book

Microsoft® Windows Server™ 2003 Inside Out

Name: Microsoft® Windows Server™ 2003 Inside Out
Author: William R. Stanek
ISBN: 9780735620483

by William R. Stanek

June 2004

Intermediate to advanced

1488 pages

45h 53m

English

Microsoft Press

Read now

Unlock full access

Microsoft® Windows Server™ 2003 Inside Out
SPECIAL OFFER: Upgrade this ebook with O’Reilly
A Note Regarding Supplemental Files
Acknowledgments
We'd Like to Hear from You!
About the CD
What's on the CD
Using the CD
Support Information
Conventions and Features Used in this Book
Text Conventions
Design Conventions

About the Author
1. Windows Server 2003 Overview and Planning
1. Introducing Windows Server 2003
What's New in Windows Server 2003Windows Server 2003, Standard EditionWindows Server 2003, Enterprise EditionWindows Server 2003, Datacenter EditionWindows Server 2003, Web Edition
64-Bit Computing
.NET Technologies
.NET Framework Technologies.NET Framework Layers
Windows XP and Windows Server 2003
Windows XP Editions
Windows XP and Active DirectoryInstalling Windows Server 2003 Administration Tools on Windows XP
Increased Support for Standards
IPv6 SupportIETF Security Standards SupportXML Web Services Support
Interface and Tool Improvements
Simple and Classic Start MenusImprovements for Active Directory ToolsOther Tool Improvements
Active Directory Improvements
Domains Can Be RenamedActive Directory Can Replicate SelectivelyActive Directory–Integrated DNS Zones Can Forward ConditionallyActive Directory Schema Objects Can Be DeletedActive Directory and Global Catalog Are OptimizedActive Directory Can Compress and Route SelectivelyForest-to-Forest TrustsActive Directory Migration Made Easier
Group Policy Improvements
Group Policy Management ConsoleSoftware Restriction Policies in Group PolicyPolicy Changes for User Profiles
Management and Administration Extras
Remote Administration Gets a Face-LiftEnhanced File Management by Using DFSImproved Storage and File System OptionsChanges for Terminal ServicesPrinter Queue RedundancyRemote Installation ServicesHeadless Servers and Out-of-Band Management
Security Advances
Windows Server 2003 Feature Lock DownIPSec and Wireless SecurityMicrosoft .NET Passport Support
Reliability and Maintenance Enhancements
Automatic System RecoveryAutomatic UpdatesImproved Verification and System Protection
2. Planning for Windows Server 2003
Overview of PlanningThe Microsoft Solutions Framework Process ModelYour Plan: The Big Picture
Identifying Your Organizational Teams
Microsoft Solutions Framework Team ModelYour Project Team
Assessing Project Goals
The Business PerspectiveIdentifying IT GoalsExamining IT–Business InteractionPredicting Network Change
Analyzing the Existing Network
Evaluating the Network InfrastructureAssessing SystemsIdentify Network Services and ApplicationsIdentifying Security InfrastructureReviewing Network AdministrationNetwork Administrative ModelDisaster RecoveryNetwork Management Tools
Defining Objectives and Scope
Specifying Organizational ObjectivesSetting the ScheduleShaping the BudgetAllowing for ContingenciesFinalizing Project Scope
Defining the New Network Environment
Defining Domain and Security ArchitectureAssess Domain Architecture and ChangesImpact on NetworkIdentify Security RequirementsChanging the Administrative ApproachManagement ToolsSelect and Implement StandardsChange ManagementThinking about Active DirectoryDesigning the Active Directory NamespaceManaging Domain TrustsIdentifying Domain and Forest Functional LevelDefining Active Directory Server RolesPlanning for Server UsageServer RolesDetermining Which Windows Edition to UseUsing Windows Server 2003, Standard EditionUsing Windows Server 2003, Enterprise EditionUsing Windows Server 2003, Datacenter EditionUsing Windows Server 2003, Web Edition
Selecting a Software Licensing Program
Retail Product LicensesVolume-Licensing ProgramsOpen License ProgramSelect LicenseEnterprise Agreement LicenseSoftware Assurance
Final Considerations for Planning and Deployment
2. Windows Server 2003 Installation
3. Preparing for the Installation and Getting Started
Getting a Quick StartNew Features and EnhancementsSetup MethodsSetup ProgramsControlling Setup from the Command LineWinnt Command-Line ParametersWinnt32 Command-Line ParametersTools for Automating SetupProduct Licensing
Preparing for Windows Server 2003 Installation
System Hardware RequirementsHow a Clean Installation and an Upgrade DifferSupported Upgrade PathsUsing Dynamic UpdateCreating a Local Dynamic Update ShareControlling the Use of Dynamic Update during SetupSelecting a Distribution MethodGetting Ready for Automated InstallationsCreating Distribution FoldersUsing Answer Files in Automated InstallationsPreinstallation Tasks
4. Managing Interactive Installations
Windows Installation ConsiderationsInstallation on x86-Based SystemsInstallation on 64-Bit SystemsChecking System CompatibilityPlanning PartitionsNaming ComputersNetwork and Domain Membership OptionsProtocolsDomain MembershipNetworking Components
Performing an Interactive Installation
Installation SequenceActivation SequenceActivate Windows over the InternetActivate Windows by Telephone
Troubleshooting Installation
Start with the Potential Points of FailureSetup Refuses to Install or StartSetup Reports a Media or CD-ROM ErrorSetup Reports Insufficient System ResourcesSetup Cannot Connect to a Domain ControllerContinue Past Lockups and Freezes
Configuring Server Roles
Installing Additional Components Manually
Postinstallation
5. Managing Unattended Installations
