Home Page Icon
Home Page
Table of Contents for
VIII. Business Productivity Solutions
Close
VIII. Business Productivity Solutions
by Ed Roberts - MVP , Eric Kovach - MCSE, Andrew Abbate - MCSE, Rand H. Morimoto -
Microsoft® Windows® Server 2003 Insider Solutions
Copyright
Dedications
About the Authors
Acknowledgments
We Want to Hear from You!
Introduction
I. Security Solutions
1. Securing Windows Server 2003
Improved Default Security in Windows 2003
Improvements over Windows 2000
New Security Technologies Introduced in Windows 2003
Securing the Hatches
Implementing Transport Layer Security
Requiring Digital Signing
Leveraging PKI
Installing Certificate Services
Importance of Physical Security
Know Who is Connected Using Two-factor Authentication
Utilizing Smartcards
Leveraging Biometrics to Enhance Security
Using Templates to Improve Usage and Management
Using the Security Configuration and Analysis Tool
Leveraging Secure Templates
Patrolling the Configuration
Auditing the System Security
Using the Microsoft Baseline Security Analyzer
Using Vulnerability Scanners
Auditing the File System
Securing the File System
Locking Down the File System via NTFS
Locking Down Group Membership
Keeping Users Out of Critical File Areas
Securing Web Services
Using SSL
Scanning the Web Servers for Vulnerabilities
Keeping up with Patches
Locking Down IIS
Keeping Files Confidential with EFS
Leveraging Standalone EFS
Common Pitfalls with Encrypted File System Implementations
Bulletproof Scenario
Summary
2. Implementing Secured Wireless Technologies
Working Through Walls
Common Mistakes When Planning Access Point Placement
Considering Signal Attenuation
Planning Signal Coverage
Reducing Interference
Considering Distance
Turning Down the Volume
Connecting to Power
Bridging Versus Broadcasting
Managing Spectrums to Avoid Denial of Service
Choosing Your Channel
Protecting Yourself from Internal Interference
Protecting the Wireless Network
Implementing Support for Secure 802.1x Technologies
Taking Advantage of Windows Server 2003 Security Features
Configuring the Wireless Network (IEEE 802.11) Policy
Choosing the Proper Wireless Network Policy Properties
Incorporating Certificates into Wireless Security
Configuring Certificate Services
Configuring Internet Authentication Services (IAS)
Configuring EAP-TLS Authentication
Configuring the Wireless Client
Configuring Wi-Fi Protected Access (WPA)
Required Updates
Authentication
Key Management
Temporal Key Integrity Protocol (TKIP)
Michael
Advanced Encryption Standard (AES)
Mixing WEP and WPA Wireless Clients
Maximizing Wireless Security Through Tunneling
While You’re Away
VPN Pass-through is Important
Maintaining Knowledge of Your Wireless Networks
Keeping Track of People, Places, and Things
Wireless Networking–Related IEEE Standards
Other Resources
Summary
3. Integrating Smartcard and Secured Access Technologies
Maximizing Certificate Services Implementations
Using Windows Server 2003 Updates
Choosing the CA Roles
Incorporating Smartcards
Securing Log-ins
Securing E-mail
Securing Documents
Securing Buildings
Securing Certificate Services
Locking Down Servers
Separating Server Roles
Assigning Administrative Roles
Getting the Most Out of Smartcards
Choosing an Appropriate Smartcard
Memory Requirements
Smartcard Roles
Smartcard Life Expectancy
Smartcard Reader
Smartcard Management Tools
Making Users Use Smartcards
Providing Security Reports
Tips and Tricks for Securing Access to the Network
Using Physical Security
Keeping Security Rules Simple
Covering Your Tracks
Creating a Single Sign-on Environment
Consolidating Directories
Consolidating Applications
Securing Access to Web Servers and Services
Locking the Doors
Hiding the Keys
Requiring SSL
Protecting Certificate-based Services from Disaster
Building Fault Tolerance
Planning Backup and Restoration
Integrating Smartcards with Personal Devices
Using Smartcards with a Pocket PC
Using Smartcards with Smart Phones
Summary
II. Management and Administration Solutions
4. Distributing Administration
Choosing the Best Administrative Model for Your Organization
Centralized Administration
Distributed Administration
Mixed Administration
Applying the Administrative Models
Using Role-based Administration for Optimal Delegation
The Operations Manager
The Security Administrator
The Network Administrator
The Directory Service Administrator
Leveraging the Delegation of Control Wizard
Delegation Through Organizational Units
Delegating Simple Administrative Tasks
Delegating Custom Tasks
Enhancing Administration with Functional Levels
Windows 2000 Mixed Domain Functional Level
Windows 2000 Native Functional Level
