You are previewing Mastering Microsoft Windows Server® 2008 R2.
O'Reilly logo
Mastering Microsoft Windows Server® 2008 R2

Book Description

The one book you absolutely need to get up and running with Windows Server 2008 R2.

One of the world's leading Windows authorities and top-selling author Mark Minasi explores every nook and cranny of the latest version of Microsoft's flagship network operating system, Windows Server 2008 R2, giving you the most in-depth coverage in any book on the market.

  • Focuses on Windows Windows Server 2008 R2, the newest version of Microsoft's Windows' server line of operating system, and the ideal server for new Windows 7 clients

  • Author Mark Minasi is one of the world's leading Windows authorities and has taught tens of thousands of people to design and run Windows networks

  • Covers Windows storage concepts and skills, Windows Server 2008 IP, WINS, NetBIOS, LMHosts, DNS, creating the simple Active Directory, and creating and managing user accounts

  • Explains Group Policy in Active Directory; files, folders and shares; Sysvol, old and new; sharing printers on the network; remote server administration; connecting Windows clients to your network; working the Web with IIS 7.0; and AD maintenance and recovery

  • Provides workarounds for things that don't quite work as they should and how-tos for many undocumented features

Find out everything you want to know-and then some!

Table of Contents

  1. Copyright
  2. Dear Reader,
  3. Acknowledgments
  4. Introduction
    1. Who Is The Book For?
    2. What's Inside?
    3. Stay Up-to-Date with My Free Newsletter
    4. For Help and Suggestions: Visit My Forum or Email Me
  5. 1. What's New in Windows Server 2008 and 2008 R2
    1. 1.1. Server 2008 and R2 Goals
    2. 1.2. AD Changes
      1. 1.2.1. Read-Only Domain Controllers
      2. 1.2.2. New Windows Backup
      3. 1.2.3. Fine-Grained Password Policies
      4. 1.2.4. AD Snapshots and the AD Recycle Bin
      5. 1.2.5. PowerShell and AD Administrative Center
      6. 1.2.6. DCPromo Improvements
    3. 1.3. OS Changes Under the Hood
      1. 1.3.1. R2 Is 64-Bit Only
      2. 1.3.2. Server Core
      3. 1.3.3. Hyper-V
    4. 1.4. Networking Changes
      1. 1.4.1. TCP
      2. 1.4.2. Network Access Protection (NAP)
      3. 1.4.3. Secure Socket Tunneling Protocol (SSTP) VPN
    5. 1.5. New Setup Technologies
    6. 1.6. New Management Tools
      1. 1.6.1. Server Manager
      2. 1.6.2. The New Remote Tools: WinRM and WinRS
      3. 1.6.3. Remote Desktop Services: Terminal Services with a New Name and New Features
      4. 1.6.4. New Group Policies and Tools
      5. 1.6.5. New Event Viewer
    7. 1.7. File and Print Sharing
      1. 1.7.1. SMB 2.0
      2. 1.7.2. More Reliable SYSVOL Replication
      3. 1.7.3. Print Management Console and Printer Driver Isolation
    8. 1.8. Web-Based Services
      1. 1.8.1. Web Server (IIS)
      2. 1.8.2. FTP Server
      3. 1.8.3. Windows Server Update Services (WSUS)
  6. 2. Installing and Upgrading to Windows Server 2008 R2
    1. 2.1. What Has Changed Since 2000 and 2003?
      1. 2.1.1. The Media
      2. 2.1.2. Installation Requirements
      3. 2.1.3. 64-bit Support
    2. 2.2. Installing the Operating System
      1. 2.2.1. Performing a Clean Installation
      2. 2.2.2. Performing an Upgrade Installation
      3. 2.2.3. Initial Configuration Tasks Utility
    3. 2.3. Using Server Manager to Configure Your Servers
      1. 2.3.1. Changes to Server Manager
      2. 2.3.2. Common Configuration Tasks
        1. 2.3.2.1. Changing Network Properties
        2. 2.3.2.2. Renaming the Server
        3. 2.3.2.3. Joining a Domain
        4. 2.3.2.4. Enabling Remote Administration
      3. 2.3.3. Adding and Removing Roles
        1. 2.3.3.1. Adding a Role
        2. 2.3.3.2. Removing a Role
        3. 2.3.3.3. Installing and Removing Features
      4. 2.3.4. Troubleshooting Roles and Features
      5. 2.3.5. Remote Management
      6. 2.3.6. Wrapping Up Server Manager
    4. 2.4. Upgrading Active Directory
      1. 2.4.1. An Overview of Active Directory: New Functionality in Windows Server 2008 and 2008 R2
        1. 2.4.1.1. Fine-Grained Password Policies
        2. 2.4.1.2. Read-Only Domain Controllers
        3. 2.4.1.3. Administrator Role Separation
        4. 2.4.1.4. Restartable Active Directory Domain Services
        5. 2.4.1.5. Auditing
        6. 2.4.1.6. Database Mounting Tool
      2. 2.4.2. New Active Directory Functionality in Windows Server 2008 R2
        1. 2.4.2.1. Active Directory Recycle Bin
        2. 2.4.2.2. Active Directory Module for PowerShell
        3. 2.4.2.3. Active Directory Administrative Center
        4. 2.4.2.4. Active Directory Web Services
        5. 2.4.2.5. Authentication Mechanism Assurance
        6. 2.4.2.6. Offline Domain Join
        7. 2.4.2.7. Managed Service Accounts
      3. 2.4.3. Active Directory Upgrade Strategies
    5. 2.5. Unattended Installations
      1. 2.5.1. Installing Windows Automated Installation Kit (WAIK)
      2. 2.5.2. Creating an Answer File
      3. 2.5.3. Using an Answer File
    6. 2.6. Installing a Sample Server Network for This Book's Examples
    7. 2.7. The Bottom Line
  7. 3. The New Server: Introduction to Server Core
    1. 3.1. What in the World Is Server Core?
    2. 3.2. Installing Server Core
    3. 3.3. Server Core Survival Guide
      1. 3.3.1. Accessing the Task Manager
      2. 3.3.2. Closing the Command Prompt
      3. 3.3.3. Changing the Administrator's Password
      4. 3.3.4. Accessing File Shares
      5. 3.3.5. Finding Commands from A to Z
      6. 3.3.6. Finding Command Syntax: The Question Mark
      7. 3.3.7. Reading Text Files with Notepad
      8. 3.3.8. Reverse Engineering
      9. 3.3.9. Editing the Registry
      10. 3.3.10. Rebooting and Shutting Down
    4. 3.4. Initial Configurations for Server Core
      1. 3.4.1. Step 1: Provide Computer Information
        1. 3.4.1.1. Entering the Product Key and Activating the Installation
        2. 3.4.1.2. Setting the Time Zone
        3. 3.4.1.3. Configuring the Network Settings
        4. 3.4.1.4. Providing a Computer Name and Domain
      2. 3.4.2. Step 2: Update This Server
        1. 3.4.2.1. Enabling Automatic Updating and Feedback
        2. 3.4.2.2. Downloading and Installing Updates
      3. 3.4.3. Step 3: Customize This Server
        1. 3.4.3.1. Adding Roles and Features
        2. 3.4.3.2. Enabling Remote Desktop
        3. 3.4.3.3. Configuring the Firewall
    5. 3.5. Administering Server Core Remotely
      1. 3.5.1.
        1. 3.5.1.1. Managing Servers with Remote Desktop
        2. 3.5.1.2. Managing Remotely with MMC Snap-Ins
        3. 3.5.1.3. Sending Commands Remotely: Windows Remote Shell
        4. 3.5.1.4. Getting a Certificate
        5. 3.5.1.5. Creating a Listener
        6. 3.5.1.6. Creating an Inbound Firewall Rule
        7. 3.5.1.7. Testing with WinRS
    6. 3.6. Configuring Roles and Features
      1. 3.6.1. Creating a Domain Controller and Managing DNS
      2. 3.6.2. Configuring the DHCP Service
      3. 3.6.3. Setting Up a File Server
        1. 3.6.3.1. Creating a Primary Partition
        2. 3.6.3.2. Creating the Folders and Editing Permissions
        3. 3.6.3.3. Sharing the Folder
      4. 3.6.4. Setting Up a Print Server
      5. 3.6.5. Managing Licenses with Key Management Service
        1. 3.6.5.1. Determining the Use of SRV Publishing
        2. 3.6.5.2. Enabling the Firewall
        3. 3.6.5.3. Activating the Installation
        4. 3.6.5.4. Pointing Clients to the KMS
      6. 3.6.6. Protecting Data with Windows Backup Server
    7. 3.7. The Bottom Line
  8. 4. Windows Server 2008 IPv4: What Has Changed?
