Microsoft Windows Server 2003 Deployment Kit -  Microsoft Corporation

Microsoft Windows Server 2003 Deployment Kit

A Microsoft Resource Kit
Media-Kombination
3776 Seiten
2003
Microsoft Press,U.S.
978-0-7356-1486-4 (ISBN)
176,80 inkl. MwSt
  • Keine Verlagsinformationen verfügbar
  • Artikel merken
This official Microsoft RESOURCE KIT provides all the information and tools IT professionals need to plan and deploy Windows Server 2003 in medium to large organizations. It contains six volumes Planning a Deployment Project Guide, Designing Network Services, Designing Directory and Security Services, Designing Server and Desktop Configurations Guide, Planning and Automating Installations Guide, and Designing a Managed Environment along with Deployment Lab Scenarios that provide end-to-end examples of tested enterprise deployment solutions. By focusing on deployment, this kit provides exhaustive and definitive resource for a successful rollout straight from those who know the technology best, the Microsoft Windows product team! Expands what was traditionally a single deployment guide into an exhaustive six-volume kit that more comprehensively meets the needs and preferences of IT professionals Delivers expansive coverage on system deployment along with exclusive, must-have tools direct from the Windows product team In addition to tools and utilities, CD features all six volumes in searchable eBook format

INTRODUCTION Deployment Kit Compact Disc Document Conventions Support Policy PART I DESIGNING AND DEPLOYING DIRECTORY SERVICES CHAPTER 1 Planning an Active Directory Deployment Project Overview of Planning an Active Directory Deployment Project Process for Planning an Active Directory Deployment Project Active Directory Background Information Active Directory Deployment Project Cycle Terms and Definitions Determining Your Active Directory Design and Deployment Strategy Determining Your Active Directory Design Requirements Determining Your Active Directory Deployment Requirements Windows Server 2003 Forest Root Windows Server 2003 Regional Domains Windows NT 4.0 Domain Upgrade to Windows Server 2003 Windows 2000 Domain Upgrade to Windows Server 2003 Determining Your Restructure Requirements Windows NT 4.0 Domain Restructure to a Windows Server 2003 Forest Interforest Active Directory Domain Restructure Intraforest Active Directory Domain Restructure Example: Establishing an Active Directory Deployment Strategy Testing and Verifying the Deployment Process Testing the Design and Deployment in a Lab Environment Testing Design Assumptions Testing Deployment Processes Verifying the Deployment in a Pilot Program Example: Creating a Pilot Deployment Program for Trey Research Completing the Pilot Deployment Program Example: Completing the Pilot Deployment Program for Trey Research Additional Resources CHAPTER 2 Designing the Active Directory Logical Structure Overview of Designing the Active Directory Logical Structure Process for Designing the Active Directory Logical Structure Active Directory Logical Structure Background Information Identifying the Deployment Project Participants Defining Project-Specific Roles Establishing Owners and Administrators Building Project Teams Identifying Potential Forest Owners Establishing a Design Team Establishing a Deployment Team Document the Design and Deployment Teams Example: Identifying Deployment Project Participants Creating a Forest Design Identifying Forest Design Requirements Service Administrator Scope of Authority Autonomy vs. Isolation Isolation and Autonomy Requirements Documenting the Forest Design Requirements Determining the Number of Forests Required Forest Design Models Mapping Design Requirements to Forest Design Models Using the Organizational Domain Forest Model Documenting the Forest Design Example: Documenting the Forest Design Creating a Domain Design Reviewing the Domain Models Single Domain Model Regional Domain Model Determining the Number of Domains Required Dividing the Organization into Regional Domains Documenting the Regions Identified Determining Whether to Upgrade Existing or Deploy New Domains Evaluating Current Master User Domains Documenting Plans for New and Upgraded Domains Assigning Domain Names Documenting Domain Names Selecting the Forest Root Domain Choosing a Regional or Dedicated Forest Root Domain Assigning the Forest Root Domain Name Documenting the Forest Root Domain Name Creating a Consolidation Plan Restructuring Windows NT 4.0 