Automating SetupDetermining the Method of AutomationEstablishing the Distribution FoldersTypes of Answer FilesUsing Setup Manager for Answer FilesCreating the Answer FileExamining Answer Files
Managing Unattended Installations
Customizing the Distribution FolderPreinstalling Service PacksPreinstalling Hot Fixes and Security UpdatesIncluding Updated DriversPerforming Other Preinstallation TasksRenaming Files and Folders When Using WinntUsing Dynamic Update in Unattended InstallationsDistribution Folder on CDUsing CD Media for Automated InstallationsAnswer File Settings Used in Product CD–Based Unattended InstallationsUsing an Answer FileStarting the Unattended InstallationExtending the Unattend.txt File
6. Using Remote Installation Services
Introduction to RISServices and Protocols Used by RISLimitations of RISOperating Systems Installable by Using RISDesigning the RIS EnvironmentBuilding a RIS Server: What's Involved
Installing RIS
RIS Server RequirementsPerforming the InstallPreparing and Installing RISConfiguring the RIS ServerInitial RIS ConfigurationCustomizing RISControlling Access to RIS ServersApplying Security Permissions to RISAuthorizing Users to Create New Computer AccountsCreating a RIS Installers GroupAdding Members to the RISInstallers Group
Configuring RIS Clients
Customizing Installation OptionsConfiguring RIS Settings in Group PolicyCreating a RIBF DiskPrestaging Clients in Active Directory
Preparing RIS-Based Installations
Using RIS ImagesRestricting Access to RIS ImagesOS Images Created by Using RISetupConfiguring a RISetup OS ImageInstalled (File-System-Based) Image by RIPrepSystem Settings Stored in RIPrep ImagesRequirements for Creating a RIPrep ImageHAL Compatibility and RIPrep ImagesCreating the Master InstallationUsing RIPrep to Create an OS ImageAdding "Flat" or "CD-ROM" Images to RISRIS Answer FilesThe Ristndrd.sif FileThe RIPrep.sif fileThe Remboot.sif FileAssociating an Answer File with a RIS ImageConfiguring the CIW
Using RIS for Automated Installations
Installing Windows Using RISMore RIS Customization TipsUsing $OEM$ for Hot Fixes, Security Updates, Drivers, and MoreCustomizing the Client Installation PagesUsing Unsigned NIC Drivers
Working with Sysprep
Understanding SysprepUsing Sysprep to Clone a ComputerCopying the Administrator ProfileRunning Sysprep
3. Windows Server 2003 Upgrades and Migrations
7. Preparing for Upgrades and Migration
Deciding Between Upgrading and MigratingVerifying Hardware and Software CompatibilityAdditional Research
Preparing for an Upgrade from Windows 2000 to Windows Server 2003
Upgrading Windows 2000 Forests and DomainsUpgrading Domain ControllersApplications on Upgraded Servers
Selecting Upgrade or Migration Path
Upgrading vs. MigratingReview System Requirements and CompatibilityCheck Drive PartitioningChoosing Domain and Forest Functional LevelsIdentify DNS Namespace and StorageIdentify Server Roles
Preparing for an Upgrade from Windows NT 4 to Windows Server 2003
Namespace in Windows NT vs. Active DirectoryMoving from Windows NT Domains to Active DirectoryRestructuring DomainsUpgrading Windows NT 4 Servers
8. Upgrading to Windows Server 2003
General Considerations for UpgradesUpgrade IssuesVerify an Upgrade Recovery Plan
Upgrading from Windows 2000
General Upgrade Preparation ToolsActive Directory Preparation ToolUpdating the Active Directory Forest and DomainsPreparing the ForestPreparing the Domain(s)Upgrading the Windows 2000 Domain ControllersUpgrading Windows 2000 DomainsSelecting Active Directory Functional LevelsChanging Operations MastersUpgrading Windows 2000 Users and GroupsWindows 2000 Member Server UpgradesUpgrading DNS Services
Upgrading from Windows NT 4
Determine Server Hardware CompatibilityUpgrading Different Versions of Windows NT 4Managing Disk PartitionsUpgrading Domain ControllersEstablishing Operations MastersConverting Windows NT 4 Groups to Windows Server 2003 GroupsPerforming the Upgrade from Windows NT 4Upgrade the PDCPost-PDC Upgrade
9. Migrating to Windows Server 2003
Selecting the Migration Tools
ADMT
Other Microsoft Migration ToolsUSMTFile and Settings Transfer WizardMigration ScriptsThe Movetree UtilityThird-Party Migration Tools
General Considerations for Migrations
Determining the Approach to Migration
Preparing for Migration
Migrating Security Principals
Performing the Migration: An Overview
Migrating Group Accounts
Migrating Local GroupsMigrating Global GroupsUsing the Group Account Migration Wizard
Migrating User Accounts
Running the User Account Migration Wizard
Migrating Passwords
Migrating the Computers
Running the Computer Migration Wizard
Merging Groups during Migration
Migrating Domain Trusts
Migrating a Trust
Migrating Service Accounts
Security Translation
Generating Migration Reports
4. Managing Windows Server 2003 Systems
10. Configuring Windows Server 2003
Optimizing the Menu SystemModifying the Start Menu ContentAdding, Copying, and Moving Menu ItemsHighlighting and Hiding Menu ItemsControlling the Frequently Used Programs ListSorting and Renaming Menu ItemsRemoving Items from the Start Menu
Customizing the Desktop and the Taskbar
Configuring Desktop ItemsConfiguring the TaskbarChanging the Taskbar Size and PositionUsing Auto Hide and LockingGrouping Similar Taskbar ItemsControlling Programs in the Notification Area
Optimizing Toolbars
Customizing the Quick Launch ToolbarDisplaying Other Custom ToolbarsCreating Personal Toolbars
11. Windows Server 2003 MMC Administration
Introducing the MMC
Using the MMC
MMC Snap-InsMMC ModesMMC Windows and StartupMMC Tool AvailabilityMMC and Remote Computers
Building Custom MMCs
Step 1: Creating the ConsoleStep 2: Adding Snap-Ins to the ConsoleStep 3: Saving the Finished ConsoleSetting the Initial Console View Before SavingSetting the Console Mode Before SavingSetting the Console Icon Before SavingSaving the Console Tool to the Desktop, the Start Menu, or a Folder
Designing Custom Taskpads for the MMC
Getting Started with TaskpadsUnderstanding Taskpad View StylesCreating and Managing TaskpadsCreating and Managing TasksCreating Menu Command TasksCreating Shell Command TasksCreating Navigation TasksArranging, Editing, and Removing Tasks
Publishing and Distributing Your Custom Tools
12. Managing Windows Server 2003
Using the Administration ToolsUnderstanding the Administration ToolsUsing Configure Your ServerUsing Manage Your ServerUsing Computer ManagementComputer Management System ToolsComputer Management Storage ToolsComputer Management Services And Applications ToolsComputer Management Essentials
Using the Control Panel Utilities
Using the Add Hardware UtilityUsing the Add or Remove Programs UtilityUsing the Date and Time UtilityUsing the Display UtilityUsing the Folder Options UtilityUsing the Licensing UtilityUsing the Network Connections UtilityUsing the Regional and Language Options UtilityUsing the Scheduled Tasks UtilityTask-Scheduling EssentialsCreating Scheduled TasksUsing the System Utility
Using Support Tools
Using Resource Kit Tools
Using the Secondary Logon
Running Programs Using the Secondary LogonUsing the Secondary Logon at the Command PromptRunning a Temporary Administrator's DesktopCreating Run As Shortcuts for Secondary LogonsCreating Run As Shortcuts on the DesktopCreating Run As Menu Options
13. Managing and Troubleshooting Hardware
Working with Device DriversUsing Windows Device DriversUsing Signed Device DriversUnderstanding and Changing Driver Installation Settings
Setting Up New Hardware Devices
Managing Plug and Play Detection and InstallationInstalling the Software AutomaticallyInstalling a Downloaded DriverChoosing a Specific Driver or Bypassing the Default DriverInstalling Non–Plug and Play Devices
Obtaining Hardware Device Information
Viewing Device and Driver DetailsViewing Advanced, Resources, and Other Settings
Managing Installed Drivers
Updating a Device DriverRolling Back a DriverUninstalling and Reinstalling a Device Driver
Managing Devices through Hardware Profiles
Troubleshooting Hardware Devices and Drivers
Resolving Common Device ErrorsResolving Resource Conflicts
14. Managing the Registry
Introducing the Registry
Understanding the Registry Structure
Registry Root Keys
HKEY_LOCAL_MACHINEHKLM\HARDWAREHKLM\SAMHKLM\SECURITYHKLM\SOFTWAREHKLM\SYSTEMHKEY_USERSHKEY_CLASSES_ROOTHKEY_CURRENT_CONFIGHKEY_CURRENT_USER
Registry Data: How It Is Stored and Used
Where Registry Data Comes FromTypes of Registry Data Available
Managing the Registry
Searching the RegistryModifying the RegistryModifying ValuesAdding Keys and ValuesRemoving Keys and ValuesModifying the Registry of a Remote MachineImporting and Exporting Registry DataLoading and Unloading Hive FilesWorking with the Registry from the Command Line
Backing Up and Restoring the Registry
Choosing a Backup Method for the RegistryCreating Registry BackupsRecovering a System Using the ASR Backup
Maintaining the Registry
Using the Windows Installer CleanUp UtilityUsing the Windows Installer ZapperRemoving Registry Settings for Active Installations That Have FailedRemoving Partial or Damaged Settings for Individual Applications
Securing the Registry
Preventing Access to the Registry UtilitiesApplying Permissions to Registry KeysControlling Remote Registry AccessAuditing Registry Access
15. Performance Monitoring and Tuning
Tuning Performance, Memory Usage, and Data ThroughputTuning Windows Operating System PerformanceTuning Processor Scheduling and Memory UsageTuning Data ThroughputTuning Virtual Memory
Tracking a System's General Health
Task Manager and Process Resource Monitor EssentialsGetting Processor and Memory Usage for TroubleshootingGetting Information on Running ApplicationsMonitoring and Troubleshooting ProcessesGetting Network Usage InformationGetting Information on User and Remote User Sessions
Tracking Events and Troubleshooting by Using Event Viewer
Understanding the Event LogsAccessing the Event Logs and Viewing EventsViewing Event Logs on Remote SystemsSorting, Finding, and Filtering EventsSorting the Event LogsSearching the Event LogsFiltering the Event LogsArchiving Event Logs
Tracking Events on Multiple Computers
Quick Look: Using EventqueryQuick Look: Using EventComb
16. Comprehensive Performance Analysis and Logging
Establishing Performance Baselines
Comprehensive System Monitoring
Using System MonitorSelecting Performance Objects and Counters to MonitorChoosing Views and Controlling the DisplayMonitoring Performance Remotely
Resolving Performance Bottlenecks
Resolving Memory BottlenecksResolving Processor BottlenecksResolving Disk I/O BottlenecksResolving Network Bottlenecks
Performance Logging
Creating Performance LogsUsing Counter LogsMonitoring Performance from the Command LineUsing Trace Logs
Analyzing Performance Logs
Analyzing Counter LogsAnalyzing Trace Logs
Creating Performance Alerts
5. Managing Windows Server 2003 Storage and File Systems
17. Planning for High Availability
Planning for Software Needs
Planning for Hardware Needs
Planning for Support Structures and FacilitiesPlanning for Day-to-Day OperationsPlanning for Deploying Highly Available Servers
18. Preparing and Deploying Server Clusters
Introducing Server ClusteringBenefits and Limitations of ClusteringCluster OrganizationCluster Operating ModesMultisite Options for Clusters
Using Network Load Balancing
Using Network Load Balancing ClustersNetwork Load Balancing ConfigurationNetwork Load Balancing Client Affinity and Port ConfigurationsPlanning Network Load Balancing Clusters
Managing Network Load Balancing Clusters
Creating a New Network Load Balancing ClusterAdding Nodes to a Network Load Balancing ClusterRemoving Nodes from a Network Load Balancing ClusterConfiguring Event Logging for Network Load Balancing ClustersControlling Cluster and Host Traffic
Component Load Balancing Architecture
Using Component Load Balancing ClustersUnderstanding Application CenterPlanning Component Load Balancing Clusters
Using Server Cluster
Server Cluster ConfigurationsServer Cluster Resource GroupsOptimizing Hardware for Server ClustersOptimizing Networking for Server Clusters
Running Server Clusters
The Cluster Service and Cluster ObjectsThe Cluster HeartbeatThe Cluster DatabaseThe Cluster Quorum ResourceThe Cluster Interface and Network States
Creating Server Clusters
Creating a Server ClusterAdd a Node to a Cluster
Managing Server Clusters and Their Resources
Creating Clustered ResourcesCluster Resource TypesPlanning Resource GroupsControlling the Cluster ServiceControlling Failover and FailbackCreating and Managing Resource GroupsCreating and Managing ResourcesScenario: Creating a Clustered Print ServiceScenario: Creating a Clustered File Share
19. Storage Management
Essential Storage TechnologiesUsing Internal and External Storage DevicesImproving Storage ManagementBooting from SANs and Using SANs with ClustersMeeting Performance, Capacity, and Availability Requirements
Configuring Storage
Using the Disk Management ToolsAdding New DisksUsing the MBR and GPT Partition StylesWorking with MBR DisksWorking with GPT Disks on 64-Bit Windows EditionsUsing and Converting MBR and GPT DisksUsing the Basic and Dynamic Storage TypesWorking with Basic and Dynamic DisksUsing and Converting Basic and Dynamic DisksConverting FAT or FAT32 to NTFS
Managing MBR Disk Partitions on Basic Disks
Creating a Primary or Extended PartitionCreating a Logical Drive in an Extended PartitionFormatting a Partition, Logical Drive, or VolumeConfiguring Drive LettersConfiguring Mount PointsExtending Partitions on Basic DisksDeleting a Partition, Logical Drive, or Volume
Managing GPT Disk Partitions on Basic Disks
ESPMSR PartitionsPrimary PartitionsLDM Metadata and LDM Data PartitionsOEM or Unknown Partitions
Managing Volumes on Dynamic Disks
Creating a Simple or Spanned VolumeExtending a Simple or Spanned VolumeRecovering a Failed Simple or Spanned DiskMoving Dynamic DisksConfiguring RAID 1: Disk MirroringCreating a Mirrored Set Using Two New DisksAdding a Mirror to an Existing VolumeMirroring Boot and System VolumesMirroring Boot and System Volumes on MBR DisksMirroring Boot and System Volumes on GPT DisksConfiguring RAID 5: Disk Striping with ParityBreaking or Removing a Mirrored SetResolving Problems with Mirrored SetsRepairing a Mirrored System Volume to Enable BootRebuilding Mirrored System Volumes on MBR DisksRebuilding Mirrored System Volumes on GPT DisksResolving Problems with RAID-5 Sets
20. Managing Windows Server 2003 File Systems
Understanding Disk and File System Structure
Using FAT
File Allocation Table StructureFeature FAT16 FAT32
Using NTFS
NTFS StructuresNTFS FeaturesAnalyzing NTFS Structure
Advanced NTFS Features
Hard LinksData StreamsChange JournalsObject IdentifiersReparse PointsRemote StorageSparse Files
Using File-Based Compression
NTFS CompressionCompressed (Zipped) Folders
Managing Disk Quotas
How Quota Management WorksConfiguring Disk QuotasCustomizing Quota Entries for Individual UsersManaging Disk Quotas After ConfigurationExporting and Importing Quota Entries
Maintaining File System Integrity
How File System Errors OccurFixing File System Errors by Using Check DiskAnalyzing FAT Volumes by Using ChkDskAnalyzing NTFS Volumes by Using ChkDskRepairing Volumes and Marking Bad Sectors by Using ChkDsk
Defragmenting Disks
Fixing Fragmentation by Using Disk DefragmenterUnderstanding the Fragmentation Analysis
21. File Sharing and Security
File Sharing EssentialsUsing and Finding SharesHiding and Controlling Share AccessSpecial and Administrative SharesC$, D$, E$, and Other Drive SharesADMIN$FAXCLIENT and FXSSRVCP$IPC$NETLOGONMicrosoft UAM VolumePRINT$SYSVOLAccessing Shares for Administration
Creating and Publishing Shared Folders
Creating Shares by Using Windows ExplorerCreating Shares by Using Computer ManagementPublishing Shares in Active Directory
Managing Share Permissions
Understanding Share PermissionsConfiguring Share Permissions
Managing File and Folder Permissions
File and Folder OwnershipTaking Ownership of a File or FolderTransferring OwnershipPermission Inheritance for Files and FoldersChanging Shaded Permissions and Stopping InheritanceResetting and Replacing PermissionsConfiguring File and Folder PermissionsBasic PermissionsSpecial PermissionsDetermining Effective Permissions
Managing File Shares After Configuration
Tracking and Logging File Share Permissions by Using SrvCheckCopying File Share Permissions
Sharing Files on the Web
Auditing File and Folder Access
Enabling Auditing for Files and FoldersSpecifying Files and Folders to AuditMonitoring the Security Logs
22. Using Volume Shadow Copy
Shadow Copy EssentialsUsing Shadow Copies of Shared FoldersHow Shadow Copies WorksImplementing Shadow Copies for Shared Folders
Managing Shadow Copies in Computer Management
Configuring Shadow Copies in Computer ManagementMaintaining Shadow Copies After Configuration
Configuring Shadow Copies at the Command Line
Enabling Shadow Copying from the Command LineCreate Manual Snapshots from the Command LineViewing Shadow Copy InformationDeleting Snapshot Images from the Command LineDisabling Shadow Copies from the Command Line
Using Shadow Copies on Clients
Obtaining and Installing the ClientInstalling the Previous Versions ClientInstalling the Shadow Copy ClientAccessing Shadow Copies on Clients
Restoring Shadow Copies from the Command Line
Searching for a File and Listing Available VersionsLocating and Restoring Previous Versions from the Command Line
23. Using Removable Media
Introducing Removable MediaUnderstanding Media LibrariesUnderstanding Media PoolsWorking with the Removable Storage Snap-InUnderstanding Media State and IdentificationUnderstanding Access Permissions for Removable Storage
Managing Media Libraries and Media
Inserting Media into a LibraryEjecting Media from a LibraryMounting and Dismounting Media in LibrariesEnabling and Disabling MediaEnabling and Disabling DrivesCleaning DrivesWorking with Library Doors and PortsConfiguring Library InventoryStarting Library InventoryChanging Library Media TypesEnabling and Disabling Libraries
Managing Media Pools
Preparing Media for Use in the Free Media PoolMoving Media to a Different Media PoolCreating Application Media PoolsChanging the Media Type in a Media PoolSetting Allocation and Deallocation PoliciesDeleting Application Media Pools
Managing Work Queues, Requests, and Security
Using the Work QueueTroubleshooting Waiting OperationsChanging Mount OperationsControlling When Operations Are DeletedUsing the Operator Requests QueueNotifying Operators of RequestsCompleting or Refusing RequestsControlling When Requests Are DeletedSetting Access Permissions for Removable Storage
6. Managing Windows Server 2003 Networking and Print Services
24. Managing TCP/IP Networking
Understanding IP AddressingUnicast IP AddressesClass A NetworksClass B NetworksClass C NetworksLoopback, Public, and Private AddressesMulticast IP AddressesBroadcast IP Addresses
Special IP Addressing Rules
Using Subnets and Subnet Masks
Subnet MasksNetwork Prefix NotationSubnettingSubnetting Class A NetworksSubnetting Class B NetworksSubnetting Class C Networks
Getting and Using IP Addresses
Understanding Name Resolution
Domain Name SystemHost NamesDomain NamesFully Qualified Domain Name (FQDN)Name ResolutionWindows Internet Naming Service (WINS)
Configuring TCP/IP Networking
Preparing for Installation of TCP/IP NetworkingInstalling TCP/IP NetworkingConfiguring Static IP AddressingConfiguring Dynamic IP AddressingConfiguring Automatic Private IP AddressingConfiguring Advanced TCP/IP SettingsConfiguring Advanced IP SettingsConfiguring Advanced DNS SettingsConfiguring Advanced WINS SettingsConfiguring Advanced TCP/IP Options
25. Managing DHCP
DHCP Essentials
DHCP Security Considerations
Planning DHCP Implementations
DHCP Messages and Relay AgentsDHCP Availability and Fault Tolerance50/50 Failover80/20 Failover100/100 Failover
Setting Up DHCP Servers
Installing the DHCP Server ServiceAuthorizing DHCP Servers in Active DirectoryCreating and Configuring ScopesCreating Normal Scopes Using the DHCP ConsoleCreating Normal Scopes Using NetshUsing ExclusionsUsing ReservationsActivating Scopes
Configuring TCP/IP Options
Levels of Options and Their UsesOptions Used by Windows ClientsUsing Userand Vendor-Specific TCP/IP OptionsSettings Options for All ClientsSettings Options for Routing and Remote Access Clients OnlySetting Add-On Options for Directly Connected ClientsDefining Classes to Get Different Option SetsCreating the ClassConfiguring Clients to Use the Class
Advanced DHCP Configuration and Maintenance
Configuring DHCP Audit LoggingBinding the DHCP Server Service to a Network InterfaceIntegrating DHCP and DNSEnabling Conflict Detection on DHCP ServersSaving and Restoring the DHCP ConfigurationManaging and Maintaining the DHCP DatabaseSetting DHCP Database PropertiesBacking Up and Restoring the DatabaseRepairing the DHCP Database
Setting Up DHCP Relay Agents
Configuring and Enabling Routing and Remote AccessAdding and Configuring the DHCP Relay Agent
26. Architecting DNS Infrastructure
DNS Essentials
Planning DNS Implementations
Public and Private NamespacesName Resolution Using DNSDNS Resource RecordsDNS Zones and Zone TransfersZones That Aren't Integrated with Active DirectoryZones That Are Integrated with Active DirectorySecondary Zones, Stub Zones, and Conditional Forwarding
Security Considerations
DNS Queries and SecurityDNS Dynamic Updates and SecurityExternal DNS Name Resolution and Security
Architecting a DNS Design
Split-Brain Design: Same Internal and External NamesSeparate-Name Design: Different Internal and External Names
27. Implementing and Managing DNS
Installing the DNS Server ServiceUsing DNS with Active DirectoryUsing DNS Without Active DirectoryDNS Setup
Configuring DNS Using the Wizard
Configuring a Small Network Using the Configure A DNS Server WizardConfiguring a Large Network Using the Configure A DNS Server Wizard
Configuring DNS Zones, Subdomains, Forwarders, and Zone Transfers
Creating Forward Lookup ZonesCreating Reverse Lookup ZonesConfiguring Forwarders and Conditional ForwardingConfiguring Subdomains and Delegating AuthorityConfiguring Zone TransfersConfiguring Secondary Notification
Adding Resource Records
Host Address (A) and Pointer (PTR) RecordsCanonical Name (CNAME) RecordsMail Exchanger (MX) RecordsName Server (NS) RecordsStart Of Authority (SOA) RecordsService Location (SRV) Records
Maintaining and Monitoring DNS
Configuring Default Application Directory Partitions and Replication ScopeSetting Aging and ScavengingConfiguring Logging and Checking DNS Server Logs
Troubleshooting DNS Client Service
Try Reregistering the ClientCheck the Client's TCP/IP ConfigurationCheck the Client's Resolver CachePerform Lookups for Troubleshooting
Troubleshooting DNS Server Service
Check the Server's TCP/IP ConfigurationCheck the Server's CacheCheck Replication to Other Name ServersExamine the Configuration of the DNS ServerExamine Zones and Zone Records
28. Implementing and Maintaining WINS
WINS EssentialsNetBIOS Namespace and ScopeNetBIOS Node TypesWINS Name Registration and CacheWINS Implementation Details and New Features
Setting Up WINS Servers
Installing WINSWINS Postinstallation Tasks
Configuring Replication Partners
Replication EssentialsConfiguring Automatic Replication PartnersUsing Designated Replication Partners
Configuring and Maintaining WINS
Configuring Burst HandlingChecking Server Status and ConfigurationChecking Active Registrations and Scavenging RecordsMaintaining the WINS DatabaseVerifying the WINS Database ConsistencyCompacting the WINS DatabaseBacking Up the WINS DatabaseRestoring the WINS Database
Enabling WINS Lookups Through DNS
29. Installing and Maintaining Print Services
Understanding Windows Server 2003 Print Services
Print Services Changes for Windows Server 2003
Upgrading Windows NT 4 Print Servers to Windows Server 2003
Migrating Print Servers from One System to Another
Manually Migrating Print ServersAutomating Print Server Migration
Planning for Printer Deployments and Consolidation
Sizing Print Server Hardware and Optimizing ConfigurationSizing Printer Hardware and Optimizing Configuration
Setting Up Printers
Adding Local PrintersAdding Network-Attached PrintersAdding Standard TCP/IP PrintersAdding LPR Printers for UNIX and LPDAdding AppleTalk PrintersChanging Standard TCP/IP Port Monitor SettingsConnecting Users to Shared PrintersAccessing Shared Printers on Windows 95, Windows 98, or Windows NT 4Accessing Shared Printers on Windows 2000 or LaterConnecting to Shared Printers Using the Command Line and Scripts
Managing Printer Permissions
Understanding Printer PermissionsConfiguring Printer PermissionsAssigning Printer OwnershipAuditing Printer Access
Managing Print Server Properties
Viewing and Creating Printer FormsViewing and Configuring Printer PortsViewing and Configuring Print DriversConfiguring Print Spool, Logging, and Notification Settings
Managing Printer Properties
Setting General Properties, Printing Preferences, and Document DefaultsSetting Overlays and Watermarks for DocumentsInstalling and Updating Print Drivers on ClientsConfiguring Printer Sharing and PublishingOptimizing Printing Through Queues and PoolingConfiguring Queue Priority and SchedulingConfiguring Printer PoolingConfiguring Print SpoolingViewing the Print Processor and Default Data TypeConfiguring Separator PagesUsing Separator PagesSetting a Separator PageCustomizing Separator PagesConfiguring Color Profiles
Managing Print Jobs
Pausing, Starting, and Canceling All PrintingViewing Print JobsManaging Print Jobs
Printer Maintenance and Troubleshooting
Monitoring Print Server PerformancePreparing for Print Server FailureSolving Printing ProblemsPrinter Troubleshooting EssentialsComprehensive Printer TroubleshootingResolving Garbled or Incorrect Printing
30. Using Remote Desktop for Administration
Remote Desktop for Administration Essentials
Configuring Remote Desktop for Administration
Enabling Remote Desktop for Administration on ServersPermitting and Restricting Remote LogonConfiguring Remote Desktop for Administration Through Group Policy
Supporting Remote Desktop Connection Clients
New Features for the Remote Desktop Connection ClientInstalling Remote Desktop Connection ClientsRunning the Remote Desktop Connection ClientRunning Remote Desktops
Tracking Who's Logged On
31. Deploying Terminal Services
Using Terminal ServicesTerminal Services ClientsTerminal Services ServersTerminal Services Licensing
Designing the Terminal Services Infrastructure
Capacity Planning for Terminal ServicesPlanning Organizational Structure for Terminal ServicesDeploying Single-Server EnvironmentsDeploying Multi-Server Environments
Setting Up Terminal Services
Installing Terminal ServicesInstalling Applications for Clients to UseChoosing Applications for Terminal Services UsersApplication Licensing for Terminal Services UsersInstalling Applications for Terminal Services UsersUsing Application Compatibility ScriptsModifying Applications After InstallationEnabling and Joining the Session Directory ServiceEnable and Start the Terminal Services Session Directory ServiceAuthorize Terminal Servers to Use the Terminal Services Session Directory ServiceConfigure Each Server to Join the Session DirectorySetting Up a Terminal Services License ServerConsiderations for Installing a Terminal Services License ServerInstalling a Terminal Services License ServerActivating the License Server and Configuring Licenses for Use
Using the Terminal Services Configuration Tool
Configuring Global Connection SettingsConfiguring Server SettingsConfiguring Terminal Services SecurityAuditing Terminal Services Access
Using the Terminal Services Manager
Connecting to Terminal ServersGetting Terminal Services InformationManaging User Sessions in Terminal Services Manager
Managing Terminal Services from the Command Line
Gathering Terminal Services InformationManaging User Sessions from the Command Line
Other Useful Terminal Services Commands
Configuring Terminal Services Per-User Settings
Getting Remote Control of a User's SessionSetting Up the Terminal Services Profile for Users
7. Managing Active Directory and Security
32. Active Directory Architecture
Active Directory Physical ArchitectureActive Directory Physical Architecture: A Top-Level ViewActive Directory Within the Local Security AuthorityDirectory Service ArchitectureProtocols and Client InterfacesDirectory System Agent and Database LayerExtensible Storage EngineData Store Architecture
Active Directory Logical Architecture
Active Directory ObjectsActive Directory Domains, Trees, and ForestsActive Directory TrustsActive Directory Namespaces and PartitionsActive Directory Data Distribution
33. Designing and Managing the Domain Environment
Design Considerations for Active Directory Replication
Design Considerations for Active Directory Search and Global Catalogs
Searching the TreeAccessing the Global CatalogDesignating Global Catalog ServersDesignating Replication Attributes
Design Considerations for Compatibility
Understanding Domain Functional LevelUnderstanding Forest Functional LevelRaising the Domain or Forest Functional Level
Design Considerations for Active Directory Authentication and Trusts
Universal Groups and AuthenticationUnderstanding Security Tokens and Universal Group Membership CachingEnabling Universal Group Membership CachingNTLM and Kerberos AuthenticationEstablishing the Initial AuthenticationAccessing Resources After AuthenticationAuthentication and Trusts Across Domain BoundariesTwo-Way Transitive TrustsShortcut TrustsAuthentication and Trusts Across Forest BoundariesExamining Domain and Forest TrustsEstablishing External, Shortcut, Realm, and Cross-Forest TrustsVerifying and Troubleshooting Trusts
Delegating Authentication
Delegated Authentication EssentialsConfiguring Delegated AuthenticationConfiguring the Delegated User AccountConfiguring the Delegated Service or Computer Account
Design Considerations for Active Directory Operations Masters
Operations Master RolesUsing, Locating, and Transferring the Schema Master RoleUsing, Locating, and Transferring the Domain Naming Master RoleUsing, Locating, and Transferring the Relative ID Master RoleUsing, Locating, and Transferring the PDC Emulator RoleUsing, Locating, and Transferring the Infrastructure Master Role
34. Organizing Active Directory
Creating an Active Directory Implementation or Update Plan
Developing a Forest Plan
Forest NamespaceSingle vs. Multiple ForestsForest Administration
Developing a Domain Plan
Domain Design ConsiderationsSingle vs. Multiple DomainsForest Root Domain Design ConfigurationsChanging Domain Design
Developing an Organizational Unit Plan
Using Organizational Units (OUs)Using OUs for DelegationUsing OUs for Group PolicyCreating an OU DesignOU Design: Division or Business Unit ModelOU Design: Geographic ModelOU Design: The Cost Center ModelOU Design: The Administration Model
35. Configuring Active Directory Sites and Replication
Working with Active Directory SitesSingle Site vs. Multiple SitesReplication Within and Between SitesDetermining Site Boundaries
Understanding Active Directory Replication
Replication Enhancements for Windows Server 2003Replication Architecture: An OverviewIntrasite Replication EssentialsIntersite Replication Essentials
Replication Rings and Directory Partitions
Developing or Revising a Site Design
Mapping Network InfrastructureCreating a Site DesignMapping the Network Structure to Site StructureDesigning Each Individual SiteDesigning the Intersite Replication TopologyConsidering the Impact of Site Link BridgingPlanning the Placement of Servers in Sites
36. Implementing Active Directory
Preinstallation Considerations for Active DirectoryHardware and Configuration Considerations for Domain ControllersConfiguring Active Directory for Fast Recovery with Storage Area NetworksConnecting Clients to Active Directory
Installing Active Directory
Active Directory Installation Options and IssuesUsing the Configure Your Server WizardUsing the Active Directory Installation WizardCreating Additional Domain Controllers for an Existing DomainCreating Domain Controllers in a New DomainUsing the Active Directory Installation Wizard with Backup Media
Uninstalling Active Directory
Creating and Managing Organizational Units (OUs)
Creating an OUSetting OU PropertiesCreating or Moving Accounts and Resources for Use with an OU
Delegating Administration of Domains and OUs
Understanding Delegation of AdministrationDelegating Administration
37. Managing Users, Groups, and Computers
Managing Domain User AccountsTypes of UsersConfiguring User Account PoliciesEnforcing Password PolicyConfiguring Account Lockout PolicySetting Kerberos PolicyUnderstanding User Account Capabilities, Privileges, and RightsAssigning User RightsAssigning User Rights for a Domain or OUAssigning User Rights on a Specific ComputerCreating and Configuring Domain User AccountsViewing and Setting User Account PropertiesObtaining Effective PermissionsConfiguring Account OptionsConfiguring Profile Options
Managing User Profiles
Profile EssentialsProfile Changes and New FeaturesGroup Policy Changes for User ProfilesImplementing and Creating Preconfigured ProfilesConfiguring Local User ProfilesConfiguring Roaming User ProfilesImplementing Mandatory User ProfilesSwitching Between a Local and a Roaming User Profile
Managing User Data
Using Folder RedirectionUsing Offline FilesConfiguring Offline Files on File ServersConfiguring Offline Files on ClientsConfiguring Offline Files in Group PolicyManaging File Synchronization
Maintaining User Accounts
Deleting User AccountsDisabling and Enabling User AccountsMoving User AccountsRenaming User AccountsResetting a User's Domain PasswordUnlocking User AccountsCreating a Local User Account Password Backup
Managing Groups
Understanding GroupsTypes of GroupsUnderstanding the Scopes of GroupsCreating a GroupAdding Members to GroupsDeleting a GroupModifying GroupsFind a GroupManaging the Properties of GroupsModifying Other Group Settings
Managing Computer Accounts
Creating a Computer Account in Active DirectoryJoining Computers to a DomainMoving a Computer AccountDisabling a Computer AccountDeleting a Computer AccountManaging a Computer AccountResetting a Computer AccountConfiguring Properties of Computer Accounts
38. Managing Group Policy
Understanding Group PolicyLocal and Active Directory Group PolicyGroup Policy SettingsGroup Policy ArchitectureSysvol Replication Using the File Replication Service
Implementing Group Policy
Working with Local Group PolicyWorking with the Group Policy Object EditorCreating and Linking a New GPO Using the Group Policy Object EditorEditing an Existing GPO Using the Group Policy Object EditorLinking to an Existing GPO Using the Group Policy Object EditorDeleting an Existing GPO by Using the Group Policy Object EditorWorking with the Group Policy Management ConsoleInstalling and Running the Group Policy Management ConsoleUsing the Group Policy Management ConsoleAccessing Forests, Domains, and Sites in Group Policy Management ConsoleCreating and Linking a New GPO in Group Policy Management ConsoleEditing an Existing GPO in the Group Policy Management ConsoleLinking to an Existing GPO in the Group Policy Management ConsoleDeleting an Existing GPO in the Group Policy Management Console
Managing Group Policy Inheritance and Processing
Group Policy InheritanceModifying InheritanceFiltering Group Policy ApplicationGroup Policy ProcessingModifying Group Policy ProcessingModifying User Policy Preference Using Loopback Processing
Using Scripts in Group Policy
Configuring Computer Startup and Shutdown ScriptsConfiguring User Logon and Logoff Scripts
Applying Group Policy Through Security Templates
Working with Security TemplatesApplying Security Templates
Maintaining and Troubleshooting Group Policy
Group Policy RefreshModifying Group Policy RefreshViewing Applicable GPOs and Last RefreshModeling GPOs for PlanningRefreshing Group Policy ManuallyBacking Up GPOsRestoring GPOsFixing Default Group Policy
39. Active Directory Site Administration
Managing Sites and SubnetsCreating an Active Directory SiteCreating a Subnet and Associating It with a SiteAssociating Domain Controllers with a Site
Managing Site Links and Intersite Replication
Understanding IP and SMTP Replication TransportsCreating a Site LinkConfiguring Site Link BridgesDetermining the ISTGConfiguring Site Bridgehead ServersConfiguring Site Link Replication Options
Monitoring and Troubleshooting Replication
Using the Replication AdministratorUsing the Replication Monitor
8. Windows Server 2003 Disaster Planning and Recovery
40. Disaster Planning
Preparing for a DisasterDeveloping Contingency ProceduresImplementing Problem Escalation and Response ProceduresCreating a Problem Resolution Policy Document
Predisaster Preparation Procedures
Performing BackupsCreating and Using ASR DisksCreating and Using Boot DisksSetting Startup and Recovery OptionsInstalling and Using the Recovery Console
41. Backup and Recovery
Developing Backup StrategiesCreating Your Backup StrategyBackup Strategy ConsiderationsSelecting the Optimal Backup TechniquesUnderstanding Backup TypesUsing Media Rotation and Maintaining Additional Media Sets
Backing Up and Recovering Your Data
Using the Backup UtilitySetting Default Options for BackupGeneral Backup and Restore OptionsSetting Restore, Backup Type, and Backup Log OptionsExcluding Files from BackupBacking Up Your DataRecovering Your DataRecovering Configuration Data
Backing Up and Restoring Active Directory
Backup and Recovery Strategies for Active DirectoryPerforming a Nonauthoritative Restore of Active DirectoryPerforming an Authoritative Restore of Active DirectoryPerforming a Primary Restore of Sysvol DataRestoring a Failed Domain Controller by Installing a New Domain Controller
Troubleshooting Startup and Shutdown
Resolving Startup IssuesRepairing Missing or Corrupted System FilesResolving Restart or Shutdown Issues
Index to Troubleshooting Topics
Index
SPECIAL OFFER: Upgrade this ebook with O’Reilly

Content preview from Microsoft® Windows Server™ 2003 Inside Out

Security Considerations

DNS security is an important issue, and this discussion focuses on three areas:

DNS queries from clients
DNS dynamic updates
External DNS name resolution

DNS Queries and Security

A client that makes a query trusts that an authoritative DNS name server gives it the right information. In most environments, this works fine. Users or administrators specify the initial DNS name servers to which DNS queries should be forwarded in a computer's TCP/IP configuration. In some environments where security is a major concern, administrators might be worried about DNS clients getting invalid information from DNS name servers. Here, administrators might want to look at the DNS Security (DNSSEC) protocol. DNSSEC is especially useful for companies ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0735620482Catalog Page Errata

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Microsoft® Windows Server™ 2003 Inside Out

by William R. Stanek

Security Considerations

DNS Queries and Security

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Inside Windows® Server 2003

Windows Server® 2008 Inside Out

Microsoft® Windows Server™ 2003 Administrator's Companion, 2nd Edition

Windows Server® 2008 R2 Unleashed

Publisher Resources