shutdowns, 1323–1324event severities, 1167Event Viewer, 1166–1170, 1323–1324exceptions, file screening, 626–627excluding
address ranges, 511directories, 1017files in backups, 1232
execute mode, 989–990Execute permissions, 881exit codes, 369exit modules, 798, 814expirations
user accounts, 248Web site content, 1093
explicitone-way trust relationships, 111permissions, 272, 839, 840trust relationships, 400–402
exportingActive Directory schema, 457, 458certificates, 761disk quotas, 633–634ISA 2004, 1151–1153registry data, 1283security templates, 747UNIX files or folders, 895–896
extended partitions, 540, 556extending LUNs, 676extending volumes, 540, 559–560Extensible Authentication Protocol (EAP), 705Extensible Authentication Protocol-Transport Layer
Security (EAP-TLS), 705, 873external
connectivity, documenting, 47namespace names, 34–36networks, configuring, 964–965recovery drives, 1220risks, disaster planning, 1205user licensing, 64
External Connector Licenses, 64
encryption keys
Z07I620474.fm Page 1398 Wednesday, January 18, 2006 4:56 PM
1399
Ffailback policies, 595failed. See also disaster planning; fault tolerance;
restores; troubleshootingfailure metrics, 1250–1251installations, 98–103printing, 222–223
failovercapacities, 597–598groups, 591partial, 596policies, defining, 595server cluster configurations, 595–597
FAT, 69, 565, 566–568fat clients, 8FAT32, 69, 565, 566–568fault tolerance. See also DFS (Distributed File System)
clustering, 1263DFS, 1262disaster preparation, 1211disk arrays, 1256–1262domain controller replicas, 387–388measuring, 1250–1251NLB clusters, 589overview, 11, 1249power supply problems, 1251–1256RAID, 1256–1262server clusters, 595–597setting up, 1211
Fax services, 1348federated identity management, 430file encryption. See encryptionfile-level administration, IIS, 1077file not found errors, 1026file permissions vs. share permissions, 268–269file replication service (FRS), 640–641file resource sharing
Active Directory publishing, 292–293folder redirection, 313–317hiding, 283NFS shared folders, 288–292NTFS permissions
files, 274folders, 273how they work, 271–272inheritance, 272–273listed, 270–271, 274–276overview, 270ownership, 268–279special, 274–276
overview, 267–268share vs. file permissions, 268–269shared folders, 279–288
File Screening Management, 624–630File Server Management tool, 279–281File Server Resource Manager (FSRM)
disk quotas, 630–634file screens, 624–630global options, 614–615overview, 614quotas, 618–624reports, 615–617
file servers, 66, 118File Share resource type, 593, 609–611File System security area, 741file systems
Common Log File System, 567converting FAT to NTFS, 565encryption, 571–573event auditing, 339NTFS, 571–574overview, 13UNIX interoperability, 885–886
file templatescertificates, 719, 799–801, 815–817file screening, 628–629Group Policy, 296, 298quotas, 622–624security
applying, 745compatible, 743configurable areas, 741exporting, 747importing, 747new, 744–745out-of-the-box, 743overview, 739–740predefined, 741–744secure options, 742–743Security Configuration and Analysis, 746–749
user object creation, 418File Transfer Protocol (FTP), 883file transfer protocols, 1040–1041filename conversions, distribution shares, 88–89files
backups, 1223blocking types saved, 624–630consoles, custom, 328–329copying lock ups, 100–101custom query forms, 1024–1027default saved location, 1340groups, 629–630log file types, 1183Other Network File and Print Services, 1350ownership, 276–279restoring, 1239–1242
files
Z07I620474.fm Page 1399 Wednesday, January 18, 2006 4:56 PM
1400
files, continuedscreening, 574, 624–630server configuration backups, 1072–1073system file versions, checking, 1311UNIX, 880–882Web site options, 1085–1086
filteringevent logs, 341packets, 1125–1126printer folders, 201–202
filtersActive Directory objects, 406–407defined, 1010GPO scope, 307indexing process, 1011IPSec policies, 769–771ISAPI, 1082network frame capture, 1192–1195PPTP, 855
Find tool, 1340finding
Active Directory objects, 408printers, 201–202registry keys and values, 1281–1282servers, 993software patches, 786–788user accounts, 253–254
Firewall Client, ISA, 1150firewalls
IP addresses, 476–477ISA 2004, 1136–1138ISA Firewall Client, 1150namespace name resolution, 34, 36NFS shared folders, 289post-Setup updates, installing, 161remote administration, 163replicating through, 643reverse proxy, 1144–1146Windows Firewall, 161, 163, 289, 750–751
firmware-based console redirection, 1316first
boot phase, 92domain controller, configuring, 183server on network, configuring, 181–183, 385
Fixprnsv.exe, 193Flexible Single-Master Operations (FSMO), 446,
460floppy disk backups, 1222floppy disk boots, 1216–1217Folder Options, 1342Folder Redirection, Group Policy, 313–317folder targets, DFS, 640, 651
foldersDFS, 639, 648, 652–655encryption, 571–573, 773–778filtered printers, 201–202home, 257–258NTFS permissions, 270, 273options, setting, 1342ownership, 276–279quota management, 618–624redirection, 313–317user profiles, 260
footer files, 1086forcing
Boot menu display at startup, 102policy updates, 312RIS automatic log ons, 940
forest root domains, 109forests
Active Directory schema updates, 141–145creating, 41, 390DNS names, 402domain controller names, 428–429domain names, 429federated identity management, 430functional levels, 151–153, 396–400multi-tree, 41multiple domains, 39overview, 30–31, 108planning, 121–131tree creation, 390UPNs, 402Windows NT domain upgrades, 121–131
formattingdisks, 555names, Active Directory, 24partitions, 566–568storage, configuring, 168–169volumes, 555, 566–568
forward broadcasts, 488forward lookup zones, 521forwarders, DNS, 529–531forwarding mail, SMTP
access options, 1113Default SMTP Virtual Server, 1112–1116delivery options, 1115–1116directories, 1111domains, 1116–1117examples, 1041–1042identities, 1113LDAP Routing, 1116overview, 1110–1111site link objects, 443
filtering
Z07I620474.fm Page 1400 Wednesday, January 18, 2006 4:56 PM
1401
Frame Viewer window, Network Monitor, 1189–1190
framescapture filters, 1192–1195capture triggers, 1198–1199Capture window, 1188–1189capturing, 1187–1188comments, 1191–1192display filters, 1196–1198Frame Viewer window, 1189–1190overview, 1187pattern matches, 1195printing, 1192
free media pools, 677free software update tools, 792–795frequency
backup scheduling, 1234–1236performance monitoring, 1161
frequency hopping spread spectrum (FHSS), 867friendly names. See DNS (Domain Name System)FrontPage Extensions, 1067–1068frozen installations, 99–101FSRM (File Server Resource Manager). See File
Server Resource Manager (FSRM)FTP (File Transfer Protocol), 883, 1040–1041FTP publishing service, 1058–1061FTP Site Creation Wizard, 1058–1059FTP sites
anonymous access, 1098–1099authentication, 1098–1099configuration backup files, 1072–1073creating, 1058–1059default, 1058directory-level properties, 1076, 1101file-level properties, 1077home directory, 1100–1101identities, 1097IIS management, 1095–1102messages, 1100other site types, 1058overview, 1058properties, 1096–1101security, 1062–1065server-level properties, 1096site-level properties, 1075, 1096–1101starting, 1065–1067stopping, 1065–1067testing, 1059–1060virtual directories, 1060–1061
fullbackups, 1225CRLs, 721deployments, patches, 791index scans, 1020–1021logs, halting computer when, 342
Full Control permissions, 270–271full mesh topology, 641Fully Automated interaction level, 77fully qualified
command paths, 364printer share names, 188
functional levels, domains or forests, 151–158, 396–400
future business needs, 46
Ggateways. See also connectivity; firewalls
IP addresses, 476–477overview, 479
Generic Application resource type, 594Generic Script resource type, 594Generic Service resource type, 595geographical naming conventions, 33GetActiveObject API, 371global
File Server Resource Manager options, 614–615group scope, 228, 233groups, 241
Global Catalog (GC), 26–27, 394–395, 408Global group, 424GPOs (Group Policy Objects). See Group Policy
Objects (GPOs)grandfather-father-son media rotation, 1227granting permissions. See permissions; remote
access policiesgraphs, System Monitor, 1178, 1180grid lines, System Monitor, 1180group identity (GID), 889, 897group objects, Active Directory, 423–425group policies, tools, 7–8Group Policy. See also Group Policy Objects
(GPOs); packagesadministrative templates, 296, 298backups, 312components, 296–298containers, 298, 301default, 298delegating permissions, 308–311folder redirection, 313–317
Group Policy
Z07I620474.fm Page 1401 Wednesday, January 18, 2006 4:56 PM
1402
Group Policy, continuedinheritance, 301–303managing, 298–303overview, 7–8, 62, 295printer management, 199, 202processing order, 301refreshing, 311–312restores, 313Resultant Set of Policy, 317–320RIS installations, 935security group policies needed, 306–308security permissions, 310Software Installation feature, 6task and tool comparisons, 299–300user rights, assigning, 245–246
Group Policy container (GPC), 297, 298Group Policy Management Console (GPMC), 8,
298–303, 306, 307, 309, 311Group Policy Object Editor (GPOE), 304–305Group Policy Objects (GPOs)
application deployment, 902backups, 312certificate trust lists, 820–822containers, 298creating, 303–305, 309, 310, 909delegating permissions, 308–311Group Policy Management Console, 298–303links, 302, 305–306, 309migration issues, 297node disabling, 311overview, 7, 296–298packages, 915–922policy management, 298–303policy processing order, 301restores, 313scope, 306–308
Group Policy Software Installation extensionconfiguring, 911–915default settings, changing, 911–913deployment planning, 910GPOs, creating, 909overview, 901–902setting up, 908–915software distribution points, 908–909
Group Policy template (GPT), 297groups. See also user accounts
access control, implementing, 757–759Active Directory objects, 423–425adding users to, 235–237built-in, 237–241creating, 234–235
deleting, 235domain local scope, 228, 233failover, 591files, 629–630global scope, 228, 233local, 237names, 233network performance, 229organizational units, 230–232overview, 227–228planning, 232–234printers, 209–210remote access, 841–842, 845–847scopes, 228–229, 233–234, 236server clusters, 604–606structuring, 234–237universal scope, 229, 233UNIX privilege levels, 882–883user rights, 242–246
guestsoperating systems, 955wireless security, 872, 874
GUI Attended interaction level, 77GUI-mode Setup phase, 92GUIDs, 950
Hhacked networks, 782halting. See stoppinghandshakes, security, 724–725hard-linked dynamic volumes, 69hard links, 881, 882hard page faults, 1162hard quotas, 619hardware. See also Virtual Server
changes, viewing, 166device configuration, 164–169Device Manager, 165–168disabling, 166disk arrays, 1256–1262displaying, 165–166drivers, installing, 166Emergency Management Services, 1314gateways, 479interrupts, 1163–1164RAID, 544, 1256–1257registry information, 1273–1274, 1276removing, 166requirements, 67–68restores, 1296–1297, 1302routers, 479
Group Policy container
Z07I620474.fm Page 1402 Wednesday, January 18, 2006 4:56 PM
1403
subnets, 477–478support changes, 112–113system information gathering, 1306–1307troubleshooting, 168upgrading to Windows Server 2003, 112–113
hardware-enabled authentication, 706Hardware Update Wizard, 166headers
events, 1167–1168HTTP, 1093–1094
headless servers, 1316–1319Help And Support Center tools, 1304–1306HFNetChkPro, 796hidden file shares, 283Hidden Pages interaction level, 77hidden password entry, 363hierarchical-ordered domains, 38–39hierarchical trust relationships, 401–402hierarchies
certificate authorities, 715–717, 823–825domain namespace, 482
high availability. See also clustersDFS, 1262disk arrays, 1256–1262failure measurements, 1250–1251load balancing, 595overview, 11, 1249power supply problems, 1251–1256printers, 209–210RAID levels, 1261
High Performance Computing (HPC) clusters, 611highly secure security templates, 743history
logons, 71metabase, 1075
hives, 1279, 1285HKCC (HKEY_CURRENT_CONFIG), 1272HKCR (HKEY_CLASSES_ROOT), 1272HKCU (HKEY_CURRENT_USER), 1272HKEY_CLASSES_ROOT (HKCR), 1272HKEY_CURRENT_CONFIG hive, 1279HKEY_CURRENT_CONFIG (HKCC), 1272HKEY_CURRENT_USER (HKCU), 1272HKEY_LOCAL_MACHINE (HKLM), 1271–1277HKEY_USERS (HKU), 1272HKLM\HARDWARE subkey, 1273–1274HKLM (HKEY_LOCAL_MACHINE), 1271–1277HKLM\SAM subkey, 1274HKLM\SECURITY subkey, 1275
HKLM\SOFTWARE subkey, 1275–1276HKLM\Software\Wow6432Node subkey, 1276HKLM\SYSTEM\CurrentControlSet subkeys, 1276HKLM\SYSTEM\MountedDevices subkey, 1277HKU (HKEY_USERS), 1272holding documents, print spooling, 212–213home directory
FTP sites, 1100–1101Web sites, 1083–1085
home folders, 257–258home pages, accessing, 1048–1049hop counts, 1115Host keys, 975hosts
DNS records, 524–527header names, 1080NLB clusters, 588–589servers, 638, 955
