Chapter 1 Introduction to Microsoft Windows 2000 1
About This Chapter 1
Before You Begin 1
Lesson 1:Windows 2000 Overview 2
Overview of Windows 2000 2
Windows 2000 Network Environments 8
Lesson Summary 11
Lesson 2:Windows 2000 Architecture Overview 12
Windows 2000 Lavers.Subsvstems.and Managers 12
User Mode 12
Environment Subsvstems 13
Kernel Mode 14
Lesson Summary 16
Lesson 3:Windows 2000 Directory Services Overview 17
What Is a Directory Service? 17
Why Have a Directory Service? 18
Windows 2000 Directory Services 19
Simplified Administration 19
Scalability 19
Open Standards Support 20
Support for Standard Name Formats 21
Active Directory in the Windows 2000 Architecture 21
Active Directory Architecture 22
Lesson Summary 24
Lesson 4:Logging On to Windows 2000 25
Logging On to a Domain 25
Logging On to a Local Computer 26
Windows 2000 Authentication Process 27
Practice:Logging On to a Stand-Alone Server 28
Lesson Summary 28
Lesson 5:The Windows Security Dialog Box 29
Using the Windows Security Dialog Box 29
Practice:Using the Windows Security Dialog Box 30
Lesson Summary 33
Review 34
Chapter 2 Introduction to Active Directory 35
About This Chapter 35
Before You Begin 35
Lesson 1:Active Directory Overview 36
Active Directory Objects 36
Active Directory Components 37
Logical Structures 38
Physical Structure 41
Lesson Summary 43
Lesson 2:Understanding Active Directory Concepts 44
Global Catalog 44
Replication 45
Trust Relationships 48
DNS Namespace 49
Name Servers 53
Naming Conventions 54
Lesson Summary 56
Review 57
Chapter 3 Active Directory Administration Tasks and Tools 59
About This Chapter 59
Before You Begin 59
Lesson 1:Active Directory Administration Tasks 60
Windows 2000 Active Directory Administration Tasks 60
Lesson Summary 61
Lesson 2:Active Directory Administrative Tools 62
Active Directory Administrative Tools 62
Other Active Directory Administrative Tools 63
The Microsoft Management Console(MMC) 66
Console Tree and Details Pane 69
Snap-Ins 69
Console Options 71
Author Mode 71
Lesson Summary 72
Lesson 3:Using Microsoft Management Consoles 73
Using Preconfigured MMCs 73
Using Custom MMCs 73
Using MMCs for Remote Administration 74
Practice:Using Microsoft Management Console 74
Lesson Summary 79
Lesson 4:Using Task Scheduler 80
Introduction to Task Scheduler 80
Practice:Using Task Scheduler 81
Lesson Summary 84
Review 85
Chapter 4 Implementing Active Directory 87
About This Chapter 87
Before You Begin 87
Lesson 1:Planning Active Directory Implementation 88
Planning a Domain Structure 88
Planning a Domain Namespace 92
Planning an OU Structure 97
Planning a Site Structure 100
Lesson Summary 101
Lesson 2:Installing Active Directory 103
The Active Directory Installation Wizard 103
Configuring DNS for Active Directory 104
The Database and Shared System Volume 104
Domain Modes 105
Removing Active Directory Services from a Domain Controller 106
Practice:Installing Active Directory 107
Lesson Summary 110
Lesson 3:Operations Master Roles 111
Operations Master Roles 111
Forest-Wide Operations Master Roles 111
Domain-Wide Operations Master Roles 112
Planning Operations Master Locations 113
Identifying Operations Master Role Assignments 115
Transferring Operations Master Role Assignments 116
Responding to Operations Master Failures 118
Lesson Summary 119
Lesson 4:Implementing an Organizational Unit Structure 120
Creating OUs 120
Setting OU Properties 120
Practice:Creating an OU 122
Lesson Summary 123
Review 124
Chapter 5 DNS and Active Directory Integration 125
About This Chapter 125
Before You Begin 125
