The Best Damn Windows Server 2003 Book Period

Debra Littlejohn Shinder is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and client and server security over the last fourteen years. These include Scene of the Cybercrime: Computer Forensics Handbook, published by Syngress, and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband, Dr. Thomas Shinder, of the best-selling Configuring ISA Server 2000, Configuring ISA Server 2004, and ISA Server and Beyond. Deb has been a tech editor, developmental editor and contributor on over 20 additional books on networking and security subjects, as well as study guides for Microsoft's MCSE exams, CompTIA's Security+ exam and TruSecure’s ICSA certification. She formerly edited the Element K Inside Windows Server Security journal. She authored a weekly column for TechRepublic’s Windows blog, called Microsoft Insights and a monthly column on Cybercrime, and is a regular contributor to their Security blog, Smart Phones blog and other TR blogs. She is the lead author on Windowsecurity.com and ISAServer.org, and her articles have appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine. She has authored training material, corporate whitepapers, marketing material, webinars and product documentation for Microsoft Corporation, Intel, Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET and other technology companies. Deb specializes in security issues, cybercrime/computer forensics and Microsoft server products; she has been awarded Microsoft’s Most Valuable Professional (MVP) status in Enterprise Security for eight years in a row. A former police officer and police academy instructor, she has taught many courses at Eastfield College in Mesquite, TX and sits on the board of the Criminal Justice Training Center there. She is a fourth generation Texan and lives and works in the Dallas-Fort Worth area. Dr. Tom Shinder is a 17 year veteran of the IT industry. Prior to entering IT, Dr. Tom graduated from the University of Illinois College of Medicine with a Doctor of Medicine and was a practicing neurologist with special interests in epilepsy and multiple sclerosis. Dr. Tom began his career in IT as a consultant, and has worked with many large companies, including Fina Oil, Microsoft, IBM, HP, Dell and many others. He started his writing career toward the end of the 1990s and has published over 30 books on Windows, Windows Networking, Windows Security and ISA Server/TMG, UAG and Microsoft DirectAccess. For over a decade, ISA Server and TMG were Tom’s passions, and he ran the popular web site www.isaserver.org, in addition to writing 8 books on ISA/TMG. Tom joined Microsoft in December of 2009 as a member of the UAG DirectAccess team and started the popular “Edge Man” blog that covered UAG DirectAccess. He is currently a Principal Knowledge Engineer in the Server and Cloud Division Information Experience Group Solution’s Team and his primary focus now is private cloud – with special interests in private cloud infrastructure and security.

Foreword
Chapter 1 Overview of Windows Server 2003
Introduction
Windows XP/Server 2003
What’s New in Windows Server 2003?
New Features
The Windows Server 2003 Family
Why Four Different Editions?
Members of the Family
Licensing Issues
Product Activation
Installation and Upgrade Issues
Common Installation Issues
Common Upgrade Issues
Windows Server 2003 Planning Tools and Documentation
Overview of Network Infrastructure Planning
Planning Strategies
Using Planning Tools
Reviewing Legal and Regulatory Considerations
Calculating TCO
Developing a Windows Server 2003 Test Network Environment
Planning the Test Network
Documenting the Planning and Network Design Process
Creating the Planning and Design Document
Chapter 2 Using Server Management Tools
Introduction
Recognizing Types of Management Tools
Administrative Tools Menu
Custom MMC Snap-Ins
Command-Line Utilities
Wizards
Windows Resource Kit
The Run As command
Managing Your Server Remotely
Remote Assistance
Using Web Interface for Remote Administration
Remote Desktop for Administration
Administration Tools Pack (adminpak.msi)
Windows Management Instrumentation (WMI)
Using Computer Management to Manage a Remote Computer
Which Tool To Use?
