| Acknowledgements | xxxix |
| Introduction | xli |
| PART I PREPARING FOR INSTALLATION | |
| 1 Overview of Windows Server 2003 | 2 |
| Deploying Windows Server 2003 and Windows Clients | 4 |
| Network Management | 5 |
| Group Policy | 6 |
| IntelliMirror | 6 |
| Terminal Services | 7 |
| Interoperability | 7 |
| System and Network Security | 8 |
| Hardware Support | 9 |
| Availability and Reliability | 10 |
| Active Directory | 11 |
| Storage and File System Support | 12 |
| Communications | 12 |
| Internet Services and .NET Application Services | 13 |
| Scalability | 14 |
| The Need for Planning | 14 |
| Summary | 15 |
| 2 Introducing Directory Services | 16 |
| Understanding Directory Services | 17 |
| Active Directory in Microsoft Windows Server 2003 and Windows 2000 | 19 |
| Terminology and Concepts in Active Directory | 20 |
| The Active Directory Architecture | 23 |
| The Directory System Agent | 23 |
| Naming Formats | 24 |
| The Data Model | 24 |
| Schema Implementation | 25 |
| The Security Model | 25 |
| Delegation and Inheritance | 26 |
| Naming Contexts and Partitions | 26 |
| The Global Catalog | 26 |
| Summary | 27 |
| 3 Planning Namespace and Domains | 28 |
| Analyzing Naming Convention Needs | 29 |
| Trees and Forests | 29 |
| Defining a Naming Convention | 31 |
| Determining Name Resolution | 33 |
| Planning a Domain Structure | 36 |
| Domains vs. Organizational Units | 36 |
| Designing a Domain Structure | 38 |
| Domain Security Guidelines | 39 |
| Creating Organizational Units | 39 |
| Planning Multiple Domains | 40 |
| Planning a Contiguous Namespace | 40 |
| Determining the Need for a Forest | 41 |
| Creating the Forest | 41 |
| Summary | 41 |
| 4 Planning Deployment | 42 |
| How Information Technology Functions | 44 |
| Identifying Business Needs | 44 |
| Getting Specific | 45 |
| Seeing into the Future | 45 |
| Assessing Your Current Setup | 46 |
| Documenting the Network | 46 |
| Making a Roadmap | 48 |
| Defining Goals | 49 |
| Assessing Risk | 50 |
| Summary | 52 |
| PART II INSTALLATION AND CONFIGURATION | |
| 5 Getting Started | 54 |
| Windows Installation Considerations | 55 |
| Maximizing Server Security | 56 |
| Reviewing System Requirements | 57 |
| Checking a System for Compatibility | 58 |
| Planning Partitions | 59 |
| Gathering Network Information | 61 |
| Dealing with Licensing and Product Activation | 62 |
| Physical Preparation | 63 |
| Dual-Boot Considerations | 64 |
| Installing Windows | 66 |
| Manually Installing Windows | 67 |
| Automating Windows Installations | 77 |
| Troubleshooting Installations | 100 |
| Setup Freezes or Locks Up | 101 |
| Setup Stops During File Copying | 103 |
| Previous OS Will Not Boot | 104 |
| Summary | 106 |
| 6 Upgrading to Windows Server 2003 | 108 |
| Architectural Changes since Windows NT 4 | 109 |
| Domain Controllers and Server Roles | 110 |
| Active Directory | 111 |
| Hardware Support | 115 |
| Software Support | 117 |
| Planning a Windows NT Domain Upgrade | 118 |
| Documenting the Existing Network | 119 |
| Planning the Active Directory Forest | 122 |
| Planning the Site Topology | 132 |
| Making a Recovery Plan | 133 |
| Developing an Upgrade Strategy | 135 |
| Preparing Domains and Computers | 138 |
| Preparing Windows 2000 Forests and Domains | 138 |
| Preparing Windows NT Domains | 140 |
| Preparing the Computers | 141 |
| Upgrading to Windows XP | 143 |
| Upgrading to Windows Server 2003 | 145 |
| Forest and Domain Functional Levels | 147 |
| Choosing a Forest Functional Level | 147 |
| Choosing a Domain Functional Level | 149 |
| Switching Functional Levels | 151 |
| Summary | 153 |
| 7 Configuring New Windows Server 2003 Installations | 154 |
| Enabling Remote Administration | 155 |
| Checking for Setup Problems | 157 |
| Adding and Troubleshooting Devices | 158 |
| Using Device Manager | 158 |