Windows Server 2003 Interim Functional Level
Windows Server 2003 Functional Level
Domain Administrative Functionality
Forest Administrative Functionality
Managing Domain and Enterprise Administration
Managing the Domain Admins Group
Managing the Enterprise Admins Group
Developing Group Policies that Affect Administration
Linking Group Policies to the Appropriate Containers
Enforcing a Complex Administrator Password via Group Policy
Restricting Administrative Group Memberships
Delegating Rights with Group Policies
Testing Level of Administrative Access
Testing Changes in a Lab Environment
Documenting Test Processes and Results
Group Policy Modeling
Resultant Set of Policy (RSoP)
Auditing Administrative Activities
Audit Settings on Domain Controllers
Collect and Archive Security Logs
Audit Accounts Management Events
Size the Security Log Appropriately
Summary
5. Managing User Rights and Permissions
Leveraging Domain Local, Global, and Universal Groups
Choosing the Appropriate Group Type
Security Groups
Distribution Groups
Mail-enabled Groups
Choosing the Appropriate Group Scope
Machine Local Groups
Domain Local Groups
Global Groups
Universal Groups
Using NTFS and AD Integrated File Shares
Using NTFS to Set Permissions
Setting NTFS Permissions
Using Active Directory Integrated Shares
Using Allow/Deny Permissions
Assigning User Rights and Privileges
Using Group Policy to Administer Rights and Permissions
Assigning Rights with Group Policy
Granting Access to Files with Group Policy
Granting Access to Registry Settings with Group Policy
Managing Groups with Group Policy
Maximizing Security, Functionality, and Lowering Total Cost of Ownership (TCO) with User Profiles
Local and Roaming Profiles
All Users and Default Profiles
Mandatory Profiles
Temporary Profiles
Managing Rights and Permissions for Specific User Types
Managing Highly Managed Users
Managing Mobile Users
Managing Administrators for Flexibility and Security
Summary
6. Implementing Group Policies
Leveraging Group Policies
Using Computer Policies
Using User Policies
Understanding Group Policy Refresh Intervals
Group Policy Deployment
Less is More
Knowing Resultant Set of Policies (RSoP)
Group Policy Order of Inheritance
Knowing the Impact of Slow Link Detection
Delegating GP Management Rights
Avoiding Cross-Domain Policy Assignments
Using Group Policy Naming Conventions
Understanding the Default Domain Policy
Understanding GP Inheritance and Application Order
Group Policy Inheritance
Understanding the Order in Which Group Policies Are Applied
Modifying Group Policy Inheritance
Configuring Group Policy Loopback
Understanding the Effects of Slow Links on Group Policy
What is the Effect of a Slow Link on a Site?
Determining Slow Link Speed
Configuring a Unique Slow Link Speed
Using Tools to Make Things go Faster
Linking Group Policies
Configuring the Group Policy Snap-in
Disabling Configuration Settings
Viewing Group Policy Using the Show Configured Policies Only Setting
Deleting Orphaned Group Policies
Automating Software Installations
Best Practices for Software Installs
Determining Whether a Push Was Successful
Enhancing Manageability with Group Policy Management Console
GPO Operations: Backup, Restore, Copy, and Import
Migrating Tables
Supporting Group Policy Management Across Forests
HTML Reporting Functionality and the Settings Tab
Linking WMI Filters
Searching the GPMC for Group Policies
Using Resultant Set of Policies in GPMC
Group Policy Modeling Using Resultant Set of Policy
Using RSoP Logging Mode to Discover Applied Policies
Maximizing Security with Group Policy
Predefined Security Templates
Required Default Domain Group Policy Settings
Restricted Groups: Assigning Local Groups Through GP
Increasing Fault Tolerance with Intellimirror
Using Folder Redirection
Using Roaming Profiles
Leveraging Other Useful Tools for Managing Group Policies
Using the GPupdate Tool
Using the GPresult Tool
Using the GPmonitor.exe Tool
Using the GPOTool Tool
Using the FRSDiag.exe Tool
Using the Sonar.exe Tool
Using Administrative Templates
Understanding Polices Versus Preference
Using Microsoft Add-on GP Templates
Customizing Administrative Group Policy Templates
Finding Additional Resources About Group Policy
Microsoft Group Policy Web Site
Group Policy White Papers
Summary
7. Managing Desktops
Automating Backup of Desktop Data
Shadow Copy of Shared Folders
Setting Up Shadow Copies Client
Recovery of Files and Folders
Recovering Deleted Files
Recovering Overwritten or Corrupted Files
Recovering Folders
Folder Redirection
Accelerating Deployments with Workstation Images
Unattended Installation