    1. 4.1. TCP Then and Now
    2. 4.2. Improving Transaction Time with Autoscaling
    3. 4.3. Employing Policy-Based QoS
    4. 4.4. Sharing Files and Printers with SMB 2.0
    5. 4.5. Alternatives for Network Performance
    6. 4.6. Wrapping Up the New and Improved TCP
      1. 4.6.1. DHCP and Network Access Protection
      2. 4.6.2. New to 2008 R2
    7. 4.7. The Bottom Line
  9. 5. DNS and Naming in Server 2008 and Active Directory
    1. 5.1. Components of Microsoft's DNS
      1. 5.1.1. Understanding the DNS Server Role
        1. 5.1.1.1. Integrating with Other DNS Servers
      2. 5.1.2. Implementing Zones to Manage Namespaces
        1. 5.1.2.1. Understanding the Standard Primary Zone
        2. 5.1.2.2. Understanding the Standard Secondary Zone
        3. 5.1.2.3. Understanding Active Directory Integrated Zones
        4. 5.1.2.4. Using Stub Zones to Integrate with Other DNS Servers
        5. 5.1.2.5. Using Reverse Lookup Zones to Increase Security
      3. 5.1.3. Understanding Record Types
        1. 5.1.3.1. Host and Pointer Records
        2. 5.1.3.2. Alias Records
        3. 5.1.3.3. Mail Exchanger Records
        4. 5.1.3.4. Service Location Records
        5. 5.1.3.5. Start of Authority Records
        6. 5.1.3.6. Name Server Records
      4. 5.1.4. Implementing the DNS Role on Server Core
        1. 5.1.4.1. Installing the DNS Role
        2. 5.1.4.2. Configuring the DNS server
        3. 5.1.4.3. Adding Zones to a DNS Server Core Instance
        4. 5.1.4.4. Managing Records in the Zone
      5. 5.1.5. Managing DNS Clients and Name Resolution
        1. 5.1.5.1. Hostname Resolution
        2. 5.1.5.2. Configuring Clients
        3. 5.1.5.3. Updating DNS Dynamically
    2. 5.2. Understanding Active Directory's DNS
      1. 5.2.1. Configuring DNS Automatically
        1. 5.2.1.1. Creating Application Partitions
        2. 5.2.1.2. Adding a Forwarder
        3. 5.2.1.3. Modifying IP Properties
        4. 5.2.1.4. Delegating the Subdomain
        5. 5.2.1.5. Additional Recommended Configurations
      2. 5.2.2. Understanding SRV Records and Clients
      3. 5.2.3. Windows Server 2008 R2's Additional Features
        1. 5.2.3.1. Global Query Block List
        2. 5.2.3.2. Global Names and Single Name Resolution
        3. 5.2.3.3. Background Zone Loading
        4. 5.2.3.4. DNSSec and Trust Anchors
    3. 5.3. Supporting Internet-Based DNS Resolution
      1. 5.3.1. Supporting External DNS Domains
        1. 5.3.1.1. Split Brain
      2. 5.3.2. Resolving External Namespaces
    4. 5.4. Administration and Troubleshooting with DNS Tools
      1. 5.4.1. Administering the DNS Server with the DNS Management Console and DNSCmd
      2. 5.4.2. Leveraging Nslookup, DCDiag, and DNSLint
        1. 5.4.2.1. Nslookup
        2. 5.4.2.2. DCDiag
        3. 5.4.2.3. DNSLint
    5. 5.5. The Bottom Line
  10. 6. Creating the Simple AD: The One-Domain, One-Location AD
    1. 6.1. An Introduction to Active Directory Basics
    2. 6.2. A Single-Domain Forest
      1. 6.2.1. Benefits of a Single Domain
      2. 6.2.2. Creating a Single-Domain Forest
        1. 6.2.2.1. Before Running DCPromo (Server Configuration)
        2. 6.2.2.2. Operating System Compatibility
        3. 6.2.2.3. Deployment Configuration
        4. 6.2.2.4. Naming Your Root Domain
        5. 6.2.2.5. Active Directory and DNS
        6. 6.2.2.6. Domain Functional Levels
        7. 6.2.2.7. Forest Functional Levels
        8. 6.2.2.8. Locations for Files and SYSVOL
        9. 6.2.2.9. Directory Services Restore Mode Password
        10. 6.2.2.10. Running DCPromo
    3. 6.3. Adding a Second DC
      1. 6.3.1. Before Running DCPromo
      2. 6.3.2. Deployment Configuration for the Second DC
      3. 6.3.3. DNS for the Second DC
      4. 6.3.4. Global Catalog for the Second DC
      5. 6.3.5. Running DCPromo for the Second DC
    4. 6.4. Creating Organizational Units, Accounts, and Groups
      1. 6.4.1. Creating Organizational Units
        1. 6.4.1.1. Management Through Group Policy
        2. 6.4.1.2. Administrative Delegation
        3. 6.4.1.3. Creating OUs with ADUC
        4. 6.4.1.4. LDAP Distinguished Names
        5. 6.4.1.5. Creating OUs with DSAdd
        6. 6.4.1.6. Creating OUs with Windows Scripting Host (WSH)
        7. 6.4.1.7. Creating OUs with PowerShell
      2. 6.4.2. Creating Accounts
        1. 6.4.2.1. Creating Accounts with ADUC
        2. 6.4.2.2. Creating Accounts at the Command Line
      3. 6.4.3. Creating Groups
      4. 6.4.4. Delegating Control
    5. 6.5. Domain Maintenance Tasks
      1. 6.5.1. Joining a Domain
      2. 6.5.2. Decommissioning a DC
      3. 6.5.3. Troubleshooting ADI DNS
      4. 6.5.4. Raising Domain and Forest Functional Levels
      5. 6.5.5. Using NetDom
        1. 6.5.5.1. Rename Computers (Including Domain Controllers)
        2. 6.5.5.2. Join a Computer to a Domain
        3. 6.5.5.3. Other NetDom Commands
      6. 6.5.6. Managing the Domain Time
    6. 6.6. Creating Fine-Grained Password Policies
      1. 6.6.1. Requirements for Fine-Grained Password Policies
      2. 6.6.2. Creating a Password Settings Object
    7. 6.7. The Bottom Line
  11. 7. Creating and Managing User Accounts
    1. 7.1. User Accounts
      1. 7.1.1. Creating Local User Accounts
      2. 7.1.2. Creating Domain User Accounts
      3. 7.1.3. Setting Local User Account Properties
        1. 7.1.3.1. Member Of Tab
        2. 7.1.3.2. Profile Tab
        3. 7.1.3.3. Environment Tab
        4. 7.1.3.4. Sessions Tab
        5. 7.1.3.5. Remote Control Tab
        6. 7.1.3.6. Remote Desktop Services Profile Tab
        7. 7.1.3.7. Personal Virtual Desktop Tab
        8. 7.1.3.8. Dial-in Tab
      4. 7.1.4. Setting Domain-Based User Account Properties
        1. 7.1.4.1. General Tab
        2. 7.1.4.2. Address Tab
        3. 7.1.4.3. Account Tab
        4. 7.1.4.4. Profile Tab
        5. 7.1.4.5. Telephones Tab
        6. 7.1.4.6. Organization Tab
        7. 7.1.4.7. Personal Virtual Desktop Tab
        8. 7.1.4.8. COM+ Tab
        9. 7.1.4.9. Attribute Editor Tab
        10. 7.1.4.10. Published Certificates Tab
        11. 7.1.4.11. Member Of Tab
        12. 7.1.4.12. Password Replication Tab
        13. 7.1.4.13. Object Tab
        14. 7.1.4.14. Security Tab
        15. 7.1.4.15. Editing Many User Accounts at Once
        16. 7.1.4.16. Managing Domain-Based User Properties at the Command Line
    2. 7.2. Group Management
      1. 7.2.1. Local Groups
        1. 7.2.1.1. Creating a Group
        2. 7.2.1.2. Creating a Group at the Command Line
        3. 7.2.1.3. Adding a User to Group
        4. 7.2.1.4. Removing a User
      2. 7.2.2. Active Directory Groups
        1. 7.2.2.1. Creating Active Directory Groups
        2. 7.2.2.2. Creating a Group at the Command Line
    3. 7.3. Monday-Morning Admin Tasks
      1. 7.3.1. Forgotten Passwords
      2. 7.3.2. Locked-Out Users
        1. 7.3.2.1. Two Simple Lock-Out Scenarios
    4. 7.4. What's New in Windows Server 2008 R2 for User and Group Management
      1. 7.4.1. Active Directory Administrative Center
        1. 7.4.1.1. ADAC Essentials
        2. 7.4.1.2. Navigating ADAC
      2. 7.4.2. Active Directory Module for Windows PowerShell
        1. 7.4.2.1. Creating Users
        2. 7.4.2.2. Setting Passwords
        3. 7.4.2.3. Creating Many Users at Once
        4. 7.4.2.4. Unlocking a User Account
        5. 7.4.2.5. Enabling an Account
        6. 7.4.2.6. Disabling an Account
        7. 7.4.2.7. Removing a Group
    5. 7.5. The Bottom Line
  12. 8. Group Policy: AD's Gauntlet
    1. 8.1. Group Policy Concepts
      1. 8.1.1. Policies Are "All or Nothing"
      2. 8.1.2. Policies Are Inherited and Cumulative
      3. 8.1.3. Group Policy Power! Refresh Intervals
