|
|
 |
|
|
|
MCSA/MCSE Managing a Microsoft® Windows® 2000 Network Environment Readiness Review; Exam 70-218
|
|
|
Author
|
|
Microsoft Corporation
|
|
|
Pages
|
304
|
|
Disk
|
1 Companion CD(s)
|
|
Level
|
All Levels
|
|
Published
|
03/13/2002
|
|
ISBN
|
9780735616363
|
|
Price
|
$29.99
To see this book's discounted price, select a reseller below.
|
|
|
|
|
|
|
|
|
Index
A
access control entries (ACEs), 20
access rights
determining unauthorized file access, 39, 42-43
resetting account passwords with local user groups, 24, 27
tested skills for, 2-3
user group privileges for managing printer queues, 24, 26
account lockout policy, 191
account policies, 191
ACEs (access control entries), 20
Active Directory, 7-14, 151-60, 169-76. See also Group Policy; OUs
assigning permissions to global groups in mixed mode domains, 154-55, 159
auditing management of user accounts in, 9, 12
authorizing DHCP servers in, 74-75, 79-80
calculating site link costs for WAN replication, 171, 174
configuring multiple paths of replication, 172, 175
creating and managing user and group accounts, 151
delegating ability to create and link GPOs, 165, 167
Delegation of Administration Wizard, 161-63, 166
diagnosing replication problems, 146-47, 169-76
displaying Services node, 11, 14
DNS server unable to read DNS zone on local domain controller, 85, 89
forward lookup zone, 84, 88
generating user accounts in batch format, 152, 158
group scope for assigning permissions, 165, 167
intersite replication between domain controllers, 170, 174
locating user objects after replication, 173, 176
managing network administrator accounts, 153, 158
multimaster replication, 169
permission assignments in native mode domain, 156-57, 159
publishing shared folders to, 10-11, 13
reestablishing trust between domains, 10, 13
replicating changes in universal group membership, 157, 160
Reset Password permissions for all user accounts, 164, 166
RID FSMO domain controllers, 9, 12
selecting tools for, 173, 175
setting security policies with Group Policy, 148, 191-98
site link bridges, 173, 176
supplemental readings, 4, 148-50
tested skills for, 2, 146-48
Active Directory Migration Tool (ADMT), 152, 158
Active Directory Sites and Services MMC console, 7
Active Directory Users and Computers MMC console, 7, 151
Add/Remove Hardware Wizard, 113, 116
ADMT (Active Directory Migration Tool), 152, 158
APIPA (Automatic Private IP Addressing)
defined, 61
disabling, 73
application mode, 225
applications
assigning antivirus software to computers at domain, 180, 182
calculating network programs available in Add/Remove Programs, 179, 182
configuring Office 97 with auto-repair feature, 181, 183
configuring unique departmental defaults, 180, 183
Group Policy troubleshooting for, 185
network programs available at Start menu, 178, 181
published and assigned, 177
Applications tab (Task Manager), 128, 132
assigned applications, 177
auditing
evaluating effectiveness of group policies for, 194-95, 197
events modifying user accounts, 40, 44
file and folder access, 39, 43
logons and logoffs, 40, 44
security vulnerabilities, 37
setting up in Windows 2000, 38, 40-41, 45
system performance and, 38
user accounts in Active Directory, 9, 12
authentication request storage, 218, 222
Automatic Private IP Addressing. See APIPA
Automatic Server Type option, 209, 213
B
basic disks
defined, 15
operating system compatibility with, 18, 21
Block Inheritance flag, 185
bottlenecks, 129-31, 133, 135
bridgehead servers, 172, 175
C
CDFS (CD-ROM File System), 15
CIFS (Common Internet File System), 23
client computers, 103-44
allowing remote access in native mode, 218, 222
Automatic Server Type option and connection order for VPN, 209, 213
bypassing device driver at startup, 119, 122-23
client computers,
checking registry with ERD Fast Repair option, 121, 125
choosing Safe Mode options, 119, 123
configuring TCP/IP automatically on, 62
defaulting to Windows 2000 in multiple boot configuration, 120, 124
determining origin of IP addresses, 240, 244-45
determining why ping is unavailable with FQDNs, 94, 99
DHCP servers not assigning IP addresses to, 76, 80
enabling Recovery Console as startup option, 120, 124
getting IP addresses from DHCP allocator service, 239, 244
installing and configuring hardware, 109-16
name resolution, 49
obtaining IP address with ICS, 238-39, 243-44
permissions for restoring files and folders, 122, 126
reregistering DNS client names, 97, 100
Safe Mode option to access network services, 121, 125
starting, 117-18
supplementary reading, 106-7
TCP port for Terminal Services connections, 228, 232
Terminal Services, 225
tested skills for, 104-5