Using the Systems Preparation Tool (Sysprep) for Server Images
Deploying Server Images with Remote Installation Service
Creating Windows XP Images
Installing Desktop Software
Standardizing the Desktop
The Little Things
Automating Software Installation
Slow Link Detection
Ensuring a Secured Managed Configuration
Decreasing Vulnerabilities Through Security Patches
Maximizing Security on the Desktop
Managing Systems and Configurations
Managing Desktops Remotely
Managing Multiuser Desktops
Managing Mobile Computers
Managing Public or Kiosk Workstations
Managing Administrator Workstations
Leveraging Useful Tools for Managing Desktops
Floplock
Netdom
Con2prt
User State Migration Tool (USMT)
Summary
8. Administering Windows Server 2003 Remotely
Using Remote Desktop for Administration
Enhancements to Remote Administration with Remote Desktop Connection
Enabling Remote Desktop for Administration
Best Practices for Remote Desktop for Administration
Use the Console Mode
Configure Disconnect and Reset Timeouts
Coordinate Remote Administration
Distinguish Terminal Services from Remote Administration
Taking Advantage of Windows Server 2003 Administration Tools
Installing the Admin Pack
Using Convenience Consoles
Customizing Administration Consoles
Using Out-Of-Band Remote Administration Tools for Emergency Administration
Emergency Management Service (EMS)
Configuring the Serial Connection for EMS
Special Administration Console (SAC)
Using and Configuring Remote Assistance
Requirements for Remote Assistance
Sending a Remote Assistance Invitation
Securing and Monitoring Remote Administration
Securing Remote Administration
Monitoring Remote Administration
Delegating Remote Administration
Administering IIS in Windows Server 2003 Remotely
Using Internet Information Services Manager (IIS)
Using Terminal Services
Using the Remote Administration (HTML) Tool
Summary
9. Maintenance Practices and Procedures
Maintenance is not as Interesting as Implementing New Technology
What to Do Every Day
Read the Logs
Checking on System Resources
Verify the Backups
What to Do Every Week
Check for System Updates
Verify Active Directory Replication
Audit Administrative Group Membership
Perform a Test Restore
Examining the Size of the Active Directory Database
Examine the DHCP Scopes
What to Do Every Month
Active Directory Database Integrity Check
Performing a Scandisk
Reboot the System
Defragment the System
Check WINS for Corruptions
Consolidating Servers as a Maintenance Task
Windows System Resource Manager
Virtual Servers
Backup Tips and Tricks
Improving Performance With a Dedicated Backup VLAN
Spool to Disk and Later to Tape
Grandfather, Father, Son Strategies and Changers
Use the Appropriate Agents
What to Include and Exclude in a Backup
Making Automated System Recovery Work for You
Leveraging Scripting for Maintenance Practices
Taking Advantage of Command Line Interfaces
Customizing the MMC View
Ensuring Consistency with Checklists
Why Five-9s Might Be a Bad Idea
The Importance of Maintenance Windows
Maintenance in a High Availability Environment
Automating Updates
Software Update Service Tuning: Using NTFS Permissions and Machine Groups
Using SUS with Systems Management Server
Enabling SUS with Group Policy Objects
Summary
III. Design and Implementation Solutions
10. Advanced Active Directory Design
Implementations Small and Large
Single Domain In-Place Upgrade
Multiple Domains—Child
Multiple Domains—Discontinuous
Consolidating Domains
Understanding Multiple Forests
Using a Placeholder Root Domain
Configuring and Reconfiguring Domains and Organizational Units
Moving Objects Between Domains
Moving Objects Between Organizational Units
Sites and the New Knowledge Consistency Checker
Summarizing Sites
Site Adoption
Controlling Site Authentication Using DNS
Using Cross-Forest Trusts Effectively
Account/Resource Forests
Company Acquisition
Interforest Synchronization
Using GALSync to Do Directory Synchronizations
Microsoft Identity Information Services
Active Directory Migration Tool Best Practices
Using ADMT to Migrate Resources
Implications of SID History
Cleaning Up SID History
Improvements in ADMT 2.0
Using Microsoft Metadirectory Services Effectively
Features of Microsoft Identity Integration Server
Centralization of Identity Information
Managing Identity Information
Managing Changes to Identity Information
Broad Connectivity
Domain Controller Placement
Replication Traffic Migrating from Windows NT 4.0 Versus Authentication Traffic
Determining the Value of Local Domain Controllers
Spending on WAN Connectivity Versus Domain Controllers
Global Catalog Placement
What Does the Global Catalog Do?