| Using the Add Hardware Wizard | 162 |
| Configuring Networking Settings | 163 |
| Changing Your Network Identity | 163 |
| Configuring Network Components | 165 |
| Configuring TCP/IP | 166 |
| Configuring NWLink IPX/SPX | 173 |
| Configuring Storage | 174 |
| Using the Manage Your Server and Configure Your Server Tools | 174 |
| Performance and Memory Tuning | 179 |
| Updating Windows | 183 |
| Securing Windows | 184 |
| Summary | 187 |
| 8 Installing and Managing Printers | 188 |
| Understanding the Basics | 189 |
| Printer Terminology | 189 |
| Understanding Print Servers | 190 |
| Methods of Connecting Printers to Print Servers | 192 |
| Internet Printing | 192 |
| Understanding the Printing Process | 194 |
| Planning Printer Deployment | 197 |
| Establishing Printer Naming Conventions | 198 |
| Creating Location-Naming Conventions | 199 |
| Choosing Printers and Print Servers | 200 |
| Upgrading and Migrating Windows NT 4 Print Servers | 202 |
| Preparing for Print Server Failure | 203 |
| Installing Printers | 204 |
| Adding Local Printers | 205 |
| Installing Network Printers | 207 |
| Modifying Printer Properties | 213 |
| Setting Security Options | 213 |
| Changing Printer Options | 217 |
| Changing Default Print Settings | 224 |
| Setting Print Server Options | 225 |
| Modifying the Forms Available on the Print Server | 225 |
| Configuring Ports and Drivers | 226 |
| Configuring Advanced Print Server Settings | 226 |
| Enabling Internet Printing and Management | 227 |
| Printers and Active Directory | 229 |
| How Printers Are Published | 230 |
| Using Active Directory to Find Printers | 230 |
| Using Printer Location Tracking | 231 |
| Managing Printers and Print Servers | 234 |
| Managing Printers from Windows | 235 |
| Managing Printers from a Web Browser | 237 |
| Managing Printers from a Command Line | 239 |
| Using Printer Migrator to Back Up or Migrate Print Servers | 240 |
| Troubleshooting Printing Problems | 240 |
| Printing from the Client Machine Experiencing the Problem | 242 |
| Checking the Print Server Status | 244 |
| Printing from Another Client Machine | 245 |
| Checking the Printer | 245 |
| Deleting Stuck Documents | 246 |
| Troubleshooting Printer Location Tracking | 247 |
| Summary | 247 |
| 9 Managing Users and Groups | 248 |
| Understanding Groups | 249 |
| Assigning Group Scopes | 250 |
| Planning Organizational Units | 252 |
| Creating Organizational Units | 253 |
| Moving Organizational Units | 253 |
| Deleting Organizational Units | 254 |
| Planning a Group Strategy | 254 |
| Implementing the Group Strategy | 255 |
| Managing Built-in Groups and User Rights | 259 |
| Built-in Local Groups | 259 |
| Built-in Domain Local Groups | 261 |
| Built-in Global Groups | 263 |
| Defining User Rights | 264 |
| Creating User Accounts | 269 |
| Naming User Accounts | 269 |
| Account Options | 269 |
| Passwords | 270 |
| Creating a Domain User Account | 271 |
| Creating a Local User Account | 272 |
| Setting User Account Properties | 273 |
| Testing User Accounts | 274 |
| Managing User Accounts | 274 |
| Finding a User Account | 274 |
| Disabling and Enabling a User Account | 276 |
| Deleting a User Account | 276 |
| Moving a User Account | 277 |
| Renaming a User Account | 277 |
| Resetting a User's Password | 277 |
| Unlocking a User Account | 278 |
| Using Home Folders | 278 |
| Maintaining User Profiles | 280 |
| Local Profiles | 282 |
| Roaming Profiles | 283 |
| Assigning a Logon Script to a User Profile | 286 |
| Summary | 287 |
| 10 Managing File Resources and Group Policy | 288 |
| Configuring Shares and Permissions | 289 |
| Using Special Shares | 290 |
| Shares, Permissions, and File Systems | 292 |
| Sharing Folders | 292 |
| Share Permissions | 296 |
| Configuring NTFS Permissions | 297 |
| What the Permissions Mean | 297 |
| How Permissions Work | 298 |
| Considering Inheritance | 299 |