testing connectivity from ICS server to, 240, 245
troubleshooting printer configurations for Terminal Services, 230, 233
unable to run network devices from, 74, 79
using NAT server connected to Internet, 238, 243
verifying connectivity with server, 56, 59
Client Connection Manger, 228, 232
commands
interpreting NSLOOKUP error messages, 93, 98
NBTSTAT -r, 95, 99
NETSTAT -a, 67, 72
running IPCONFIG /REGISTERDNS on laptops, 97, 100
SECEDIT, 191
for troubleshooting access on file server, 98, 101
WINNT32 /CMDCONS, 124
Common Internet File System (CIFS), 23
computer accounts
applying security policies to, 191
tools for determining what GPOs apply to, 187, 189
computer objects, 151
configuring
default gateways, 66, 70-71
with Device Manager, 111, 113
distribution of hotfixes, 140-41, 144
DNS forwarders, 86-87, 89
DNS replication with script, 87, 90
DNS servers, 84, 88
configuring,
group logon to Terminal Services, 226-27, 231
hardware for client computers, 109-16
IP settings for Web servers, 67, 71
Last Known Good Configuration, 117, 123
multiple paths of replication in Active Directory, 172, 175
NAT, 236-37, 241-42
Office 97 with auto-repair feature, 181, 183
printers for Terminal Services, 230, 233
static IP address pools, 207, 211
TCP/IP, 61-62
Terminal Services for remote administration, 226, 230
unique departmental defaults, 180, 183
VPNs, 206-213
Windows 2000 as default in multiple boot configuration, 120, 124
connectivity
configuring default gateways to allow Web server connections, 71
connecting to laptops with remote desktop feature, 76, 81
detecting duplicate IP addresses, 63, 68
determining active IP port numbers on server, 7, 67
testing from ICS server to client, 240, 245
troubleshooting IP addresses and configurations, 64-65, 68-69
unable to run network devices from client computer, 74, 79
verifying client and server, 56, 59
container permissions. See managing object and container permissions
D
data storage, 17-22
advantages of EFS volume protection, 19, 22
calculating disk quotas on total file size, 19, 22
disk quota capabilities on NTFS volumes, 15-17, 20
file systems for user-level file permissions, 17, 19
operating system compatibility with basic and dynamic disks, 18, 21
operating systems able to access converted NTFS volumes, 18, 21
share permissions vs. NTFS permissions, 18, 21
supplemental readings on, 4
tested skills for managing, 2
understanding user's effective privileges on file, 17, 20
Windows 2000, 15-16
delegation of administration, 161
Delegation of Administration Wizard
implementing security plans, 162-63, 166
tested skills for, 161
deploying software using Group Policy, 147, 177-83
about published and assigned applications, 177
assigning antivirus software to computers at domain, 180, 182
calculating programs available in Add/Remove Programs, 179, 182
configuring Office 97 with auto-repair feature, 181, 183
configuring unique departmental defaults, 180, 183
network programs available at Start menu, 178, 181
device drivers
bypassing at startup, 119, 122-23
updating, 109, 111, 114
Device Manager
configuration tasks with, 111, 113
disabling and enabling devices in specific profiles with, 112, 115
updating device drivers with, 109, 111, 114
DFS (Distributed File System), 16
DHCP (Dynamic Host Configuration Protocol), 73-82
overview, 73
authorizing DHCP servers in Active Directory, 74-75, 79
automatically configuring TCP/IP with, 61
client IP addresses with, 205
connecting to laptops with remote desktop feature, 76, 81
enabling DHCP/BOOTP forwarding, 78, 82
IP addresses not assigned to client computers, 76, 80
network devices unavailable from client computer, 74, 79
supplemental reading for, 50-51
tested skills and practices, 49, 73
unable to start DHCP Server service, 75, 80
updating servers automatically, 77, 81
DHCP allocator service
overview, 235
getting IP addresses from, 239, 244
DHCP Relay Agent, 73
DHCP Server service, 75, 80
DHCP/BOOTP forwarding
overview, 73
enabling, 78, 82
diagnosing Active Directory replication problems, 146-47, 169-76
calculating site link costs for WAN replication, 171, 174
configuring multiple paths of replication, 172, 175
intersite replication between domain controllers, 170, 174
locating user objects after replication, 173, 176
overview, 169
selecting tools for, 173, 175
site link bridges, 173, 176
dial-in permissions
troubleshooting policies for, 219, 223
types of, 215-16
disabling
APIPA, 73
automatic startup of services, 132, 136
devices in specific profiles with Device Manager, 112, 115
PAP authentication protocol, 209, 213
services in Task Manager, 136
disaster recovery plans, 117-18
disk quotas
overview, 16
calculating on total file size, 19, 22