Using Emergency Management Services
Managing Printers and Print Queues
Using the Graphical Interface
Using New Command-Line Tools
The Printer Spooler Service
The Internet Printing Protocol
Using the Graphical Interface
Using New Command-Line Utilities
Using Wizards to Configure and Manage Your Server
Using the Configure Your Server Wizard and Manage Your Server
Chapter 3 Planning Server Roles and Server Security
Introduction
Understanding Server Roles
Domain Controllers (Authentication Servers)
File and Print Servers
DHCP, DNS, and WINS Servers
Web Servers
Database Servers
Mail Servers
Certificate Authorities
Application Servers and Terminal Servers
Planning a Server Security Strategy
Choosing the Operating System
Identifying Minimum Security Requirements for Your Organization
Identifying Configurations to Satisfy Security Requirements
Planning Baseline Security
Customizing Server Security
Securing Servers According to Server Roles
Chapter 4 Security Templates and Software Updates
Introduction
Security Templates
Types of Security Templates
Network Security Settings
Analyzing Baseline Security
Applying Security Templates
Software Updates
Install and Configure Software Update Infrastructure
Install and Configure Automatic Client Update Settings
Supporting Legacy Clients
Testing Software Updates
Chapter 5 Managing Physical and Logical Disks
Introduction
Working with Microsoft Disk Technologies
Using Disk Management Tools
Using the Disk Management MMC
Using the Command-Line Utilities
Managing Physical and Logical Disks
Managing Basic Disks
Managing Dynamic Disks
Optimizing Disk Performance
Defragmenting Volumes and Partitions
Configuring and Monitoring Disk Quotas
Implementing RAID Solutions
Understanding and Using Remote Storage
What is Remote Storage?
Storage Levels
Relationship of Remote Storage and Removable Storage
Setting Up Remote Storage
Troubleshooting Disks and Volumes
Troubleshooting Basic Disks
Troubleshooting Dynamic Volumes
Troubleshooting Fragmentation Problems
Troubleshooting Disk Quotas
Troubleshooting Remote Storage
Troubleshooting RAID
Chapter 6 Implementing Windows Cluster Services and Network Load Balancing
Introduction
Making Server Clustering Part of Your High-Availability Plan
Terminology and Concepts
Cluster Models
Server Cluster Deployment Options
Server Cluster Administration
Recovering from Cluster Node Failure
Server Clustering Best Practices
Making Network Load Balancing Part of Your High-Availability Plan
Terminology and Concepts
Relationship of NLB to Clustering
Managing NLB Clusters
Monitoring NLB
NLB Best Practices
Chapter 7 Planning, Implementing, and Maintaining a High-Availability Strategy
Introduction
Understanding Performance Bottlenecks
Identifying System Bottlenecks
Using the System Monitor Tool to Monitor Servers
Using Event Viewer to Monitor Servers
Using Service Logs to Monitor Servers
Planning a Backup and Recovery Strategy
Understanding Windows Backup
Using Backup Tools
Selecting Backup Media
Scheduling Backups
Restoring from Backup
Planning System Recovery with ASR
What Is ASR?
How ASR Works
Alternatives to ASR
Using the ASR Wizard
Performing an ASR Restore
Planning for Fault Tolerance
Network Fault-Tolerance Solutions
Internet Fault-Tolerance Solutions
Disk Fault-Tolerance Solutions
Server Fault-Tolerance Solutions
Chapter 8 Monitoring and Troubleshooting Network Activity
Introduction
Using Network Monitor
Installing Network Monitor
Basic Configuration
Network Monitor Default Settings
Configuring Monitoring Filters
Configuring Display Filters
Interpreting a Trace
Monitoring and Troubleshooting Internet Connectivity
NAT Logging
Name Resolution
IP Addressing
Monitoring IPSec Connections
IPSec Monitor Console
Network Monitor
Netsh
Ipseccmd
Netdiag
Event Viewer
Chapter 9 Active Directory Infrastructure Overview
Introduction
Introducing Directory Services
Terminology and Concepts
Understanding How Active Directory Works
Directory Structure Overview
Sites
Domains
Domain Trees
Forests
Organizational Units
Active Directory Components
Logical vs. Physical Components
Using Active Directory Administrative Tools
Graphical Administrative Tools/MMCs
Command-Line Tools
Implementing Active Directory Security and Access Control
Access Control in Active Directory
Active Directory Authentication
Standards and Protocols
What’s New in Windows Server 2003 Active Directory?