Lesson 1:Understanding DNS Name Resolution 126
Name Resolution 126
Forward Lookup Query 127
Name Server Caching 128
Reverse Lookup Query 129
Lesson Summary 130
Lesson 2:Understanding and Configuring Zones 131
Zones 131
Zone Planning 131
Forward Lookup Zones 132
Reverse Lookup Zones 134
Resource Records 135
Delegating Zones 136
Configuring Dynamic DNS 138
Practice:Configuring Zones 139
Lesson Summary 142
Lesson 3:Zone Replication and Transfer 143
Zone Replication and Zone Transfers 143
DNS Notification 146
The DNS Notify Process 147
Lesson Summary 148
Lesson 4:Monitoring and Troubleshooting DNS for Active Directory 149
Monitoring DNS Servers 149
DNS Troubleshooting Scenarios 150
Lesson Summary 152
Review 153
Chapter 6 Configuring Sites 155
About This Chapter 155
Before You Begin 155
Lesson 1:Configuring Site Settings 156
Configuring Site Settings 156
Sites 156
Subnets 157
Site Links 159
Site Licensing 161
Practice:Configuring a Site 162
Lesson Summary 164
Lesson 2:Configuring Inter-Site Replication 165
Configuring Inter-Site Replication 165
Site Link Attributes 165
Site Link Bridges 168
Manually Configuring Connections 169
Designating a Preferred Bridgehead Server 171
Practice:Configuring Inter-Site Replication 172
Lesson Summary 173
Lesson 3:Troubleshooting Replication 174
Troubleshooting Replication 174
Checking Replication Topology 175
Lesson Summary 175
Lesson 4:Maintaining Server Settings 176
Maintaining Server Settings 176
Creating a Server Object in a Site 176
Moving Server Objects Between Sites 176
Enabling or Disabling a Global Catalog 177
Removing an Inoperative Server Object from a Site 177
Lesson Summary 177
Review 178
Chapter 7 User Account Administration 179
About This Chapter 179
Before You Begin 179
Lesson 1:Introduction to User Accounts 180
Local User Accounts 180
Domain User Accounts 181
Built-In User Accounts 182
Lesson Summary 183
Lesson 2:Planning New User Accounts 184
Naming Conventions 184
Password Requirements 185
Account Options 186
Practice:Planning New User Accounts 186
Lesson Summary 189
Lesson 3:Creating User Accounts 190
Creating Local User Accounts 190
Creating Domain User Accounts 191
Practice:Creating Domain User Accounts 194
User Account Properties 196
Setting Personal Properties 197
Setting Account Properties 197
Setting Logon Hours 199
Setting the Computers from Which Users Can Log On 200
Configuring Dial-In Settings 201
Practice:Modifying User Account Properties 202
Lesson Summary 206
Lesson 4:Creating User Profiles 207
User Profiles 207
Local User Profiles 210
Roaming User Profiles 210
Mandatory User Profiles 213
Practice:Managing User Profiles 214
Lesson Summary 219
Lesson 5:Creating Home Directories 220
Introducing Home Directories 220
Creating Home Directories on a Server 220
Lesson Summary 221
Lesson 6:Maintaining User Accounts 222
Disabling,Enabling,Renaming,and Deleting User Accounts 222
Resetting Passwords and Unlocking User Accounts 223
Resetting Passwords 223
Unlocking User Accounts 224
Practice:Administering User Accounts 224
Lesson Summary 226
Review 227
Chapter 8 Group Account Administration 229
About This Chapter 229
Before You Begin 229
Lesson 1:Introduction to Groups 230
Groups and Permissions 230
Group Types 231
Group Scopes 231
Group Nesting 233
Rules for Group Membership 233
Local Groups 234
Using Local Groups 234
Lesson Summary 234
Lesson 2:Planning a Group Strategy 236
Planning Global and Domain Local Groups 236
Using Universal Groups 237
Practice:Planning New Group Accounts 238
Lesson Summary 240
Lesson 3:Creating Groups 241
Creating and Deleting Groups 241
Deleting a Group 242