| Configuring Folder Permissions | 300 |
| Assigning Permissions to Files | 301 |
| Configuring Special Permissions | 301 |
| Ownership and How It Works | 303 |
| Understanding Group Policies | 306 |
| Components of Group Policy | 307 |
| Managing Group Policies | 308 |
| Creating a Group Policy Object | 312 |
| Inside the Group Policy Editor | 313 |
| Using Group Policy for Folder Redirection | 314 |
| Using Resultant Set of Policy (RSoP) | 318 |
| Running an RSoP Query | 318 |
| A Planning RSoP | 319 |
| Summary | 320 |
| PART III NETWORK ADMINISTRATION | |
| 11 Managing Daily Operations | 322 |
| Using the Microsoft Management Console | 323 |
| Convenience Consoles | 323 |
| Creating an MMC-Based Console with Snap-ins | 324 |
| Using the Secondary Logon | 330 |
| Opening Programs Using Run As | 331 |
| Administrative Tools | 333 |
| Installing Administrative Tools Locally | 333 |
| Making Administrative Tools Available Remotely | 333 |
| Support Tools | 333 |
| Automating Chores with Scripts | 334 |
| Auditing Events | 335 |
| Audit Settings for Objects | 336 |
| Viewing Event Logs | 338 |
| Searching Event Logs | 339 |
| Filtering Event Logs | 339 |
| Setting the Size of Event Logs | 340 |
| Archiving Event Logs | 341 |
| Delegating Control | 341 |
| Using Task Scheduler | 343 |
| Changing a Schedule | 344 |
| Tracking Task Scheduler | 345 |
| Viewing Tasks on a Remote Computer | 345 |
| Using the AT Command | 346 |
| Summary | 348 |
| 12 Scripting Windows | 350 |
| Windows Automation Methods | 351 |
| WSH, WMI, and ADSI Background | 352 |
| Choose Your Method | 353 |
| Operating System Support | 354 |
| Writing WSH Scripts | 356 |
| Choosing A Scripting Language | 356 |
| Prospecting for Scripts | 357 |
| Running Scripts | 358 |
| Scripts and Security | 359 |
| WSH Conventions | 359 |
| WSH Object Model | 362 |
| Using Windows Management Instrumentation (WMI) | 365 |
| The Scriptomatic Tool | 366 |
| The Windows Management Instrumentation Command-line (WMIC) | 366 |
| WMI Graphical Tools | 367 |
| Accessing WMI through Scripts | 370 |
| Summary | 371 |
| 13 Installing and Configuring Active Directory | 372 |
| Using the Active Directory Installation Wizard | 374 |
| Preparing for Installation | 375 |
| Promoting Your First Server to a Domain Controller | 377 |
| Choosing Installation Options | 385 |
| Upgrading Windows NT 4 Domain Controllers | 389 |
| Demoting a Domain Controller | 390 |
| Changing a Domain Controller Identification | 393 |
| Setting a Global Catalog Server | 394 |
| Using Active Directory Domains and Trusts | 395 |
| Launching Active Directory Domains and Trusts | 395 |
| Domain and Forest Functionality | 396 |
| Managing Domain Trust Relationships | 400 |
| Specifying the Domain Manager | 401 |
| Configuring User Principal Name Suffixes for a Forest | 401 |
| Managing Domains | 402 |
| Using Active Directory Users and Computers | 402 |
| Launching Active Directory Users and Computers | 402 |
| Viewing Active Directory Objects | 403 |
| Creating an Organizational Unit | 410 |
| Configuring OU Objects | 411 |
| Delegating Object Control | 413 |
| Creating a User Object | 417 |
| Configuring User Objects | 418 |
| Creating a Group | 423 |
| Configuring Group Objects | 424 |
| Creating a Computer Object | 425 |
| Configuring Computer Objects | 426 |
| Using Remote Computer Management | 426 |
| Publishing a Shared Folder | 427 |
| Publishing a Printer | 427 |
| Moving, Renaming, and Deleting Objects | 427 |
| Renaming a Domain Controller or a Whole Domain | 428 |
| Renaming a Domain Controller | 428 |
| Renaming Domains | 429 |
| Summary | 429 |
| 14 Managing Active Directory | 430 |
| Using Active Directory Sites and Services | 431 |
| Defining Site Objects | 433 |
| Understanding Domain Replication | 434 |
| Launching Sites and Services | 436 |
| Using Active Directory Schema | 443 |
| Examining Schema Security | 444 |
| Launching Active Directory Schema | 445 |
| Modifying the Schema | 446 |
| Modifying Display Specifiers | 452 |
| Performing Batch Importing and Exporting | 455 |
| Using the Ldifde.exe Utility | 455 |
| Understanding Operations Master Roles | 458 |
| Summary | 465 |
| 15 Understanding TCP/IP | 466 |
| The TCP/IP Protocol Suite | 467 |
| Internet Protocol | 468 |
| Transmission Control Protocol | 468 |
| User Datagram Protocol | 469 |
| Windows Sockets | 469 |
| Requests for Comments | 470 |
| IP Addresses and What They Mean | 471 |
| Class A Networks | 472 |
| Class B Networks | 472 |
| Class C Networks | 473 |
| Class D and Class E Addresses | 473 |
| Routing and Subnets | 475 |
| What Is a Subnet? | 475 |
| Gateways and Routers | 476 |
| Routing Protocols | 477 |
| Name Resolution | 478 |
| The Domain Name System | 479 |
| Dynamic Host Configuration Protocol | 484 |
| Windows Internet Name Service | 487 |
| IP Version 6 | 489 |
| Summary | 491 |
| 16 Administering TCP/IP | 492 |
| Using DHCP | 494 |
| Designing DHCP Networks | 494 |
| Installing the DHCP Service | 496 |
| Creating a New Scope | 497 |
| Authorizing the DHCP Server and Activating Scopes | 501 |
| Adding Address Reservations | 502 |
| Enabling Dynamic Updates to a DNS Server for Earlier Clients | 503 |
| Using Multiple DHCP Servers for Redundancy | 506 |
| Other DHCP Functions | 508 |
| Setting Up a DHCP Relay Agent | 510 |
| Backing Up and Restoring the DHCP Database | 511 |
| Using Ipconfig to Release, Renew, or Verify a Lease | 513 |
| DHCP Command-Line Administration | 513 |
| Using DNS Server | 514 |
| Installing DNS | 514 |
| Using the Configure A DNS Server Wizard | 515 |
| Creating Zones | 523 |
| Creating Subdomains and Delegating Authority | 524 |
| Adding Resource Records | 526 |
| Configuring Zone Transfers | 530 |
| Interoperating with Other DNS Servers | 532 |
| Enabling Dynamic DNS Updates | 532 |
| Enabling WINS Resolution | 533 |
| Setting Up a Forwarder | 534 |
| Updating Root Hints | 535 |
| Setting Up a Caching-Only DNS Server | 536 |
| Setting Up a WINS Server | 536 |
| Determining Whether You Need WINS | 537 |
| Configuring the Server to Prepare for WINS | 538 |
| Installing WINS | 538 |
| Adding Replication Partners | 539 |
| Miscellaneous WINS Functions | 541 |
| Compacting the WINS Database | 542 |
| Summary | 543 |
| 17 Implementing Disk Management | 544 |
| Understanding Disk Terminology | 545 |
| Overview of Disk Management | 547 |
| Disk Administration Enhancements | 548 |
| Remote Management | 550 |
| Dynamic Disks | 550 |
| Command Line | 550 |
| Disk Management Tasks | 551 |
| Adding a Partition or Volume | 551 |
| Converting a Disk to a Dynamic Disk | 564 |
| Extending a Volume | 565 |
| Adding a Mirror | 567 |
| Converting a Volume or Partition from FAT to NTFS | 571 |
| Formatting a Partition or Volume | 572 |
| Changing a Drive Letter | 574 |
| Mounting a Volume | 575 |
| NTFS | 576 |
| Disk Quotas | 577 |
| Encrypting on the File System Level | 581 |
| Shadow Copies of Shared Folders | 583 |
| Summary | 583 |
| 18 Using Clusters | 584 |
| What Is a Cluster? | 585 |
| Network Load Balancing Clusters | 585 |
| Server Clusters | 586 |
| Cluster Scenarios | 587 |
| Intranet or Internet Functionality | 587 |
| Terminal Services | 587 |
| Mission-Critical Availability | 587 |
| Requirements and Planning | 588 |
| Identifying and Addressing Goals | 588 |
| Identifying a Solution | 589 |
| Identifying and Addressing Risks | 589 |
| Making Checklists | 590 |
| Network Load Balancing Clusters | 590 |
| NLB Concepts | 590 |
| Choosing an NLB Cluster Model | 591 |
| Creating an NLB Cluster | 593 |
| Planning the Capacity of an NLB Cluster | 598 |
| Providing Fault Tolerance | 599 |
| Optimizing an NLB Cluster | 599 |
| Server Clusters | 600 |
