Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

PUBLISHED BY

Microsoft Press

A Division of Microsoft Corporation

One Microsoft Way

Redmond, Washington 98052-6399

Copyright 2004 by Microsoft Corporation

All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or

by any means without the written permission of the publisher.

Library of Congress Cataloging-in-Publication Data Zacker, Craig.

MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure / Craig Zacker with Microsoft Corporation.

p. cm. Includes index. ISBN 0-7356-1893-3 1. Electronic data processing personnel--Certification. 2. Microsoft

software--Examinations--Study guides. 3. Computer networks--Examinations--Study guides. 4. Microsoft Windows server. I. Microsoft Corporation. II. Title.

QA76.3.Z32 2003

004.6--dc21 2003056205

Printed and bound in the United States of America.

1 2 3 4 5 6 7 8 9 QWT 8 7 6 5 4 3

Distributed in Canada by H.B. Fenn and Company Ltd.

A CIP catalogue record for this book is available from the British Library.

Microsoft Press books are available through booksellers and distributors worldwide. For further information about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send comments to [email protected].

Active Directory, Authenticode, Microsoft, Microsoft Press, NetMeeting, Windows, the Windows logo, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Acquisitions Editor: Kathy Harding Project Editor: Jean Trenary Technical Editor: Linda Zacker

Body Part No. X09-16614

Craig Zacker Craig is a writer, editor, and networker whose computing experience began in the days of teletypes and paper tape. After making the move from minicomputers to PCs, he worked as an administrator of Novell NetWare networks and as a PC support technician while operating a freelance desktop publishing business. After earning a Masters Degree in English and American Literature from New York University, Craig worked extensively on the integration of Microsoft Windows NT into existing internetworks, supported fleets of Windows workstations, and was employed as a technical writer, content provider, and Webmaster for the online services group of a large software company. Since devoting himself to writing and editing full-time, Craig has authored or contributed to many books on networking topics, operating systems, and PC hardware, including MCSA/MCSE Self-Paced Training Kit: Microsoft Windows 2000 Network Infrastructure Administration, Exam 70-216, Second Edition and MCSA Training Kit: Man-aging a Microsoft Windows 2000 Network Environment. He has also developed educational texts for college courses, online training courses for the Web, and has published articles with top industry publications. For more information on Craigs books and other works, see http://www.zacker.com.

1 12 23 34 45 56 67 78 89 9

10111213

Contents at a Glance

Part 1 Learn at Your Own PacePlanning a Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -3Planning a TCP/IP Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . -1Planning Internet Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -1Planning a Name Resolution Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . -1Using Routing and Remote Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -1Maintaining Server Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -1Clustering Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -1Planning a Secure Baseline Installation . . . . . . . . . . . . . . . . . . . . . . . . . . -1Hardening Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -1Deploying Security Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1Creating and Managing Digital Certificates . . . . . . . . . . . . . . . . . . . . . .11-1Securing Network Communications Using IPSec . . . . . . . . . . . . . . . . . .12-1Designing a Security Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1

Part 2 Prepare for the Exam 14 Planning and Implementing Server Roles and Server Security (1.0). . .14-315 Planning, Implementing, and Maintaining a

Network Infrastructure (2.0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-116 Planning, Implementing, and Maintaining

Routing and Remote Access (3.0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-117 Planning, Implementing, and Maintaining Server Availability (4.0) . . . .17-118 Planning and Maintaining Network Security (5.0) . . . . . . . . . . . . . . . . .18-119 Planning, Implementing, and Maintaining