Adding Members to a Group 242
Changing the Group Type 244
Changing the Group Scope to Universal 244
Creating Local Groups 245
Practice:Creating Groups 247
Lesson Summary 249
Lesson 4:Understanding Default Groups 250
Predefined Groups 250
Built-In Groups 251
Built-In Local Groups 252
Special Identity Groups 253
Lesson Summary 254
Lesson 5:Groups for Administrators 255
Why You Should Not Run Your Computer as an Administrator 255
Administrators as Members of the Users and Power Users Groups 255
Using Run As to Start a Program 256
RUNAS Command 257
RUNAS Examples 258
Practice:Using Run As to Start a Program as an Administrator 259
Lesson Summary 259
Review 260
Chapter 9 Securing Network Resources 263
About This Chapter 263
Before You Begin 263
Lesson 1:Understanding NTFS Permissions 264
NTFS Permissions 264
NTFS Folder Permissions 264
NTFS File Permissions 265
Access Control List 265
Multiple NTFS Permissions 266
NTFS Permissions Inheritance 267
Lesson Summary 268
Lesson 2:Assigning NTFS Permissions 269
Planning NTFS Permissions 269
Setting NTFS Permissions 270
Practice:Planning and Assigning NTFS Permissions 272
Lesson Summary 279
Lesson 3:Assigning Special Permissions 280
Special Permissions 280
Setting Special Permissions 284
Taking Ownership of a File or Folder 286
Practice:Taking Ownership of a File 286
Lesson Summary 288
Lesson 4:Copying and Moving Files And Folders 289
Copying Files and Folders 289
Moving Files and Folders 290
Practice:Copying and Moving Folders 291
Lesson Summary 292
Lesson 5:Troubleshooting Permissions Problems 293
Troubleshooting Permissions Problems 293
Avoiding Permissions Problems 294
Practice:Deleting a File with All Permissions Denied 295
Lesson Summary 296
Review 297
Chapter 10 Administering Shared Folders 299
About This Chapter 299
Before You Begin 300
Lesson 1:Understanding Shared Folders 301
Shared Folders 301
Shared Folder Permissions 301
How Shared Folder Permissions Are Applied 303
Guidelines for Shared Folder Permissions 303
Practice:Applied Permissions 304
Lesson Summary 305
Lesson 2:Planning Shared Folders 306
Application Folders 306
Data Folders 307
Lesson Summary 308
Lesson 3:Sharing Folders 310
Requirements for Sharing Folders 310
Administrative Shared Folders 310
Sharing a Folder 311
Assigning Shared Folder Permissions 312
Modifying Shared Folders 314
Connecting to a Shared Folder 315
Lesson Summary 316
Lesson 4:Combining Shared Folder Permissions and NTFS Permissions 317
Strategies for Combining Shared Folder Permissions and NTFS Permissions 317
Practice:Managing Shared Folders 318
Lesson Summary 327
Lesson 5:Configuring Dfs to Gain Access to Network Resources 328
Understanding Dfs 328
Reasons for Using Dfs 330
Dfs Topology 330
Creating a Dfs 330
Creating a Dfs Root 330
Creating a Dfs Link 331
Adding a Dfs Shared Folder 332
Setting Replication Policy 333
Practice:Using Dfs 335
Lesson Summary 339
Review 340
Chapter 11 Administering Active Directory 341
About This Chapter 341
Before You Begin 342
Lesson 1:Locating Active Directory Objects 343
Understanding Common Active Directory Objects 343
Using Find 344
Practice:Searching Active Directory 346
Lesson Summary 348
Lesson 2:Controlling Access to Active Directory Objects 349
Understanding Active Directory Permissions 349
Assigning Active Directory Permissions 350
Using Permissions Inheritance 353
Preventing Permissions Inheritance 354
Practice:Controlling Access to Active Directory Objects 354
Lesson Summary 357
Lesson 3:Publishing Resources in Active Directory 358
Publishing Resources in Active Directory 358
Publishing Users and Computers 358
Publishing Shared Resources 358
Publishing Network Services 359
Lesson Summary 361
Lesson 4:Moving Active Directory Objects 362
Moving Objects 362
Moving Objects Within a Domain 362
Moving Objects Between Domains 363
Moving Workstations or Member Servers Between Domains 367
Moving Domain Controllers Between Sites 368
Practice:Moving Objects Within a Domain 369
Lesson Summary 370
Lesson 5:Delegating Administrative Control of Active Directory Objects 371
Guidelines for Delegating Control 371
Delegation Of Control Wizard 372
Guidelines for Administering Active Directory 372
Practice:Delegating Administrative Control in Active Directory 373
Lesson Summary 375
Lesson 6:Backing Up Active Directory 376
Performing Preliminary Tasks 376
The Backup Wizard 376
What to Back Up 377
Where to Store the Backup 377
Specifying Advanced Backup Settings 379
Scheduling Active Directory Backup Jobs 380
Lesson Summary 381
Lesson 7:Restoring Active Directory 382
Preparing to Restore Active Directory 382
Nonauthoritative Restore 382
Authoritative Restore 382
Performing a Nonauthoritative Restore 383
Specifying Advanced Restore Settings 385
Performing an Authoritative Restore 386
Lesson Summary 388
Lesson 8:Troubleshooting Active Directory 389
Troubleshooting Active Directory 389
Lesson Summary 390
Review 391
Chapter 12 Administering Group Policy 393
About This Chapter 393
Before You Begin 393
Lesson 1:Group Policy Concepts 394
What Is Group Policy? 394
Group Policy Objects 394
Delegating Control of Group Policy 395
The Group Policy Snap-In 395
Group Policy Settings 397
Computer and User Configuration Settings 397
The MMC Snap-In Model 400
Group Policy Snap-In Namespace 401
How Group Policy Affects Startup and Logon 401
How Group Policy Is Processed 402
Group Policy Inheritance 404
Using Security Groups to Filter Group Policy 404
Lesson Summary 405
Lesson 2:Group Policy Implementation Planning 406
Designing GPOs by Setting Type 406
GPO Implementation Strategies 407
Layered vs.Monolithic GPO Design 407
Functional Roles vs.Team Design 409
OU Delegation with Central or Distributed Control 410
Lesson Summary 411
Lesson 3:Implementing Group Policy 412
Implementing Group Policy 412
Creating a GPO 412
Creating a GPO Console 413
Delegating Administrative Control of a GPO 414
Specifying Group Policy Settings 415
Disabling Unused Group Policy Settings 416
Indicating GPO Processing Exceptions 417
Filtering GPO Scope 419
Linking a GPO 420
Modifying Group Policy 420
Removing a GPO Link 421
Deleting a GPO 421
Editing a GPO and GPO Settings 421
Practice:Implementing a Group Policy 422
Lesson Summary 426
Lesson 4:Managing Software Using Group Policy 427
Software Management Tools 427
Assigning Applications 428
Publishing Applications 428
How Software Installation Works 428
Implementing Software Installation 430
Planning and Preparing a Software Installation 430
Setting Up an SDP 431
Specifying Software Installation Defaults 432
Deploying Software Applications 433
Setting Automatic Installation Options 437
Setting Up Application Categories 438
Setting Software Application Properties 439
Maintaining Software Applications 442
Lesson Summary 445
Lesson 5:Managing Special Folders Using Group Policy 446
Folder Redirection 446
Default Special Folder Locations 447
Setting Up Folder Redirection 447
Policy Removal Considerations 452
Lesson Summary 453
Lesson 6:Troubleshooting Group Policy 454
Troubleshooting Group Policy 454
Group Policy Best Practices 457
Lesson Summary 459
Review 460
Chapter 13 Administering a Security Configuration 461
About This Chapter 461
Before You Begin 461