MUDs into Windows Server 2003 Domains Documenting the Migration Plan for Windows NT 4.0 Master User Domains Restructuring Windows NT 4.0 Resource Domains Documenting the Migration Plan for Windows NT 4.0 Resource Domains Designing a DNS Infrastructure to Support Active Directory DNS Concepts Delegation Recursive Name Resolution DNS and Active Directory Domain Controller Location Active DirectoryA Integrated Zones Computer Naming Assigning the Active Directory DNS Owner Role Identifying the DNS Infrastructure Requirements Integrating Active Directory into an Existing DNS Infrastructure Creating a DNS Server Configuration Creating the DNS Client Configuration Documenting Your DNS Infrastructure Design Designing Organizational Units for Delegation of Administration Reviewing Organizational Unit Design Concepts Organizational Unit Owner Role Delegating Administration by Using OU Objects Administration of Default Containers and OUs Delegating Administration of Account and Resource OUs Creating Account Ous Creating Resource Ous Documenting the OU Design for Each Domain Applying Group Policy to Ous Additional Resources CHAPTER 3 Designing the Site Topology Overview of Designing a Site Topology Process for Designing a Site Topology Site Topology Design Background Information Functions for Sites in Windows Server 2003 Site Topology Owner Role Network Topologies Active Directory Replication Concepts Collecting Network Information Creating a Location Map Listing Communication Links and Available Bandwidth Listing IP Subnets Within Each Location Listing Domains and Number of Users for Each Location Planning Domain Controller Placement Planning Forest Root Domain Controller Placement Planning Regional Domain Controller Placement Planning Global Catalog Server Placement Planning Operations Master Role Placement Example: Determining Domain Controller Placement Creating a Site Design Creating a Site Link Design Connecting Sites with Site Links Setting Site Link Properties Determining the Cost Determining the Schedule Determining the Interval Example: Creating a Site Link Design Creating a Site Link Bridge Design Creating a Site Link Bridge Design for Disjointed Networks Creating a Site Link Bridge Design to Control Active Directory Replication Flow Additional Resources CHAPTER 4 Planning Domain Controller Capacity Overview of Planning Domain Controller Capacity Process for Planning Domain Controller Capacity Background Information for Planning Domain Controller Capacity Collecting Site Topology Design Information Determining the Number of Domain Controllers Determining the Minimum Number of Domain Controllers Required Adding Domain Controllers to Support Replication Between Sites Assessing Disk Space and Memory Requirements Determining Required Disk Space Determining Minimum Disk Space Requirements Adding Disk Space for Global Catalog Servers Adding Disk Space for Application Directory Partitions Determining Required Memory Allocation Example: Assessing Disk Space and Memory Requirements Monitoring Domain Controller Performance Additional Resources CHAPTER 5 Enabling Advanced Windows Server 2003Active Directory Features Overview of Enabling Advanced Active Directory Features Process for Enabling Advanced Active Directory Features Functional Levels Background Information Preparing to Enable Functional Levels Assess Your Current Environment Identify Your Functional Level Scenario Enabling Windows Server 2003 Active Directory Functional Level Enabling Windows Server 2003 Functional Levels in a Windows NT 4.0 Environment Raise the Domain Functional Level to Windows Server 2003 Raise the Forest Functional Level to Windows Server 2003 Enabling Windows Server 2003 Functional Levels in a Mixed Windows 2000 Environment Enabling Windows Server 2003 Functional Levels in a Native Windows 2000 Environment Enabling Windows Server 2003 Functional Levels in a New Windows Server 2003 Forest Additional Resources CHAPTER 6 Deploying the Windows Server 2003 Forest Root Domain Overview of Deploying the Forest Root Domain Process for Deploying the Forest Root Domain Background Information for Deploying the Forest Root Domain Reviewing the Active Directory Design Review the Active Directory Logical Structure Design Review Site Topology Design Review Hardware Requirements Configuring DNS for the Forest Root Domain Creating the Forest Root Domain Deploy the First Forest Root Domain Controller Install Windows Server 2003 on the First Forest