Security Infrastructure (6.0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-1v

vi Contents at a Glance Practices Choosing an Ethernet Variant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-23Blueprinting a Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-35Using Registered and Unregistered IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-12Designing an Internetwork . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-22Subnetting IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-32Installing and Configuring the DHCP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-38Understanding WAN Speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13Configuring a Windows Server 2003 Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-21Configuring a NAT Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-31Specifying Name Resolution Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-16Designing a DNS Namespace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-24Understanding DNS Server Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-35Creating a Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-37Installing a WINS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-47Understanding DNS Security Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-56Installing RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-21Installing a Routing and Remote Access Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-35Using Network Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-13Establishing a Performance Baseline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-28Using Windows Server 2003 Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-42Creating a Network Load Balancing Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-25Creating a Single Node Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-42Modifying Default Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-30Creating a Group Policy Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-14Modifying the GPO for the Domain Controllers Containers GPO . . . . . . . . . . . . . . . . . .9-28Deploying Multiple GPOs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-34Using the Security Templates Snap-in. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-15Using the Security Configuration And Analysis Snap-in . . . . . . . . . . . . . . . . . . . . . . . 10-23Viewing a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-7Installing a Windows Server 2003 Certification Authority . . . . . . . . . . . . . . . . . . . . . 11-16Requesting a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-25Creating Packet Filters in Routing and Remote Access Service . . . . . . . . . . . . . . . . . .12-9Creating an IPSec Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-30Using Resultant Set of Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-39Using Microsoft Baseline Security Analyzer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-8Configuring Remote Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-27

Contents at a Glance vii Tables Table 1-1: Ethernet Variants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21 Table 2-1: IP Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-26 Table 6-1: Magnetic Tape Drive Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-32 Table 7-1: NLB Configuration Advantages and Disadvantages . . . . . . . . . . . . . . . . . . . 7-18 Table 8-1: Windows Server 2003 Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10 Table 8-2: Default Windows File System Permissions for System Drive. . . . . . . . . . . . 8-20 Table 9-1: Typical Member Server Service Assignments. . . . . . . . . . . . . . . . . . . . . . . . 9-11 Table 11-1: Sample Certificate Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11 Table 11-2: Advantages and Disadvantages of Internal and External CAs . . . . . . . . . 11-12 Table 12-1: Well-Known Port Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4 Table 12-2: Protocol Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9

Troubleshooting Labs Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-53 Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40 Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65 Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-52 Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-45 Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-48 Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-40 Chapter 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-28 Chapter 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-30 Chapter 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-44 Chapter 13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-32

Case Scenario Exercises Chapter 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-37 Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-50 Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39 Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63 Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-50 Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-44 Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-46 Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34 Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-38 Chapter 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27 Chapter 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-29 Chapter 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-43 Chapter 13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-31

Contents

About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv About the CD-ROM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi Features of This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi

Part 1: Learn at Your Own Pace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii Part 2: Prepare for the Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii Informational Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxviii Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxviii Keyboard Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix

Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix Hardware Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxx Setup Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxx

The Microsoft Certified Professional Program . . . . . . . . . . . . . . . . . . . . . . . . . xxxiv Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiv Requirements for Becoming a Microsoft Certified Professional . . . . . . . . . . xxxv

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvi Evaluation Edition Software Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvi

Part 1 Learn at Your Own Pace

1 Planning a Network Topology 1-3 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-3 Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-4 Lesson 1: Windows Server 2003 and the Network Infrastructure . . . . . . . . . . .1-5

What Is a Network Infrastructure? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5 Planning a Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8 Implementing a Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-9 Maintaining a Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-9 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-10 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-11

Lesson 2: Selecting Data-Link Layer Protocols . . . . . . . . . . . . . . . . . . . . . . . .1-12 Understanding the OSI Reference Model . . . . . . . . . . . . . . . . . . . . . . . . . .1-12 Selecting a Data-Link Layer Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-14 Practice: Choosing an Ethernet Variant. . . . . . . . . . . . . . . . . . . . . . . . . . .1-23

ix

x Contents

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-23

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-24

Lesson 3: Selecting Network/Transport Layer Protocols . . . . . . . . . . . . . . . . .1-25

Using TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-25

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-29

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-29

Lesson 4: Locating Network Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-30

Determining Location Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-30

Locating Workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-30

Locating Peripherals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-31

Locating Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-32

Locating Connectivity Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-33

Locating Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-34

Practice: Blueprinting a Network Infrastructure . . . . . . . . . . . . . . . . . . . . .1-35

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-36

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-36

Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-37

Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-39

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-40

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-40

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-40

Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-42

2 Planning a TCP/IP Network Infrastructure 2-1Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2

Lesson 1: Determining IP Addressing Requirements . . . . . . . . . . . . . . . . . . . . .2-3

Using Public and Private Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-3

Accessing the Internet from a Private Network. . . . . . . . . . . . . . . . . . . . . . .2-7

Planning IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-11

Practice: Using Registered and Unregistered IP Addresses . . . . . . . . . . . .2-12

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-12

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-13

Lesson 2: Planning an IP Routing Solution . . . . . . . . . . . . . . . . . . . . . . . . . . .2-14

Understanding IP Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-14

Creating LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-15

Creating WANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-17

Using Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-18

Using Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-19

Combining Routing and Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-20

Practice: Designing an Internetwork . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-22

Contents xi

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-23

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-24

Lesson 3: Planning an IP Addressing and Subnetting Strategy . . . . . . . . . . . . .2-25

Obtaining Network Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-25

Understanding IP Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-26

Understanding Subnetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-27

Subnetting Between Bytes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-29

Practice: Subnetting IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-32

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-33

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-34

Lesson 4: Assigning IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-35

Manually Configuring TCP/IP Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-35

Installing a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-36

Understanding DHCP Allocation Methods . . . . . . . . . . . . . . . . . . . . . . . . .2-36

Planning a DHCP Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-37

Practice: Installing and Configuring the DHCP Service . . . . . . . . . . . . . . . .2-38

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-40

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-41

Lesson 5: Troubleshooting TCP/IP Addressing . . . . . . . . . . . . . . . . . . . . . . . .2-42

Isolating TCP/IP Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-42

Troubleshooting Client Configuration Problems . . . . . . . . . . . . . . . . . . . . .2-43

Troubleshooting DHCP Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-47

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-49

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-50


Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-53

Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-54

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-54

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-55

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-55


3 Planning Internet Connectivity 3-1Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2

Lesson 1: Planning an Internet Connectivity Infrastructure . . . . . . . . . . . . . . . . .3-3

Determining Internet Connectivity Requirements . . . . . . . . . . . . . . . . . . . . .3-3

Choosing an Internet Connection Type . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-7

Practice: Understanding WAN Speeds . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-14

xii Contents

Lesson 2: Selecting Routers and ISPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-15

Choosing A Router Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-15

Choosing An ISP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17

Practice: Configuring a Windows Server 2003 Router . . . . . . . . . . . . . . . .3-21

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-22

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-23

Lesson 3: Securing and Regulating Internet Access . . . . . . . . . . . . . . . . . . . 3-24

Determining Internet Security Requirements . . . . . . . . . . . . . . . . . . . . . . .3-24

Using NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-26

Using a Proxy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-29

Selecting an Internet Access Method . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-30

Practice: Configuring a NAT Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-31

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-33

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-33

Lesson 4: Troubleshooting Internet Connectivity . . . . . . . . . . . . . . . . . . . . . . .3-34

Determining the Scope of the Problem . . . . . . . . . . . . . . . . . . . . . . . . . . .3-34

Diagnosing Client Configuration Problems . . . . . . . . . . . . . . . . . . . . . . . . .3-35

Diagnosing NAT and Proxy Server Problems. . . . . . . . . . . . . . . . . . . . . . . .3-36

Diagnosing Internet Connection Problems . . . . . . . . . . . . . . . . . . . . . . . . .3-37

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-38

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-38



Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-41

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-42

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-42

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-42


4 Planning a Name Resolution Strategy 4-1Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2

Lesson 1: Determining Name Resolution Requirements . . . . . . . . . . . . . . . . . .4-3

What Is Name Resolution?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3

What Types of Names Need to Be Resolved?. . . . . . . . . . . . . . . . . . . . . . . .4-4

Using the DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-5

Determining DNS Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-11

Using NetBIOS Names. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-13

Using Local Host Name Resolution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-16

Contents xiii

Practice: Specifying Name Resolution Requirements . . . . . . . . . . . . . . . . .4-16

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-16

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-17

Lesson 2: Designing a DNS Namespace . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-18

Using an Existing Namespace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-18

Creating Internet Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-19

Creating Internal Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-20

Combining Internal and External Domains . . . . . . . . . . . . . . . . . . . . . . . . .4-22