Lesson 1:Security Configuration Overview 462
Security Configuration Settings 462
Lesson Summary 465
Lesson 2:Auditing 466
Understanding Auditing 466
Using an Audit Policy 466
Audit Policy Guidelines 467
Configuring Auditing 468
Setting Up an Audit Policy 469
Auditing Access to Files and Folders 472
Auditing Access to Active Directory Objects 475
Auditing Access to Printers 477
Auditing Practices 478
Practice:Auditing Resources and Events 479
Lesson Summary 483
Lesson 3:Using Security Logs 484
Understanding Windows 2000 Logs 484
Viewing Security Logs 485
Locating Events 486
Filtering Events 487
Configuring Security Logs 488
Archiving Security Logs 490
Practice:Using the Security Log 491
Lesson Summary 492
Lesson 4:User Rights 493
User Rights 493
Privileges 493
Logon Rights 497
Assigning User Rights 497
Lesson Summary 498
Lesson 5:Using Security Templates 499
Security Templates Overview 499
Security Template Uses 499
Predefined Security Templates 499
Managing Security Templates 501
Practice:Managing Security Templates 505
Lesson Summary 506
Lesson 6:Security Configuration and Analysis 507
How the Security Configuration and Analysis Console Works 507
Security Configuration 507
Security Analysis 507
Using Security Configuration and Analysis 508
Practice:Using Security Configuration and Analysis 513
Lesson Summary 515
Lesson 7:Troubleshooting a Security Configuration 516
Troubleshooting a Security Configuration 516
Lesson Summary 517
Review 518
Chapter 14 Managing Active Directory Performance 519
About This Chapter 519
Before You Begin 519
Lesson 1:Active Directory Performance Monitoring Tools 520
Performance Monitoring Tools 520
The Event Viewer Console 520
The Performance Console 522
System Monitor 522
Performance Logs and Alerts 528
Practice:Using System Monitor 536
Lesson Summary 538
Lesson 2:Active Directory Support Tools 540
Active Directory Support Tools 540
LDP.EXE:Active Directory Administration Tool 540
REPLMON.EXE:Active Directory Replication Monitor 541
REPADMIN.EXE:Replication Diagnostics Tool 543
DSASTAT.EXE:Active Directory Diagnostic Tool 543
SDCHECK.EXE:Security Descriptor Check Utility 543
NLTEST.EXE 544
ACLDIAG.EXE:ACL Diagnostics 544
DSACLS.EXE 545
Lesson Summary 545
Lesson 3:Monitoring Access to Shared Folders 546
Why Monitor Network Resources? 546
Network Resource Monitoring Requirements 547
Monitoring Access to Shared Folders 547
Monitoring Open Files 548
Disconnecting Users from Open Files 549
Sending Console Messages 550
Practice:Managing Shared Folders 550
Lesson Summary 551
Review 552
Chapter 15 Deploying Windows 2000 Using RIS 553
About This Chapter 553
Before You Begin 553
Lesson 1:RIS Overview 554
Remote OS Installation Overview 554
Remote Install Server Components 555
Remote Install Client Components 555
How the Remote OS Installation Process Works 557
RIS Server and Client Requirements 559
Network Cards Supported by RIS Boot Disk 560
Lesson Summary 561
Lesson 2:Implementing RIS 562
Implementing RIS 562
Setting Up RIS 562
Configuring RIS 564
Create an RIPrep Image 572
Creating an RIS Boot Disk 575
Verifying an RIS Configuration 576
Lesson Summary 577
Lesson 3:Administering RIS 578
Administering RIS 578
Managing RIS Client Installation Images 578
Managing RIS Client Computers 579
Managing RIS Security 583
Lesson Summary 586
Lesson 4:RIS Frequently Asked Questions and Troubleshooting 587
Frequently Asked RIS Questions 587
Troubleshooting RIS 590
Lesson Summary 591
Review 592
Appendix A Questions and Answers 593
Appendix B Installing and Configuring the DHCP Service 637
Glossary 643
Index 675