Index
Note to the reader Italics are used to indicate references to illustrations.
A
.aas files, 429
access control, special permissions and, 280
access control entries (ACEs), 265, 458
access control lists (ACLs)
Active Directory objects and, 349
GPO administration and, 409
NTFS permissions and, 265
Access Control Settings For dialog box, 284, 352
access tokens, 27
account expiration
testing, 205-206
user accounts and, 185, 203
account lockout policy, 462
account options, 198
account policies
account lockout policy, 462
Kerberos policy, 463
password policy, 462
account properties, 197-198
accumulative counters, 524
ACEs (access control entries), 265, 458
ACLDIAG.EXE (ACL Diagnostics), 544-545
ACLs. See access control lists (ACLs)
Action tab, alert's dialog box
illustration of, 536
options of, 535
Active Directory, 17-24, 36-57
architecture of, 22-24
components of, 23-24, 37
DNS and, 20, 49-53
global catalog and, 44-45
LDAP and HTTP support in, 20
logical structure of, 38-41
name servers and, 53-54
naming conventions and, 54-56
objects and, 36-37
open standards support for, 20
physical structure of, 41-43
replication and, 45-48
scalability of, 19
simplified administration in, 19
standard name formats and, 21
trust relationships and, 48-49
Windows 2000 architecture and, 21-22
Windows 2000 new features and, 3-4
Active Directory, administering, 342-391
access control in, 349-357
backing up, 376-381
delegating control in, 371-375
guidelines for, 372-373
locating Active Directory objects, 343-348
moving Active Directory objects, 362-370
publishing resources in, 358-361
restoring, 382-388
troubleshooting, 389-390
Active Directory, administrative tools, 59-72
Active Directory Domains and Trusts console, 62-63
Active Directory Schema snap-in, 63
Active Directory Sites and Services console, 63
Active Directory Support Tools, 64-66
Active Directory Users and Computers console, 63
ADSI and, 66
MMC and, 66-71
task categories and, 60-61
user profiles and, 208
Active Directory, DNS in. See Domain Name System (DNS), integrating with Active Directory
Active Directory, installing, 103-110
Active Directory Installation Wizard and, 103-104
configuring DNS and, 104
database and shared system volume and, 104-105
domain modes and, 105-106
promoting stand-alone servers to domain controllers, 107-108
removing Active Directory from a domain controller and, 106
testing DNS server and, 109-110
viewing domain and, 108-109
Active Directory, performance monitoring tools, 519-539
Events Viewer console, 520-521
overview of, 520
Performance console, 522
Performance Logs and Alerts, 528-536
System Monitor, 522-528, 536-538
Active Directory, planning, 88-102
domain namespace and, 92-97
domain structure and, 88-92
OU structure and, 97-99
site structure and, 100-101
Active Directory Administration Tool (LDP.EXE), 540-541
Active Directory Diagnostic Tool (DSASTAT.EXE), 543
Active Directory Domains and Trusts console, 62-63
Active Directory Installation Wizard, 103-104
adding domain controller to existing domain, 103
creating first domain controller, 104
DEFAULTSITELINK and, 159
tasks performed with, 103
Active Directory objects
access control lists (ACLs) and, 349
assigning permissions to, 351-352, 373-374
auditing access to, 475-476
controlling access to, 354-357
delegating control of, 371-375
Find dialog box and, 344-345
locating, 343-348
moving between domains, 363-367
moving domain controllers between sites, 368-369
moving within a domain, 362-363, 369-370
moving workstations or member servers between domains, 367-368
objects permissions and, 349-350
permissions inheritance for, 353-354
setting up auditing for, 482-483
special permissions and, 350-353
standard permissions and, 350-352
table of common types, 343-344
Active Directory Replication Monitor (REPLMON.EXE), 541-542
Active Directory Schema snap-in, 37, 63-64
Active Directory Service Interfaces (ADSI)
functions of, 66
Windows 2000 new features and, 3
Active Directory Sites and Services console, 63
moving domain controllers between sites, 368-369
opening Group Policy snap-in, 397
publishing services, 360-361
Active Directory Support Tools. See Support Tools, Active Directory