| Server Cluster Concepts | 601 |
| Types of Resources | 602 |
| Defining Failover and Failback | 605 |
| Configuring a Server Cluster | 606 |
| Planning the Capacity of a Server Cluster | 608 |
| Creating a Server Cluster | 609 |
| Summary | 623 |
| 19 Configuring Storage | 624 |
| The Distributed File System | 625 |
| Advantages | 626 |
| Concepts and Terminology | 628 |
| Structure and Topology | 631 |
| Setup | 633 |
| Backing Up and Restoring the Dfs Database | 641 |
| Dfs Command-Line Administration | 641 |
| Removable Storage | 642 |
| Benefits and Requirements | 642 |
| Concepts and Terminology | 644 |
| Use and Management | 647 |
| Command-Line Administration | 656 |
| Remote Storage | 656 |
| Concepts and System Requirements | 657 |
| Setup and Configuration | 662 |
| Data Recovery and Protection | 673 |
| Command Line Administration | 678 |
| Shared Folders | 679 |
| Using the File Server Management Snap-In | 679 |
| Setting Up Shared Folders | 680 |
| Configuring Shadow Copies | 686 |
| Configuring Web Shares | 691 |
| Command Line Administration | 692 |
| Summary | 693 |
| 20 Planning for Security | 694 |
| Smart Cards | 695 |
| Security Basics | 696 |
| Authentication | 696 |
| Data Protection | 699 |
| Access Control | 701 |
| Auditing | 702 |
| Nonrepudiation | 702 |
| Public-Key Infrastructures | 703 |
| Public-Key Encryption vs. Symmetric-Key Encryption | 704 |
| Public-Key Certificates and Private Keys | 705 |
| Certificate Authorities | 706 |
| Certificate Registration | 709 |
| Certificate Directories | 710 |
| Certificate Templates | 710 |
| Certificate Revocation | 711 |
| Certificate Renewal | 712 |
| Full CRLs and Delta CRLs | 712 |
| Security-Enabled Protocols | 712 |
| Secure Multipurpose Internet Mail Extensions | 713 |
| Kerberos Version 5 | 714 |
| Windows NT LAN Manager | 716 |
| Secure Socket Layer | 716 |
| Internet Protocol Security | 717 |
| Virtual Private Networks | 719 |
| Remote Access VPNs | 720 |
| Router-to-Router VPNs | 721 |
| Security Modules | 722 |
| Cryptographic Application Programming Interface | 722 |
| Cryptographic Service Providers | 722 |
| CAPICOM | 723 |
| Summary | 723 |
| 21 Implementing Security | 724 |
| Physical Security | 725 |
| Using Microsoft Baseline Security Analyzer | 726 |
| Using Templates to Implement Security Policies | 727 |
| Running the Security Templates Snap-in | 727 |
| Examining Template Policies | 728 |
| Using Predefined Templates | 729 |
| Defining New Templates | 732 |
| Applying Templates | 733 |
| Using Security Configuration and Analysis | 734 |
| Opening a Security Database | 735 |
| Importing and Exporting Templates | 735 |
| Analyzing Security and Viewing the Results | 736 |
| Configuring Security | 737 |
| Enabling Authentication | 739 |
| Obtaining Smart Cards and Certificates | 739 |
| Logging On with Smart Cards | 741 |
| Enabling Remote Certificate or Smart Card Authentication | 742 |
| Configuring Authentication for a Remote Access Server | 745 |
| Implementing Access Control | 745 |
| Establishing Ownership | 746 |
| Assigning Permissions | 746 |
| Managing Certificates | 748 |
| Exporting Certificates and Private Keys | 749 |
| Importing Certificates | 750 |
| Requesting Certificates | 750 |
| Enabling Certificates for Specific Purposes | 751 |
| Using Internet Protocol Security Policies | 752 |
| Defining IPSec Policies | 752 |
| Assigning IPSec Policies | 760 |
| Securing Local Data | 761 |
| Creating Your Recovery Policy | 761 |
| Encrypting Files and Folders | 762 |
| Decrypting Files and Folders | 763 |
| Sharing Encrypted Files and Folders | 764 |
| Recovering Files | 764 |
| Auditing | 766 |
| Establishing an Audit Policy | 766 |
| Auditing Access to Objects | 767 |
| Viewing the Security Log | 768 |
| Using Microsoft Baseline Security Analyzer | 769 |
| What to Do When Hacked | 769 |
| Summary | 770 |