GC Replication Traffic Versus Lookup Traffic
Determining the Impact of Global Catalog Failure
Taking Advantage of Replication Improvements
Benefits of Multi-Master Replication
Active Directory Functional Levels
Summary
11. Implementing Microsoft Windows Server 2003
Best Practices for Successful Server Deployments
Planning the Deployment
Testing the Deployment
Executing the Deployment
Licensing and Activating Windows Server 2003
Providing a Product Key
Choosing a Licensing Mode
Activating Windows Server 2003
Automating Deployment with Remote Installation Service
System Requirements for RIS
Creating a Remote Installation Preparation Wizard (RIPrep) Image
Securing Server Images
Making the Most of the RIS Deployment Tool
Using Sysprep for Servers to Maximize Consistency
How Sysprep Works
Taking Advantage of New Sysprep Features
Customizing Setup Using Unattend and Setup Manager
Taking Advantage of Setup Manager Enhancements
Fully Automating Installs Using Unattend.txt
Creating Custom Bootable CDs for Rapid Deployment
Tools Needed for Creating Custom Install CDs
Leveraging WinPE
Optimizing Standard Server Configurations
Optimize Performance Settings
Optimize Security Settings
Begin Routine Operations
Customizing Servers with Setup Wizards
Configuring Server Roles
Managing Servers
Controlling the Back-end with the Windows Registry
The Registry Editor
Protecting the Registry
Maintaining the Registry
Summary
12. Implementing Microsoft Active Directory
Taking Advantage of Functional Levels
Windows 2000 Mixed Domain Functional Level
Windows 2000 Native Functional Level
Windows Server 2003 Interim Functional Level
Windows Server 2003 Functional Level
Improving Domain Controller Installation
Promoting a Member Server
Demoting a Domain Controller
Creating Replicas from Media
Getting the Most Out of Global Catalog Servers
Global Catalog Placement
Universal Group Caching
Customizing the Global Catalog
Maximizing Flexible Single Master Operation (FSMO) Roles
Proper Placement of Operation Master Roles
Moving Operation Master Roles
Expanding the Enterprise by Interconnecting Forests and Domains
Configuring Forest Trusts
Granting Cross-Forest Rights
Authentication Firewall
Enhancing Flexibility with Renaming Domains
Understanding the Limitations
Meeting the Prerequisites
The Domain Rename Process
Step 1: Generate Current Forest Description
Step 2: Modify the XML File
Step 3: Upload the Modified File
Step 4: Prepare Domain Controllers
Step 5: Execute the Rename Procedure
Step 6: Cleanup Tasks
Managing the Active Directory Schema
Using Active Directory Service Interfaces (ADSI) Edit
Using the Active Directory Schema Snap-in
Schema Deactivation
Improving Replication with Application Partitions
Creating Application Partitions
Creating a Replica
Managing Replication
Summary
13. Establishing a Solid Infrastructure Foundation
Focusing on the Windows Server 2003 Infrastructure Components
Network Addressing as the Infrastructure Foundation
Simplifying Address Look-up with Name Resolution
Centralizing Address Information with Directory Integration
Network Services Changes in Windows Server 2003
Active Directory–Integrated Zones
Dynamic Updates
Unicode Character Support
DNS Changes in Windows Server 2003
DNS in an Active Directory Environment
Impact of DNS on Active Directory
Active Directory in Non-Microsoft DNS Implementations
Using Secondary Zones in an AD Environment
Specifying SRV Records and Site Resolution in DNS
The Domain Name System (DNS) In Depth
The Need for DNS
Framework for DNS
Understanding the DNS Namespace
Installing DNS Using the Configure Your Server Wizard
Configuring DNS to Point to Itself
Using Resource Records in a Windows 2003 Environment
Start of Authority (SOA) Records in DNS
DNS Host (A) Records
Name Server (NS) Records
Service (SRV) Records for Added DNS Information
Mail Exchanger (MX) Records Defining E-mail Routing
Pointer (PTR) Records for Reverse DNS Queries
Canonical Name (CNAME) Records for Alias Information
Other DNS Records that Store Information
Establishing and Implementing DNS Zones
Forward Lookup Zones
Reverse Lookup Zones
Primary Zones
Secondary Zones
Stub Zones
Creating Zone Transfers in DNS
Full Zone Transfer
Incremental Zone Transfer (IXFR)
Understanding the Importance of DNS Queries
Recursive Queries
Iterative Queries
Other DNS Components
Dynamic DNS (DDNS)
Time to Live (TTL)
Secure Updates
DNS Maintenance, Updates, and Scavenging
Root Hints
Forwarders
Using WINS for Lookups
Troubleshooting DNS
Using the DNS Event Viewer to Diagnose Problems
Using Performance Monitor to Monitor DNS
Client-Side Cache and HOST Resolution Problems
Using the NSLOOKUP Command-Line Utility
Using the IPCONFIG Command-Line Utility
Using the TRACERT Command-Line Utility
Using the DNSCMD Command-Line Utility
The Dynamic Host Configuration Protocol (DHCP) In Depth
The DHCP Client Service
Automatic Private IP Addressing (APIPA)
DHCP Relay Agents
DHCP and Dynamic DNS
DHCP Changes in Windows Server 2003
DHCP Database Backup and Restore Automation
DHCP in the Windows XP Client
Installing DHCP and Creating New Scopes