Active Directory Users and Computers console, 63
assigning permissions with, 373-374
creating GPO with, 412-413
creating groups with, 241
creating user accounts with, 190
moving objects within domains with, 369-370
opening Group Policy snap-in with, 397
publishing resources with, 358
setting permissions with, 350-351, 351
setting processing order with, 417
setting RIS server properties with, 565
using as domain administrator, 259
viewing domains with, 109
viewing printers in, 347
Add A Group Policy Object Link dialog box, 420
Add A New Replica dialog box, 332-333, 333
Add Counters dialog box, 527
Add Installation Image Wizard, 578
Add Network Place Wizard, 316
Add/Remove Programs
software management and, 427
specifying application categories with, 441-442
Add Wizard, 578-579
administrative control
delegating, 373-374, 414-415
Delegation Of Control Wizard and, 371-372
guidelines for delegating, 371-372
administrative requirements, 90-91
administrative shared folders, 310-311. See also shared folders
Administrative Templates
computer configuration settings and, 399-400
illustration of, 400
registry-based group policy settings and, 399-400
user configuration settings and, 399-400
administrative tools. See Active Directory, administrative tools
Administrative Tools menu, 520
Administrator account, 182
Administrators group
Full Control permission and, 322
RUNAS command and, 257-259
Run As program and, 256-257
running computer as an administrator and, 255
sharing folders and, 310
stopping folder sharing and, 324
Users and Power Users groups and, 255-256
ADSI (Active Directory Service Interfaces)
functions of, 66
Windows 2000 new features and, 3
Advanced Server version, Windows 2000, 3
alerts, creating, 534-536, 538
AMD network adapters, 560
American Standard Code for Information Exchange (ASCII), 96
application logs, 484, 521
application programming interfaces (APIs)
environment subsystems and, 13
Windows Installer and, 428
applications
assigning, 428, 434
automatic installation options for, 437-438
categories for, 438-439, 441-442
creating and sharing application folders, 306-307
editing options for, 439-441
line of business (LOB) applications and, 572
modifications and, 436-437
permissions for, 442
publishing, 428, 435
removing, 444-445
upgrading, 443-444
applied permissions exercise
illustration of, 305
shared folders and, 304-305
Apps shared folder, 322
architecture, Windows 2000, 12-16
Active Directory and, 21-22
illustration of, 12
kernel mode and, 14-16
user mode and, 12-14
ASCII (American Standard Code for Information Exchange), 96
Asynchronous Transfer Mode, 3
attributes
illustration of, 36
objects and, 36
auditing, 466-483
access to Active Directory objects and, 475-476
access to files and folders and, 472-475
access to printers and, 477-478
configuring, 468
guidelines for audit policies, 467-468
overview of, 466
planning domain audit policy, 479
recommended practices for, 478
resources and events and, 479-483
setting up Active Directory object auditing, 482-483
setting up audit policies, 469-472, 480
setting up file auditing, 480-481
setting up printer auditing, 481-482
types of events audited, 469
using audit policies, 466-467
Auditing Entry For dialog box, 473, 476, 477
audit policies
guidelines for, 467-468
planning domain audit policy, 479
setting up, 469-472, 480
using, 466-467
authentication
illustration of, 27
process of, 27-28
workstations and, 98
authoritative restore, 382-383, 386-388
Author mode, MMC, 71
AXFR (full zone transfer), 143
B
backing up, Active Directory, 376-381
advanced settings for, 379-380
Backup Wizard and, 376-381, 377
media options for, 378
preliminary tasks for, 376
scheduling, 380-381
specifying what to back up, 377
specifying where to store, 377-378
backup domain controllers (BDCs), 112
Basic (BASIC*.INF) security level, 500
BDCs (backup domain controllers), 112
binding information, publishing, 359
Block Policy Inheritance, 403, 418, 457
Boot Information Negotiation Layer (BINL), 555
bridgehead servers, 171-172
Builtin containers, 251
built-in groups, 251-252
built-in local groups, 252-253
built-in user accounts
Administrator account, 182
Guest account, 183