Creating an Internal Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-23

Creating Host Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-23

Practice: Designing a DNS Namespace . . . . . . . . . . . . . . . . . . . . . . . . . .4-24

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-26

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-26

Lesson 3: Implementing a DNS Name Resolution Strategy . . . . . . . . . . . . . . .4-28

How Many DNS Servers? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-28

Understanding DNS Server Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-29

Creating Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-33

Practice: Understanding DNS Server Functions . . . . . . . . . . . . . . . . . . . . .4-35

Practice: Creating a Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-37

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-39

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-40

Lesson 4: Implementing a NetBIOS Name Resolution Strategy. . . . . . . . . . . . .4-41

Practice: Installing a WINS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-47

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-48

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-49

Lesson 5: Planning DNS Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-50

Determining DNS Security Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-50

Securing DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-51

Practice: Understanding DNS Security Techniques. . . . . . . . . . . . . . . . . . .4-56

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-56

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-57

Lesson 6: Troubleshooting Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . .4-58

Troubleshooting Client Configuration Problems . . . . . . . . . . . . . . . . . . . . .4-58

Troubleshooting DNS Server Problems . . . . . . . . . . . . . . . . . . . . . . . . . . .4-59

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-62

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-63



xiv Contents

Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-66

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-67

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-67

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-67


5 Using Routing and Remote Access 5-1Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-2

Lesson 1: Planning a Routing and Remote Access Strategy . . . . . . . . . . . . . . . .5-3

Choosing a WAN Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-3

Selecting a WAN Technology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-7

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-10

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-11

Lesson 2: Static and Dynamic Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-12

Selecting Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-12

Using Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-12

Using Dynamic Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-15

Routing IP Multicast Traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-20

Practice: Installing RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-21

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-23

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-24

Lesson 3: Securing Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-25

Determining Security Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-25

Controlling Access Using Dial-In Properties . . . . . . . . . . . . . . . . . . . . . . . .5-26

Planning Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-27

Using Remote Access Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-31

Practice: Installing a Routing and Remote Access Server . . . . . . . . . . . . . .5-35

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-38

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-38

Lesson 4: Troubleshooting TCP/IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . .5-40

Isolating Router Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-40

Troubleshooting the Routing and Remote Access Configuration. . . . . . . . . .5-44

Troubleshooting the Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-45

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-49

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-50



Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-52

Contents xv

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-53

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-53

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-54


6 Maintaining Server Availability 6-1Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-1

Lesson 1: Monitoring Network Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-2

Using the Performance Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-2

Analyzing Network Traffic with Network Monitor . . . . . . . . . . . . . . . . . . . . . .6-7

Practice: Using Network Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-13

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-15

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-15

Lesson 2: Monitoring Network Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-16

Monitoring Network Server Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-16

Locating System Bottlenecks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-25

Practice: Establishing a Performance Baseline . . . . . . . . . . . . . . . . . . . . .6-28

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-30

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-30

Lesson 3: Planning a Backup Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-31

Understanding Network Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-31

Creating a Backup Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-35

Performing Restores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-39

Using Volume Shadow Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-40

Practice: Using Windows Server 2003 Backup . . . . . . . . . . . . . . . . . . . . .6-42

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-43

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-44



Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-46

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-47

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-47

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-48


7 Clustering Servers 7-1Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-1

xvi Contents

Lesson 1: Understanding Clustering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2

Clustering Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2

Designing a Clustering Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-5

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-12

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-13

Lesson 2: Using Network Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-14

Understanding Network Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . .7-14

Planning a Network Load Balancing Deployment . . . . . . . . . . . . . . . . . . . .7-15

Deploying a Network Load Balancing Cluster . . . . . . . . . . . . . . . . . . . . . . .7-20

Monitoring Network Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-21

Practice: Creating a Network Load Balancing Cluster . . . . . . . . . . . . . . . . .7-25

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-28

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-29

Lesson 3: Designing a Server Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-30

Designing a Server Cluster Deployment . . . . . . . . . . . . . . . . . . . . . . . . . .7-30

Planning a Server Cluster Hardware Configuration . . . . . . . . . . . . . . . . . . .7-31

Creating an Application Deployment Plan . . . . . . . . . . . . . . . . . . . . . . . . .7-35

Selecting a Quorum Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-38

Creating a Server Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-39

Configuring Failover Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-41

Practice: Creating a Single Node Cluster . . . . . . . . . . . . . . . . . . . . . . . . .7-42

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-45

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-45



Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-48

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-49

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-49

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-50


8 Planning a Secure Baseline Installation 8-1Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-2

Lesson 1: Selecting Computers and Operating Systems . . . . . . . . . . . . . . . . . .8-3

Understanding Computer Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-3

Creating Hardware Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-5

Selecting Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-7

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-11

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-12

Contents xvii

Lesson 2: Planning a Security Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . .8-13

High-Level Security Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-13

Creating a Security Design Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-13

Mapping Out a Security Life Cycle. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-14

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-17

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-18

Lesson 3: Identifying Client and Server Default Security Settings . . . . . . . . . . .8-19

Evaluating Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-19

Practice: Modifying Default Security Settings . . . . . . . . . . . . . . . . . . . . . .8-30

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-32

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-33


Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-35

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-36

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-36

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-37


9 Hardening Servers 9-1Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-1

Lesson 1: Creating a Baseline for Member Servers. . . . . . . . . . . . . . . . . . . . . .9-2

Creating a Baseline Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-2

Setting Audit Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-4

Setting Event Log Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-8

Configuring Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-9

Configuring Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-12

Practice: Creating a Group Policy Object . . . . . . . . . . . . . . . . . . . . . . . . . .9-14

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-17

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-18

Lesson 2: Creating Role-Specific Server Configurations . . . . . . . . . . . . . . . . . .9-19

Securing Domain Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-19

Securing Infrastructure Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-23

Securing File and Print Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-26

Securing Application Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-27

Practice: Modifying the GPO for the Domain Controllers Containers GPO . .9-28

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-29

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-30

xviii Contents

Lesson 3: Deploying Role-Specific GPOs. . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-31

Combining GPO Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-31

Practice: Deploying Multiple GPOs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-34

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-36

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-37



Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-41

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-42

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-42

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-42


10 Deploying Security Configurations 10-1Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1

Lesson 1: Creating a Testing and Deployment Plan . . . . . . . . . . . . . . . . . . . . .10-2

Creating a Testing Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-2

Creating a Pilot Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-6

Creating a Pilot Deployment Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-7

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-8

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-9

Lesson 2: Introducing Security Templates. . . . . . . . . . . . . . . . . . . . . . . . . . .10-10

Understanding Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-10

Using the Security Templates Console . . . . . . . . . . . . . . . . . . . . . . . . . .10-11

Using the Supplied Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . .10-13

Practice: Using the Security Templates Snap-in . . . . . . . . . . . . . . . . . . . .10-15

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-16

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-17

Lesson 3: Deploying Security Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . .10-18

Using Group Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-18

Using the Security Configuration And Analysis Tool. . . . . . . . . . . . . . . . . .10-20

Using Secedit.exe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-23

Practice: Using the Security Configuration And Analysis Snap-in . . . . . . . .10-23

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-26

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-26

Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-27

Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-28

Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-29

Contents xix

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-30

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-30

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-31

Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-32

11 Creating and Managing Digital Certificates 11-1Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-1

Lesson 1: Introducing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-2

Introducing the Public Key Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . .11-2

Understanding PKI Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-6

Practice: Viewing a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-7

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-8

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-8

Lesson 2: Designing a Public Key Infrastructure . . . . . . . . . . . . . . . . . . . . . . .11-9

Defining Certificate Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-9

Creating a CA Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-11

Configuring Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-16

Practice: Installing a Windows Server 2003 Certification Authority . . . . . .11-16

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-17

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-18

Lesson 3: Managing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-19

Understanding Certificate Enrollment and Renewal . . . . . . . . . . . . . . . . .11-19

Manually Requesting Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-21

Revoking Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-24

Practice: Requesting a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-25

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-28

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-29



Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-31

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-32

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-32

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-32


12 Securing Network Communications Using IPSec 12-1 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-2

xx Contents

Lesson 1: Securing Internetwork Communications . . . . . . . . . . . . . . . . . . . . .12-3

Introducing Packet Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-3

Packet Filtering Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-5

Windows Server 2003 Packet Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . .12-8