New Features Available Only with Windows Server 2003 Domain/Forest Functionality
Chapter 10 Working with User, Group, and Computer Accounts
Introduction
Understanding Active Directory Security Principal Accounts
Security Principals and Security Identifiers
Naming Conventions and Limitations
Working with Active Directory User Accounts
Built-In Domain User Accounts
InetOrgPerson
Creating User Accounts
Managing User Accounts
Working with Active Directory Group Accounts
Group Types
Group Scopes in Active Directory
Built-In Group Accounts
Creating Group Accounts
Managing Group Accounts
Working with Active Directory Computer Accounts
Creating Computer Accounts
Managing Computer Accounts
Managing Multiple Accounts
Implementing User Principal Name Suffixes
Moving Account Objects in Active Directory
Troubleshooting Problems with Accounts
Chapter 11 Creating User and Group Strategies
Introduction
Creating a Password Policy for Domain Users
Creating an Extensive Defense Model
Defining a Password Policy
Creating User Authentication Strategies
Need for Authentication
Single Sign-On
Authentication Types
Kerberos
Secure Sockets Layer/Transport Layer Security
NT LAN Manager
Digest Authentication
Passport Authentication
Educating Users
Smart Card Authentication
Planning a Security Group Strategy
Security Group Best Practices
Chapter 12 Working with Forests and Domains
Introduction
Understanding Forest and Domain Functionality
The Role of the Forest
Domain Trees
Forest and Domain Functional Levels
Raising the Functional Level of a Domain and Forest
Creating the Forest and Domain Structure
Deciding When to Create a New DC
Installing Domain Controllers
Establishing Trust Relationships
Restructuring the Forest and Renaming Domains
Implementing DNS in the Active Directory Network Environment
DNS and Active Directory Namespaces
DNS Zones and Active Directory Integration
Configuring DNS Servers for Use with Active Directory
Securing Your DNS Deployment
Chapter 13 Working with Trusts and Organizational Units
Introduction
Working with Active Directory Trusts
Types of Trust Relationships
Creating,Verifying, and Removing Trusts
Securing Trusts Using SID Filtering
Understanding the Role of Container Objects
Creating and Managing Organizational Units
Planning an OU Structure and Strategy for Your Organization
Delegation Requirements
Security Group Hierarchy
Chapter 14 Working with Active Directory Sites
Introduction
Understanding the Role of Sites
Replication
Authentication
Distribution of Services Information
Relationship of Sites to Other Active Directory Components
Relationship of Sites and Domains
The Relationship of Sites and Subnets
Creating Sites and Site Links
Site Planning
Site Replication
Planning, Creating, and Managing the Replication Topology
Configuring Replication between Sites
Troubleshooting Replication Failure
Chapter 15 Working with Domain Controllers
Introduction
Planning and Deploying Domain Controllers
Understanding Server Roles
Function of Domain Controllers
Determining the Number of Domain Controllers
Using the Active Directory Installation Wizard
Creating Additional Domain Controllers
Upgrading Domain Controllers to Windows Server 2003
Placing Domain Controllers within Sites
Backing Up Domain Controllers
Restoring Domain Controllers
Managing Operations Masters
Chapter 16 Working with Global Catalog Servers and Schema
Introduction
Working with the Global Catalog and GC Servers
Functions of the GC
Customizing the GC Using the Schema MMC Snap-In
Creating and Managing GC Servers
Understanding GC Replication
Placing GC Servers within Sites
Troubleshooting GC Issues
Working with the Active Directory Schema
Understanding Schema Components
Working with the Schema MMC Snap-In
Modifying and Extending the Schema
Deactivating Schema Classes and Attributes
Troubleshooting Schema Issues
Chapter 17 Working with Group Policy in an Active Directory Environment
Introduction
Understanding Group Policy
Terminology and Concepts
Group Policy Integration in Active Directory
Group Policy Propagation and Replication
Planning a Group Policy Strategy