C
central control design, GPO, 410, 411
Certificate Services, 3
Change Permissions, 283, 305
child objects, 353-354
classes, 36
Client Installation Wizard (CIW), 558-559, 559, 568-571
Automatic Setup option, 568-569
Custom Setup option, 569
Maintenance And Troubleshooting option, 569-580
Restart A Previous Setup Attempt option, 569
setting installation options with, 570-571
clients
adding new client installation images, 578-579
client reservations and, 642-643
Domain Model and, 11
finding client computers, 582
hardware requirements for, 560
installation options, 568-571
installing client components, 555-557
locating GUID for client computers, 582-583
logon failures and, 390
prestaging client computers, 5 80-582
resource access failures and, 390
Compaq network adapters, 560
Compatible (COMPAT*.INF) security level, 500-501
Component Services, 4
computer configuration settings
disabling unused settings and, 416-417
group policies and, 397
computers
Active Directory objects and, 343
joining computer accounts to domain, 585-586
locking, 30-31
moving computer objects with NETDOM utility, 364
publishing computer accounts, 358
remote computers and, 338
setting logon workstations and, 200
setting permissions for computer accounts, 584
shutting down, 33
configuration information
publishing, 360
replication and, 46
Configure Your Server dialog box, 563
connections, 170, 389-390
console messages, sending, 550
consoles, definition of, 66
console trees, definition of, 69
contact, Active Directory objects, 343
containers
Builtin container and, 251
definition of, 37
domain user accounts and, 181
user containers and, 241
counter logs
creating, 530-532, 537
logging requirements for, 529
options of, 529
overview of, 528
Create A New Dfs Link dialog box, 332
CREATOR OWNER group, 276
Customization Wizard, 429
D
database files, Active Directory, 104-105
database layer, Active Directory service components, 23
database log files, Active Directory, 104-105
Datacenter Server version, Windows 2000, 3 data folders
public data, 307-308
working data, 308
data store, Active Directory service components, 23-24
DDNS. See Dynamic DNS (DDNS)
debug options, DNS server, 149-150
dedicated policy type, GPO, 407
default groups, 250-254
built-in groups, 251-252
built-in local groups, 252-253
predefined groups, 250-251
special identity groups, 253-254
DEFAULTSITELINK, 159
Delegation of Control Wizard, 371-372, 585
Deploy Software dialog box, 433, 435
device drivers component, 16
Dfs. See distributed file system (Dfs)
dial-in settings, user accounts, 201
dialog boxes
Access Control Settings For dialog box, 284, 352
Add A Group Policy Object Link dialog box, 420
Add A New Replica dialog box, 332-333, 333
Add Counters dialog box, 527
Auditing Entry For dialog box, 473, 476, 477
Configure Your Server dialog box, 563
Create A New Dfs Link dialog box, 332
Deploy Software dialog box, 433, 435
Export Policy To dialog box, 505
Find dialog box, 344-345
Find In dialog box, 486, 487
Find Printers dialog box, 347
Find Remote Installation Clients dialog box, 583
High Screen Saver Tab Properties dialog box, 416
Host Server dialog box, 581
Import Policy From dialog box, 504
Local Security Policy Setting dialog box, 472
Logon Hours dialog box, 199
Log On To Windows dialog box, 25-26
Logon Workstations dialog box, 200
Manage Authorized Servers dialog box, 564-565
Managed dialog box, 581
Move Server dialog box, 369
Networking Services dialog box, 639
New Group dialog box, 245-246
New Object-Computer dialog box, 580
New Object-Group dialog box, 242
New Object-Organizational Unit dialog box, 120
New Object-Printer dialog box, 359
New Object-Shared Folder dialog box, 358
New Object-Site dialog box, 157
New Object-Site Link Bridge dialog box, 169
New Object-Site Link dialog box, 160
New Object-Subnet dialog box, 158
New Object-User dialog box, 192-193
Organizational Unit Properties dialog box, 120-121
Permission Entry For dialog box, 282, 285
Permission Entry For Users dialog box, 353
Permissions For dialog box, 312-313, 313
Properties dialog box, 159, 166, 201, 312, 350-351
Remote Boot Disk Generator dialog box, 576