Root Domain Controller Install Active Directory on the First Forest Root Domain Controller Verify the Active Directory Installation on the First Forest Root Domain Controller Configure the Windows Time Service Verify DNS Server Recursive Name Resolution on the First Forest Root Domain Controller Deploy the Second Domain Controller in the Same Site Install Windows Server 2003 on the Second Domain Controller Install Active Directory on the Second Domain Controller Install DNS Server on the Second Domain Controller Verify the Active Directory Installation on the Second Domain Controller Reconfigure the DNS Service Enable Aging and Scavenging for DNS Configure the DNS Client Settings of the First and Subsequent Domain Controllers Update the DNS Delegation Configure Site Topology Site Topology Administration Create Active Directory Sites Create and Assign Active Directory Subnets Create Active Directory Site Links Deploy Additional Domain Controllers in Other Sites Configure Operations Master Roles Raising the Functional Level Additional Resources CHAPTER 7 Deploying Windows Server 2003 Regional Domains Overview of Deploying Regional Domains Process for Deploying Regional Domains Background Information for Deploying Regional Domains Reviewing the Regional Domain Design Collect Regional Domain Design Information Review Hardware Requirements Delegating the DNS Domain for the New Regional Domain Deploying the First Domain Controller in a New Regional Domain Install Windows Server 2003 Install Active Directory Verify the Active Directory Installation Verify DNS Server Recursive Name Resolution Deploying Additional Domain Controllers in a New Regional Domain Reconfiguring the DNS Service Enable Aging and Scavenging for DNS Configure the DNS Client Settings of the First and Subsequent Domain Controllers Update the DNS Delegation for the Regional Domain Configuring Operations Master Roles Additional Resources CHAPTER 8 Upgrading Windows NT 4.0 Domains to Windows Server 2003 Active Directory Overview of Upgrading Windows NT 4.0 Domains Process for Upgrading Windows NT 4.0 Domains to Windows Server 2003 Active Directory Background Information for Upgrading to Windows Server 2003 Active Directory Collecting Design Information Document the Existing Environment Document Domain Controllers and Services Document the Existing Hardware Configuration Document the Existing Network Configuration Document Domain Controller Role Assignments Determine the Domain Upgrade Order Determine Supported Operating System Upgrades Develop a Test Plan Develop a Recovery Plan Completing Pre-Upgrade Tasks Relocate the LMRepl File Replication Service Ensure Remote Access Service Compatibility Enable the Windows NT 4.0 Environment Change Freeze Upgrading Domains from Windows NT 4.0 to Windows Server 2003 Active Directory Upgrade to a Regional Domain in an Existing Forest Back Up the Domain Data Enable the Windows Server 2003 Interim Forest Functional Level Delegate the DNS Zone for the New Regional Domain Configure Protection Against Domain Controller Overload Upgrade the Operating System of the Windows NT 4.0 PDC Install Active Directory Verify DNS Server Recursive Name Resolution Perform Post-Upgrade Tests Upgrade to a Single Domain Forest Back Up the Domain Data Delegate the DNS Zone for the Windows Server 2003 Domain Configure Protection Against Domain Controller Overload Upgrade the Operating System of the Windows NT 4.0 PDC Install Active Directory Configure the Site Topology Configure the Windows Time Service on the Forest Root Domain Controller Enable Aging and Scavenging for DNS Verify DNS Server Recursive Name Resolution Perform Post-Upgrade Tests Modify Security Policies Synchronize File Replication Services Recreate Trusts Use DNS Registration to Decrease the Workload on the PDC Emulator Upgrade Additional Domain Controllers Configure Protection Against Domain Controller Overload on Additional Domain Controllers Neutralize Windows NT 4.0 Domain Controller Emulation Upgrade Windows NT 4.0 BDCs Install Active Directory on the Additional Domain Controllers Install DNS on Additional Domain Controllers Reconfigure the DNS Service Add Windows NT 4.0 BDCs to Windows Server 2003 Domain Perform Post-Upgrade Tests Completing Post-Upgrade Tasks Eliminate Anonymous Connections to Domain Controllers Raise Domain and Forest Functional Levels Redirect the Users and Computers Containers Completing the Upgrade Additional Resources CHAPTER 9 Upgrading