Microsoft® Windows® Server 2003 Insider Solutions

Microsoft® Windows® Server 2003 Insider Solutions

by Rand H. Morimoto - MCSE, Andrew Abbate - MCSE, Eric Kovach - MCSE, Ed Roberts - MVP (Windows Server)
Released November 2003
Publisher(s): Sams
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Rather than being a traditional planning, design, and implementation guide, this book is a serious resource for Windows experts to find tips, tricks, and best practices for implementing and supporting key Windows Server 2003 technologies. The authors started working with Windows Server 2003 (then codename Whistler) just days after the code for Windows 2000 was locked, when most organizations were getting a first chance to see the Windows 2000 server product. With more than three years of experience working with Whistler in early beta and production implementations, the authors of this book have provided a resource to help you make Windows 2003 technologies work properly.

When given a choice of different ways of implementing the technologies, you can turn to this book for the best practices of successful field implementations. This book is organized into eight parts focusing around a core technological solution area, with several chapters making up each part. Sections include security, management, design, migration, business continuity, performance, and business productivity.

Table of contents

  1. Copyright
    1. Dedications
  2. About the Authors
  3. Acknowledgments
  4. We Want to Hear from You!
  5. Introduction
  6. I. Security Solutions
    1. 1. Securing Windows Server 2003
      1. Improved Default Security in Windows 2003
        1. Improvements over Windows 2000
        2. New Security Technologies Introduced in Windows 2003
      2. Securing the Hatches
        1. Implementing Transport Layer Security
        2. Requiring Digital Signing
        3. Leveraging PKI
        4. Installing Certificate Services
        5. Importance of Physical Security
      3. Know Who is Connected Using Two-factor Authentication
        1. Utilizing Smartcards
        2. Leveraging Biometrics to Enhance Security
      4. Using Templates to Improve Usage and Management
        1. Using the Security Configuration and Analysis Tool
        2. Leveraging Secure Templates
      5. Patrolling the Configuration
        1. Auditing the System Security
        2. Using the Microsoft Baseline Security Analyzer
        3. Using Vulnerability Scanners
        4. Auditing the File System
      6. Securing the File System
        1. Locking Down the File System via NTFS
        2. Locking Down Group Membership
        3. Keeping Users Out of Critical File Areas
      7. Securing Web Services
        1. Using SSL
        2. Scanning the Web Servers for Vulnerabilities
        3. Keeping up with Patches
        4. Locking Down IIS
      8. Keeping Files Confidential with EFS
        1. Leveraging Standalone EFS
        2. Common Pitfalls with Encrypted File System Implementations
      9. Bulletproof Scenario
      10. Summary
    2. 2. Implementing Secured Wireless Technologies
      1. Working Through Walls
        1. Common Mistakes When Planning Access Point Placement
          1. Considering Signal Attenuation
          2. Planning Signal Coverage
          3. Reducing Interference
          4. Considering Distance
          5. Turning Down the Volume
          6. Connecting to Power
          7. Bridging Versus Broadcasting
      2. Managing Spectrums to Avoid Denial of Service
        1. Choosing Your Channel
        2. Protecting Yourself from Internal Interference
        3. Protecting the Wireless Network
      3. Implementing Support for Secure 802.1x Technologies
      4. Taking Advantage of Windows Server 2003 Security Features
        1. Configuring the Wireless Network (IEEE 802.11) Policy
        2. Choosing the Proper Wireless Network Policy Properties
        3. Incorporating Certificates into Wireless Security
        4. Configuring Certificate Services
        5. Configuring Internet Authentication Services (IAS)
        6. Configuring EAP-TLS Authentication
      5. Configuring the Wireless Client
        1. Configuring Wi-Fi Protected Access (WPA)
          1. Required Updates
          2. Authentication
          3. Key Management
          4. Temporal Key Integrity Protocol (TKIP)
          5. Michael
          6. Advanced Encryption Standard (AES)
          7. Mixing WEP and WPA Wireless Clients
      6. Maximizing Wireless Security Through Tunneling
        1. While You’re Away
        2. VPN Pass-through is Important
      7. Maintaining Knowledge of Your Wireless Networks
        1. Keeping Track of People, Places, and Things
        2. Wireless Networking–Related IEEE Standards
        3. Other Resources
      8. Summary
    3. 3. Integrating Smartcard and Secured Access Technologies
      1. Maximizing Certificate Services Implementations
        1. Using Windows Server 2003 Updates
        2. Choosing the CA Roles
        3. Incorporating Smartcards
          1. Securing Log-ins
          2. Securing E-mail
          3. Securing Documents
          4. Securing Buildings
      2. Securing Certificate Services
        1. Locking Down Servers
        2. Separating Server Roles
        3. Assigning Administrative Roles
      3. Getting the Most Out of Smartcards
        1. Choosing an Appropriate Smartcard
        2. Memory Requirements
        3. Smartcard Roles
        4. Smartcard Life Expectancy
        5. Smartcard Reader
        6. Smartcard Management Tools
        7. Making Users Use Smartcards
        8. Providing Security Reports
      4. Tips and Tricks for Securing Access to the Network
        1. Using Physical Security
        2. Keeping Security Rules Simple
        3. Covering Your Tracks
      5. Creating a Single Sign-on Environment
        1. Consolidating Directories
        2. Consolidating Applications
      6. Securing Access to Web Servers and Services
        1. Locking the Doors
        2. Hiding the Keys
        3. Requiring SSL
      7. Protecting Certificate-based Services from Disaster
        1. Building Fault Tolerance
        2. Planning Backup and Restoration
      8. Integrating Smartcards with Personal Devices
        1. Using Smartcards with a Pocket PC
        2. Using Smartcards with Smart Phones
      9. Summary
  7. II. Management and Administration Solutions
    1. 4. Distributing Administration
      1. Choosing the Best Administrative Model for Your Organization
        1. Centralized Administration
        2. Distributed Administration
        3. Mixed Administration
        4. Applying the Administrative Models
      2. Using Role-based Administration for Optimal Delegation
        1. The Operations Manager
        2. The Security Administrator
        3. The Network Administrator
        4. The Directory Service Administrator
      3. Leveraging the Delegation of Control Wizard
        1. Delegation Through Organizational Units
        2. Delegating Simple Administrative Tasks
        3. Delegating Custom Tasks
      4. Enhancing Administration with Functional Levels
        1. Windows 2000 Mixed Domain Functional Level
        2. Windows 2000 Native Functional Level
        3. Windows Server 2003 Interim Functional Level
        4. Windows Server 2003 Functional Level
        5. Domain Administrative Functionality
        6. Forest Administrative Functionality
      5. Managing Domain and Enterprise Administration
        1. Managing the Domain Admins Group
        2. Managing the Enterprise Admins Group
      6. Developing Group Policies that Affect Administration
        1. Linking Group Policies to the Appropriate Containers
        2. Enforcing a Complex Administrator Password via Group Policy
        3. Restricting Administrative Group Memberships
        4. Delegating Rights with Group Policies
      7. Testing Level of Administrative Access
        1. Testing Changes in a Lab Environment
        2. Documenting Test Processes and Results
        3. Group Policy Modeling
        4. Resultant Set of Policy (RSoP)
      8. Auditing Administrative Activities
        1. Audit Settings on Domain Controllers
        2. Collect and Archive Security Logs
        3. Audit Accounts Management Events
        4. Size the Security Log Appropriately
      9. Summary
    2. 5. Managing User Rights and Permissions
      1. Leveraging Domain Local, Global, and Universal Groups
        1. Choosing the Appropriate Group Type
          1. Security Groups
          2. Distribution Groups
          3. Mail-enabled Groups
        2. Choosing the Appropriate Group Scope
          1. Machine Local Groups
          2. Domain Local Groups
          3. Global Groups
          4. Universal Groups
      2. Using NTFS and AD Integrated File Shares
        1. Using NTFS to Set Permissions
        2. Setting NTFS Permissions
        3. Using Active Directory Integrated Shares
        4. Using Allow/Deny Permissions
        5. Assigning User Rights and Privileges
      3. Using Group Policy to Administer Rights and Permissions
        1. Assigning Rights with Group Policy
        2. Granting Access to Files with Group Policy
        3. Granting Access to Registry Settings with Group Policy
        4. Managing Groups with Group Policy
      4. Maximizing Security, Functionality, and Lowering Total Cost of Ownership (TCO) with User Profiles
        1. Local and Roaming Profiles
        2. All Users and Default Profiles
        3. Mandatory Profiles
        4. Temporary Profiles
      5. Managing Rights and Permissions for Specific User Types
        1. Managing Highly Managed Users
        2. Managing Mobile Users
        3. Managing Administrators for Flexibility and Security
      6. Summary
    3. 6. Implementing Group Policies
      1. Leveraging Group Policies
        1. Using Computer Policies
        2. Using User Policies
        3. Understanding Group Policy Refresh Intervals
      2. Group Policy Deployment
        1. Less is More
        2. Knowing Resultant Set of Policies (RSoP)
        3. Group Policy Order of Inheritance
        4. Knowing the Impact of Slow Link Detection
        5. Delegating GP Management Rights
        6. Avoiding Cross-Domain Policy Assignments
        7. Using Group Policy Naming Conventions
        8. Understanding the Default Domain Policy
      3. Understanding GP Inheritance and Application Order
        1. Group Policy Inheritance
        2. Understanding the Order in Which Group Policies Are Applied
        3. Modifying Group Policy Inheritance
        4. Configuring Group Policy Loopback
      4. Understanding the Effects of Slow Links on Group Policy
        1. What is the Effect of a Slow Link on a Site?
        2. Determining Slow Link Speed
        3. Configuring a Unique Slow Link Speed
      5. Using Tools to Make Things go Faster
        1. Linking Group Policies
        2. Configuring the Group Policy Snap-in
        3. Disabling Configuration Settings
        4. Viewing Group Policy Using the Show Configured Policies Only Setting
        5. Deleting Orphaned Group Policies
      6. Automating Software Installations
        1. Best Practices for Software Installs
        2. Determining Whether a Push Was Successful
      7. Enhancing Manageability with Group Policy Management Console
        1. GPO Operations: Backup, Restore, Copy, and Import
        2. Migrating Tables
        3. Supporting Group Policy Management Across Forests
        4. HTML Reporting Functionality and the Settings Tab
        5. Linking WMI Filters
        6. Searching the GPMC for Group Policies
      8. Using Resultant Set of Policies in GPMC
        1. Group Policy Modeling Using Resultant Set of Policy
        2. Using RSoP Logging Mode to Discover Applied Policies
      9. Maximizing Security with Group Policy
        1. Predefined Security Templates
        2. Required Default Domain Group Policy Settings
        3. Restricted Groups: Assigning Local Groups Through GP
      10. Increasing Fault Tolerance with Intellimirror
        1. Using Folder Redirection
        2. Using Roaming Profiles
      11. Leveraging Other Useful Tools for Managing Group Policies
        1. Using the GPupdate Tool
        2. Using the GPresult Tool
        3. Using the GPmonitor.exe Tool
        4. Using the GPOTool Tool
        5. Using the FRSDiag.exe Tool
        6. Using the Sonar.exe Tool
      12. Using Administrative Templates
        1. Understanding Polices Versus Preference
        2. Using Microsoft Add-on GP Templates
        3. Customizing Administrative Group Policy Templates