    2. 8.2. Local Policies and Group Policy Objects
      1. 8.2.1. Administrators or Non-Administrators LGPO
      2. 8.2.2. User-Specific LGPO
    3. 8.3. Creating GPOs
    4. 8.4. Group Policy Basics
      1. 8.4.1. Replication of Group Policy Is Built In
      2. 8.4.2. GPOs Undo Themselves When Removed
      3. 8.4.3. You Needn't Log On to Apply GPO Settings
    5. 8.5. Modifying Group Policy Default Behavior
      1. 8.5.1. Group Policy Policies
      2. 8.5.2. Group Policy over Slow Links
    6. 8.6. Group Policy Application
      1. 8.6.1. How Group Policy Is Applied
        1. 8.6.1.1. Policies Execute from the Bottom Up in the GUI
        2. 8.6.1.2. Group Policy Application Order
      2. 8.6.2. Filtering Group Policy with Access Control Lists
      3. 8.6.3. Using WMI Filters with Group Policy
      4. 8.6.4. Enforcing and Blocking Inheritance
      5. 8.6.5. Group Policy Example: Forcing Complex Passwords
    7. 8.7. Group Policy Setting Possibilities
      1. 8.7.1. Decrypting User and Computer Configuration Settings
        1. 8.7.1.1. Specify Scripts with Group Policy
        2. 8.7.1.2. Folder Redirection
        3. 8.7.1.3. Security Settings
          1. 8.7.1.3.1. Leveraging Security Templates
          2. 8.7.1.3.2. What Templates Can Do
          3. 8.7.1.3.3. Working with Templates
          4. 8.7.1.3.4. Creating a Security Database
          5. 8.7.1.3.5. Using Domain-Based Group Policies to Apply Templates
          6. 8.7.1.3.6. Importing Security Templates
        4. 8.7.1.4. Legacy Administrative Templates (ADMs)
        5. 8.7.1.5. New Administrative Templates (ADMX/ADML)
          1. 8.7.1.5.1. Restricting Internet Explorer
          2. 8.7.1.5.2. Prevent Users from Installing or Running Unauthorized Software
          3. 8.7.1.5.3. Configure Time Servers and Clients Using Administrative Templates
      2. 8.7.2. Using Group Policy to Set Password and Account Lockout Policy
      3. 8.7.3. Group Policy Preferences
        1. 8.7.3.1. GPP Settings
        2. 8.7.3.2. Item-Level Targeting
    8. 8.8. The New and Improved GPMC
      1. 8.8.1. Starter GPOs
      2. 8.8.2. Backing Up and Restoring GPOs
      3. 8.8.3. Delegating Group Policy Administration
    9. 8.9. Troubleshooting Group Policies
      1. 8.9.1. The Resultant Set of Policy (RSOP) Tool
      2. 8.9.2. Group Policy Results Using the GPMC
      3. 8.9.3. Group Policy Modeling Using the GPMC
      4. 8.9.4. gpresult
      5. 8.9.5. gpotool
      6. 8.9.6. Using Event Viewer
      7. 8.9.7. Troubleshooting 101: Keep It Simple
    10. 8.10. A Closing Thought or Two on Group Policy
    11. 8.11. The Bottom Line
  13. 9. Active Directory Delegation
    1. 9.1. AD Delegation vs. NT Domains
    2. 9.2. Delegating Control Using Organizational Units
      1. 9.2.1. Creating a New Organizational Unit
      2. 9.2.2. Moving User Accounts into an OU
      3. 9.2.3. Creating a MktPswAdm Group
      4. 9.2.4. Delegating the Marketing OU's Password Reset Control to MktPswAdm
    3. 9.3. Advanced Delegation: Manually Setting Permissions
    4. 9.4. Finding Out Which Delegations Have Been Set, or Undelegating
    5. 9.5. The Bottom Line
  14. 10. Files, Folders, and Shares
    1. 10.1. Understanding the File Services Role
      1. 10.1.1. Adding Role Services
      2. 10.1.2. Adding the File Services Role
    2. 10.2. Creating Shares
      1. 10.2.1. Creating Shares with Server Manager
      2. 10.2.2. Creating Shares on Remote Computers Using Server Manager
      3. 10.2.3. Publishing Shares in Active Directory
    3. 10.3. Managing Permissions
      1. 10.3.1. NTFS Permissions
      2. 10.3.2. Share Permissions
      3. 10.3.3. Share and NTFS Permission Similarities
        1. 10.3.3.1. Assigning Allow or Deny
        2. 10.3.3.2. Cumulative Permissions
        3. 10.3.3.3. Deny Takes Precedence
        4. 10.3.3.4. Implicit Deny
      4. 10.3.4. Modifying Share and NTFS Permissions
      5. 10.3.5. Combining Share and NTFS Permissions
    4. 10.4. Connecting to Shares
      1. 10.4.1. "A Set of Credentials Conflicts"
      2. 10.4.2. Using net use on a WAN
      3. 10.4.3. Common Shares
    5. 10.5. File Server Resource Manager
      1. 10.5.1. Creating Quota Policies
        1. 10.5.1.1. Quota Templates
          1. 10.5.1.1.1. E-mail Message Tab
          2. 10.5.1.1.2. Event Log Tab
          3. 10.5.1.1.3. Report Tab
        2. 10.5.1.2. Creating a Quota
      2. 10.5.2. Creating File Screen Policies
      3. 10.5.3. Generating Reports
      4. 10.5.4. File Server Resource Manager Options
    6. 10.6. Understanding SMB 2.0
      1. 10.6.1. Compatibility with SMB 1.0
      2. 10.6.2. SMB 2.0 Security
    7. 10.7. Implementing BitLocker
      1. 10.7.1. Hardware Requirements
        1. 10.7.1.1. Recovery Key
      2. 10.7.2. Enabling BitLocker
    8. 10.8. Using Offline Files/Client-Side Caching
      1. 10.8.1. How Offline Files Works
      2. 10.8.2. BranchCache
      3. 10.8.3. Enabling Offline Files on the Server
    9. 10.9. The Bottom Line
  15. 11. Creating and Managing Shared Folders
    1. 11.1. Creating Shared Folders
      1. 11.1.1. Creating Shares from Explorer
      2. 11.1.2. Remotely Creating Shares with the Computer Management Console
    2. 11.2. Managing Permissions
      1. 11.2.1. Creating Share Permissions
        1. 11.2.1.1. Defining Share Permissions
        2. 11.2.1.2. Understanding Allow and Deny
      2. 11.2.2. Understanding File and Directory Permissions
        1. 11.2.2.1. Permission Types
        2. 11.2.2.2. Atomic Permissions
        3. 11.2.2.3. Molecular Permissions
        4. 11.2.2.4. Inherited Permissions
        5. 11.2.2.5. Assigning File and Directory Permissions
          1. 11.2.2.5.1. Removing a Group or User
          2. 11.2.2.5.2. Using the Detailed Interface to Get the Whole Story
        6. 11.2.2.6. Conflicting Permissions
        7. 11.2.2.7. Multiple Permissions
        8. 11.2.2.8. Deny Permissions
        9. 11.2.2.9. Effective Permissions
        10. 11.2.2.10. Ownership
    3. 11.3. Working with Hidden Shares
    4. 11.4. Exploring the Distributed File System
      1. 11.4.1. Understanding DFS Terminology
      2. 11.4.2. Choosing Stand-Alone vs. Domain-Based DFS
      3. 11.4.3. Creating a DFS Root
      4. 11.4.4. Adding Links to a DFS Root
      5. 11.4.5. Configuring DFS Replications
      6. 11.4.6. Understanding DFS Replication
      7. 11.4.7. Managing DFS Replication
        1. 11.4.7.1. Editing Replication Schedules and Bandwidth
        2. 11.4.7.2. Enabling or Disabling Replication
        3. 11.4.7.3. Enabling or Disabling Replication on a Specific Member
        4. 11.4.7.4. Sharing or Publishing a Replicated Folder
        5. 11.4.7.5. Practical Uses
          1. 11.4.7.5.1. Consolidated Enterprise Resources
          2. 11.4.7.5.2. Life-Cycle Management
    5. 11.5. Exploring the Network File System
    6. 11.6. The Bottom Line
  16. 12. SYSVOL: Old and New
    1. 12.1. The Old: File Replication Service
      1. 12.1.1. File System Junctions
      2. 12.1.2. Understanding File Replication Service
        1. 12.1.2.1. Benefits of Replicating with FRS
        2. 12.1.2.2. FRS Requirements and Dependencies
      3. 12.1.3. How FRS Works with SYSVOL
        1. 12.1.3.1. Prestaging Domain Controllers with FRS
        2. 12.1.3.2. How Files and Folders Are Replicated
        3. 12.1.3.3. Scheduling Replication
    2. 12.2. The New: Distributed File System Replication
      1. 12.2.1. Understanding DFSR
      2. 12.2.2. Migrating to DFSR
        1. 12.2.2.1. Migration States
          1. 12.2.2.1.1. Stable States
          2. 12.2.2.1.2. Transition States
        2. 12.2.2.2. How Does State Migration Work?