Creating DHCP Redundancy
The 50/50 Failover Approach for DHCP Fault Tolerance
The 80/20 Failover Approach to DHCP Fault Tolerance
The 100/100 Failover Approach to DHCP Fault Tolerance
Standby Scopes Approach
Clustering DHCP Servers
Advanced DHCP Concepts
DHCP Superscopes
DHCP Multicast Scopes
DHCP Administrative Delegation
Netsh Command-Line Utility
Optimizing DHCP Through Proper Maintenance
Securing a DHCP Implementation
DHCP Authorization
DHCP and Domain Controller Security
Continuing Usage of Windows Internet Naming Service (WINS)
Legacy Microsoft NetBIOS Resolution
Integrating WINS and DNS
Changes in Windows Server 2003 WINS
Installing and Configuring WINS
WINS Installation
Configuring Push/Pull Partners
WINS Replication
NetBIOS Client Resolution and the LMHOSTS File
WINS Planning, Migrating, and Maintenance
Designing a WINS Environment
Upgrading a WINS Environment
WINS Database Maintenance
Global Catalog Domain Controllers (GC/DCs) Placement
The Active Directory Global Catalog
The Need to Strategically Place GCs and DCs
Universal Group Caching
Global Catalog/Domain Controller Placement
Summary
IV. Migration and Integration Solutions
14. Migrating from Windows NT 4.0
Migrating to a Scalable Windows 2003 Server Environment
Planning for Future Hardware Needs
Using the System Compatibility Checker
Supporting Third-Party Software Applications
Using the Compatibility Tool Kit Analyzer
Migrating to a Flexible Active Directory Forest
Fallback Plans and Failover Procedures
Simple Methods to Recovering the SAM Database
Recovering from Failed Account Migrations
Tips to Minimize Network Downtime
Avoiding Downtime Through Server Redundancy
Configuring Redundant Global Catalogs
Planning and Implementing Name Resolution When Migrating
Understanding Name Resolution with Windows 2003
Implementing WINS in a Mixed Mode Environment
Installing WINS
Decommissioning Windows 2003 Internet Naming Services
Changing Windows 2003 Server WINS TCP/IP Properties
Best Practices for Modifying Workstation WINS Properties
Removing Windows 2003 WINS Services
Planning and Upgrading File Systems and Disk Partitions
Mirrored Volumes
Volume Sets, Striped Sets, and Striped Sets with Parity
Avoiding Failures and Disruptions During Server Upgrades
Planning for Failed Hardware
Windows NT Upgrade Paths and Service Packs
Windows NT Upgrade Paths
Meeting Windows NT Service Pack Requirements
Keeping Windows Servers Current with Windows Updates
Finalizing Server Upgrades with Windows Update
Supporting Windows Clients During Coexistence
Load Balancing Domain Authentication
Configuring PDC Emulation on Windows 2003 Domain Controllers
Supporting Windows 95, 98, and NT 4.0 Client Systems
Active Directory Client Extensions
Enabling Client Support Without Active Directory Extensions
Implementing and Securing Password Migrations
Setting Up an ADMT Password Migration Server
Enhancing Security on your Password Server
Using an Encryption Key on the Password Export Server
Configuring Permissions to Enable Password Migrations
Addressing Permissions Issues When Migrating Desktops
Knowing Desktop Migration Requirements
Local Desktop Permissions
Tips for Configuring Desktop Permission
Creating Desktop Migration Accounts
Tips for Configuring Desktop Permissions
Leveraging the Domain Administrators Group
Using the Net Add User Command
Best Practices for Maintaining and Managing Coexistence
Consolidating Network Services
Using SID History to Maintain Access to Resources
Migrating SID History
Additional Tools for Managing Coexistence
Common Mistakes When Decommissioning Domains and Servers
Decommissioning Windows NT 4.0 Domain Servers
Prioritizing Server Roles During a Migrations
Removing Permissions
Using the Active Directory System Editor ADSI
Summary
15. Migrating from Windows 2000
Preparing the Migration
Preparing Windows 2000 Servers to Be Migrated
Scripts to Inventory Hardware
Checking Hardware Compatibility
Evaluating Server Hardware Life Expectancy
Service Packs and System Bios Updates
Calculating Active Directory Hardware Requirement
Determining Active Directory Health State
Using Netdiag.exe
Using Replmon to Validate Replication
Performing Offline Defrag of Active Directory
Verifying Domain Name System Functionality
Planning the Type of Upgrade
Windows Server 2003 Applications Compatibility
Using the Application Compatibility Tool Kit
Upgrading and Installing Windows Server 2003
Upgrade Paths and Requirements
Upgrading by Performing a Clean Installation
Tips to Upgrading a Windows 2000 Domain
Migrating Network Services
Migrating Network Services
Migrating Domain Name Systems Services
Migrating DHCP to Windows 2003
Migrating GPOs
Migrating Active Directory Objects
Migrating Security and Distribution Groups
Migrating Users Accounts
FailOver Best Practices
Backing Up Active Directory
Recovering from a Failed Upgrade
Planning and Avoiding Network Downtime
Supporting Clients with Windows Server 2003
Understanding Windows 2003 Client Capability
Enabling Legacy Client Support
Decommissioning Windows 2000
Decommissioning Windows 2000 Domains and Domain Controllers