Practice: Creating Packet Filters in Routing and Remote Access Service . . .12-9

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-11

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-13

Lesson 2: Planning an IPSec Implementation . . . . . . . . . . . . . . . . . . . . . . . .12-14

Evaluating Threats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-14

Introducing IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-16

IPSec Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-18

Transport Mode and Tunnel Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-22

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-23

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-24

Lesson 3: Deploying IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-25

IPSec Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-25

Planning an IPSec Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-26

Working with IPSec Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-26

Practice: Creating an IPSec Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-30

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-33

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-34

Lesson 4: Troubleshooting Data Transmission Security . . . . . . . . . . . . . . . . .12-35

Troubleshooting Policy Mismatches. . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-35

Examining IPSec Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-38

Practice: Using Resultant Set of Policy . . . . . . . . . . . . . . . . . . . . . . . . . .12-39

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-42

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-42



Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-44

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-45

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-45

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-46


13 Designing a Security Infrastructure 13-1Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1

Contents xxi

Lesson 1: Planning a Security Update Infrastructure . . . . . . . . . . . . . . . . . . . .13-2

Understanding Software Update Practices. . . . . . . . . . . . . . . . . . . . . . . . .13-2

Using Windows Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-3

Updating a Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-4

Practice: Using Microsoft Baseline Security Analyzer . . . . . . . . . . . . . . . . .13-8

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-10

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-11

Lesson 2: Securing a Wireless Network . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-12

Understanding Wireless Networking Standards . . . . . . . . . . . . . . . . . . . .13-12

Wireless Networking Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-13

Understanding Wireless Network Security . . . . . . . . . . . . . . . . . . . . . . . .13-15

Controlling Wireless Access Using Group Policies . . . . . . . . . . . . . . . . . .13-15

Authenticating Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-17

Encrypting Wireless Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-19

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-19

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-20

Lesson 3: Providing Secure Network Administration . . . . . . . . . . . . . . . . . . .13-21

Using Remote Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-21

Using Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-25

Practice: Configuring Remote Assistance . . . . . . . . . . . . . . . . . . . . . . . 13-27

Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-29

Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-30



Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-32

Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-33

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-33

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-34


Part 2 Prepare for the Exam 14 Planning and Implementing Server Roles and Server Security (1.0) 14-3

Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-3

Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-4

Configure Security for Servers That Are Assigned Specific Roles . . . . . . . . . . . .14-6

Objective 1.1 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-7

Objective 1.1 Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-8

xxii Contents

Plan a Secure Baseline Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-10

Objective 1.2 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-12

Objective 1.2 Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-14

Plan Security for Servers That Are Assigned Specific Roles. . . . . . . . . . . . . . .14-16



Evaluate and Select the Operating System to Install on

Computers in an Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-22



15 Planning, Implementing, and Maintaining a Network Infrastructure (2.0) 15-1Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-1

Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-4

Plan a TCP/IP Network Infrastructure Strategy. . . . . . . . . . . . . . . . . . . . . . . . .15-6



Plan and Modify a Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-12



Plan an Internet Connectivity Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-17



Plan Network Traffic Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-24



Troubleshoot Connectivity to the Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . .15-30



Troubleshoot TCP/IP Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-36



Plan a Host Name Resolution Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-41



Plan a NetBIOS Name Resolution Strategy . . . . . . . . . . . . . . . . . . . . . . . . . .15-47



Troubleshoot Host Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-53



Contents xxiii

16 Planning, Implementing, and Maintaining Routing and Remote Access (3.0) 16-1

Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-1

Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-2

Plan a Routing Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-4



Plan Security for Remote Access Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-10



Implement Secure Access Between Private Networks. . . . . . . . . . . . . . . . . . .16-17



Troubleshoot TCP/IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-23



17 Planning, Implementing, and Maintaining Server Availability (4.0) 17-1Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-1

Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-3

Plan Services for High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-5



Identify System Bottlenecks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-9



Implement a Cluster Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-15



Manage Network Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-24



Plan a Backup and Recovery Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-27



18 Planning and Maintaining Network Security (5.0) 18-1 Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-1

Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-3

xxiv Contents

Configure Network Protocol Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-5



Configure Security for Data Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . .18-11



Plan for Network Protocol Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-17



Plan Secure Network Administration Methods . . . . . . . . . . . . . . . . . . . . . . . .18-23



Plan Security for Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-29



Plan Security for Data Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-35



Troubleshoot Security for Data Transmission . . . . . . . . . . . . . . . . . . . . . . . . .18-40



19 Planning, Implementing, and Maintaining Security Infrastructure (6.0) 19-1Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-1

Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-2

Configure Active Directory Directory Service for Certificate Publication. . . . . . . .19-4



Plan a Public Key Infrastructure (PKI) That Uses Certificate Services . . . . . . . . .19-9



Plan a Framework for Planning and Implementing Security . . . . . . . . . . . . . . .19-15



Plan a Security Update Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-20



Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-1

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1

About This Book

Welcome to MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure. In this book, you study some of the more advanced applications, protocols, and services included with Windows Server 2003 and learn how to use them to create a network that is both efficient and secure. For many of these applications, protocols, and services, implementing them on a network consists of a good deal more than just running an installation program or configuring a few parameters; many of them require careful planning and continual maintenance once you have completed the initial implementation. This book covers all these phases of the implementation process, so you learn all the relevant information about each service.

Note For more information about becoming a Microsoft Certified Professional, see the section titled The Microsoft Certified Professional Program later in this introduction.

Intended Audience This book was developed for information technology (IT) professionals who plan to take the related Microsoft Certified Professional exam 70-293, Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, as well as IT professionals who design, implement, and maintain networks based on Microsoft Windows Server 2003 and its related technologies.

Note Exam skills are subject to change without prior notice and at the sole discretion of Microsoft.

Prerequisites The MCSE 70-293 exam and this training kit do not have any official prerequisites, but students should have the following qualifications:

At least one year of experience implementing and administering a Microsoft Windows network with the following characteristics: 250 to 5,000 or more users, at least three physical locations, a minimum of three Active Directory domain controllers, and a variety of network services and resources, such as file and print servers, client/server applications, Internet access, and remote access

At least one year of experience, implementing and maintaining desktop operating systems

Experience planning and designing networks

xxv

xxvi About This Book

About the CD-ROM For your use, this book includes a Supplemental Materials CD-ROM. This CD-ROM contains a variety of informational aids to complement the book content:

The Microsoft Press Readiness Review Suite, powered by MeasureUp. This suite of practice tests and objective reviews contains questions of varying degrees of complexity and offers multiple testing modes. You can assess your understanding of the concepts presented in this book and use the results to develop a learning plan that meets your needs.

An electronic version of this book (eBook). For information about using the eBook, see the section The eBooks later in this introduction.

An eBook of the Microsoft Encyclopedia of Networking, Second Edition, and of the Microsoft Encyclopedia of Security provide complete and up-to-date reference materials for networking and security.

Sample chapters from several Microsoft Press books give you additional information about Windows Server 2003 and introduce you to other resources that are available from Microsoft Press.

A second CD-ROM contains a 180-day evaluation edition of Microsoft Windows Server 2003, Enterprise Edition.

Caution The 180-day Evaluation Edition provided with this training kit is not the full retail product and is provided only for the purposes of training and evaluation. Microsoft Technical Support does not support this evaluation edition.

For additional support information regarding this book and the CD-ROM (including answers to commonly asked questions about installation and use), visit the Microsoft Press Technical Support Web site at http://www.microsoft.com/mspress/support/. You can also email [email protected] or send a letter to Microsoft Press, Attention: Microsoft Press Technical Support, One Microsoft Way, Redmond, WA 98052-6399.

Features of This Book This book is divided into two parts. Use Part 1 to learn at your own pace and practice what youve learned with practical exercises. Part 2 contains questions and answers that you can use to test yourself on what youve learned.

About This Book xxvii

Part 1: Learn at Your Own Pace

Each chapter identifies the exam objectives that are covered in the chapter, provides an overview of why the topics matter by explaining how the information applies in the real world, and lists any prerequisites that must be met to complete the lessons presented in the chapter.

The chapters contain a set of lessons. Lessons contain practices that include one or more hands-on exercises. These exercises give you an opportunity to use the skills being presented or explore the part of the application being described. Each lesson also has a set of review questions to test your knowledge of the material covered in that lesson.

After the lessons, you are given an opportunity to apply what youve learned in a case scenario exercise. In this exercise, you work through a multistep solution for a realistic case scenario. You are also given an opportunity to work through a troubleshooting lab that explores difficulties you might encounter when applying what youve learned on the job.

Each chapter ends with a summary of key concepts and a short section listing key topics and terms that you need to know before taking the exam, summarizing the key learnings with a focus on the exam.

Real World Helpful Real World Information You will find sidebars like this one, which contain related information you might find helpful. Real World sidebars contain specific information gained through the experience of IT professionals just like you.

Part 2: Prepare for the Exam

Part 2 helps to familiarize you with the types of questions that you will encounter on the MCP exam. By reviewing the objectives and the sample questions, you can focus on the specific skills that you need to improve before taking the exam.

See Also For a complete list of MCP exams and their related objectives, go to http://www.microsoft.com/traincert/mcp.

Part 2 is organized by the exams objectives. Each chapter covers one of the primary groups of objectives, called Objective Domains. Each chapter lists the tested skills you must master to answer the exam questions and includes a list of further readings to help you improve your ability to perform the tasks or use the skills specified by the objectives.

xxviii About This Book

Within each Objective Domain, you will find the related objectives that are covered on the exam. Each objective provides you with several practice exam questions. The answers are accompanied by explanations of each correct and incorrect answer.

Note These questions are also available on the companion CD as a practice test.

Informational Notes

Several types of reader aids appear throughout the training kit.

Tip contains methods of performing a task more quickly or in a not-so-obvious way.

Important contains information that is essential to completing a task.

Note contains supplemental information.

Caution contains valuable information about possible loss of data; be sure to read this information carefully.

Warning contains critical information about possible physical injury; be sure to read this information carefully.

See also contains references to other sources of information.

Planning contains hints and useful information that should help you plan the implementation.

Security Alert highlights information you need to know to maximize security in your work environment.

Exam Tip flags information you should know before taking the certification exam.

Off the Record contains practical advice about the real-world implications of information presented in the lesson.

Notational Conventions

The following conventions are used throughout this book.

Characters or commands that you type appear in bold type.

Italic in syntax statements indicates placeholders for variable information. Italic is also used for newly introduced terms and book titles.

Names of files and folders appear in Title caps, except when you are to type them directly. Unless otherwise indicated, you can use all lowercase letters when you type a file name in a dialog box or at a command prompt.

File name extensions appear in all lowercase.

Acronyms appear in all uppercase.

About This Book xxix

Monospace type represents code samples, examples of screen text, or entries that you might type at a command prompt or in initialization files.

Square brackets [ ] are used in syntax statements to enclose optional items. For example, [filename] in command syntax indicates that you can choose to type a file name with the command. Type only the information within the brackets, not the brackets themselves.

Braces { } are used in syntax statements to enclose required items. Type only the information within the braces, not the braces themselves.

Keyboard Conventions

A plus sign (+) between two key names means that you must press those keys at the same time. For example, Press ALT+TAB means that you hold down ALT while you press TAB.

A comma ( , ) between two or more key names means that you must press each of the keys consecutively, not together. For example, Press ALT, F, X means that you press and release each key in sequence. Press ALT+W, L means that you first press ALT and W at the same time, and then release them and press L.

Getting Started This training kit contains hands-on exercises to help you learn about the networking features of Windows Server 2003. Use this section to prepare your self-paced training environment. Most of the exercises require a computer running Windows Server 2003, and some of them require the Enterprise Edition.

Caution Several exercises require you to make changes to the computer running Windows Server 2003, which can have undesirable results if the system is used for other purposes or is connected to a production network. It is strongly recommended that you create a new Windows Server 2003 installation on your computer using the 180-day Evaluation Edition of the operating system provided on the CD-ROM. If the computer is connected to a network, check with your network adm

Documents

Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure