Training
Certifications
Books
Special Offers
Community




 
ALS Designing Microsoft® Windows® 2000 Network Security
Author Microsoft Corporation
Pages 1104
Disk N/A
Level Beg/Int
Published 06/13/2001
ISBN 9780735612693
 

More Information

About the Book
Table of Contents
Sample Chapter
Index
Related Series
Related Books
About the Author

Support: Book & CD

 

 

Table of Contents


About This Book xxix
    Intended Audience xxx
    Prerequisites xxx
    Reference Materials xxxi
    About the Supplemental Course Materials CD-ROM xxxi
    Features of This Book xxxii
        Notes xxxii
        Conventions xxxii
    Chapter and Appendix Overview xxxiii
        Finding the Best Starting Point for You xxxvi
        Where to Find Specific Skills in This Book xxxvi
    Getting Started xl
        Hardware Requirements xl
        Software Requirements xl
        Setup Instructions xli
    About the Online Book xlviii
    Sample Readiness Review Questions xlviii
    The Microsoft Certified Professional Program xlix
        Microsoft Certification Benefits xlix
        Requirements for Becoming a Microsoft Certified Professional li
        Technical Training for Computer Professionals lii
    Technical Support liv
CHAPTER 1  Introduction to Microsoft Windows 2000 Security 1
        About This Chapter 1
        Before You Begin 1
    Chapter Scenario: Lucerne Publishing 2
        Current Network 2
        Account Management 2
        Expansion Plans 3
        Online Ordering 3
        Security Issues 3
    Lesson 1: Microsoft Windows 2000 Security Services Overview 4
        Security Subsystem Components 5
        LSA Functionality 7
        Windows 2000 Security Protocols 8
        The Security Support Provider Interface (SSPI) 9
        Lesson Summary 9
    Lesson 2: Designing Security Business Requirements 10
            Determining Business Requirements 10
            Making the Decision 12
            Applying the Decision 13
        Lesson Summary 14
    Lesson 3: Designing Security to Meet Technical Requirements 15
        Determining Technical Requirements 15
            Making the Decision 16
            Applying the Decision 17
        Lesson Summary 19
    Review 20
CHAPTER 2  Designing Active Directory for Security 21
        About This Chapter 21
        Before You Begin 22
    Chapter Scenario: Wide World Importers 23
        The Existing Network 23
        User Account Management 23
        Application Support 23
        Client Desktops 24
    Lesson 1: Designing Your Forest Structure 25
        Active Directory Design Basics 25
        Deploying a Single Forest 26
            Making the Decision 27
            Applying the Decision 28
        Deploying Multiple Forests 28
            Making the Decision 30
            Applying the Decision 31
        Lesson Summary 32
    Lesson 2: Designing Your Domain Structure 33
        Deploying a Single Domain 33
            Making the Decision 33
            Applying the Decision 34
        Deploying Multiple Domains 34
            Understanding Account Policies 34
            Making the Decision 37
            Applying the Decision 38
        Lesson Summary 39
    Lesson 3: Designing an OU Structure 40
        Planning for Delegation of Administration 40
            Delegating Control to an Organizational Unit 40
            Making the Decision 42
            Applying the Decision 44
        Planning for Group Policy Deployment 45
            Making the Decision 49
            Applying the Decision 49
        Lesson Summary 51
    Lesson 4: Designing an Audit Strategy 52
        Configuring Audit Settings 52
            Making the Decision 53
            Applying the Decision 54
        Lesson Summary 55
    Activity: Designing an Audit Strategy 56
    Lab 2-1: Designing Active Directory for Security 57
        Lab Objectives 57
        About This Lab 57
        Before You Begin 57
        Scenario: Contoso Ltd. 57
        Exercise 1: Determining the Number of Forests 59
        Exercise 2: Determining the Number of Domains 60
        Exercise 3: Designing an OU Structure 60
    Review 62
CHAPTER 3  Designing Authentication for a Microsoft Windows 2000 Network 63
        About This Chapter 63
        Before You Begin 64
    Chapter Scenario: Market Florist 65
        The Existing Network 65
        Market Florist Active Directory Design 66