capabilities on NTFS volumes, 15-17, 20
disks. See also volumes
basic and dynamic, 15
file systems supported for Windows 2000, 15
mapping drives to shared folder with batch file, 25, 27
operating system compatibility with basic and dynamic, 18, 21
simple, spanned, and striped volumes, 15
Distributed File System (DFS), 16
distribution shares
applying service pack files on, 140, 143
configuring distribution of hotfixes, 140-41, 144
slipstreaming and, 138
DNS (Domain Name System), 83-90
overview, 83
configuring DNS forwarders, 86-87, 89
installing and configuring DNS servers, 84, 88
scripts for creating zones and configuring replication, 87, 90
supplemental reading for, 51
tested skills and practices, 49, 83
troubleshooting recursive name resolution, 85-86
unable to start DNS server, 85, 89
DNS client, 83
DNS forwarders, 86-87, 89
DNS servers
functions of, 83
installing and configuring, 84, 88
unable to start, 85, 89
domain controllers
DNS server unable to read DNS zone on local, 85, 89
intersite replication between, 170, 174
performing directory service repairs on, 229, 233
RID FSMO, 9, 12
tools for comparing, 187, 189
Domain Name System. See DNS
domains, reestablishing trust between, 10, 13
Driver Signing
overview, 109
accessing and using, 112, 115
drives. See disks
dual boot configurations
making Windows 2000 default system in, 120, 124
using Startup and Recovery with, 118
duplicate IP addresses, 63, 68
DVD data access, 15
dynamic disks
defined, 15
operating system compatibility with, 18, 21
Dynamic Host Configuration Protocol. See DHCP
E
EFS (Encrypting File System)
overview, 15-16
advantages of EFS volume protection, 19, 22
Emergency Repair Disk (ERD)
overview, 117
checking registry with Fast Repair option, 121, 125
Enable Internet Connection Sharing For This Connection check box, 236
enabling
devices in specific profiles with Device Manager, 112, 115
DHCP/BOOTP forwarding, 78, 82
ping capability with packet filtering, 206, 210
Recovery Console as startup option, 120, 124
Encrypting File System. See EFS
encryption
encrypting communications with SSL, 31, 33
sniffer protection with SSL, 31, 34
ERD. See Emergency Repair Disk
Event Viewer
events in, 127
monitoring performance with, 103
reviewing security logs in, 130, 134-35
F
file permissions
file systems providing for user-level, 17, 19
share permissions vs., 16
file systems. See also NTFS
types of, 15
for user-level file permissions, 17, 19
File Transfer Protocol (FTP), 29
files
calculating disk quotas on total size of, 19, 22
common methods for Active Directory security assignments, 151
determining unauthorized access to, 39, 42-43
mapping drives to shared folder with batch, 25, 27
files,
monitoring access to, 39, 43
permissions required for restoring folders and, 122, 126
.zap, 177
folders
creating shared Web, 25, 28
distribution share, 138
mapping drives to shared, 25, 27
monitoring network access to, 39, 43
permissions for restoring, 122, 126
publishing shared, 7, 10-11, 13
forward lookups
creating Active Directory zone for, 84, 88
defined, 83
FQDNs (fully qualified domain names)
defined, 91
unable to ping clients and servers using, 94, 99
FTP (File Transfer Protocol), 29
fully qualified domain names. See FQDNs
G
gateways
configuring default gateway settings for router, 66, 70
configuring to allow Web server connections, 71
GPOs (Group Policy Objects)
overview, 38
setting permissions to security principal for, 188, 190
tools for working with, 185, 187, 189
GPOTOOL.EXE tool, 185, 187, 189
GPRESULT.EXE tool, 185, 189
group objects. See user and group objects in Active Directory
Group Policy, 177-98
applying security templates, 192-93, 197
assigning antivirus software at domain, 180, 182
assigning permissions to security principal for GPO, 188, 190
calculating programs available in Add/Remove Programs, 179, 182
configuring Office 97 with auto-repair feature, 181, 183
deploying software with unique departmental defaults, 180, 183
evaluating auditing success of policies, 194-95, 197
evaluating expected policy settings for, 186-88
Group Policy window, 41
implementing account policies, 192, 196
network programs available at Start menu, 178, 181
published and assigned applications, 177
replicating changes in universal group membership, 157, 160
security template for multiple operating system networks, 195, 198
Group Policy,
speeding up application of new settings, 192, 196
supplemental reading, 148-50
tested skills for OUs and, 146-48
tools for working with GPOs, 185, 187, 189
troubleshooting end-user, 147, 185-90
Group Policy Objects. See GPOs
groups
assigning permissions in mixed mode domains, 154-55, 159