Decommissioning Domain Member Servers
Prioritizing Server Roles During a Migration
Removing Servers with ADSI Editor
Raising Windows 2003 Functional Levels
Domain Functional Levels
Raising Functional Levels
Summary
16. Integration with Unix/LDAP-Based Systems
Designing and Planning Platform Integration
Taking Inventory
Creating an Integration/Migration Plan
Creating an Integrated Infrastructure
Finding the Common Ground
Integrating Domain Name Services (DNS)
Heterogeneous Directory Services
Integrating Directories Across Environments
Integrating LDAP Directories with Active Directory
Configuring ADSI Edit Snap-in
Creating a Referral in Active Directory
Integration Using Metadirectories
Using Password Synchronization
Synchronizing Passwords in Unix and NIS
Synchronizing Passwords in LDAP
Centralizing the Management of Cross-Platform Resources
Using Telnet to Manage Unix and Windows
Using Microsoft Management Console (MMC)
Configuring Active Directory Schema Snap-in
Accessing Unix from a Windows Perspective
Accessing File Services
Configuring Windows Client for NFS
Configuring Samba on Unix
Accessing Print Services on Unix
Accessing Windows from a Unix Perspective
Accessing Windows with Telnet
Accessing Windows File Services
Accessing Windows Print Services
Using LPD/LPR
Migrating Resources from One Platform to the Other
Hosting Directory Services
Consolidating File Shares
Consolidating Printers
Summary
17. Integrating Windows 2003 with Novell Networks
Leveraging Services for NetWare
Using Gateway Services for NetWare to Bridge Environments
Using File and Print Services for NetWare to Replace Servers
Using Microsoft Directory Synchronization Service to Integrate Directories
File Migration Utility (FMU)
Creative Ways of Bridging the Gap Between Novell and Windows
Using a Dual-Client Approach to Access a Multi-Platform Environment
Taking Advantage of Windows Terminal Services in a Novell Environment
Using Web Services for Access to Microsoft Technologies
Installing the Microsoft Services for NetWare Tool
Preparing the Basic Configuration for Services for NetWare
Installing the File and Print Services for NetWare
Installing the Microsoft Directory Synchronization Service
Creating a Single Sign-on Environment
The Effectiveness of a Dual-Client Authentication Method of Access
Synchronizing Directories as a Method of Shared Logon
Synchronizing eDirectory/NDS with Active Directory
Best Practices Implementing MSDSS
Identifying Limitations on Directory Synchronization
Backing Up and Restoring MSDSS Information
Replacing NetWare Servers with Windows Servers
Enabling a Windows Server to Simulate a Novell NetWare Server
Bridging a Migration Gap Between Novell and Microsoft Environments
Using the File Migration Wizard to Migrate Files
Summary
V. Remote and Mobile User Solutions
18. VPN and Dial-up Solutions
Choosing the Right VPN Solution
Windows 2003 Routing and Remote Access Services
Examining Firewall-based VPNs
Examining Hardware-based VPNs
Deciding When to Make the Move from Software to Hardware
Best Practices for Securing L2TP
Using L2TP in Parallel with a Firewall
Using L2TP in Series with a Firewall
L2TP Client Requirements
Leveraging Remote Access Policies
Best Practices for Securing PPTP
Using PPTP in Parallel with a Firewall
Using PPTP in Series with a Firewall
PPTP Client Requirements
Leveraging Remote Access Policies
Taking Advantage of Internet Authentication Service
Using Terminal Services to Access the IAS Server
Using IPSec to Encrypt Confidential Data
Using VPN for Wireless
Deploying VPN and Dial-up Services
Leveraging the Microsoft Connection Manager
Desktop and Tray Icons
Animated Dialer Logon Screen
Phone Book
Interface Support for Multiple Service Types
Connect Actions
Automated Phone Book Updates
Auto-applications
License Agreement
Connection Status
Support Phone Number
Custom Help File
Language Support
Automatic Password
Realm Name Prefix and Suffix
Assign Encrypted Connections
Append an Application
Edit Existing Service Profiles
Leveraging Softmodems
Consolidating Lines with Larger Circuits
Leveraging RADIUS
Managing Remote Users with GPOs
Using Site-to-Site VPNs
Using Windows Server 2003 RRAS for Site-to-Site VPNs
Using Load Balancing to Add Scalability and Resiliency
Summary
19. Web Access to Windows Server 2003 Resources
Best Practices for Publishing Web Shares to the Internet
Protecting the Perimeter
Protecting the Server Content
Following the HTTP Authentication Request
Allowing Trusted Networks
Creating the Virtual Directory
Creating a Virtual Directory with IIS Manager
Creating a Virtual Directory with Windows Explorer
Establishing Virtual Directory Permissions
Securing Virtual Directories Mapped to Local Directories
Securing Virtual Directories Mapped to Windows Shares
Choosing Proper User Access Controls
Securing Access to Resources with SSL
Enabling SSL on a Web Server Directory
Enabling and Securing Internet Printing
Installing and Configuring Internet Printing Protocol (IPP)
Securing Internet Printing
Best Practices for Securing FTP Services