        Market Florist Server Configuration 66
    Lesson 1: Designing Authentication in a Microsoft Windows 2000 Network 68
        Determining Business and Technical Requirements 68
        Lesson Summary 69
    Lesson 2: Designing Kerberos Authentication 70
        Designing Kerberos Authentication 71
        Understanding the Kerberos Message Exchanges 72
        Analyzing Kerberos Authentication 73
            Initial Authentication with the Network 73
            Network Authentication 76
            Smart Card Authentication 77
            Multiple Domain Authentication 79
            Delegation 80
            Making the Decision 82
            Applying the Decision 83
        Lesson Summary 84
    Lesson 3: NTLM Authentication 85
        Designing NTML Authentication 85
            Making the Decision 86
            Applying the Decision 87
        Lesson Summary 87
    Lesson 4: Authenticating Down-Level Clients 88
        Analyzing Standard Authentication 88
        Analyzing the Directory Services Client 89
            Making the Decision 92
            Applying the Decision 92
        Lesson Summary 93
    Lesson 5: Planning Server Placement for Authentication 94
        Determining Server Placement for Authentication 94
        Planning DNS Server Placement 94
            Making the Decision 95
            Applying the Decision 95
        Planning DC Placement 97
            Making the Decision 97
            Applying the Decision 97
        Planning Global Catalog Server Placement 97
            Making the Decision 98
            Applying the Decision 99
        Planning PDC Emulator Placement 99
            Making the Decision 99
            Applying the Decision 100
        Lesson Summary 100
    Activity: Analyzing Authentication Network Infrastructure 101
    Lab 3-1: Designing Authentication for the Network 102
        Lab Objectives 102
        About This Lab 102
        Before You Begin 102
        Scenario: Contoso Ltd. 102
        Exercise 1: Designing Windows 2000 Client Authentication 104
        Exercise 2: Designing Down-Level Client Authentication 105
    Review 106
CHAPTER 4  Planning a Microsoft Windows 2000 Administrative Structure 107
        About This Chapter 107
        Before You Begin 107
    Chapter Scenario: Hanson Brothers 108
        The Existing Network 108
        Hanson Brothers' Active Directory Design 109
        Hanson Brothers' Administrative Needs 109
        The Central Administration Team 110
        Hanson Brothers' Current Issues 110
    Lesson 1: Planning Administrative Group Membership 111
        Designing Default Administrative Group Membership 111
            The Default Windows 2000 Administrative Groups 111
            Assessing Administrative Group Membership Design 114
            Making the Decision 116
            Applying the Decision 117
        Designing Custom Administrative Groups 118
            Determining When to Create Custom Groups 119
            Making the Decision 120
            Applying the Decision 121
        Lesson Summary 122
    Lesson 2: Securing Administrative Access to the Network 123
        Designing Secure Administrative Access 123
            Making the Decision 124
            Applying the Decision 125
        Designing Secondary Access 126
            Understanding the RunAs Service 127
            Making the Decision 129
            Applying the Decision 129
        Designing Telnet Administration 129
            Making the Decision 130
            Applying the Decision 130
        Designing Terminal Services Administration 131
            Assessing Terminal Services Administration 131
            Making the Decision 132
            Applying the Decision 132
        Lesson Summary 133
    Activity: Administering the Network 134
    Lab 4-1: Designing Administration for a Microsoft Windows 2000 Network 136
        Lab Objectives 136
        About This Lab 136
        Before You Begin 136
        Scenario: Contoso Ltd. 136
        Exercise 1: Designing Preexisting Administration Groups 138
        Exercise 2: Designing Administrative Access 140
    Review 142
CHAPTER 5  Designing Group Security 143
        About This Chapter 143
        Before You Begin 143
    Chapter Scenario: Hanson Brothers 144
        The Microsoft Exchange 2000 Server Deployment 144
        Deployment of Microsoft Outlook 2000 144
        User Rights Requirements 145
    Lesson 1: Designing Microsoft Windows 2000 Security Groups 146
        Windows 2000 Groups 146
        Assessing Group Usage 149
            Making the Decision 152
            Applying the Decision 152
        Lesson Summary 154
    Activity: Reviewing Group Memberships 155
    Lesson 2: Designing User Rights 158
        Defining User Rights with Group Policy 158
        User Rights Within Windows 2000 158
        Assessing Where to Apply User Rights 162
            Making the Decision 163
            Applying the Decision 164
        Lesson Summary 165
    Lab 5-1: Designing Security Groups and User Rights 166
        Lab Objectives 166
        About This Lab 166
        Before You Begin 166
        Scenario: Contoso Ltd. 166
        The Human Resources Application 166
        Exercise 1: Designing Security Groups 168
        Exercise 2: Designing User Rights 170
    Review 171
CHAPTER 6  Securing File Resources 173
        About This Chapter 173
        Before You Begin 173
    Chapter Scenario: Wide World Importers 174
        Planning Security for Software Deployment 174
        Print Security 176
        Planning for Protection of Confidential Data 176
    Lesson 1: Securing Access to File Resources 177
        Designing Share Security 177
            Configuring Share Permissions 177
            Making the Decision 179
            Applying the Decision 180
        Planning NTFS Security 180
            Changes in the Windows 2000 NTFS File System 181
            Assessing NTFS Permissions 181
            Making the Decision 183
            Applying the Decision 184
        Combining Share and NTFS Security 185
            Making the Decision 187
            Applying the Decision 188
        Lesson Summary 188
    Activity: Evaluating Permissions 189
    Lesson 2: Securing Access to Print Resources 191
        Assessing Printer Security 191
            Making the Decision 192
            Applying the Decision 193
        Lesson Summary 193
    Lesson 3: Planning EFS Security 194
        Overview of the EFS Process 194
        Designating an EFS Recovery Agent 197
            The Initial EFS Recovery Agent 197
            Configuring a Custom EFS Recovery Agent 198
            Configuring an Empty Encrypted Data Recovery Agent Policy 199
            Making the Decision 199
            Applying the Decision 200
        Recovering Encrypted Files 200
            Assessing Recovery of Encrypted Files 200
            Making the Decision 202
            Applying the Decision 202
        Lesson Summary 202
    Lab 6-1: Securing File and Print Resources 203
        Lab Objectives 203
        About This Lab 203
        Before You Begin 203
        Scenario: Contoso Ltd. 203
        Exercise 1: Planning File Security 206
        Exercise 2: Planning Print Security 207
        Exercise 3: Planning EFS for Laptops 208
    Review 210
CHAPTER 7  Designing Group Policy 211
        About This Chapter 211
        Before You Begin 211
    Chapter Scenario: Wide World Importers 212
        Proposed OU Structure 212
        Existing Site Definitions 213
        Application Installation Requirements 213
        Engineering Requirements 213
        The New Employee 214
    Lesson 1: Planning Deployment of Group Policy 215
        Group Policy Overview 215
        Planning Group Policy Inheritance 215
            Assessing Group Policy Application 217
            Block Policy Inheritance 218
            Configuring No Override 219
            Making the Decision 219
            Applying the Decision 220
        Filtering Group Policy by Using Security Groups 221
            Making the Decision 223
            Applying the Decision 224
        Lesson Summary 224
    Lesson 2: Troubleshooting Group Policy 225
        Assessing Group Policy Troubleshooting 225
            Making the Decision 227
            Applying the Decision 228
        Lesson Summary 228
    Activity: Troubleshooting Group Policy Application 229
    Lab 7-1: Planning Group Policy Deployment 230
        Lab Objectives 230
        About This Lab 230
        Before You Begin 230
        Scenario: Contoso Ltd. 230
        Exercise 1: Applying Group Policy 233
        Exercise 2: Designing Group Policy Filtering 233
        Exercise 3: Troubleshooting Group Policy Application 234
    Review 237


Next




Top of Page


Last Updated: Saturday, July 7, 2001