Remote Installation Services Properties dialog box, 565-568
Replication Policy dialog box, 335
Reset Password dialog box, 224
Run As Other User dialog box, 256
Security dialog box, 295
Security Log Properties dialog box, 488, 489
Select Users, Computers, Or Groups dialog box, 313
Select Users Or Groups dialog box, 246
Software Installation Properties dialog box, 432, 438-439
Specified Group And Location dialog box, 449
Template Security Policy Setting dialog box, 471, 498
Windows Security dialog box, 30
Digital Equipment Corp (DEC) network adapters, 560
directories
definition of, 17
partitions for, 45-46
replication of, 100
directory database, Domain Model and, 10
directory services
definition of, 17
Directory Service logs and, 521
Directory Services Restore Mode and, 383, 386-388
uses of, 18-19
Directory System Agent (DSA), 23
Disk Management, 4
disk quotas, 4
distinguished names (DNs), 54, 55, 189
distributed control design, GPO, 410-411, 411
distributed file system (Dfs), 328-339
accessing Dfs root, 338-339
adding shared folders, 332-333, 336
creating Dfs link, 331-332, 338
creating Dfs root, 330-331, 336-337
Dfs shares and, 329
file sharing and, 329
overview of, 328
reasons for using, 330
replication policy of, 333-335
sharing existing folders, 336
topology of, 330
troubleshooting and, 458
Distributed File System console, 332
distribution groups, 231
DNS. See Domain Name System (DNS)
domain controllers
Active Directory and, 19
Active Directory objects and, 344
adding to existing domains, 103
audit policies and, 468, 469-471
connecting to shared folders, 323-324
creating first domain controller, 104
Dfs links and, 338
Domain Model and, 10-11
functions of, 42
moving between sites, 368-369
removing Active Directory from, 106
replication and, 46, 543
domain data, 46
domain local groups, 232
adding members to, 246, 248-249
built-in, 251-252
changing scope of, 244
creating, 245-246, 248
deleting, 246
distinguishing from local groups, 234
planning strategy for, 236-237
Domain Manager support tool. See NETDOM utility
Domain Model, 10-11
benefits of, 10-11
client computers and, 11
directory database and, 10
domain controller and, 10-11
member servers and, 11
domain modes, 105-106
mixed mode, 105
native mode, 105-106
domain namespace, 50-53, 92-97. See also namespaces
choosing DNS domain name, 92
host names and, 52
illustration of, 50, 97
internal vs. external namespaces, 93-96
planning, 92-97
requirements and guidelines for, 96-97
structure of, 51-52
types of namespace and, 50-51
zones and, 52
Domain Name System (DNS)
Active Directory and, 20
choosing domain name, 92
configuring for Active Directory, 104
DNS characters and, 96
trees and forests and, 92
Windows 2000 new features and, 4
Domain Name System (DNS), integrating with Active Directory, 125-153
DNS name resolution and, 126-130
DNS notification and, 146-148
monitoring and troubleshooting, 149-153
zone configuration and, 130-142
zone replication and transfer and, 143-146
Domain Name System (DNS), name resolution
forward lookup queries and, 127-128
IP addressing and, 126-127
name server caching and, 128-129
overview of, 125
reverse lookup queries and, 129-130
Domain Name System (DNS), namespace, 49-53
domain namespace and, 50
host names and, 52
name resolution and, 49
root domain and, 51
second-level domains and, 51-52
top-level domains and, 51
types of namespace, 50-51
zones and, 52-53
Domain Name System (DNS), servers
forward lookup zones and, 134
reverse lookout zones and, 135
testing, 109-110
domain naming master roles
availability problems and, 389
forests and, 112
identifying, 116
responding to failures in, 118-119
transferring, 117
domains
Active Directory and, 19
Active Directory logical structures and, 38-39
audit policy for, 479
creating, 104
DNS database and, 50
Domain Model and, 10
infrastructure master role for, 113
joining computer accounts to, 585-586
operations master role assignments and, 114-115
PDC emulator role for, 112-113
planning domain structure and, 91
relative ID master role for, 112
troubleshooting, 389
viewing with Active Directory Users and Computers console, 109
viewing with My Network Places, 108-109
domains, planning, 88-92
administrative requirements and, 90-91
domain organization needs and, 90-92
domain requirements and, 91
logical environment and, 88-89
physical environment and, 89-90
Domains and Trusts console, Active Directory, 62-63
domain user accounts, 181-182
creating, 191-195
illustration of, 182
DSA (Directory System Agent), 23
DSASTAT.EXE, 543
Dynamic DNS (DDNS), 138-139, 141-142
Active Directory and, 20
configuring, 141-142
DHCP, 138-139
domain names and, 49
dynamic updates with, 138
zones for, 139
Dynamic Host Configuration Protocol (DHCP), 4, 639-643
configuring client reservations for, 642-643
configuring global options for, 641-642
configuring scope options for, 642
creating scope for, 640-641
installing, 639-640
RIS and, 639-643
dynamic updates, 152
E
effective permissions, 266, 303
Encrypting File System, 4
environment subsystems, 13
event logging, 464
Active Directory performance and, 521
DNS server and, 149
settings for, 463-464
events
Active Directory events and triggers, 475-476
auditing, 479-483
definition of, 466
printer events and triggers, 478
recommended audit events, 478
user events and triggers, 473-474
Event Viewer console, 485, 520-521
adding to consoles, 76-77
archiving security log with, 490, 492
clearing security log with, 490, 492
configuring security logs with, 488-490, 491
Directory Service log and, 521
event logs and, 521
filtering events with, 487-488
finding events with, 486
viewing events with, 467
viewing security log on remote computer, 486
viewing security log with, 485, 491
Windows 2000 logs and, 484
Everyone group, 275
Executive components, Windows 2000, 14-15
explicit one-way nontransitive trust, 49
Export Policy To dialog box, 505
extensible storage engine, 23-24
extensions
Folder Redirection, 446-453
MMC, 70, 400-401
removing from snap-ins, 77-79
Software Installation, 427-428
external namespaces, 93-96
F
FAT32 file system, 264
FAT file system, 264, 301
file name extensions, 437
file permissions
associating with special permissions, 282
NTFS and, 265
File Replication Service (FRS), 334
files
auditing, 472-475, 480-481
controlling access to, 295
copying, 289-290
moving between NTFS volumes, 291
moving within single NTFS volume, 290
permissions, assigning, 286-287
permissions, changing, 481
permissions, determining, 286
permissions, testing, 287-288
replication logs for, 521
sharing files with Dfs, 329
taking ownership of, 287
Filter tab, Event Viewer
illustration of, 488
options of, 487
Find dialog box
illustration of, 344
options of, 345
using with Active Directory, 344-345
Find In dialog box
illustration of, 487
options of, 486
Find Printers dialog box, 347
Find Remote Installation Clients dialog box, 583
folder permissions
assigning, 277-278
associating with special permissions, 282
NTFS and, 264-265
testing, 276-277
Folder Redirection
advantages of, 446-447
best practices and, 459
group policy settings for, 399
overview of, 446
redirecting by security group membership, 447-450
redirecting My Picture folder to follow My Documents folder, 452
redirecting to a single location, 450-452
folders
auditing access to, 472-475
copying, 289-290, 292
creating, 291-292
moving, 292
moving between NTFS volumes, 291
moving within single NTFS volume, 290
taking ownership of, 286
folders, special, 446-460
default locations of, 447
Folder Redirection and, 446-447
policy removal and, 452-453
setting up Folder Redirection for, 447-452
types of, 446
forests
Active Directory logical structures and, 41
DNS name structure and, 92
domain naming master role for, 112
illustration of, 41
operations master role assignments and, 114-115
schema master role for, 112
forward lookup queries
DNS name resolution and, 127-128
illustration of, 127
forward lookup zones, 132-134, 139-140
FQDNs (fully qualified domain names), 52
FRS (File Replication Service), 334
Full Control permission
assigning, 354
assigning to Administrators group, 322
assigning to a folder, 295
shared folder permissions and, 301
fully qualified domain names (FQDNs), 52
full zone transfer (AXFR), 143
functional roles design, GPO, 409, 410
G
GDI (Graphical Device Interface), 15
global catalogs, 44-45
directory roles of, 45
enabling/disabling on sites, 177
illustration of, 44
replication and, 46
trees and, 40
global catalog server, 44
global groups
adding members to, 247-248
creating, 247
group scopes and, 232
moving users and, 365
planning strategy for, 236-237
predefined, 250-251
globally unique identifiers (GUIDs), 55, 363, 582-583
global options, scope, 641-642
GPOs. See group policy objects (GPOs)
Graphical Device Interface (GDI), 15
Graphical User Interface (GUI) tools, 64
group accounts, 229-261
Active Directory objects and, 343
adding members to, 242-244
administrator groups and, 255-259
built-in groups and, 251-252
built-in local groups and, 252-253
changing group type, 244
creating, 241-242
default groups and, 250-254
definition of, 230
deleting, 242
distribution groups and, 231
global groups and, 247-248
group scopes and, 231-232, 244
local groups and, 234, 245-246, 248-249
membership rules for, 233
nesting and, 233
overview of, 230-235
permissions and, 230-231
planning strategy for, 236-240
planning worksheet for, 239
predefined groups and, 250-251
security groups and, 231
simplified administration with, 230
special identity groups and, 253-254
troubleshooting, 390
group policies, 394-405
administrative templates for, 399-400
best practices for, 457-459
computer configuration settings for, 397
definition of, 394
delegating control of, 395
filtering with security groups, 404-405
GPOs and, 394-395
inheritance and, 404
MMC snap-ins and, 400-401
namespace syntax and, 401
new features and, 4
processing sequence and, 402-404
removing, 452-453
snap-in for, 395-397
software settings for, 398
startup and logon and, 401-402
user configuration settings for, 397
Windows settings for, 398-399
group policies, implementing, 412-426
Block Policy Inheritance option and, 418
creating a GPO, 412, 422
creating GPO console, 413-414, 422-423
delegating administrative control of a GPO, 414-415, 423
deleting a GPO, 421
disabling unused group policy settings, 424
editing a GPO and GPO settings, 421
enabling loopback, 418-419
filtering GPO scope, 419, 425
GPO links and, 420, 421, 425
GPO processing exceptions and, 424
GPO processing order and, 417
group policy settings and, 415-417, 420, 423-424
No Override option and, 418
testing a GPO, 425-426
group policies, managing software. See software management
group policies, managing special folders. See folders, special
group policies, planning, 406-411
central control design and, 410
designing based on setting type, 406-407
distributed control design and, 410-411
functional roles design and, 409, 410
layered GPO design and, 407-408
monolithic GPO design and, 408
team design and, 409-410, 410
group policies, troubleshooting, 454-459
best practices and, 457-459
Folder Redirection and, 459
Group Policy snap-in problems, 454-455
settings problems, 455-456
software installation problems, 456-457
group policy objects (GPOs)
central control design and, 410
creating, 412, 422
default permissions of, 414
delegating control of, 414-415, 423
deleting, 421
distributed control design and, 410-411
editing, 421
filtering scope of, 419, 425
Folder Redirection and, 452-453
functional roles design and, 409, 410
GPO console and, 413-414, 422-423
importing security templates into, 503-504
layered GPO design and, 407-408
linking to sites, domains, or OUs, 420-421, 425
modifying group policy of, 420
monolithic GPO design and, 408
MOVETREE utility and, 364
namespace and, 401
overview of, 394-395
processing sequence for, 417, 424
settings for, 415-417, 423-424
setting types for, 406
team design and, 409-410, 410
testing, 425-426
Group Policy snap-in, 395, 415
delegating administrative control with, 414-415
filtering GPO scope with, 419
Folder Redirection extension to, 446-453
loopback setting and, 418-419
opening local Group Policy snap-in, 396
opening with Active Directory Sites and Services, 397
opening with Active Directory Users and Computers, 397
specifying group settings with, 415-416
group scopes, 231-232
changing, 244
domain local groups and, 232
global groups and, 232
illustration of, 232
membership rules for, 233
universal groups and, 232
Guest accounts, 183
GUI (Graphical User Interface) tools, 64
GUID (globally unique identifiers), 55, 363
H
hardware abstraction layer (HAL), 16, 574
Hardware Compatibility List (HCL), 376
hardware requirements
clients, 560
servers and, 559-560
Hewlett-Packard network adapters, 561
Highly Secure (HISEC*.INF), security levels, 501
High Screen Saver Tab Properties dialog box, 416
home directories
creating, 220-221
overview of, 220
Host (A), 135
host ID, 126
Host Information (HINFO), 135
host names, DNS, 52
Host Server dialog box, 581
Hypertext Transfer Protocol (HTTP)
Active Directory and, 20
URLs and, 21
I
IAS (Internet Authentication Service), 5
IIS (Internet Information Services)
reverse lookout zones and, 134
Windows 2000 new features and, 5
implicit two-way transitive trust, 48
Import Policy From dialog box, 504
incremental zone transfer (IXFR), 143-144
Indexing Service, 4
infrastructure master roles
availability problems and, 390
domains and, 113
identifying, 115-116
responding to failures in, 119
transferring, 116-117
inheritance
group policies and, 404
illustration of, 267
NTFS permissions and, 267-268
overview of, 267-268
preventing, 268, 271-272, 354
using with Active Directory, 353, 353-354
integral subsystems, 14
IntelliMirror, 5
Intel network adapters, 560
internal namespaces, 93-96
Internet Authentication Service (IAS), 5
Internet connection sharing, 5
Internet Export Maintenance, 399
Internet Information Services (IIS)
reverse lookout zones and, 134
Windows 2000 new features and, 5
Interprocess Communication Manager (IPC), 15
inter-site replication, 165-173
configuring, 172-173
designating preferred bridgehead server for, 171-172
forcing replication over a connection, 170
manually configuring connections for, 169-170
replication availability and, 167-168
replication frequency and, 166-167
site link bridges and, 168-169
site link cost and, 165-166
inter-site transport, 168
I/O Manager, 15
IP addressing, 126-127
IPC (Interprocess Communication Manager), 15
IP replication, 159-160
IP Security (IPSec)
policies for, 465
Windows 2000 support for, 5
IXFR (incremental zone transfer), 143-144
K
Kerberos
policies for, 463
Windows 2000 support for, 5
kernel mode, Windows 2000, 14-16
device drivers component, 16
executive component, 14-15
HAL component, 16
microkernel component, 16
L
LANs (local area networks), 100-101
Layer 2 Tunneling Protocol (L2TP), 5
layered GPO design, 407-408
LDAP. See Lightweight Directory Access Protocol (LDAP)
LDAP/ADSI, 23
LDP.EXE, 540-541
licensing, sites, 161-164
Lightweight Directory Access Protocol (LDAP)
Active Directory and, 20
LDP.EXE and, 540-541
querying and updating Active Directory with, 104
URL for, 21
Windows 2000 new features and, 6
line of business (LOB) applications, 572
local area networks (LANs), 100-101
local GPOs, 394
local groups
built-in, 252-253
distinguishing from domain local groups, 234
local policies, 463
local security database, 8
Local Security Policy Setting dialog box, 472
local user accounts, 180-181
creating, 190-191
illustration of, 181
options of, 191
local user profiles
changing, 210
creating, 214
definition of, 208
testing, 215
viewing, 214
Local Users and Groups snap-in
creating local groups with, 245
creating user accounts and, 190
Log Files tab, counter log dialog box
illustration of, 531
options of, 530-531
trace log options and, 534
logical environment, 88-89
logical structures, Active Directory, 38-41
domains, 38-39
forests, 41
illustration of, 38
organizational units, 39-40
trees, 40-41
logon
authentication process and, 27-28
domains and, 25-26
group policies and, 401-402
local computers and, 26
stand-alone server and, 28
logon hours
restrictions on, 204
testing, 203-204
Logon Hours dialog box, 199
logon hours option, 186, 199, 202-203
logon rights, 497
Log On To Windows dialog box, 25-26
illustration of, 25
options of, 26
logon traffic, optimizing, 100
logon workstation option, 186, 200
Logon Workstations dialog box, 200
logs. See application logs; security logs; system logs
lookup queries, 127-130
forward lookup queries, 127-128
reverse lookup queries, 129-130
loopback setting
enabling, 418-419
processing sequence and, 403-404
troubleshooting and, 458
Next
Last Updated: Friday, July 6, 2001 