        3. 12.2.2.3. Migrating to the Prepared State
          1. 12.2.2.3.1. Verifying Active Directory
          2. 12.2.2.3.2. Raising the Domain Functional Level
          3. 12.2.2.3.3. Performing the Migration
        4. 12.2.2.4. Migrating to the Redirected State
        5. 12.2.2.5. Migrating to the Eliminated State
    3. 12.3. The Bottom Line
  17. 13. Sharing Printers on Windows Server 2008 R2 Networks
    1. 13.1. Print Services Overview
      1. 13.1.1. The Print Spooler
      2. 13.1.2. The Printer Driver
        1. 13.1.2.1. XML Paper Specification (XPS)
        2. 13.1.2.2. XPSDrv: The New Printer Driver Model
        3. 13.1.2.3. The Graphics Device Interface
    2. 13.2. Installing the Print and Document Services Role
      1. 13.2.1. Adding the Print and Document Services Role
      2. 13.2.2. Working in the Print Management Console
        1. 13.2.2.1. Adding New Printers
        2. 13.2.2.2. Deleting a Printer
        3. 13.2.2.3. Automatically Detecting Network Printers
        4. 13.2.2.4. Manually Installing New Printers
        5. 13.2.2.5. Configuring and Viewing Settings and Resources
          1. 13.2.2.5.1. Managing Printer Drivers
          2. 13.2.2.5.2. Changing Printer Driver Views
          3. 13.2.2.5.3. Installing New Printer Drivers
          4. 13.2.2.5.4. Viewing and Editing Port Settings
          5. 13.2.2.5.5. Viewing Forms
      3. 13.2.3. Adding the Print Services Role to Server Core
        1. 13.2.3.1. The Printer User Interface Command: PrintUI
        2. 13.2.3.2. Server Core Printer Scripts
          1. 13.2.3.2.1. Using the Printer Manager Script (prnmngr.vbs)
          2. 13.2.3.2.2. Using the Printer Configuration Script (prncnfg.vbs)
          3. 13.2.3.2.3. Using the Printer Jobs Script (prnjobs.vbs)
          4. 13.2.3.2.4. Using the Printer Driver Script (prndrvr.vbs)
          5. 13.2.3.2.5. Using the Printer Ports Script (prnport.vbs)
          6. 13.2.3.2.6. Using the Printer Queue Script (prnqctl.vbs)
          7. 13.2.3.2.7. Using the Publish Printers Script (pubprn.vbs)
    3. 13.3. Deploying Printers to the Masses
      1. 13.3.1. Adding a Printer to a Client Manually
      2. 13.3.2. Adding a Printer Using Active Directory Search
        1. 13.3.2.1.
          1. 13.3.2.1.1. Feature Searches
          2. 13.3.2.1.2. Advanced Searches
      3. 13.3.3. Deploying Printers via GPO
      4. 13.3.4. Viewing Deployed Printers
    4. 13.4. Adjusting Print Server Settings
      1. 13.4.1. Server Properties
        1. 13.4.1.1. Choosing Form Settings
        2. 13.4.1.2. Configuring Server Port Settings
        3. 13.4.1.3. Adding or Updating the Printer Driver on a Print Server
        4. 13.4.1.4. Managing Print Security
        5. 13.4.1.5. Viewing the Server Advanced Properties
      2. 13.4.2. Printer Migration
    5. 13.5. Managing Printer Properties
      1. 13.5.1. Printer Properties Sharing Tab
      2. 13.5.2. Printer Properties Ports Tab
      3. 13.5.3. Printer Properties Security Tab
        1. 13.5.3.1. Using Printer Permissions to Restrict Access
        2. 13.5.3.2. Using Printer Permissions for Delegation
        3. 13.5.3.3. Auditing Printer Access
      4. 13.5.4. Printer Properties Advanced Tab
        1. 13.5.4.1. Setting Available Hours
          1. 13.5.4.1.1. Creating a Second Printer for a Single Print Device
          2. 13.5.4.1.2. Modifying the New Printer
        2. 13.5.4.2. Setting Printer Priorities
        3. 13.5.4.3. Configuring Spooler Settings
        4. 13.5.4.4. Miscellaneous Spooling Settings
        5. 13.5.4.5. Using Separator Pages
        6. 13.5.4.6. Choosing a Separator Page
        7. 13.5.4.7. Creating a New Separator Page
    6. 13.6. Managing Print Jobs
    7. 13.7. Using Custom Filters
    8. 13.8. Troubleshooting Printer Problems
      1. 13.8.1. Basic Troubleshooting: Identifying the Situation
        1. 13.8.1.1. No One Can Print
        2. 13.8.1.2. Some People Can't Print
        3. 13.8.1.3. One Person Can't Print
      2. 13.8.2. Restarting the Spooler Service
      3. 13.8.3. Isolating Printer Drivers
    9. 13.9. The Bottom Line
  18. 14. Remote Server Administration
    1. 14.1. Remote Desktop for Administration
      1. 14.1.1. Configuring the Server for Remote Desktop
      2. 14.1.2. Using Remote Desktop Connection
        1. 14.1.2.1. RDC General Tab
        2. 14.1.2.2. RDC Display Tab
        3. 14.1.2.3. RDC Local Resources Tab
        4. 14.1.2.4. RDC Programs Tab
        5. 14.1.2.5. RDC Experience Tab
        6. 14.1.2.6. RDC Advanced Tab
        7. 14.1.2.7. MSTSC
        8. 14.1.2.8. Connection Limitations
        9. 14.1.2.9. Configuring Session Properties
        10. 14.1.2.10. Using Group Policy to Control Session Time Limits
      3. 14.1.3. Remote Desktop Gateway
        1. 14.1.3.1. Remote Desktop Connection Client
        2. 14.1.3.2. RD Gateway–Required Services and Features
        3. 14.1.3.3. RD Gateway–Required Policies
        4. 14.1.3.4. Enabling Remote Desktop Gateway
      4. 14.1.4. Remote Desktops
      5. 14.1.5. Configuring a Server for Remote Assistance
        1. 14.1.5.1. Sending a Remote Assistance Request
        2. 14.1.5.2. Responding to a Remote Assistance Request
    2. 14.2. Windows Remote Management Service
      1. 14.2.1. Enabling WinRM
      2. 14.2.2. Using WinRS
        1. 14.2.2.1. Issuing WMIC Commands with WinRS
        2. 14.2.2.2. Issuing PowerShell Commands with WinRS
    3. 14.3. Remote Server Administration Tools
      1. 14.3.1. RSAT Compatibility Issues
      2. 14.3.2. RSAT Tools
      3. 14.3.3. Installing RSAT
    4. 14.4. The Bottom Line
  19. 15. Connecting Windows Clients to the Server
    1. 15.1. What to Know Before You Begin
      1. 15.1.1. Understanding Client-Side Software Requirements
      2. 15.1.2. Domain Accounts and Local Accounts
    2. 15.2. Verifying Your Network Configuration
      1. 15.2.1. Verifying Local Area Connection Settings
      2. 15.2.2. Test Network Connectivity with the ping Command
      3. 15.2.3. Verifying and Setting Local Area Connection Information Using the GUI
        1. 15.2.3.1. Local Area Connections in Windows 7
        2. 15.2.3.2. Manually Configuring Local Area Connection Settings in Windows 7
        3. 15.2.3.3. Local Area Connections in Windows Vista
        4. 15.2.3.4. Manually Configuring Local Area Connection Settings in Windows Vista
        5. 15.2.3.5. Local Area Connections in Windows XP
        6. 15.2.3.6. Manually Configuring Local Area Connection Settings in Windows XP
        7. 15.2.3.7. Local Area Connections in Windows 2000
    3. 15.3. Joining the Domain
      1. 15.3.1. Joining a Domain from Windows 7
        1. 15.3.1.1. Joining the Domain While Online
        2. 15.3.1.2. Joining the Domain While Offline with djoin.exe
          1. 15.3.1.2.1. djoin Requirements
          2. 15.3.1.2.2. Adding the Computer to the Domain While Offline
      2. 15.3.2. Joining a Domain from Windows Vista
      3. 15.3.3. Joining a Domain from Windows XP
      4. 15.3.4. Joining a Domain from Windows 2000 Professional
    4. 15.4. Changing Domain User Passwords
      1. 15.4.1. Changing Domain Passwords from Windows 7 and Windows Vista
        1. 15.4.1.1. Changing Passwords at First Logon
        2. 15.4.1.2. Changing Passwords on Demand
      2. 15.4.2. Changing Domain Passwords from Windows XP and Windows 2000 Professional
        1. 15.4.2.1. Changing Passwords at First Logon
        2. 15.4.2.2. Changing Passwords on Demand
    5. 15.5. Connecting to Network Resources
      1. 15.5.1. Connecting to Network Resources from Windows 7 and Windows Vista
        1. 15.5.1.1. Searching Active Directory
        2. 15.5.1.2. Adding a Network Printer
          1. 15.5.1.2.1. Finding a Printer in Active Directory
          2. 15.5.1.2.2. Adding a Network Printer from the Command Line
          3. 15.5.1.2.3. Adding a Network Printer Using the Network Applet
        3. 15.5.1.3. Mapping a Drive to a Shared Folder
        4. 15.5.1.4. Creating a Network Folder
      2. 15.5.2. Connecting to Network Resources from Windows XP
        1. 15.5.2.1. Searching Active Directory
        2. 15.5.2.2. Adding a Network Printer
          1. 15.5.2.2.1. Finding a Printer in Active Directory
          2. 15.5.2.2.2. Adding a Network Printer from the Command Line
          3. 15.5.2.2.3. Adding a Network Printer Using the Printers and Faxes Applets
        3. 15.5.2.3. Mapping a Drive to a Shared Folder
        4. 15.5.2.4. Adding Network Location Shortcuts
      3. 15.5.3. Connecting to Network Resources from Windows 2000
    6. 15.6. The Bottom Line
  20. 16. Working the Web with IIS 7.0 and 7.5
    1. 16.1. Creating Simple Websites
      1. 16.1.1. A Sum of Pages
        1. 16.1.1.1. Writing a Simple Web Page
        2. 16.1.1.2. Saving a Simple Web Page
        3. 16.1.1.3. Delivering a Simple Web Page
      2. 16.1.2. Lively Web Pages
        1. 16.1.2.1. Web Applications
        2. 16.1.2.2. Dynamic Concerns
    2. 16.2. What's So Different About IIS 7.0 and 7.5?
    3. 16.3. Introducing IIS 7 Modules
      1. 16.3.1. What's Included?
      2. 16.3.2. Feature Delegation
    4. 16.4. Installing IIS 7
      1. 16.4.1. Adding the Web Server Role
      2. 16.4.2. Installing IIS 7 via the Command Line
      3. 16.4.3. Installing IIS 7 on Server Core
      4. 16.4.4. Renovating IIS Construction
        1. 16.4.4.1. Registering Native Modules Using IIS Manager
        2. 16.4.4.2. Module Management via the Command Line Interface (CLI)
        3. 16.4.4.3. Configuring Modules at the Site Level
    5. 16.5. Website Provisioning
      1. 16.5.1. Understanding Global Settings
      2. 16.5.2. Creating a Simple Website
        1. 16.5.2.1. Site Setup via IIS Manager
        2. 16.5.2.2. Creating a Site at the Command Line
      3. 16.5.3. Configuring Site Settings
    6. 16.6. Hosting Multiple Websites
      1. 16.6.1. Deploying Sites
      2. 16.6.2. Site Uniqueness
      3. 16.6.3. Setting Up an Anonymous Account
      4. 16.6.4. Delegating Administration
    7. 16.7. Integrating SMTP into IIS 7 Web Pages
      1. 16.7.1. Getting Started
      2. 16.7.2. Adding the SMTP Server Feature
      3. 16.7.3. Setting Up an SMTP Server
        1. 16.7.3.1. Virtual Servers and Domains
        2. 16.7.3.2. Authentication
      4. 16.7.4. Adding the SMTP E-mail Feature to an IIS 7 Website
    8. 16.8. Integrating FTP into IIS 7 Web Pages
      1. 16.8.1. The FTP7 File Transfer Publishing Service
      2. 16.8.2. Adding FTP to an IIS 7 Website
    9. 16.9. Advanced Administration
      1. 16.9.1. Using Web Management Services
      2. 16.9.2. Connecting, Securing, Auditing
        1. 16.9.2.1. Authentication
        2. 16.9.2.2. Permissions
        3. 16.9.2.3. Code Access Security
        4. 16.9.2.4. Invoking SSL
      3. 16.9.3. Windows System Resource Manager
      4. 16.9.4. Backing Up and Restoring Data
    10. 16.10. The Bottom Line
  21. 17. Watching Your System
    1. 17.1. Monitoring Your System with Event Viewer
      1. 17.1.1. Viewing an Event
      2. 17.1.2. Understanding Event Levels
      3. 17.1.3. Creating and Using Custom Views
        1. 17.1.3.1. Viewing the Properties of a Custom View
        2. 17.1.3.2. Creating a Copy of a Custom View
        3. 17.1.3.3. Creating a Custom View
        4. 17.1.3.4. Filtering a Custom View
        5. 17.1.3.5. Exporting and Importing Custom Views
      4. 17.1.4. Modifying the Displayed Columns in the Event Viewer
      5. 17.1.5. Understanding Windows Logs
      6. 17.1.6. Understanding Applications and Services Logs
      7. 17.1.7. Configuring Event Log Properties
        1. 17.1.7.1. Saving a Log File
        2. 17.1.7.2. Displaying a Saved Log File
      8. 17.1.8. Attaching Tasks to Events
      9. 17.1.9. Viewing Events on Server Core
        1. 17.1.9.1. List Logs
        2. 17.1.9.2. Get Log Information
        3. 17.1.9.3. Set Log Information
        4. 17.1.9.4. Query Events
        5. 17.1.9.5. Export Log
        6. 17.1.9.6. Clear Log
    2. 17.2. Subscribing to Event Logs
      1. 17.2.1. Understanding Subscription Types
        1. 17.2.1.1. Collector-Initiated Subscriptions
        2. 17.2.1.2. Source Computer–Initiated Subscriptions
      2. 17.2.2. Selecting Events
      3. 17.2.3. Setting Advanced Options
        1. 17.2.3.1. Configuring User Accounts
        2. 17.2.3.2. Optimizing Event Delivery
      4. 17.2.4. Understanding Event Subscription Protocols
      5. 17.2.5. Configuring Event Subscriptions
        1. 17.2.5.1. Enabling Required Services
        2. 17.2.5.2. Configuring the Computers
        3. 17.2.5.3. Creating a Collector-Initiated Subscription
    3. 17.3. Troubleshooting Event Forwarding
      1. 17.3.1. Checking the Runtime Status
      2. 17.3.2. Using the Windows Event Collector Utility
    4. 17.4. Monitoring Performance
      1. 17.4.1. Using Monitoring Tools
        1. 17.4.1.1. Performance Monitor
        2. 17.4.1.2. Resource Monitor
        3. 17.4.1.3. Viewing System Reliability
      2. 17.4.2. Using Data Collector Sets
        1. 17.4.2.1. System Data Collector Sets
        2. 17.4.2.2. User-Defined Data Collector Sets
        3. 17.4.2.3. Report Maintenance
    5. 17.5. The Bottom Line
  22. 18. Windows Server 2008 R2 and Active Directory Backup and Maintenance
    1. 18.1. Backing Up and Restoring Windows Server
      1. 18.1.1. Backing Up and Restoring a Full Server
        1. 18.1.1.1. Performing a Full Server Backup
        2. 18.1.1.2. Performing a Full Server Backup from the Command Line
        3. 18.1.1.3. Performing a Full Server Restore
        4. 18.1.1.4. Recovering the System State
      2. 18.1.2. Backing Up and Restoring Files and Folders
        1. 18.1.2.1. Performing a Manual Backup of Files and Folders
        2. 18.1.2.2. Recovering a Folder from a Backup
    2. 18.2. Stopping and Restarting Active Directory
      1. 18.2.1. Stopping and Starting AD DS
      2. 18.2.2. Defragmenting Active Directory Offline
        1. 18.2.2.1. Performing Offline Defragmentation of Ntds.dit
      3. 18.2.3. Checking the Integrity of an Active Directory Database
        1. 18.2.3.1. Performing an Integrity Check of Ntds.dit
        2. 18.2.3.2. Using Semantic Database Analysis
    3. 18.3. Capturing Active Directory Snapshots
      1. 18.3.1. Creating an Active Directory Snapshot
      2. 18.3.2. Mounting an Active Directory Snapshot
      3. 18.3.3. Working with Mounted Active Directory Snapshots
        1. 18.3.3.1. Using Dsamain.exe
    4. 18.4. Backing Up and Restoring Active Directory
      1. 18.4.1. Recovering Active Directory Objects
        1. 18.4.1.1. Enabling the Active Directory Recycle Bin Using Windows PowerShell
        2. 18.4.1.2. Enabling the Active Directory Recycle Bin Using Ldp.exe
      2. 18.4.2. Creating an Active Directory Backup
      3. 18.4.3. Restoring an Active Directory Backup
      4. 18.4.4. Performing an Authoritative Restore
    5. 18.5. The Bottom Line
  23. 19. Advanced IP: Routing with Windows
    1. 19.1. The Life of an IP Packet
      1. 19.1.1. First, the Simple Case: No Routing Required
        1. 19.1.1.1. IPv4: Address Resolution Protocol
        2. 19.1.1.2. IPv6: Neighbor Discovery
        3. 19.1.1.3. Finally, You Can Send the Packet!