Windows 2000 Domains to Windows Server 2003 Domains Overview of Upgrading Your Windows 2000 Domains to Windows Server 2003 Domains Process for Upgrading Windows 2000 Domains to Windows Server 2003 Domains Background Information for Upgrading Windows 2000 Domains to Windows Server 2003 Domains Planning to Upgrade Windows 2000 Domains to Windows Server 2003 Domains Create a Pre-Upgrade Task Checklist Assign Appropriate Credentials Introduce a Windows Server 2003 Based Member Server Determine Supported Software Upgrades Assess Hardware Requirements Determine Domain Controller Upgrade Order Develop a Test Plan Develop a Recovery Plan Completing Pre-Upgrade Tasks Determine Service Pack Levels Backup Domain Data Resolve Upgrade and Application Compatibility Problems Prepare Your Infrastructure for Upgrade Upgrading Windows 2000 Domains to Windows Server 2003 Domains Install Active Directory on Windows Server 2003A Based Member Servers Upgrade Existing Windows 2000A Based Domain Controllers Modify Security Policies Update Group Policy Permissions Perform Clean-up Tasks Completing Post-Upgrade Tasks Raise Domain and Forest Functional Levels Use DNS Application Directory Partitions Redirect Users and Computers Completing the Upgrade Additional Resources CHAPTER 10 Restructuring Windows NT4.0 Domains to an Active Directory Forest Overview of Restructuring Windows NT4.0 Domains to an Active Directory Forest Process for Restructuring Windows NT 4.0 Domains to an Active Directory Forest Windows NT4.0 Domain Migration Background Information Terms and Definitions Active Directory Migration Tool Planning to Restructure Windows NT 4.0 Domains to an Active Directory Forest Assigning Object Locations and Roles Developing a Test Plan Creating a Rollback Plan Planning for User Profile Migration Establishing Administrative Procedures Creating an End-User Communication Plan Preparing the Source and Target Domains for Restructuring Installing High Encryption Software Establishing Required control Establishing Migration Accounts Configuring the Source and Target Domains to Migrate SID History Configuring the Target Domain OU Structure for Administration Installing ADMT Enabling Password Migration Initializing ADMT Identifying Service Accounts Restructuring Account Domains Transitioning Service Accounts Migrating Global Groups Migrating Users in Batches Migrating User Accounts Translating Local User Profiles Migrating User Workstations Remigrating Global Groups Completing the Account Migration Restructuring Resource Domains Migrating Workstations and Member Servers Migrating Domain Controllers Completing the Resource Migration Translating Security on Member Servers Decommissioning the Source Resource Domain Additional Resources CHAPTER 11 Restructuring Active Directory Domains Between Forests Overview of Restructuring Active Directory Domains Between Forests Process for Restructuring Active Directory Domains Between Forests Background Information for Restructuring Active Directory Domains Between Forests Planning to Restructure Active Directory Domains Between Forests Determining Your Account Migration Process Using SID History to Preserve Resource Access Using SID Filtering When Migrating User Accounts Assigning Object Locations and Roles Developing a Test Plan Creating a Rollback Plan Planning for User Profile Migration Establishing Administrative Procedures Creating an End-User Communication Plan Preparing the Source and Target Domains Installing High Encryption Software Establishing Required Trusts Establishing Migration Accounts Configuring the Source and Target Domains for SID History Migration Configuring the Target Domain OU Structure for Administration Installing ADMT Enabling Password Migration Initializing ADMT Identifying Service Accounts Migrating Accounts Transitioning Service Accounts Migrating Global Groups Migrating Accounts While Using SID History Migrating All User Accounts Remigrating User Accounts and Workstations in Batches Remigrating All Global Groups After All Batches Are Migrated Migrating Accounts Without Using SID History Migrating All User Accounts Translating Security in Add Mode Remigrating User Accounts and Workstations in Batches Remigrating All Global Groups After All Batches Are Migrated Translating Security in Remove Mode Migrating Resources Migrating Workstations and Member Servers Migrating Domain and Shared Local Groups Migrating Domain Controllers Completing the Migration Translating Security on Member Servers Decommissioning the Source Domain Additional Resources CHAPTER 12 Restructuring Active Directory Domains Within a Forest Overview of Restructuring Active Directory Domains Within a Forest Process for Restructuring Active Directory Domains Within a Forest Background Information for Restructuring Active Directory Domains Within a Forest Preparing to Restructure Active Directory Domains Within a Forest Design the New Active Directory Forest Structure Assign Domain Object Roles and Locations Plan for Group Migration Plan for Service Account Transitioning Plan for Test Migrations Create a Rollback Plan Create an End-User Communication Plan Create Migration Account Groups Install ADMT Example: Preparing to Restructure Active Directory Domains Migrating Domain Objects Between Active Directory Domains Migrate Groups Migrate Universal Groups Migrate Global Groups Migrate Service Accounts Migrate User Accounts Migrating OUs and Subtrees of OUs Migrate Accounts Translate Local User Profiles Migrate Workstations and Member Servers Migrate Domain Local Groups Example: Restructuring Active Directory Domains Completing Post-Migration Tasks Examine Migration Logs for Errors Verify Group Types Translate Security on Member Servers Translate Security by Using a SIDmapping File Decommission the Source Domain Example: Completing Post-Migration Tasks Additional Resources PART II DESIGNING AND DEPLOYING DISTRIBUTED SECURITY SERVICES CHAPTER 13 Planning a Secure Environment Overview of a Secure Windows Server 2003 Environment Addressing User-Related Requirements Keyboard Logons Access to Resources Remote Network Access Wireless Network Access Standard Client Configurations Encrypting File System Securing E-mail Securing the Logon Process with Smart Cards Extranet Access Establishing a Secure Shared IT Infrastructure Creating and Enhancing Security Boundaries Public Key Infrastructure Securing Network Traffic Securing Servers Planning for Secure Administration Additional Resources CHAPTER 14 Designing an Authentication Strategy Overview of the Authentication Strategy Design Process Process for Designing an Authentication Strategy Authentication Background Information Tools for Deploying Authentication Creating a Foundation for Authentication Evaluating Your Environment Creating User Accounts Creating a User Account Management Plan Creating a Computer Account Management Plan Creating Service Accounts Securing Service Accounts Applying Authentication Policies to Groups Example: Creating a Foundation for Authentication Securing the Authentication Process Creating a Strong Password Policy Establishing an Account Lockout Policy Assigning Logon Hours Creating a Ticket Expiration Policy Establishing Network Authentication Standards Restricting LAN Manager Authentication Restricting Anonymous Access Creating a Plan for Windows NT 4.0 Domain Controller Upgrade Setting Clock Synchronization Tolerance to Prevent Replay Attacks Example: Securing Authentication Extending Your Authentication Framework Establishing Interforest Authentication Enabling Interoperability with Kerberos Clients and Servers Running Other Operating Systems Deploying Smart Cards Example: Extending the Authentication Framework Enabling Supplemental Authentication Strategies Enabling Delegated Authentication Enabling Constrained Delegation Example: Supplementary Authentication Strategies Educating Users Increasing Awareness of Social Engineering Attacks Communicating Password Creation Guidelines Additional Resources CHAPTER 15 Designing a Resource Authorization Strategy Overview of Designing a Resource Authorization Strategy Process for Designing a Resource Authorization Strategy Background Information for Designing a Resource Authorization Strategy Establishing a Resource Authorization Method Selecting a Resource Authorization Method User/ACL Method AG/ACL Method AG/RG Method Role-based Authorization Selecting Local Groups or Domain Local Groups as Resource Groups Defining Policies for Security Group Management Defining a Security Group Creation Policy Defining a Security Group Naming Policy Defining a Security Group Nesting Policy Creating a Hierarchy of Nested Security Groups Modifying a Nested Security Group Hierarchy Defining a Security Group Retirement Policy Delegating Security Group Maintenance Identifying Individuals to Maintain Security Groups Delegating Account Group Maintenance Delegating Resource Group Maintenance Additional Resources CHAPTER 16 Designing a Public Key Infrastructure Overview of the PKI Design Process Process for Designing a PKI Basic PKI Concepts Windows Server 2003 PKI Defining Certificate Requirements Determining Secure Application Requirements Determining Certificate Requirements for Users, Computers,and Services Documenting Certificate Policies and Practices Example: Defining Certificate Requirements Designing Your CA Infrastructure Planning Core CA Options Designing Root CAs Selecting Internal CAs vs. Third-Party CAs Evaluating CA Capacity, Performance, and Scalability Integrating the Active Directory Infrastructure Defining PKI Management and Delegation Defining CA Types and Roles Using Offline CAs Using Hardware CSPs Determining Number of CAs Required Selecting a Trust Model Rooted Trust Model Network Trust Model Hybrid Trust Model Trust Hierarchy Based on Quality of Identification Trust Hierarchy Based on Organizational Structure Trust Hierarchy Based on Location Defining CA Roles in the Trust Hierarchy Establishing a CA Naming Convention Selecting a CA Database Location Example: Designing a CA Infrastructure Extending Your CA Infrastructure Evaluating Factors That Affect Extended Trusts Selecting an Extended CA Infrastructure Configuration Using Third-Party Root CA Configuration Using a New Root CA Configuration Using a Cross-Certification Configuration Limiting Unplanned Trusts Example: Selecting an Extended CA Infrastructure Configuration Defining Certificate Configuration Options Selecting Certificate Templates Selecting Certificate Security Options Selecting Cryptographic Algorithms and Key Lengths Establishing Certificate and Key Lifetimes Creating a Certificate Renewal Strategy Using Qualified Subordination Using Basic Constraints Using Name Constraints Using Issuance Policies Using Application Policies Using Constraints and Policy Mapping Example: Configuring Certificates Creating a Certificate Management Plan Selecting a Certificate Enrollment and Renewal Method Selecting Automatic vs. Manual Requests Selecting Automatic vs. Manual Approval Selecting an Enrollment and Renewal User Interface Using CA Certificate Renewal Mapping Certificates to User Accounts Establishing Certificate Revocation Policies Defining Conditions for Certificate Revocation Selecting a CRL Publication Location Selecting a CRL Distribution Point Selecting a CRL Type Establishing a CRL Publication Schedule Setting the Cached CRL Validity Period Planning for Data Recovery and Key Recovery Configuring the Key Recovery Agent Certificate Establishing Key Recovery Agent Policies Educating Users Example: Creating a Certificate Management Plan Deploying the PKI Schedule Production Rollout Install Certification Authorities Install Offline Root CAs Install Intermediate and Subordinate CAs Publish the Offline CA Certificate Apply CA Policy Configure CDP and AIA Extensions Configure Certificate Templates Configure Public Key Group Policy Configure CRL Publication Delegate CA Administration Configure Certificate Enrollment and Renewal Issue Certificates Additional Resources CHAPTER 17 Planning a Smart Card Deployment Overview of Smart Card Deployment Process for Planning a Smart Card Deployment Smart Card Fundamentals Creating a Plan for Smart Card Use Identifying the Processes That Require Smart Cards Interactive User Logons Administrator Logons Authenticating Third Parties Signing and Encrypting E-mail Defining Smart Card Service Level Requirements Selecting Smart Card Hardware Creating a Smart Card Specification Evaluating Smart Cards and Readers Creating a Smart Card Deployment Plan Establishing Certification Authorities Planning Smart Card Certificate Templates Establishing Issuance Processes Defining Smart Card Distribution Requirements Selecting Certificate Enrollment Options Educating Users Preparing a Smart Card Deployment Schedule Planning for Ongoing Smart Card Support Selecting Group Policy Settings to Manage Smart Card Use Defining Administrative and Support Processes Additional Resources

Erscheint lt. Verlag 1.7.2003
Zusatzinfo illustrations
Verlagsort Redmond
Sprache englisch
Maße 180 x 230 mm
Themenwelt Informatik Betriebssysteme / Server Windows
Informatik Betriebssysteme / Server Windows Server
Mathematik / Informatik Informatik Netzwerke
Mathematik / Informatik Informatik Web / Internet
ISBN-10 0-7356-1486-5 / 0735614865
ISBN-13 978-0-7356-1486-4 / 9780735614864
Zustand Neuware
Haben Sie eine Frage zum Produkt?