      13. Finding Additional Resources About Group Policy
        1. Microsoft Group Policy Web Site
        2. Group Policy White Papers
      14. Summary
    4. 7. Managing Desktops
      1. Automating Backup of Desktop Data
        1. Shadow Copy of Shared Folders
          1. Setting Up Shadow Copies Client
          2. Recovery of Files and Folders
          3. Recovering Deleted Files
          4. Recovering Overwritten or Corrupted Files
          5. Recovering Folders
        2. Folder Redirection
      2. Accelerating Deployments with Workstation Images
        1. Unattended Installation
        2. Using the Systems Preparation Tool (Sysprep) for Server Images
        3. Deploying Server Images with Remote Installation Service
      3. Creating Windows XP Images
        1. Installing Desktop Software
        2. Standardizing the Desktop
        3. The Little Things
      4. Automating Software Installation
      5. Slow Link Detection
      6. Ensuring a Secured Managed Configuration
        1. Decreasing Vulnerabilities Through Security Patches
        2. Maximizing Security on the Desktop
      7. Managing Systems and Configurations
        1. Managing Desktops Remotely
        2. Managing Multiuser Desktops
        3. Managing Mobile Computers
        4. Managing Public or Kiosk Workstations
        5. Managing Administrator Workstations
      8. Leveraging Useful Tools for Managing Desktops
        1. Floplock
        2. Netdom
        3. Con2prt
        4. User State Migration Tool (USMT)
      9. Summary
    5. 8. Administering Windows Server 2003 Remotely
      1. Using Remote Desktop for Administration
        1. Enhancements to Remote Administration with Remote Desktop Connection
        2. Enabling Remote Desktop for Administration
        3. Best Practices for Remote Desktop for Administration
          1. Use the Console Mode
          2. Configure Disconnect and Reset Timeouts
          3. Coordinate Remote Administration
          4. Distinguish Terminal Services from Remote Administration
      2. Taking Advantage of Windows Server 2003 Administration Tools
        1. Installing the Admin Pack
        2. Using Convenience Consoles
        3. Customizing Administration Consoles
      3. Using Out-Of-Band Remote Administration Tools for Emergency Administration
        1. Emergency Management Service (EMS)
        2. Configuring the Serial Connection for EMS
        3. Special Administration Console (SAC)
      4. Using and Configuring Remote Assistance
        1. Requirements for Remote Assistance
        2. Sending a Remote Assistance Invitation
      5. Securing and Monitoring Remote Administration
        1. Securing Remote Administration
        2. Monitoring Remote Administration
      6. Delegating Remote Administration
      7. Administering IIS in Windows Server 2003 Remotely
        1. Using Internet Information Services Manager (IIS)
        2. Using Terminal Services
        3. Using the Remote Administration (HTML) Tool
      8. Summary
    6. 9. Maintenance Practices and Procedures
      1. Maintenance is not as Interesting as Implementing New Technology
      2. What to Do Every Day
        1. Read the Logs
        2. Checking on System Resources
        3. Verify the Backups
      3. What to Do Every Week
        1. Check for System Updates
        2. Verify Active Directory Replication
        3. Audit Administrative Group Membership
        4. Perform a Test Restore
        5. Examining the Size of the Active Directory Database
        6. Examine the DHCP Scopes
      4. What to Do Every Month
        1. Active Directory Database Integrity Check
        2. Performing a Scandisk
        3. Reboot the System
        4. Defragment the System
        5. Check WINS for Corruptions
      5. Consolidating Servers as a Maintenance Task
        1. Windows System Resource Manager
        2. Virtual Servers
      6. Backup Tips and Tricks
        1. Improving Performance With a Dedicated Backup VLAN
        2. Spool to Disk and Later to Tape
        3. Grandfather, Father, Son Strategies and Changers
        4. Use the Appropriate Agents
        5. What to Include and Exclude in a Backup
      7. Making Automated System Recovery Work for You
      8. Leveraging Scripting for Maintenance Practices
        1. Taking Advantage of Command Line Interfaces
        2. Customizing the MMC View
        3. Ensuring Consistency with Checklists
      9. Why Five-9s Might Be a Bad Idea
        1. The Importance of Maintenance Windows
        2. Maintenance in a High Availability Environment
      10. Automating Updates
        1. Software Update Service Tuning: Using NTFS Permissions and Machine Groups
        2. Using SUS with Systems Management Server
        3. Enabling SUS with Group Policy Objects
      11. Summary
  8. III. Design and Implementation Solutions
    1. 10. Advanced Active Directory Design
      1. Implementations Small and Large
        1. Single Domain In-Place Upgrade
        2. Multiple Domains—Child
        3. Multiple Domains—Discontinuous
        4. Consolidating Domains
        5. Understanding Multiple Forests
        6. Using a Placeholder Root Domain
      2. Configuring and Reconfiguring Domains and Organizational Units
        1. Moving Objects Between Domains
        2. Moving Objects Between Organizational Units
      3. Sites and the New Knowledge Consistency Checker
        1. Summarizing Sites
        2. Site Adoption
        3. Controlling Site Authentication Using DNS
      4. Using Cross-Forest Trusts Effectively
        1. Account/Resource Forests
        2. Company Acquisition
      5. Interforest Synchronization
        1. Using GALSync to Do Directory Synchronizations
        2. Microsoft Identity Information Services
      6. Active Directory Migration Tool Best Practices
        1. Using ADMT to Migrate Resources
        2. Implications of SID History
        3. Cleaning Up SID History
        4. Improvements in ADMT 2.0
      7. Using Microsoft Metadirectory Services Effectively
        1. Features of Microsoft Identity Integration Server
          1. Centralization of Identity Information
          2. Managing Identity Information
          3. Managing Changes to Identity Information
          4. Broad Connectivity
      8. Domain Controller Placement
        1. Replication Traffic Migrating from Windows NT 4.0 Versus Authentication Traffic
        2. Determining the Value of Local Domain Controllers
        3. Spending on WAN Connectivity Versus Domain Controllers
      9. Global Catalog Placement
        1. What Does the Global Catalog Do?
        2. GC Replication Traffic Versus Lookup Traffic
        3. Determining the Impact of Global Catalog Failure
      10. Taking Advantage of Replication Improvements
        1. Benefits of Multi-Master Replication
      11. Active Directory Functional Levels
      12. Summary
    2. 11. Implementing Microsoft Windows Server 2003
      1. Best Practices for Successful Server Deployments
        1. Planning the Deployment
        2. Testing the Deployment
        3. Executing the Deployment
      2. Licensing and Activating Windows Server 2003
        1. Providing a Product Key
        2. Choosing a Licensing Mode
        3. Activating Windows Server 2003
      3. Automating Deployment with Remote Installation Service
        1. System Requirements for RIS
        2. Creating a Remote Installation Preparation Wizard (RIPrep) Image
        3. Securing Server Images
        4. Making the Most of the RIS Deployment Tool
      4. Using Sysprep for Servers to Maximize Consistency
        1. How Sysprep Works
        2. Taking Advantage of New Sysprep Features
      5. Customizing Setup Using Unattend and Setup Manager
        1. Taking Advantage of Setup Manager Enhancements
        2. Fully Automating Installs Using Unattend.txt
      6. Creating Custom Bootable CDs for Rapid Deployment
        1. Tools Needed for Creating Custom Install CDs
        2. Leveraging WinPE
      7. Optimizing Standard Server Configurations
        1. Optimize Performance Settings
        2. Optimize Security Settings
        3. Begin Routine Operations
      8. Customizing Servers with Setup Wizards
        1. Configuring Server Roles
        2. Managing Servers
      9. Controlling the Back-end with the Windows Registry
        1. The Registry Editor
        2. Protecting the Registry
        3. Maintaining the Registry
      10. Summary
    3. 12. Implementing Microsoft Active Directory
      1. Taking Advantage of Functional Levels
        1. Windows 2000 Mixed Domain Functional Level
        2. Windows 2000 Native Functional Level
        3. Windows Server 2003 Interim Functional Level
        4. Windows Server 2003 Functional Level
      2. Improving Domain Controller Installation
        1. Promoting a Member Server
        2. Demoting a Domain Controller
        3. Creating Replicas from Media
      3. Getting the Most Out of Global Catalog Servers
        1. Global Catalog Placement
        2. Universal Group Caching
        3. Customizing the Global Catalog
      4. Maximizing Flexible Single Master Operation (FSMO) Roles
        1. Proper Placement of Operation Master Roles
        2. Moving Operation Master Roles
      5. Expanding the Enterprise by Interconnecting Forests and Domains
        1. Configuring Forest Trusts
        2. Granting Cross-Forest Rights
        3. Authentication Firewall
      6. Enhancing Flexibility with Renaming Domains
        1. Understanding the Limitations
        2. Meeting the Prerequisites
        3. The Domain Rename Process
          1. Step 1: Generate Current Forest Description
          2. Step 2: Modify the XML File
          3. Step 3: Upload the Modified File
          4. Step 4: Prepare Domain Controllers
          5. Step 5: Execute the Rename Procedure
          6. Step 6: Cleanup Tasks
      7. Managing the Active Directory Schema
        1. Using Active Directory Service Interfaces (ADSI) Edit
        2. Using the Active Directory Schema Snap-in
        3. Schema Deactivation
      8. Improving Replication with Application Partitions
        1. Creating Application Partitions
        2. Creating a Replica
        3. Managing Replication
      9. Summary
    4. 13. Establishing a Solid Infrastructure Foundation
      1. Focusing on the Windows Server 2003 Infrastructure Components
        1. Network Addressing as the Infrastructure Foundation
        2. Simplifying Address Look-up with Name Resolution
        3. Centralizing Address Information with Directory Integration
        4. Network Services Changes in Windows Server 2003
          1. Active Directory–Integrated Zones
          2. Dynamic Updates
          3. Unicode Character Support
          4. DNS Changes in Windows Server 2003
      2. DNS in an Active Directory Environment
        1. Impact of DNS on Active Directory
        2. Active Directory in Non-Microsoft DNS Implementations
        3. Using Secondary Zones in an AD Environment
        4. Specifying SRV Records and Site Resolution in DNS
      3. The Domain Name System (DNS) In Depth
        1. The Need for DNS
        2. Framework for DNS
        3. Understanding the DNS Namespace
      4. Installing DNS Using the Configure Your Server Wizard
      5. Configuring DNS to Point to Itself
      6. Using Resource Records in a Windows 2003 Environment
        1. Start of Authority (SOA) Records in DNS
        2. DNS Host (A) Records
        3. Name Server (NS) Records
        4. Service (SRV) Records for Added DNS Information
        5. Mail Exchanger (MX) Records Defining E-mail Routing
        6. Pointer (PTR) Records for Reverse DNS Queries
        7. Canonical Name (CNAME) Records for Alias Information
        8. Other DNS Records that Store Information
      7. Establishing and Implementing DNS Zones
        1. Forward Lookup Zones
        2. Reverse Lookup Zones
        3. Primary Zones
        4. Secondary Zones
        5. Stub Zones
      8. Creating Zone Transfers in DNS
        1. Full Zone Transfer
        2. Incremental Zone Transfer (IXFR)
      9. Understanding the Importance of DNS Queries
        1. Recursive Queries
        2. Iterative Queries
      10. Other DNS Components
        1. Dynamic DNS (DDNS)
        2. Time to Live (TTL)
        3. Secure Updates
      11. DNS Maintenance, Updates, and Scavenging
        1. Root Hints
        2. Forwarders
        3. Using WINS for Lookups
      12. Troubleshooting DNS
        1. Using the DNS Event Viewer to Diagnose Problems
        2. Using Performance Monitor to Monitor DNS
        3. Client-Side Cache and HOST Resolution Problems
        4. Using the NSLOOKUP Command-Line Utility
        5. Using the IPCONFIG Command-Line Utility
        6. Using the TRACERT Command-Line Utility
        7. Using the DNSCMD Command-Line Utility
      13. The Dynamic Host Configuration Protocol (DHCP) In Depth
        1. The DHCP Client Service
        2. Automatic Private IP Addressing (APIPA)
        3. DHCP Relay Agents
        4. DHCP and Dynamic DNS
      14. DHCP Changes in Windows Server 2003
        1. DHCP Database Backup and Restore Automation
        2. DHCP in the Windows XP Client
      15. Installing DHCP and Creating New Scopes
      16. Creating DHCP Redundancy
        1. The 50/50 Failover Approach for DHCP Fault Tolerance
        2. The 80/20 Failover Approach to DHCP Fault Tolerance
        3. The 100/100 Failover Approach to DHCP Fault Tolerance
        4. Standby Scopes Approach
        5. Clustering DHCP Servers
      17. Advanced DHCP Concepts
        1. DHCP Superscopes
        2. DHCP Multicast Scopes
        3. DHCP Administrative Delegation
        4. Netsh Command-Line Utility
      18. Optimizing DHCP Through Proper Maintenance
      19. Securing a DHCP Implementation
        1. DHCP Authorization
        2. DHCP and Domain Controller Security
      20. Continuing Usage of Windows Internet Naming Service (WINS)
        1. Legacy Microsoft NetBIOS Resolution
        2. Integrating WINS and DNS
        3. Changes in Windows Server 2003 WINS
      21. Installing and Configuring WINS
        1. WINS Installation
        2. Configuring Push/Pull Partners
        3. WINS Replication
        4. NetBIOS Client Resolution and the LMHOSTS File
      22. WINS Planning, Migrating, and Maintenance
        1. Designing a WINS Environment
        2. Upgrading a WINS Environment
        3. WINS Database Maintenance
      23. Global Catalog Domain Controllers (GC/DCs) Placement
        1. The Active Directory Global Catalog
      24. The Need to Strategically Place GCs and DCs
        1. Universal Group Caching
        2. Global Catalog/Domain Controller Placement
      25. Summary
  9. IV. Migration and Integration Solutions
    1. 14. Migrating from Windows NT 4.0
      1. Migrating to a Scalable Windows 2003 Server Environment
        1. Planning for Future Hardware Needs
        2. Using the System Compatibility Checker
        3. Supporting Third-Party Software Applications
        4. Using the Compatibility Tool Kit Analyzer
        5. Migrating to a Flexible Active Directory Forest
      2. Fallback Plans and Failover Procedures
        1. Simple Methods to Recovering the SAM Database
        2. Recovering from Failed Account Migrations
      3. Tips to Minimize Network Downtime
        1. Avoiding Downtime Through Server Redundancy
        2. Configuring Redundant Global Catalogs
      4. Planning and Implementing Name Resolution When Migrating
        1. Understanding Name Resolution with Windows 2003
        2. Implementing WINS in a Mixed Mode Environment
        3. Installing WINS
        4. Decommissioning Windows 2003 Internet Naming Services
          1. Changing Windows 2003 Server WINS TCP/IP Properties
          2. Best Practices for Modifying Workstation WINS Properties
          3. Removing Windows 2003 WINS Services
      5. Planning and Upgrading File Systems and Disk Partitions
        1. Mirrored Volumes
        2. Volume Sets, Striped Sets, and Striped Sets with Parity
      6. Avoiding Failures and Disruptions During Server Upgrades
        1. Planning for Failed Hardware
        2. Windows NT Upgrade Paths and Service Packs
          1. Windows NT Upgrade Paths
          2. Meeting Windows NT Service Pack Requirements
      7. Keeping Windows Servers Current with Windows Updates
      8. Finalizing Server Upgrades with Windows Update
      9. Supporting Windows Clients During Coexistence
        1. Load Balancing Domain Authentication
        2. Configuring PDC Emulation on Windows 2003 Domain Controllers
        3. Supporting Windows 95, 98, and NT 4.0 Client Systems
          1. Active Directory Client Extensions
          2. Enabling Client Support Without Active Directory Extensions
      10. Implementing and Securing Password Migrations
        1. Setting Up an ADMT Password Migration Server
          1. Enhancing Security on your Password Server
          2. Using an Encryption Key on the Password Export Server
          3. Configuring Permissions to Enable Password Migrations
      11. Addressing Permissions Issues When Migrating Desktops
        1. Knowing Desktop Migration Requirements
        2. Local Desktop Permissions
        3. Tips for Configuring Desktop Permission
        4. Creating Desktop Migration Accounts
        5. Tips for Configuring Desktop Permissions
        6. Leveraging the Domain Administrators Group
        7. Using the Net Add User Command
      12. Best Practices for Maintaining and Managing Coexistence
        1. Consolidating Network Services
        2. Using SID History to Maintain Access to Resources
        3. Migrating SID History
        4. Additional Tools for Managing Coexistence
      13. Common Mistakes When Decommissioning Domains and Servers
        1. Decommissioning Windows NT 4.0 Domain Servers
        2. Prioritizing Server Roles During a Migrations
        3. Removing Permissions
        4. Using the Active Directory System Editor ADSI
      14. Summary
    2. 15. Migrating from Windows 2000
      1. Preparing the Migration
        1. Preparing Windows 2000 Servers to Be Migrated
          1. Scripts to Inventory Hardware
          2. Checking Hardware Compatibility
          3. Evaluating Server Hardware Life Expectancy
          4. Service Packs and System Bios Updates
        2. Calculating Active Directory Hardware Requirement
          1. Determining Active Directory Health State
          2. Using Netdiag.exe
          3. Using Replmon to Validate Replication
          4. Performing Offline Defrag of Active Directory
          5. Verifying Domain Name System Functionality
        3. Planning the Type of Upgrade
      2. Windows Server 2003 Applications Compatibility
      3. Using the Application Compatibility Tool Kit
      4. Upgrading and Installing Windows Server 2003
        1. Upgrade Paths and Requirements
        2. Upgrading by Performing a Clean Installation
        3. Tips to Upgrading a Windows 2000 Domain
      5. Migrating Network Services
        1. Migrating Network Services
        2. Migrating Domain Name Systems Services
        3. Migrating DHCP to Windows 2003
        4. Migrating GPOs
      6. Migrating Active Directory Objects
        1. Migrating Security and Distribution Groups
        2. Migrating Users Accounts
      7. FailOver Best Practices
        1. Backing Up Active Directory
        2. Recovering from a Failed Upgrade
        3. Planning and Avoiding Network Downtime
      8. Supporting Clients with Windows Server 2003
        1. Understanding Windows 2003 Client Capability
        2. Enabling Legacy Client Support
      9. Decommissioning Windows 2000
        1. Decommissioning Windows 2000 Domains and Domain Controllers
        2. Decommissioning Domain Member Servers
        3. Prioritizing Server Roles During a Migration
        4. Removing Servers with ADSI Editor
      10. Raising Windows 2003 Functional Levels
        1. Domain Functional Levels
        2. Raising Functional Levels
      11. Summary
    3. 16. Integration with Unix/LDAP-Based Systems
      1. Designing and Planning Platform Integration
        1. Taking Inventory
        2. Creating an Integration/Migration Plan
      2. Creating an Integrated Infrastructure
        1. Finding the Common Ground
        2. Integrating Domain Name Services (DNS)
        3. Heterogeneous Directory Services
      3. Integrating Directories Across Environments
        1. Integrating LDAP Directories with Active Directory
          1. Configuring ADSI Edit Snap-in
          2. Creating a Referral in Active Directory
        2. Integration Using Metadirectories
      4. Using Password Synchronization
        1. Synchronizing Passwords in Unix and NIS
        2. Synchronizing Passwords in LDAP
      5. Centralizing the Management of Cross-Platform Resources
        1. Using Telnet to Manage Unix and Windows
        2. Using Microsoft Management Console (MMC)
        3. Configuring Active Directory Schema Snap-in
      6. Accessing Unix from a Windows Perspective
        1. Accessing File Services
          1. Configuring Windows Client for NFS
          2. Configuring Samba on Unix
        2. Accessing Print Services on Unix
      7. Accessing Windows from a Unix Perspective
        1. Accessing Windows with Telnet
        2. Accessing Windows File Services
        3. Accessing Windows Print Services
        4. Using LPD/LPR
      8. Migrating Resources from One Platform to the Other
        1. Hosting Directory Services
        2. Consolidating File Shares
        3. Consolidating Printers
      9. Summary
    4. 17. Integrating Windows 2003 with Novell Networks
      1. Leveraging Services for NetWare
        1. Using Gateway Services for NetWare to Bridge Environments
        2. Using File and Print Services for NetWare to Replace Servers
        3. Using Microsoft Directory Synchronization Service to Integrate Directories
        4. File Migration Utility (FMU)
      2. Creative Ways of Bridging the Gap Between Novell and Windows
        1. Using a Dual-Client Approach to Access a Multi-Platform Environment
        2. Taking Advantage of Windows Terminal Services in a Novell Environment
        3. Using Web Services for Access to Microsoft Technologies
      3. Installing the Microsoft Services for NetWare Tool
        1. Preparing the Basic Configuration for Services for NetWare
        2. Installing the File and Print Services for NetWare
        3. Installing the Microsoft Directory Synchronization Service
      4. Creating a Single Sign-on Environment
        1. The Effectiveness of a Dual-Client Authentication Method of Access
        2. Synchronizing Directories as a Method of Shared Logon
      5. Synchronizing eDirectory/NDS with Active Directory
        1. Best Practices Implementing MSDSS
        2. Identifying Limitations on Directory Synchronization
        3. Backing Up and Restoring MSDSS Information
      6. Replacing NetWare Servers with Windows Servers
        1. Enabling a Windows Server to Simulate a Novell NetWare Server
        2. Bridging a Migration Gap Between Novell and Microsoft Environments
        3. Using the File Migration Wizard to Migrate Files
      7. Summary
  10. V. Remote and Mobile User Solutions
    1. 18. VPN and Dial-up Solutions
      1. Choosing the Right VPN Solution
        1. Windows 2003 Routing and Remote Access Services
        2. Examining Firewall-based VPNs
        3. Examining Hardware-based VPNs
        4. Deciding When to Make the Move from Software to Hardware
      2. Best Practices for Securing L2TP
        1. Using L2TP in Parallel with a Firewall
        2. Using L2TP in Series with a Firewall
        3. L2TP Client Requirements
        4. Leveraging Remote Access Policies
      3. Best Practices for Securing PPTP
        1. Using PPTP in Parallel with a Firewall
        2. Using PPTP in Series with a Firewall
        3. PPTP Client Requirements
        4. Leveraging Remote Access Policies
      4. Taking Advantage of Internet Authentication Service
        1. Using Terminal Services to Access the IAS Server
        2. Using IPSec to Encrypt Confidential Data
      5. Using VPN for Wireless
      6. Deploying VPN and Dial-up Services
        1. Leveraging the Microsoft Connection Manager
          1. Desktop and Tray Icons
          2. Animated Dialer Logon Screen
          3. Phone Book
          4. Interface Support for Multiple Service Types
          5. Connect Actions
          6. Automated Phone Book Updates
          7. Auto-applications
          8. License Agreement
          9. Connection Status
          10. Support Phone Number
          11. Custom Help File
          12. Language Support
          13. Automatic Password
          14. Realm Name Prefix and Suffix
          15. Assign Encrypted Connections
          16. Append an Application
          17. Edit Existing Service Profiles
        2. Leveraging Softmodems
        3. Consolidating Lines with Larger Circuits
        4. Leveraging RADIUS
        5. Managing Remote Users with GPOs
      7. Using Site-to-Site VPNs
        1. Using Windows Server 2003 RRAS for Site-to-Site VPNs
      8. Using Load Balancing to Add Scalability and Resiliency
      9. Summary
    2. 19. Web Access to Windows Server 2003 Resources
      1. Best Practices for Publishing Web Shares to the Internet
        1. Protecting the Perimeter
        2. Protecting the Server Content
        3. Following the HTTP Authentication Request
        4. Allowing Trusted Networks
        5. Creating the Virtual Directory
          1. Creating a Virtual Directory with IIS Manager
          2. Creating a Virtual Directory with Windows Explorer
        6. Establishing Virtual Directory Permissions
          1. Securing Virtual Directories Mapped to Local Directories
          2. Securing Virtual Directories Mapped to Windows Shares
        7. Choosing Proper User Access Controls
      2. Securing Access to Resources with SSL
      3. Enabling SSL on a Web Server Directory
      4. Enabling and Securing Internet Printing
        1. Installing and Configuring Internet Printing Protocol (IPP)
        2. Securing Internet Printing
      5. Best Practices for Securing FTP Services
        1. Enabling FTP Services
          1. Configuring Secure Anonymous FTP Access
          2. Configuring FTP Logging
          3. Hardening Folder Permissions
          4. Configuring FTP Blind-Put Access
          5. Enforcing Disk Quotas
          6. Using Logon Time Restrictions
          7. Restricting Access by IP Address or Range
          8. Auditing FTP Events
          9. Enforcing Strong Passwords
          10. Enabling Account Lockout and Account Lockout Threshold
          11. FTP User Isolation
      6. Accessing Resources with Terminal Services and Remote Desktops
        1. Allowing Remote Desktop Control
        2. Securing Terminal Services
      7. Monitoring IIS Access Through Auditing and Logging
        1. Auditing Security and Site Content
          1. Enabling Security Auditing
          2. Enabling Web Site Content Auditing
          3. Consolidating Log Files
          4. Log File Definitions
      8. Using Windows Tools and Scripts to Manage IIS
        1. Using the GUI to Manage IIS
        2. Using Command-Line Administration
        3. Managing IIS with ADSI Utilities
        4. Using Windows Management Instrumentation (WMI)
          1. Monitoring Hard Disk Space
          2. Querying Log Files for Stop Errors
      9. Summary
    3. 20. Leveraging Thin Client Terminal Services
      1. Advantages of Using Terminal Services
        1. Performance Improvements in Terminal Services 2003
        2. Scaling Terminal Services
        3. Redundancy and Load Balancing
      2. Keeping Users Connected with Session Directory
      3. Adding Redundancy to Session Directory
      4. Optimizing Terminal Service Performance
        1. Taking Advantage of Profile Redirection
        2. Leveraging Windows Resource Manager to Control Resources
      5. Managing Terminal Service Users with Group Policy
      6. Keeping Terminal Service Secure
        1. Adding Security via Firewall Settings for ASP Terminal Servers
        2. Building Terminal Services the Right Way
        3. Locking Down the Server with GPOs
        4. Locking Down Directory and File Permissions
      7. Leveraging Local Resources
        1. Optimizing Local Printing
        2. Leveraging Local and Network Drives
      8. Summary
  11. VI. Business Continuity Solutions
    1. 21. Proactive Monitoring and Alerting
      1. Leveraging Windows Management Instrumentation
        1. Understanding WMI
        2. Uses for WMI
      2. Leveraging Scripts for Improved System Management
        1. Basic WMI Scripts
        2. Building Services
        3. Building Temporary Event Consumers
        4. Building Permanent Event Consumers
      3. Deciding What to Monitor
        1. Monitoring Hardware
        2. Port-Level Monitoring
        3. Service-Level Monitoring
        4. Application-Level Monitoring
        5. Performance Monitoring
        6. Monitoring Pitfalls
      4. Determining What to Monitor and Alert Upon
        1. Hardware Alerting
        2. Port-Level Alerting
        3. Service-Level Alerting
        4. Application-Level Alerting
        5. Performance Alerting
        6. Alerting Pitfalls
      5. Responding to Problems Automatically
        1. Triggering External Scripts
        2. Services Recovery and Notification
      6. Using Microsoft Operations Manager for Advanced Automation
        1. Understanding MOM
        2. Benefits of MOM
        3. Third-Party Monitoring and Alerting
        4. Improving Monitoring Via SMS
      7. Summary
    2. 22. Creating a Fault-Tolerant Environment
      1. Optimizing Disk Management for Fault Tolerance
        1. Hardware-based RAID Solutions
        2. Using Dynamic Disk RAID Configurations
        3. Using the Disk Management MMC
        4. Using the Diskpart Command-Line Utility
      2. Maximizing Redundancy and Flexibility with Distributed File System
        1. New DFS Features in Windows Server 2003
          1. Closest Site Selection
          2. Multiple Roots per Server
          3. Administration Improvements
        2. DFS and Security
      3. Simplifying Fault Tolerance with Volume Shadow Copy
        1. Configuring Volume Shadow Copies
        2. Restoring Data from a Shadow Copy
      4. Optimizing Disk Utilization with Remote Storage
        1. Configuring Remote Storage
          1. Configuring the Backup Device
          2. Allocating Media for Remote Storage
          3. Configuring Remote Storage Settings
      5. Optimizing Clusters to Simplify Administrative Overhead
        1. Choosing the Best Cluster Configuration Model
          1. The Single-Quorum Device Cluster
          2. The Single-Node Cluster
          3. The Majority Node Set Cluster
        2. Installing Microsoft Cluster Service
        3. Configuring Failover and Failback
      6. Leveraging Network Load Balancing for Improved Availability
        1. Choosing a Network Load Balancing Model
        2. Creating a Network Load Balancing Cluster
      7. Realizing Rapid Recovery Using Automated System Recovery (ASR)
        1. Improving the Disaster Recovery Process
        2. Using ASR to Recover Cluster Services
      8. Summary
  12. VII. Performance Optimization Solutions
    1. 23. Tuning and Optimization Techniques
      1. Understanding of Capacity Analysis
      2. Best Practice for Establishing Policy and Metric Baselines
        1. Benchmark Baselines
        2. Workload Characterization
        3. Benchmarks for Performance Analysis
      3. Leveraging Capacity-Analysis Tools
        1. Built-in Toolset
          1. Task Manager
          2. Network Monitor
          3. The Performance Console
        2. Third-Party Toolset
      4. Identifying and Analyzing Core Analysis and Monitoring Elements
        1. Memory Subsystem Optimizations
        2. Improving Virtual Memory Usage
        3. Monitoring Processor Usage
        4. Optimizing the Disk Subsystem Configuration
          1. Choosing the File System
          2. Choosing the Physical Disk Configuration
          3. Disk Mirroring (RAID 1)
          4. Disk Striping with Parity (RAID 5)
          5. Hardware Versus Software RAID
        5. Monitoring the Disk Subsystem
        6. Monitoring the Network Subsystem
      5. Optimizing Performance by Server Roles
        1. Terminal Services Server
        2. Domain Controllers
          1. Monitoring AD
          2. Monitoring DNS
          3. Monitoring AD Replication
      6. Summary
    2. 24. Scaling Up and Scaling Out Strategies
      1. Size Does Matter
        1. Determining Your Needs
      2. Building Bigger Servers
        1. Beefy Single Boxes
        2. Multinode Clusters
      3. Building Server Farms
      4. Avoiding the Pitfalls
        1. Buying the Wrong Hardware
        2. Is the Application Multiprocessor-Capable?
        3. Protecting Against System Outages
        4. Ensuring that Your Facilities Can Support Your Systems
      5. Making It Perform
        1. Choosing the Right Processor Type
        2. Eliminating Unnecessary Services
        3. Not All Memory Is Created Equal
        4. Planning for Disk Subsystems
      6. Scaling the Active Directory
        1. Active Directory Sizer Tool
        2. File Locations Matter
        3. Configuring Your Disks the Right Way
        4. Understanding Your Replication Topology
      7. Scaling for the File System
        1. Disk IO is Critical—SCSI/RAID/IDE
        2. When Does an Environment Justify Using SAN/NAS?
        3. Remember RAM-disks?
        4. Distributed File System
      8. Scaling for RAS
        1. Hardware Cryptographic Accelerators
        2. When to Make the Move from Software to Hardware
        3. Multiplexing for Modem Support
        4. Taking Advantage of Multihoming Your Internet Connection
      9. Scaling Web Services
        1. Beefy Boxes Versus Many Boxes
        2. Using Cryptographic Accelerators for SSL
        3. n-tier Application Model
        4. Scaling Web Services via Web Farms
      10. Scaling for Terminal Services
        1. Big Processors Versus Multi-Processors
        2. Memory, Memory, and More Memory
        3. Terminal Service Farms
        4. Improving Scalability by Load Balancing Applications
      11. Summary
    3. 25. Utilizing Storage Area Networks
      1. Defining the Technologies
        1. What is a SAN?
        2. What is NAS?
        3. What is DAS?
      2. When is the Right Time to Implement NAS and SAN Devices?
        1. Analyzing Your Storage Needs
        2. Planning the Storage Solution
        3. Developing the Storage Solution
        4. Piloting the Storage Solution
        5. Deploying the Storage Solution
      3. Designing the Right Data Storage Structure
        1. Choosing the Right Connectivity
        2. Slicing and Dicing the Available Disk
      4. Adding in Fault Tolerance for External Storage Systems
      5. Combining Hardware Fault Tolerance with Windows Server 2003 Technologies
        1. Distributed File System with NAS or SAN
        2. Leveraging Logical Disk Manager
        3. Remote Storage Management
        4. Integrating Backups with NAS and SAN
        5. Leveraging Disk Quotas on NAS or SAN Devices
        6. Using Encrypted File System to Protect Files on the SAN or NAS
      6. Best Practices for SAN and NAS
        1. Exchange with NAS/SAN
        2. SQL with NAS/SAN
        3. File Servers with NAS/SAN
        4. Backup Systems
        5. Active Directory Integration
        6. Terminal Servers
        7. Booting from NAS/SAN
      7. Recovering from a System Failure
      8. Leveraging NAS and SAN Solutions for Server Consolidation
        1. Consolidating the Number of Exchange Servers
        2. Consolidating the Number of File Servers
      9. Summary
  13. VIII. Business Productivity Solutions
    1. 26. User File Management and Information Look-up
      1. Enabling Collaboration with Windows SharePoint Services
        1. New Features in Windows SharePoint Services
        2. Deployment Options and Scenarios
          1. Small Organization Deployment
          2. Large Organization Deployment
          3. Host WSS Sites on the Internet
          4. Using WSS with an Extranet
        3. Preparing for the Deployment
        4. Comparing SharePoint Portal Server with Windows SharePoint Services
      2. Expanding on the File and Data Management Capabilities of Windows 2003
        1. Simple File Sharing in Windows XP
        2. Controlling File Sharing in Active Directory
        3. Intranet File Sharing
        4. File Sharing Using WSS
      3. Simplifying File Sharing with Office 2003
        1. Document Workspaces in Windows SharePoint Services
        2. Shared Workspace Task Pane
        3. Shared Attachments
      4. Improving Data Lookup with Indexing
        1. Understanding Searching in WSS
        2. Enabling Indexing
      5. Taking Advantage of Revision Control Management
        1. Document Versioning
        2. Check-in and Check-out Function for Document Management
      6. Hierarchical Storage Management
        1. Creating a Top-Level Web Site
        2. Self-Service Site Creation
      7. Implementing Information, Communication, and Collaboration Security
        1. WSS Security
        2. Internet Explorer Enhanced Security
      8. Summary

Product information

  • Title: Microsoft® Windows® Server 2003 Insider Solutions
  • Author(s): Rand H. Morimoto - MCSE, Andrew Abbate - MCSE, Eric Kovach - MCSE, Ed Roberts - MVP (Windows Server)
  • Release date: November 2003
  • Publisher(s): Sams
  • ISBN: None