assigning permissions in native mode domains, 156-57, 159
automating Windows 2000 service pack deployment to large, 140, 143
configuring logon to Terminal Services, 226-27, 231
universal groups, 165, 167
H
hard disks. See disks
hardware. See also client computers; disks; laptops; servers
configuration tasks with Device Manager, 111, 113
determining performance bottlenecks, 129-31, 133, 135
disabling and enabling devices in specific profiles, 112, 115
docked and undocked hardware profiles for PnP-compliant laptops, 112, 114
installing and configuring server and client, 109-16
installing devices with unsigned drivers, 112, 115
methods for installing modems, 113, 116
overview, 109-10
tested skills for, 104-5
updating device drivers with Device Manager, 111, 114
Hardware Compatibility List (HCL), 109
hardware profiles
defined, 110
disabling and enabling devices in specific, 112, 115
laptops with docked and undocked, 112, 114
HCL (Hardware Compatibility List), 109
hiding share names, 24, 26
hotfixes
configuring automatic installation and distribution of, 140-41, 144
defined, 137
managing installation of, 103
HTTP (Hypertext Transfer Protocol)
controlling with IIS Admin Service, 31, 33
defined, 29
encrypting with HTTP, 31, 33
HTTPS (Hypertext Transfer Protocol Secure), 29
Hypertext Transfer Protocol. See HTTP
Hypertext Transfer Protocol Secure, 29
I
IAS (Internet Authentication Service), implementing and applying policies on multiple RAS servers, 218, 222
ICS (Internet Connection Sharing), 235-45
configuring Internet access, 236, 239, 241, 244
defined, 199
determining origin of client IP addresses, 240, 244-45
NAT vs., 235
obtaining IP address for client with, 238-39, 243-44
supplemental reading for, 203
tested skills for, 201
testing connectivity from ICS server to client, 240, 245
Windows 2000 Server connections as IP router, 240, 245
IIS (Internet Information Services), 29-35
overview, 29-30
controlling HTTP with IIS Admin Service, 31, 33
creating shared Web folders, 25, 28
detecting World Wide Web Publishing Service not started, 32, 34-35
encrypting communications with SSL, 31, 33
sniffer protection with SSL encryption, 31, 34
supplemental readings on, 5
tested skills for, 3
troubleshooting "server not found" errors, 32, 35
IIS Admin Service, 31, 33
installing and configuring server and client hardware, 109-16
configuration tasks with Device Manager, 111, 113
disabling and enabling devices in specific profiles, 112, 115
docked and undocked hardware profiles for PnP-compliant laptops, 112, 114
installing devices with unsigned drivers, 112, 115
methods for installing modems, 113, 116
updating device drivers with Device Manager, 111, 114
Internet. See also connectivity; ICS; IIS; TCP/IP
clients configured to NAT server with Internet connection, 238, 243
configuring access with ICS, 236, 239, 241, 244
facilitating access to application server, 239, 244
Internet Authentication Service (IAS), implementing and applying policies on multiple RAS servers, 218, 222
Internet Connection Sharing. See ICS
Internet Information Services. See IIS
I/O (input/output) port address conflicts, 109
IP addresses
assigning to devices, 61
configuring client to network DNS server, 94, 99
configuring NAT address pool with subnet mask, 237, 242
IP addresses,
configuring static IP address pools for intranet connectivity, 207, 211
configuring to allow Web server, 71
detecting duplicate, 63, 68
DHCP allocator service, 236
DHCP server not assigning to client computers, 76, 80
forward and reverse lookups for name resolution, 83
getting from DHCP allocator service, 239, 244
for laptops connected to network resources, 76, 81
obtaining and assigning on RAS server, 207, 212
obtaining for client with ICS, 238-39, 243-44
troubleshooting IP configurations and, 64-65, 68-69
troubleshooting "server not found" errors with, 32, 35
IP configurations
DHCP and automatic, 73
diagnosing source of problems, 65, 69
troubleshooting IP addresses and, 64-65, 68-69
IP routing
skills required to answer objectives on, 53
troubleshooting with PATHPING, 54-55, 59
verifying client and server connectivity, 56, 59
IPCONFIG /ALL, 74, 79
IPCONFIG /RENEW command, 75
K
Kerberos policy, 191
L
L2TP (Layer 2 Tunneling Protocol), 205
laptops
applying service pack to existing Windows installation, 139, 142
calculating network programs available at Start menu, 178, 181
calculating network programs available in Add/Remove Programs, 179, 182
connecting to with remote desktop feature, 76, 81
docked and undocked hardware profiles for PnP-compliant, 112, 114
running IPCONFIG /REGISTERDNS on, 97, 100
Last Known Good Configuration, 117, 123
LGPO (Local Group Policy Object) Audit Policy, 38
local user groups. See also groups
privileges for managing printer queues, 24, 26
resetting account passwords with, 24, 27
M
managing object and container permissions, 161-67
assigning permissions with group scope, 165, 167
assigning Reset Password permission for all user accounts, 164, 166
delegating ability to create and link GPOs, 165, 167
implementing security with Delegation of Administration Wizard, 162-63, 166
overview, 161
tested skills for, 146
Microsoft Systems Management Server (SMS), 138, 143
Microsoft Windows 2000
applying service pack files on distribution share, 140, 143
applying service pack to existing installation, 139, 142
auditing and system performance, 38
automating service pack deployment to large groups, 140, 143
configuring automatic installation and distribution of hotfix, 140-41, 144
configuring TCP/IP on, 61
data storage in, 15-16
DNS features of, 83
downloading hotfixes for, 137
installing service packs nonsequentially, 139, 142
making default system in dual boot configuration, 120, 124
managing updates for, 137-38
name resolution in, 91
Routing and Remote Access feature, 73
setting up auditing in, 40-41, 45
sharing network resources, 23-28
startup, backup, and recovery features, 117-18
technologies comprising network infrastructure, 47
tested skills for installing and managing updates, 105
tools for troubleshooting routing, 56, 60
verifying latest service pack installed, 139, 141
Microsoft Windows Installer Service, 138
Microsoft Windows XP Professional remote desktop feature, 76, 81
multimaster replication, 169
N
name resolution, 91-101
on client computers, 49
commands for troubleshooting file server access, 98, 101
configuring DNS forwarders for, 86-87, 89
defined, 91
deleting entry for URL in hosts file, 96-97, 100
name resolution,
determining why ping is unavailable with FQDNs, 94, 99
DNS support for, 83, 91
forward and reverse lookups, 83
interpreting NSLOOKUP command error messages, 93, 98
reregistering DNS client names, 97, 100
supplemental reading on, 51
tested skills and practices, 92
troubleshooting recursive, 85-86
troubleshooting with NBTSTAT -r, 95, 99
WINS support for, 91
NAT (Network Address Translation), 235-45
overview, 238, 242-43
clients configured to NAT server with Internet connection, 238, 243
configuring, 236-37, 241-42
defined, 199
ICS vs., 235
resolving IP addresses for clients using DNS, 236, 241
supplemental reading for, 203
tested skills for, 201
Windows 2000 Server connections as IP router, 240, 245
NBTSTAT -r command, 95, 99
NetBIOS
name resolution for, 91
resetting name cache, 95, 99
NetBT (NetBIOS over TCP), 91
NETSH script, 77, 81
NETSTAT -a command, 67, 72
Network Address Translation. See NAT
network infrastructure, 47-101
DHCP on servers and clients, 73-82
DNS, 83-90
supplemental reading, 50-51
TCP/IP on servers and clients, 61-72
technologies comprising Windows 2000, 47
tested skills and practices, 49
troubleshooting name resolution on client computers, 91-101
troubleshooting routing, 48, 53-60
Network News Transfer Protocol (NNTP), 31, 33
network security, 37-45. See also access rights; security policies with Group Policy
applying security templates, 192-93, 195, 197-98
auditing security log for logons and logoffs, 40, 44
comparing local security settings with desired policies, 42, 45
detecting random password hacking, 129, 134
determining unauthorized file access, 39, 42-43
determining who modified user accounts, 40, 44
disabling PAP authentication protocol for RAS server security, 209, 213
encrypting communications with SSL, 31, 33
network security,
monitoring and managing, 37-38
monitoring file and folder access, 39, 43
protection offered on EFS on volumes, 19, 22
resetting account passwords with local user groups, 24, 27
reviewing security logs in Event Viewer, 130, 134-35
setting up auditing in Windows 2000, 40-41, 45
sniffer protection with SSL, 31, 34
supplemental readings on, 5-6
tested skills for, 3
NNTP (Network News Transfer Protocol), 31, 33
No Override flag, 185
NSLOOKUP command error messages, 93, 98
NTFS (NT file system)
defined, 15
disk quota capabilities on NTFS volumes, 15-17, 20
operating systems able to access converted NTFS volumes, 18, 21
share permissions vs. NTFS permissions, 18, 21
user-level file permissions with, 17, 19
O
object classes, 161
objects. See GPOs; managing object and container permis.sions; user and group objects in Active Directory
operating systems. See also Microsoft Windows 2000
able to access converted NTFS volumes, 18, 21
compatibility with basic and dynamic disks, 18, 21
security template for networks with multiple, 195, 198
OUs (organizational units)
overview, 145
applying security policies at, 191
tested skills for Group Policy and, 146-48
P
packet filtering, 206-7, 210-11
PAP authentication protocol, 209, 213
parallel installations, 117
passwords
assigning Reset Password permission for user accounts, 164, 166
monitoring random hacking of, 129, 134
resetting account, 24, 27
setting Active Directory policy settings for, 191
PATHPING, 54-55, 59
performance, 127-36
auditing and, 38
disabling automatic startup of services, 132, 136
improving Terminal Services, 227-28, 231-32
performance,
monitoring random password hacking with security logging, 129, 134
monitoring server performance in Task Manager, 128, 133
preventing router-based problems, 57, 60
reviewing security logs in Event Viewer, 130, 134-35
tested skills for server health and, 105
tools for monitoring, 103
troubleshooting bottlenecks with System Monitor, 129-31, 133, 135
viewing running processes in Task Manager, 128, 132
Performance Logs and Alerts, 127
Performance tab (Task Manager), 128, 132
Performance tool, 127
permissions
assigning to security principal for GPOs, 190
delegating, 161
delegating ability to create and link GPOs, 165, 167
delegating with Delegation of Administration Wizard, 162-63, 166
file vs. share, 16
for global groups in mixed mode domains, 154-55, 159
group scope and assigning, 165, 167
in native mode domain, 156-57, 159
Reset Password, 164, 166
PnP (Plug and Play) devices, 109
Point-to-Point Tunneling Protocol (PPTP), 205
ports
determining active IP port numbers on server, 7, 67
resolving conflicts with I/O port address, 109
TCP port for Terminal Services connections, 228, 232
PPTP (Point-to-Point Tunneling Protocol), 205
printers
common methods for Active Directory security assignments, 151
protocols for sharing, 23
publishing shared, 7
troubleshooting configurations for Terminal Services, 230, 233
user group privileges for managing queues, 24, 26
Processes tab (Task Manager), 128, 132
Processor\ % Processor Time counter, 129, 133, 135
published applications, 177
publishing resources in Active Directory, 2, 7-14
R
RAS (Remote Access Service), 205-13. See also remote access
defined, 199
disabling PAP authentication protocol for server security, 209, 213
RAS (Remote Access Service),
obtaining and assigning IP addresses on RAS server, 207, 212
overview of remote access and VPNs, 205
Recovery Console
overview, 117
enabling as startup option, 120, 124
registry
checking with ERD Fast Repair option, 121, 125
disabling APIPA, 73
relative ID (RID) Flexible Single Master Operations (FSMO) domain controllers, 9, 12
remote access, 199-245
allowing for clients in native mode, 218, 222
applying policies on multiple RAS servers, 218, 222
behavior in mixed and native mode, 215-16
components of, 215
creating remote access policies, 217, 220-21, 223
defaults for storing authentication requests, 218, 222
implementing on multiple RAS servers, 218, 222
non-restricted dial-in access to RAS server, 221, 224
overview, 199-200
supplemental readings, 202-03
Terminal Services for remote administration, 226, 230
tested skills for, 200-201
troubleshooting policies for dial-in permissions, 219, 223
Remote Access Service. See RAS
remote administration mode, 225
remote desktop feature, 76, 81
replication, 146-47, 169-76
calculating site link costs for WAN replication, 171, 174
configuring multiple paths of, 172, 175
intersite replication between domain controllers, 170, 174
locating user objects after, 173, 176
overview, 169
selecting tools for, 173, 175
site link bridges, 173, 176
of universal group membership changes, 157, 160
reverse lookups, 83, 88
RID (relative ID) FSMO (Flexible Single Master Operations) domain controllers, 9, 12
routers
configuring default gateway settings for, 66, 70
DHCP/BOOTP forwarding, 73
preventing performance problems caused by, 57, 60
Windows 2000 Server connections as IP, 240, 245
routing, 48, 53-60
preventing router-based performance problems, 57, 60
selecting tools for troubleshooting, 56, 60
skills required to answer objectives on, 48, 53
supplemental reading for, 50
troubleshooting with PATHPING, 54-55, 59
routing,
using WINIPCFG to troubleshoot network, 58, 60
verifying client and server connectivity, 56, 59
Routing and Remote Access. See also remote access
setting up NAT on, 236, 241
on Windows 2000, 73
S
Safe Mode
overview, 117
accessing network services from, 121, 125
choosing options for, 119, 122-23
SAM (Security Accounts Manager), 191
scripts
for creating DNS zones and configuring DNS replication, 87, 90
NETSH, 77, 81
SECEDIT command, 37, 191, 196
Secure Sockets Layer. See SSL
security. See network security; security policies with Group Policy
Security Accounts Manager (SAM), 191
Security Configuration and Analysis snap-in, 37
security logs
auditing logons and logoffs, 40, 44
monitoring random password hacking with, 129, 134
reviewing in Event Viewer, 130, 134-35
security policies with Group Policy, 148, 191-98. See also access rights; network security
applying security templates by security role, 192-93, 197
evaluating auditing success of policies, 194-95, 197
implementing account policies, 192, 196
overview, 191
selecting security template for multiple operating system networks, 195, 198
speeding up application of new Group Policy settings, 192, 196
security principals, 161
security templates
applying to computers by security role, 192-93, 197
selecting for multiple operating system networks, 195, 198
Security Templates snap-in, 37
servers, 103-44
authenticating, 29
authorizing DHCP servers in Active Directory, 74-75, 79
automatic updates by DHCP, 77, 81
bypassing device driver at startup, 119, 122-23
checking registry with ERD Fast Repair option, 121, 125
choosing Safe Mode options, 119, 123
configuring IP settings for Web, 67, 71
determining active IP port numbers on, 7, 67
servers,
disabling automatic startup of services, 132, 136
DNS installation and configuration, 84, 88
enabling Recovery Console as startup option, 120, 124
failing to assign IP addresses to clients, 76, 80
finding processor bottlenecks, 129-31, 133, 135
improving Terminal Services performance, 227, 231
installing and configuring hardware, 109-16
monitoring health and performance of, 127-36
monitoring random password hacking, 129, 134
monitoring with Performance tab of Task Manager, 128, 133
permissions for restoring files and folders, 122, 126
reviewing security logs, 130, 134-35
starting, 117-18
supplementary reading, 106-7
tested skills and practices, 104-5
unable to ping clients using FQDNs, 94, 99
unable to start DHCP Server service, 75, 80
using Safe Mode option to access network services, 121, 125
verifying client connectivity with, 56, 59
viewing running processes in Task Manager, 128, 132
Windows 2000 as default in multiple boot configuration, 120, 124
service packs
applying files on distribution share, 140, 143
applying to existing Windows installation, 139, 142
automating deployment to large groups, 140, 143
defined, 137
installing nonsequentially, 139, 142
verifying latest installed, 139, 141
Services administrative tool
overview, 127
disabling automatic startup of services, 132, 136
Services node in Active Directory, 11, 14
share permissions, 16
shared resources, 23-28. See also folders
creating shared Web folders, 25, 28
hiding share names, 24, 26
mapping drives to shared folder with batch file, 25, 27
publishing shared folders and printers, 7, 10-11, 13
resetting account passwords with local user groups, 24, 27
supplemental readings on, 5
tested skills for creating and configuring access rights, 2-3
user group privileges for managing printer queues, 24, 26
simple volumes, 15
site link bridges, 173, 176
site link costs, 171, 174
slipstreaming
applying service pack files with, 140, 143
defined, 138
SMS (Systems Management Server), 138, 143
snap-in installation and removal, 37
sniffer protection with SSL, 31, 34
SOHO (small office/home office), 235
spanned volumes, 15
SSL (Secure Sockets Layer)
encrypting communications with, 31, 33
sniffer protection with SSL encryption, 31, 34
SSL certificates, 29
starting servers and client computers, 117-26
bypassing device driver at startup, 119, 122-23
checking registry with ERD Fast Repair option, 121, 125
choosing Safe Mode options, 119, 123
disabling automatic startup of services, 132, 136
enabling Recovery Console as startup option, 120, 124
overview, 117-18
permissions for restoring files and folders, 122, 126
tested skills and practices, 104
using Safe Mode option to access network services, 121, 125
Windows 2000 as default in multiple boot configuration, 120, 124
Startup and Recovery feature, 118
striped volumes, 15
subnet mask
configuring for Web server, 71
configuring NAT address pool with, 237, 242
System Monitor
overview, 103, 127
determining bottlenecks, 129-31, 133, 135
illustrated, 131
Systems Management Server (SMS), 138, 143
T
Task Manager
overview, 103, 127
monitoring server with Performance tab of, 128, 133
unable to disable services in, 136
viewing running processes in, 128, 132
TCP port, 228, 232
TCP/IP (Transmission Control Protocol/Internet Protocol), 61-72
automatic configurations with DHCP, 61
configuring, 61-62
default gateway settings for router, 66, 70
detecting duplicate IP addresses for existing IP device, 63, 68
determining active IP port numbers on server, 7, 67
diagnosing source of IP configuration problems, 65, 69
DNS client and, 83
routing for, 53
setting IP configuration for Web server, 67, 71
TCP/IP (Transmission Control Protocol/Internet Protocol),
supplemental reading for, 50
tested skills and practices, 48, 62
troubleshooting IP addresses and configurations, 64-65, 68-69
using DHCP to configure, 73
verifying connectivity between client and server, 56, 59
template accounts, 151
Terminal Services, 225-33
overview, 200
Client Connection Manager and improved performance, 228, 232
configuring for remote administration, 226, 230
directory service repair on domain controllers, 229, 233
group logon to, 226-27, 231
improving server performance, 227, 231
installing in remote administration or application mode, 225
supplemental reading for, 202
TCP port for client connections, 228, 232
tested skills for, 201
troubleshooting client printer configurations for, 230, 233
troubleshooting errors with remote control settings, 229, 232-33
Terminal Services Client Connection Manager, 228, 232
tools
for diagnosing Active Directory replication problems, 173, 175
for monitoring performance, 103
Performance, 127
SECEDIT.EXE, 37
for troubleshooting Group Policy application issues, 185, 187, 189
Transmission Control Protocol/Internet Protocol. See TCP/IP
troubleshooting
bottlenecks with System Monitor, 129-31, 133, 135
client printer configurations for Terminal Services, 230, 233
enabling ping capability with packet filtering, 206, 210
end-user Group Policy, 147, 185-90
IP addresses and configurations, 64-65, 68-69
name resolution, 85-86, 91-101
network with WINIPCFG, 58, 60
remote access VPNs unable to reach intranet locations, 207, 211
routing, 48, 53-60
routing and remote access policies, 200-201, 215-24
server health and performance, 127-36
"server not found" errors, 32, 35
Terminal Services remote control errors, 229, 232-33
testing connectivity from ICS server to client, 240, 245
user objects, 151
U
UDF (Universal Disk Format), 15
UNC (Universal Naming Convention) path, 7
Uniform Resource Locators. See URLs
universal groups, 165, 167
UPDATE.EXE utility
slipstreaming with, 143
using, 137, 142
updates, 137-44
applying service pack files on distribution share, 140, 143
applying service pack to existing Windows installation, 139, 142
automating service pack deployment to large groups, 140, 143
configuring automatic installation and distribution of hotfix, 140-41, 144
installing service packs nonsequentially, 139, 142
overview of managing, 137-38
tested skills and practices, 105
verifying latest service pack installed, 139, 141
URLs (Uniform Resource Locators)
defined, 91
deleting entry in hosts file for, 96-97, 100
user accounts
assigning Reset Password permission for all, 164, 166
auditing management of, 9, 12
determining who modified, 40, 44
gathering into global groups in mixed mode domains, 154-55, 159
user and group objects in Active Directory, 151-60
about user, group, and computer objects, 151
assigning permissions in native mode domain, 156-57, 159
gathering user accounts in global groups in mixed mode domains, 154-55, 159
generating user accounts in batch format, 152, 158
locating user objects after replication, 173, 176
managing network administrator accounts, 153, 158
replicating changes in universal group membership, 157, 160
tested skills for, 146
user groups. See also groups
privileges for managing printer queues for local, 24, 26
resetting account passwords with local, 24, 27
users, file vs. share permissions for, 16
V
virtual directories, 29
virtual private networks. See VPNs
virtual servers, 29
volumes. See also disks
advantages of EFS volume protection, 19, 22
disk quota capabilities on NTFS, 15-17, 20
operating systems accessing converted NTFS, 18, 21
simple, spanned, and striped, 15
VPNs (virtual private networks), 205-13
Automatic Server Type option and connection order, 209, 213
configuring, 206-213
defined, 199
disabling PAP authentication protocol, 209, 213
enabling ping capability with packet filtering, 206, 210
obtaining and assigning IP addresses on RAS server, 207, 212
overview of remote access and, 205
static IP address pools for connectivity with intranet, 207, 211
supplemental reading for, 202
tested skills for, 200
W
Windows 2000. See Microsoft Windows 2000
Windows Explorer, 8
Windows Internet Naming Service, 91
Windows Update feature, 137-38
Windows XP Professional remote desktop feature, 76, 81
WINIPCFG, 58, 60
WINNT32 /CMDCONS commands, 124
WINS (Windows Internet Naming Service), 91
World Wide Web Publishing Service, 32, 34-35
Z
.zap files, 177
Last Updated: February 19, 2002
|
