MCSE ®
Windows Server
2003
EXAM GUIDE
Brian Culp, Mike Harwood,
Jason Berg
with Drew Bird
McGraw-Hill/Osborne
New York • Chicago • San Francisco • Lisbon
London • Madrid • Mexico City • Milan • New Delhi
San Juan • Seoul • Singapore • Sydney • Toronto
Copyright © 2004 by The McGraw-Hill Companies. All rights reserved. Except as permitted under the United States Copyright Act of
1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval
system, without the prior written permission of the publisher.
ISBN: 978-0-07-163353-6
MHID: 0-07-163353-7
The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-222406-1, MHID: 0-07-222406-1.
All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked
name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the
trademark. Where such designations appear in this book, they have been printed with initial caps.
McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training
programs. To contact a representative please visit the Contact Us page at www.mhprofessional.com.
Information has been obtained by McGraw-Hill/Osborne from sources believed to be reliable. However, because of the possibility of
human or mechanical error by our sources, McGraw-Hill/Osborne, or others, McGraw-Hill/Osborne does not guarantee the accuracy,
adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of
such information.
TERMS OF USE
This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work.
Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one
copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, trans-
mit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the
work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be
terminated if you fail to comply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO
THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUD-
ING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND
EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WAR-
RANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant
or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free.
Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in
the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through
the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, conse-
quential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the
possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises
in contract, tort or otherwise.
Disclaimer:
This eBook does not include the ancillary media that was
packaged with the original printed version of the book.
The logo of the CompTIA Authorized Quality Curriculum Program and the status of this
or other training material as “Authorized” under the CompTIA Authorized Curriculum
Program signifies that, in CompTIA’s opinion, such training material covers the content
of the CompTIA’s related certification exam. CompTIA has not reviewed or approved
the accuracy of the contents of this training material and specifically disclaims any war-
ranties of merchantability or fitness for a particular purpose. CompTIA makes no guar-
antee concerning the success of persons using any such “Authorized” or other training
material in order to prepare for any CompTIA certification exam.
The contents of this training material were created for the CompTIA A+ exams cover-
ing CompTIA certification exam objectives that were current as of September 2003.
How to Become CompTIA Certified
This training material can help you prepare for and pass a related CompTIA certifica-
tion exam or exams. In order to achieve CompTIA certification, you must register for
and pass a CompTIA certification exam or exams.
In order to become CompTIA certified, you must:
1. Select a certification exam provider. For more information please visit http://
www.comptia.org/certification/test_locations.htm.
2. Register for and schedule a time to take the CompTIA certification exam(s) at a
convenient location.
3. Read and sign the Candidate Agreement, which will be presented at the time of
the exam(s). The text of the Candidate Agreement can be found at www.comptia
.org/certification
4. Take and pass the CompTIA certification exam(s).
For more information about CompTIA’s certifications, such as their industry accep-
tance, benefits, or program news, please visit www.comptia.org/certification.
CompTIA is a non-profit information technology (IT) trade association. CompTIA’s
certifications are designed by subject matter experts from across the IT industry. Each
CompTIA certification is vendor-neutral, covers multiple technologies, and requires
demonstration of skills and knowledge widely sought after by the IT industry.
To contact CompTIA with any questions or comments:
Please call + 1 630 268 1818
[email protected]
For Lt. Colonel Lloyd W. Smith, United States Air Force: the
bravery it took to face what you did at Pearl Harbor, D-Day,
and in Korea is quite literally beyond my comprehension.
Thank you. I hope my life honors the gift you helped provide.
For happy Jen, for the sweet way you get indignant at the
thought of others editing my work.
—B.C.
This book is dedicated to family and friends whose patience
and understanding make all of the difference.
—M.H.
This book is dedicated to Lloyd. Of all the lessons in life I wish
to teach you, the most important one is that you can do
anything you set your mind to. If your Dad can write a book,
then you can become a marine biologist. Or a baseball player.
Or even play football for the Ducks.
—J.B.
ABOUT THE AUTHORS
Brian Culp (MCT, MCSE, A+) worked for a small networking outfit called IBM where he
discovered why Dilbert is so popular. He is the author of Mike Meyers’ MCSE Windows
2000 Professional Certification Passport and Mike Meyers’ MCSE Windows XP Professional
Certification Passport. He has also contributed to several other computer titles, including
books on Windows XP and Outlook 2003. He can be reached for questions or speaking
engagements at
[email protected].
Mike Harwood (MCT, MCSE, A+, Server+) is a system manager for a multi-site network
and manages projects for a TecMetrix communications, a systems integration consul-
tancy. He performs technical training, writes technical courseware, and is co-author of
several computer books.
Jason Berg is a full-time technical instructor and part-time writer. This is his first book,
but definitely not his last. He teaches hardware, networking, Cisco, and Microsoft certif-
ication courses. Jason is the founder of 2weekmcse.com, a technical training company
specializing in certification classes. Jason is a graduate of the University of Oregon. He
has earned the MCSE, MCT, and MCDBA certifications from Microsoft and CCNA certif-
ication from Cisco. He lives in Portland, Oregon, with his wife, Rebecca, son Lloyd, and
dog Shari. You can reach Jason at
[email protected] or on his web site, www
.2WeekMCSE.com.
About the Development Editor
Drew Bird has been working in the IT industry since 1988. In addition to writing techni-
cal books and exam study guides, he is an established technical trainer with over 500
days of in-classroom experience teaching Microsoft and Novell networking courses.
Drew and his wife, Zoë, live in the hills outside of Kelowna, British Columbia, Canada.
In his spare time Drew is an avid adventure racer, scuba diver, skier, and snowboarder.
He also enjoys watching the odd film or two.
About the Technical Reviewer
Matteo Rustico (MCSE, MCT, OCP, CNE) has ten years’ experience in the IT industry
and is currently working as an instructor and consultant for Destech Consulting and Ed-
ucation in Toronto, Canada, as part the Oracle database and Microsoft Networking Im-
plementation Teams.
About LearnKey
LearnKey provides self-paced learning content and multimedia delivery solutions to en-
hance personal skills and business productivity. LearnKey claims the largest library of
rich streaming-media training content that engages learners in dynamic media-rich in-
struction complete with video clips, audio, full motion graphics, and animated illustra-
tions. LearnKey can be found on the Web at www.LearnKey.com.
CONTENTS AT A GLANCE
Part I Managing and Maintaining a Microsoft Windows Server
2003 Environment (Exam 70-290) . . . . . . . . . . . . . . . . . . . 1
Chapter 1 Managing and Maintaining Physical and Logical Devices . . . . . . . . . . 3
Chapter 2 Managing Users, Computers, and Groups . . . . . . . . . . . . . . . . . . . . 69
Chapter 3 Managing and Maintaining Access to Resources . . . . . . . . . . . . . . . . 145
Chapter 4 Managing and Maintaining a Server Environment . . . . . . . . . . . . . . . 203
Chapter 5 Managing and Implementing Disaster Recovery . . . . . . . . . . . . . . . . 259
Part II Implementing, Managing, and Maintaining a
Microsoft Windows Server 2003 Network
Infrastructure (Exam 70-291) . . . . . . . . . . . . . . . . . . . . . . . 297
Chapter 6 Administering DNS in a Windows Server 2003 Network . . . . . . . . 299
Chapter 7 Implementing, Managing, and Maintaining IP Addressing . . . . . . . . . 315
Chapter 8 Implementing, Managing, and Maintaining Name Resolution . . . . . . 357
Chapter 9 Implementing, Managing, and Maintaining Routing and
Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Chapter 10 Managing Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Chapter 11 Maintaining a Network Infrastructure ....................... 467
Part III Planning and Maintaining a Microsoft Windows Server
2003 Network Infrastructure (Exam 70-293) . . . . . . . . . . . 499
Chapter 12 Implementing Server Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Chapter 13 Planning, Implementing, and Maintaining
a Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
Chapter 14 Planning, Implementing, and Maintaining Routing and
Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589
Chapter 15 Maintaining Server Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619
Chapter 16 Planning and Maintaining Network Security . . . . . . . . . . . . . . . . . . . 659
Chapter 17 Planning and Maintaining a Security Infrastructure . . . . . . . . . . . . . . 695
vii
MCSE Windows Server 2003 All-in-One Exam Guide
viii
Part IV Planning, Implementing, and Maintaining a Microsoft
Windows Server 2003 Active Directory Infrastructure
(Exam 70-294) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729
Chapter 18 About Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 731
Chapter 19 Planning and Implementing an Active Directory Infrastructure . . . . 751
Chapter 20 Planning and Implementing User, Computer, and
Group Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 791
Chapter 21 Managing and Maintaining an Active Directory Infrastructure . . . . . 839
Chapter 22 Planning and Implementing Group Policy . . . . . . . . . . . . . . . . . . . . . 875
Chapter 23 Managing and Maintaining Group Policy . . . . . . . . . . . . . . . . . . . . . . 921
Appendix About the CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 967
Index ................................................. 971
CONTENTS
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi
Part I Managing and Maintaining a Microsoft Windows Server 2003
Environment (Exam 70-290) . . . . . . . . . . . . . . . . . . . . . . . 1
Chapter 1 Managing and Maintaining Physical and Logical Devices . . . . . . . . . . . 3
Installing, Configuring, and Troubleshooting Devices . . . . . . . . . . . . . . . 4
Installing Devices Using Plug-and-Play . . . . . . . . . . . . . . . . . . . . . . 4
Installing Hardware Detected by Server 2003 . . . . . . . . . . . . . . . . . 5
Installing Devices Using the Add Hardware Wizard . . . . . . . . . . . . 7
Lab Exercise 1.1: Installing a New Device Using the
Add Hardware Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Using the Help and Support Center to Install Hardware . . . . . . . . 10
Using Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Updating Drivers Using Device Manager . . . . . . . . . . . . . . . . . . . . 12
Managing Device Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Hardware Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Driver Signing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Signature Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Windows Update and Automatic Update . . . . . . . . . . . . . . . . . . . . . . . . . 18
Installing Multiple Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Managing Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Installing and Managing Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Installing a Network Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Installing a Local Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Lab Exercise 1.2: Installing a Local Printer . . . . . . . . . . . . . . . . . . . 22
Configuring Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Installing Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Lab Exercise 1.3: Adding a Unix Printer to a Windows 2003
Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Loading Additional Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Allowing Access to Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Sharing a Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Print Priorities and Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Printer Pooling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Managing Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Managing Printers Using Internet Explorer . . . . . . . . . . . . . . . . . . . 30
ix
MCSE Windows Server 2003 All-in-One Exam Guide
x
Redirecting Print Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Troubleshooting Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Physical Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
SCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
IDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
ARC Path Designation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Using Disk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Lab Exercise 1.4: Creating a Custom Console . . . . . . . . . . . . . . . . . 36
Basic vs. Dynamic Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Basic Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Dynamic Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Disk Management Tools and Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Hardware RAID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Installing a Physical Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Moving a Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Lab Exercise 1.5: Rescanning a Disk from the
Command Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Upgrading to Dynamic Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Hot Swappable Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Converting FAT Volumes to NTFS . . . . . . . . . . . . . . . . . . . . . . . . . . 49
File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
FAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
NTFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Lab Exercise 1.6: Using Compression . . . . . . . . . . . . . . . . . . . . . . . 53
Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Chapter 2 Managing Users, Computers, and Groups ..................... 69
User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Local User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Built-in Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Built-in Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Local Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Domain User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Built-in Domain User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Creating a Domain User Account . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Lab Exercise 2.1: Creating a Domain User Account . . . . . . . . . . . . 81
Configuring User Account Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Configuring User Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Configuring Logon Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring Logon Hours . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Limiting Users to Certain Computers . . . . . . . . . . . . . . . . . . . . . . . 86
Contents
xi
Configuring Account and Password Options . . . . . . . . . . . . . . . . . 88
Configuring User Profiles and Home Folders . . . . . . . . . . . . . . . . . 89
Lab Exercise 2.2: Creating a Roaming Profile . . . . . . . . . . . . . . . . . 90
Configuring Organizational Relationships . . . . . . . . . . . . . . . . . . . 92
Configuring Terminal Services for User Accounts . . . . . . . . . . . . . 93
Configuring Group Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Configuring Account Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Viewing the User’s Canonical Name . . . . . . . . . . . . . . . . . . . . . . . . 102
Implementing Certificates for User Accounts . . . . . . . . . . . . . . . . . 102
User Account Administrative Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Resetting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Unlocking User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Disabling and Enabling User Accounts . . . . . . . . . . . . . . . . . . . . . . 104
Renaming User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Moving a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Lab Exercise 2.3: Moving a User Account . . . . . . . . . . . . . . . . . . . . 107
Implementing Security for User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . 108
Configuring a Password Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Configuring a Lockout Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Renaming the Administrator and Guest Accounts . . . . . . . . . . . . . 110
Auditing Account Logon Attempts . . . . . . . . . . . . . . . . . . . . . . . . . 111
Computer Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Creating Computer Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Configuring Computer Account Properties . . . . . . . . . . . . . . . . . . . . . . . . 114
Viewing Operating System Information . . . . . . . . . . . . . . . . . . . . . 114
Configuring Group Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Configuring Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Configuring Computer Management . . . . . . . . . . . . . . . . . . . . . . . 115
Viewing the Computer’s Common Name . . . . . . . . . . . . . . . . . . . . 115
Configuring Account Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Configuring Remote Install Options . . . . . . . . . . . . . . . . . . . . . . . . 116
Contacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Creating and Modifying Objects Using Automation . . . . . . . . . . . . . . . . 120
Comma-Separated Value Directory Exchange (csvde) . . . . . . . . . . 120
LDAP Data Interchange Format Directory Exchange (ldifde) . . . . 122
Troubleshooting Logons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Computer Account Is Not valid . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Domain Controller Cannot Be Found . . . . . . . . . . . . . . . . . . . . . . 125
Domain Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Domain Local Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Global Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Universal Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
MCSE Windows Server 2003 All-in-One Exam Guide
xii
Lab Exercise 2.4: Creating Groups and Adding Members
to Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Granting Access Between Domains . . . . . . . . . . . . . . . . . . . . . . . . . 131
Trust Relationships . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
How Groups Are Used to Grant Access to Resources . . . . . . . . . . . . . . . . 133
Windows 2000 and 2003 Group Rules . . . . . . . . . . . . . . . . . . . . . . 133
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Chapter 3 Managing and Maintaining Access to Resources . . . . . . . . . . . . . . . . . 145
Implementing File and Folder NTFS Permissions . . . . . . . . . . . . . . . . . . . 146
ACLs and ACEs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
NTFS Folder Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
NTFS File Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Share Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Combining NTFS and Share Permission . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Lab Exercise 3.1: Solving Permissions Problems . . . . . . . . . . . . . . 153
Special (Specific) Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Assigning and Modifying Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Lab Exercise 3.2: Assigning NTFS Permissions . . . . . . . . . . . . . . . . 158
Lab Exercise 3.3: Assigning Special Permissions . . . . . . . . . . . . . . . 159
Transferring Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Permission Inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Default Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Blocking Inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Lab Exercise 3.4: Setting Permissions on the Root Drive . . . . . . . . 166
Viewing a User’s Effective Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Creating and Managing Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Creating and Managing Shares from the Shared Folders
Snap-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Creating Shares from Windows Explorer . . . . . . . . . . . . . . . . . . . . 169
Creating Shares Using the Roles Wizard . . . . . . . . . . . . . . . . . . . . . 170
Lab Exercise 3.5: Creating a Shared Folder Using the Manage
Your Server Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Creating Shares Using the Command Line . . . . . . . . . . . . . . . . . . . 172
Sharing Folders Using Web Sharing . . . . . . . . . . . . . . . . . . . . . . . . 172
Offline Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Lab Exercise 3.6: Configuring Offline Settings in
Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Implementing Shadow Copies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Implementing and Managing the Distributed File System (DFS) . . . . . . 183
Lab Exercise 3.7: Creating a DFS Hierarchy . . . . . . . . . . . . . . . . . . 184
Domain-Based Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Standalone Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Contents
xiii
Auditing Access to Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Enabling Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Installing and Configuring Terminal Services . . . . . . . . . . . . . . . . . . . . . . 188
Installing and Configuring Terminal Services . . . . . . . . . . . . . . . . . 189
Terminal Services Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Remote Desktop Connection (Terminal Services Client) . . . . . . . 190
The Remote Desktop Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Lab Exercise 3.8: Installing the Remote Desktop Client and
Connecting to a Terminal Server . . . . . . . . . . . . . . . . . . . . . . . . 193
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Chapter 4 Managing and Maintaining a Server Environment . . . . . . . . . . . . . . . . 203
Monitoring Performance and System Events . . . . . . . . . . . . . . . . . . . . . . 204
Using Task Manager to Monitor and Improve System
Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Using the Event Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Configuring Event Viewer Settings in Group Policy . . . . . . . . . . . . 212
Using System Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Using Performance Logs and Alerts . . . . . . . . . . . . . . . . . . . . . . . . . 213
Lab Exercise 4.1: Using System Monitor and
Performance Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Increasing Performance by Modifying Virtual Memory . . . . . . . . . . . . . . 219
Allocating Virtual Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Moving the Paging File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Modifying Processor and Memory Performance . . . . . . . . . . . . . . 221
Windows Update and Automatic Updates . . . . . . . . . . . . . . . . . . . . . . . . 222
Maintaining Software by Using Software Update Services . . . . . . . . . . . . 222
Managing Servers Remotely Using Terminal Services (Remote Desktop) 224
Managing File and Print Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Using Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Using Disk Defragmenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Using Disk Cleanup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Monitoring and Managing Print Jobs . . . . . . . . . . . . . . . . . . . . . . . 232
Implementing and Managing Internet Information Services
(IIS) 6.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Installing and Configuring IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Installing Internet Information Services 6.0 . . . . . . . . . . . . . . . . . . 233
Lab Exercise 4.2: Installing IIS 6.0 . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Configuring Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Lab Exercise 4.3: Creating a New Web Site . . . . . . . . . . . . . . . . . . . 237
Lab Exercise 4.4: Configuring a Virtual Directory . . . . . . . . . . . . . . 242
Monitoring Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Securing Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
How Delta Airlines Uses Web Certificates . . . . . . . . . . . . . . . . . . . 251
MCSE Windows Server 2003 All-in-One Exam Guide
xiv
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Chapter 5 Managing and Implementing Disaster Recovery . . . . . . . . . . . . . . . . . 259
Developing a Backup and Recovery Solution . . . . . . . . . . . . . . . . . . . . . . 260
Document, Document, Document . . . . . . . . . . . . . . . . . . . . . . . . . 260
Build a Disaster Recovery Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Developing a Backup Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
What Should Be Backed Up? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
What Is the Recovery Point? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
What Is the Time Frame for Recovery? . . . . . . . . . . . . . . . . . . . . . . 263
What Is the Risk Tolerance? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
How Critical Is this Server to My Enterprise? . . . . . . . . . . . . . . . . . 264
Implementing Your Backup and Recovery Plan . . . . . . . . . . . . . . . . . . . . 266
Test the Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Backup Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Using Backup Utility for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Using the Backup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Performing a Backup Using Advanced Mode . . . . . . . . . . . . . . . . . 271
Scheduling Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Backing Up the System State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Lab Exercise 5.1: Backing Up and Verifying the System
State Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Restoring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Restoring Data Using the Restore Wizard . . . . . . . . . . . . . . . . . . . . 279
Restoring Data Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Restoring the System State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Lab Exercise 5.2: Performing an Authoritative Restore . . . . . . . . . 283
Troubleshooting Boot Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Safe Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Safe Mode with Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Safe Mode with Command Prompt . . . . . . . . . . . . . . . . . . . . . . . . 285
Enable Boot Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Enable VGA Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Last Known Good Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Debugging Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Recovery Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Directory Services Restore Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Creating an Automated System Recovery . . . . . . . . . . . . . . . . . . . . . . . . . 288
Lab Exercise 5.3: Creating an Automatic System Recovery . . . . . . 289
Restoring from the ASR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Lab Exercise 5.4: Using ASR to Recover a Failed System . . . . . . . . 290
Contents
xv
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Part II Implementing, Managing, and Maintaining a Microsoft Windows
Server 2003 Network Infrastructure (Exam 70-291) . . . 297
Chapter 6 Administering DNS in a Windows Server 2003 Network . . . . . . . . . 299
The NetBIOS Namespace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
The DNS Namespace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
DNS Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Fully Qualified Domain Names . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Understanding Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Zone Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Resource Records Stored in a Zone File . . . . . . . . . . . . . . . . . . . . . . 306
Updates to Windows Server 2003’s DNS . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Resolving a Host Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Forward Lookup Resolution of FQDNs . . . . . . . . . . . . . . . . . . . . . 308
Recursive Queries and Iterative Queries . . . . . . . . . . . . . . . . . . . . . 309
Reverse Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Chapter 7 Implementing, Managing, and Maintaining IP Addressing .......... 315
Configure TCP/IP Addressing on a Server Computer . . . . . . . . . . . . . . . . 316
TCP/IP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
The TCP/IP Protocol Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Understanding IP Communication . . . . . . . . . . . . . . . . . . . . . . . . . 320
Binary Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
TCP/IP’s Big Three . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Classless Internet Domain Routing (CIDR) Notation . . . . . . . . . . 329
Diagnose and Resolve Issues Related to APIPA . . . . . . . . . . . . . . . 330
Subnetting and Supernetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Installing and Configuring DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Lab Exercise 7.1: Installing a DHCP Server . . . . . . . . . . . . . . . . . . . 335
DHCP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
DHCP Clients and Leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
DHCP Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Scopes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Manage Reservations and Reserved Clients . . . . . . . . . . . . . . . . . . 338
MCSE Windows Server 2003 All-in-One Exam Guide
xvi
Lab Exercise 7.2: Creating a Client Reservation . . . . . . . . . . . . . . . 339
Verifying DHCP Reservation Configuration . . . . . . . . . . . . . . . . . . 340
Superscopes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Integrating DHCP with Active Directory . . . . . . . . . . . . . . . . . . . . . 341
Lab Exercise 7.3: Authorizing a DHCP Server . . . . . . . . . . . . . . . . . 342
Manage DHCP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Lab Exercise 7.4: Creating a DHCP Option . . . . . . . . . . . . . . . . . . 344
Manage DHCP Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Lab Exercise 7.5: Backing Up a DHCP Database . . . . . . . . . . . . . . 345
DHCP in a Routed Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Lab Exercise 7.6: Configuring a Relay Agent . . . . . . . . . . . . . . . . . . 347
Integrating DHCP with DDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Troubleshooting DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Chapter 8 Implementing, Managing, and Maintaining Name Resolution . . . . . . . 357
Install and Configure the DNS Server Service . . . . . . . . . . . . . . . . . . . . . . 357
Managing DNS Server Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Lab Exercise 8.1: Creating a Forward Lookup Zone . . . . . . . . . . . . 359
Lab Exercise 8.2: Creating a Reverse Lookup Zone . . . . . . . . . . . . . 361
Lab Exercise 8.3: Changing the Properties of a Zone . . . . . . . . . . . 362
Stub Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Configuring DNS Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
DNS Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Primary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Secondary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Lab Exercise 8.4: Configuring a Secondary DNS Server . . . . . . . . . 368
Caching Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Integrating DNS with DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Implementing Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Integrating DNS and Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Changing the Zone to an Active Directory–Integrated Zone . . . . . 372
Benefits of Active Directory Integration . . . . . . . . . . . . . . . . . . . . . 372
Transferring Zone Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Monitoring and Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Managing DNS Record Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Lab Exercise 8.5: Scavenging Zones . . . . . . . . . . . . . . . . . . . . . . . . . 376
Monitoring DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Lab Exercise 8.6: Setting Debugging Options . . . . . . . . . . . . . . . . . 380
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Contents
xvii
Chapter 9 Implementing, Managing, and Maintaining Routing and
Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Remote Access Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Remote Access Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Lab Exercise 9.1: Configuring a Remote Access Client . . . . . . . . . . 388
Configuring the Routing and Remote Access Service . . . . . . . . . . . . . . . . 389
Routing and Remote Access Requirements . . . . . . . . . . . . . . . . . . . 389
Lab Exercise 9.2: Configuring the Remote Access Server . . . . . . . . 390
Configuring the DHCP Relay Agent . . . . . . . . . . . . . . . . . . . . . . . . 391
Managing the WAN Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Managing Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Lab Exercise 9.3: Examining Remote Access Ports . . . . . . . . . . . . . 393
Virtual Private Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
VPN Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
VPN Tunneling Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Installing and Setting Up a VPN Server . . . . . . . . . . . . . . . . . . . . . . 396
Lab Exercise 9.4: Configuring a Virtual Private Network . . . . . . . . 397
Configuring a Firewall with a VPN . . . . . . . . . . . . . . . . . . . . . . . . . 398
Lab Exercise 9.5: Setting Up the Basic Firewall . . . . . . . . . . . . . . . . 399
Managing Packet Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
Lab Exercise 9.6: Creating a Packet Filter . . . . . . . . . . . . . . . . . . . . 401
Configuring Remote Access Authentication Protocols . . . . . . . . . . . . . . . 402
Configuring Routing and Remote Access User Authentication . . . 404
Secure Callback and Caller ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Remote Access Account Lockout . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Configure Routing and Remote Access Policies to Permit or
Deny Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Evaluating a Connection Attempt . . . . . . . . . . . . . . . . . . . . . . . . . . 409
The Default Remote Access Policies . . . . . . . . . . . . . . . . . . . . . . . . 409
Creating a Remote Access Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Lab Exercise 9.7: Creating a Remote Access Policy . . . . . . . . . . . . . 412
Configuring Internet Authentication Service (IAS) . . . . . . . . . . . . . . . . . . 415
The Role of RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Lab Exercise 9.8: Installing the Internet
Authentication Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Managing TCP/IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Managing Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Working with a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Adding a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Managing Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Configuring Routing and Remote Access for DHCP Integration . . . . . . . 421
Lab Exercise 9.9: Integrating RRAS and DHCP . . . . . . . . . . . . . . . . 421
Implementing Secure Access Between Private Networks . . . . . . . . . . . . . 422
Data Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
MCSE Windows Server 2003 All-in-One Exam Guide
xviii
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Chapter 10 Managing Network Security ................................ 429
Security Baseline Settings and Security Templates . . . . . . . . . . . . . . . . . . 429
Lab Exercise 10.1: Creating a Security Template . . . . . . . . . . . . . . . 432
Importing a Template into a GPO . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Lab Exercise 10.2: Applying a Template . . . . . . . . . . . . . . . . . . . . . 433
The Security Configuration and Analysis Tool . . . . . . . . . . . . . . . . 434
Lab Exercise 10.3: Creating a Settings Database . . . . . . . . . . . . . . . 435
Configuring an Audit Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Deciding What to Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Reviewing Results of Your Audit Policy . . . . . . . . . . . . . . . . . . . . . 445
Implement the Principle of Least Privilege . . . . . . . . . . . . . . . . . . . . . . . . 448
Using the Run As Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
Lab Exercise 10.4: Using Run As . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
Monitor and Troubleshoot Network Protocol Security . . . . . . . . . . . . . . 451
IP Security Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
IP Security Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Kerberos Support Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
Chapter 11 Maintaining a Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . 467
Monitor Network Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
System Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Network Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Troubleshoot Connectivity to the Internet . . . . . . . . . . . . . . . . . . . . . . . . 477
Troubleshoot Server Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
Service Dependency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Service Recovery Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
Part III Planning and Maintaining a Microsoft Windows Server 2003
Network Infrastructure (Exam 70-293) . . . . . . . . . . . . . . 499
Chapter 12 Implementing Server Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Configuring and Planning Security for Servers . . . . . . . . . . . . . . . . . . . . . 501
Securing Local Group Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
Securing Global Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
Securing User Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Contents
xix
Creating Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Creating Local Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
User Rights Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
Configuring Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
Additional Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Default Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
Viewing and Configuring Security Templates . . . . . . . . . . . . . . . . . 528
Defining Security for Servers Assigned Specific Roles . . . . . . . . . . . . . . . . 530
Securing Servers that Are Assigned Specific Roles . . . . . . . . . . . . . . 530
Domain Controller (Active Directory) Role Overview . . . . . . . . . . 532
Deploying Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Deploying Security Templates in a Workgroup . . . . . . . . . . . . . . . 532
Deploying Security Templates in a Domain . . . . . . . . . . . . . . . . . . 534
Selecting Operating Systems to Install on the Network . . . . . . . . . . . . . . 535
NTFS Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
Security Templates and Client Operating Systems . . . . . . . . . . . . . 535
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539
Chapter 13 Planning, Implementing, and Maintaining a Network
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
Introduction to TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
Inside TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
Introduction to IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
Private IP Address Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548
Troubleshooting TCP/IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549
Resolving Client Configuration Issues . . . . . . . . . . . . . . . . . . . . . . 550
Resolving DHCP IP Assignment Errors . . . . . . . . . . . . . . . . . . . . . . 551
Developing IP Routing Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
Developing an IP Routing Solution . . . . . . . . . . . . . . . . . . . . . . . . . 554
Domain Name System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
Planning a Namespace Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
Planning DNS Zones and Zone Transfer . . . . . . . . . . . . . . . . . . . . . 557
Securing DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
DNS Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
DNS Hosts File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564
Troubleshooting DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564
Managing WINS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566
Using the LMHOSTS File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566
Designing a WINS Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
Plan an Internet Connectivity Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
Network Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
Internet Connection Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573