Index []€¦ · .BKF files, 1223 blocking file types saved, 624–630 Group Policy inheritance,...

1383

Index

Symbol128-bit IP address space, 492–49432-bit

operating systems, 5printer driver support, 214registry considerations, 1269

64-bitoperating systems, 5printer driver support, 214registry considerations, 1269

802.11 protocols listed, 867–868802.1X authentication, 868, 872–874

Aabstract classes, 452acceptable-use policies, 1159access-by-policy administrative model, 840–847access-by-user administrative model, 838–840access control, 709, 757–759access control entries (ACEs), 25, 26access control lists (ACLs), 25, 307access rights. See permissionsAccessibility Wizard, 1346Accessories And Utilities grouping, 1346–1348accessories grouping, 1346account domains, 118Account Policies security area, 741accounting, RADIUS, 862accounts

managed computers, 948–950security planning, 69–70user

deleting, 255disabling, 254domains, 250–251enabling, 254finding, 253–254local, 251managing, 253–257moving, 255names, 247, 256options, 248overview, 247

passwords, 249–250, 256properties, setting, 251–252remote access permissions, 838–840testing, 252–253unlocking, 257

user objects, 420ACPI (Advanced Configuration Power Interface),

945ACPI BIOS, 100, 112acronyms, password, 71activating products, 64–65activating scopes, 504active caching, 1126Active Directory

architecture, 23–27attributes, 21containers, 21data model, 24delegation, 26Directory System Agent, 23–24distinguished names, 22–23DNS zone storage, 486–487federated identity management, 430forests, 109, 121–131, 395–403functional testing, 140–141global catalogs, 26–27inheritance, 26LDAP, 487management tools, 377–378name formats, 24namespaces, 20–21naming contexts, 26new services, 1347organizational units, 108overview, 11–12, 19–23partitions, 26printer publishing, 198publishing shares, 292–293restore modes, 1244–1245security, 25trust relationships, 109–112, 400–402upgrading to, 107–112

Active Directory Application Mode (ADAM), 19

Z07I620474.fm 383 Wednesday, January 18, 2006 4:56 PM

Microsoft Press

Note

Microsoft® Windows Server™ 2003 Administrator's Companion, Second Edition (ISBN 0-7356-2047-4) by Charlie Russel, Sharon Crawford, Jason Gerend. Published by Microsoft Press. Copyright © 2006 by Charlie Russel and Sharon Crawford.

1384

Active Directory domainschild, 388–389creating, 384domain controller names, 428–429domain managers, 402functionality, 396–400managing, 403models, 121–128names, 384–386, 429

Active Directory Domains and Trusts snap-indomain functionality, 396–400domain management, 403domain managers, 402forest functionality, 396–400launching, 395overview, 395trust relationships, 400–402UPNs, 402

Active Directory Federation Services (ADFS), 430Active Directory Installation Wizard, 378–379Active Directory installations

DNS servers, 379–381domain controllers

demotions, 392–393identification, 394replicas, 387–388server promotion to, 381–386upgrades, 391

domainschild, 388–389creating, 384names, 384–386

forests, 390Global Catalog servers, 394–395options, 386–390overview, 377–379partitions, 379trees, 390

Active Directory Management console, 324Active Directory Migration Tool (ADMT), 12, 115Active Directory objects

computers, 425–426default, 409–411delegating control, 400–416deleting, 428filters, 406–407finding, 408groups, 423–425moving, 428organizational units, 411–414overview, 21, 404–411

printers, 427remote computer management, 426renaming, 428shared folders, 427types, 404–405users, 417–423

Active Directory schemaattributes

adding, 452auxiliary class, adding, 452–453creating, 449–450display specifiers, 454–456object classes, creating, 451–452overview, 448

batch imports and exports, 457display specifiers, modifying, 454–456domain controller accessed, 447implementing, 25launching, 446–448LDIF, 457–459modifying, 448–453operations master roles, 460–467overview, 23, 445security, 445–446updates, 140–147

Active Directory Services Interface (ADSI), 19, 354, 356

Active Directory sitesconnection objects, 439–440domain replication, 436–438overview, 108, 433–434replication objects, 438server objects, 439–440site link bridge objects, 444site link objects, 443site links, 444site objects, 434–436, 438–439subnet objects, 441–442

Active Directory Sites and Services snap-in, 433, 438–445

Active Directory Users and Computers snap-inadvanced mode, 405computer objects, 425–426delegating object control, 400–416deleting objects, 428domain management, 406groups, 423–425launching, 403moving objects, 428normal mode, 405organizational units, 411–414

Active Directory domains

Z07I620474.fm Page 1384 Wednesday, January 18, 2006 4:56 PM

1385

overview, 403printer objects, 427remote computer management, 426renaming objects, 428shared folder objects, 427User Manager for Domains, 1342user objects, 417–423viewing objects

default objects, 409–411filters, 406–407finding objects, 408overview, 404types, 404–405

Active Scripting, 353, 354–355Add Printer Wizard, 195Add To A Group command, 419address pairs, Network Monitor, 1194Address Resolution Protocol (ARP), 480addressable memory limits, 15addresses. See also DNS (Domain Name System);

name resolution; TCP/IPadding, 173analyzing, 47DNS settings, configuring, 175–176dynamic addressing, 171–172firewalls, 476–477IPv6, 492–494loopback, 475managing, 487–489network address translation, 1124–1125network classes, 474–476Network Monitor databases, 1191overview, 474private, 1125remote access policies, 851reservations, 504restrictions, 1088–1089routers, 479routing protocols, 480server clusters, 593static addressing, 173subnets, 477–478Web sites, 1079–1080WINS, 176–177, 532–537

ADMIN$ share, 286administering remotely

Active Directory objects, 426consoles, custom, 329–330Device Manager, 1339disk management, 545

Emergency Management Servicesoverview, 1312–1313requirements, 1314security, 1315setting up, 1315–1320

enabling, 162–163IIS, 1119–1120shares, 286tool installations, 335

administrative options. See also administrative tools; groups

printing, 199–208Terminal Services Manager, 992–1000Virtual Server, 978–979Windows Terminal Services, 982–983, 992

administrative shares, 286administrative tasks, 1062–1068administrative templates, Group Policy, 296, 298administrative tools

auditing eventsarchiving logs, 342categories, 336–338enabling, 337–338filtering logs, 341log size, 341–342object settings, 338–339overview, 336–338searching logs, 340viewing logs, 339

AT command, 347–348cron, 348delegating control, 26, 343–344IIS, 1044–1047installing locally, 334installing remotely, 335Management And Monitoring Tools, 1349MMC, 323–330overview, 323remote access policies, 838–847scripts, 335–336, 1047secondary logons, 323–330Support Tools, 335Task Scheduler, 344–347

administrator account security, 69–70, 185administrator disk quotas, 632–633Administrator Website, Virtual Server, 961–962Advanced Encryption Standard (AES), 869, 870Advanced RISC Computing (ARC), 1217alerts, 1184–1186allocation units, 539

allocation units


1386

allowing Web browsing, 1136–1138alternate file restore locations, 1240analyzing system security, 747–749anonymous access

FTP sites, 1098–1099SMTP virtual servers, 1113Web sites, 1086–1087

answer filescomponent installations, 80distribution shares, 83–84headless servers, 1318–1319overview, 57–58RIS images, 940–942Setup Manager, 83–84types, 72Windows Setup, initiating, 94

Apple Macintosh interoperability, 899application-layer filtering, 1126application-layer protocols, 1037–1043, 1102–1117application logs, 1167Application server, 1044–1045, 1347application server mode, 988–992application settings, Web, 1085applications. See also software management; Virtual

Serverassigning, 906–907available on network computers, 902deployment planning, 5–6inventorying, 48media pools, 678printing failures, 223publishing, 906–907restriction policies, 923–926support improvements, 113updating, 907–908

approving certificate requests, 822architecture changes

Active Directory, 107–112domain controllers, 106–107hardware, 112–113server roles, 106–107software, 113

archiveattributes, 1225–1226backups, 1223event logs, 342, 1170security logs, 781

ARP (Address Resolution Protocol), 480ASR (Automated System Recovery), 1212–1215,

1292, 1301–1302Asrpnp.sif, 1215

Asr.sif, 1215assess phase, patch management, 785–786assessing business needs, 45–46assessing current systems, 46–48assigning addresses. See addressesassigning applications, 906–907asymmetric encryption, 713, 722AT command, 347–348At Logon backup option, 1235At System Startup backup option, 1235ATA (Advanced Technology Attachment), 541attributes

Active Directory, 21Active Directory schema

adding, 452auxiliary class, adding, 452–453creating, 449–450object classes, creating, 451–452overview, 448

remote access policies, 848–850audio files, saving, 625auditing

eventsarchiving logs, 342categories, 336–338enabling, 337–338filtering logs, 341log size, 341–342object settings, 338–339overview, 336–338searching logs, 340viewing logs, 339

network resources, 46–48overview, 710security, 737, 778–781

authentication. See also connection services; protocols

access control, implementing, 757–759Active Directory sites, 434combining methods, 1088defined, 837enabling, 751–757FTP sites, 1098–1099hardware-enabled, 706IPSec policies, 771mutual, 706NNTP virtual servers, 1107overview, 704, 751proof of identity, 704requests, 861scripts, 362–363, 370

allowing Web browsing


1387

smart cards, 752–756SMTP virtual servers, 1113trust relationships, 109–112Web sites, 1086–1087wireless networking, 868–870

Authentication Header (AH), 727authoritative restore mode, 1245authorizations, 837authorizing DHCP servers, 503auto apply quotas, 619–621autoenrollment, certificates, 816–817Automated Deployment Services (ADS), 59–60, 67automated installations

answer files, 94components, 80image-based installations, 58–60optional components, installing, 80Setup-based installations, 57–58Windows Server 2003 R2, 78–79

automatic. See also scriptsaddress management, 487–489application deployments, 902certificate enrollments, 816–817log ons, 940printer driver updates, 215Remote Desktop enabling, 163software package upgrades, 919–920updates, 62–63, 791–795

Automatic Certificate Request Setup Wizard, 816–817

Automatic Updates, 62, 160auxiliary classes, 448, 452–453availability. See also clusters

clustering, 1263DFS, 1262disk arrays, 1256–1262failure measurements, 1250–1251load balancing, 595overview, 11, 1249power supply problems, 1251–1256printers, 209–210RAID levels, 1261

available patches, finding, 786–788

Bbackup accounts, 71Backup CA command, 810backup domain controllers, 20, 37, 40, 106–107,

135backup power supplies, 1251–1256

backup print servers, 218–219Backup program, 1228–1236Backup Utility, 1290–1291backup windows, 1224Backup Wizard, 1237backups

archival, 1223certificate authorities, 810–812command line, 1237–1239disaster preparation, 1212domain upgrades, 131–133encrypted files, 1243excluding files, 1232failure, planning for, 1242–1243launching, 1227logs, 1231media rotation, 1227, 1247options, 1230overview, 1221permissions, 1229, 1246recovery drives, 1220registry, 1290–1291restoring from, 1311scheduling, 1234–1236scripts, 1229server configuration settings, 1072–1073steps, 1227–1228storage medium, 1221–1223, 1230strategy planning, 1224–1227system state, 1242–1243third-party utilities, 1246–1247types, 1225–1226

bandwidth, 984, 1082BAP (Bandwidth Allocation Protocol), 851barcodes, 678–679baseline performance, 1159, 1160baseline security analysis, 781–782basic authentication, 1087, 1098–1099basic disks, 540batch imports and exports, 457beta user deployments, patches, 791BIND (Berkeley Internet Name Domain), 506biometrics, 706BIOS compatibility, 100.BKF files, 1223blocking

file types saved, 624–630Group Policy inheritance, 303inherited permissions, 272–273software access, 923–926

blocking


1388

boot diskscreating, 1216–1217mirrored boot partitions, 1299–1300recovery with, 1298remote, 951

boot logs, 1298Boot menus, displaying, 101–102boot timeouts, changing, 102booting computer for installations, 61booting previous operating systems, 101–103Boot.ini files, 1299BOOTP ROM chips, 930bottlenecks, 1158, 1163–1164boundaries, site, 436branch office replication groups, 656–655breaking mirrors, 565bridges, network, 480Briefcase, 1340brownouts, 1254–1255Browsing (Computer Browser service), 491built-in Administrator accounts, 71built-in groups, 237–241business needs, identifying, 45–46

Ccache

catalogs, 1019–1020disabling, 99file system settings, 1199–1200ISA 2004, 1126, 1139–1140size, 1201

caching-only servers, 531–532calculating future business needs, 46CALs (Client Access Licenses), 63–64canceling print jobs, 205capacities

NLB clusters, 588–589server clusters, 597–598Windows Terminal Services, 982–984

CAPICOM, 731capture

buffers, 1190filters, 1192–1195triggers, 1198–1199

Capture window, Network Monitor, 1188–1189capturing network frames, 1187–1188capturing physical devices, 969CAs (certificate authorities). See certificate

authorities (CAs)

catalogsconfiguring, 1016–1017corrupted, 1032creating, 1015–1016defined, 1010directories, 1017–1018global, 26–27new Web site indexing, 1027No Documents Matched Query error, 1030–1031overview, 1015properties, adding, 1019–1020property cache, configuring, 1019–1020restarting, 1017scanning indexes, 1020–1021security, 1018

CBC-MAC (Counter Mode Cipher Block Chaining Message Authentication Code), 870

CCE (Compute Cluster Edition), 611CCMP (CBC-MAC protocol), 870CCS (Compute Cluster Server), 611CDs

backups, 1223, 1247installations, 56, 94operating system images, 936–939virtual machines and, 969–971

certificate authorities (CAs)backups, 810–812certificate publishers, 798certificate registration, 717–718certificate templates, 799–801command-line tools, 825–827configuring, 805–809enterprise, 801–802exit modules, 798, 814hierarchies, 823–825installing, 805–809overview, 715pending requests, changing, 822policy modules, 798, 813preinstallation, 803–805properties, 812–815renewing, 812restores, 812roles, 803root, 715–717, 803security, 804, 815standalone, 802, 822starting, 810stopping, 810subordinate, 715–717, 803types, 801–802updating, 1352

boot disks


1389

certificate revocation lists (CRLs), 719–721, 817–819Certificate Services

CA hierarchies, 823–825Certificates snap-in, 760–763, 822Certification Authority snap-in, 809–822command-line tools, 825–827configuring, 805–809installing, 805–809overview, 1348preinstallation, 803–805

certificate trust lists (CTLs), 820–822certificates

categories, 760chain verifications, 716–717directories, 718editing, 819exporting, 761importing, 762, 819managing, 760–763overview, 711–712public-key, 714–715publishers, 798publishing, 814recovery agents, 773–774registering, 717–718removing, 819renewals, 720requesting, 762–763, 825–827revocation, 719–721, 817–819S/MIME, 721–722smart cards, 752–756specific purposes, 763SSL, 1089–1092templates, 719, 799–801, 815–817trusted, 819–822Update Root Certificates option, 1352

Certificates snap-in, 760–763, 822Certification Authority Backup Wizard, 810–812Certification Authority Restore Wizard, 812Certification Authority snap-in, 809–822Certreq tool, 825–827Certsrv tool, 825Certutil tool, 827chain verifications, 716–717Change command, 990–992changed interface items, 1331–1335characters

passwords, 71, 249printer names, 188UNIX file listing, 880–882user names, 248

Chat tool, 1347checking print server status, 224

checking system file versions, 1311child domains, 39, 388–389CiDaemon, 1010CIDR (Classless Internet Domain Routing), 475class A addresses, 474class B addresses, 475class C addresses, 475class D addresses, 476class E addresses, 476cleaning libraries, 682Client for NFS component, 887, 894–895Client (Respond Only) policy, 765client/server protocols, 1038–1043clients. See also software management

address leases, 514deployment planning, 5–6DFS, 642ISA 2004, 1126printing problems, 219–223Web site restrictions, 1088–1089Windows XP upgrades, 147–148wireless security, 873, 874

Clipboard Viewer, 1338ClipBook Viewer, 1338cluster-unaware applications, 594clustered resources, creating, 604–611clusters. See also Network Load Balancing (NLB)

clustersbusiness goals, 579checklists, 580compute, 611DHCP servers, 508–510Internet, 577intranet, 577mission-critical availability, 578–579overview, 11, 575–576planning, 579–580risk assessments, 580scenarios, 577–579server

capacities, 597–598configuring, 595–597creating, 598–611failback policies, 595failover policies, 595groups, 591networks, 590nodes, 591overview, 576, 590–592, 1263resources, 592–595

size, 569Terminal Services, 578types, 1263

clusters


1390

CoCreateInstance API, 371COM scripts, 354, 371combining authentication methods, 1088command prompt, 1340commands

alternative shell, 355backup jobs, 1237–1239Certificate Services tools, 825–827Cmd.exe, supported by, 353device administration, 165DHCP administration, 514discovery process, 363disk management, 545enhancements, 354–355error information, 369help switches, 353overview, 353passwords, 362path management, 363–365printer management, 207–208Recovery Console, 1218, 1355–1356registry, 1288–1289Setup parameters, 95–98supported, 353System File Checker, 1311user object creation, 418what’s new, 356working directories, 363

comment frames, 1191–1192commercial authoring packages, 905Common Log File System (CLFS), 567common names (CN), 22communications, 13–14, 1347compacting databases, 537company structure-based naming conventions, 32compatibility. See also Virtual Server

security templates, 743servers, 118–120Windows NT domain upgrades, 118–120

Complementary Code Keying (CCK), 867complete-trust domain model, 128components

configuring, 170–171installing, 80, 171optional, 1345–1352

compression, 438, 1338–1339Compression Agent, 1338–1339compromised security, handling, 782Compute Cluster Edition (CCE), 611Compute Cluster Server (CCS), 611compute clusters, 611Computer Browser service, 491