Enabling FTP Services
Configuring Secure Anonymous FTP Access
Configuring FTP Logging
Hardening Folder Permissions
Configuring FTP Blind-Put Access
Enforcing Disk Quotas
Using Logon Time Restrictions
Restricting Access by IP Address or Range
Auditing FTP Events
Enforcing Strong Passwords
Enabling Account Lockout and Account Lockout Threshold
FTP User Isolation
Accessing Resources with Terminal Services and Remote Desktops
Allowing Remote Desktop Control
Securing Terminal Services
Monitoring IIS Access Through Auditing and Logging
Auditing Security and Site Content
Enabling Security Auditing
Enabling Web Site Content Auditing
Consolidating Log Files
Log File Definitions
Using Windows Tools and Scripts to Manage IIS
Using the GUI to Manage IIS
Using Command-Line Administration
Managing IIS with ADSI Utilities
Using Windows Management Instrumentation (WMI)
Monitoring Hard Disk Space
Querying Log Files for Stop Errors
Summary
20. Leveraging Thin Client Terminal Services
Advantages of Using Terminal Services
Performance Improvements in Terminal Services 2003
Scaling Terminal Services
Redundancy and Load Balancing
Keeping Users Connected with Session Directory
Adding Redundancy to Session Directory
Optimizing Terminal Service Performance
Taking Advantage of Profile Redirection
Leveraging Windows Resource Manager to Control Resources
Managing Terminal Service Users with Group Policy
Keeping Terminal Service Secure
Adding Security via Firewall Settings for ASP Terminal Servers
Building Terminal Services the Right Way
Locking Down the Server with GPOs
Locking Down Directory and File Permissions
Leveraging Local Resources
Optimizing Local Printing
Leveraging Local and Network Drives
Summary
VI. Business Continuity Solutions
21. Proactive Monitoring and Alerting
Leveraging Windows Management Instrumentation
Understanding WMI
Uses for WMI
Leveraging Scripts for Improved System Management
Basic WMI Scripts
Building Services
Building Temporary Event Consumers
Building Permanent Event Consumers
Deciding What to Monitor
Monitoring Hardware
Port-Level Monitoring
Service-Level Monitoring
Application-Level Monitoring
Performance Monitoring
Monitoring Pitfalls
Determining What to Monitor and Alert Upon
Hardware Alerting
Port-Level Alerting
Service-Level Alerting
Application-Level Alerting
Performance Alerting
Alerting Pitfalls
Responding to Problems Automatically
Triggering External Scripts
Services Recovery and Notification
Using Microsoft Operations Manager for Advanced Automation
Understanding MOM
Benefits of MOM
Third-Party Monitoring and Alerting
Improving Monitoring Via SMS
Summary
22. Creating a Fault-Tolerant Environment
Optimizing Disk Management for Fault Tolerance
Hardware-based RAID Solutions
Using Dynamic Disk RAID Configurations
Using the Disk Management MMC
Using the Diskpart Command-Line Utility
Maximizing Redundancy and Flexibility with Distributed File System
New DFS Features in Windows Server 2003
Closest Site Selection
Multiple Roots per Server
Administration Improvements
DFS and Security
Simplifying Fault Tolerance with Volume Shadow Copy
Configuring Volume Shadow Copies
Restoring Data from a Shadow Copy
Optimizing Disk Utilization with Remote Storage
Configuring Remote Storage
Configuring the Backup Device
Allocating Media for Remote Storage
Configuring Remote Storage Settings
Optimizing Clusters to Simplify Administrative Overhead
Choosing the Best Cluster Configuration Model
The Single-Quorum Device Cluster
The Single-Node Cluster
The Majority Node Set Cluster
Installing Microsoft Cluster Service
Configuring Failover and Failback
Leveraging Network Load Balancing for Improved Availability
Choosing a Network Load Balancing Model
Creating a Network Load Balancing Cluster
Realizing Rapid Recovery Using Automated System Recovery (ASR)
Improving the Disaster Recovery Process
Using ASR to Recover Cluster Services
Summary
VII. Performance Optimization Solutions
23. Tuning and Optimization Techniques
Understanding of Capacity Analysis
Best Practice for Establishing Policy and Metric Baselines
Benchmark Baselines
Workload Characterization
Benchmarks for Performance Analysis
Leveraging Capacity-Analysis Tools
Built-in Toolset
Task Manager
Network Monitor
The Performance Console
Third-Party Toolset
Identifying and Analyzing Core Analysis and Monitoring Elements
Memory Subsystem Optimizations
Improving Virtual Memory Usage
Monitoring Processor Usage
Optimizing the Disk Subsystem Configuration
Choosing the File System
Choosing the Physical Disk Configuration
Disk Mirroring (RAID 1)
Disk Striping with Parity (RAID 5)
Hardware Versus Software RAID
Monitoring the Disk Subsystem
Monitoring the Network Subsystem
Optimizing Performance by Server Roles
Terminal Services Server
Domain Controllers
Monitoring AD
Monitoring DNS
Monitoring AD Replication
Summary
24. Scaling Up and Scaling Out Strategies
Size Does Matter
Determining Your Needs
Building Bigger Servers
Beefy Single Boxes
Multinode Clusters
Building Server Farms
Avoiding the Pitfalls
Buying the Wrong Hardware
Is the Application Multiprocessor-Capable?