Using RSoP Planning Mode
Strategy for Configuring the User Environment
Strategy for Configuring the Computer Environment
Implementing Group Policy
The Group Policy Object Editor MMC
Creating, Configuring, and Managing GPOs
Configuring Application of Group Policy
Delegating Administrative Control
Verifying Group Policy
Performing Group Policy Administrative Tasks
Automatically Enrolling User and Computer Certificates
Redirecting Folders
Configuring User and Computer Security Settings
Using Software Restriction Policies
Applying Group Policy Best Practices
Troubleshooting Group Policy
Using RSoP
Using gpresult.exe
Chapter 18 Deploying Software via Group Policy
Introduction
Understanding Group Policy Software Installation Terminology and Concepts
Group Policy Software Installation Concepts
Group Policy Software Installation Components
Using Group Policy Software Installation to Deploy Applications
Preparing for Group Policy Software Installation
Using .zap Setup Files
Working with the GPO Editor
Opening or Creating a GPO for Software Deployment
Assigning and Publishing Applications
Configuring Software Installation Properties
Upgrading Applications
Removing Managed Applications
Managing Application Properties
Categorizing Applications
Adding and Removing Modifications for Application Packages
Troubleshooting Software Deployment
Verbose Logging
Software Installation Diagnostics Tool
Chapter 19 Ensuring Active Directory Availability
Introduction
Understanding Active Directory Availability Issues
The Active Directory Database
Data Modification to the Active Directory Database
The Tombstone and Garbage Collection Processes
System State Data
Fault Tolerance and Performance
Performing Active Directory Maintenance Tasks
Defragmenting the Database
Moving the Database or Log Files
Monitoring the Database
Backing Up and Restoring Active Directory
Backing Up Active Directory
Restoring Active Directory
Troubleshooting Active Directory Availability
Setting Logging Levels for Additional Detail
Using Ntdsutil Command Options
Changing the Directory Services Restore Mode Password
Chapter 20 Planning, Implementing, and Maintaining a Name Resolution Strategy
Introduction
Planning for Host Name Resolution
Designing a DNS Namespace
Planning DNS Server Deployment
Planning for Zone Replication
Planning for Forwarding
DNS/DHCP Interaction
Windows Server 2003 DNS Interoperability
DNS Security Issues
Monitoring DNS Servers
Planning for NetBIOS Name Resolution
Understanding NETBIOS Naming
Planning WINS Server Deployment
Planning for WINS Replication
WINS Issues
Troubleshooting Name Resolution Issues
Troubleshooting Host Name Resolution
Troubleshooting NetBIOS Name Resolution
Chapter 21 Planning, Implementing, and Maintaining the TCP/IP Infrastructure
Introduction
Understanding Windows 2003 Server Network Protocols
What’s New in TCP/IP for Windows Server 2003
Planning an IP Addressing Strategy
Analyzing Addressing Requirements
Creating a Subnetting Scheme
Troubleshooting IP Addressing
Transitioning to IPv6
Planning the Network Topology
Analyzing Hardware Requirements
Planning the Placement of Physical Resources
Planning Network Traffic Management
Monitoring Network Traffic and Network Devices
Determining Bandwidth Requirements
Optimizing Network Performance
Chapter 22 Planning, Implementing, and Maintaining a Routing Strategy
Introduction
Understanding IP Routing Basics
Evaluating Routing Options
Windows Server 2003 As a Router
Security Considerations for Routing
Analyzing Requirements for Routing Component
Simplifying Network Topology to Provide Fewer Attack Points
Router-to-Router VPNs
Packet Filtering and Firewalls
Logging Level
Troubleshooting IP Routing
Identifying Troubleshooting Tools
Common Routing Problems
Chapter 23 Planning, Implementing, and Maintaining Internet Protocol Security
Introduction
Understanding IP Security (IPSec)
How IPSec Works
IPSec Modes
IPSec Protocols
IPSec Components
IPSec and IPv6
Deploying IPSec
Determining Organizational Needs
Security Levels
Managing IPSec
Using the IP Security Policy Management MMC Snap-in
Using the netsh Command-line Utility
Default IPSec Policies
Custom Policies
Assigning and Applying Policies in Group Policy
Active Directory Based IPSec Policies
IPSec Monitoring
Troubleshooting IPSec
Addressing IPSec Security Considerations
Strong Encryption Algorithm (3DES)
Firewall Packet Filtering
Diffie-Hellman Groups
Pre-shared Keys
Soft Associations
Security and RSoP
Chapter 24 Planning, Implementing, and Maintaining a Public Key Infrastructure
Introduction
Planning a Windows Server 2003 Certificate-Based PKI
Understanding Public Key Infrastructure
Understanding Digital Certificates
Understanding Certification Authorities
Implementing Certification Authorities
Analyzing Certificate Needs within the Organization
Determining Appropriate CA Type(s)
Planning Enrollment and Distribution of Certificates
Certificate Templates
Certificate Requests
Auto-Enrollment Deployment
Role-Based Administration
Implementing Smart Card Authentication in the PKI
How Smart Card Authentication Works
Deploying Smart Card Logon
Using Smart Cards To Log On to Windows
Using Smart Cards for Remote Access VPNs
Using Smart Cards To Log On to a Terminal Server
Chapter 25 Planning, Implementing, Maintaining Routing and Remote Access
Introduction
Planning the Remote Access Strategy
Analyzing Organizational Needs
Analyzing User Needs
Selecting Remote Access Types To Allow
Addressing Dial-In Access Design Considerations
Allocating IP Addresses
Determining Incoming Port Needs
Selecting an Administrative Model
Configuring the Windows 2003 Dial-up RRAS Server
Configuring RRAS Packet Filters
Addressing VPN Design Considerations
Selecting VPN Protocols
Installing Machine Certificates
Configuring Firewall Filters
PPP Multilink and Bandwidth Allocation Protocol (BAP)
PPP Multilink Protocol
BAP Protocols
Addressing Wireless Remote Access Design Considerations
The 802.11 Wireless Standards
Using IAS for Wireless Connections
Configuring Remote Access Policies for Wireless Connections
Multiple Wireless Access Points
Placing CA on VLAN for New Wireless Clients
Configuring WAPs as RADIUS Clients
Planning Remote Access Security
Domain Functional Level
Selecting Authentication Methods
Selecting the Data Encryption Level
Using Callback Security
Managed Connections
Mandating Operating System/File System
Using Smart Cards for Remote Access
Configuring Wireless Security Protocols
RRAS NAT Services
ICMP Router Discovery
Creating Remote Access Policies
Policies and Profiles
Authorizing Remote Access
Restricting Remote Access
Controlling Remote Connections
Troubleshooting Remote Access Client Connections
Troubleshooting Remote Access Server Connections
Configuring Internet Authentication Services
Chapter 26 Managing Web Servers with IIS 6.0
Introduction
Installing and Configuring IIS 6.0
Pre-Installation Checklist
Installation Methods
Installation Best Practices
What’s New in IIS 6.0?
New Security Features
New Reliability Features
Other New Features
Managing IIS 6.0
Performing Common Management Tasks
Managing IIS Security
Troubleshooting IIS 6.0
Troubleshooting Content Errors
Troubleshooting Connection Errors
Troubleshooting Other Errors
Using New IIS Command-Line Utilities
iisweb.vbs
iisvdir.vbs
iisftp.vbs
iisftpdr.vbs
iisback.vbs
iiscnfg.vbs
Chapter 27 Managing and Troubleshooting Terminal Services
Introduction
Understanding Windows Terminal Services
Terminal Services Components
Using Terminal Services Components for Remote Administration
Using Remote Assistance
Installing and Configuring the Terminal Server Role
Using Terminal Services Client Tools
Installing and Using the Remote Desktop Connection (RDC) Utility
Installing and Using the Remote Desktops MMC Snap-In
Installing and Using the Remote Desktop Web Connection Utility
Using Terminal Services Administrative Tools
Using the Terminal Services Configuration Tool
User Account Extensions
Using Group Policies to Control Terminal Services Users
Using the Terminal Services Command-Line Tools
Troubleshooting Terminal Services
Not Automatically Logged On
“This Initial Program Cannot Be Started”
Clipboard Problems
License Problems
Index