book

Microsoft® Windows Server™ 2003 Inside Out

by William R. Stanek

June 2004

Intermediate to advanced

1488 pages

45h 53m

English

Microsoft Press

Read now

Unlock full access

What's on the CD
Text Conventions

What's New in Windows Server 2003Windows Server 2003, Standard EditionWindows Server 2003, Enterprise EditionWindows Server 2003, Datacenter EditionWindows Server 2003, Web Edition
.NET Framework Technologies.NET Framework Layers
Windows XP and Active DirectoryInstalling Windows Server 2003 Administration Tools on Windows XP
IPv6 SupportIETF Security Standards SupportXML Web Services Support
Simple and Classic Start MenusImprovements for Active Directory ToolsOther Tool Improvements
Domains Can Be RenamedActive Directory Can Replicate SelectivelyActive Directory–Integrated DNS Zones Can Forward ConditionallyActive Directory Schema Objects Can Be DeletedActive Directory and Global Catalog Are OptimizedActive Directory Can Compress and Route SelectivelyForest-to-Forest TrustsActive Directory Migration Made Easier
Group Policy Management ConsoleSoftware Restriction Policies in Group PolicyPolicy Changes for User Profiles
Remote Administration Gets a Face-LiftEnhanced File Management by Using DFSImproved Storage and File System OptionsChanges for Terminal ServicesPrinter Queue RedundancyRemote Installation ServicesHeadless Servers and Out-of-Band Management
Windows Server 2003 Feature Lock DownIPSec and Wireless SecurityMicrosoft .NET Passport Support
Automatic System RecoveryAutomatic UpdatesImproved Verification and System Protection
Overview of PlanningThe Microsoft Solutions Framework Process ModelYour Plan: The Big Picture
Microsoft Solutions Framework Team ModelYour Project Team
The Business PerspectiveIdentifying IT GoalsExamining IT–Business InteractionPredicting Network Change
Evaluating the Network InfrastructureAssessing SystemsIdentify Network Services and ApplicationsIdentifying Security InfrastructureReviewing Network AdministrationNetwork Administrative ModelDisaster RecoveryNetwork Management Tools
Specifying Organizational ObjectivesSetting the ScheduleShaping the BudgetAllowing for ContingenciesFinalizing Project Scope
Defining Domain and Security ArchitectureAssess Domain Architecture and ChangesImpact on NetworkIdentify Security RequirementsChanging the Administrative ApproachManagement ToolsSelect and Implement StandardsChange ManagementThinking about Active DirectoryDesigning the Active Directory NamespaceManaging Domain TrustsIdentifying Domain and Forest Functional LevelDefining Active Directory Server RolesPlanning for Server UsageServer RolesDetermining Which Windows Edition to UseUsing Windows Server 2003, Standard EditionUsing Windows Server 2003, Enterprise EditionUsing Windows Server 2003, Datacenter EditionUsing Windows Server 2003, Web Edition
Retail Product LicensesVolume-Licensing ProgramsOpen License ProgramSelect LicenseEnterprise Agreement LicenseSoftware Assurance
Getting a Quick StartNew Features and EnhancementsSetup MethodsSetup ProgramsControlling Setup from the Command LineWinnt Command-Line ParametersWinnt32 Command-Line ParametersTools for Automating SetupProduct Licensing
System Hardware RequirementsHow a Clean Installation and an Upgrade DifferSupported Upgrade PathsUsing Dynamic UpdateCreating a Local Dynamic Update ShareControlling the Use of Dynamic Update during SetupSelecting a Distribution MethodGetting Ready for Automated InstallationsCreating Distribution FoldersUsing Answer Files in Automated InstallationsPreinstallation Tasks
Windows Installation ConsiderationsInstallation on x86-Based SystemsInstallation on 64-Bit SystemsChecking System CompatibilityPlanning PartitionsNaming ComputersNetwork and Domain Membership OptionsProtocolsDomain MembershipNetworking Components
Installation SequenceActivation SequenceActivate Windows over the InternetActivate Windows by Telephone
Start with the Potential Points of FailureSetup Refuses to Install or StartSetup Reports a Media or CD-ROM ErrorSetup Reports Insufficient System ResourcesSetup Cannot Connect to a Domain ControllerContinue Past Lockups and Freezes
Automating SetupDetermining the Method of AutomationEstablishing the Distribution FoldersTypes of Answer FilesUsing Setup Manager for Answer FilesCreating the Answer FileExamining Answer Files
Customizing the Distribution FolderPreinstalling Service PacksPreinstalling Hot Fixes and Security UpdatesIncluding Updated DriversPerforming Other Preinstallation TasksRenaming Files and Folders When Using WinntUsing Dynamic Update in Unattended InstallationsDistribution Folder on CDUsing CD Media for Automated InstallationsAnswer File Settings Used in Product CD–Based Unattended InstallationsUsing an Answer FileStarting the Unattended InstallationExtending the Unattend.txt File
Introduction to RISServices and Protocols Used by RISLimitations of RISOperating Systems Installable by Using RISDesigning the RIS EnvironmentBuilding a RIS Server: What's Involved
RIS Server RequirementsPerforming the InstallPreparing and Installing RISConfiguring the RIS ServerInitial RIS ConfigurationCustomizing RISControlling Access to RIS ServersApplying Security Permissions to RISAuthorizing Users to Create New Computer AccountsCreating a RIS Installers GroupAdding Members to the RISInstallers Group
Customizing Installation OptionsConfiguring RIS Settings in Group PolicyCreating a RIBF DiskPrestaging Clients in Active Directory
Using RIS ImagesRestricting Access to RIS ImagesOS Images Created by Using RISetupConfiguring a RISetup OS ImageInstalled (File-System-Based) Image by RIPrepSystem Settings Stored in RIPrep ImagesRequirements for Creating a RIPrep ImageHAL Compatibility and RIPrep ImagesCreating the Master InstallationUsing RIPrep to Create an OS ImageAdding "Flat" or "CD-ROM" Images to RISRIS Answer FilesThe Ristndrd.sif FileThe RIPrep.sif fileThe Remboot.sif FileAssociating an Answer File with a RIS ImageConfiguring the CIW
Installing Windows Using RISMore RIS Customization TipsUsing $OEM$ for Hot Fixes, Security Updates, Drivers, and MoreCustomizing the Client Installation PagesUsing Unsigned NIC Drivers
Understanding SysprepUsing Sysprep to Clone a ComputerCopying the Administrator ProfileRunning Sysprep
Deciding Between Upgrading and MigratingVerifying Hardware and Software CompatibilityAdditional Research
Upgrading Windows 2000 Forests and DomainsUpgrading Domain ControllersApplications on Upgraded Servers
Upgrading vs. MigratingReview System Requirements and CompatibilityCheck Drive PartitioningChoosing Domain and Forest Functional LevelsIdentify DNS Namespace and StorageIdentify Server Roles
Namespace in Windows NT vs. Active DirectoryMoving from Windows NT Domains to Active DirectoryRestructuring DomainsUpgrading Windows NT 4 Servers
General Considerations for UpgradesUpgrade IssuesVerify an Upgrade Recovery Plan
General Upgrade Preparation ToolsActive Directory Preparation ToolUpdating the Active Directory Forest and DomainsPreparing the ForestPreparing the Domain(s)Upgrading the Windows 2000 Domain ControllersUpgrading Windows 2000 DomainsSelecting Active Directory Functional LevelsChanging Operations MastersUpgrading Windows 2000 Users and GroupsWindows 2000 Member Server UpgradesUpgrading DNS Services
Determine Server Hardware CompatibilityUpgrading Different Versions of Windows NT 4Managing Disk PartitionsUpgrading Domain ControllersEstablishing Operations MastersConverting Windows NT 4 Groups to Windows Server 2003 GroupsPerforming the Upgrade from Windows NT 4Upgrade the PDCPost-PDC Upgrade
Selecting the Migration Tools
Other Microsoft Migration ToolsUSMTFile and Settings Transfer WizardMigration ScriptsThe Movetree UtilityThird-Party Migration Tools
Migrating Local GroupsMigrating Global GroupsUsing the Group Account Migration Wizard
Running the User Account Migration Wizard
Running the Computer Migration Wizard
Migrating a Trust
Optimizing the Menu SystemModifying the Start Menu ContentAdding, Copying, and Moving Menu ItemsHighlighting and Hiding Menu ItemsControlling the Frequently Used Programs ListSorting and Renaming Menu ItemsRemoving Items from the Start Menu
Configuring Desktop ItemsConfiguring the TaskbarChanging the Taskbar Size and PositionUsing Auto Hide and LockingGrouping Similar Taskbar ItemsControlling Programs in the Notification Area
Customizing the Quick Launch ToolbarDisplaying Other Custom ToolbarsCreating Personal Toolbars
Introducing the MMC
MMC Snap-InsMMC ModesMMC Windows and StartupMMC Tool AvailabilityMMC and Remote Computers
Step 1: Creating the ConsoleStep 2: Adding Snap-Ins to the ConsoleStep 3: Saving the Finished ConsoleSetting the Initial Console View Before SavingSetting the Console Mode Before SavingSetting the Console Icon Before SavingSaving the Console Tool to the Desktop, the Start Menu, or a Folder
Getting Started with TaskpadsUnderstanding Taskpad View StylesCreating and Managing TaskpadsCreating and Managing TasksCreating Menu Command TasksCreating Shell Command TasksCreating Navigation TasksArranging, Editing, and Removing Tasks
Using the Administration ToolsUnderstanding the Administration ToolsUsing Configure Your ServerUsing Manage Your ServerUsing Computer ManagementComputer Management System ToolsComputer Management Storage ToolsComputer Management Services And Applications ToolsComputer Management Essentials
Using the Add Hardware UtilityUsing the Add or Remove Programs UtilityUsing the Date and Time UtilityUsing the Display UtilityUsing the Folder Options UtilityUsing the Licensing UtilityUsing the Network Connections UtilityUsing the Regional and Language Options UtilityUsing the Scheduled Tasks UtilityTask-Scheduling EssentialsCreating Scheduled TasksUsing the System Utility
Running Programs Using the Secondary LogonUsing the Secondary Logon at the Command PromptRunning a Temporary Administrator's DesktopCreating Run As Shortcuts for Secondary LogonsCreating Run As Shortcuts on the DesktopCreating Run As Menu Options
Working with Device DriversUsing Windows Device DriversUsing Signed Device DriversUnderstanding and Changing Driver Installation Settings
Managing Plug and Play Detection and InstallationInstalling the Software AutomaticallyInstalling a Downloaded DriverChoosing a Specific Driver or Bypassing the Default DriverInstalling Non–Plug and Play Devices
Viewing Device and Driver DetailsViewing Advanced, Resources, and Other Settings
Updating a Device DriverRolling Back a DriverUninstalling and Reinstalling a Device Driver
Resolving Common Device ErrorsResolving Resource Conflicts
Introducing the Registry
HKEY_LOCAL_MACHINEHKLM\HARDWAREHKLM\SAMHKLM\SECURITYHKLM\SOFTWAREHKLM\SYSTEMHKEY_USERSHKEY_CLASSES_ROOTHKEY_CURRENT_CONFIGHKEY_CURRENT_USER
Where Registry Data Comes FromTypes of Registry Data Available
Searching the RegistryModifying the RegistryModifying ValuesAdding Keys and ValuesRemoving Keys and ValuesModifying the Registry of a Remote MachineImporting and Exporting Registry DataLoading and Unloading Hive FilesWorking with the Registry from the Command Line
Choosing a Backup Method for the RegistryCreating Registry BackupsRecovering a System Using the ASR Backup
Using the Windows Installer CleanUp UtilityUsing the Windows Installer ZapperRemoving Registry Settings for Active Installations That Have FailedRemoving Partial or Damaged Settings for Individual Applications
Preventing Access to the Registry UtilitiesApplying Permissions to Registry KeysControlling Remote Registry AccessAuditing Registry Access
Tuning Performance, Memory Usage, and Data ThroughputTuning Windows Operating System PerformanceTuning Processor Scheduling and Memory UsageTuning Data ThroughputTuning Virtual Memory
Task Manager and Process Resource Monitor EssentialsGetting Processor and Memory Usage for TroubleshootingGetting Information on Running ApplicationsMonitoring and Troubleshooting ProcessesGetting Network Usage InformationGetting Information on User and Remote User Sessions
Understanding the Event LogsAccessing the Event Logs and Viewing EventsViewing Event Logs on Remote SystemsSorting, Finding, and Filtering EventsSorting the Event LogsSearching the Event LogsFiltering the Event LogsArchiving Event Logs
Quick Look: Using EventqueryQuick Look: Using EventComb
Establishing Performance Baselines
Using System MonitorSelecting Performance Objects and Counters to MonitorChoosing Views and Controlling the DisplayMonitoring Performance Remotely
Resolving Memory BottlenecksResolving Processor BottlenecksResolving Disk I/O BottlenecksResolving Network Bottlenecks
Creating Performance LogsUsing Counter LogsMonitoring Performance from the Command LineUsing Trace Logs
Analyzing Counter LogsAnalyzing Trace Logs
Planning for Software Needs
Planning for Support Structures and FacilitiesPlanning for Day-to-Day OperationsPlanning for Deploying Highly Available Servers
Introducing Server ClusteringBenefits and Limitations of ClusteringCluster OrganizationCluster Operating ModesMultisite Options for Clusters
Using Network Load Balancing ClustersNetwork Load Balancing ConfigurationNetwork Load Balancing Client Affinity and Port ConfigurationsPlanning Network Load Balancing Clusters
Creating a New Network Load Balancing ClusterAdding Nodes to a Network Load Balancing ClusterRemoving Nodes from a Network Load Balancing ClusterConfiguring Event Logging for Network Load Balancing ClustersControlling Cluster and Host Traffic
Using Component Load Balancing ClustersUnderstanding Application CenterPlanning Component Load Balancing Clusters
Server Cluster ConfigurationsServer Cluster Resource GroupsOptimizing Hardware for Server ClustersOptimizing Networking for Server Clusters
The Cluster Service and Cluster ObjectsThe Cluster HeartbeatThe Cluster DatabaseThe Cluster Quorum ResourceThe Cluster Interface and Network States
Creating a Server ClusterAdd a Node to a Cluster
Creating Clustered ResourcesCluster Resource TypesPlanning Resource GroupsControlling the Cluster ServiceControlling Failover and FailbackCreating and Managing Resource GroupsCreating and Managing ResourcesScenario: Creating a Clustered Print ServiceScenario: Creating a Clustered File Share
Essential Storage TechnologiesUsing Internal and External Storage DevicesImproving Storage ManagementBooting from SANs and Using SANs with ClustersMeeting Performance, Capacity, and Availability Requirements
Using the Disk Management ToolsAdding New DisksUsing the MBR and GPT Partition StylesWorking with MBR DisksWorking with GPT Disks on 64-Bit Windows EditionsUsing and Converting MBR and GPT DisksUsing the Basic and Dynamic Storage TypesWorking with Basic and Dynamic DisksUsing and Converting Basic and Dynamic DisksConverting FAT or FAT32 to NTFS
Creating a Primary or Extended PartitionCreating a Logical Drive in an Extended PartitionFormatting a Partition, Logical Drive, or VolumeConfiguring Drive LettersConfiguring Mount PointsExtending Partitions on Basic DisksDeleting a Partition, Logical Drive, or Volume
ESPMSR PartitionsPrimary PartitionsLDM Metadata and LDM Data PartitionsOEM or Unknown Partitions
Creating a Simple or Spanned VolumeExtending a Simple or Spanned VolumeRecovering a Failed Simple or Spanned DiskMoving Dynamic DisksConfiguring RAID 1: Disk MirroringCreating a Mirrored Set Using Two New DisksAdding a Mirror to an Existing VolumeMirroring Boot and System VolumesMirroring Boot and System Volumes on MBR DisksMirroring Boot and System Volumes on GPT DisksConfiguring RAID 5: Disk Striping with ParityBreaking or Removing a Mirrored SetResolving Problems with Mirrored SetsRepairing a Mirrored System Volume to Enable BootRebuilding Mirrored System Volumes on MBR DisksRebuilding Mirrored System Volumes on GPT DisksResolving Problems with RAID-5 Sets
Understanding Disk and File System Structure
File Allocation Table StructureFeature FAT16 FAT32
NTFS StructuresNTFS FeaturesAnalyzing NTFS Structure
Hard LinksData StreamsChange JournalsObject IdentifiersReparse PointsRemote StorageSparse Files
NTFS CompressionCompressed (Zipped) Folders
How Quota Management WorksConfiguring Disk QuotasCustomizing Quota Entries for Individual UsersManaging Disk Quotas After ConfigurationExporting and Importing Quota Entries
How File System Errors OccurFixing File System Errors by Using Check DiskAnalyzing FAT Volumes by Using ChkDskAnalyzing NTFS Volumes by Using ChkDskRepairing Volumes and Marking Bad Sectors by Using ChkDsk
Fixing Fragmentation by Using Disk DefragmenterUnderstanding the Fragmentation Analysis
File Sharing EssentialsUsing and Finding SharesHiding and Controlling Share AccessSpecial and Administrative SharesC$, D$, E$, and Other Drive SharesADMIN$FAXCLIENT and FXSSRVCP$IPC$NETLOGONMicrosoft UAM VolumePRINT$SYSVOLAccessing Shares for Administration
Creating Shares by Using Windows ExplorerCreating Shares by Using Computer ManagementPublishing Shares in Active Directory
Understanding Share PermissionsConfiguring Share Permissions
File and Folder OwnershipTaking Ownership of a File or FolderTransferring OwnershipPermission Inheritance for Files and FoldersChanging Shaded Permissions and Stopping InheritanceResetting and Replacing PermissionsConfiguring File and Folder PermissionsBasic PermissionsSpecial PermissionsDetermining Effective Permissions
Tracking and Logging File Share Permissions by Using SrvCheckCopying File Share Permissions
Enabling Auditing for Files and FoldersSpecifying Files and Folders to AuditMonitoring the Security Logs
Shadow Copy EssentialsUsing Shadow Copies of Shared FoldersHow Shadow Copies WorksImplementing Shadow Copies for Shared Folders
Configuring Shadow Copies in Computer ManagementMaintaining Shadow Copies After Configuration
Enabling Shadow Copying from the Command LineCreate Manual Snapshots from the Command LineViewing Shadow Copy InformationDeleting Snapshot Images from the Command LineDisabling Shadow Copies from the Command Line
Obtaining and Installing the ClientInstalling the Previous Versions ClientInstalling the Shadow Copy ClientAccessing Shadow Copies on Clients
Searching for a File and Listing Available VersionsLocating and Restoring Previous Versions from the Command Line
Introducing Removable MediaUnderstanding Media LibrariesUnderstanding Media PoolsWorking with the Removable Storage Snap-InUnderstanding Media State and IdentificationUnderstanding Access Permissions for Removable Storage
Inserting Media into a LibraryEjecting Media from a LibraryMounting and Dismounting Media in LibrariesEnabling and Disabling MediaEnabling and Disabling DrivesCleaning DrivesWorking with Library Doors and PortsConfiguring Library InventoryStarting Library InventoryChanging Library Media TypesEnabling and Disabling Libraries
Preparing Media for Use in the Free Media PoolMoving Media to a Different Media PoolCreating Application Media PoolsChanging the Media Type in a Media PoolSetting Allocation and Deallocation PoliciesDeleting Application Media Pools
Using the Work QueueTroubleshooting Waiting OperationsChanging Mount OperationsControlling When Operations Are DeletedUsing the Operator Requests QueueNotifying Operators of RequestsCompleting or Refusing RequestsControlling When Requests Are DeletedSetting Access Permissions for Removable Storage
Understanding IP AddressingUnicast IP AddressesClass A NetworksClass B NetworksClass C NetworksLoopback, Public, and Private AddressesMulticast IP AddressesBroadcast IP Addresses
Subnet MasksNetwork Prefix NotationSubnettingSubnetting Class A NetworksSubnetting Class B NetworksSubnetting Class C Networks
Domain Name SystemHost NamesDomain NamesFully Qualified Domain Name (FQDN)Name ResolutionWindows Internet Naming Service (WINS)
Preparing for Installation of TCP/IP NetworkingInstalling TCP/IP NetworkingConfiguring Static IP AddressingConfiguring Dynamic IP AddressingConfiguring Automatic Private IP AddressingConfiguring Advanced TCP/IP SettingsConfiguring Advanced IP SettingsConfiguring Advanced DNS SettingsConfiguring Advanced WINS SettingsConfiguring Advanced TCP/IP Options
DHCP Essentials
DHCP Messages and Relay AgentsDHCP Availability and Fault Tolerance50/50 Failover80/20 Failover100/100 Failover
Installing the DHCP Server ServiceAuthorizing DHCP Servers in Active DirectoryCreating and Configuring ScopesCreating Normal Scopes Using the DHCP ConsoleCreating Normal Scopes Using NetshUsing ExclusionsUsing ReservationsActivating Scopes
Levels of Options and Their UsesOptions Used by Windows ClientsUsing Userand Vendor-Specific TCP/IP OptionsSettings Options for All ClientsSettings Options for Routing and Remote Access Clients OnlySetting Add-On Options for Directly Connected ClientsDefining Classes to Get Different Option SetsCreating the ClassConfiguring Clients to Use the Class
Configuring DHCP Audit LoggingBinding the DHCP Server Service to a Network InterfaceIntegrating DHCP and DNSEnabling Conflict Detection on DHCP ServersSaving and Restoring the DHCP ConfigurationManaging and Maintaining the DHCP DatabaseSetting DHCP Database PropertiesBacking Up and Restoring the DatabaseRepairing the DHCP Database
Configuring and Enabling Routing and Remote AccessAdding and Configuring the DHCP Relay Agent
DNS Essentials
Public and Private NamespacesName Resolution Using DNSDNS Resource RecordsDNS Zones and Zone TransfersZones That Aren't Integrated with Active DirectoryZones That Are Integrated with Active DirectorySecondary Zones, Stub Zones, and Conditional Forwarding
DNS Queries and SecurityDNS Dynamic Updates and SecurityExternal DNS Name Resolution and Security
Split-Brain Design: Same Internal and External NamesSeparate-Name Design: Different Internal and External Names
Installing the DNS Server ServiceUsing DNS with Active DirectoryUsing DNS Without Active DirectoryDNS Setup
Configuring a Small Network Using the Configure A DNS Server WizardConfiguring a Large Network Using the Configure A DNS Server Wizard
Creating Forward Lookup ZonesCreating Reverse Lookup ZonesConfiguring Forwarders and Conditional ForwardingConfiguring Subdomains and Delegating AuthorityConfiguring Zone TransfersConfiguring Secondary Notification
Host Address (A) and Pointer (PTR) RecordsCanonical Name (CNAME) RecordsMail Exchanger (MX) RecordsName Server (NS) RecordsStart Of Authority (SOA) RecordsService Location (SRV) Records
Configuring Default Application Directory Partitions and Replication ScopeSetting Aging and ScavengingConfiguring Logging and Checking DNS Server Logs
Try Reregistering the ClientCheck the Client's TCP/IP ConfigurationCheck the Client's Resolver CachePerform Lookups for Troubleshooting
Check the Server's TCP/IP ConfigurationCheck the Server's CacheCheck Replication to Other Name ServersExamine the Configuration of the DNS ServerExamine Zones and Zone Records
WINS EssentialsNetBIOS Namespace and ScopeNetBIOS Node TypesWINS Name Registration and CacheWINS Implementation Details and New Features
Installing WINSWINS Postinstallation Tasks
Replication EssentialsConfiguring Automatic Replication PartnersUsing Designated Replication Partners
Configuring Burst HandlingChecking Server Status and ConfigurationChecking Active Registrations and Scavenging RecordsMaintaining the WINS DatabaseVerifying the WINS Database ConsistencyCompacting the WINS DatabaseBacking Up the WINS DatabaseRestoring the WINS Database
Understanding Windows Server 2003 Print Services
Manually Migrating Print ServersAutomating Print Server Migration
Sizing Print Server Hardware and Optimizing ConfigurationSizing Printer Hardware and Optimizing Configuration
Adding Local PrintersAdding Network-Attached PrintersAdding Standard TCP/IP PrintersAdding LPR Printers for UNIX and LPDAdding AppleTalk PrintersChanging Standard TCP/IP Port Monitor SettingsConnecting Users to Shared PrintersAccessing Shared Printers on Windows 95, Windows 98, or Windows NT 4Accessing Shared Printers on Windows 2000 or LaterConnecting to Shared Printers Using the Command Line and Scripts
Understanding Printer PermissionsConfiguring Printer PermissionsAssigning Printer OwnershipAuditing Printer Access
Viewing and Creating Printer FormsViewing and Configuring Printer PortsViewing and Configuring Print DriversConfiguring Print Spool, Logging, and Notification Settings
Setting General Properties, Printing Preferences, and Document DefaultsSetting Overlays and Watermarks for DocumentsInstalling and Updating Print Drivers on ClientsConfiguring Printer Sharing and PublishingOptimizing Printing Through Queues and PoolingConfiguring Queue Priority and SchedulingConfiguring Printer PoolingConfiguring Print SpoolingViewing the Print Processor and Default Data TypeConfiguring Separator PagesUsing Separator PagesSetting a Separator PageCustomizing Separator PagesConfiguring Color Profiles
Pausing, Starting, and Canceling All PrintingViewing Print JobsManaging Print Jobs
Monitoring Print Server PerformancePreparing for Print Server FailureSolving Printing ProblemsPrinter Troubleshooting EssentialsComprehensive Printer TroubleshootingResolving Garbled or Incorrect Printing
Remote Desktop for Administration Essentials
Enabling Remote Desktop for Administration on ServersPermitting and Restricting Remote LogonConfiguring Remote Desktop for Administration Through Group Policy
New Features for the Remote Desktop Connection ClientInstalling Remote Desktop Connection ClientsRunning the Remote Desktop Connection ClientRunning Remote Desktops
Using Terminal ServicesTerminal Services ClientsTerminal Services ServersTerminal Services Licensing
Capacity Planning for Terminal ServicesPlanning Organizational Structure for Terminal ServicesDeploying Single-Server EnvironmentsDeploying Multi-Server Environments
Installing Terminal ServicesInstalling Applications for Clients to UseChoosing Applications for Terminal Services UsersApplication Licensing for Terminal Services UsersInstalling Applications for Terminal Services UsersUsing Application Compatibility ScriptsModifying Applications After InstallationEnabling and Joining the Session Directory ServiceEnable and Start the Terminal Services Session Directory ServiceAuthorize Terminal Servers to Use the Terminal Services Session Directory ServiceConfigure Each Server to Join the Session DirectorySetting Up a Terminal Services License ServerConsiderations for Installing a Terminal Services License ServerInstalling a Terminal Services License ServerActivating the License Server and Configuring Licenses for Use
Configuring Global Connection SettingsConfiguring Server SettingsConfiguring Terminal Services SecurityAuditing Terminal Services Access
Connecting to Terminal ServersGetting Terminal Services InformationManaging User Sessions in Terminal Services Manager
Gathering Terminal Services InformationManaging User Sessions from the Command Line
Getting Remote Control of a User's SessionSetting Up the Terminal Services Profile for Users
Active Directory Physical ArchitectureActive Directory Physical Architecture: A Top-Level ViewActive Directory Within the Local Security AuthorityDirectory Service ArchitectureProtocols and Client InterfacesDirectory System Agent and Database LayerExtensible Storage EngineData Store Architecture
Active Directory ObjectsActive Directory Domains, Trees, and ForestsActive Directory TrustsActive Directory Namespaces and PartitionsActive Directory Data Distribution
Design Considerations for Active Directory Replication
Searching the TreeAccessing the Global CatalogDesignating Global Catalog ServersDesignating Replication Attributes
Understanding Domain Functional LevelUnderstanding Forest Functional LevelRaising the Domain or Forest Functional Level
Universal Groups and AuthenticationUnderstanding Security Tokens and Universal Group Membership CachingEnabling Universal Group Membership CachingNTLM and Kerberos AuthenticationEstablishing the Initial AuthenticationAccessing Resources After AuthenticationAuthentication and Trusts Across Domain BoundariesTwo-Way Transitive TrustsShortcut TrustsAuthentication and Trusts Across Forest BoundariesExamining Domain and Forest TrustsEstablishing External, Shortcut, Realm, and Cross-Forest TrustsVerifying and Troubleshooting Trusts
Delegated Authentication EssentialsConfiguring Delegated AuthenticationConfiguring the Delegated User AccountConfiguring the Delegated Service or Computer Account
Operations Master RolesUsing, Locating, and Transferring the Schema Master RoleUsing, Locating, and Transferring the Domain Naming Master RoleUsing, Locating, and Transferring the Relative ID Master RoleUsing, Locating, and Transferring the PDC Emulator RoleUsing, Locating, and Transferring the Infrastructure Master Role
Creating an Active Directory Implementation or Update Plan
Forest NamespaceSingle vs. Multiple ForestsForest Administration
Domain Design ConsiderationsSingle vs. Multiple DomainsForest Root Domain Design ConfigurationsChanging Domain Design
Using Organizational Units (OUs)Using OUs for DelegationUsing OUs for Group PolicyCreating an OU DesignOU Design: Division or Business Unit ModelOU Design: Geographic ModelOU Design: The Cost Center ModelOU Design: The Administration Model
Working with Active Directory SitesSingle Site vs. Multiple SitesReplication Within and Between SitesDetermining Site Boundaries
Replication Enhancements for Windows Server 2003Replication Architecture: An OverviewIntrasite Replication EssentialsIntersite Replication Essentials
Mapping Network InfrastructureCreating a Site DesignMapping the Network Structure to Site StructureDesigning Each Individual SiteDesigning the Intersite Replication TopologyConsidering the Impact of Site Link BridgingPlanning the Placement of Servers in Sites
Preinstallation Considerations for Active DirectoryHardware and Configuration Considerations for Domain ControllersConfiguring Active Directory for Fast Recovery with Storage Area NetworksConnecting Clients to Active Directory
Active Directory Installation Options and IssuesUsing the Configure Your Server WizardUsing the Active Directory Installation WizardCreating Additional Domain Controllers for an Existing DomainCreating Domain Controllers in a New DomainUsing the Active Directory Installation Wizard with Backup Media
Creating an OUSetting OU PropertiesCreating or Moving Accounts and Resources for Use with an OU
Understanding Delegation of AdministrationDelegating Administration
Managing Domain User AccountsTypes of UsersConfiguring User Account PoliciesEnforcing Password PolicyConfiguring Account Lockout PolicySetting Kerberos PolicyUnderstanding User Account Capabilities, Privileges, and RightsAssigning User RightsAssigning User Rights for a Domain or OUAssigning User Rights on a Specific ComputerCreating and Configuring Domain User AccountsViewing and Setting User Account PropertiesObtaining Effective PermissionsConfiguring Account OptionsConfiguring Profile Options
Profile EssentialsProfile Changes and New FeaturesGroup Policy Changes for User ProfilesImplementing and Creating Preconfigured ProfilesConfiguring Local User ProfilesConfiguring Roaming User ProfilesImplementing Mandatory User ProfilesSwitching Between a Local and a Roaming User Profile
Using Folder RedirectionUsing Offline FilesConfiguring Offline Files on File ServersConfiguring Offline Files on ClientsConfiguring Offline Files in Group PolicyManaging File Synchronization
Deleting User AccountsDisabling and Enabling User AccountsMoving User AccountsRenaming User AccountsResetting a User's Domain PasswordUnlocking User AccountsCreating a Local User Account Password Backup
Understanding GroupsTypes of GroupsUnderstanding the Scopes of GroupsCreating a GroupAdding Members to GroupsDeleting a GroupModifying GroupsFind a GroupManaging the Properties of GroupsModifying Other Group Settings
Creating a Computer Account in Active DirectoryJoining Computers to a DomainMoving a Computer AccountDisabling a Computer AccountDeleting a Computer AccountManaging a Computer AccountResetting a Computer AccountConfiguring Properties of Computer Accounts
Understanding Group PolicyLocal and Active Directory Group PolicyGroup Policy SettingsGroup Policy ArchitectureSysvol Replication Using the File Replication Service
Working with Local Group PolicyWorking with the Group Policy Object EditorCreating and Linking a New GPO Using the Group Policy Object EditorEditing an Existing GPO Using the Group Policy Object EditorLinking to an Existing GPO Using the Group Policy Object EditorDeleting an Existing GPO by Using the Group Policy Object EditorWorking with the Group Policy Management ConsoleInstalling and Running the Group Policy Management ConsoleUsing the Group Policy Management ConsoleAccessing Forests, Domains, and Sites in Group Policy Management ConsoleCreating and Linking a New GPO in Group Policy Management ConsoleEditing an Existing GPO in the Group Policy Management ConsoleLinking to an Existing GPO in the Group Policy Management ConsoleDeleting an Existing GPO in the Group Policy Management Console
Group Policy InheritanceModifying InheritanceFiltering Group Policy ApplicationGroup Policy ProcessingModifying Group Policy ProcessingModifying User Policy Preference Using Loopback Processing
Configuring Computer Startup and Shutdown ScriptsConfiguring User Logon and Logoff Scripts
Working with Security TemplatesApplying Security Templates
Group Policy RefreshModifying Group Policy RefreshViewing Applicable GPOs and Last RefreshModeling GPOs for PlanningRefreshing Group Policy ManuallyBacking Up GPOsRestoring GPOsFixing Default Group Policy
Managing Sites and SubnetsCreating an Active Directory SiteCreating a Subnet and Associating It with a SiteAssociating Domain Controllers with a Site
Understanding IP and SMTP Replication TransportsCreating a Site LinkConfiguring Site Link BridgesDetermining the ISTGConfiguring Site Bridgehead ServersConfiguring Site Link Replication Options
Using the Replication AdministratorUsing the Replication Monitor
Preparing for a DisasterDeveloping Contingency ProceduresImplementing Problem Escalation and Response ProceduresCreating a Problem Resolution Policy Document
Performing BackupsCreating and Using ASR DisksCreating and Using Boot DisksSetting Startup and Recovery OptionsInstalling and Using the Recovery Console
Developing Backup StrategiesCreating Your Backup StrategyBackup Strategy ConsiderationsSelecting the Optimal Backup TechniquesUnderstanding Backup TypesUsing Media Rotation and Maintaining Additional Media Sets
Using the Backup UtilitySetting Default Options for BackupGeneral Backup and Restore OptionsSetting Restore, Backup Type, and Backup Log OptionsExcluding Files from BackupBacking Up Your DataRecovering Your DataRecovering Configuration Data
Backup and Recovery Strategies for Active DirectoryPerforming a Nonauthoritative Restore of Active DirectoryPerforming an Authoritative Restore of Active DirectoryPerforming a Primary Restore of Sysvol DataRestoring a Failed Domain Controller by Installing a New Domain Controller
Resolving Startup IssuesRepairing Missing or Corrupted System FilesResolving Restart or Shutdown Issues

Content preview from Microsoft® Windows Server™ 2003 Inside Out

Securing the Registry

The Registry is a critical area of the operating system. It has some limited built-in security to reduce the risk of settings being inadvertently changed or deleted. Additionally, some areas of the Registry are available only to certain users. For example, HKLM\SAM and HKLM\SECURITY are available only to the LocalSystem user. This security in some cases might not be enough, however, to prevent unauthorized access to the Registry. Because of this, you might want to set tighter access controls than the default permissions, and you can do this from within the Registry. You can also control remote access to the Registry and configure access auditing.