Protecting Against System Outages
Ensuring that Your Facilities Can Support Your Systems
Making It Perform
Choosing the Right Processor Type
Eliminating Unnecessary Services
Not All Memory Is Created Equal
Planning for Disk Subsystems
Scaling the Active Directory
Active Directory Sizer Tool
File Locations Matter
Configuring Your Disks the Right Way
Understanding Your Replication Topology
Scaling for the File System
Disk IO is Critical—SCSI/RAID/IDE
When Does an Environment Justify Using SAN/NAS?
Remember RAM-disks?
Distributed File System
Scaling for RAS
Hardware Cryptographic Accelerators
When to Make the Move from Software to Hardware
Multiplexing for Modem Support
Taking Advantage of Multihoming Your Internet Connection
Scaling Web Services
Beefy Boxes Versus Many Boxes
Using Cryptographic Accelerators for SSL
n-tier Application Model
Scaling Web Services via Web Farms
Scaling for Terminal Services
Big Processors Versus Multi-Processors
Memory, Memory, and More Memory
Terminal Service Farms
Improving Scalability by Load Balancing Applications
Summary
25. Utilizing Storage Area Networks
Defining the Technologies
What is a SAN?
What is NAS?
What is DAS?
When is the Right Time to Implement NAS and SAN Devices?
Analyzing Your Storage Needs
Planning the Storage Solution
Developing the Storage Solution
Piloting the Storage Solution
Deploying the Storage Solution
Designing the Right Data Storage Structure
Choosing the Right Connectivity
Slicing and Dicing the Available Disk
Adding in Fault Tolerance for External Storage Systems
Combining Hardware Fault Tolerance with Windows Server 2003 Technologies
Distributed File System with NAS or SAN
Leveraging Logical Disk Manager
Remote Storage Management
Integrating Backups with NAS and SAN
Leveraging Disk Quotas on NAS or SAN Devices
Using Encrypted File System to Protect Files on the SAN or NAS
Best Practices for SAN and NAS
Exchange with NAS/SAN
SQL with NAS/SAN
File Servers with NAS/SAN
Backup Systems
Active Directory Integration
Terminal Servers
Booting from NAS/SAN
Recovering from a System Failure
Leveraging NAS and SAN Solutions for Server Consolidation
Consolidating the Number of Exchange Servers
Consolidating the Number of File Servers
Summary
VIII. Business Productivity Solutions
26. User File Management and Information Look-up
Enabling Collaboration with Windows SharePoint Services
New Features in Windows SharePoint Services
Deployment Options and Scenarios
Small Organization Deployment
Large Organization Deployment
Host WSS Sites on the Internet
Using WSS with an Extranet
Preparing for the Deployment
Comparing SharePoint Portal Server with Windows SharePoint Services
Expanding on the File and Data Management Capabilities of Windows 2003
Simple File Sharing in Windows XP
Controlling File Sharing in Active Directory
Intranet File Sharing
File Sharing Using WSS
Simplifying File Sharing with Office 2003
Document Workspaces in Windows SharePoint Services
Shared Workspace Task Pane
Shared Attachments
Improving Data Lookup with Indexing
Understanding Searching in WSS
Enabling Indexing
Taking Advantage of Revision Control Management
Document Versioning
Check-in and Check-out Function for Document Management
Hierarchical Storage Management
Creating a Top-Level Web Site
Self-Service Site Creation
Implementing Information, Communication, and Collaboration Security
WSS Security
Internet Explorer Enhanced Security
Summary
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
25. Utilizing Storage Area Networks
Next
Next Chapter
26. User File Management and Information Look-up
Part VIII. Business Productivity Solutions
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset