| Acknowledgments | xxv |
| Introduction | xxvii |
| PART I MICROSOFT WINDOWS 2000 ADMINISTRATION FUNDAMENTALS | |
| 1 Overview of Microsoft Windows 2000 Administration | 3 |
| Microsoft Windows 2000 Professional and Server | 4 |
| Domain Controllers and Member Servers | 5 |
| Add-On Components and Services | 6 |
| Other Windows 2000 Resources | 7 |
| Frequently Used Tools | 9 |
| Using Control Panel Utilities | 10 |
| Using Graphical Administrative Tools | 12 |
| Key Graphical Administrative Tools | 13 |
| Tools and Configuration | 14 |
| Using Command-Line Utilities | 15 |
| Utilities to Know | 16 |
| Using NET Tools | 16 |
| 2 Managing Microsoft Windows 2000 Workstations and Servers | 17 |
| Managing Network Systems | 17 |
| Connecting to Other Computers | 18 |
| Sending Console Messages | 19 |
| Exporting Information Lists | 20 |
| Using Computer Management System Tools | 20 |
| Using Computer Management Storage Tools | 21 |
| Working with Services and Applications | 21 |
| Managing System Environments, Profiles, and Properties | 22 |
| The General Tab | 22 |
| The Network Identification Tab | 23 |
| The Hardware Tab | 24 |
| The User Profiles Tab | 25 |
| The Advanced Tab | 26 |
| Configuring System and User Environment Variables | 29 |
| Configuring System Startup and Recovery | 30 |
| Managing Hardware Devices and Drivers | 32 |
| Viewing and Managing Hardware Devices | 32 |
| Installing and Uninstalling Device Drivers | 33 |
| Installing, Uninstalling, and Troubleshooting Hardware | 35 |
| Managing Dynamic-Link Libraries | 37 |
| 3 Monitoring Processes, Services, and Events | 39 |
| Managing Applications, Processes, and Performance | 39 |
| Task Manager | 40 |
| Administering Applications | 40 |
| Administering Processes | 41 |
| Viewing System Performance | 42 |
| Managing System Services | 44 |
| Common Windows 2000 Services | 46 |
| Starting, Stopping, and Pausing Services | 48 |
| Configuring Service Startup | 48 |
| Configuring Service Logon | 49 |
| Configuring Service Recovery | 51 |
| Disabling Unnecessary Services | 52 |
| Event Logging and Viewing | 53 |
| Accessing and Using the Event Logs | 53 |
| Setting Event Log Options | 55 |
| Clearing the Event Logs | 56 |
| Archiving the Event Logs | 56 |
| Monitoring Server Performance and Activity | 58 |
| Why Monitor Your Server? | 59 |
| Getting Ready to Monitor | 59 |
| Using Performance Monitor | 59 |
| Choosing Counters to Monitor | 60 |
| Using Performance Logs | 62 |
| Replaying Performance Logs | 67 |
| Configuring Alerts for Performance Counters | 67 |
| 4 Automating Administrative Tasks, Policies, and Procedures | 71 |
| Group Policy Management | 71 |
| Understanding Group Policies | 72 |
| In What Order Are Multiple Policies Applied? | 73 |
| When Are Group Policies Applied? | 73 |
| Managing Local Group Policies | 74 |
| Managing Site, Domain, and Unit Policies | 75 |
| Working with Group Policies | 79 |
| Getting to Know the Group Policy Console | 79 |
| Centrally Managing Special Folders | 80 |
| Using Administrative Templates to Set Policies | 83 |
| User and Computer Script Management | 86 |
| Updating GPOs for Windows XP Professional | 90 |
| Applying Security Policy through Templates | 91 |
| Understanding Security Policies and Administration Tools | 91 |
| Applying Security Templates | 93 |
| Scheduling Tasks | 94 |
| Utilities for Scheduling Tasks | 94 |
| Preparing to Schedule Tasks | 95 |
| Scheduling Tasks with Task Scheduler | 95 |
| Scheduling Tasks with the At Utility | 100 |
| PART II MICROSOFT WINDOWS 2000 DIRECTORY SERVICE ADMINISTRATION | |
| 5 Using Active Directory | 105 |
| Introducing Active Directory | 105 |
| Active Directory and DNS | 105 |
| Getting Started with Active Directory | 106 |
| Working with Domain Structures | 106 |
| Understanding Domains | 107 |
| Understanding Domain Forests and Domain Trees | 107 |
| Understanding Organizational Units | 109 |
| Understanding Sites and Subnets | 110 |
| Working with Active Directory Domains | 111 |
| Using Windows 2000 and Windows XP Professional with Active Directory | 112 |
| Using Windows NT with Active Directory | 113 |
| Using Windows 95 and Windows 98 with Active Directory | 115 |
| Using Windows Me and Windows XP Home Edition with Active Directory | 118 |
| Understanding the Directory Structure | 118 |
| Exploring the Data Store | 118 |
| Exploring Global Catalogs | 119 |
| Replication and Active Directory | 121 |
| Active Directory and LDAP | 122 |
| Understanding Operations Master Roles | 122 |
| 6 Core Active Directory Administration | 125 |
| Tools for Managing Active Directory | 125 |
| Active Directory Administration Tools | 125 |
| Active Directory Support Tools | 126 |
| Using the Active Directory Users And Computers Tool | 127 |
| Starting Active Directory Users And Computers | 127 |
| Getting Started with Active Directory Users And Computers | 127 |
| Connecting to a Domain Controller | 128 |
| Connecting to a Domain | 129 |
| Searching for Accounts and Shared Resources | 129 |
| Managing Computer Accounts | 131 |
| Creating Computer Accounts on a Workstation or Server | 131 |
| Creating Computer Accounts in Active Directory Users And Computers | 132 |
| Viewing And Editing Computer Account Properties | 134 |
| Deleting, Disabling, and Enabling Computer Accounts | 134 |
| Resetting Computer Accounts | 134 |
| Moving Computer Accounts | 135 |
| Managing Computers | 136 |
| Joining a Computer to a Domain or Workgroup | 136 |
| Managing Domain Controllers, Roles, and Catalogs | 141 |
| Installing and Demoting Domain Controllers | 141 |
| Viewing and Transferring Domain-Wide Roles | 142 |
| Viewing and Transferring Domain Naming Master Role | 143 |
| Viewing and Transferring Schema Master Role | 144 |
| Transferring Roles Using the Command Line | 144 |
| Seizing Roles Using the Command Line | 145 |
| Configuring Global Catalogs | 146 |
| Managing Organizational Units | 147 |
| Creating Organizational Units | 147 |
| Viewing and Editing Organizational Unit Properties | 147 |
| Renaming and Deleting Organizational Units | 147 |
| Moving Organizational Units | 148 |
| 7 Understanding User and Group Accounts | 149 |
| The Windows 2000 Security Model | 149 |
| Authentication Protocols | 149 |
| Access Controls | 150 |
| Differences between User and Group Accounts | 151 |
| User Accounts | 151 |
| Group Accounts | 152 |
| Default User Accounts and Groups | 156 |
| Built-In User Accounts | 157 |
| Predefined User Accounts | 157 |
| Built-In Groups | 159 |
| Predefined Groups | 160 |
| Implicit Groups and Special Identities | 160 |
| Account Capabilities | 161 |
| Privileges | 162 |
| Logon Rights | 164 |
| Built-In Capabilities for Groups in Active Directory | 165 |
| Using Default Group Accounts | 168 |
| Groups Used by Administrators | 168 |
| Groups Used by Operators | 170 |
| Groups Used by Users | 171 |
| Groups Used by Computers | 173 |
| Implicit Groups and Identities | 174 |
| 8 Creating User and Group Accounts | 177 |
| User Account Setup and Organization | 177 |
| Account Naming Policies | 177 |
| Password and Account Policies | 180 |
| Configuring Account Policies | 184 |
| Configuring Password Policies | 184 |
| Configuring Account Lockout Policies | 186 |
| Configuring Kerberos Policies | 188 |
| Configuring User Rights Policies | 189 |
| Configuring User Rights Globally | 190 |
| Configuring User Rights Locally | 193 |
| Adding a User Account | 193 |
| Creating Domain User Accounts | 194 |
| Creating Local User Accounts | 196 |
| Adding a Group Account | 197 |
| Creating a Global Group | 198 |
| Creating a Local Group and Assigning Members | 198 |
| Handling Global Group Membership | 200 |
| Managing Individual Membership | 200 |
| Managing Multiple Memberships | 200 |
| Setting Primary Group for Users and Computers | 201 |
| 9 Managing Existing User and Group Accounts | 203 |
| Managing User Contact Information | 203 |
| Setting Contact Information | 203 |
| Searching for Users and Creating Address Book Entries | 205 |
| Configuring the User's Environment Settings | 206 |
| System Environment Variables | 207 |
| Logon Scripts | 208 |
| Assigning Home Directories | 209 |
| Setting Account Options and Restrictions | 210 |
| Managing Logon Hours | 210 |
| Setting Permitted Logon Workstations | 212 |
| Setting Dial-In Privileges | 213 |
| Setting Account Security Options | 215 |
| Managing User Profiles | 216 |
| Local, Roaming, and Mandatory Profiles | 216 |
| Using the System Utility to Manage Local Profiles | 219 |
| Updating User and Group Accounts | 222 |
| Renaming User and Group Accounts | 223 |
| Copying Domain User Accounts | 224 |
| Deleting User and Group Accounts | 225 |
| Enabling User Accounts | 226 |
| Changing and Resetting Passwords | 227 |
| Troubleshooting Logon Problems | 227 |
| Setting Advanced Active Directory Permissions | 228 |
| Understanding Advanced User, Group, and Computer Permissions | 228 |
| Setting Advanced User, Group, and Computer Permissions | 229 |
| PART III MICROSOFT WINDOWS 2000 DATA ADMINISTRATION | |
| 10 Managing File Systems and Drives | 233 |
| Adding Hard Disk Drives | 233 |
| Physical Drives | 234 |
| Preparing a Drive for Use | 235 |
| Installing and Checking for a New Drive | 238 |
| Understanding Drive Status | 239 |
| Working with Basic and Dynamic Disks | 240 |
| Using Basic and Dynamic Disks | 240 |
| Special Considerations for Basic and Dynamic Disks | 240 |
| Marking an Active Partition | 241 |
| Changing Drive Types | 241 |
| Reactivating Dynamic Disks | 243 |
| Rescanning Disks | 243 |
| Moving a Dynamic Disk to a New System | 244 |
| Using Basic Disks and Partitions | 244 |
| Understanding Drive Partitions | 244 |
| Creating Partitions and Logical Drives | 246 |
| Formatting Partitions | 248 |
| Updating the Boot Disk | 250 |
| Managing Existing Partitions and Drives | 251 |
| Assigning Drive Letters and Paths | 252 |
| Changing or Deleting the Volume Label | 253 |
| Deleting Partitions and Drives | 253 |
| Converting a Volume to NTFS | 254 |
| Checking a Drive for Errors and Bad Sectors | 255 |
| Defragmenting Disks | 257 |
| Compressing Drives and Data | 258 |
| Compressing Directories and Files | 258 |
| Expanding Compressed Directories and Files | 259 |
| Encrypting Drives and Data | 259 |
| Understanding Encryption and the Encrypting File System | 260 |
| Encrypting Directories and Files | 261 |
| Working with Encrypted Files and Folders | 262 |
| Configuring Recovery Policy | 263 |
| Decrypting Files and Directories | 264 |
| 11 Administering Volume Sets and RAID Arrays | 265 |
| Using Volumes and Volume Sets | 266 |
| Volume Basics | 266 |
| Understanding Volume Sets | 267 |
| Creating Volumes and Volume Sets | 267 |
| Deleting Volumes and Volume Sets | 270 |
| Extending a Simple or Spanned Volume | 271 |
| Managing Volumes | 271 |
| Improved Performance and Fault Tolerance with RAID | 272 |
| Implementing RAID on Windows 2000 Servers | 273 |
| Implementing RAID 0: Disk Striping | 273 |
| Implementing RAID 1: Disk Mirroring | 274 |
| Implementing RAID 5: Disk Striping with Parity | 276 |
| Managing RAID and Recovering from Failures | 277 |
| Breaking a Mirrored Set | 277 |
| Resynchronizing and Repairing a Mirrored Set | 278 |
| Repairing a Mirrored System Volume to Enable Boot | 279 |
| Removing a Mirrored Set | 280 |
| Repairing a Striped Set without Parity | 280 |
| Regenerating a Striped Set with Parity | 280 |
| 12 Managing Files and Directories | 283 |
| Windows 2000 File Structures | 283 |
| Major Features of FAT and NTFS | 283 |
| File Naming | 285 |
| Accessing Long File Names under MS-DOS | 286 |
| Exploring Files and Directories | 287 |
| Using Windows Explorer | 287 |
| Customizing Folder Views | 291 |
| Formatting Floppy Disks and Other Removable Disks | 294 |
| Copying Floppy Disks | 294 |
| Managing Files | 295 |
| Selecting Files and Directories | 295 |
| Copying Files and Folders by Dragging | 295 |
| Copying Files and Folders to Locations That Aren't Displayed | 296 |
| Copying and Pasting Files | 296 |
| Moving Files by Cutting and Pasting | 297 |
| Renaming Files and Directories | 297 |
| Deleting Files and Directories | 297 |
| Creating Folders | 298 |
| Examining Drive Properties | 298 |
| Examining File and Folder Properties | 299 |
| 13 Data Sharing, Security, and Auditing | 303 |
| Sharing Folders on Local and Remote Systems | 303 |
| Viewing Existing Shares | 304 |
| Creating Shared Folders | 305 |
| Creating Additional Shares on an Existing Share | 307 |
| Creating a Web Share | 308 |
| Managing Share Permissions | 310 |
| The Different Share Permissions | 310 |
| Viewing Share Permissions | 311 |
| Configuring Share Permissions | 311 |
| Modifying Existing Share Permissions | 313 |
| Removing Share Permissions for Users and Groups | 313 |
| Managing Existing Shares | 313 |
| Understanding Special Shares | 313 |
| Connecting to Special Shares | 315 |
| Viewing User and Computer Sessions | 316 |
| Stopping File and Folder Sharing | 319 |
| Connecting to Network Drives | 319 |
| Mapping a Network Drive | 319 |
| Disconnecting a Network Drive | 320 |
| Object Management, Ownership, and Inheritance | 320 |
| Objects and Object Managers | 320 |
| Object Ownership and Transfer | 321 |
| Object Inheritance | 322 |
| File and Folder Permissions | 323 |
| Understanding File and Folder Permissions | 323 |
| Setting File and Folder Permissions | 326 |
| Auditing System Resources | 328 |
| Setting Auditing Policies | 328 |
| Auditing Files and Folders | 330 |
| Auditing Active Directory Objects | 332 |
| Using, Configuring, and Managing Disk Quotas | 332 |
| Understanding Disk Quotas and How Quotas Are Used | 332 |
| Setting Disk Quota Policies | 334 |
| Enabling Disk Quotas on NTFS Volumes | 337 |
| Viewing Disk Quota Entries | 338 |
| Creating Disk Quota Entries | 339 |
| Deleting Disk Quota Entries | 340 |
| Exporting and Importing Disk Quota Settings | 341 |
| Disabling Disk Quotas | 342 |
| 14 Data Backup and Recovery | 343 |
| Creating a Backup and Recovery Plan | 343 |
| Figuring Out a Backup Plan | 343 |
| The Basic Types of Backup | 344 |
| Differential and Incremental Backups | 345 |
| Selecting Backup Devices and Media | 346 |
| Common Backup Solutions | 346 |
| Buying and Using Tapes | 347 |
| Backing Up Your Data | 348 |
| Getting Started with the Backup Utility | 348 |
| Setting Default Options for Backup | 350 |
| Backing Up Data with the Backup Wizard | 354 |
| Backing Up Files without the Wizard | 356 |
| Recovering Data Using the Restore Wizard | 359 |
| Recovering Data without the Wizard | 362 |
| Restoring Active Directory | 364 |
| Backing Up and Restoring Data on Remote Systems | 366 |
| Backing Up and Restoring Encrypted Data and Certificates | 366 |
| Backing Up Encryption Certificates | 366 |
| Restoring Encryption Certificates | 367 |
| Disaster Recovery and Preparation | 368 |
| Creating an Emergency Repair Disk | 368 |
| Creating Setup Boot Disks | 369 |
| Starting a System in Safe Mode | 370 |
| Using the Emergency Repair Disk to Recover a System | 371 |
| Working with the Recovery Console | 371 |
| Managing Media Pools | 374 |
| Understanding Media Pools | 374 |
| Preparing Media for Use in the Free Media Pool | 375 |
| Moving Media to a Different Media Pool | 375 |
| Creating Application Media Pools | 376 |
| Changing the Media Type in a Media Pool | 376 |
| Setting Allocation and Deallocation Policies | 376 |
| Deleting Application Media Pools | 377 |
| Managing Work Queues, Requests, and Removable Storage Security | 377 |
| Using the Work Queue | 377 |
| Troubleshooting Waiting Operations | 379 |
| Changing Mount Operations | 379 |
| Controlling When Operations Are Deleted | 379 |
| Using the Operator Requests Queue | 380 |
| Notifying Operators of Requests | 381 |
| Completing or Refusing Requests | 381 |
| Controlling When Requests Are Deleted | 381 |
| Setting Access Permissions for Removable Storage | 382 |
| PART IV MICROSOFT WINDOWS 2000 NETWORK ADMINISTRATION | |
| 15 Managing TCP/IP Networking | 387 |
| Installing TCP/IP Networking | 387 |
| Installing Network Interface Cards | 388 |
| Installing the TCP/IP Protocol | 388 |
| Configuring TCP/IP Networking | 389 |
| Configuring Static IP Addresses | 390 |
| Configuring Dynamic IP Addresses | 393 |
| Configuring Multiple IP Addresses and Gateways | 393 |
| Configuring DNS Resolution | 395 |
| Configuring WINS Resolution | 397 |
| Configuring Additional Networking Components | 399 |
| Installing and Uninstalling Networking Components | 399 |
| Installing Optional Networking Components | 400 |
| Managing Network Connections | 402 |
| Creating Network Connections | 403 |
| Managing Security for Remote Access Connections | 404 |
| Enabling and Disabling Network Connections | 405 |
| Deleting Network Connections | 405 |
| Modifying and Duplicating Connections | 406 |
| Testing the TCP/IP Configuration | 406 |
| 16 Administering Network Printers and Print Services | 407 |
| Troubleshooting Printer Problems | 407 |
| Installing Printers | 409 |
| Using Local and Network Printers | 409 |
| Installing Print Devices on a Local or Remote Print Server | 410 |
| Installing Local Print Devices | 417 |
| Connecting to Printers Created on the Network | 417 |
| Solving Spooling Problems | 418 |
| Configuring Printer Properties | 420 |
| Adding Comments and Location Information | 420 |
| Managing Printer Drivers | 421 |
| Setting a Separator Page and Changing Print Device Mode | 422 |
| Changing the Printer Port | 422 |
| Scheduling and Prioritizing Print Jobs | 422 |
| Starting and Stopping Printer Sharing | 424 |
| Setting Printer Access Permissions | 425 |
| Auditing Print Jobs | 426 |
| Setting Document Defaults | 426 |
| Configuring Print Server Properties | 426 |
| Viewing and Creating Printer Forms | 427 |
| Locating the Spool Folder and Enabling Printing on NTFS | 428 |
| Managing High Volume Printing | 428 |
| Logging Printer Events | 429 |
| Removing Print Job Completion and Notification | 429 |
| Managing Print Jobs on Local and Remote Printers | 429 |
| Using the Print Management Window | 429 |
| Pausing the Printer and Resuming Printing | 430 |
| Emptying the Print Queue | 430 |
| Pausing, Resuming, and Restarting Individual Document Printing | 430 |
| Removing a Document and Canceling a Print Job | 431 |
| Checking the Properties of Documents in the Printer | 431 |
| Setting the Priority of Individual Documents | 431 |
| Scheduling the Printing of Individual Documents | 431 |
| 17 Running DHCP Clients and Servers | 433 |
| Understanding DHCP | 433 |
| The DHCP Client and the IP Address | 433 |
| Checking IP Address Assignment | 434 |
| Understanding Scopes | 435 |
| Installing a DHCP Server | 436 |
| Installing DHCP Components | 436 |
| Starting and Using the DHCP Console | 437 |
| Connecting to Remote DHCP Servers | 438 |
| Starting and Stopping a DHCP Server | 438 |
| Authorizing a DHCP Server in Active Directory | 439 |
| Configuring DHCP Servers | 439 |
| Binding a Multihomed DHCP Server to a Specific IP Address | 440 |
| Updating DHCP Statistics | 440 |
| DHCP Auditing and Troubleshooting | 440 |
| Integrating DHCP and DNS | 442 |
| Avoiding IP Address Conflicts | 443 |
| Saving and Restoring the DHCP Configuration | 443 |
| Managing DHCP Scopes | 444 |
| Creating and Managing Superscopes | 444 |
| Creating and Managing Scopes | 445 |
| Managing the Address Pool, Leases, and Reservations | 451 |
| Viewing Scope Statistics | 452 |
| Setting a New Exclusion Range | 452 |
| Deleting an Exclusion Range | 453 |
| Reconciling Leases and Reservations | 453 |
| Reserving DHCP Addresses | 453 |
| Modifying Reservation Properties | 454 |
| Deleting Leases and Reservations | 455 |
| Backing Up and Restoring the DHCP Database | 455 |
| The Backup Directory | 455 |
| Restoring the Database from Backup | 455 |
| 18 Maintaining WINS | 457 |
| Understanding WINS and NetBIOS Over TCP/IP | 458 |
| Configuring WINS Clients and Servers | 458 |
| Name Resolution Methods | 459 |
| Using the WINS Console | 460 |
| Getting to Know the WINS Console | 460 |
| Adding a WINS Server to the WINS Console | 461 |
| Starting and Stopping a WINS Server | 461 |
| Viewing Server Statistics | 461 |
| Configuring WINS Servers | 463 |
| Updating WINS Statistics | 463 |
| Managing Name Registration, Renewal, and Release | 464 |
| Logging WINS Events in the Windows Event Logs | 465 |
| Setting the Version ID for the WINS Database | 465 |
| Configuring Burst Handling of Name Registrations | 466 |
| Saving and Restoring the WINS Configuration | 466 |
| Configuring WINS Database Replication | 467 |
| Setting Default Replication Parameters | 467 |
| Creating Push and Pull Partners | 469 |
| Changing Replication Type and Settings for Partners | 470 |
| Triggering Database Replication | 471 |
| Managing the WINS Database | 471 |
| Examining WINS Database Mappings | 471 |
| Cleaning and Scavenging the WINS Database | 472 |
| Verifying the Consistency of the WINS Database | 472 |
| Backing Up and Restoring the WINS Database | 474 |
| Clearing Out WINS and Starting with a Fresh Database | 475 |
| 19 Optimizing DNS | 477 |
| Understanding DNS | 477 |
| Integrating Active Directory and DNS | 478 |
| Enabling DNS on the Network | 479 |
| Installing DNS Servers | 479 |
| Installing the DNS Server Service | 480 |
| Configuring a Primary DNS Server | 480 |
| Configuring a Secondary DNS Server | 482 |
| Configuring Reverse Lookups | 483 |
| Managing DNS Servers | 484 |
| Adding Remote Servers to the DNS Console | 485 |
| Removing a Server from the DNS Console | 486 |
| Starting and Stopping a DNS Server | 486 |
| Creating Child Domains within Zones | 486 |
| Creating Child Domains in Separate Zones | 487 |
| Deleting a Domain or Subnet | 489 |
| Managing DNS Records | 489 |
| Adding Address and Pointer Records | 490 |
| Adding DNS Aliases with CNAME | 491 |
| Adding Mail Exchange Servers | 492 |
| Adding Name Servers | 493 |
| Viewing and Updating DNS Records | 494 |
| Updating Zone Properties and the Start of Authority Record | 495 |
| Modifying a Start of Authority Record | 495 |
| Notifying Secondaries of Changes | 497 |
| Restricting Zone Transfers | 497 |
| Setting the Zone Type | 498 |
| Enabling and Disabling Dynamic Updates | 498 |
| Managing DNS Server Configuration and Security | 499 |
| Enabling and Disabling IP Addresses for a DNS Server | 499 |
| Controlling Access to DNS Servers outside the Organization | 500 |
| Logging DNS Activity | 501 |
| Monitoring DNS Server | 502 |
| Integrating WINS with DNS | 503 |
| Configuring WINS Lookups in DNS | 503 |
| Configuring Reverse WINS Lookups in DNS | 504 |
| Setting Caching and Time-Out Values for WINS in DNS | 505 |
| Configuring Full Integration with NetBIOS Scopes | 505 |
| INDEX | 507 |