Computer Configuration node, 304–305Computer Management console, 543, 546computer-related policies, GPOs, 296computers. See also software management;

upgrading clients to Windows XP; upgrading to Windows Server 2003

Active Directory objects, 425–426booting, 61names, 170preparing to upgrade, 138–140restarts, 913RIS account locations, 934

Computers Near Me, 1339concurrent connection licensing, 63–64concurrent Terminal Services users, 985confidentiality, data, 707–708configuration backups, servers, 1072–1073configuration settings. See registryConfigure A DNS Server Wizard, 516–520Configure Your Server Wizard, 178–181, 498configuring new installations

devices, 164–169network settings, 169–177overview, 159problems, checking for, 164remote administration, 162–163security precautions, 184server roles, 178–181storage, 168–169updates, installing, 159–161

conflict detection, DHCP servers, 511conflict resolution, replication, 653connection objects, Active Directory sites, 439–440connection services

dial-up remote access, 830, 834–835IAS, 858–863NAT servers, 835–836overview, 829–830RADIUS

how it works, 860multiple remote access servers, 861–863proxy, 863–864

remote access policiesconfiguring, 848–852default, 837–838setting, 836

remote access servers, 833–834, 852–853Terminal Services sessions

Terminal Services Configuration MMC, 1000–1004

Terminal Services Manager, 993–1000

CoCreateInstance API


1391

Virtual Serveradministering, 978–979alternatives to, 979properties, configuring, 965–966

VPNs, 727–729, 831–833, 853–858connectivity. See also protocols; wireless

external, 47IIS servers, 1072–1073network activity monitoring, 1165–1166NFS shares, 892–894NNTP virtual servers, 1109operating systems, 47overview, 13–14print servers, 188, 207printers, 199, 202–204simultaneous, 284–285Storage Manager For SANs, 670–671timeout values, 1081UNIX interoperability, 883–884Web sites, 1048–1049

console redirection, firmware-based, 1316console wrappers, 358–362consoles. See Microsoft Management Console (MMC)consolidating domains, 126constant voltage transformers, 1254–1255containers

Active Directory, 21Group Policy, 298, 301

content expirations, Web sites, 1093content indexing. See Indexing Servicecontent ratings, Web sites, 1093continuous namespaces, 41control set registry information, 1276Convenience Consoles, 324converting

disk to dynamic disks, 558–559FAT to NTFS, 565filenames, 88–89partitions, 379

copy backups, 1226Copy command, 419copying

lockups during, 100–101mass storage drivers, 87–88Recovery Console functionality, 1353updates to distribution share, 83user profiles, 946Windows installations, 58–60

corpus, 1010, 1012corrupted catalogs, 1032corrupted databases, 637

countersdisk activity, 1164–1165Indexing Service, 1029–1030logs, 1181–1184memory usage, 1162–1163network activity, 1165–1166processor activity, 1163–1164System Monitor, 1177–1178

CPUsactivity monitoring, 1163–1164Windows Terminal Services, 983–984

credentials. See authenticationcritical device databases, 86critical updates, 783cron, 348cross-root certifications, 717CryptoAPI, 730cryptographic service providers (CSPs), 730cryptography. See also encryption keys

backups, 1243CAPICOM, 731certificate authorities, 805DPAPI, 731file system level, 571–573indexing, 1018IPSec, 725–727local data, 773–778overview, 571–573recovery policies, 773–774remote access policies, 852S/MIME, 721–722smart cards, 710–711SSL, 724–725VPNs, 831Web sites, 1086WEP, 869wireless networking, 868–870WPA, 869–870WPA2, 870

cscript, 358–362Cscript.exe, 336CSMA/CA (carrier sense multiple access with

collision avoidance), 867current

control set registry information, 1276FTP site connections, 1097network structure, documenting, 116–120performance tracking, 1175–1180security status, 781–782systems, assessing, 46–48Web settings, 1117–1119

CurrentControlSet subkeys, 1276Custom Installation Wizard, 921

Custom Installation Wizard


1392

custom query forms, 1024–1027custom subnet masks, 478custom topology, 641customizing. See also user profiles

Active Directory object filters, 406–407console layouts, 327–328consoles, MMC-based, 324–330HTTP headers, 1093IPSec policies, 767–768network entities, 1147–1148Network Monitor, 1190–1192object delegation tasks, 415–416performance reports, 1172quotas, 619–621roaming profiles, 263security templates, 744–745separator pages, 211–212Start menu, 1341

Ddaily backups, 1226, 1235daily operations. See administrative toolsDAP (Directory Access Protocol), 19Dashboard, ISA 2004, 1144data available on network computers, 902data backups

archival, 1223command line, 1237–1239encrypted files, 1243Exchange servers, 1243excluding files, 1232failure, planning for, 1242–1243launching, 1227logs, 1231media rotation, 1227, 1247options, 1230overview, 1221permissions, 1229, 1246scheduling, 1234–1236scripts, 1229steps, 1227–1228storage medium, 1221–1223, 1230strategy, planning, 1224–1227system state, 1242–1243third-party utilities, 1246–1247types, 1225–1226Windows Server 2003 Backup program,

1228–1236Windows Server 2003 Backup Wizard, 1237

data centers, deployments in, 59–60data collection groups, 1171, 1173data confidentiality, 707–708data encryption. See encryption

data integrity, 708–709, 870data mirrors

adding, 561–562breaking, 565drive failures, 563–564removing, 564

Data Protection API (DPAPI), 731Data Protection Manager (DPM), 1247data restores

file destinations, 1240file selections, 1239options, 1241–1242overview, 1239

data security. See also authentication; certificates; firewalls; permissions; wireless

access control, 709, 757–759analyzing, 747–749, 781–782compromised systems, handling, 782deployment policies, 739IIS, 1062–1065IPSec policies, 764–772ISA 2004 server, 1131, 1136–1138iSCSI, 673local data, 773–778nonrepudiation, 710overview, 9–10, 703–704, 707–709, 733planning, 69–70precautions, 184

data storage. See also disk managementbackups, 1221–1223, 1230certificates, 814configuring, 168–169DFS, 1262disk activity monitoring, 1164–1165Distributed File System

installations, 644overview, 634–635terminology, 637–641what’s new, 636

File Server Resource Managerdisk quotas, 630–634file screens, 624–630global options, 614–615overview, 614quotas, 618–624reports, 615–617

GPO information, 297Indexing Services, 1012–1013overview, 13, 613registry, 1277–1279Remote Storage, 686–699, 1351Removable Storage, 676–686Storage Manager For SANs, 663–676

custom query forms


1393

data typesprinters, 213–214registry, 1277–1278

database compacting, WINS, 537database security, 746–747Datacenter Edition, Windows Server 2003, 4–5datagrams, 470DCOM scripting, 356dcpromo.exe. See Active Directory Installation

Wizarddeactivating scopes, 504, 510decoy accounts, 71decryption, 713dedicated forest root domains, 123, 134default

Active Directory objects, 409–411certificate publishers, 798FTP sites, 1058Group Policy, 298home directory files, 1085–1086operation systems, changing, 102principal name suffix, 248remote access policies, 837–838saved file location, 1340software package options, 911–913standalone CA action, 822subnet masks, 478System Monitor sampling intervals, 1180user profiles, 259–260virtual machine settings, 968–973VMRC key bindings, 974–975Web sites, 1047–1048

Default-First-Site-Name sites, 434DEFAULT hive, 1279Default NNTP Virtual Server, 1102, 1105–1109Default SMTP Virtual Server, 1112–1116Defaultipsitelink object, 438, 443delegating

Active Directory, 26Active Directory object control, 400–416administrative controls, 26, 343–344authority, DNS, 522–524permissions, GPOs, 308–311

Delegation of Control Wizard, 343, 400–416delta CRLs, 721, 818demand-dial interfaces, 856, 857–858demoting domain controllers, 392–393density, network, 866denying permissions. See permissions; remote

access policiesdependencies, server clusters, 597

deploy phase, patch management, 788deployment environments. See also configuring

new installationsapplication deployments, 62–63creating

disk imaging, 89–90distribution shares, 80–89overview, 72Setup Manager, 72–77Windows Server 2003 R2 and, 78–79

designing, 55install methods, choosing, 57–60installation process, 91licensing modes, 63–64overview, 55partitions, 68–69preinstallation, 61product activations, 64–65security, 69–70server configurations, 66–70software updates, 61–62system requirements, 67–68test labs, 65–66

deployment planningcurrent systems, assessing, 46–48goals, defining, 50IT changes, problems with, 44, 45–46overview, 5–6, 43–44plans, creating, 71–72risk assessments, 50–51roadmap, making, 49–51

deployment printers, 187–193deployment restriction policies, 923–926deployment technologies. See also Group Policy;

RIS (Remote Installation Services)Microsoft Operations Manager, 903options, 903–908packages

application property changes, 918–919Group Policy, adding to, 915–916modifications, 920–922native Windows Installer, 904overview, 915redeploying, 922removing, 922upgrades, 919–920

repackaged applications, 905–908Systems Management Server, 903.zap files, 904–905

deployment testing, patches, 789–791desktop appearance, 1342

desktop appearance


1394

device CALs, 63–64device drivers

improvements, 112–113installing, 166rolling back recently installed, 1302–1303

Device Manager, 165–168, 1339devices. See also Remote Storage

backup storage, 1222configuring, 164–169Device Manager, 165–168disabling, 166displaying, 165–166errors, checking for, 164failure metrics, 1250–1251hardware changes, viewing, 166properties, 167removable storage, 677storage, configuring, 168–169troubleshooting, 168uninstalling, 166virtual machine captures, 969

Devices tool, 1339DFS (Distributed File System)

clients, 642folders, 639, 648, 651infrastructure upgrades, 643installations, 644namespace roots, 638–639, 645–646namespace servers, 647namespaces, 644–652overview, 634–635, 1262, 1348requirements, 641–644roots, 638–639servers, 642targets, 640terminology, 637–641what’s new, 636without NetBIOS or WINS, 644

DFS Management, 643, 644DFS Namespaces

folders, 639namespace roots, 638–639overview, 634–635performance, 636targets, 640

DFS Replicationgroup creation, 652–660group management, 661–663installing, 644overview, 640–641, 652

DHCP (Dynamic Host Configuration Protocol)address reservations, 504backups, 513client address leases, 514command-line administration, 514IP address ranges and exclusions, 498legacy client support, 505–506multiple servers, 507–510networks, 496–498options, 499overview, 18, 487–489, 496relay agents, 511–513resource type, 593restores, 514scopes, 499–503, 504, 510, 513security, 497server-based conflict detection, 511service setup, 498steps, 171–172

DHCP serversauthorizations, 503deployment role, 67dynamic addressing, 171–177reliability, 489

diagnostic mode, Safe Mode option, 1297–1298dial-up connections

authentications, 754–756denying access, 69IAS, 858–863overview, 830remote access limitations, 851server setup, 834–835

dictionary attacks, 711different internal and external namespaces, 34–36differential backups, 1226Digest Authentication, 705Digest Authentication For Windows Domain

Servers, 1086digital signatures

encryption, 713IPSec, 725–727overview, 708–709S/MIME, 721–722

directories. See also backups; directory servicescatalogs, 1017–1018certificates, 718SMTP service, 1111

Directory Access Protocol (DAP), 19Directory Browsing permissions, 1084directory-enabled applications, 19directory-integrated zone storage, 486–487

device CALs


1395

directory-level administration, IIS, 1076, 1101Directory Service Protocol (DSP), 19directory services. See also Active Directory

abilities needed, 18overview, 17–18protocols, 18, 19, 20restore mode, 1244Windows and, 18X.500 standard, 19

Directory System Agent (DSA), 23–24Disable Account command, 419disallowed security level, 925disaster planning

iterating, 1210–1211overview, 1203–1204resource identification, 1205responses, developing, 1206–1209risk identification, 1204–1205testing procedures, 1209–1210

disaster preparationAutomated System Recovery disks, 1212–1215backups, 1212boot disks, 1216–1217fault tolerant system, 1211overview, 1211Recovery Console, 1218recovery drives, 1220recovery options, specifying, 1219–1220

disaster recoverycompromised systems, handling, 782encrypted files and folders, 773–774power supply problems, 1251–1256Remote Storage, 698–699Windows NT domain upgrades, 131–133

Disk Administrator, 1340disk arrays

availability, 1261costs, 1261fault tolerance levels, 1260hardware vs. software, 1256–1257hot-spare systems, 1262hot-swap systems, 1262intended use, 1259overview, 1256performance considerations, 1261RAID levels, 1257–1259

disk-based registry keys, 1278disk imaging, 58–60, 89–90

disk management. See also disksactivity monitoring, 1164–1165command line, 545dynamic disks, 545, 558–559enhancements, 543NTFS, 571–574overview, 539, 542–546RAID, 542, 544remote, 545tasks

drive letters, 569–570formatting options, 555mirrors, 561–565new disks, adding, 547–549overview, 546partitions, 546–558, 565–568, 569–570volumes, 549–551, 559–560, 565–568,

569–571technology options, 541terminology, 539–541

Disk Management snap-in, 543, 546, 1340Diskpart.exe, 545disks

Automated System Recovery, 1212–1215backups, 1222controllers fault tolerance, 1260naming conventions, 1217quotas, 574, 630–634

dismounting media, 684display filters, capture frames, 1196–1198display specifiers, Active Directory, 454–456displaying

Active Directory objects, 404–411Boot menus, 101–102captured frames, 1189–1190current Web settings, 1117–1119device properties, 167devices, 165–166network components, 170–171newsgroups, 1108NNTP sessions, 1110physical memory usage, 1162print status, 200quotas, 621recorded performance data, 1173scheduled tasks, 347security analysis, 747–749security logs, 780–781servers, 993service status information, 1307–1308

displaying

Z07I620474.fm 95 Wednesday, January 18, 2006 4:56 PM

1396

displaying, continuedSystem Information, 1341–1342System Monitor information, 1178–1180Terminal Services information, 992–1000Terminal Services session data, 996–984virtual networks, 962

distance vector-based routing protocols, 480distinguished names (DN), 22–23Distributed File System (DFS). See DFS (Distributed

File System)distributing consoles, 329distribution folders, 73–77distribution groups, 228, 424distribution points, 819distribution shares

creating, 80–82filename conversions, 88–89mass storage drivers, 87–88OEM drivers in RIPrep images, 85–86overview, 57, 80Plug and Play drivers, 84–85required files, 80service packs, applying, 82–83software updates, 83–84subfolders, 81unattended installations, 94

DNS (Domain Name System)Active Directory domain names, 384–386Active Directory installations, 379–381address assignments, 172caching-only servers, 531–532delegating authority, 522–524domains, 108, 482, 483dynamic DNS, 485forwarders, 529–531installing, 515–516interoperation, 528LDAP, 487name resolution, 34–36, 482–484namespaces, 118overview, 481, 515poisoning attacks, 520resource records, 380–381, 524–527reverse lookups, 484–485root hints, 531secondary servers, 516servers, 67, 119, 516–520settings, configuring, 175–176subdomains, 522–524top level domains, 482Windows NT domain upgrades, 128–129WINS resolution, 529zones, 486–487, 521–522, 527

do-it-yourself registry backups, 1291document indexing. See Indexing Servicedocument options, sites, 1085–1086documenting

installations, 161network resources, 46–48networks, 116–120, 1158–1159recovery procedures, 1207

dollar signs, hidden shares, 283domain controllers. See also Active Directory sites

architecture improvements, 106–107demoting, 392–393DFS, 1262DNS servers, 379–381first, 183functional levels, 151–158, 396–400Global Catalog servers, 26–27, 394–395identification, 394multiple domains, 40names, 428–429operations master roles, 460–467overview, 37printer publishing, 198promoting servers to, 381–386remote access, 848replicas, creating, 387–388servers, 66shared resources, 286upgrading, 105, 118, 391Windows NT domain upgrades, 118

Domain Local group, 424domain local groups, 239–240domain local scope, 228, 233domain managers, 402Domain Name System (DNS). See DNS (Domain

Name System)domain namespaces, 482, 638domain naming master, 463–464domain replication, 436–438domain user accounts, 250–252domains. See also groups; Windows NT domain

upgradesActive Directory, 108, 145–147, 395–403consolidating, 126creating, 384designing, 38–39forest root, 109functional levels, 154–158, 396–400managing, 406model types, 117multiple domain tree structure, 39, 40–42names, 108, 384–386, 429, 483, 1088–1089organizational units, 36–38, 40

distance vector-based routing protocols


1397

overview, 37preparing to upgrade, 137–138root, 38security, 36–38, 39–40server promotion to domain controller, 381–386single domain tree structure, 38–39SMTP virtual servers, 1116–1117structure, planning, 36–40trees, creating, 390trust relationships, 109–112, 400–402upgrade guidelines, 133–137

DOS prompt. See commandsdowntime measurements, 1250–1251DPAPI (Data Protection API), 731DPM (Data Protection Manager), 1247driveletter$ share, 286drivers

improvements, 112–113installing, 166printers, 214–216, 220rolling back recently installed, 1302–1303

drives. See also backups; Remote Storageletters, 365, 569–570partitions, 68–69recovery, 1220

dual boots, 101duplexing, 541, 1256–1262duplicate files, SIS monitoring, 928dynamic

disks, 545, 558–559DNS, 485volumes, 68, 1277

dynamic address databases. See WINS (Windows Internet Name Service)

dynamic addressing. See DHCP (Dynamic Host Configuration Protocol)

Dynamic Update protocol, 380

Ee-mail

distribution groups, 228forwarding, SMTP

access options, 1113Default SMTP Virtual Server, 1112–1116delivery options, 1115–1116directories, 1111domains, 1116–1117examples, 1041–1042identities, 1113LDAP Routing, 1116message limitations, 1114overview, 1110–1111site link objects, 443

proof of receipt, 710protocols, 1041–1042S/MIME, 721–722software patch alerts, 787storage reports, 614–615

E-mail services, 1348Echo method, 367editing registry

adding keys or values, 1283best practices, 1267exporting data, 1283hives, 1285importing data, 1283overview, 1279.REG files, 1284Reg utility, 1288–1289Registry Editor, 1280–1288remote machines, 1285removing keys or values, 1283renaming, 1285search options, 1281–1282security, 1286–1288value contents, 1282

editions, Windows Server 2003, 4–5ejecting media, 684Emergency Management Services (EMS)

answer files, 1318–1319enabling, 1315, 1319–1320firmware-based console redirection, 1316headless servers, 1316–1319manual installations, 1316–1317out-of-band administration, 1321–1323overview, 1312–1313requirements, 1314RIS-based installations, 1317–1318security, 1315setting up, 1315–1320version upgrades and, 1319–1320

emergency preparedness. See disaster planningemergency repair disks (ERDs), 1212–1215emulating test networks, patches, 789–790Encapsulating Security Payload (ESP), 727Encrypting File System (EFS), 773–778encryption

backups, 1243CAPICOM, 731certificate authorities, 805CryptoAPI, 730cryptographic service providers, 730DPAPI, 731file system level, 571–573indexing, 1018IPSec, 725–727local data, 773–778

encryption


1398

encryption, continuedoverview, 571–573recovery policies, 773–774remote access policies, 852S/MIME, 721–722smart cards, 710–711SSL, 724–725VPNs, 831Web sites, 1086WEP, 869wireless networking, 868–870WPA, 869–870WPA2, 870

encryption keysdata confidentiality, 707–708digital signatures, 708–709overview, 706private, 714–715public-key certificates, 714–715public-key vs. symmetric-key, 713symmetric-key encryption, 713

enforcing GPO links, 302enhanced metafile (EMF), 213enrollment agent certificates, 752enterprise

CAs, 716, 801–802deployments, wireless security, 872–874root CAs, 803subordinate CAs, 803

Enterprise Admins group, 109Enterprise And Stand-Alone Policy module, 813Enterprise Edition, Windows Server 2003, 4–5equipment audits, 46–48errors

file not found, 1026HTTP, 1094–1095Indexing Service, 1030–1033installations, 164scripts, 367–369

escalation procedures, disaster, 1208–1209estimating future business needs, 46evaluate and plan phase, patch management, 788event auditing

archiving logs, 342categories, 336–338enabling, 337–338filtering logs, 341log size, 341–342object settings, 338–339overview, 336–338searching logs, 340security policies, 778–781viewing logs, 339

event components, 1167–1169event descriptions, 1168event headers, 1167–1168Event Log security area, 741event logs. See also event auditing

archiving, 1170changing settings, 1170overview, 1167remote machines, 1169viewing, 339

event server shutdowns, 1323–1324event severities, 1167Event Viewer, 1166–1170, 1323–1324exceptions, file screening, 626–627excluding

address ranges, 511directories, 1017files in backups, 1232

execute mode, 989–990Execute permissions, 881exit codes, 369exit modules, 798, 814expirations

user accounts, 248Web site content, 1093

explicitone-way trust relationships, 111permissions, 272, 839, 840trust relationships, 400–402

exportingActive Directory schema, 457, 458certificates, 761disk quotas, 633–634ISA 2004, 1151–1153registry data, 1283security templates, 747UNIX files or folders, 895–896

extended partitions, 540, 556extending LUNs, 676extending volumes, 540, 559–560Extensible Authentication Protocol (EAP), 705Extensible Authentication Protocol-Transport Layer

Security (EAP-TLS), 705, 873external

connectivity, documenting, 47namespace names, 34–36networks, configuring, 964–965recovery drives, 1220risks, disaster planning, 1205user licensing, 64

External Connector Licenses, 64

encryption keys


1399

Ffailback policies, 595failed. See also disaster planning; fault tolerance;

restores; troubleshootingfailure metrics, 1250–1251installations, 98–103printing, 222–223

failovercapacities, 597–598groups, 591partial, 596policies, defining, 595server cluster configurations, 595–597

FAT, 69, 565, 566–568fat clients, 8FAT32, 69, 565, 566–568fault tolerance. See also DFS (Distributed File System)

clustering, 1263DFS, 1262disaster preparation, 1211disk arrays, 1256–1262domain controller replicas, 387–388measuring, 1250–1251NLB clusters, 589overview, 11, 1249power supply problems, 1251–1256RAID, 1256–1262server clusters, 595–597setting up, 1211

Fax services, 1348federated identity management, 430file encryption. See encryptionfile-level administration, IIS, 1077file not found errors, 1026file permissions vs. share permissions, 268–269file replication service (FRS), 640–641file resource sharing

Active Directory publishing, 292–293folder redirection, 313–317hiding, 283NFS shared folders, 288–292NTFS permissions

files, 274folders, 273how they work, 271–272inheritance, 272–273listed, 270–271, 274–276overview, 270ownership, 268–279special, 274–276

overview, 267–268share vs. file permissions, 268–269shared folders, 279–288

File Screening Management, 624–630File Server Management tool, 279–281File Server Resource Manager (FSRM)

disk quotas, 630–634file screens, 624–630global options, 614–615overview, 614quotas, 618–624reports, 615–617

file servers, 66, 118File Share resource type, 593, 609–611File System security area, 741file systems

Common Log File System, 567converting FAT to NTFS, 565encryption, 571–573event auditing, 339NTFS, 571–574overview, 13UNIX interoperability, 885–886

file templatescertificates, 719, 799–801, 815–817file screening, 628–629Group Policy, 296, 298quotas, 622–624security

applying, 745compatible, 743configurable areas, 741exporting, 747importing, 747new, 744–745out-of-the-box, 743overview, 739–740predefined, 741–744secure options, 742–743Security Configuration and Analysis, 746–749

user object creation, 418File Transfer Protocol (FTP), 883file transfer protocols, 1040–1041filename conversions, distribution shares, 88–89files

backups, 1223blocking types saved, 624–630consoles, custom, 328–329copying lock ups, 100–101custom query forms, 1024–1027default saved location, 1340groups, 629–630log file types, 1183Other Network File and Print Services, 1350ownership, 276–279restoring, 1239–1242

files


1400

files, continuedscreening, 574, 624–630server configuration backups, 1072–1073system file versions, checking, 1311UNIX, 880–882Web site options, 1085–1086

filteringevent logs, 341packets, 1125–1126printer folders, 201–202

filtersActive Directory objects, 406–407defined, 1010GPO scope, 307indexing process, 1011IPSec policies, 769–771ISAPI, 1082network frame capture, 1192–1195PPTP, 855

Find tool, 1340finding

Active Directory objects, 408printers, 201–202registry keys and values, 1281–1282servers, 993software patches, 786–788user accounts, 253–254

Firewall Client, ISA, 1150firewalls

IP addresses, 476–477ISA 2004, 1136–1138ISA Firewall Client, 1150namespace name resolution, 34, 36NFS shared folders, 289post-Setup updates, installing, 161remote administration, 163replicating through, 643reverse proxy, 1144–1146Windows Firewall, 161, 163, 289, 750–751

firmware-based console redirection, 1316first

boot phase, 92domain controller, configuring, 183server on network, configuring, 181–183, 385

Fixprnsv.exe, 193Flexible Single-Master Operations (FSMO), 446,

460floppy disk backups, 1222floppy disk boots, 1216–1217Folder Options, 1342Folder Redirection, Group Policy, 313–317folder targets, DFS, 640, 651

foldersDFS, 639, 648, 652–655encryption, 571–573, 773–778filtered printers, 201–202home, 257–258NTFS permissions, 270, 273options, setting, 1342ownership, 276–279quota management, 618–624redirection, 313–317user profiles, 260

footer files, 1086forcing

Boot menu display at startup, 102policy updates, 312RIS automatic log ons, 940

forest root domains, 109forests

Active Directory schema updates, 141–145creating, 41, 390DNS names, 402domain controller names, 428–429domain names, 429federated identity management, 430functional levels, 151–153, 396–400multi-tree, 41multiple domains, 39overview, 30–31, 108planning, 121–131tree creation, 390UPNs, 402Windows NT domain upgrades, 121–131

formattingdisks, 555names, Active Directory, 24partitions, 566–568storage, configuring, 168–169volumes, 555, 566–568

forward broadcasts, 488forward lookup zones, 521forwarders, DNS, 529–531forwarding mail, SMTP

access options, 1113Default SMTP Virtual Server, 1112–1116delivery options, 1115–1116directories, 1111domains, 1116–1117examples, 1041–1042identities, 1113LDAP Routing, 1116overview, 1110–1111site link objects, 443

filtering


1401

Frame Viewer window, Network Monitor, 1189–1190

framescapture filters, 1192–1195capture triggers, 1198–1199Capture window, 1188–1189capturing, 1187–1188comments, 1191–1192display filters, 1196–1198Frame Viewer window, 1189–1190overview, 1187pattern matches, 1195printing, 1192

free media pools, 677free software update tools, 792–795frequency

backup scheduling, 1234–1236performance monitoring, 1161

frequency hopping spread spectrum (FHSS), 867friendly names. See DNS (Domain Name System)FrontPage Extensions, 1067–1068frozen installations, 99–101FSRM (File Server Resource Manager). See File

Server Resource Manager (FSRM)FTP (File Transfer Protocol), 883, 1040–1041FTP publishing service, 1058–1061FTP Site Creation Wizard, 1058–1059FTP sites

anonymous access, 1098–1099authentication, 1098–1099configuration backup files, 1072–1073creating, 1058–1059default, 1058directory-level properties, 1076, 1101file-level properties, 1077home directory, 1100–1101identities, 1097IIS management, 1095–1102messages, 1100other site types, 1058overview, 1058properties, 1096–1101security, 1062–1065server-level properties, 1096site-level properties, 1075, 1096–1101starting, 1065–1067stopping, 1065–1067testing, 1059–1060virtual directories, 1060–1061

fullbackups, 1225CRLs, 721deployments, patches, 791index scans, 1020–1021logs, halting computer when, 342

Full Control permissions, 270–271full mesh topology, 641Fully Automated interaction level, 77fully qualified

command paths, 364printer share names, 188

functional levels, domains or forests, 151–158, 396–400

future business needs, 46

Ggateways. See also connectivity; firewalls

IP addresses, 476–477overview, 479

Generic Application resource type, 594Generic Script resource type, 594Generic Service resource type, 595geographical naming conventions, 33GetActiveObject API, 371global

File Server Resource Manager options, 614–615group scope, 228, 233groups, 241

Global Catalog (GC), 26–27, 394–395, 408Global group, 424GPOs (Group Policy Objects). See Group Policy

Objects (GPOs)grandfather-father-son media rotation, 1227granting permissions. See permissions; remote

access policiesgraphs, System Monitor, 1178, 1180grid lines, System Monitor, 1180group identity (GID), 889, 897group objects, Active Directory, 423–425group policies, tools, 7–8Group Policy. See also Group Policy Objects

(GPOs); packagesadministrative templates, 296, 298backups, 312components, 296–298containers, 298, 301default, 298delegating permissions, 308–311folder redirection, 313–317

Group Policy


1402

Group Policy, continuedinheritance, 301–303managing, 298–303overview, 7–8, 62, 295printer management, 199, 202processing order, 301refreshing, 311–312restores, 313Resultant Set of Policy, 317–320RIS installations, 935security group policies needed, 306–308security permissions, 310Software Installation feature, 6task and tool comparisons, 299–300user rights, assigning, 245–246

Group Policy container (GPC), 297, 298Group Policy Management Console (GPMC), 8,

298–303, 306, 307, 309, 311Group Policy Object Editor (GPOE), 304–305Group Policy Objects (GPOs)

application deployment, 902backups, 312certificate trust lists, 820–822containers, 298creating, 303–305, 309, 310, 909delegating permissions, 308–311Group Policy Management Console, 298–303links, 302, 305–306, 309migration issues, 297node disabling, 311overview, 7, 296–298packages, 915–922policy management, 298–303policy processing order, 301restores, 313scope, 306–308

Group Policy Software Installation extensionconfiguring, 911–915default settings, changing, 911–913deployment planning, 910GPOs, creating, 909overview, 901–902setting up, 908–915software distribution points, 908–909

Group Policy template (GPT), 297groups. See also user accounts

access control, implementing, 757–759Active Directory objects, 423–425adding users to, 235–237built-in, 237–241creating, 234–235

deleting, 235domain local scope, 228, 233failover, 591files, 629–630global scope, 228, 233local, 237names, 233network performance, 229organizational units, 230–232overview, 227–228planning, 232–234printers, 209–210remote access, 841–842, 845–847scopes, 228–229, 233–234, 236server clusters, 604–606structuring, 234–237universal scope, 229, 233UNIX privilege levels, 882–883user rights, 242–246

guestsoperating systems, 955wireless security, 872, 874

GUI Attended interaction level, 77GUI-mode Setup phase, 92GUIDs, 950

Hhacked networks, 782halting. See stoppinghandshakes, security, 724–725hard-linked dynamic volumes, 69hard links, 881, 882hard page faults, 1162hard quotas, 619hardware. See also Virtual Server

changes, viewing, 166device configuration, 164–169Device Manager, 165–168disabling, 166disk arrays, 1256–1262displaying, 165–166drivers, installing, 166Emergency Management Services, 1314gateways, 479interrupts, 1163–1164RAID, 544, 1256–1257registry information, 1273–1274, 1276removing, 166requirements, 67–68restores, 1296–1297, 1302routers, 479

Group Policy container


1403

subnets, 477–478support changes, 112–113system information gathering, 1306–1307troubleshooting, 168upgrading to Windows Server 2003, 112–113

hardware-enabled authentication, 706Hardware Update Wizard, 166headers

events, 1167–1168HTTP, 1093–1094

headless servers, 1316–1319Help And Support Center tools, 1304–1306HFNetChkPro, 796hidden file shares, 283Hidden Pages interaction level, 77hidden password entry, 363hierarchical-ordered domains, 38–39hierarchical trust relationships, 401–402hierarchies

certificate authorities, 715–717, 823–825domain namespace, 482

high availability. See also clustersDFS, 1262disk arrays, 1256–1262failure measurements, 1250–1251load balancing, 595overview, 11, 1249power supply problems, 1251–1256printers, 209–210RAID levels, 1261

High Performance Computing (HPC) clusters, 611highly secure security templates, 743history

logons, 71metabase, 1075

hives, 1279, 1285HKCC (HKEY_CURRENT_CONFIG), 1272HKCR (HKEY_CLASSES_ROOT), 1272HKCU (HKEY_CURRENT_USER), 1272HKEY_CLASSES_ROOT (HKCR), 1272HKEY_CURRENT_CONFIG hive, 1279HKEY_CURRENT_CONFIG (HKCC), 1272HKEY_CURRENT_USER (HKCU), 1272HKEY_LOCAL_MACHINE (HKLM), 1271–1277HKEY_USERS (HKU), 1272HKLM\HARDWARE subkey, 1273–1274HKLM (HKEY_LOCAL_MACHINE), 1271–1277HKLM\SAM subkey, 1274HKLM\SECURITY subkey, 1275

HKLM\SOFTWARE subkey, 1275–1276HKLM\Software\Wow6432Node subkey, 1276HKLM\SYSTEM\CurrentControlSet subkeys, 1276HKLM\SYSTEM\MountedDevices subkey, 1277HKU (HKEY_USERS), 1272holding documents, print spooling, 212–213home directory

FTP sites, 1100–1101Web sites, 1083–1085

home folders, 257–258home pages, accessing, 1048–1049hop counts, 1115Host keys, 975hosts

DNS records, 524–527header names, 1080NLB clusters, 588–589servers, 638, 955

Hosts.txt, 482Hot Add Memory, 15hot-spare disk systems, 1262hot-swap disk systems, 1262hotfix chaining, 84hotfixes, 784HTML, 20HTTP

Active Directory, 20, 1038–1039error options, 1094–1095headers, 1093–1094URL names, 24

hub and spoke topology, 641hung up installations, 99–101HyperTerminal, 1347

II/O, scripts, 366–367icons, virtual directories, 1056–1057identify phase, patch management, 786–788identifying business needs, 45–46identities

domain controllers, 394FTP sites, 1097objects, 21SMTP virtual servers, 1113UNIX, 897Web sites, 1079

IEEE 802.11 protocols listed, 867–868ignoring unknown client computers, RIS, 933

ignoring unknown client computers


1404

IIS (Internet Information Services). See also FTP sites; WWW site management

administration tools, 1044–1047administrative levels

directory, 1076file, 1077overview, 1069server, 1071–1075site, 1075

administrative tasks, 1062–1068FrontPage Extensions, 1067–1068FTP publishing service, 1058–1061installations, 1044–1046logs, 1081metabase, 1074–1075NNTP service, 1102–1110overview, 1037pausing, 1065–1067permissions, 1062–1065print server management, 206protocols supported, 1037–1044Remote Administration (HTML), 1119–1120remote management, 1046scripts, 1047server options, 738, 1072–1073SMTP service, 1110–1117starting, 1065–1067stopping, 1065–1067Virtual Server, 956–958Web service extensions, 1117–1119WWW publishing, 1044–1047

IIS (Internet Information Services) Manager, 1045IISConfigObject collection, 1074image-based installation methods, 58–60images, operating system for RIS, 936–944immediately running tasks, 345impersonation, 370implicit deny permissions, 839, 840, 845importing

Active Directory schema, 457, 459certificates, 762, 819disk quotas, 633–634ISA 2004, 1151–1153registry data, 1283security templates, 747

improving disaster plans, 1210–1211in-band management, 1314in-place upgrades, 193, 1300–1301include/exclude rules, Remote Storage, 692incoming certificate instructions, 798

incompatible client and servers, 134incompatible drivers, 193inconsistent query results, 1032incremental

backups, 1225index scans, 1020–1021zone transfers, 527

Index This Resource option, 1085Indexing Service

catalogsconfiguring, 1016–1017corrupted, 1032creating, 1015–1016directories, 1017–1018new Web sites, indexing, 1027overview, 1015properties, adding, 1019–1020property cache, configuring, 1019scanning indexes, 1020–1021security, 1018

console, setting up, 1014–1015how it works, 1011merging indexes, 1013–1014No Documents Matched Query error, 1030–1031overview, 1009–1011, 1348performance, 1028–1030planning, 1012–1015querying, 1023–1027registry entries, 1021–1023scanning, 1020–1021searching, 1023–1027storage needed, 1012–1013troubleshooting, 1030–1033

individual drives in library, 682Information Technology (IT). See IT (Information

Technology)infrastructure, documenting, 47infrastructure master, 466–467inheritance

Active Directory, 26Group Policy, 301–303permissions, 272–273

.INI files, 1265Initialize And Convert Disk Wizard, 547–549inject/eject ports, 681injecting media, 684input and output handling, scripts, 366–367install mode, 989–990installation CDs, 56

IIS


1405

installations. See also configuring new installations; deployment environments; RIS (Remote Installation Services); upgrading to Windows Server 2003

application deployments, 62–63boot disks, 1216–1217command-line parameters, 95–98documenting, 161errors, 164install methods, choosing, 57–60licensing modes, 63–64manual, 91–93overview, 55, 91partitions, 68–69phases of, 92product activations, 64–65reinstalling Windows, 1312security, 69–70server configurations, 66–70server roles, 66–67software updates, 61–62speeding up process, 89–90system preparation, 91system requirements, 67–68test labs, 65–66troubleshooting, 98–103unattended, 78–79, 94Windows Server 2003 R2, 149

instances, System Monitor, 1177Integrated Color Management (ICM), 200Integrated Device Electronics (IDE), 100–101, 541integrated installations, 82–83Integrated Windows Authentication, 1086integrated zone storage, 486–487integrity, data, 708–709IntelliMirror, 6, 8, 902Inter-Site Transports container, 443interaction levels, installations, 77interactive logon events, 751interactive logons, 704interconnects, 590interface changes listed, 1331–1335, 1337–1343interim domain remote access, 840–842interim functionality levels, 396–400internal DNS servers, 381internal namespace names, 34–36Internal Network, configuring, 963–964Internet. See also e-mail; IIS (Internet Information

Services); Internet connection services; Internet connectivity; ISA 2004

clusters, 577newsgroups, 1043services, 14

Internet Authentication Service (IAS)clients, 860configuring, 859–860installing, 859overview, 858–859RADIUS, 861–864

Internet connection servicesdial-up remote access, 830, 834–835IAS, 858–863NAT servers, 835–836overview, 829–830RADIUS



remote access servers, 833–834, 852–853Virtual Server

administering, 978–979alternatives to, 979properties, configuring, 965–966

VPNs, 727–729, 831–833, 853–858Internet connectivity. See also protocols; wireless

external, 47IIS servers, 1072–1073network activity monitoring, 1165–1166NFS shares, 892–894NNTP virtual servers, 1109operating systems, 47overview, 13–14print servers, 188, 207printers, 199, 202–204sharing, 1124simultaneous, 284–285Storage Manager For SANs, 670–671timeout values, 1081UNIX interoperability, 883–884Web sites, 1048–1049

Internet Content Rating Association (ICRA), 1093Internet Explorer Enhanced Security

Configuration, 1349Internet Information Services (IIS). See IIS (Internet

Information Services)Internet Message Access Protocol version 4

(IMAP4), 1042Internet News Service, 1102Internet Printing Protocol (IPP), 207Internet Protocol Address resource type, 593Internet Security and Acceleration Server 2004. See

ISA 2004

Internet Security and Acceleration Server 2004


1406

Internet Security Association and Key Management Protocol (ISAKMP), 727

interoperabilityMacintosh, 899Novell Netware, 899overview, 9, 879UNIX

connectivity, 883–884file listing, 880–882file systems, 885–886identity management, 897overview, 879printing, 885–887privilege levels, 882–883security, 880symbolic links, 882Windows Subsystem for UNIX-Based

Applications, 897–898interoperating DNS servers, 528interrupts, hardware, 1163–1164intersite replication, 130, 437–438intervals

backup scheduling, 1234–1236performance monitoring, 1161

intranet. See clusters; Indexing Serviceintrasite replication, 437invalid certificates, 719–720invalid passwords, 249inventorying

libraries, 680–681network attributes, 116–120servers, 118–120

IP address databases, Network Monitor, 1191IP Address Management console, 324IP address pairs, Network Monitor, 1194IP Address resource type, 608IP addresses. See also DHCP (Dynamic Host

Configuration Protocol); DNS (Domain Name System); name resolution; TCP/IP

adding, 173DNS settings, configuring, 175–176dynamic addressing, 171–172firewalls, 476–477IPv6, 492–494loopback, 475managing, 487–489network address translation, 1124–1125network classes, 474–476overview, 474private, 1125

remote access policies, 851reservations, 504restrictions, 1088–1089routers, 479routing protocols, 480server clusters, 593static addressing, 173subnets, 477–478Web sites, 1079–1080WINS, 176–177, 532–537

IP (Internet Protocol), 443, 470IP Security Policy Management snap-in, 764–772IPC$ share, 286Ipconfig utility, 514IPSec (Internet Protocol security), 725–727,

764–772IPv6, 492–494ISA 2004

backups, 1151–1153caching, 1126, 1139–1140client types, 1126exporting, 1151–1153firewall policy rules, 1136–1138importing, 1151–1153initial configuration, 1131–1140installations, 1128–1130Internet connections, 1124ISA Firewall Client, 1150monitoring, 1144network address translation, 1124–1125network entities, 1147–1148network topology, 1133–1135overview, 1123–1124packet filtering, 1125–1126policy management options, 1146publishing servers, 1144–1146restores, 1151–1153reverse proxy, 1144–1146security, 1131system requirements, 1127users, defining, 1149–1150VPN access, 1141–1144

ISA Firewall Client, 1150ISAPI filters, 1082iSCSI (Internet Small Computer System Interface)

additional information, 663security, 673suggestions, 667targets, 672, 674

isolation, network, 866

Internet Security Association and Key Management Protocol


1407

IT (Information Technology)business needs, identifying, 45–46current systems, assessing, 46–48deployment planning strategies, 43–44problems, listed, 44roadmap, making, 49–51successful IT, characteristics of, 49

iterating disaster plans over time, 1210–1211

JJBOD, 541jobs

backupcommand line, 1237–1239logs, 1231options, 1230permissions, 1229running, 1233–1234scheduling, 1234–1236scripts, 1229steps, 1227storage medium, 1230

printmanaging, 204–206printing process steps, 220

JScript, 353, 372

KKaizen, 1210Keep-Alives, HTTP, 1039, 1081Kerberos, 10, 705, 722–724key distribution center (KDC), 723keys. See also encryption keys

product, 56registry

hives, 1285renaming, 1285security, 1286–1288

root32-bit vs. 64-bit, 1269adding, 1283finding, 1281–1282hives, 1279overview, 1271–1272removing, 1283renaming, 1285subkeys, 1273–1277

knowledge consistency checker (KCC), 437

LL2TP (Layer Two Tunneling Protocol), 728, 833labels, removable storage, 678–679labs, test, 65–66languages, scripts, 371–372LargeSystemCache registry value, 1201Last Known Good Configuration option,

1296–1297latency, 437layouts, custom consoles, 327–328LDAP (Lightweight Directory Access Protocol), 20,

24, 487, 1044, 1116LDIF (LDAP Data Interchange Format), 457–459Ldifde.exe, 457–459leases

client addresses, 514DHCP clients, 488durations, 503

legacy. See also Virtual ServerDHCP client support, 505–506system domain support, 157system support changes, 106–113

libraries, removable storage, 677, 680–682licenses

modes, 63–64Terminal Services, 1005–1007volumes, 65

Licensing Site Settings object, 439link-state routing protocols, 480linked certificate authorities, 823–825links

Active Directory sites, 444Group Policy Objects, 305–306, 309

List Folder Contents permissions, 270–271listing devices detected on system, 165–166Lmhosts files, 177, 491load balancing. See also clusters

DHCP servers, 507–510domain controller replicas, 387–388maximum availability, 596Network Load Balancing service, 1263static, 595

load shedding, 596loading hives, 1285local

administrative tool installations, 334certificate storage, 755–756data security, 773–778groups, 237–239

local


1408

local, continuedpower supply failures, 1251–1252profiles, 261user accounts, 251user right assignments, 246virtual directories, 1054

Local Policies security area, 741Local Quorum resource type, 594Local System Authority (LSA), 23Local Users and Groups, 1342locating

printers, 201–202registry keys and values, 1281–1282servers, 993software patches, 786–788user accounts, 253–254

location-based naming conventions, 33location names, printers, 188–190, 226location tracking, printers, 190–192, 225–226locations

consoles, 329file restore destinations, 1240

lockedinstallations, 99–101smart cards, 754user accounts, 249, 257

log files, 83Log Visits option, 1085logging mode, Resultant Set of Policy, 317, 319–320logging off Terminal Services sessions, 995logical drives

creating, 556deleting, 557–558

logical printers, 209–210logical unit numbers (LUNs), 666, 675–676logical volumes, 540logons. See also authentication

history, 71hours permitted, 248interactive, 704iSCSI targets, 674locations permitted, 248network activity monitoring, 1165–1166rights assigned to groups, 242RIS automatic, forcing, 940scripts, user profiles, 264–265secondary, 331–334smart cards, 752–756user objects, 420

logsbackups, 1231event

archiving, 342, 1170filtering, 341overview, 1167searching, 340settings, changing, 1170size, 341–342viewing, 339, 1169

file types, 1183IIS, 1081Performance Logs And Alerts, 1180–1186scripts, 367, 369security, 780–781security analysis, 747–749stopping computer when full, 342Task Scheduler, 346trace, 1181–1184

long names, converting, 88–89long-term performance monitoring, 1159, 1160long-term power outages, 1255–1256loopback addresses, 475LPD (Line Printer Daemon), 196LPR (Line Printer Remote) ports, 194, 196Lprmon.dll, 196

MMAC (media access control), 505, 867, 870machine-wide registry information, 1275–1276Macintosh interoperability, 899mail

distribution groups, 228forwarding, SMTP


proof of receipt, 710protocols, 1041–1042S/MIME, 721–722software patch alerts, 787storage reports, 614–615

Local Policies security area


1409

majority node set (MNS) clustering, 579Majority Node Set resource type, 594Man in the Middle attacks, 870Manage Documents permission, 209Manage Printers permission, 209Manage Your Server window, 178–181Manage Your Server Wizard, 498managed

clients, wireless security, 873, 874computer accounts, 948–950volumes, 693–694

Management And Monitoring Tools, 1349mandatory profiles, 264manual

certificate requests, 825–827CRL publishing, 818index merges, 1014installations, 57–58, 62, 91–93registry backup copies, 1291Remote Desktop enabling, 163Remote Storage tasks, 694trust relationship setup, 402user object creation, 417–418

.maphosts files, 891–892mapping aliases to content. See virtual directoriesmasks, subnet, 477mass storage drivers, 87–88master

indexes, 1010merges, 1010, 1013roles, Active Directory, 460–467

Master Boot Record (MBR), 99, 102–103matches. See queryingmatching patterns, capture frames, 1195maximum availability without load balancing, 596mean time to failure (MTTF), 1250–1251mean time to recover (MTTR), 1250–1251measuring downtime, 1250–1251media

backups, 1221–1223, 1230copies, Remote Storage, 697–698identifiers, 678–679pools, 677–678, 682–684, 1222rotation, 1227, 1247states, 679–680

Media Services, 1352member servers, 106–107members. See groupsmemory

allocation settings, 1199–1200cache, 1199–1200indexing, 1012–1013

leaks, 1162overview, 15performance monitoring, 1162–1163Windows Terminal Services, 983, 988

Memory\ Available MBytes counter, 1162Memory\ Cache Bytes counter, 1162Memory\ Committed Bytes counter, 1162Memory\ Pages/Sec counter, 1162, 1163Memory\ Pool Nonpaged Allocs counter, 1163Memory\ Pool Nonpaged Bytes counter, 1162menus

editors, RIS, 944personalized, 1341

merging indexes, 1013–1014Message Integrity Check (MIC), 870messages

FTP sites, 1100proof of receipt, 710S/MIME, 721–722signed, 721SMTP, 1114Terminal Services sessions, 998–999

metabase, 1074–1075Microsoft Baseline Security Analyzer (MBSA),

781–782Microsoft IIS Log File Format, 1081Microsoft IntelliMirror, 902Microsoft Management Console (MMC). See also

names of individual consolesActive Directory, 377–378Convenience Consoles, 324new consoles, building, 324–330overview, 6, 323

Microsoft Operations Manager (MOM), 903Microsoft Rapid Economic Justification (REJ), 46Microsoft Services for Netware, 899Microsoft Services for NFS

Client for NFS, configuring, 894–895connections, 892–894NFS shares, creating, 895–896overview, 887–888Server for NFS, configuring, 896–897User Name Mapping, configuring, 889–892

Microsoft Services for NFS Administration component, 887

Microsoft Update, 62, 791migration

DHCP scopes, 513print servers, 192–193Windows NT domains, 114

MIME (Multipurpose Internet Mail Extensions), 1044, 1094

MIME


1410

minimum system requirements, 67–68mirrored boot partitions, 1299–1300mirrors

adding, 561–562breaking, 565drive failures, 563–564RAID levels, 1256–1262removing, 564

mission-critical availability, 578–579mixed functionality levels, 396–400mixed-mode domain remote access, 840–842mixed naming conventions, 33mobile user wireless security. See also connection

services802.11 protocols, 867–868deployment scenarios, 872–875encryption, 868–870guest access, 872, 874managed clients, 873, 874options, 870overview, 865risk assessments, 865risk tolerance, 866rogue access points, 873–874, 875subnet masks, 479

modem banks, 834Modified Field Modification (MFM), 541Modify permissions, 270–271Monad, 373monitoring performance

acceptable-use policies, 1159baseline, 1159, 1160bottlenecks, 1158disk activity, 1164–1165documentation, 1158–1159Event Viewer, 1166–1170frequency, 1161memory usage, 1162–1163network activity, 1165–1166Network Monitor, 1186–1199options, 1160–1166overview, 1157performance impact of, 1161Performance Logs And Alerts, 1180–1186processor activity, 1163–1164Server Performance Advisor, 1171–1175strategies, 1161System Monitor, 1175–1180

monthly backups, 1235mounted volumes, 552MountedDevices subkey, 1277mounting media, 684

mounting volumes, 570–571Move command, 419moving

Active Directory objects, 428organizational units, 232user accounts, 255

MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 2), 705

MS-DOS boot disks, 1217MS-DOS prompt, 1340.msc files, 323Msconfig.exe, 1309–1311MsgBox function, 366MSH (Monad), 373Msinfo32.exe, 1306–1307multicast scopes, DHCP, 500multihomed servers, 182multilevel exports, NFS, 895Multilink, 851multiple

backup schedules, 1236DHCP servers, 488–489, 507–510disk controller fault tolerance, 1260domain structure, 39, 40–42domains across subnet boundary, 492domains within subnet boundary, 492IP addresses configured, 1079namespaces, 19, 30–31network adapters in multicast mode, 583recovery plan copies, 1208root domains, 39server performance monitoring, 1173–1175

multiple-drive data protection, 696multiple-master-domain model, 124–125multiple-master domains, 41multiple-master replication, 378, 436multipurpose replication groups, 658–660mutual authentication, 706My Briefcase, 1340My Documents, 1340My Network Places, 1341

NName Mappings command, 419name resolution. See also DNS (Domain Name

System)Active Directory, 20–21DHCP, 487–489internal vs. external namespaces, 34–36overview, 481WINS, 489–492, 532–537

minimum system requirements


1411

names. See also naming conventionsActive Directory formats, 24Active Directory objects, 428Administrator accounts, 185child domains, 388–389computers, 170DFS, 644domain controllers, 394, 428–429domains, 108, 384–386, 429, 483filename conversions, 88–89groups, 233hidden file shares, 283home directory files, 1085–1086printer locations, 188–190printers, 188registry keys or values, 1285renamed Windows NT 4 components,

1337–1343RIS computer names, 933RIS images, 944server identity, changing, 169trees, creating new, 390UPNs, 402user accounts, 247, 256users, 248volumes, 567Windows NT domain upgrades, 128–129

namespacesActive Directory, 20–21continuous, planning, 41DFS, 644–652forests, 30–31, 41–42naming conventions, 29–36planning, 29–42roots, 638–639, 645–646servers, 638, 647trees, 30

naming contexts, Active Directory, 26naming conventions

ARC, 1217disks, 1217geographical, 33mixed, 33namespaces, 29–36organizational, 32partitions, 1217printer locations, 188–190printers, 188user names, 248

nativedomain remote access, 843–847functionality levels, 396–400Windows Installer packages, 904

NCSA common log file format option, 1081.NET application services, 14.NET Framework, 1349.NET Passport Authentication, 1087net session command, 288net share command, 287–288net view command, 288NetBIOS (Network Basic Input/Output System)

Active Directory domain names, 385DFS without, 644overview, 472WINS, 489–492, 532–537

NETLOGON share, 286NetWare servers, 119network activity monitoring, 1165–1166network address translation (NAT)

firewalls, 476overview, 834, 1124–1125servers, configuring, 835–836

network addressing. See also DNS (Domain Name System); name resolution; TCP/IP

adding, 173analyzing, 47DNS settings, configuring, 175–176dynamic addressing, 171–172firewalls, 476–477IPv6, 492–494loopback, 475managing, 487–489network address translation, 1124–1125network classes, 474–476Network Monitor databases, 1191overview, 474private, 1125remote access policies, 851reservations, 504restrictions, 1088–1089routers, 479routing protocols, 480server clusters, 593static addressing, 173subnets, 477–478Web sites, 1079–1080WINS, 176–177, 532–537

network addressing


1412

network administrative toolsauditing events

archiving logs, 342categories, 336–338enabling, 337–338filtering logs, 341log size, 341–342object settings, 338–339overview, 336–338searching logs, 340viewing logs, 339

AT command, 347–348cron, 348delegating control, 343–344installing locally, 334installing remotely, 335MMC, 323–330overview, 323scripts, 335–336secondary logon, 323–330Support Tools, 335–336Task Scheduler, 344–347

network authenticationaccess control, implementing, 757–759Active Directory sites, 434combining methods, 1088defined, 837enabling, 751–757FTP sites, 1098–1099hardware-enabled, 706IPSec policies, 771mutual, 706NNTP virtual servers, 1107overview, 704, 751proof of identity, 704protocols, 10, 705–706requests, 861scripts, 362–363, 370smart cards, 752–756SMTP virtual servers, 1113trust relationships, 109–112Web sites, 1086–1087wireless networking, 868–870

network backups. See also network restorescertificate authorities, 810–812command line, 1237–1239disaster preparation, 1212domain upgrades, 131–133encrypted files, 1243excluding files, 1232

failure, planning for, 1242–1243launching, 1227logs, 1231media rotation, 1227, 1247options, 1230overview, 1221permissions, 1229, 1246recovery drives, 1220registry, 1290–1291before restoring from, 1311scheduling, 1234–1236scripts, 1229server configuration settings, 1072–1073steps, 1227–1228storage medium, 1221–1223, 1230strategy planning, 1224–1227system state, 1242–1243third-party utilities, 1246–1247types, 1225–1226

network-based printer setup, 195–198network card IP addresses, 1079–1080network classes, IP addresses, 474–476network components, configuring, 170–171network connection services

dial-up remote access, 830, 834–835IAS, 858–863NAT servers, 835–836Networking Services, 1350overview, 829–830RADIUS



remote access servers, 833–834, 852–853Virtual Server

administering, 978–979alternatives to, 979properties, configuring, 965–966

VPNs, 727–729, 831–833, 853–858network connectivity

IIS servers, 1072–1073network activity monitoring, 1165–1166NNTP virtual servers, 1109print servers, 207printers, 199, 202–204Web sites, 1048–1049

network administrative tools


1413

network deployment environments. See also configuring new installations

application deployments, 62–63creating

disk imaging, 89–90distribution shares, 80–89overview, 72Setup Manager, 72–77Windows Server 2003 R2 and, 78–79

designing, 55install methods, choosing, 57–60installation process, 91licensing modes, 63–64overview, 55partitions, 68–69plans, creating, 71–72preinstallation, 61product activations, 64–65security, 69–70server configurations, 66–70software updates, 61–62system requirements, 67–68test labs, 65–66virtual, 962–965

network deployment planningcurrent systems, assessing, 46–48goals, defining, 50IT changes, problems with, 44, 45–46overview, 5–6, 43–44risk assessment, 50–51roadmap, making, 49–51wireless security, 872–875

network documentation, 46–48, 1158–1159network entities, ISA 2004, 1147–1148Network File System (NFS). See also Microsoft

Services for NFSshared folders

overview, 288–292User Name Mapping component, 288–289Windows Firewall, 289

sharescreating, 290–291, 895–896modifying, 292removing, 292

UNIX interoperability, 885Network File System (NFS) Protocol, 471network firewalls

IP addresses, 476–477ISA 2004, 1136–1138ISA Firewall Client, 1150

namespace name resolution, 34, 36NFS shared folders, 289post-Setup updates, installing, 161remote administration, 163replicating through, 643reverse proxy, 1144–1146Windows Firewall, 750–751

network framescapture filters, 1192–1195capture triggers, 1198–1199Capture window, 1188–1189capturing, 1187–1188comments, 1191–1192display filters, 1196–1198Frame Viewer window, 1189–1190overview, 1187pattern matches, 1195printing, 1192

network gatewaysIP addresses, 476–477overview, 479

network identitychanging, 169domain controllers, 394

network lease durations, DHCP, 503Network Load Balancing (NLB) clusters

capacities, 588–589creating, 583–588fault tolerance, 589hosts, removing, 588models, 582–583nodes, adding, 587optimizing, 589–590overview, 576, 580–581scenarios, 577–579

Network Load Balancing service, 1263network management. See also administrative tools;

network connection services; software management

Group Policy, 7–8IntelliMirror, 8overview, 6–9printers, 7Terminal Services, 8–9

Network Monitoraddress databases, 1191capture buffer size, 1190configuring, 1190–1192driver, 1186

Network Monitor


1414

Network Monitor, continuedframes

capture filters, 1192–1195capture triggers, 1198–1199Capture window, 1188–1189capturing, 1187–1188comments, 1191–1192display filters, 1196–1198Frame Viewer window, 1189–1190overview, 1187pattern matches, 1195printing, 1192

overview, 1186network name resource, clustering, 609Network Neighborhood, 1341Network News Transfer Protocol (NNTP), 1043,

1102–1110network performance. See performancenetwork protocols

802.11, 867–868routing, 480TCP/IP

configuring, 171–177DHCP, 487–489IP, 470IP addresses, 474–476IPv6, 492–494LDAP, 487NetBIOS, 472overview, 469–470RFCs, 472–474TCP, 470–471UDP, 471WINS, 489–492Winsock, 471–472

UNIX interoperability, 883–884network resource sharing



overview, 267–268server clusters, 593share vs. file permissions, 268–269shared folders, 279–288

network restoresAutomated System Recovery, 1301–1302backups, restoring from, 1311boot disks, 1298broken mirrors, 565certificate authorities, 812compromised systems, handling, 782DFS folder targets, 651DHCP databases, 514files, 1239, 1240Group Policy Objects, 313in-place upgrades, 1300–1301ISA 2004, 1151–1153Last Known Good Configuration option,

1296–1297Master Boot Record, 102–103media rotation, 1227mirrored boot partitions, 1299–1300options, 1241–1242overview, 1239, 1295possible failure causes, 1295–1296Recovery Console, 1353–1356registry, 1292Safe Mode option, 1297–1298server configurations, 1073system state, 1244–1246triaging situation, 1293–1295

network routersdemand-dial interfaces, 857–858DHCP relay agents, 511–513IP settings, configuring, 174IPv6, 492–494overview, 479remote access servers as, 854subnets, 477–478WINS, 489–492

network security. See security; wirelessnetwork settings, configuring, 169–177network storage

Distributed File Systeminstallations, 644overview, 634–635terminology, 637–641what’s new, 636


overview, 613Remote Storage, 686–699Removable Storage, 676–686Storage Manager For SANs, 663–676

network name resource, clustering


1415

network subnets, 477–478network topology, ISA 2004, 1133–1135network traffic, 47network tuning, 1202network utilization, Terminal Services, 984Networking Services, 1350new. See also new installation configurations

disks, adding, 547–549FTP sites, 1058–1059indexing, 1027interface features listed, 1331–1335IPSec policies, 767–768security templates, 744–745Web sites, 1049–1052

New Domain Wizard, 1117New Expiration Policy Wizard, 1105new installation configurations

devices, 164–169network settings, 169–177overview, 159problems, checking for, 164remote administration, 162–163security precautions, 184server roles, 178–181storage, 168–169updates, installing, 159–161

New Newgroup Wizard, 1105New NNTP Virtual Server Wizard, 1103New Virtual Directory Wizard, 1104news servers, implementing, 1102–1110newsgroups, 1043, 1105, 1108NFS (Network File System). See Network File

System (NFS)nfsadmin.exe, 288nfsmgmt.msc, 288NLB (Network Load Balancing) clusters. See

Network Load Balancing (NLB) clustersNo Documents Matched Query error, 1030–1031No Override option, 302nodes

NLB clusters, 587server clusters

capacities, 597–598configuration options, 595–597failover policies, 595interconnects, 590overview, 591

nonidle processor time, 1164noninherited permissions, 272–273noninteractive scripts, 369, 373nonpaged pools, 1162nonrepudiation, 710nontransitive trusts, 110, 401–402

nonzero exit codes, 369normal backups, 1225notifications

alert messages, 1186disaster or problem situations, 1209escalation procedures, 1209printers matching criteria, 202software patch alerts, 787storage reports, 614–615

Novell Netware interoperability, 899nslookup, 485NTBackup, 1228, 1237, 1247Ntbtlog.txt, 1298NTDS Settings object, 439NTDS Site Settings object, 439Ntdsutil.exe, 1245–1246NTFS. See also NTFS permissions

Active Directory, 379compressing drives, 1338–1339conversion planning, 566encryption, 571–573FAT, 69, 565file screening, 574formatting issues, 566–568overview, 571quotas, 574shadow copies, 574

NTFS permissionsbackups, 1246files, 274folders, 273how they work, 271–272inheritance, 272–273listed, 270–271, 274–276overview, 270ownership, 268–279special, 274–276

NTLM (Windows NT LAN Manager), 10, 705, 724NUMA (nonuniform memory access), 15numbers, disks or partitions, 1217

Oobfuscated password entry, 363object classes, Active Directory schema, 451–452objectGUID attribute, 21objects

Active Directory, 21, 404–411auditing access, 779–780event auditing, 338–339ownership, 758permissions, 759System Monitor, 1176

objects


1416

octets, IP addresses, 474–476ODBC logging, 1081OEM drivers in RIPrep images, 85–86offline root CAs, 824–825on demand connections, 855On Error Resume Next statement, 368on-media identifiers, 678on-site DNS servers, 381once backup option, 1235one-shot WMI calls, 370one-way trust relationships, 110–112, 400–402online root CAs, 824Open Home Page command, 419Open Shortest Path First (OSPF), 480operating systems

booting for installations, 61connectivity, assessing, 47defaults, changing, 102guest, 955previous, booting, 101–103remote installations, 951–952RIS images, 936–944virtual machines, 973

operational functional levels, 396–399operations master roles, Active Directory, 460–467operator requests, Removable Storage, 685optional components, 1345–1352organization

infrastructure, documenting, 47naming conventions, 32

organizational units (OUs), 22configuring, 412–414creating, 40, 231, 411–412delegating control, 343deleting, 232vs. domains, 36–38moving, 232overview, 38, 108planning, 230–231

orphaned records, DHCP, 506Orthogonal Frequency Division Multiplexing

(OFDM), 867Other Network File and Print Services, 1350other privilege levels, UNIX, 882–883out-of-band management solution

administration, 1321–1323answer files, 1318–1319enabling, 1315, 1319–1320firmware-based console redirection, 1316headless servers, 1316–1319manual installations, 1316–1317overview, 1312–1313

requirements, 1314RIS-based installations, 1317–1318security, 1315setting up, 1315–1320version upgrades and, 1319–1320

out-of-the-box security templates, 743outdated records, DHCP, 506output and input handling, scripts, 366–367overriding folder referral settings, 650overriding policy setting inheritance, 302–303overwriting events, 780overwriting metabase history, 1075ownership

access rights, 758NTFS permissions, 268–279UNIX privilege levels, 882–883

Ppackages

application property changes, 918–919Group Policy additions, 915–916Group Policy options, 911–915modifications, 920–922native Windows Installer, 904overview, 915redeploying, 922removing, 922repackaged applications, 905–908upgrades, 919–920

Packet Binary Convolution Coding (PBCC), 867packets

filtering, ISA 2004, 1125–1126IP, 470routers, 479subnets, 477–478TCP, 470–471UDP, 471

page file optimization, 1201–1202page separators, 210–211Paging File\ % Usage counter, 1163paging, monitoring, 1163parallel subfrequency transmissions, 867parent domains, 388–389parsing tool, 1181partial failover, 596partitions

Active Directory, 26, 379converting, 379, 565creating, 552–555deleting, 557–558drive letters, 569–570formatting, 555, 566–568

octets


1417

logical drives, 556naming conventions, 1217overview, 546planning, 68–69storage, configuring, 168–169

pass-through authentication, 111Passport Authentication, 705Password Authentication Protocol (PAP), 705passwords. See also authentication

planning, 71scripts, 362–363shared secrets, 860smart cards, 710–711user accounts, 249–250, 256

patchesdeployment testing, 789–791obtaining, 791–795overview, 62, 783–785phases, 785–789third-party products, 795–796

path management, scripts, 363–365%PATH% security considerations, 364%PATHEXT% security considerations, 365pattern matches, capture frames, 1195pausing. See also stopping

IIS, 1065–1067virtual machines, 975

PDF file indexing, 1032peak usage data, quotas, 621pending certificate requests, changing, 822Per Device Or Per User licensing, 63–64Per Server licensing, 63–64performance

archived event logs, 342availability, 11DFS Namespaces, 636Distributed File System, 636group organization, 229Indexing Service, 1028–1033memory usage, 1162–1163network activity, 1165–1166Network Monitor, 1186–1199options, 1160–1166overview, 1157performance impact of, 1161Performance Logs And Alerts, 1180–1186processor activity, 1163–1164quotas, 619reliability, 11scalability, 14–15Server Performance Advisor, 1171–1175storage reports, 618

strategies, 1161System Monitor, 1175–1180Web site options, 1082

Performance Advisor tool, 1171–1175performance counters

disk activity, 1164–1165Indexing Service, 1029–1030logs, 1181–1184memory usage, 1162–1163network activity, 1165–1166processor activity, 1163–1164System Monitor, 1177–1178

Performance Logs And Alerts, 1180–1186performance monitoring

acceptable-use policies, 1159baseline, 1159, 1160bottlenecks, 1158disk activity, 1164–1165documentation, 1158–1159Event Viewer, 1166–1170frequency, 1161

performance tuningmemory allocation, 1199–1200networks, 1202page file optimization, 1201–1202

Perl, 354–355, 372permissions. See also groups; NTFS permissions

access control, implementing, 757–759Active Directory schema, 445backups, 1229, 1246certificate templates, 815delegating control, 26, 343DFS namespaces, 650Group Policy Objects, 308–311home directory, 1084–1085IIS, 1062–1065indexing, 1018inherited, 272–273objects, 759planning, 69–70printers, 208–209protocols, 10registry, 1286–1288remote access, 836, 837–847RIS images, 942–943scripts, 362–363, 369share vs. file permissions, 268–269shared folders, 283trust relationships, 109–112types, 709UNIX interoperability, 880, 881

permissions


1418

persistent indexes, 1010personalized menus, 1341PFM (Pulse Frequency Modulation), 541phishing attacks, 787phrase searches, 1024–1027physical directories

information store, accessing, 23virtual directories, confusion with, 1056–1057

Physical Disk\ Avg. Disk Bytes/Transfer counter, 1165

Physical Disk\ Avg. Disk Sec/Transfer counter, 1163, 1165

Physical Disk\ Current Disk Queue Length counter, 1165

Physical Disk\ % Disk Time counter, 1165Physical Disk\ Disk Transfers/Sec counter, 1165Physical Disk resource type, 592, 606–608physical drives, 539physical media, 684physical media states, 679physical memory usage, 1162physical networks, documenting, 47PINs (password identification numbers), 710–711PKIs (public-key infrastructures). See public-key

infrastructures (PKIs)placeholders, remote storage, 687plain text e-mail handling, 787planning mode, Resultant Set of Policy, 317,

318–319platforms. See interoperability; operating systemsPlug and Play (PnP) drivers, 84–85Plug and Play (PnP) readers, 710–711pointer records, DNS, 524poisoning attacks, 520policies, remote access. See remote access policiespolicy agents, IPSec, 726–727policy management. See Group Policypolicy modules, 798, 813policy updates, 311–312polling settings, namespaces, 651pools, printer, 216POP3 (Post Office Protocol version 3), 1042ports

firewalls, 750inject/eject, 681NFS shared folders, 289PPTP, 854–855printers, 195–197, 216security options, 737terminal concentrators, 1315

post-Setup updates, installing, 159–161

power supply problems, 1251–1256PPP (Point-to-Point Protocol), 833PPTP (Point-to-Point Tunneling Protocol), 728,

854–855pre-shared keys, 874Preboot Execution Environment (PXE), 57predefined IPSec policies, 765–767predefined security templates, 741–744preinstallation environments, 61preinstallation phase, 92prestaging clients, RIS, 948–950previous operating systems, booting, 101–103primary domain controller emulator, 461–462primary domain controllers, 20, 37, 40, 106–107,

133–134primary partitions, 540primary recovery resources, 1205principal name suffix, 247principals, ACE, 25print jobs, 204–206, 220Print Management Console (PMC), 7, 199–204Print permission, 207print queue document management, 212–213, 216,

220print servers

adding, 199backups, 193connections, 207failures, handling, 218–219managing

command line, 207–208print jobs, 204–206Print Management Console, 7, 199–204Web browsers, 206

migrating, 192–193modifying, 200monitoring, 199–204remote server settings, 194size, 187status, 224upgrading, 192–193Windows NT domain upgrades, 118

PRINT$ share, 286Print Spooler resource type, 593print spooling, 212–213, 222, 225printer drivers, 214–216, 220Printer Migrator, 193printer objects, Active Directory, 427printer pools, 216printer ports, 216printer trays, 222

persistent indexes


1419

printersavailability, 209–210command line administration, 207–208connections, 188, 199, 202–204data types, 213–214deployment planning, 187–193filtered folders, 201–202group priorities, 209–210installing, 195–198location names, 188–190location tracking, 190–192, 225–226names, 188network recommendations, 190Other Network File and Print Services, 1350overview, 187performance optimization, 218Print Management Console, 7, 199–204publishing, 427Run As feature, 333–334security, 208–209separator pages, 210–211server clusters, 593shared, 286Web browsers, 206

printingcaptured frames, 1192process steps, 220troubleshooting

application print failures, 223client machine problems, 219–223fails to print, 222–223incorrect printing, 222location tracking, 225–226overview, 217physically checking, 224print server failures, 218–219print server status, 224stuck documents, deleting, 225

UNIX interoperability, 885–887prioritizing print jobs, 205private keys, 714–715, 761, 762private network addresses, 1125private networks, 590private news servers, implementing, 1102–1110privilege levels, UNIX interoperability, 882–883privileges assigned to groups, 243–245procedures, disaster recovery, 1206–1210process tracking real time, 1175–1180Process\ Working Set and Virtual Bytes counters,

1162processing order, Group Policy, 301

Processor\ % Interrupt Time counter, 1164Processor\ Interrupts/Sec counter, 1164Processor\ % Privileged Time counter, 1164Processor\ % Processor Time counter, 1163Processor\ % User Time counter, 1164processors

activity monitoring, 1163–1164adding, 1324–1325overview, 15Windows Terminal Services, 983–984

product activations, 64–65product keys, 56profiles

business, 866remote access policies, 850–852user

folders inside, 260local, 261logon scripts, 264–265mandatory, 264overview, 259–260roaming, 261–264

user objects, 421program restriction policies, 923–926projecting future business needs, 46promoting servers to domain controllers, 381–386proof of identity, 704proof of receipt, 710propagated ACEs, 26propagated permissions, 272–273properties

catalogs, 1019–1020certificate authorities, 812–815devices, 167package applications, 918–919Terminal Services connections, 1001–1004user accounts, 251–252

property cache, configuring, 1019–1020Protected Extensible Authentication Protocol

(PEAP), 705protocols. See also authentication; IP addresses;

TCP/IP802.11, 867–868BAP, 851DHCP, 487–489FTP, 1040–1041HTTP, 1038–1039IAS, 858–859IIS, 1037–1043IP, 470IPSec, 725–727

protocols


1420

protocols, continuedIPv6, 492–494Kerberos, 10, 722–724L2TP, 833LDAP, 487, 1116NetBIOS, 472NNTP, 1043NTLM, 724PPP, 833RDP, 1001–1004RFCs, 472–474routing, 480, 858S/MIME, 721–722SSL, 724–725TCP, 470–471UDP, 471UNIX interoperability, 883–884VPNs, 14WINS, 489–492Winsock, 471–472

proxies, RADIUS, 863–864proximity searches, 1024public-key cryptographic standards (PKCS), 712public-key encryption, 713, 722public-key infrastructures (PKIs)

certificates, 715–720CRLs, 817–819overview, 711–712private keys, 714–715public-key certificates, 714–715public-key vs. symmetric-key encryption, 713standards, 711–712

Public Key Management console, 324public networks, 590public news servers, implementing, 1102–1110published resources, directory services, 20publishers, certificate, 798publishing. See also sharing file resources

applications, 906–907certificates, 814CRLs, 818FTP sites, 1058–1061printers, 198, 427shared folders, 427Web sites, 1044–1047

Pulse Frequency Modulation (PFM), 541PXE (Preboot Execution Environment), 57PXE remote-boot compatible NIC, 951

Qquery forms, 1024–1027querying. See also Indexing Service

custom query forms, 1024–1027defined, 1010file not found errors, 1026inconsistent results, 1032indexes, 1023–1027No Documents Matched Query error, 1030–1031Resultant Set of Policy, 317

quorum resources, 592quotas

disk, 574, 630–634File Server Resource Manager, 618–624folders, 618–624Quota Management vs. disk quotas, 618volumes, 618–624

RR2 image additions, RIS, 939RADIUS

accounting, 862how it works, 860IAS servers for, 863multiple remote access servers, 861–863proxy, 863–864remote servers for, 862servers, 869, 870, 872

RAID-5 volumes, 541RAID (redundant array of independent disks), 68

availability, 1261costs, 1261defined, 540fault tolerance levels, 1260hardware, 544hardware vs. software, 1256–1257hot-spare systems, 1262hot-swap systems, 1262intended use, 1259levels, 1257–1259overview, 542, 1256performance considerations, 1261software, 1256–1257

RAMoverview, 15performance monitoring, 1162–1163Setup problems related to, 99Windows Terminal Services, 983, 988

Rank Descending sort method, 1032

proxies


1421

RAS servers, 133rating Web site content, 1093raw data types, 213raw protocol, 197rdisk numbers, 1217re-creating Master Boot Record, 102–103Read & Execute permissions, 270–271Read Only interaction level, 77read-only schema access, 446Read permissions, 270–271, 881, 1084real-time process tracking, 1175–1180rebuilding NNTP virtual servers, 1110recall limits, Remote Storage, 695recording performance data, 1173records, DNS, 524–527recovery. See also restores

agents, 773–774compromised systems, handling, 782drives, 1220encrypted files and folders, 773–774Remote Storage, 698–699Windows NT domain upgrades, 131–133

Recovery Console, 1218, 1353–1356recovery planning

iterating, 1210–1211overview, 1203–1204resource identification, 1205responses, developing, 1206–1209risk identification, 1204–1205testing procedures, 1209–1210

recovery preparationAutomated System Recovery disks, 1212–1215backups, 1212boot disks, 1216–1217fault tolerant system, 1211options, specifying, 1219–1220overview, 1211

recursion, 484, 529redeploying packages, 922redirecting folders, 313–317redirecting home directory, 1084redundancy, DHCP servers, 507–510referral settings, namespace, 649–650refreshing

CRLs, 720Group Policy, 311–312Refresh Servers commands, 993

.REG files, 1284Reg utility, 1288–1289REG_BINARY data type, 1277REG_DWORD data type, 1277

Regedit.exe, 1280–1281Regedt32.exe, 1280regeneration, 562REG_EXPAND_SZ data type, 1277REG_FULL_RESOURCE_DESCRIPTOR data type,

1278regional naming conventions, 33registered domain names, 384registering certificates, 717–718registering domain names, 36registry. See also registry editing; registry structure

backups, 1290–1291data, purpose of, 1267Indexing Service, 1021–1023redirection, 1269restores, 1292

registry editingadding keys or values, 1283best practices, 1267exporting data, 1283hives, 1285importing data, 1283overview, 1279.REG files, 1284Reg utility, 1288–1289Registry Editor, 1280–1288remote machines, 1285removing keys or values, 1283renaming, 1285search options, 1281–1282security, 1286–1288value contents, 1282

Registry Editor, 1280–1281Registry Redirector, 1269Registry security area, 741registry structure

32-bit vs. 64-bit, 1269data location, 1279data storage, 1277–1279data types, 1277–1278disk-based keys, 1278hives, 1279overview, 1268root keys, 1271–1272subkeys, 1273–1277value entries, 1277volatile keys, 1278

REG_MULTI_SZ data type, 1278REG_NONE data type, 1278REG_SZ data type, 1277reinstalling Windows, 1312

reinstalling Windows


1422

REJ (Microsoft Rapid Economic Justification), 46rejecting certificate requests, 822relative distinguished names (RDN), 22relative identifier master (RID), 464–465relay agents, DHCP, 511–513relay privileges, SMTP virtual servers, 1114releasing client address leases, 514reliability

DHCP servers, 489overview, 11TCP, 470

remote access policiesattributes, 848–850configuring, 848–852default, 837–838encryption, 852models, 838–847profiles, 850–852setting, 836

remote administrationActive Directory objects, 426consoles, custom, 329–330Device Manager, 1339disk management, 545Emergency Management Services

overview, 1312–1313requirements, 1314security, 1315setting up, 1315–1320

enabling, 162–163IIS, 1119–1120shares, 286tool installations, 335

Remote Administration (HTML), 1046, 1119–1120remote boot disks, 951remote certificates, 754–756remote computer event logs, 1169remote computer registries, 1285Remote Data Protocol (RDP), 1001–1004Remote Desktop

enabling, 162–163IIS installations, 1046installing, 1007–1008overview, 982vs. Windows Terminal Services, 981

Remote Desktop for Administration modeenabling, 988installing programs, 988–992overview, 983

Remote Differential Compression (RDC), 662Remote Installation Preparation (RIPrep), 945–947Remote Installation Services (RIS). See RIS (Remote

Installation Services)remote installations, 57–60remote operating system installations, 951–952remote scripts, 373remote servers. See also Terminal Services

configuring, 852–853RADIUS, 861–863routers, configuring as, 854smart cards, 754–756, 757

Remote Storageadditional volumes, 692configuring, 690–695data safety, 689–690, 695–697disabling, 693disaster recovery, 698–699include/exclude rules, 692manual tasks, 694media copies, 697–698overview, 686–688, 1351program compatibility, 688–689recall limits, 695setting up, 690–691system requirements, 690

remote virtual directories, 1054remote VPNs, 728remotely controlling Terminal Services sessions,

999–1000remotely scheduled tasks, 347Removable Storage

accessing, 680devices, 677libraries, 677, 680–682media identifiers, 678–679media pools, 677–678, 682–684media states, 679–680operator requests, 685overview, 676, 1222terminology, 677–680work queues, 685

removable storage, backups, 1221–1223, 1230removing

devices, 166logon history, 71Windows, 1326–1327

renamed Windows NT components, 1337–1343

REJ


1423

renamingActive Directory objects, 428Administrator accounts, 185built-in Administrator accounts, 71domain controllers, 428–429domains, 429filename conversions, 88–89files, creating, 88registry keys or values, 1285RIS images, 944user accounts, 256

Renew CA Certificate command, 812renewing

certificate authorities, 812certificates, 720client address leases, 514

repackaged applications, 905–908repair installations, 1300–1301repairing system. See recoveryreplacing

files at restoration, 1241power supplies, 1252print servers, 192–193printers, 205

replicas, domain controller, 387–388replication

domain controllers, 387–388, 434folders, 640, 652–655groups, 640, 652–660overview, 27, 37types, 436–438viewing objects, 438WINS, 534–535

reports. See also performance countersdisk quotas, 634Event Viewer, 1166–1170File Server Resource Manager, 615–617Server Performance Advisor, 1171–1175

Request Security security policy, 765requesting certificates, 762–763requests for comments (RFCs), 472–474Require Security security policy, 765reseal functionality, Sysprep, 89reservations, address, 504Reset Password command, 419resetting

passwords, 256, 419peak usage data, quotas, 621Terminal Services sessions, 995

resource domains, 118

resource escalation procedures, 1208resource identification, disaster planning, 1205resource records, 380–381resource sharing



overview, 267–268server clusters, 593share vs. file permissions, 268–269shared folders, 279–288

Respond Only security policy, 765responses, disaster recovery, 1206–1210restarting. See also recovery

catalogs, 1017computers, Recovery Console, 1353–1356IIS, 1065–1067print jobs, 205

restarts, Group Policy, 913Restore CA command, 812restores. See also backups

Automated System Recovery, 1301–1302backups, restoring from, 1311boot disks, 1298broken mirrors, 565certificate authorities, 812compromised systems, handling, 782DFS folder targets, 651DHCP databases, 514files, 1239, 1240Group Policy Objects, 313in-place upgrades, 1300–1301ISA 2004, 1151–1153Last Known Good Configuration option,

1296–1297Master Boot Record, 102–103media rotation, 1227mirrored boot partitions, 1299–1300options, 1241–1242overview, 1239, 1295

restores


1424

restores, continuedpossible failure causes, 1295–1296Recovery Console, 1353–1356registry, 1292Safe Mode option, 1297–1298server configurations, 1073system state, 1244–1246triaging situation, 1293–1295

Restricted Groups security setting, 741restriction policies, software, 923–926Resultant Set of Policy (RSoP), 317–320Resultant Set of Policy (RSoP) Wizard, 7resynching data, 562return on investment (ROI), 45reverse

lookup zones, 521lookups, 484–485proxies, 1144–1146

revoking certificates, 719–721, 817–819RFC 822 names, 24rights, user, 242–246RIPrep images, OEM drivers in, 85–86RIPrep (Remote Installation Preparation), 59–60,

945–947Riprep.sif, 941RIS (Remote Installation Services)

administeringGroup Policy settings, 935operating system images, 936–944Remote Installation Preparation, 59–60,

945–947RIS settings, 932–935RIS tool additions, 944user installations, 948–952

client prestaging, 948–950described, 1351headless server installations, 1317–1318how it works, 927–928installing, 930–932method comparisons, 57–58Remote Installation Preparation, 59–60servers, 67system recommendations, 929–930Windows versions supported, 928

risk assessmentsdeployments, 50–51disaster planning, 1205wireless security, 865

risk identifications, disaster planning, 1204–1205risk tolerance, wireless security, 866RIS.sif answer files, 72Ristndrd.sif, 941

RMS (Windows Rights Management Services), 729roaming profiles, 261–264rogue access points, 873–874, 875roles, server, 178–181, 460–467, 1044–1045rolling back installed drivers, 1302–1303root CAs, 715–717, 803, 819–820, 823–825root domains, 38, 41, 42, 390root folder shares, 286root hints, DNS, 531root keys

32-bit vs. 64-bit, 1269adding, 1283finding, 1281–1282hives, 1279overview, 1271–1272removing, 1283renaming, 1285subkeys, 1273–1277

root users, UNIX, 883rotating backup media, 1227, 1247router-to-router VPNs

demand-dial interfaces, 858examples, 832overview, 729, 855–857

routersdemand-dial interfaces, 857–858DHCP relay agents, 511–513IP settings, configuring, 174IPv6, 492–494overview, 479remote access servers as, 854subnets, 477–478WINS, 489–492

Routing and Remote Access (RRAS), 119, 133Routing and Remote Access Server Setup Wizard,

833–834routing flaps, 481Routing Information Protocol (RIP), 480routing protocols, 480, 858routing tables, 856, 858RPC External Data Representation component, 887RPC Port Mapper component, 888Run As feature, 331–334RunAs command, 362runaway recall limits, 695

SSAC (Special Administration Console), 1321–1323Safe Mode option, 1297–1298safe OS copies, 69sags, voltage, 1254Samba servers, 119, 886

Restricted Groups security setting


1425

same internal and external namespaces, 34–36sampling intervals, System Monitor, 1180SANs (storage area networks)

iSCSIsecurity, 673suggestions, 667targets, 672, 674

LUNs, 675–676overview, 663–666server connections, 670–671terminology, 665–666

saved indexes, 1011saving

alert settings, 1184event logs, 342, 1170log settings, 1184virtual machine states, 975

scalability, 14–15scans, indexes, 1011, 1020–1021scavenging, WINS, 536scheduled scripts, 362, 373scheduling

backups, 1234–1236AT command, 347–348cron, 348data collection groups, 1173deployments, 51domain upgrades, 136File Server Resource Manager reports, 615–617index merges, 1013Task Scheduler, 344–347

schema, Active Directoryattributes

adding, 452auxiliary class, adding, 452–453creating, 449–450display specifiers, 454–456object classes, creating, 451–452overview, 448

batch imports and exports, 457display specifiers, modifying, 454–456domain controller accessed, 447implementing, 25launching, 446–448LDIF, 457–459modifying, 448–453operations master roles, 460–467overview, 23, 445security, 445–446updates, 140–147

Schema Admins group, 109schema master, 462–463

scopesDHCP

activating, 504address reservations, 504creating, 499–503deactivating, 504migrating, 513modifying, 510

Group Policy Objects, 306–308groups, 228–229, 233–234, 236indexing, 1011

screening files, 624–630Script Source Access permissions, 1084Scriptomatic, 370scripts

additional resources, 374–375backup jobs, 1229credentials, 362–363error management, 367–369future considerations, 373–374I/O handling, 366–367IIS, 1047infrastructure

Active Scripting, 353COM interfaces, 354command shell, 353extending, 354–355overview, 352

logon, 264–265MSH, 373overview, 335–336, 351–352, 357path management, 363–365print management, 208scheduled, 362security, 369server clusters, 594translating script languages, 371–372what’s new, 355–356WMI, 370WSH scripts as console tools, 357–362

SCSI Shunt drivers, 973SCSI (Small Computer System Interface), 541search paths, Virtual Server, 966Search tool, 1340searches. See also Indexing Service

Active Directory objects, 408event logs, 340printers, 201–202querying indexes, 1023–1027registry keys and values, 1281–1282user accounts, 253–254

searches


1426

secondaryDNS servers, 516logons, 331–334print servers, 218–219recovery resources, 1205

Secure Multipurpose Internet Mail Extensions (S/MIME), 721–722

secure security templates, 742–743Secure Server (Require Security) policy, 765Secure Shell (SSH), 884Secure Sockets Layer (SSL), 724–725, 1043Secure Sockets Layer/Transport Layer Security

(SSL/TLS), 705security. See also authentication; certificates;

firewalls; permissionsaccess control, 709, 757–759Administrator accounts, 185analyzing, 747–749, 781–782auditing, 710, 778–781compromised systems, handling, 782data protection, 707–709deployment policies, 739IIS, 1062–1065IPSec policies, 764–772ISA 2004 server, 1131, 1136–1138iSCSI, 673local data, 773–778nonrepudiation, 710overview, 9–10, 703–704, 733planning, 69–70post-Setup updates, installing, 159–161precautions, 184software restriction policies, 923–926UNIX interoperability, 880VPNs, 727–729Web sites, 1086–1092Windows Rights Management Services, 729

security accountsFTP sites, 1098–1099planning, 69–70

Security Accounts Manager (SAM), 1274, 1279Security Configuration and Analysis, 746–749Security Configuration Wizard, 734–739, 1351security databases, 746–747Security group, 424security groups

folder redirection, 316overview, 228policy settings needed, 307–308

SECURITY hive, 1279security identifiers (SIDs), 25, 889

security logs, 780–781, 1167security policies

deploying, 739domains, 38, 39–40options, 735organizational units, 38Security Configuration Wizard, 734–739templates, 739–745

security principal names, 247security templates


security tokens, 229security updates, 783seizing

domain naming master roles, 464infrastructure master, 466–467PDC emulator roles, 461–462relative identifier master roles, 465schema master roles, 463

self-signed certificates, 715Send Mail command, 419.sep files, 210–211separator pages, 210–211Serial ATA (SATA), 542Serial Port Console Redirection (SPCR), 1316server-based conflict detection, 511Server\ Bytes Total/Sec counter, 1166server clusters, 1263

capacities, 597–598configuring, 595–597creating, 598–611failback policies, 595failover policies, 595groups, 591, 604–606networks, 590nodes, 591overview, 576, 590–592resources, 592–595, 604–611scenarios, 577–579

Server for NFS Authentication component, 887Server for NFS component, 887, 896–897

secondary


1427

Server for NIS component, 897server identity, changing, 169server-level administration, IIS, 1071–1075, 1096Server Message Block (SMB), 885–886server objects, Active Directory, 436, 439–440Server Performance Advisor, 1171–1175Server (Request Security) policy, 765server roles

adding, 178–179Application, 1044–1045architecture improvements, 106–107options, 178–181planning, 66–67removing, 178–179security options, 736–737setting up, 178–181

server/server protocols, 1038–1043Server\ Server Sessions and Server\ Logon/sec

counter, 1166Server\ Work Item Shortages counter, 1166Server Work Queues\ Queue Length counter, 1164servers. See also IIS (Internet Information Services);

performance; print servers; Terminal Services

backups, 1072–1073configurations, planning, 66–70DFS, 642dial-up clients, 834–835first server, configuring, 181–183Global Catalog, 394–395inventory, taking, 118–120NAT, 835–836processors, adding, 1324–1325promoting to domain controllers, 381–386remote access, 833–834, 852–853, 854security, 69–70settings, configuring, 169–177system requirements, 67–68types, 66–67upgrade requirements, 137upgrading to Windows Server 2003, 149–151Virtual Server

administering, 978–979alternatives to, 979configuring, 961–966IIS, 956–958installing, 956–961overview, 955–956

Windows NT domain upgrades, 118service packs, 82–83, 784

servicesexisting, inventorying, 48locations, resource record for, 380optional components, 1345–1352registry information, 1276server clusters, 595status information, 1307–1308

sessionscredentials, scripting, 362FTP, 1040, 1097HTTP, 1038NNTP, 1043, 1110Terminal Services, 982–983, 992–1000

settings available on network computers, 902Setup. See installations; upgrading to Windows

Server 2003Setup-based installation methods, 57–58Setup Manager, 72–77Setup.log, 1215SFU (Windows Services for UNIX), 354shadow

copies, 574, 595indexes, 1011merges, 1011

share-level permissions, 283share names, printers, 188share permissions vs. file permissions, 268–269shared folders. See also distribution shares

creating, 281–283File Server Management tool, 279–281net share command, 287–288NFS, 288–292overview, 279permissions, 283publishing, 427removing, 284simultaneous connections, 284–285special shares, 285–286tool options, 279user disconnections, 284

Shared Folders snap-in, 279shared nothing clusters, 589shared printers, 286shared resources, server clusters, 593shared secrets, 860SharePoint Services, 1352Sharing And Security option, Windows Explorer,

279sharing directory with NFS, 895–896

sharing directory with NFS


1428

sharing file resourcesActive Directory publishing, 292–293hiding, 283NFS shared folders, 288–292NTFS permissions


overview, 267–268share vs. file permissions, 268–269shared folders, 279–288

sharing Web, 1056Shavlik HFNetChkPro, 796short names, converting, 88–89short-term power outages, 1255shut down problems, 1325–1326Shutdown Event Tracker, 1323–1324side media states, 679signatures, digital, 708–709, 713, 721–722, 725–727signed messages, 721signed receipts, 710silent software installations, 63simple volumes, 540simulation options, Resultant Set of Policy, 318simultaneous connections, 284–285single

continuous namespaces, 30, 38–39, 41domain across subnet boundary, 491domain tree structure, 38–39network adapter in multicast mode, 582network adapter in unicast mode, 582, 583sign-ons, 707

single-domain model, 121single-drive data protection, 695Single Instance Store (SIS), 928single-layer expensive disk (SLED), 541single-master-domain model, 121–123single-master domains, 39, 41single-master replication, 378, 436single-master schema operations, 446site-level administration, IIS, 1075, 1096–1101site topology, domain upgrades, 130–131sites, Active Directory

connection objects, 439–440domain replication, 436–438overview, 108, 433–434

replication objects, 438server objects, 439–440site link bridge objects, 444site link objects, 443site links, 444site objects, 434–436, 438–439subnet objects, 441–442

sites, FTPanonymous access, 1098–1099authentication, 1098–1099configuration backup files, 1072–1073creating, 1058–1059default, 1058directory-level properties, 1076, 1101file-level properties, 1077home directory, 1100–1101identities, 1097messages, 1100other site types, 1058overview, 1058properties, 1096–1101security, 1062–1065server-level properties, 1096site-level properties, 1075, 1096–1101starting, 1065–1067stopping, 1065–1067testing, 1059–1060virtual directories, 1060–1061

sites, Web. See also Indexing Service; ISA 2004client restrictions, 1088–1089configuration backup files, 1072–1073connections, 1048–1049content expirations, 1093content ratings, 1093creating, 1049–1052default, 1047–1048directory-level properties, 1076file-level properties, 1077home directory, 1083–1085HTTP, 1038–1039identities, 1079IP addresses, 1079–1080other types, 1049security, 1062–1065, 1089–1092server properties, 1073–1075site-level properties, 1075starting, 1065–1067stopping, 1065–1067testing, 1052virtual directories, 1053–1057

sharing file resources


1429

sizecache, 1201capture buffers, 1190clusters, 569event logs, 341–342indexing, 1012–1013LUNs, 676security logs, 780

Size registry value, 1201slash notations, subnet masks, 478slow indexing, 1033slow links, software installations, 914–915Small Computer System Interface (SCSI), 541Smart Card Enrollment station, 752, 753smart cards, 706, 710–711, 752–756SMB (Server Message Block), 885–886SMS 2003 Operating System Deployment Feature

Pack, 59SMS (Systems Management Server), 59–60, 63, 67,

795, 903SMTP (Simple Mail Transfer Protocol)


snap-ins, Microsoft Management Console, 6snapshot configuration settings, 1072–1073snapshot storage reports, 618soft quotas, 619software. See also software management; software

patchesdistribution points, 908–909Emergency Management Services, 1314inventory, taking, 48RAID, 1256–1257registry information, 1275–1276support changes, 113system information gathering, 1306–1307updates, 61–62, 83–84, 783upgrading to Windows Server 2003, 113

SOFTWARE hive, 1279Software Installation feature, Group Policy, 6

software management. See also deployment environments; RIS (Remote Installation Services)

deployment options, 5–6, 62–63Group Policy Software Installation extension,

901–902, 908–915Microsoft Operations Manager, 903packages

application property changes, 918–919Group Policy, adding to, 915–916modifications, 920–922native Windows Installer, 904overview, 915redeploying, 922removing, 922upgrades, 919–920

repackaged applications, 905–908restriction policies, 923–926Systems Management Server, 903technology options, 903–908Terminal Services, 988–992.zap files, 904–905

software patchesdeployment testing, 789–791obtaining, 791–795overview, 783–785phases, 785–789third-party products, 795–796

space. See also disk management; storageindexing, 1012–1013memory usage monitoring, 1162–1163partitions, 558Windows Terminal Services, 983, 988

spanned volumes, 540, 561Special Administration Console (SAC), 1321–1323special NTFS permissions, 274–276special shares, shared folders, 285–286speed, printing, 212–213spikes, 1253–1254splitting address space between servers, 508SPM printer ports, 194spooling, print, 212–213, 222, 225SQL Servers, 67SRV (DNS resource record), 380SSH (Secure Shell), 884SSID hiding, 871SSL (Secure Sockets Layer), 724–725, 1043,

1089–1092SSL/TLS (Secure Sockets Layer/Transport Layer

Security), 10, 705staging applications during Setup, 63

staging applications during Setup


1430

stale records, DHCP, 506standalone

CAs, 716, 802, 822namespaces, 638root CAs, 803servers, 107subordinate CAs, 803

Standard Edition, Windows Server 2003, 4–5standard escalation procedures (SEPs), 1208–1209standard operating procedures (SOPs), 1206–1208standard port monitors, 196Start menu customizing, 1341Start Service command, 810starting computer from CD-ROM, 1353–1356startup troubleshooting, 1309–1311stateful packet filtering, 1126Stateful Packet Inspection (SPI), 1126states, virtual machines, 975static

addressing, 173entries, WINS, 536load balancing, 595routing, 856, 858

statistical failure rates, 1250–1251status

print servers, 224RIS servers, 932security information, 781–782

Stop Service command, 810stopping

certificate authorities, 810computer when log full, 342CRL publications, 818IIS, 1065–1067printing, 205, 206, 208running tasks, 346Task Scheduler, 346virtual machines, 975

storage. See also disk managementbackups, 1221–1223, 1230certificates, 814configuring, 168–169DFS, 1262disk activity monitoring, 1164–1165Distributed File System

installations, 644overview, 634–635terminology, 637–641what’s new, 636


GPO information, 297Indexing Services, 1012–1013overview, 13, 613registry, 1277–1279Remote Storage, 686–699, 1351Removable Storage, 676–686

storage area networks (SANs)iSCSI

security, 673suggestions, 667targets, 672, 674

LUNs, 675–676overview, 663–666server connections, 670–671terminology, 665–666

Storage Manager For SANsconsole nodes, 669installing, 668–669overview, 663

streams, script I/O handling, 366striped volumes, 541structural classes, 452structural domains, 127stuck documents, deleting, 225subdomains, DNS, 522–524subfolders

distribution shares, 81quota management, 618–624

subkeys, 1273–1277, 1279subnet masks, 477subnet objects, Active Directory, 436, 441–442subnets

adding, 173overview, 433, 477–478routers, 479WINS, 489–492

subordinate CAs, 715–717, 803, 823–825Subsystem for UNIX-Based Applications (SUA),

354, 897–898, 1228subtrees, Active Directory, 21suffixes, UPNs, 402super users, UNIX, 883superscopes, DHCP, 500Support Tools, 335, 1357–1361

stale records


1431

surge protectors, 1253–1254surges, power, 1254switched environments, clusters, 589–590switching functional levels, 151–158symbolic links, 882symmetric encryption, 713, 722Sysocmgr.exe, 80Sysocmgr.ini, 80Sysprep, 89–90Sysprep Mini-Setup, 58–60Sysprep.inf answer files, 72system assessments, current, 46–48System catalog, 1015system configuration settings. See registrySystem Configuration Utility, 1309–1311system failures. See also system recovery;

troubleshootingclustering, 1263DFS, 1262disk arrays, 1256–1262measuring, 1250–1251power supply problems, 1251–1256

System File Checker, 1311SYSTEM hive, 1279System Information utility, 1306–1307System Information, viewing, 1341–1342system logs, 1167System Monitor, 1175–1180system preparations, installations, 91System\ Processor Queue Length counter, 1164system recovery

agents, 773–774compromised systems, handling, 782drives, 1220encrypted files and folders, 773–774Remote Storage, 698–699Windows NT domain upgrades, 131–133

system recovery planningiterating, 1210–1211overview, 1203–1204resource identification, 1205responses, developing, 1206–1209risk identification, 1204–1205testing procedures, 1209–1210

system recovery preparationAutomated System Recovery disks, 1212–1215backups, 1212boot disks, 1216–1217fault tolerant system, 1211options, specifying, 1219–1220overview, 1211Recovery Console, 1218

system requirements, 67–68System Services security area, 741system state backups, 1242–1243, 1290–1291system state restores, 1244–1246System tool recovery options, 1219–1220system updates. See updatesSYSVOL share, 286

Ttape backups, 1220, 1222targets

DFS folders, 640, 651iSCSI, 672, 674

Task Scheduler, 344–347, 1237task scheduling. See schedulingTCP/IP. See also DHCP (Dynamic Host

Configuration Protocol); DNS (Domain Name System); name resolution

accessing, 1342administration, 495advanced options, 173–177configuring, 171–177directory services, 18dynamic addressing, 171–172firewalls, 476–477FTP, 1040–1041HTTP, 1038–1039IP addresses, 474–476IP settings, configuring, 173IPv6, 492–494LDAP, 487NetBIOS, 472NNTP, 1043options, changing, 177overview, 469–470RFCs, 472–474routers, 479SMTP, 1041–1042static addressing, 173subnets, 477–478TCP, 470–471UDP, 471UNIX printing, 885–887WINS, 176–177, 489–492, 532–537Winsock, 471–472

TCP (Transmission Control Protocol), 470–471Telnet, 884templates

certificates, 719, 799–801, 815–817file screening, 628–629Group Policy, 296, 298quotas, 622–624

templates


1432

templates, continuedsecurity


user object creation, 418temporarily stop printing, 205, 206, 208temporarily stop running tasks, 346terminal concentrators, 1315Terminal Server Client Access License (CAL), 1007Terminal Server licensing, 64Terminal Server roles, 985–987Terminal Services

administrationlicensing, 1005–1007overview, 982–983sessions management, 993–1000Terminal Services Configuration MMC,

1000–1004Terminal Services Manager, 992–1000tools listed, 992

capacities, 985Change command, 990–992clusters, 578installation considerations, 985–992installing programs, 988–992overview, 8–9, 981–983Remote Desktop, 981Remote Desktop for Administration mode, 988requirements, 983–984

Terminal Services Configuration MMC, 1000–1004Terminal Services Licensing MMC, 1005–1007Terminal Services Licensing server, 1005–1007Terminal Services Manager, 992–1000test labs, 65–66test network deployments, patches, 789–790testing. See also Virtual Server

Active Directory functionality, 140–141disaster recovery plans, 1209–1210domain upgrades, 136FTP sites, 1059–1060patch deployments, 789–791remote administration, 1120

user accounts, 252–253virtual directories, 1061Web sites, 1052

text-based file zone storage, 486text data type, 214text-mode Setup phase, 92text searches, 1024–1027text streams, 366thin clients, 8third-party

backup tools, 1291product patches, 795–796utility backups, 1246–1247

thread execution, 1164ticket-granting service (TGS), 723ticket-granting ticket (TGT), 723time

backup scheduling, 1234–1236backup windows, 1224Boot menu timeouts, 102logon hours permitted, 248monitoring frequency, 1161processor activity, 1163–1164

timely contacts, 437timeouts, Boot menu, 102TKIP (Temporal Key Integrity Protocol), 869TLS (Transport Layer Security), 1043tools, administrative

auditing eventsarchiving logs, 342categories, 336–338enabling, 337–338filtering logs, 341log size, 341–342object settings, 338–339overview, 336–338searching logs, 340viewing logs, 339

AT command, 347–348cron, 348delegating control, 26, 343–344IIS, 1044–1047installing locally, 334installing remotely, 335Management And Monitoring Tools, 1349MMC, 323–330overview, 323remote access policies, 838–847scripts, 335–336, 1047secondary logons, 323–330Support Tools, 335Task Scheduler, 344–347

temporarily stop printing


1433

top level domains, 482total cost of ownership (TCO), 45trace logs, 1181–1184tracking. See logstraffic. See also connectivity

documenting, 47routers, 479

transfer protocols, 1040–1041transferring

domain naming master roles, 463infrastructure master, 466PDC emulator roles, 461relative identifier master roles, 465schema master roles, 462zones, 527

transforms, 920–922transitive trusts, 37, 39, 111–112, 401–402translating addresses to friendly names. See DNS

(Domain Name System)translating NetBIOS names and addresses. See

WINS (Windows Internet Name Service)translating script languages, 371–372Transport Layer Security (TLS), 1043trees

Active Directory, 21, 108child domains, 388–389creating, 390domain namespace, 482multiple domain structure, 40–42names, 30

triage process troubleshooting, 1293–1295troubleshooting. See also troubleshooting printing

boot modes, 1298devices, 168diagnosing problem, 1302–1303Emergency Management Services

overview, 1312–1313requirements, 1314security, 1315setting up, 1315–1320

Help And Support Center tools, 1304–1306HTTP sessions, 1038Indexing Service, 1030–1033installations, 98–103overview, 1293possible failure causes, 1295–1296reinstalling Windows, 1312rolling back installed drivers, 1302–1303services, checking, 1307–1308shut down problems, 1325–1326

Shutdown Event Tracker, 1323–1324System Configuration Utility, 1309–1311System File Checker, 1311System Information utility, 1306–1307triage, 1293–1295uninstalling Windows, 1326–1327

troubleshooting printingapplication print failures, 223client machine problems, 219–223fails to, 222–223incorrectly, 222overview, 217print server failures, 218–219print server status, 224printer location tracking, 225–226printer physical checks, 224stuck documents, deleting, 225

trust relationshipsActive Directory Domains and Trusts snap-in,

395–403documenting, 117federated identity management, 430managing, 400–402multiple domain structure, 41nontransitive, 110, 401–402overview, 10, 109transitive, 37, 39, 111–112Windows NT, 110–112Windows NT domain upgrades, 117

trusted CAs, 716–717trusted certificate distribution, 819–822trusted computing base (TCB), 25TS Device CALs, 64TS External Connector CALs, 64TS User CALs, 64Tsadmin.exe, 992–1000tuning

bottlenecks, 1158Indexing Service performance, 1028–1029memory allocation, 1199–1200monitoring frequency, 1161monitoring options, 1160–1166monitoring performance impact, 1161networks, 1202page file optimization, 1201–1202strategies, 1161

tunneling protocols, 856turning off virtual machines, 975two-way trust relationships, 111–112Typical Configuration For A First Server option, 181

Typical Configuration For A First Server option


1434

UUDDI (Universal Description, Discovery and

Integration), 1351UDP (User Datagram Protocol), 471, 885UID (user identity), 889, 897unattended installations

answer files, 94image-based installations, 58–60optional components, 80Setup-based installations, 57–58Windows Server 2003 R2, 78–79

Unattend.txt answer files, 72unauthorized wireless access points, 873–874, 875UNC names, 24Under Construction messages, 1049uninstalling devices, 166uninstalling Windows, 1326–1327Universal groups, 383universal scope, groups, 229, 233UNIX backups, 1228UNIX interoperability

connectivity, 883–884file listing, 880–882file systems, 885–886identity management, 897Microsoft Services for NFS

Client for NFS, configuring, 894–895connections, 892–894NFS shares, creating, 895–896overview, 887–888Server for NFS, configuring, 896–897User Name Mapping, configuring, 889–892

overview, 879printing, 885–887security, 880symbolic links, 882Windows Subsystem for UNIX-Based Applica-

tions, 897–898UNIX shells, 354–355unknown risks, disaster planning, 1204unloading hives, 1285unlocking user accounts, 257unused physical memory, 1162update rollups, 784Update Root Certificates, 1352updated interface items, 1331–1335updates

Active Directory schemas, 140–147applications, 907–908Automated System Recovery disks, 1216automatic, 791–795

defined, 784disaster plans, 1210–1211distribution shares, 83–84DNS root hints, 531options, 61–62patches

obtaining, 791–795overview, 783–785phases, 785–789third-party products, 795–796

policies, 311–312post-Setup, installing, 159–161recovery plans regularly, 1208Windows Server Post-Setup Security Updates win-

dow, 159–161upgrade packages, 919–920upgrading clients to Windows XP, 147–148upgrading to Windows Server 2003

architectual changesActive Directory, 107–112domain controllers, 106–107server roles, 106–107

domain controllers, 391domain upgrades

documenting existing network, 116–120vs. migrating, 114–115overview, 114

hardware support, 112–113overview, 105preparing computers, 138–140preparing domains, 137–138print servers, 192–193server requirements, 137server upgrades, 149–151software support, 113Web service extensions, 1117–1119

UPN (user principal name) suffixes, configuring, 402

UPS (uninterruptible power supply), 1251–1256USENET system, 1043, 1102user accounts. See also groups

deleting, 255disabling, 254domains, 250–251enabling, 254finding, 253–254local, 251managing, 253–257moving, 255names, 247, 256options, 248

UDDI


1435

overview, 247passwords, 249–250, 256properties, setting, 251–252remote access permissions, 838–840testing, 252–253unlocking, 257

user CALs, 63–64User Configuration node, 304–305User Controlled interaction level, 77user interaction levels, installation, 77User Manager, 1342User Manager for Domains, 1342User Name Mapping component, 288–289, 887,

889–892user names, 248user profiles

copying, 946folders inside, 260local, 261logon scripts, 264–265mandatory, 264overview, 259–260registry, 1279roaming, 261–264

user-related policies, GPOs, 296users. See also authentication; directory services;

groups; permissionsaccess control, implementing, 757–759data on network computers, 902defining, 242–245group rights, assigning to, 245–246home folders, 257–258local rights, assigning, 246names, 248objects, 417–423shared folder disconnections, 284UNIX, 882–883

Vvalidating certificates, 716–717values, registry

adding, 1283contents, editing, 1282finding, 1281–1282overview, 1277removing, 1283renaming, 1285

variable length subnet masks, 478VBScript, 353, 368, 372Version 1 templates, 719, 815Version 2 templates, 719, 815

versionsinformation, checking, 1311upgrades, EMS, 1319–1320Windows Server 2003, 4–5

video files, saving, 625View Options, 1342view settings, devices, 166viewing

Active Directory objects, 404–411captured frames, 1189–1190current Web settings, 1117–1119device properties, 167devices, 165–166network components, 170–171newsgroups, 1108NNTP sessions, 1110physical memory usage, 1162print status, 200quotas, 621recorded performance data, 1173scheduled tasks, 347security analysis, 747–749security logs, 780–781servers, 993service status information, 1307–1308System Information, 1341–1342System Monitor information, 1178–1180Terminal Services information, 992–1000virtual networks, 962WINS items, 536

virtual directoriesFTP sites, 1060–1061icons, 1056–1057Web sites, 1053–1057

Virtual Directory Creation Wizard, 1054–1055, 1060–1061

virtual disk patch testing, 789–790Virtual Machine Additions, installing, 977–978Virtual Machine Remote Control (VMRC), 966,

974–975virtual machines

CD/DVD drives, 969–971configuring, 975–977creating, 967–968default settings, 968–973device captures, 969direct remote connections, 966, 974–975operating systems, installing, 973options while running, 975–976options while stopped, 976–977SCSI Shunt drivers, 973

virtual machines


1436

virtual machines, continuedsearch paths, 966starting first time, 971–973stopping, 975Virtual Machine Additions, installing, 977–978Virtual PC, 979VMWare Workstation, 979

virtual memory counters, 1162virtual network cards, 962virtual networks, 962–965Virtual PC (VPC), 979virtual printer folders, 201–202virtual private networks (VPNs). See VPNs (virtual

private networks)virtual roots, 1011Virtual Server

administering, 978–979alternatives to, 979configuring, 961–966deployment testing, 789–790IIS, 956–958installing, 956–961overview, 955–956properties, configuring, 965–966virtual machines

configuring, 975–977creating, 967–968default settings, 968–973device captures, 969Virtual Machine Additions, installing, 977–978

virtual networks, 962–965virtual servers. See FTP sites; Network News

Transfer Protocol (NNTP); SMTP (Simple Mail Transfer Protocol); Web sites

virtual teams, 979virtual test environments, 65–66viruses

Master Boot Record, 99software updates, 61

VMWare Workstation, 789–790, 979volatile keys, 1278voltage variations, 1252–1255Volume Shadow Copy Service Task resource type,

595volumes. See also Remote Storage

converting FAT to NTFS, 565creating, 549–551deleting, 557–558drive letters, 569–570extending, 559–560formatting, 555, 566–568

licensing, 65mirrors, 561–565mounted, 552mounting, 570–571names, 567quota management, 618–624

VPNs (virtual private networks)components, 833configuring, 853–858demand-dial interfaces, 857–858IAS, 858–863Internet connections, 853ISA 2004, 1141–1144overview, 727–729, 831–832PPTP filters, 855PPTP ports, 854–855protocols, 833router-to-router, 855–857server as router, configuring, 854wireless security, 871

WW3C extended log file format option, 1081wait states, RAM, 99Web applications

overview, 14settings, 1085

Web browsersallow browsing, 1136–1138print server management, 206

Web Edition, Windows Server 2003, 4–5Web servers, 577, 1038Web service extensions, 1117–1119Web Services for Management (WS-Man), 374Web sharing, 1056Web Site Creation Wizard, 1049–1052Web site management. See also Web sites

document options, 1085–1086home directory options, 1083–1085HTTP errors options, 1094–1095HTTP headers options, 1093–1094ISAPI filter options, 1082overview, 1078performance options, 1082security options, 1086–1092site options, 1078–1081

Web sites. See also Indexing Service; ISA 2004client restrictions, 1088–1089configuration backup files, 1072–1073connections, 1048–1049content expirations, 1093

virtual memory counters


1437

content ratings, 1093creating, 1049–1052default, 1047–1048directory-level properties, 1076file-level properties, 1077HTTP, 1038–1039identities, 1079IP addresses, 1079–1080other types, 1049security, 1062–1065, 1089–1092server properties, 1073–1075site-level properties, 1075starting, 1065–1067stopping, 1065–1067testing, 1052virtual directories, 1053–1057

weekly backups, 1235well connected networks, 433When Idle backup option, 1235Wi-Fi Protected Access (WPA), 869–870, 871wildcards, 1232, 1282Windows 98 upgrades, 148Windows 2000 functional level, 151–153Windows client deployment planning, 5–6Windows Clustering, 576Windows Computer Cluster Server 2003, 4–5Windows Explorer, 1343Windows Firewall

NFS shared folders, 289overview, 750–751post-Setup updates, installing, 161remote administration, 163

Windows Internet Name Service (WINS). See WINS (Windows Internet Name Service)

Windows Load Balancing Service, 1263Windows Management Instrumentation (WMI)

best practices, 370overview, 354what’s new, 356

Windows Me upgrades, 148Windows Media Services, 1352Windows NT 3.51 servers, 119Windows NT domain controller upgrades, 391Windows NT domain upgrades

Active Directory forests, planning, 121–131Active Directory Migration Tool, 115compatibility issues, 118–120DNS names, 128–129DNS namespaces, 118documenting current network, 116–120domain models, 117, 121–128

guidelines, 133–137vs. migrating, 114overview, 114recovery plans, 131–133site topology, 130–131trust relationships, 117

Windows NT Explorer, 1343Windows NT functional level, 154–156Windows NT interface changes, 1337–1343Windows NT LAN Manager (NTLM), 705, 724Windows NT RRAS servers, 119Windows NT server roles, 106–107Windows NT system policies, 297Windows NT trust relationships, 110–112Windows page file optimization, 1201–1202Windows PE, 944Windows Product Activation (WPA) provider, 941Windows Rights Management Services (RMS), 729Windows Scripting Host (WSH)

COM interfaces, 354overview, 353scripts as console tools, 357–362scripts, running, 336what’s new, 356

Windows Server 2000 mixed functional level, 154–156

Windows Server 2000 native functional level, 154–156

Windows Server 2003availability, 11changes in, 15communications, 13–14deploying, 5–6file system, 13installing, 149interface changes, 1331–1335Internet services, 14interoperability, 9.NET application services, 14network management, 6–9planning considerations, 15reliability, 11scalability, 14–15security, 9–10storage, 13upgrading, 150–151versions, 4–5

Windows Server 2003 Backup program, 1228–1236

Windows Server 2003 Backup Wizard, 1237Windows Server 2003 functional level, 151–156

Windows Server 2003 functional level


1438

Windows Server 2003 interim functional level, 151–156

Windows Server 2003 R2 images, 939Windows Server 2003 R2 Setup, 78–79Windows Server 2003 scripting. See scriptsWindows Server 2003 Support Tools, 1357–1361Windows Server Post-Setup Security Updates

window, 159–161Windows Server Update Services (WSUS),

792–795, 907Windows Services for UNIX (SFU), 354Windows Setup, 57–58, 92Windows SharePoint Services, 1352Windows Sockets (Winsock), 471–472Windows Subsystem for UNIX-Based Applications,

897–898Windows Terminal Services (WTS)

administrationlicensing, 1005–1007overview, 982–983sessions management, 993–1000Terminal Services Configuration MMC,

1000–1004Terminal Services Manager, 992–1000tools listed, 992

capacities, 985Change command, 990–992installation considerations, 985–992installing programs, 988–992overview, 981–983Remote Desktop, 981, 1007–1008Remote Desktop for Administration mode, 988requirements, 983–984

Windows Update, 62, 791Windows XP client upgrades, 147–148Windows XP Tablet Edition, 56Winnt32.exe, 57, 95–97Winnt.exe, 57, 97–98WINS resource type, server clusters, 593WINS (Windows Internet Name Service)

address assignments, 172clients supported, 532database compacting, 537determining if need, 532DFS without, 644DNS, resolution within, 529installing, 533options, 489–492overview, 532

replication partners, 534–535server preparation steps, 533server setup, 532–537servers, 67, 119settings, configuring, 176–177snap-in functionality, 536viewing options, 536

Wired Equivalent Privacy (WEP), 869, 871wireless

security802.11 protocols, 867–868deployment scenarios, 872–875encryption, 868–870guest access, 872, 874managed clients, 873, 874options, 870overview, 865risk assessments, 865risk tolerance, 866rogue access points, 873–874, 875

subnet masks, 479wires, network, 470WMIC tool, 370word lists, 1011word searches, 1024–1027work queues, 685working directories, command shells, 363Wow6432Node subkey, 1276WPA (Windows Product Activation) provider, 941WPA2 encryption, 870wrapper scripts, 358–362Write permissions, 270–271, 881, 1084WScript.Echo statement, 367Wscript.exe, 336WSH (Windows Scripting Host). See Windows

Scripting Host (WSH)WTS (Windows Terminal Services). See Windows

Terminal Services (WTS)WWW publishing service, 1044–1047WWW site management

document options, 1085–1086home directory options, 1083–1085HTTP errors options, 1094–1095HTTP headers options, 1093–1094ISAPI filter options, 1082overview, 1078performance options, 1082security options, 1086–1092Web site options, 1078–1081

Windows Server 2003 interim functional level


1439

Xx64 architecture, 5x64 environment testing, 790x64 images enabled, 938x64 printer driver support, 214x86 images enabled, 938X.500 directory standard, 19

Z.zap files, 904–905, 917zones, DNS

caching-only servers, 531–532creating, 521–522forwarders, 529–531resource records, 524–527storage, 486–487subdomains, 522–524transfers, 527WINS resolution, 529

zones


Index []€¦ · .BKF files, 1223 blocking file types saved, 624–630 Group Policy inheritance,...

Documents

Transcript of Index []€¦ · .BKF files, 1223 blocking file types saved, 624–630 Group Policy inheritance,...