Hosts.txt, 482Hot Add Memory, 15hot-spare disk systems, 1262hot-swap disk systems, 1262hotfix chaining, 84hotfixes, 784HTML, 20HTTP
Active Directory, 20, 1038–1039error options, 1094–1095headers, 1093–1094URL names, 24
hub and spoke topology, 641hung up installations, 99–101HyperTerminal, 1347
II/O, scripts, 366–367icons, virtual directories, 1056–1057identify phase, patch management, 786–788identifying business needs, 45–46identities
domain controllers, 394FTP sites, 1097objects, 21SMTP virtual servers, 1113UNIX, 897Web sites, 1079
IEEE 802.11 protocols listed, 867–868ignoring unknown client computers, RIS, 933
ignoring unknown client computers
Z07I620474.fm Page 1403 Wednesday, January 18, 2006 4:56 PM
1404
IIS (Internet Information Services). See also FTP sites; WWW site management
administration tools, 1044–1047administrative levels
directory, 1076file, 1077overview, 1069server, 1071–1075site, 1075
administrative tasks, 1062–1068FrontPage Extensions, 1067–1068FTP publishing service, 1058–1061installations, 1044–1046logs, 1081metabase, 1074–1075NNTP service, 1102–1110overview, 1037pausing, 1065–1067permissions, 1062–1065print server management, 206protocols supported, 1037–1044Remote Administration (HTML), 1119–1120remote management, 1046scripts, 1047server options, 738, 1072–1073SMTP service, 1110–1117starting, 1065–1067stopping, 1065–1067Virtual Server, 956–958Web service extensions, 1117–1119WWW publishing, 1044–1047
IIS (Internet Information Services) Manager, 1045IISConfigObject collection, 1074image-based installation methods, 58–60images, operating system for RIS, 936–944immediately running tasks, 345impersonation, 370implicit deny permissions, 839, 840, 845importing
Active Directory schema, 457, 459certificates, 762, 819disk quotas, 633–634ISA 2004, 1151–1153registry data, 1283security templates, 747
improving disaster plans, 1210–1211in-band management, 1314in-place upgrades, 193, 1300–1301include/exclude rules, Remote Storage, 692incoming certificate instructions, 798
incompatible client and servers, 134incompatible drivers, 193inconsistent query results, 1032incremental
backups, 1225index scans, 1020–1021zone transfers, 527
Index This Resource option, 1085Indexing Service
catalogsconfiguring, 1016–1017corrupted, 1032creating, 1015–1016directories, 1017–1018new Web sites, indexing, 1027overview, 1015properties, adding, 1019–1020property cache, configuring, 1019scanning indexes, 1020–1021security, 1018
console, setting up, 1014–1015how it works, 1011merging indexes, 1013–1014No Documents Matched Query error, 1030–1031overview, 1009–1011, 1348performance, 1028–1030planning, 1012–1015querying, 1023–1027registry entries, 1021–1023scanning, 1020–1021searching, 1023–1027storage needed, 1012–1013troubleshooting, 1030–1033
individual drives in library, 682Information Technology (IT). See IT (Information
Technology)infrastructure, documenting, 47infrastructure master, 466–467inheritance
Active Directory, 26Group Policy, 301–303permissions, 272–273
.INI files, 1265Initialize And Convert Disk Wizard, 547–549inject/eject ports, 681injecting media, 684input and output handling, scripts, 366–367install mode, 989–990installation CDs, 56
IIS
Z07I620474.fm Page 1404 Wednesday, January 18, 2006 4:56 PM
1405
installations. See also configuring new installations; deployment environments; RIS (Remote Installation Services); upgrading to Windows Server 2003
application deployments, 62–63boot disks, 1216–1217command-line parameters, 95–98documenting, 161errors, 164install methods, choosing, 57–60licensing modes, 63–64manual, 91–93overview, 55, 91partitions, 68–69phases of, 92product activations, 64–65reinstalling Windows, 1312security, 69–70server configurations, 66–70server roles, 66–67software updates, 61–62speeding up process, 89–90system preparation, 91system requirements, 67–68test labs, 65–66troubleshooting, 98–103unattended, 78–79, 94Windows Server 2003 R2, 149
instances, System Monitor, 1177Integrated Color Management (ICM), 200Integrated Device Electronics (IDE), 100–101, 541integrated installations, 82–83Integrated Windows Authentication, 1086integrated zone storage, 486–487integrity, data, 708–709IntelliMirror, 6, 8, 902Inter-Site Transports container, 443interaction levels, installations, 77interactive logon events, 751interactive logons, 704interconnects, 590interface changes listed, 1331–1335, 1337–1343interim domain remote access, 840–842interim functionality levels, 396–400internal DNS servers, 381internal namespace names, 34–36Internal Network, configuring, 963–964Internet. See also e-mail; IIS (Internet Information
Services); Internet connection services; Internet connectivity; ISA 2004
clusters, 577newsgroups, 1043services, 14
Internet Authentication Service (IAS)clients, 860configuring, 859–860installing, 859overview, 858–859RADIUS, 861–864
Internet connection servicesdial-up remote access, 830, 834–835IAS, 858–863NAT servers, 835–836overview, 829–830RADIUS
how it works, 860multiple remote access servers, 861–863proxy, 863–864
remote access policiesconfiguring, 848–852default, 837–838setting, 836
remote access servers, 833–834, 852–853Virtual Server
administering, 978–979alternatives to, 979properties, configuring, 965–966
VPNs, 727–729, 831–833, 853–858Internet connectivity. See also protocols; wireless
external, 47IIS servers, 1072–1073network activity monitoring, 1165–1166NFS shares, 892–894NNTP virtual servers, 1109operating systems, 47overview, 13–14print servers, 188, 207printers, 199, 202–204sharing, 1124simultaneous, 284–285Storage Manager For SANs, 670–671timeout values, 1081UNIX interoperability, 883–884Web sites, 1048–1049
Internet Content Rating Association (ICRA), 1093Internet Explorer Enhanced Security
Configuration, 1349Internet Information Services (IIS). See IIS (Internet
Information Services)Internet Message Access Protocol version 4
(IMAP4), 1042Internet News Service, 1102Internet Printing Protocol (IPP), 207Internet Protocol Address resource type, 593Internet Security and Acceleration Server 2004. See
ISA 2004
Internet Security and Acceleration Server 2004
Z07I620474.fm Page 1405 Wednesday, January 18, 2006 4:56 PM
1406
Internet Security Association and Key Management Protocol (ISAKMP), 727
interoperabilityMacintosh, 899Novell Netware, 899overview, 9, 879UNIX
connectivity, 883–884file listing, 880–882file systems, 885–886identity management, 897overview, 879printing, 885–887privilege levels, 882–883security, 880symbolic links, 882Windows Subsystem for UNIX-Based
Applications, 897–898interoperating DNS servers, 528interrupts, hardware, 1163–1164intersite replication, 130, 437–438intervals
backup scheduling, 1234–1236performance monitoring, 1161
intranet. See clusters; Indexing Serviceintrasite replication, 437invalid certificates, 719–720invalid passwords, 249inventorying
libraries, 680–681network attributes, 116–120servers, 118–120
IP address databases, Network Monitor, 1191IP Address Management console, 324IP address pairs, Network Monitor, 1194IP Address resource type, 608IP addresses. See also DHCP (Dynamic Host
Configuration Protocol); DNS (Domain Name System); name resolution; TCP/IP
adding, 173DNS settings, configuring, 175–176dynamic addressing, 171–172firewalls, 476–477IPv6, 492–494loopback, 475managing, 487–489network address translation, 1124–1125network classes, 474–476overview, 474private, 1125
remote access policies, 851reservations, 504restrictions, 1088–1089routers, 479routing protocols, 480server clusters, 593static addressing, 173subnets, 477–478Web sites, 1079–1080WINS, 176–177, 532–537
IP (Internet Protocol), 443, 470IP Security Policy Management snap-in, 764–772IPC$ share, 286Ipconfig utility, 514IPSec (Internet Protocol security), 725–727,
764–772IPv6, 492–494ISA 2004
backups, 1151–1153caching, 1126, 1139–1140client types, 1126exporting, 1151–1153firewall policy rules, 1136–1138importing, 1151–1153initial configuration, 1131–1140installations, 1128–1130Internet connections, 1124ISA Firewall Client, 1150monitoring, 1144network address translation, 1124–1125network entities, 1147–1148network topology, 1133–1135overview, 1123–1124packet filtering, 1125–1126policy management options, 1146publishing servers, 1144–1146restores, 1151–1153reverse proxy, 1144–1146security, 1131system requirements, 1127users, defining, 1149–1150VPN access, 1141–1144
ISA Firewall Client, 1150ISAPI filters, 1082iSCSI (Internet Small Computer System Interface)
additional information, 663security, 673suggestions, 667targets, 672, 674
isolation, network, 866
Internet Security Association and Key Management Protocol
Z07I620474.fm Page 1406 Wednesday, January 18, 2006 4:56 PM
1407
IT (Information Technology)business needs, identifying, 45–46current systems, assessing, 46–48deployment planning strategies, 43–44problems, listed, 44roadmap, making, 49–51successful IT, characteristics of, 49
iterating disaster plans over time, 1210–1211
JJBOD, 541jobs
backupcommand line, 1237–1239logs, 1231options, 1230permissions, 1229running, 1233–1234scheduling, 1234–1236scripts, 1229steps, 1227storage medium, 1230
printmanaging, 204–206printing process steps, 220
JScript, 353, 372
KKaizen, 1210Keep-Alives, HTTP, 1039, 1081Kerberos, 10, 705, 722–724key distribution center (KDC), 723keys. See also encryption keys
product, 56registry
hives, 1285renaming, 1285security, 1286–1288
root32-bit vs. 64-bit, 1269adding, 1283finding, 1281–1282hives, 1279overview, 1271–1272removing, 1283renaming, 1285subkeys, 1273–1277
knowledge consistency checker (KCC), 437
LL2TP (Layer Two Tunneling Protocol), 728, 833labels, removable storage, 678–679labs, test, 65–66languages, scripts, 371–372LargeSystemCache registry value, 1201Last Known Good Configuration option,
1296–1297latency, 437layouts, custom consoles, 327–328LDAP (Lightweight Directory Access Protocol), 20,
24, 487, 1044, 1116LDIF (LDAP Data Interchange Format), 457–459Ldifde.exe, 457–459leases
client addresses, 514DHCP clients, 488durations, 503
legacy. See also Virtual ServerDHCP client support, 505–506system domain support, 157system support changes, 106–113
libraries, removable storage, 677, 680–682licenses
modes, 63–64Terminal Services, 1005–1007volumes, 65
Licensing Site Settings object, 439link-state routing protocols, 480linked certificate authorities, 823–825links
Active Directory sites, 444Group Policy Objects, 305–306, 309
List Folder Contents permissions, 270–271listing devices detected on system, 165–166Lmhosts files, 177, 491load balancing. See also clusters
DHCP servers, 507–510domain controller replicas, 387–388maximum availability, 596Network Load Balancing service, 1263static, 595
load shedding, 596loading hives, 1285local
administrative tool installations, 334certificate storage, 755–756data security, 773–778groups, 237–239
local
Z07I620474.fm Page 1407 Wednesday, January 18, 2006 4:56 PM
1408
local, continuedpower supply failures, 1251–1252profiles, 261user accounts, 251user right assignments, 246virtual directories, 1054
Local Policies security area, 741Local Quorum resource type, 594Local System Authority (LSA), 23Local Users and Groups, 1342locating
printers, 201–202registry keys and values, 1281–1282servers, 993software patches, 786–788user accounts, 253–254
location-based naming conventions, 33location names, printers, 188–190, 226location tracking, printers, 190–192, 225–226locations
consoles, 329file restore destinations, 1240
lockedinstallations, 99–101smart cards, 754user accounts, 249, 257
log files, 83Log Visits option, 1085logging mode, Resultant Set of Policy, 317, 319–320logging off Terminal Services sessions, 995logical drives
creating, 556deleting, 557–558
logical printers, 209–210logical unit numbers (LUNs), 666, 675–676logical volumes, 540logons. See also authentication
history, 71hours permitted, 248interactive, 704iSCSI targets, 674locations permitted, 248network activity monitoring, 1165–1166rights assigned to groups, 242RIS automatic, forcing, 940scripts, user profiles, 264–265secondary, 331–334smart cards, 752–756user objects, 420
logsbackups, 1231event
archiving, 342, 1170filtering, 341overview, 1167searching, 340settings, changing, 1170size, 341–342viewing, 339, 1169
file types, 1183IIS, 1081Performance Logs And Alerts, 1180–1186scripts, 367, 369security, 780–781security analysis, 747–749stopping computer when full, 342Task Scheduler, 346trace, 1181–1184
long names, converting, 88–89long-term performance monitoring, 1159, 1160long-term power outages, 1255–1256loopback addresses, 475LPD (Line Printer Daemon), 196LPR (Line Printer Remote) ports, 194, 196Lprmon.dll, 196
MMAC (media access control), 505, 867, 870machine-wide registry information, 1275–1276Macintosh interoperability, 899mail
distribution groups, 228forwarding, SMTP
access options, 1113Default SMTP Virtual Server, 1112–1116delivery options, 1115–1116directories, 1111domains, 1116–1117examples, 1041–1042identities, 1113LDAP Routing, 1116message limitations, 1114overview, 1110–1111site link objects, 443
proof of receipt, 710protocols, 1041–1042S/MIME, 721–722software patch alerts, 787storage reports, 614–615
Local Policies security area
Z07I620474.fm Page 1408 Wednesday, January 18, 2006 4:56 PM
1409
majority node set (MNS) clustering, 579Majority Node Set resource type, 594Man in the Middle attacks, 870Manage Documents permission, 209Manage Printers permission, 209Manage Your Server window, 178–181Manage Your Server Wizard, 498managed
clients, wireless security, 873, 874computer accounts, 948–950volumes, 693–694
Management And Monitoring Tools, 1349mandatory profiles, 264manual
certificate requests, 825–827CRL publishing, 818index merges, 1014installations, 57–58, 62, 91–93registry backup copies, 1291Remote Desktop enabling, 163Remote Storage tasks, 694trust relationship setup, 402user object creation, 417–418
.maphosts files, 891–892mapping aliases to content. See virtual directoriesmasks, subnet, 477mass storage drivers, 87–88master
indexes, 1010merges, 1010, 1013roles, Active Directory, 460–467
Master Boot Record (MBR), 99, 102–103matches. See queryingmatching patterns, capture frames, 1195maximum availability without load balancing, 596mean time to failure (MTTF), 1250–1251mean time to recover (MTTR), 1250–1251measuring downtime, 1250–1251media
backups, 1221–1223, 1230copies, Remote Storage, 697–698identifiers, 678–679pools, 677–678, 682–684, 1222rotation, 1227, 1247states, 679–680
Media Services, 1352member servers, 106–107members. See groupsmemory
allocation settings, 1199–1200cache, 1199–1200indexing, 1012–1013
leaks, 1162overview, 15performance monitoring, 1162–1163Windows Terminal Services, 983, 988
Memory\ Available MBytes counter, 1162Memory\ Cache Bytes counter, 1162Memory\ Committed Bytes counter, 1162Memory\ Pages/Sec counter, 1162, 1163Memory\ Pool Nonpaged Allocs counter, 1163Memory\ Pool Nonpaged Bytes counter, 1162menus
editors, RIS, 944personalized, 1341
merging indexes, 1013–1014Message Integrity Check (MIC), 870messages
FTP sites, 1100proof of receipt, 710S/MIME, 721–722signed, 721SMTP, 1114Terminal Services sessions, 998–999
metabase, 1074–1075Microsoft Baseline Security Analyzer (MBSA),
781–782Microsoft IIS Log File Format, 1081Microsoft IntelliMirror, 902Microsoft Management Console (MMC). See also
names of individual consolesActive Directory, 377–378Convenience Consoles, 324new consoles, building, 324–330overview, 6, 323
Microsoft Operations Manager (MOM), 903Microsoft Rapid Economic Justification (REJ), 46Microsoft Services for Netware, 899Microsoft Services for NFS
Client for NFS, configuring, 894–895connections, 892–894NFS shares, creating, 895–896overview, 887–888Server for NFS, configuring, 896–897User Name Mapping, configuring, 889–892
Microsoft Services for NFS Administration component, 887
Microsoft Update, 62, 791migration
DHCP scopes, 513print servers, 192–193Windows NT domains, 114
MIME (Multipurpose Internet Mail Extensions), 1044, 1094
MIME
Z07I620474.fm Page 1409 Wednesday, January 18, 2006 4:56 PM
1410
minimum system requirements, 67–68mirrored boot partitions, 1299–1300mirrors
adding, 561–562breaking, 565drive failures, 563–564RAID levels, 1256–1262removing, 564
mission-critical availability, 578–579mixed functionality levels, 396–400mixed-mode domain remote access, 840–842mixed naming conventions, 33mobile user wireless security. See also connection
services802.11 protocols, 867–868deployment scenarios, 872–875encryption, 868–870guest access, 872, 874managed clients, 873, 874options, 870overview, 865risk assessments, 865risk tolerance, 866rogue access points, 873–874, 875subnet masks, 479
modem banks, 834Modified Field Modification (MFM), 541Modify permissions, 270–271Monad, 373monitoring performance
acceptable-use policies, 1159baseline, 1159, 1160bottlenecks, 1158disk activity, 1164–1165documentation, 1158–1159Event Viewer, 1166–1170frequency, 1161memory usage, 1162–1163network activity, 1165–1166Network Monitor, 1186–1199options, 1160–1166overview, 1157performance impact of, 1161Performance Logs And Alerts, 1180–1186processor activity, 1163–1164Server Performance Advisor, 1171–1175strategies, 1161System Monitor, 1175–1180
monthly backups, 1235mounted volumes, 552MountedDevices subkey, 1277mounting media, 684
mounting volumes, 570–571Move command, 419moving
Active Directory objects, 428organizational units, 232user accounts, 255
MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 2), 705
MS-DOS boot disks, 1217MS-DOS prompt, 1340.msc files, 323Msconfig.exe, 1309–1311MsgBox function, 366MSH (Monad), 373Msinfo32.exe, 1306–1307multicast scopes, DHCP, 500multihomed servers, 182multilevel exports, NFS, 895Multilink, 851multiple
backup schedules, 1236DHCP servers, 488–489, 507–510disk controller fault tolerance, 1260domain structure, 39, 40–42domains across subnet boundary, 492domains within subnet boundary, 492IP addresses configured, 1079namespaces, 19, 30–31network adapters in multicast mode, 583recovery plan copies, 1208root domains, 39server performance monitoring, 1173–1175
multiple-drive data protection, 696multiple-master-domain model, 124–125multiple-master domains, 41multiple-master replication, 378, 436multipurpose replication groups, 658–660mutual authentication, 706My Briefcase, 1340My Documents, 1340My Network Places, 1341
NName Mappings command, 419name resolution. See also DNS (Domain Name
System)Active Directory, 20–21DHCP, 487–489internal vs. external namespaces, 34–36overview, 481WINS, 489–492, 532–537
minimum system requirements
Z07I620474.fm Page 1410 Wednesday, January 18, 2006 4:56 PM
1411
names. See also naming conventionsActive Directory formats, 24Active Directory objects, 428Administrator accounts, 185child domains, 388–389computers, 170DFS, 644domain controllers, 394, 428–429domains, 108, 384–386, 429, 483filename conversions, 88–89groups, 233hidden file shares, 283home directory files, 1085–1086printer locations, 188–190printers, 188registry keys or values, 1285renamed Windows NT 4 components,
1337–1343RIS computer names, 933RIS images, 944server identity, changing, 169trees, creating new, 390UPNs, 402user accounts, 247, 256users, 248volumes, 567Windows NT domain upgrades, 128–129
namespacesActive Directory, 20–21continuous, planning, 41DFS, 644–652forests, 30–31, 41–42naming conventions, 29–36planning, 29–42roots, 638–639, 645–646servers, 638, 647trees, 30
naming contexts, Active Directory, 26naming conventions
ARC, 1217disks, 1217geographical, 33mixed, 33namespaces, 29–36organizational, 32partitions, 1217printer locations, 188–190printers, 188user names, 248
nativedomain remote access, 843–847functionality levels, 396–400Windows Installer packages, 904
NCSA common log file format option, 1081.NET application services, 14.NET Framework, 1349.NET Passport Authentication, 1087net session command, 288net share command, 287–288net view command, 288NetBIOS (Network Basic Input/Output System)
Active Directory domain names, 385DFS without, 644overview, 472WINS, 489–492, 532–537
NETLOGON share, 286NetWare servers, 119network activity monitoring, 1165–1166network address translation (NAT)
firewalls, 476overview, 834, 1124–1125servers, configuring, 835–836
network addressing. See also DNS (Domain Name System); name resolution; TCP/IP
adding, 173analyzing, 47DNS settings, configuring, 175–176dynamic addressing, 171–172firewalls, 476–477IPv6, 492–494loopback, 475managing, 487–489network address translation, 1124–1125network classes, 474–476Network Monitor databases, 1191overview, 474private, 1125remote access policies, 851reservations, 504restrictions, 1088–1089routers, 479routing protocols, 480server clusters, 593static addressing, 173subnets, 477–478Web sites, 1079–1080WINS, 176–177, 532–537
network addressing
Z07I620474.fm Page 1411 Wednesday, January 18, 2006 4:56 PM
1412
network administrative toolsauditing events
archiving logs, 342categories, 336–338enabling, 337–338filtering logs, 341log size, 341–342object settings, 338–339overview, 336–338searching logs, 340viewing logs, 339
AT command, 347–348cron, 348delegating control, 343–344installing locally, 334installing remotely, 335MMC, 323–330overview, 323scripts, 335–336secondary logon, 323–330Support Tools, 335–336Task Scheduler, 344–347
network authenticationaccess control, implementing, 757–759Active Directory sites, 434combining methods, 1088defined, 837enabling, 751–757FTP sites, 1098–1099hardware-enabled, 706IPSec policies, 771mutual, 706NNTP virtual servers, 1107overview, 704, 751proof of identity, 704protocols, 10, 705–706requests, 861scripts, 362–363, 370smart cards, 752–756SMTP virtual servers, 1113trust relationships, 109–112Web sites, 1086–1087wireless networking, 868–870
network backups. See also network restorescertificate authorities, 810–812command line, 1237–1239disaster preparation, 1212domain upgrades, 131–133encrypted files, 1243excluding files, 1232
failure, planning for, 1242–1243launching, 1227logs, 1231media rotation, 1227, 1247options, 1230overview, 1221permissions, 1229, 1246recovery drives, 1220registry, 1290–1291before restoring from, 1311scheduling, 1234–1236scripts, 1229server configuration settings, 1072–1073steps, 1227–1228storage medium, 1221–1223, 1230strategy planning, 1224–1227system state, 1242–1243third-party utilities, 1246–1247types, 1225–1226
network-based printer setup, 195–198network card IP addresses, 1079–1080network classes, IP addresses, 474–476network components, configuring, 170–171network connection services
dial-up remote access, 830, 834–835IAS, 858–863NAT servers, 835–836Networking Services, 1350overview, 829–830RADIUS
how it works, 860multiple remote access servers, 861–863proxy, 863–864
remote access policiesconfiguring, 848–852default, 837–838setting, 836
remote access servers, 833–834, 852–853Virtual Server
administering, 978–979alternatives to, 979properties, configuring, 965–966
VPNs, 727–729, 831–833, 853–858network connectivity
IIS servers, 1072–1073network activity monitoring, 1165–1166NNTP virtual servers, 1109print servers, 207printers, 199, 202–204Web sites, 1048–1049
network administrative tools
Z07I620474.fm Page 1412 Wednesday, January 18, 2006 4:56 PM
1413
network deployment environments. See also configuring new installations
application deployments, 62–63creating
disk imaging, 89–90distribution shares, 80–89overview, 72Setup Manager, 72–77Windows Server 2003 R2 and, 78–79
designing, 55install methods, choosing, 57–60installation process, 91licensing modes, 63–64overview, 55partitions, 68–69plans, creating, 71–72preinstallation, 61product activations, 64–65security, 69–70server configurations, 66–70software updates, 61–62system requirements, 67–68test labs, 65–66virtual, 962–965
network deployment planningcurrent systems, assessing, 46–48goals, defining, 50IT changes, problems with, 44, 45–46overview, 5–6, 43–44risk assessment, 50–51roadmap, making, 49–51wireless security, 872–875
network documentation, 46–48, 1158–1159network entities, ISA 2004, 1147–1148Network File System (NFS). See also Microsoft
Services for NFSshared folders
overview, 288–292User Name Mapping component, 288–289Windows Firewall, 289
sharescreating, 290–291, 895–896modifying, 292removing, 292
UNIX interoperability, 885Network File System (NFS) Protocol, 471network firewalls
IP addresses, 476–477ISA 2004, 1136–1138ISA Firewall Client, 1150
namespace name resolution, 34, 36NFS shared folders, 289post-Setup updates, installing, 161remote administration, 163replicating through, 643reverse proxy, 1144–1146Windows Firewall, 750–751
network framescapture filters, 1192–1195capture triggers, 1198–1199Capture window, 1188–1189capturing, 1187–1188comments, 1191–1192display filters, 1196–1198Frame Viewer window, 1189–1190overview, 1187pattern matches, 1195printing, 1192
network gatewaysIP addresses, 476–477overview, 479
network identitychanging, 169domain controllers, 394
network lease durations, DHCP, 503Network Load Balancing (NLB) clusters
capacities, 588–589creating, 583–588fault tolerance, 589hosts, removing, 588models, 582–583nodes, adding, 587optimizing, 589–590overview, 576, 580–581scenarios, 577–579
Network Load Balancing service, 1263network management. See also administrative tools;
network connection services; software management
Group Policy, 7–8IntelliMirror, 8overview, 6–9printers, 7Terminal Services, 8–9
Network Monitoraddress databases, 1191capture buffer size, 1190configuring, 1190–1192driver, 1186
Network Monitor
Z07I620474.fm Page 1413 Wednesday, January 18, 2006 4:56 PM
1414
Network Monitor, continuedframes
capture filters, 1192–1195capture triggers, 1198–1199Capture window, 1188–1189capturing, 1187–1188comments, 1191–1192display filters, 1196–1198Frame Viewer window, 1189–1190overview, 1187pattern matches, 1195printing, 1192
overview, 1186network name resource, clustering, 609Network Neighborhood, 1341Network News Transfer Protocol (NNTP), 1043,
1102–1110network performance. See performancenetwork protocols
802.11, 867–868routing, 480TCP/IP
configuring, 171–177DHCP, 487–489IP, 470IP addresses, 474–476IPv6, 492–494LDAP, 487NetBIOS, 472overview, 469–470RFCs, 472–474TCP, 470–471UDP, 471WINS, 489–492Winsock, 471–472
UNIX interoperability, 883–884network resource sharing
Active Directory publishing, 292–293folder redirection, 313–317hiding, 283NFS shared folders, 288–292NTFS permissions
files, 274folders, 273how they work, 271–272inheritance, 272–273listed, 270–271, 274–276overview, 270ownership, 268–279special, 274–276
overview, 267–268server clusters, 593share vs. file permissions, 268–269shared folders, 279–288
network restoresAutomated System Recovery, 1301–1302backups, restoring from, 1311boot disks, 1298broken mirrors, 565certificate authorities, 812compromised systems, handling, 782DFS folder targets, 651DHCP databases, 514files, 1239, 1240Group Policy Objects, 313in-place upgrades, 1300–1301ISA 2004, 1151–1153Last Known Good Configuration option,
1296–1297Master Boot Record, 102–103media rotation, 1227mirrored boot partitions, 1299–1300options, 1241–1242overview, 1239, 1295possible failure causes, 1295–1296Recovery Console, 1353–1356registry, 1292Safe Mode option, 1297–1298server configurations, 1073system state, 1244–1246triaging situation, 1293–1295
network routersdemand-dial interfaces, 857–858DHCP relay agents, 511–513IP settings, configuring, 174IPv6, 492–494overview, 479remote access servers as, 854subnets, 477–478WINS, 489–492
network security. See security; wirelessnetwork settings, configuring, 169–177network storage
Distributed File Systeminstallations, 644overview, 634–635terminology, 637–641what’s new, 636
File Server Resource Managerdisk quotas, 630–634file screens, 624–630global options, 614–615overview, 614quotas, 618–624reports, 615–617
overview, 613Remote Storage, 686–699Removable Storage, 676–686Storage Manager For SANs, 663–676
network name resource, clustering
Z07I620474.fm Page 1414 Wednesday, January 18, 2006 4:56 PM
1415
network subnets, 477–478network topology, ISA 2004, 1133–1135network traffic, 47network tuning, 1202network utilization, Terminal Services, 984Networking Services, 1350new. See also new installation configurations
disks, adding, 547–549FTP sites, 1058–1059indexing, 1027interface features listed, 1331–1335IPSec policies, 767–768security templates, 744–745Web sites, 1049–1052
New Domain Wizard, 1117New Expiration Policy Wizard, 1105new installation configurations
devices, 164–169network settings, 169–177overview, 159problems, checking for, 164remote administration, 162–163security precautions, 184server roles, 178–181storage, 168–169updates, installing, 159–161
New Newgroup Wizard, 1105New NNTP Virtual Server Wizard, 1103New Virtual Directory Wizard, 1104news servers, implementing, 1102–1110newsgroups, 1043, 1105, 1108NFS (Network File System). See Network File
System (NFS)nfsadmin.exe, 288nfsmgmt.msc, 288NLB (Network Load Balancing) clusters. See
Network Load Balancing (NLB) clustersNo Documents Matched Query error, 1030–1031No Override option, 302nodes
NLB clusters, 587server clusters
capacities, 597–598configuration options, 595–597failover policies, 595interconnects, 590overview, 591
nonidle processor time, 1164noninherited permissions, 272–273noninteractive scripts, 369, 373nonpaged pools, 1162nonrepudiation, 710nontransitive trusts, 110, 401–402
nonzero exit codes, 369normal backups, 1225notifications
alert messages, 1186disaster or problem situations, 1209escalation procedures, 1209printers matching criteria, 202software patch alerts, 787storage reports, 614–615
Novell Netware interoperability, 899nslookup, 485NTBackup, 1228, 1237, 1247Ntbtlog.txt, 1298NTDS Settings object, 439NTDS Site Settings object, 439Ntdsutil.exe, 1245–1246NTFS. See also NTFS permissions
Active Directory, 379compressing drives, 1338–1339conversion planning, 566encryption, 571–573FAT, 69, 565file screening, 574formatting issues, 566–568overview, 571quotas, 574shadow copies, 574
NTFS permissionsbackups, 1246files, 274folders, 273how they work, 271–272inheritance, 272–273listed, 270–271, 274–276overview, 270ownership, 268–279special, 274–276
NTLM (Windows NT LAN Manager), 10, 705, 724NUMA (nonuniform memory access), 15numbers, disks or partitions, 1217
Oobfuscated password entry, 363object classes, Active Directory schema, 451–452objectGUID attribute, 21objects
Active Directory, 21, 404–411auditing access, 779–780event auditing, 338–339ownership, 758permissions, 759System Monitor, 1176
objects
Z07I620474.fm Page 1415 Wednesday, January 18, 2006 4:56 PM
1416
octets, IP addresses, 474–476ODBC logging, 1081OEM drivers in RIPrep images, 85–86offline root CAs, 824–825on demand connections, 855On Error Resume Next statement, 368on-media identifiers, 678on-site DNS servers, 381once backup option, 1235one-shot WMI calls, 370one-way trust relationships, 110–112, 400–402online root CAs, 824Open Home Page command, 419Open Shortest Path First (OSPF), 480operating systems
booting for installations, 61connectivity, assessing, 47defaults, changing, 102guest, 955previous, booting, 101–103remote installations, 951–952RIS images, 936–944virtual machines, 973
operational functional levels, 396–399operations master roles, Active Directory, 460–467operator requests, Removable Storage, 685optional components, 1345–1352organization
infrastructure, documenting, 47naming conventions, 32
organizational units (OUs), 22configuring, 412–414creating, 40, 231, 411–412delegating control, 343deleting, 232vs. domains, 36–38moving, 232overview, 38, 108planning, 230–231
orphaned records, DHCP, 506Orthogonal Frequency Division Multiplexing
(OFDM), 867Other Network File and Print Services, 1350other privilege levels, UNIX, 882–883out-of-band management solution
administration, 1321–1323answer files, 1318–1319enabling, 1315, 1319–1320firmware-based console redirection, 1316headless servers, 1316–1319manual installations, 1316–1317overview, 1312–1313
requirements, 1314RIS-based installations, 1317–1318security, 1315setting up, 1315–1320version upgrades and, 1319–1320
out-of-the-box security templates, 743outdated records, DHCP, 506output and input handling, scripts, 366–367overriding folder referral settings, 650overriding policy setting inheritance, 302–303overwriting events, 780overwriting metabase history, 1075ownership
access rights, 758NTFS permissions, 268–279UNIX privilege levels, 882–883
Ppackages
application property changes, 918–919Group Policy additions, 915–916Group Policy options, 911–915modifications, 920–922native Windows Installer, 904overview, 915redeploying, 922removing, 922repackaged applications, 905–908upgrades, 919–920
Packet Binary Convolution Coding (PBCC), 867packets
filtering, ISA 2004, 1125–1126IP, 470routers, 479subnets, 477–478TCP, 470–471UDP, 471
page file optimization, 1201–1202page separators, 210–211Paging File\ % Usage counter, 1163paging, monitoring, 1163parallel subfrequency transmissions, 867parent domains, 388–389parsing tool, 1181partial failover, 596partitions
Active Directory, 26, 379converting, 379, 565creating, 552–555deleting, 557–558drive letters, 569–570formatting, 555, 566–568
octets
Z07I620474.fm Page 1416 Wednesday, January 18, 2006 4:56 PM
1417
logical drives, 556naming conventions, 1217overview, 546planning, 68–69storage, configuring, 168–169
pass-through authentication, 111Passport Authentication, 705Password Authentication Protocol (PAP), 705passwords. See also authentication
planning, 71scripts, 362–363shared secrets, 860smart cards, 710–711user accounts, 249–250, 256
patchesdeployment testing, 789–791obtaining, 791–795overview, 62, 783–785phases, 785–789third-party products, 795–796
path management, scripts, 363–365%PATH% security considerations, 364%PATHEXT% security considerations, 365pattern matches, capture frames, 1195pausing. See also stopping
IIS, 1065–1067virtual machines, 975
PDF file indexing, 1032peak usage data, quotas, 621pending certificate requests, changing, 822Per Device Or Per User licensing, 63–64Per Server licensing, 63–64performance
archived event logs, 342availability, 11DFS Namespaces, 636Distributed File System, 636group organization, 229Indexing Service, 1028–1033memory usage, 1162–1163network activity, 1165–1166Network Monitor, 1186–1199options, 1160–1166overview, 1157performance impact of, 1161Performance Logs And Alerts, 1180–1186processor activity, 1163–1164quotas, 619reliability, 11scalability, 14–15Server Performance Advisor, 1171–1175storage reports, 618
strategies, 1161System Monitor, 1175–1180Web site options, 1082
Performance Advisor tool, 1171–1175performance counters
disk activity, 1164–1165Indexing Service, 1029–1030logs, 1181–1184memory usage, 1162–1163network activity, 1165–1166processor activity, 1163–1164System Monitor, 1177–1178
Performance Logs And Alerts, 1180–1186performance monitoring
acceptable-use policies, 1159baseline, 1159, 1160bottlenecks, 1158disk activity, 1164–1165documentation, 1158–1159Event Viewer, 1166–1170frequency, 1161
performance tuningmemory allocation, 1199–1200networks, 1202page file optimization, 1201–1202
Perl, 354–355, 372permissions. See also groups; NTFS permissions
access control, implementing, 757–759Active Directory schema, 445backups, 1229, 1246certificate templates, 815delegating control, 26, 343DFS namespaces, 650Group Policy Objects, 308–311home directory, 1084–1085IIS, 1062–1065indexing, 1018inherited, 272–273objects, 759planning, 69–70printers, 208–209protocols, 10registry, 1286–1288remote access, 836, 837–847RIS images, 942–943scripts, 362–363, 369share vs. file permissions, 268–269shared folders, 283trust relationships, 109–112types, 709UNIX interoperability, 880, 881
permissions
Z07I620474.fm Page 1417 Wednesday, January 18, 2006 4:56 PM
1418
persistent indexes, 1010personalized menus, 1341PFM (Pulse Frequency Modulation), 541phishing attacks, 787phrase searches, 1024–1027physical directories
information store, accessing, 23virtual directories, confusion with, 1056–1057
Physical Disk\ Avg. Disk Bytes/Transfer counter, 1165
Physical Disk\ Avg. Disk Sec/Transfer counter, 1163, 1165
Physical Disk\ Current Disk Queue Length counter, 1165
Physical Disk\ % Disk Time counter, 1165Physical Disk\ Disk Transfers/Sec counter, 1165Physical Disk resource type, 592, 606–608physical drives, 539physical media, 684physical media states, 679physical memory usage, 1162physical networks, documenting, 47PINs (password identification numbers), 710–711PKIs (public-key infrastructures). See public-key
infrastructures (PKIs)placeholders, remote storage, 687plain text e-mail handling, 787planning mode, Resultant Set of Policy, 317,
318–319platforms. See interoperability; operating systemsPlug and Play (PnP) drivers, 84–85Plug and Play (PnP) readers, 710–711pointer records, DNS, 524poisoning attacks, 520policies, remote access. See remote access policiespolicy agents, IPSec, 726–727policy management. See Group Policypolicy modules, 798, 813policy updates, 311–312polling settings, namespaces, 651pools, printer, 216POP3 (Post Office Protocol version 3), 1042ports
firewalls, 750inject/eject, 681NFS shared folders, 289PPTP, 854–855printers, 195–197, 216security options, 737terminal concentrators, 1315
post-Setup updates, installing, 159–161
power supply problems, 1251–1256PPP (Point-to-Point Protocol), 833PPTP (Point-to-Point Tunneling Protocol), 728,
854–855pre-shared keys, 874Preboot Execution Environment (PXE), 57predefined IPSec policies, 765–767predefined security templates, 741–744preinstallation environments, 61preinstallation phase, 92prestaging clients, RIS, 948–950previous operating systems, booting, 101–103primary domain controller emulator, 461–462primary domain controllers, 20, 37, 40, 106–107,
133–134primary partitions, 540primary recovery resources, 1205principal name suffix, 247principals, ACE, 25print jobs, 204–206, 220Print Management Console (PMC), 7, 199–204Print permission, 207print queue document management, 212–213, 216,
220print servers
adding, 199backups, 193connections, 207failures, handling, 218–219managing
command line, 207–208print jobs, 204–206Print Management Console, 7, 199–204Web browsers, 206
migrating, 192–193modifying, 200monitoring, 199–204remote server settings, 194size, 187status, 224upgrading, 192–193Windows NT domain upgrades, 118
PRINT$ share, 286Print Spooler resource type, 593print spooling, 212–213, 222, 225printer drivers, 214–216, 220Printer Migrator, 193printer objects, Active Directory, 427printer pools, 216printer ports, 216printer trays, 222
persistent indexes
Z07I620474.fm Page 1418 Wednesday, January 18, 2006 4:56 PM
1419
printersavailability, 209–210command line administration, 207–208connections, 188, 199, 202–204data types, 213–214deployment planning, 187–193filtered folders, 201–202group priorities, 209–210installing, 195–198location names, 188–190location tracking, 190–192, 225–226names, 188network recommendations, 190Other Network File and Print Services, 1350overview, 187performance optimization, 218Print Management Console, 7, 199–204publishing, 427Run As feature, 333–334security, 208–209separator pages, 210–211server clusters, 593shared, 286Web browsers, 206
printingcaptured frames, 1192process steps, 220troubleshooting
application print failures, 223client machine problems, 219–223fails to print, 222–223incorrect printing, 222location tracking, 225–226overview, 217physically checking, 224print server failures, 218–219print server status, 224stuck documents, deleting, 225
UNIX interoperability, 885–887prioritizing print jobs, 205private keys, 714–715, 761, 762private network addresses, 1125private networks, 590private news servers, implementing, 1102–1110privilege levels, UNIX interoperability, 882–883privileges assigned to groups, 243–245procedures, disaster recovery, 1206–1210process tracking real time, 1175–1180Process\ Working Set and Virtual Bytes counters,
1162processing order, Group Policy, 301
Processor\ % Interrupt Time counter, 1164Processor\ Interrupts/Sec counter, 1164Processor\ % Privileged Time counter, 1164Processor\ % Processor Time counter, 1163Processor\ % User Time counter, 1164processors
activity monitoring, 1163–1164adding, 1324–1325overview, 15Windows Terminal Services, 983–984
product activations, 64–65product keys, 56profiles
business, 866remote access policies, 850–852user
folders inside, 260local, 261logon scripts, 264–265mandatory, 264overview, 259–260roaming, 261–264
user objects, 421program restriction policies, 923–926projecting future business needs, 46promoting servers to domain controllers, 381–386proof of identity, 704proof of receipt, 710propagated ACEs, 26propagated permissions, 272–273properties
catalogs, 1019–1020certificate authorities, 812–815devices, 167package applications, 918–919Terminal Services connections, 1001–1004user accounts, 251–252
property cache, configuring, 1019–1020Protected Extensible Authentication Protocol
(PEAP), 705protocols. See also authentication; IP addresses;
TCP/IP802.11, 867–868BAP, 851DHCP, 487–489FTP, 1040–1041HTTP, 1038–1039IAS, 858–859IIS, 1037–1043IP, 470IPSec, 725–727
protocols
Z07I620474.fm Page 1419 Wednesday, January 18, 2006 4:56 PM
1420
protocols, continuedIPv6, 492–494Kerberos, 10, 722–724L2TP, 833LDAP, 487, 1116NetBIOS, 472NNTP, 1043NTLM, 724PPP, 833RDP, 1001–1004RFCs, 472–474routing, 480, 858S/MIME, 721–722SSL, 724–725TCP, 470–471UDP, 471UNIX interoperability, 883–884VPNs, 14WINS, 489–492Winsock, 471–472
proxies, RADIUS, 863–864proximity searches, 1024public-key cryptographic standards (PKCS), 712public-key encryption, 713, 722public-key infrastructures (PKIs)
certificates, 715–720CRLs, 817–819overview, 711–712private keys, 714–715public-key certificates, 714–715public-key vs. symmetric-key encryption, 713standards, 711–712
Public Key Management console, 324public networks, 590public news servers, implementing, 1102–1110published resources, directory services, 20publishers, certificate, 798publishing. See also sharing file resources
applications, 906–907certificates, 814CRLs, 818FTP sites, 1058–1061printers, 198, 427shared folders, 427Web sites, 1044–1047
Pulse Frequency Modulation (PFM), 541PXE (Preboot Execution Environment), 57PXE remote-boot compatible NIC, 951
Qquery forms, 1024–1027querying. See also Indexing Service
custom query forms, 1024–1027defined, 1010file not found errors, 1026inconsistent results, 1032indexes, 1023–1027No Documents Matched Query error, 1030–1031Resultant Set of Policy, 317
quorum resources, 592quotas
disk, 574, 630–634File Server Resource Manager, 618–624folders, 618–624Quota Management vs. disk quotas, 618volumes, 618–624
RR2 image additions, RIS, 939RADIUS
accounting, 862how it works, 860IAS servers for, 863multiple remote access servers, 861–863proxy, 863–864remote servers for, 862servers, 869, 870, 872
RAID-5 volumes, 541RAID (redundant array of independent disks), 68
availability, 1261costs, 1261defined, 540fault tolerance levels, 1260hardware, 544hardware vs. software, 1256–1257hot-spare systems, 1262hot-swap systems, 1262intended use, 1259levels, 1257–1259overview, 542, 1256performance considerations, 1261software, 1256–1257
RAMoverview, 15performance monitoring, 1162–1163Setup problems related to, 99Windows Terminal Services, 983, 988
Rank Descending sort method, 1032
proxies
Z07I620474.fm Page 1420 Wednesday, January 18, 2006 4:56 PM
1421
RAS servers, 133rating Web site content, 1093raw data types, 213raw protocol, 197rdisk numbers, 1217re-creating Master Boot Record, 102–103Read & Execute permissions, 270–271Read Only interaction level, 77read-only schema access, 446Read permissions, 270–271, 881, 1084real-time process tracking, 1175–1180rebuilding NNTP virtual servers, 1110recall limits, Remote Storage, 695recording performance data, 1173records, DNS, 524–527recovery. See also restores
agents, 773–774compromised systems, handling, 782drives, 1220encrypted files and folders, 773–774Remote Storage, 698–699Windows NT domain upgrades, 131–133
Recovery Console, 1218, 1353–1356recovery planning
iterating, 1210–1211overview, 1203–1204resource identification, 1205responses, developing, 1206–1209risk identification, 1204–1205testing procedures, 1209–1210
recovery preparationAutomated System Recovery disks, 1212–1215backups, 1212boot disks, 1216–1217fault tolerant system, 1211options, specifying, 1219–1220overview, 1211
recursion, 484, 529redeploying packages, 922redirecting folders, 313–317redirecting home directory, 1084redundancy, DHCP servers, 507–510referral settings, namespace, 649–650refreshing
CRLs, 720Group Policy, 311–312Refresh Servers commands, 993
.REG files, 1284Reg utility, 1288–1289REG_BINARY data type, 1277REG_DWORD data type, 1277
Regedit.exe, 1280–1281Regedt32.exe, 1280regeneration, 562REG_EXPAND_SZ data type, 1277REG_FULL_RESOURCE_DESCRIPTOR data type,
1278regional naming conventions, 33registered domain names, 384registering certificates, 717–718registering domain names, 36registry. See also registry editing; registry structure
backups, 1290–1291data, purpose of, 1267Indexing Service, 1021–1023redirection, 1269restores, 1292
registry editingadding keys or values, 1283best practices, 1267exporting data, 1283hives, 1285importing data, 1283overview, 1279.REG files, 1284Reg utility, 1288–1289Registry Editor, 1280–1288remote machines, 1285removing keys or values, 1283renaming, 1285search options, 1281–1282security, 1286–1288value contents, 1282
Registry Editor, 1280–1281Registry Redirector, 1269Registry security area, 741registry structure
32-bit vs. 64-bit, 1269data location, 1279data storage, 1277–1279data types, 1277–1278disk-based keys, 1278hives, 1279overview, 1268root keys, 1271–1272subkeys, 1273–1277value entries, 1277volatile keys, 1278
REG_MULTI_SZ data type, 1278REG_NONE data type, 1278REG_SZ data type, 1277reinstalling Windows, 1312
reinstalling Windows
Z07I620474.fm Page 1421 Wednesday, January 18, 2006 4:56 PM
1422
REJ (Microsoft Rapid Economic Justification), 46rejecting certificate requests, 822relative distinguished names (RDN), 22relative identifier master (RID), 464–465relay agents, DHCP, 511–513relay privileges, SMTP virtual servers, 1114releasing client address leases, 514reliability
DHCP servers, 489overview, 11TCP, 470
remote access policiesattributes, 848–850configuring, 848–852default, 837–838encryption, 852models, 838–847profiles, 850–852setting, 836
remote administrationActive Directory objects, 426consoles, custom, 329–330Device Manager, 1339disk management, 545Emergency Management Services
overview, 1312–1313requirements, 1314security, 1315setting up, 1315–1320
enabling, 162–163IIS, 1119–1120shares, 286tool installations, 335
Remote Administration (HTML), 1046, 1119–1120remote boot disks, 951remote certificates, 754–756remote computer event logs, 1169remote computer registries, 1285Remote Data Protocol (RDP), 1001–1004Remote Desktop
enabling, 162–163IIS installations, 1046installing, 1007–1008overview, 982vs. Windows Terminal Services, 981
Remote Desktop for Administration modeenabling, 988installing programs, 988–992overview, 983
Remote Differential Compression (RDC), 662Remote Installation Preparation (RIPrep), 945–947Remote Installation Services (RIS). See RIS (Remote
Installation Services)remote installations, 57–60remote operating system installations, 951–952remote scripts, 373remote servers. See also Terminal Services
configuring, 852–853RADIUS, 861–863routers, configuring as, 854smart cards, 754–756, 757
Remote Storageadditional volumes, 692configuring, 690–695data safety, 689–690, 695–697disabling, 693disaster recovery, 698–699include/exclude rules, 692manual tasks, 694media copies, 697–698overview, 686–688, 1351program compatibility, 688–689recall limits, 695setting up, 690–691system requirements, 690
remote virtual directories, 1054remote VPNs, 728remotely controlling Terminal Services sessions,
999–1000remotely scheduled tasks, 347Removable Storage
accessing, 680devices, 677libraries, 677, 680–682media identifiers, 678–679media pools, 677–678, 682–684media states, 679–680operator requests, 685overview, 676, 1222terminology, 677–680work queues, 685
removable storage, backups, 1221–1223, 1230removing
devices, 166logon history, 71Windows, 1326–1327
renamed Windows NT components, 1337–1343
REJ
Z07I620474.fm Page 1422 Wednesday, January 18, 2006 4:56 PM
1423
renamingActive Directory objects, 428Administrator accounts, 185built-in Administrator accounts, 71domain controllers, 428–429domains, 429filename conversions, 88–89files, creating, 88registry keys or values, 1285RIS images, 944user accounts, 256
Renew CA Certificate command, 812renewing
certificate authorities, 812certificates, 720client address leases, 514
repackaged applications, 905–908repair installations, 1300–1301repairing system. See recoveryreplacing
files at restoration, 1241power supplies, 1252print servers, 192–193printers, 205
replicas, domain controller, 387–388replication
domain controllers, 387–388, 434folders, 640, 652–655groups, 640, 652–660overview, 27, 37types, 436–438viewing objects, 438WINS, 534–535
reports. See also performance countersdisk quotas, 634Event Viewer, 1166–1170File Server Resource Manager, 615–617Server Performance Advisor, 1171–1175
Request Security security policy, 765requesting certificates, 762–763requests for comments (RFCs), 472–474Require Security security policy, 765reseal functionality, Sysprep, 89reservations, address, 504Reset Password command, 419resetting
passwords, 256, 419peak usage data, quotas, 621Terminal Services sessions, 995
resource domains, 118
resource escalation procedures, 1208resource identification, disaster planning, 1205resource records, 380–381resource sharing
Active Directory publishing, 292–293folder redirection, 313–317hiding, 283NFS shared folders, 288–292NTFS permissions
files, 274folders, 273how they work, 271–272inheritance, 272–273listed, 270–271, 274–276overview, 270ownership, 268–279special, 274–276
overview, 267–268server clusters, 593share vs. file permissions, 268–269shared folders, 279–288
Respond Only security policy, 765responses, disaster recovery, 1206–1210restarting. See also recovery
catalogs, 1017computers, Recovery Console, 1353–1356IIS, 1065–1067print jobs, 205
restarts, Group Policy, 913Restore CA command, 812restores. See also backups
Automated System Recovery, 1301–1302backups, restoring from, 1311boot disks, 1298broken mirrors, 565certificate authorities, 812compromised systems, handling, 782DFS folder targets, 651DHCP databases, 514files, 1239, 1240Group Policy Objects, 313in-place upgrades, 1300–1301ISA 2004, 1151–1153Last Known Good Configuration option,
1296–1297Master Boot Record, 102–103media rotation, 1227mirrored boot partitions, 1299–1300options, 1241–1242overview, 1239, 1295
restores
Z07I620474.fm Page 1423 Wednesday, January 18, 2006 4:56 PM
1424
restores, continuedpossible failure causes, 1295–1296Recovery Console, 1353–1356registry, 1292Safe Mode option, 1297–1298server configurations, 1073system state, 1244–1246triaging situation, 1293–1295
Restricted Groups security setting, 741restriction policies, software, 923–926Resultant Set of Policy (RSoP), 317–320Resultant Set of Policy (RSoP) Wizard, 7resynching data, 562return on investment (ROI), 45reverse
lookup zones, 521lookups, 484–485proxies, 1144–1146
revoking certificates, 719–721, 817–819RFC 822 names, 24rights, user, 242–246RIPrep images, OEM drivers in, 85–86RIPrep (Remote Installation Preparation), 59–60,
945–947Riprep.sif, 941RIS (Remote Installation Services)
administeringGroup Policy settings, 935operating system images, 936–944Remote Installation Preparation, 59–60,
945–947RIS settings, 932–935RIS tool additions, 944user installations, 948–952
client prestaging, 948–950described, 1351headless server installations, 1317–1318how it works, 927–928installing, 930–932method comparisons, 57–58Remote Installation Preparation, 59–60servers, 67system recommendations, 929–930Windows versions supported, 928
risk assessmentsdeployments, 50–51disaster planning, 1205wireless security, 865
risk identifications, disaster planning, 1204–1205risk tolerance, wireless security, 866RIS.sif answer files, 72Ristndrd.sif, 941
RMS (Windows Rights Management Services), 729roaming profiles, 261–264rogue access points, 873–874, 875roles, server, 178–181, 460–467, 1044–1045rolling back installed drivers, 1302–1303root CAs, 715–717, 803, 819–820, 823–825root domains, 38, 41, 42, 390root folder shares, 286root hints, DNS, 531root keys
32-bit vs. 64-bit, 1269adding, 1283finding, 1281–1282hives, 1279overview, 1271–1272removing, 1283renaming, 1285subkeys, 1273–1277
root users, UNIX, 883rotating backup media, 1227, 1247router-to-router VPNs
demand-dial interfaces, 858examples, 832overview, 729, 855–857
routersdemand-dial interfaces, 857–858DHCP relay agents, 511–513IP settings, configuring, 174IPv6, 492–494overview, 479remote access servers as, 854subnets, 477–478WINS, 489–492
Routing and Remote Access (RRAS), 119, 133Routing and Remote Access Server Setup Wizard,
833–834routing flaps, 481Routing Information Protocol (RIP), 480routing protocols, 480, 858routing tables, 856, 858RPC External Data Representation component, 887RPC Port Mapper component, 888Run As feature, 331–334RunAs command, 362runaway recall limits, 695
SSAC (Special Administration Console), 1321–1323Safe Mode option, 1297–1298safe OS copies, 69sags, voltage, 1254Samba servers, 119, 886
Restricted Groups security setting
Z07I620474.fm Page 1424 Wednesday, January 18, 2006 4:56 PM
1425
same internal and external namespaces, 34–36sampling intervals, System Monitor, 1180SANs (storage area networks)
iSCSIsecurity, 673suggestions, 667targets, 672, 674
LUNs, 675–676overview, 663–666server connections, 670–671terminology, 665–666
saved indexes, 1011saving
alert settings, 1184event logs, 342, 1170log settings, 1184virtual machine states, 975
scalability, 14–15scans, indexes, 1011, 1020–1021scavenging, WINS, 536scheduled scripts, 362, 373scheduling
backups, 1234–1236AT command, 347–348cron, 348data collection groups, 1173deployments, 51domain upgrades, 136File Server Resource Manager reports, 615–617index merges, 1013Task Scheduler, 344–347
schema, Active Directoryattributes
adding, 452auxiliary class, adding, 452–453creating, 449–450display specifiers, 454–456object classes, creating, 451–452overview, 448
batch imports and exports, 457display specifiers, modifying, 454–456domain controller accessed, 447implementing, 25launching, 446–448LDIF, 457–459modifying, 448–453operations master roles, 460–467overview, 23, 445security, 445–446updates, 140–147
Schema Admins group, 109schema master, 462–463
scopesDHCP
activating, 504address reservations, 504creating, 499–503deactivating, 504migrating, 513modifying, 510
Group Policy Objects, 306–308groups, 228–229, 233–234, 236indexing, 1011
screening files, 624–630Script Source Access permissions, 1084Scriptomatic, 370scripts
additional resources, 374–375backup jobs, 1229credentials, 362–363error management, 367–369future considerations, 373–374I/O handling, 366–367IIS, 1047infrastructure
Active Scripting, 353COM interfaces, 354command shell, 353extending, 354–355overview, 352
logon, 264–265MSH, 373overview, 335–336, 351–352, 357path management, 363–365print management, 208scheduled, 362security, 369server clusters, 594translating script languages, 371–372what’s new, 355–356WMI, 370WSH scripts as console tools, 357–362
SCSI Shunt drivers, 973SCSI (Small Computer System Interface), 541search paths, Virtual Server, 966Search tool, 1340searches. See also Indexing Service
Active Directory objects, 408event logs, 340printers, 201–202querying indexes, 1023–1027registry keys and values, 1281–1282user accounts, 253–254
searches
Z07I620474.fm Page 1425 Wednesday, January 18, 2006 4:56 PM
1426
secondaryDNS servers, 516logons, 331–334print servers, 218–219recovery resources, 1205
Secure Multipurpose Internet Mail Extensions (S/MIME), 721–722
secure security templates, 742–743Secure Server (Require Security) policy, 765Secure Shell (SSH), 884Secure Sockets Layer (SSL), 724–725, 1043Secure Sockets Layer/Transport Layer Security
(SSL/TLS), 705security. See also authentication; certificates;
firewalls; permissionsaccess control, 709, 757–759Administrator accounts, 185analyzing, 747–749, 781–782auditing, 710, 778–781compromised systems, handling, 782data protection, 707–709deployment policies, 739IIS, 1062–1065IPSec policies, 764–772ISA 2004 server, 1131, 1136–1138iSCSI, 673local data, 773–778nonrepudiation, 710overview, 9–10, 703–704, 733planning, 69–70post-Setup updates, installing, 159–161precautions, 184software restriction policies, 923–926UNIX interoperability, 880VPNs, 727–729Web sites, 1086–1092Windows Rights Management Services, 729
security accountsFTP sites, 1098–1099planning, 69–70
Security Accounts Manager (SAM), 1274, 1279Security Configuration and Analysis, 746–749Security Configuration Wizard, 734–739, 1351security databases, 746–747Security group, 424security groups
folder redirection, 316overview, 228policy settings needed, 307–308
SECURITY hive, 1279security identifiers (SIDs), 25, 889
security logs, 780–781, 1167security policies
deploying, 739domains, 38, 39–40options, 735organizational units, 38Security Configuration Wizard, 734–739templates, 739–745
security principal names, 247security templates
applying, 745compatible, 743configurable areas, 741exporting, 747importing, 747new, 744–745out-of-the-box, 743overview, 739–740predefined, 741–744secure options, 742–743Security Configuration and Analysis, 746–749
security tokens, 229security updates, 783seizing
domain naming master roles, 464infrastructure master, 466–467PDC emulator roles, 461–462relative identifier master roles, 465schema master roles, 463
self-signed certificates, 715Send Mail command, 419.sep files, 210–211separator pages, 210–211Serial ATA (SATA), 542Serial Port Console Redirection (SPCR), 1316server-based conflict detection, 511Server\ Bytes Total/Sec counter, 1166server clusters, 1263
capacities, 597–598configuring, 595–597creating, 598–611failback policies, 595failover policies, 595groups, 591, 604–606networks, 590nodes, 591overview, 576, 590–592resources, 592–595, 604–611scenarios, 577–579
Server for NFS Authentication component, 887Server for NFS component, 887, 896–897
secondary
Z07I620474.fm Page 1426 Wednesday, January 18, 2006 4:56 PM
1427
Server for NIS component, 897server identity, changing, 169server-level administration, IIS, 1071–1075, 1096Server Message Block (SMB), 885–886server objects, Active Directory, 436, 439–440Server Performance Advisor, 1171–1175Server (Request Security) policy, 765server roles
adding, 178–179Application, 1044–1045architecture improvements, 106–107options, 178–181planning, 66–67removing, 178–179security options, 736–737setting up, 178–181
server/server protocols, 1038–1043Server\ Server Sessions and Server\ Logon/sec
counter, 1166Server\ Work Item Shortages counter, 1166Server Work Queues\ Queue Length counter, 1164servers. See also IIS (Internet Information Services);
performance; print servers; Terminal Services
backups, 1072–1073configurations, planning, 66–70DFS, 642dial-up clients, 834–835first server, configuring, 181–183Global Catalog, 394–395inventory, taking, 118–120NAT, 835–836processors, adding, 1324–1325promoting to domain controllers, 381–386remote access, 833–834, 852–853, 854security, 69–70settings, configuring, 169–177system requirements, 67–68types, 66–67upgrade requirements, 137upgrading to Windows Server 2003, 149–151Virtual Server
administering, 978–979alternatives to, 979configuring, 961–966IIS, 956–958installing, 956–961overview, 955–956
Windows NT domain upgrades, 118service packs, 82–83, 784
servicesexisting, inventorying, 48locations, resource record for, 380optional components, 1345–1352registry information, 1276server clusters, 595status information, 1307–1308
sessionscredentials, scripting, 362FTP, 1040, 1097HTTP, 1038NNTP, 1043, 1110Terminal Services, 982–983, 992–1000
settings available on network computers, 902Setup. See installations; upgrading to Windows
Server 2003Setup-based installation methods, 57–58Setup Manager, 72–77Setup.log, 1215SFU (Windows Services for UNIX), 354shadow
copies, 574, 595indexes, 1011merges, 1011
share-level permissions, 283share names, printers, 188share permissions vs. file permissions, 268–269shared folders. See also distribution shares
creating, 281–283File Server Management tool, 279–281net share command, 287–288NFS, 288–292overview, 279permissions, 283publishing, 427removing, 284simultaneous connections, 284–285special shares, 285–286tool options, 279user disconnections, 284
Shared Folders snap-in, 279shared nothing clusters, 589shared printers, 286shared resources, server clusters, 593shared secrets, 860SharePoint Services, 1352Sharing And Security option, Windows Explorer,
279sharing directory with NFS, 895–896
sharing directory with NFS
Z07I620474.fm Page 1427 Wednesday, January 18, 2006 4:56 PM
1428
sharing file resourcesActive Directory publishing, 292–293hiding, 283NFS shared folders, 288–292NTFS permissions
files, 274folders, 273how they work, 271–272inheritance, 272–273listed, 270–271, 274–276overview, 270ownership, 268–279special, 274–276
overview, 267–268share vs. file permissions, 268–269shared folders, 279–288
sharing Web, 1056Shavlik HFNetChkPro, 796short names, converting, 88–89short-term power outages, 1255shut down problems, 1325–1326Shutdown Event Tracker, 1323–1324side media states, 679signatures, digital, 708–709, 713, 721–722, 725–727signed messages, 721signed receipts, 710silent software installations, 63simple volumes, 540simulation options, Resultant Set of Policy, 318simultaneous connections, 284–285single
continuous namespaces, 30, 38–39, 41domain across subnet boundary, 491domain tree structure, 38–39network adapter in multicast mode, 582network adapter in unicast mode, 582, 583sign-ons, 707
single-domain model, 121single-drive data protection, 695Single Instance Store (SIS), 928single-layer expensive disk (SLED), 541single-master-domain model, 121–123single-master domains, 39, 41single-master replication, 378, 436single-master schema operations, 446site-level administration, IIS, 1075, 1096–1101site topology, domain upgrades, 130–131sites, Active Directory
connection objects, 439–440domain replication, 436–438overview, 108, 433–434
replication objects, 438server objects, 439–440site link bridge objects, 444site link objects, 443site links, 444site objects, 434–436, 438–439subnet objects, 441–442
sites, FTPanonymous access, 1098–1099authentication, 1098–1099configuration backup files, 1072–1073creating, 1058–1059default, 1058directory-level properties, 1076, 1101file-level properties, 1077home directory, 1100–1101identities, 1097messages, 1100other site types, 1058overview, 1058properties, 1096–1101security, 1062–1065server-level properties, 1096site-level properties, 1075, 1096–1101starting, 1065–1067stopping, 1065–1067testing, 1059–1060virtual directories, 1060–1061
sites, Web. See also Indexing Service; ISA 2004client restrictions, 1088–1089configuration backup files, 1072–1073connections, 1048–1049content expirations, 1093content ratings, 1093creating, 1049–1052default, 1047–1048directory-level properties, 1076file-level properties, 1077home directory, 1083–1085HTTP, 1038–1039identities, 1079IP addresses, 1079–1080other types, 1049security, 1062–1065, 1089–1092server properties, 1073–1075site-level properties, 1075starting, 1065–1067stopping, 1065–1067testing, 1052virtual directories, 1053–1057
sharing file resources
Z07I620474.fm Page 1428 Wednesday, January 18, 2006 4:56 PM
1429
sizecache, 1201capture buffers, 1190clusters, 569event logs, 341–342indexing, 1012–1013LUNs, 676security logs, 780
Size registry value, 1201slash notations, subnet masks, 478slow indexing, 1033slow links, software installations, 914–915Small Computer System Interface (SCSI), 541Smart Card Enrollment station, 752, 753smart cards, 706, 710–711, 752–756SMB (Server Message Block), 885–886SMS 2003 Operating System Deployment Feature
Pack, 59SMS (Systems Management Server), 59–60, 63, 67,
795, 903SMTP (Simple Mail Transfer Protocol)
access options, 1113Default SMTP Virtual Server, 1112–1116delivery options, 1115–1116directories, 1111domains, 1116–1117examples, 1041–1042identities, 1113LDAP Routing, 1116message limitations, 1114overview, 1110–1111site link objects, 443
snap-ins, Microsoft Management Console, 6snapshot configuration settings, 1072–1073snapshot storage reports, 618soft quotas, 619software. See also software management; software
patchesdistribution points, 908–909Emergency Management Services, 1314inventory, taking, 48RAID, 1256–1257registry information, 1275–1276support changes, 113system information gathering, 1306–1307updates, 61–62, 83–84, 783upgrading to Windows Server 2003, 113
SOFTWARE hive, 1279Software Installation feature, Group Policy, 6
software management. See also deployment environments; RIS (Remote Installation Services)
deployment options, 5–6, 62–63Group Policy Software Installation extension,
901–902, 908–915Microsoft Operations Manager, 903packages
application property changes, 918–919Group Policy, adding to, 915–916modifications, 920–922native Windows Installer, 904overview, 915redeploying, 922removing, 922upgrades, 919–920
repackaged applications, 905–908restriction policies, 923–926Systems Management Server, 903technology options, 903–908Terminal Services, 988–992.zap files, 904–905
software patchesdeployment testing, 789–791obtaining, 791–795overview, 783–785phases, 785–789third-party products, 795–796
space. See also disk management; storageindexing, 1012–1013memory usage monitoring, 1162–1163partitions, 558Windows Terminal Services, 983, 988
spanned volumes, 540, 561Special Administration Console (SAC), 1321–1323special NTFS permissions, 274–276special shares, shared folders, 285–286speed, printing, 212–213spikes, 1253–1254splitting address space between servers, 508SPM printer ports, 194spooling, print, 212–213, 222, 225SQL Servers, 67SRV (DNS resource record), 380SSH (Secure Shell), 884SSID hiding, 871SSL (Secure Sockets Layer), 724–725, 1043,
1089–1092SSL/TLS (Secure Sockets Layer/Transport Layer
Security), 10, 705staging applications during Setup, 63
staging applications during Setup
Z07I620474.fm Page 1429 Wednesday, January 18, 2006 4:56 PM
1430
stale records, DHCP, 506standalone
CAs, 716, 802, 822namespaces, 638root CAs, 803servers, 107subordinate CAs, 803
Standard Edition, Windows Server 2003, 4–5standard escalation procedures (SEPs), 1208–1209standard operating procedures (SOPs), 1206–1208standard port monitors, 196Start menu customizing, 1341Start Service command, 810starting computer from CD-ROM, 1353–1356startup troubleshooting, 1309–1311stateful packet filtering, 1126Stateful Packet Inspection (SPI), 1126states, virtual machines, 975static
addressing, 173entries, WINS, 536load balancing, 595routing, 856, 858
statistical failure rates, 1250–1251status
print servers, 224RIS servers, 932security information, 781–782
Stop Service command, 810stopping
certificate authorities, 810computer when log full, 342CRL publications, 818IIS, 1065–1067printing, 205, 206, 208running tasks, 346Task Scheduler, 346virtual machines, 975
storage. See also disk managementbackups, 1221–1223, 1230certificates, 814configuring, 168–169DFS, 1262disk activity monitoring, 1164–1165Distributed File System
installations, 644overview, 634–635terminology, 637–641what’s new, 636
File Server Resource Managerdisk quotas, 630–634file screens, 624–630global options, 614–615overview, 614quotas, 618–624reports, 615–617
GPO information, 297Indexing Services, 1012–1013overview, 13, 613registry, 1277–1279Remote Storage, 686–699, 1351Removable Storage, 676–686
storage area networks (SANs)iSCSI
security, 673suggestions, 667targets, 672, 674
LUNs, 675–676overview, 663–666server connections, 670–671terminology, 665–666
Storage Manager For SANsconsole nodes, 669installing, 668–669overview, 663
streams, script I/O handling, 366striped volumes, 541structural classes, 452structural domains, 127stuck documents, deleting, 225subdomains, DNS, 522–524subfolders
distribution shares, 81quota management, 618–624
subkeys, 1273–1277, 1279subnet masks, 477subnet objects, Active Directory, 436, 441–442subnets
adding, 173overview, 433, 477–478routers, 479WINS, 489–492
subordinate CAs, 715–717, 803, 823–825Subsystem for UNIX-Based Applications (SUA),
354, 897–898, 1228subtrees, Active Directory, 21suffixes, UPNs, 402super users, UNIX, 883superscopes, DHCP, 500Support Tools, 335, 1357–1361
stale records
Z07I620474.fm Page 1430 Wednesday, January 18, 2006 4:56 PM
1431
surge protectors, 1253–1254surges, power, 1254switched environments, clusters, 589–590switching functional levels, 151–158symbolic links, 882symmetric encryption, 713, 722Sysocmgr.exe, 80Sysocmgr.ini, 80Sysprep, 89–90Sysprep Mini-Setup, 58–60Sysprep.inf answer files, 72system assessments, current, 46–48System catalog, 1015system configuration settings. See registrySystem Configuration Utility, 1309–1311system failures. See also system recovery;
troubleshootingclustering, 1263DFS, 1262disk arrays, 1256–1262measuring, 1250–1251power supply problems, 1251–1256
System File Checker, 1311SYSTEM hive, 1279System Information utility, 1306–1307System Information, viewing, 1341–1342system logs, 1167System Monitor, 1175–1180system preparations, installations, 91System\ Processor Queue Length counter, 1164system recovery
agents, 773–774compromised systems, handling, 782drives, 1220encrypted files and folders, 773–774Remote Storage, 698–699Windows NT domain upgrades, 131–133
system recovery planningiterating, 1210–1211overview, 1203–1204resource identification, 1205responses, developing, 1206–1209risk identification, 1204–1205testing procedures, 1209–1210
system recovery preparationAutomated System Recovery disks, 1212–1215backups, 1212boot disks, 1216–1217fault tolerant system, 1211options, specifying, 1219–1220overview, 1211Recovery Console, 1218
system requirements, 67–68System Services security area, 741system state backups, 1242–1243, 1290–1291system state restores, 1244–1246System tool recovery options, 1219–1220system updates. See updatesSYSVOL share, 286
Ttape backups, 1220, 1222targets
DFS folders, 640, 651iSCSI, 672, 674
Task Scheduler, 344–347, 1237task scheduling. See schedulingTCP/IP. See also DHCP (Dynamic Host
Configuration Protocol); DNS (Domain Name System); name resolution
accessing, 1342administration, 495advanced options, 173–177configuring, 171–177directory services, 18dynamic addressing, 171–172firewalls, 476–477FTP, 1040–1041HTTP, 1038–1039IP addresses, 474–476IP settings, configuring, 173IPv6, 492–494LDAP, 487NetBIOS, 472NNTP, 1043options, changing, 177overview, 469–470RFCs, 472–474routers, 479SMTP, 1041–1042static addressing, 173subnets, 477–478TCP, 470–471UDP, 471UNIX printing, 885–887WINS, 176–177, 489–492, 532–537Winsock, 471–472
TCP (Transmission Control Protocol), 470–471Telnet, 884templates
certificates, 719, 799–801, 815–817file screening, 628–629Group Policy, 296, 298quotas, 622–624
templates
Z07I620474.fm Page 1431 Wednesday, January 18, 2006 4:56 PM
1432
templates, continuedsecurity
applying, 745compatible, 743configurable areas, 741exporting, 747importing, 747new, 744–745out-of-the-box, 743overview, 739–740predefined, 741–744secure options, 742–743Security Configuration and Analysis, 746–749
user object creation, 418temporarily stop printing, 205, 206, 208temporarily stop running tasks, 346terminal concentrators, 1315Terminal Server Client Access License (CAL), 1007Terminal Server licensing, 64Terminal Server roles, 985–987Terminal Services
administrationlicensing, 1005–1007overview, 982–983sessions management, 993–1000Terminal Services Configuration MMC,
1000–1004Terminal Services Manager, 992–1000tools listed, 992
capacities, 985Change command, 990–992clusters, 578installation considerations, 985–992installing programs, 988–992overview, 8–9, 981–983Remote Desktop, 981Remote Desktop for Administration mode, 988requirements, 983–984
Terminal Services Configuration MMC, 1000–1004Terminal Services Licensing MMC, 1005–1007Terminal Services Licensing server, 1005–1007Terminal Services Manager, 992–1000test labs, 65–66test network deployments, patches, 789–790testing. See also Virtual Server
Active Directory functionality, 140–141disaster recovery plans, 1209–1210domain upgrades, 136FTP sites, 1059–1060patch deployments, 789–791remote administration, 1120
user accounts, 252–253virtual directories, 1061Web sites, 1052
text-based file zone storage, 486text data type, 214text-mode Setup phase, 92text searches, 1024–1027text streams, 366thin clients, 8third-party
backup tools, 1291product patches, 795–796utility backups, 1246–1247
thread execution, 1164ticket-granting service (TGS), 723ticket-granting ticket (TGT), 723time
backup scheduling, 1234–1236backup windows, 1224Boot menu timeouts, 102logon hours permitted, 248monitoring frequency, 1161processor activity, 1163–1164
timely contacts, 437timeouts, Boot menu, 102TKIP (Temporal Key Integrity Protocol), 869TLS (Transport Layer Security), 1043tools, administrative
auditing eventsarchiving logs, 342categories, 336–338enabling, 337–338filtering logs, 341log size, 341–342object settings, 338–339overview, 336–338searching logs, 340viewing logs, 339
AT command, 347–348cron, 348delegating control, 26, 343–344IIS, 1044–1047installing locally, 334installing remotely, 335Management And Monitoring Tools, 1349MMC, 323–330overview, 323remote access policies, 838–847scripts, 335–336, 1047secondary logons, 323–330Support Tools, 335Task Scheduler, 344–347
temporarily stop printing
Z07I620474.fm Page 1432 Wednesday, January 18, 2006 4:56 PM
1433
top level domains, 482total cost of ownership (TCO), 45trace logs, 1181–1184tracking. See logstraffic. See also connectivity
documenting, 47routers, 479
transfer protocols, 1040–1041transferring
domain naming master roles, 463infrastructure master, 466PDC emulator roles, 461relative identifier master roles, 465schema master roles, 462zones, 527
transforms, 920–922transitive trusts, 37, 39, 111–112, 401–402translating addresses to friendly names. See DNS
(Domain Name System)translating NetBIOS names and addresses. See
WINS (Windows Internet Name Service)translating script languages, 371–372Transport Layer Security (TLS), 1043trees
Active Directory, 21, 108child domains, 388–389creating, 390domain namespace, 482multiple domain structure, 40–42names, 30
triage process troubleshooting, 1293–1295troubleshooting. See also troubleshooting printing
boot modes, 1298devices, 168diagnosing problem, 1302–1303Emergency Management Services
overview, 1312–1313requirements, 1314security, 1315setting up, 1315–1320
Help And Support Center tools, 1304–1306HTTP sessions, 1038Indexing Service, 1030–1033installations, 98–103overview, 1293possible failure causes, 1295–1296reinstalling Windows, 1312rolling back installed drivers, 1302–1303services, checking, 1307–1308shut down problems, 1325–1326
Shutdown Event Tracker, 1323–1324System Configuration Utility, 1309–1311System File Checker, 1311System Information utility, 1306–1307triage, 1293–1295uninstalling Windows, 1326–1327
troubleshooting printingapplication print failures, 223client machine problems, 219–223fails to, 222–223incorrectly, 222overview, 217print server failures, 218–219print server status, 224printer location tracking, 225–226printer physical checks, 224stuck documents, deleting, 225
trust relationshipsActive Directory Domains and Trusts snap-in,
395–403documenting, 117federated identity management, 430managing, 400–402multiple domain structure, 41nontransitive, 110, 401–402overview, 10, 109transitive, 37, 39, 111–112Windows NT, 110–112Windows NT domain upgrades, 117
trusted CAs, 716–717trusted certificate distribution, 819–822trusted computing base (TCB), 25TS Device CALs, 64TS External Connector CALs, 64TS User CALs, 64Tsadmin.exe, 992–1000tuning
bottlenecks, 1158Indexing Service performance, 1028–1029memory allocation, 1199–1200monitoring frequency, 1161monitoring options, 1160–1166monitoring performance impact, 1161networks, 1202page file optimization, 1201–1202strategies, 1161
tunneling protocols, 856turning off virtual machines, 975two-way trust relationships, 111–112Typical Configuration For A First Server option, 181
Typical Configuration For A First Server option
Z07I620474.fm Page 1433 Wednesday, January 18, 2006 4:56 PM
1434
UUDDI (Universal Description, Discovery and
Integration), 1351UDP (User Datagram Protocol), 471, 885UID (user identity), 889, 897unattended installations
answer files, 94image-based installations, 58–60optional components, 80Setup-based installations, 57–58Windows Server 2003 R2, 78–79
Unattend.txt answer files, 72unauthorized wireless access points, 873–874, 875UNC names, 24Under Construction messages, 1049uninstalling devices, 166uninstalling Windows, 1326–1327Universal groups, 383universal scope, groups, 229, 233UNIX backups, 1228UNIX interoperability
connectivity, 883–884file listing, 880–882file systems, 885–886identity management, 897Microsoft Services for NFS
Client for NFS, configuring, 894–895connections, 892–894NFS shares, creating, 895–896overview, 887–888Server for NFS, configuring, 896–897User Name Mapping, configuring, 889–892
overview, 879printing, 885–887security, 880symbolic links, 882Windows Subsystem for UNIX-Based Applica-
tions, 897–898UNIX shells, 354–355unknown risks, disaster planning, 1204unloading hives, 1285unlocking user accounts, 257unused physical memory, 1162update rollups, 784Update Root Certificates, 1352updated interface items, 1331–1335updates
Active Directory schemas, 140–147applications, 907–908Automated System Recovery disks, 1216automatic, 791–795
defined, 784disaster plans, 1210–1211distribution shares, 83–84DNS root hints, 531options, 61–62patches
obtaining, 791–795overview, 783–785phases, 785–789third-party products, 795–796
policies, 311–312post-Setup, installing, 159–161recovery plans regularly, 1208Windows Server Post-Setup Security Updates win-
dow, 159–161upgrade packages, 919–920upgrading clients to Windows XP, 147–148upgrading to Windows Server 2003
architectual changesActive Directory, 107–112domain controllers, 106–107server roles, 106–107
domain controllers, 391domain upgrades
documenting existing network, 116–120vs. migrating, 114–115overview, 114
hardware support, 112–113overview, 105preparing computers, 138–140preparing domains, 137–138print servers, 192–193server requirements, 137server upgrades, 149–151software support, 113Web service extensions, 1117–1119
UPN (user principal name) suffixes, configuring, 402
UPS (uninterruptible power supply), 1251–1256USENET system, 1043, 1102user accounts. See also groups
deleting, 255disabling, 254domains, 250–251enabling, 254finding, 253–254local, 251managing, 253–257moving, 255names, 247, 256options, 248
UDDI
Z07I620474.fm Page 1434 Wednesday, January 18, 2006 4:56 PM
1435
overview, 247passwords, 249–250, 256properties, setting, 251–252remote access permissions, 838–840testing, 252–253unlocking, 257
user CALs, 63–64User Configuration node, 304–305User Controlled interaction level, 77user interaction levels, installation, 77User Manager, 1342User Manager for Domains, 1342User Name Mapping component, 288–289, 887,
889–892user names, 248user profiles
copying, 946folders inside, 260local, 261logon scripts, 264–265mandatory, 264overview, 259–260registry, 1279roaming, 261–264
user-related policies, GPOs, 296users. See also authentication; directory services;
groups; permissionsaccess control, implementing, 757–759data on network computers, 902defining, 242–245group rights, assigning to, 245–246home folders, 257–258local rights, assigning, 246names, 248objects, 417–423shared folder disconnections, 284UNIX, 882–883
Vvalidating certificates, 716–717values, registry
adding, 1283contents, editing, 1282finding, 1281–1282overview, 1277removing, 1283renaming, 1285
variable length subnet masks, 478VBScript, 353, 368, 372Version 1 templates, 719, 815Version 2 templates, 719, 815
versionsinformation, checking, 1311upgrades, EMS, 1319–1320Windows Server 2003, 4–5
video files, saving, 625View Options, 1342view settings, devices, 166viewing
Active Directory objects, 404–411captured frames, 1189–1190current Web settings, 1117–1119device properties, 167devices, 165–166network components, 170–171newsgroups, 1108NNTP sessions, 1110physical memory usage, 1162print status, 200quotas, 621recorded performance data, 1173scheduled tasks, 347security analysis, 747–749security logs, 780–781servers, 993service status information, 1307–1308System Information, 1341–1342System Monitor information, 1178–1180Terminal Services information, 992–1000virtual networks, 962WINS items, 536
virtual directoriesFTP sites, 1060–1061icons, 1056–1057Web sites, 1053–1057
Virtual Directory Creation Wizard, 1054–1055, 1060–1061
virtual disk patch testing, 789–790Virtual Machine Additions, installing, 977–978Virtual Machine Remote Control (VMRC), 966,
974–975virtual machines
CD/DVD drives, 969–971configuring, 975–977creating, 967–968default settings, 968–973device captures, 969direct remote connections, 966, 974–975operating systems, installing, 973options while running, 975–976options while stopped, 976–977SCSI Shunt drivers, 973
virtual machines
Z07I620474.fm Page 1435 Wednesday, January 18, 2006 4:56 PM
1436
virtual machines, continuedsearch paths, 966starting first time, 971–973stopping, 975Virtual Machine Additions, installing, 977–978Virtual PC, 979VMWare Workstation, 979
virtual memory counters, 1162virtual network cards, 962virtual networks, 962–965Virtual PC (VPC), 979virtual printer folders, 201–202virtual private networks (VPNs). See VPNs (virtual
private networks)virtual roots, 1011Virtual Server
administering, 978–979alternatives to, 979configuring, 961–966deployment testing, 789–790IIS, 956–958installing, 956–961overview, 955–956properties, configuring, 965–966virtual machines
configuring, 975–977creating, 967–968default settings, 968–973device captures, 969Virtual Machine Additions, installing, 977–978
virtual networks, 962–965virtual servers. See FTP sites; Network News
Transfer Protocol (NNTP); SMTP (Simple Mail Transfer Protocol); Web sites
virtual teams, 979virtual test environments, 65–66viruses
Master Boot Record, 99software updates, 61
VMWare Workstation, 789–790, 979volatile keys, 1278voltage variations, 1252–1255Volume Shadow Copy Service Task resource type,
595volumes. See also Remote Storage
converting FAT to NTFS, 565creating, 549–551deleting, 557–558drive letters, 569–570extending, 559–560formatting, 555, 566–568
licensing, 65mirrors, 561–565mounted, 552mounting, 570–571names, 567quota management, 618–624
VPNs (virtual private networks)components, 833configuring, 853–858demand-dial interfaces, 857–858IAS, 858–863Internet connections, 853ISA 2004, 1141–1144overview, 727–729, 831–832PPTP filters, 855PPTP ports, 854–855protocols, 833router-to-router, 855–857server as router, configuring, 854wireless security, 871
WW3C extended log file format option, 1081wait states, RAM, 99Web applications
overview, 14settings, 1085
Web browsersallow browsing, 1136–1138print server management, 206
Web Edition, Windows Server 2003, 4–5Web servers, 577, 1038Web service extensions, 1117–1119Web Services for Management (WS-Man), 374Web sharing, 1056Web Site Creation Wizard, 1049–1052Web site management. See also Web sites
document options, 1085–1086home directory options, 1083–1085HTTP errors options, 1094–1095HTTP headers options, 1093–1094ISAPI filter options, 1082overview, 1078performance options, 1082security options, 1086–1092site options, 1078–1081
Web sites. See also Indexing Service; ISA 2004client restrictions, 1088–1089configuration backup files, 1072–1073connections, 1048–1049content expirations, 1093
virtual memory counters
Z07I620474.fm Page 1436 Wednesday, January 18, 2006 4:56 PM
1437
content ratings, 1093creating, 1049–1052default, 1047–1048directory-level properties, 1076file-level properties, 1077HTTP, 1038–1039identities, 1079IP addresses, 1079–1080other types, 1049security, 1062–1065, 1089–1092server properties, 1073–1075site-level properties, 1075starting, 1065–1067stopping, 1065–1067testing, 1052virtual directories, 1053–1057
weekly backups, 1235well connected networks, 433When Idle backup option, 1235Wi-Fi Protected Access (WPA), 869–870, 871wildcards, 1232, 1282Windows 98 upgrades, 148Windows 2000 functional level, 151–153Windows client deployment planning, 5–6Windows Clustering, 576Windows Computer Cluster Server 2003, 4–5Windows Explorer, 1343Windows Firewall
NFS shared folders, 289overview, 750–751post-Setup updates, installing, 161remote administration, 163
Windows Internet Name Service (WINS). See WINS (Windows Internet Name Service)
Windows Load Balancing Service, 1263Windows Management Instrumentation (WMI)
best practices, 370overview, 354what’s new, 356
Windows Me upgrades, 148Windows Media Services, 1352Windows NT 3.51 servers, 119Windows NT domain controller upgrades, 391Windows NT domain upgrades
Active Directory forests, planning, 121–131Active Directory Migration Tool, 115compatibility issues, 118–120DNS names, 128–129DNS namespaces, 118documenting current network, 116–120domain models, 117, 121–128
guidelines, 133–137vs. migrating, 114overview, 114recovery plans, 131–133site topology, 130–131trust relationships, 117
Windows NT Explorer, 1343Windows NT functional level, 154–156Windows NT interface changes, 1337–1343Windows NT LAN Manager (NTLM), 705, 724Windows NT RRAS servers, 119Windows NT server roles, 106–107Windows NT system policies, 297Windows NT trust relationships, 110–112Windows page file optimization, 1201–1202Windows PE, 944Windows Product Activation (WPA) provider, 941Windows Rights Management Services (RMS), 729Windows Scripting Host (WSH)
COM interfaces, 354overview, 353scripts as console tools, 357–362scripts, running, 336what’s new, 356
Windows Server 2000 mixed functional level, 154–156
Windows Server 2000 native functional level, 154–156
Windows Server 2003availability, 11changes in, 15communications, 13–14deploying, 5–6file system, 13installing, 149interface changes, 1331–1335Internet services, 14interoperability, 9.NET application services, 14network management, 6–9planning considerations, 15reliability, 11scalability, 14–15security, 9–10storage, 13upgrading, 150–151versions, 4–5
Windows Server 2003 Backup program, 1228–1236
Windows Server 2003 Backup Wizard, 1237Windows Server 2003 functional level, 151–156
Windows Server 2003 functional level
Z07I620474.fm Page 1437 Wednesday, January 18, 2006 4:56 PM
1438
Windows Server 2003 interim functional level, 151–156
Windows Server 2003 R2 images, 939Windows Server 2003 R2 Setup, 78–79Windows Server 2003 scripting. See scriptsWindows Server 2003 Support Tools, 1357–1361Windows Server Post-Setup Security Updates
window, 159–161Windows Server Update Services (WSUS),
792–795, 907Windows Services for UNIX (SFU), 354Windows Setup, 57–58, 92Windows SharePoint Services, 1352Windows Sockets (Winsock), 471–472Windows Subsystem for UNIX-Based Applications,
897–898Windows Terminal Services (WTS)
administrationlicensing, 1005–1007overview, 982–983sessions management, 993–1000Terminal Services Configuration MMC,
1000–1004Terminal Services Manager, 992–1000tools listed, 992
capacities, 985Change command, 990–992installation considerations, 985–992installing programs, 988–992overview, 981–983Remote Desktop, 981, 1007–1008Remote Desktop for Administration mode, 988requirements, 983–984
Windows Update, 62, 791Windows XP client upgrades, 147–148Windows XP Tablet Edition, 56Winnt32.exe, 57, 95–97Winnt.exe, 57, 97–98WINS resource type, server clusters, 593WINS (Windows Internet Name Service)
address assignments, 172clients supported, 532database compacting, 537determining if need, 532DFS without, 644DNS, resolution within, 529installing, 533options, 489–492overview, 532
replication partners, 534–535server preparation steps, 533server setup, 532–537servers, 67, 119settings, configuring, 176–177snap-in functionality, 536viewing options, 536
Wired Equivalent Privacy (WEP), 869, 871wireless
security802.11 protocols, 867–868deployment scenarios, 872–875encryption, 868–870guest access, 872, 874managed clients, 873, 874options, 870overview, 865risk assessments, 865risk tolerance, 866rogue access points, 873–874, 875
subnet masks, 479wires, network, 470WMIC tool, 370word lists, 1011word searches, 1024–1027work queues, 685working directories, command shells, 363Wow6432Node subkey, 1276WPA (Windows Product Activation) provider, 941WPA2 encryption, 870wrapper scripts, 358–362Write permissions, 270–271, 881, 1084WScript.Echo statement, 367Wscript.exe, 336WSH (Windows Scripting Host). See Windows
Scripting Host (WSH)WTS (Windows Terminal Services). See Windows
Terminal Services (WTS)WWW publishing service, 1044–1047WWW site management
document options, 1085–1086home directory options, 1083–1085HTTP errors options, 1094–1095HTTP headers options, 1093–1094ISAPI filter options, 1082overview, 1078performance options, 1082security options, 1086–1092Web site options, 1078–1081
Windows Server 2003 interim functional level
Z07I620474.fm Page 1438 Wednesday, January 18, 2006 4:56 PM
1439
Xx64 architecture, 5x64 environment testing, 790x64 images enabled, 938x64 printer driver support, 214x86 images enabled, 938X.500 directory standard, 19
Z.zap files, 904–905, 917zones, DNS
caching-only servers, 531–532creating, 521–522forwarders, 529–531resource records, 524–527storage, 486–487subdomains, 522–524transfers, 527WINS resolution, 529
zones
Z07I620474.fm Page 1439 Wednesday, January 18, 2006 4:56 PM
Z07I620474.fm Page 1440 Wednesday, January 18, 2006 4:56 PM