      2. 19.1.2. Now the Hard Case: With Routing
        1. 19.1.2.1. Every Host Is a Little Bit Router
        2. 19.1.2.2. How Is the Routing Table Used?
    2. 19.2. From Classes to Classless
      1. 19.2.1. In the Beginning Was the Class
      2. 19.2.2. Unusable Host Addresses
      3. 19.2.3. All Y'all
      4. 19.2.4. Broadcast Gets Narrower: The First Unroutable Addresses
      5. 19.2.5. Routing the Unroutable Part I: Private Addresses
        1. 19.2.5.1. Subnetting and Supernetting
        2. 19.2.5.2. Subnetting by RFC or by Reality
        3. 19.2.5.3. Classless Inter-Domain Routing (CIDR): The Internet Loses Its Class
        4. 19.2.5.4. Routing TCP: NAPT and PAT
          1. 19.2.5.4.1. Why TCP: What Doesn't IP Have?
    3. 19.3. Sockets, Ports, and Winsock
      1. 19.3.1. Winsock: Why We Can All Use the Internet
      2. 19.3.2. Routing the Unroutable Part II: NAPT and PAT
        1. 19.3.2.1. NAPT's Unintended Consequences Part I: An Accidental Firewall
        2. 19.3.2.2. NAPT's Unintended Consequences Part II: App Killer
      3. 19.3.3. Routing the Unroutable Part III: Application Layer Gateways
      4. 19.3.4. Installing a NAT
        1. 19.3.4.1. Creating a Router
        2. 19.3.4.2. Tunneling: Nearly Routing
        3. 19.3.4.3. Cheat Tunneling with portproxy
    4. 19.4. Testing and Troubleshooting
      1. 19.4.1. Using the Application Itself
      2. 19.4.2. Pinging a Remote Computer with ping
      3. 19.4.3. Pinging a Remote Computer with traceroute
      4. 19.4.4. Checking Your Configuration with ipconfig
      5. 19.4.5. Showing Routing and Neighbors
      6. 19.4.6. Using Network Monitor
        1. 19.4.6.1. Which Card Do You Monitor?
    5. 19.5. The Bottom Line
  24. 20. Getting from the Office to the Road: VPNs
    1. 20.1. Introducing VPNs
      1. 20.1.1. The Many Names of VPN Servers
      2. 20.1.2. Gateway-to-Gateway VPN
    2. 20.2. Understanding the Tunneling Protocols
      1. 20.2.1. Layer 2 Tunneling Protocol
      2. 20.2.2. Secure Socket Tunneling Protocol
      3. 20.2.3. Internet Key Exchange Version 2
    3. 20.3. Using Network Policy and Access Services Role
      1. 20.3.1. Routing and Remote Access
      2. 20.3.2. Adding the Network Policy and Access Services Role
      3. 20.3.3. Configuring Routing and Remote Access
      4. 20.3.4. Configuring Policies
        1. 20.3.4.1. Policy Conditions and Policy Order
          1. 20.3.4.1.1. Understanding Policy Order
          2. 20.3.4.1.2. Employing the Groups Condition
          3. 20.3.4.1.3. The Host Credential Authorization Protocol
          4. 20.3.4.1.4. Day and Time Restrictions
          5. 20.3.4.1.5. Connection Properties
          6. 20.3.4.1.6. RADIUS Client Properties
          7. 20.3.4.1.7. Configuring a Gateway
        2. 20.3.4.2. Setting Policy Permissions
        3. 20.3.4.3. Configuring Policy Constraints
        4. 20.3.4.4. Configuring Policy Settings
          1. 20.3.4.4.1. Multilink and Bandwidth Allocation Protocol
          2. 20.3.4.4.2. IP Filters
          3. 20.3.4.4.3. Encryption Settings
          4. 20.3.4.4.4. IP Settings
        5. 20.3.4.5. Creating a Network Policy
        6. 20.3.4.6. Configuring and Connecting with a VPN Client
        7. 20.3.4.7. Adding a Certificate
          1. 20.3.4.7.1. Step 1: Install Active Directory Certificate Services
          2. 20.3.4.7.2. Step 2: Create the Server Authentication Certificate
          3. 20.3.4.7.3. Step 3: Request and Install the Server Authentication Certificate
          4. 20.3.4.7.4. Step 4: Install the Computer Certificate on the VPN Server
          5. 20.3.4.7.5. Step 5: Install the CA Certificate on the Client
          6. 20.3.4.7.6. Step 6: Reconfigure RRAS for Secure Connection
          7. 20.3.4.7.7. Step 7: Connect with a Secure Connection
      5. 20.3.5. Authenticating VPN Clients
      6. 20.3.6. Configuring Accounting
      7. 20.3.7. Exploring Routing and Remote Access
        1. 20.3.7.1. Configuring Server Properties
          1. 20.3.7.1.1. Server Properties General Tab
          2. 20.3.7.1.2. Server Properties Security Tab
          3. 20.3.7.1.3. Server Properties IPv4 Tab
          4. 20.3.7.1.4. Server Properties IPv6 Tab
          5. 20.3.7.1.5. Server Properties IKEv2 Tab
          6. 20.3.7.1.6. Server Properties PPP Tab
          7. 20.3.7.1.7. Server Properties Logging Tab
        2. 20.3.7.2. Monitoring Remote Access Clients
        3. 20.3.7.3. Configuring Ports
    4. 20.4. Protecting VPNs with IP Security (IPSec)
      1. 20.4.1. Understanding IPSec: The Four Security Options
        1. 20.4.1.1. Block Transmission
        2. 20.4.1.2. Encrypt Transmission
        3. 20.4.1.3. Sign Transmission
        4. 20.4.1.4. Permit Transmission
      2. 20.4.2. Understanding IPSec Filters
      3. 20.4.3. IPSec Rules = IPSec Actions + IPSec Filters
      4. 20.4.4. Signing and Encrypting Need One More Piece: Authentication
      5. 20.4.5. How IPSec Works in Windows
        1. 20.4.5.1. Default IPSec Policies
        2. 20.4.5.2. Creating a Custom IPSec Policy
          1. 20.4.5.2.1. Define a Filter
          2. 20.4.5.2.2. Define an Action
          3. 20.4.5.2.3. Build an IPSec Rule
      6. 20.4.6. Using IPSec to Protect Systems Through Packet Filtering
        1. 20.4.6.1. Formulating the Rules
        2. 20.4.6.2. Building the Rules
          1. 20.4.6.2.1. Building Rule 1
          2. 20.4.6.2.2. Building Rule 2
          3. 20.4.6.2.3. Building Rules 3 and 4
      7. 20.4.7. A Few Final Thoughts About IPSec
    5. 20.5. The Bottom Line
  25. 21. Adding More Locations: Sites in Active Directory
    1. 21.1. Mastering Site Concepts
      1. 21.1.1. Sites and Replication
      2. 21.1.2. Understanding Site Terminology
    2. 21.2. Exploring Sites
      1. 21.2.1. How Sites Work
      2. 21.2.2. Renaming Default-First-Site-Name
      3. 21.2.3. Defining a Site
      4. 21.2.4. Deciding on DCs in Remote Locations
        1. 21.2.4.1. DC and DNS
        2. 21.2.4.2. Cached Credentials
        3. 21.2.4.3. Cached Credentials and the GC
        4. 21.2.4.4. GC or Universal Group Membership Caching
      5. 21.2.5. Defining a Subnet and Placing It in a Site
      6. 21.2.6. Placing a Server in a Site
      7. 21.2.7. Adding Site Links
        1. 21.2.7.1. IP Site Link
        2. 21.2.7.2. SMTP Site Link
        3. 21.2.7.3. Creating Site Links
        4. 21.2.7.4. Site Link Properties
        5. 21.2.7.5. Calculating the Cost
    3. 21.3. Configuring Intersite Replication
      1. 21.3.1. Bridgehead Servers
        1. 21.3.1.1. Preferred Bridgehead Servers
      2. 21.3.2. Forcing Replication
    4. 21.4. Configuring Clients to Access the Next Closest Site
      1. 21.4.1. Configuring Next Closest Site with Group Policy
      2. 21.4.2. Configuring Next Closest Site Through the Registry
    5. 21.5. Using PowerShell
    6. 21.6. The Bottom Line
  26. 22. The Third DC: Understanding Read-Only Domain Controllers
    1. 22.1. Introducing RODCs
      1. 22.1.1. Making Changes on a Read-Only Domain Controller
      2. 22.1.2. RODC Contents
        1. 22.1.2.1. Password Replication Policy
        2. 22.1.2.2. Denied RODC Password Replication Group
        3. 22.1.2.3. Allowed RODC Password Replication Group
        4. 22.1.2.4. Delegating Administration for an RODC
      3. 22.1.3. RODC Requirements
        1. 22.1.3.1. Domain Functional Level
        2. 22.1.3.2. Forest Functional Levels
        3. 22.1.3.3. Running adprep
      4. 22.1.4. RODC and Server Applications
    2. 22.2. Installing the RODC
      1. 22.2.1. Installing RODC on Server Core
      2. 22.2.2. Viewing the RODC Properties
      3. 22.2.3. Modifying the Allowed List
      4. 22.2.4. Staged Installations
        1. 22.2.4.1. Using Installation Media
        2. 22.2.4.2. Prestaging the RODC Account
        3. 22.2.4.3. The Second Stage of Installing a Prestaged RODC
    3. 22.3. DNS on the RODC
      1. 22.3.1.
        1. 22.3.1.1. Active Directory Integrated DNS
        2. 22.3.1.2. Read-Only DNS
    4. 22.4. The Bottom Line
  27. 23. Creating Larger Active Directory Environments: Beyond One Domain
    1. 23.1. The Foundations of Multiple-Domain Designs
      1. 23.1.1. Domains
        1. 23.1.1.1. The Security Boundary
        2. 23.1.1.2. Multimaster Replication
      2. 23.1.2. Forests
      3. 23.1.3. Trees
        1. 23.1.3.1. Kerberos and Trusts
      4. 23.1.4. You Must Build Trees and Forests Together
        1. 23.1.4.1. You Can't Graft nor Prune
        2. 23.1.4.2. You Must Be an Enterprise Admin
    2. 23.2. Planning Your Active Directory Environment
      1. 23.2.1. Satisfying Political Needs
      2. 23.2.2. Connectivity and Replication Issues
      3. 23.2.3. Multiple Domains: When They Make Sense
      4. 23.2.4. The Case for an Empty Root
      5. 23.2.5. Active Directory Design Pointers
        1. 23.2.5.1. Examine Your WAN Topology
        2. 23.2.5.2. Lay Out Your Sites
        3. 23.2.5.3. Figure Out Which Existing Domains to Merge and Merge Them
        4. 23.2.5.4. What Needs an OU, and What Needs a Domain?
        5. 23.2.5.5. Develop Names for Your Domains/Trees
        6. 23.2.5.6. Get the DNS Infrastructure Ready
        7. 23.2.5.7. Overall AD Design Advice
    3. 23.3. Creating Multiple Domains
      1. 23.3.1. Naming Multidomain Structures
      2. 23.3.2. Preparing the DC for the Second Domain
      3. 23.3.3. Creating a Second Domain
    4. 23.4. Functional Levels
      1. 23.4.1. The Beginning of Functional Levels in Windows 2000
      2. 23.4.2. Domain Functional Levels
      3. 23.4.3. Forest Functional Levels
    5. 23.5. FSMOs and GCs
      1. 23.5.1. Multimaster vs. Single-Master Replication
      2. 23.5.2. But Not Everything Is Multimaster
      3. 23.5.3. Domain Naming: A FSMO Example
      4. 23.5.4. Why Administrators Must Know About FSMOs
      5. 23.5.5. Global Catalogs
      6. 23.5.6. FSMO Roles
      7. 23.5.7. Schema Master
        1. 23.5.7.1. Examining the Schema with the Schema Snap-In
        2. 23.5.7.2. The Schema and Your AD
        3. 23.5.7.3. Keeping Schema Changes Orderly
        4. 23.5.7.4. Planning for Schema Changes...and Conflicts
        5. 23.5.7.5. Global Catalog Replication and Changes in the Schema
          1. 23.5.7.5.1. Windows 2000
          2. 23.5.7.5.2. Windows Server 2003 and later
      8. 23.5.8. Domain Naming Master FSMO
      9. 23.5.9. RID Pool FSMO
      10. 23.5.10. Infrastructure Master
      11. 23.5.11. PDC Emulator FSMO
      12. 23.5.12. Transferring FSMO Roles
      13. 23.5.13. Time Sync
    6. 23.6. Trusts
      1. 23.6.1. Defining the Domain: "Trust"
      2. 23.6.2. Trust Relationships in More Detail
      3. 23.6.3. Trusts Have Direction
      4. 23.6.4. Some Trusts Are Transitive
      5. 23.6.5. Trusts Do Not Remove All Security
      6. 23.6.6. Trusts Involve Administrators from Both Sides
      7. 23.6.7. Four Kinds of Trusts
      8. 23.6.8. Understanding Transitive Forest Trusts
      9. 23.6.9. Manually Creating Trusts
        1. 23.6.9.1. Creating Trusts with the New Trust Wizard
        2. 23.6.9.2. Building Domain Trusts with netdom
    7. 23.7. The Bottom Line
  28. 24. Migrating, Merging, and Modifying Your Active Directory
    1. 24.1. Migration Strategies
      1. 24.1.1. Migrating with an In-Place Upgrade
        1. 24.1.1.1. Getting Ready for the Upgrade
        2. 24.1.1.2. How to Do an In-Place Upgrade from a 2003-Based AD
          1. 24.1.1.2.1. Prepping the Forest/Schema and Domain
          2. 24.1.1.2.2. Running Setup
      2. 24.1.2. Migrating with a Swing Migration
        1. 24.1.2.1. Prepping the Forest/Schema and Domain
        2. 24.1.2.2. Building a Windows Server 2008 R2 Member Server
        3. 24.1.2.3. Verifying DNS
        4. 24.1.2.4. Prepping the Source Domain Controller
        5. 24.1.2.5. Promoting the Member Server
        6. 24.1.2.6. Post-Migration Procedures
        7. 24.1.2.7. Repurposing Hardware
      3. 24.1.3. Migrating with a Clean and Pristine Migration
        1. 24.1.3.1. C&P Is Gradual
        2. 24.1.3.2. Handling Permissions with the New Domain
          1. 24.1.3.2.1. Re-ACLing the Server
          2. 24.1.3.2.2. Using SID Histories
    2. 24.2. Using Microsoft's Free Migration Tool: ADMT
      1. 24.2.1. An Example Migration Setup
      2. 24.2.2. Establishing the Trust
      3. 24.2.3. Getting Both Sides ADMT-Friendly
        1. 24.2.3.1. Putting a Domain Admin in Each Other's Administrators Groups
        2. 24.2.3.2. Turning On Auditing
        3. 24.2.3.3. Enabling Cryptographic Settings on the Target Domain
        4. 24.2.3.4. Installing ADMT and PES
          1. 24.2.3.4.1. Creating a Password Key on the Target
          2. 24.2.3.4.2. Moving Over the PES File
          3. 24.2.3.4.3. Installing the Password Migration DLL on the Source DC
        5. 24.2.3.5. A Little Housework on the Workstation
      4. 24.2.4. Starting Up ADMT and Migrating
        1. 24.2.4.1. GUI, Command Line, or VBScript
        2. 24.2.4.2. User and Group Migration with the ADMT Snap-In
        3. 24.2.4.3. Migrating with the Command Line
      5. 24.2.5. Testing the Migrated Group's Access to Resources
      6. 24.2.6. Translating Local Profiles
        1. 24.2.6.1. Translating Profiles with the ADMT Snap-In
      7. 24.2.7. Migrating Computer Accounts
      8. 24.2.8. Rollback Considerations
    3. 24.3. Renaming a Domain
      1. 24.3.1. Understanding the Requirements
      2. 24.3.2. Affecting Business Operations
      3. 24.3.3. Understanding the Business Risks
      4. 24.3.4. Performing the Domain Rename
        1. 24.3.4.1. Preparing for a Domain Rename
        2. 24.3.4.2. Doing the Rename
    4. 24.4. The Bottom Line
  29. 25. Installing, Using, and Administering Remote Desktop Services
    1. 25.1. Who Needs Remote Desktop Services?
      1. 25.1.1. Centralized Deployment of Applications
      2. 25.1.2. Supporting Remote Users
      3. 25.1.3. Supporting PC-Unfriendly Environments
      4. 25.1.4. Reducing Hardware Refreshes
      5. 25.1.5. Simplifying the User Interface
      6. 25.1.6. Providing Help-Desk Support
      7. 25.1.7. Deploying RDS RemoteApp
    2. 25.2. Understanding the Remote Desktop Services Processing Model
      1. 25.2.1. Son of Mainframe?
      2. 25.2.2. Anatomy of a Thin-Client Session
        1. 25.2.2.1. The RDS Server
          1. 25.2.2.1.1. Understanding Sessions
        2. 25.2.2.2. The Remote Desktop Protocol
          1. 25.2.2.2.1. How RDP Works
        3. 25.2.2.3. RDP Version 6.0 and Version 6.1
    3. 25.3. Server and Client Requirements
      1. 25.3.1. Server Hardware
        1. 25.3.1.1. Core Hardware Resources
        2. 25.3.1.2. Using the Performance Monitor
      2. 25.3.2. Client Hardware
        1. 25.3.2.1. Windows Terminals
        2. 25.3.2.2. PC Clients
        3. 25.3.2.3. Handheld PCs
    4. 25.4. Adding Remote Desktop Services
      1. 25.4.1. Required Role Services
      2. 25.4.2. Easy Print
      3. 25.4.3. Single Sign-On
      4. 25.4.4. Network Level Authentication
      5. 25.4.5. Licensing Mode
      6. 25.4.6. Remote Desktop Users Group
      7. 25.4.7. Adding the Remote Desktop Services Role
      8. 25.4.8. Adding Applications
      9. 25.4.9. Connecting to an RDS Session
      10. 25.4.10. Adding an RDS RemoteApp Application
        1. 25.4.10.1. Adding RemoteApp Programs
        2. 25.4.10.2. Adding an RDS Server to the TS Web Access Computers Group
        3. 25.4.10.3. Configuring the RDS Server to serve RD RemoteApp Applications
        4. 25.4.10.4. Adding an RDS Server as a RemoteApp Source
        5. 25.4.10.5. Launching a RemoteApp from Internet Explorer
        6. 25.4.10.6. Creating .rdp Files for RemoteApp Programs
        7. 25.4.10.7. Creating Windows Installer Packages for RemoteApp Programs
    5. 25.5. Monitoring Remote Desktop Services
      1. 25.5.1. Remote Desktop Services Manager
        1. 25.5.1.1. Users, Sessions, and Processes
        2. 25.5.1.2. Command-Line Tools
      2. 25.5.2. Remote Desktop Session Host Configuration
        1. 25.5.2.1. RDP-Tcp Connection
          1. 25.5.2.1.1. RDP-Tcp Properties General Tab
          2. 25.5.2.1.2. RDP-Tcp Properties Log On Settings Tab
          3. 25.5.2.1.3. RDP-Tcp Properties Sessions Tab
          4. 25.5.2.1.4. RDP-Tcp Properties Environment Tab
          5. 25.5.2.1.5. RDP-Tcp Properties Remote Control Tab
          6. 25.5.2.1.6. RDP-Tcp Properties Client Settings Tab
          7. 25.5.2.1.7. RDP-Tcp Properties Network Adapter Tab
          8. 25.5.2.1.8. RDP-Tcp Properties Security Tab
        2. 25.5.2.2. Edit Settings
          1. 25.5.2.2.1. General Tab
          2. 25.5.2.2.2. Licensing Tab
          3. 25.5.2.2.3. RD Connection Broker Tab
          4. 25.5.2.2.4. RD IP Virtualization Tab
        3. 25.5.2.3. Licensing Diagnosis
      3. 25.5.3. Remote Desktop Licensing Manager
    6. 25.6. The Bottom Line
  30. 26. Connecting Mac OS X Clients
    1. 26.1. Preparing Active Directory for Mac OS X Clients
    2. 26.2. Connecting a Mac to the Domain
    3. 26.3. Connecting to File Shares
    4. 26.4. Connecting to Printers
    5. 26.5. Using Remote Desktop from a Mac Client
    6. 26.6. Troubleshooting
    7. 26.7. The Bottom Line
  31. 27. Patch Management
    1. 27.1. The Four Phases of Patch Management
      1. 27.1.1. Phase 1: Assess
      2. 27.1.2. Phase 2: Identify
      3. 27.1.3. Phase 3: Evaluate and Plan
      4. 27.1.4. Phase 4: Deploy
    2. 27.2. Dissecting a Security Update
    3. 27.3. Digging into Windows Server Update Services
      1. 27.3.1. Features of WSUS 3.0
      2. 27.3.2. Software Requirements for WSUS Servers and Clients
      3. 27.3.3. Deployment Scenarios
      4. 27.3.4. Configuring Prerequisites for WSUS 3.0
      5. 27.3.5. Installing and Configuring WSUS 3.0
      6. 27.3.6. Pointing Your Clients to the WSUS Server
    4. 27.4. The Bottom Line
  32. 28. File Shares Made Even Better: Windows SharePoint Services 3.0
    1. 28.1. Overview of Windows SharePoint Services 3.0
      1. 28.1.1. How Does WSS Work?
      2. 28.1.2. Prerequisites
    2. 28.2. Installing WSSv3
      1. 28.2.1. Loading IIS 7.5
      2. 28.2.2. Loading the .NET Framework
      3. 28.2.3. Loading WSS 3.0
      4. 28.2.4. Configuring Products and Technologies
      5. 28.2.5. Introducing Central Administration
    3. 28.3. SharePoint Website Provisioning
      1. 28.3.1. Creating a Web Application
      2. 28.3.2. Creating a Site Collection
      3. 28.3.3. Adding Sites to a Site Collection
    4. 28.4. Creating SharePoint Document Libraries
      1. 28.4.1. Creating a Document Library
      2. 28.4.2. Populating a Document Library
        1. 28.4.2.1. Creating New Documents
        2. 28.4.2.2. Uploading Documents
    5. 28.5. Managing SharePoint Documents
      1. 28.5.1. Document Metadata
        1. 28.5.1.1. Creating Library-centric Columns
        2. 28.5.1.2. Creating Site Columns
        3. 28.5.1.3. Ordering and Indexing Columns
        4. 28.5.1.4. Column Exposure: Views
      2. 28.5.2. Document Library Settings
        1. 28.5.2.1. Content Types
        2. 28.5.2.2. Versioning Settings
        3. 28.5.2.3. Checking In and Out
      3. 28.5.3. Workflows
        1. 28.5.3.1. Creating a Simple Three-State Workflow
    6. 28.6. Accessing SharePoint Documents
      1. 28.6.1. Enforcing Security
        1. 28.6.1.1. The Concept of Inheritance
        2. 28.6.1.2. Permissions and Permission Levels
        3. 28.6.1.3. People and Groups
          1. 28.6.1.3.1. Creating and Deleting SharePoint Groups
          2. 28.6.1.3.2. Modifying Existing Groups
          3. 28.6.1.3.3. Group Membership Strategies
        4. 28.6.1.4. Disabling Inheritance
      2. 28.6.2. Creating Useful Navigation
      3. 28.6.3. Updating Search Indexes
      4. 28.6.4. Using Alerts and RSS
        1. 28.6.4.1. Signing Up for Alerts
        2. 28.6.4.2. Subscribing to RSS Feeds
      5. 28.6.5. Managing Information Rights
    7. 28.7. Advanced WSS Administration
      1. 28.7.1. Authentication Providers
      2. 28.7.2. Managing Features
      3. 28.7.3. Limiting Content
        1. 28.7.3.1. Viewing Blocked File Types
        2. 28.7.3.2. Establishing Quota Limits
        3. 28.7.3.3. Thwarting Viruses
    8. 28.8. Integrating Client Software
      1. 28.8.1. Internet Explorer Integration
      2. 28.8.2. Office 2007 Application Integration
        1. 28.8.2.1. Outlook 2007
        2. 28.8.2.2. Excel 2007
        3. 28.8.2.3. Access 2007
        4. 28.8.2.4. SharePoint Designer 2007
    9. 28.9. The Bottom Line
  33. 29. Server Virtualization with Hyper-V
    1. 29.1. What Is Server Virtualization?
      1. 29.1.1. What Use Is Server Virtualization?
      2. 29.1.2. What Do You Need to Get Started with Hyper-V?
        1. 29.1.2.1. Hardware Requirements
        2. 29.1.2.2. Software Requirements
      3. 29.1.3. The Hyper-V Feature Set
    2. 29.2. Installing the Host with a Virtual Machine
      1. 29.2.1. Installing and Configuring Hyper-V
        1. 29.2.1.1. Virtual Disks: The Short Version
        2. 29.2.1.2. Virtual Networks: The Short Version
        3. 29.2.1.3. Configuring the Hyper-V Host
      2. 29.2.2. Configuring a Virtual Machine
      3. 29.2.3. Installing a Virtual Machine
    3. 29.3. Understanding Hyper-V Architecture
      1. 29.3.1. The Hyper-V Parent Partition
      2. 29.3.2. Hyper-V Child Partitions
      3. 29.3.3. Security Design in Hyper-V
    4. 29.4. Using Virtual Disks
      1. 29.4.1. Virtual Disks and Their Controllers
      2. 29.4.2. Virtual Disk Types and When to Use Them
      3. 29.4.3. Adding a Disk to an Existing VM
      4. 29.4.4. Disk Maintenance
      5. 29.4.5. Time Travel with Snapshots
    5. 29.5. Using Virtual Networks
      1. 29.5.1. Understanding Virtual Switches
      2. 29.5.2. Connecting VMs to Virtual Switches
    6. 29.6. Managing Virtual Machines
      1. 29.6.1. Licensing Hyper-V Hosts and Their VMs
      2. 29.6.2. Moving VMs Around: Export and Import
      3. 29.6.3. Backing Up and Restoring Virtual Machines
      4. 29.6.4. Server Core and the Hyper-V Server
      5. 29.6.5. Moving VMs: Quick Migration and Live Migration
      6. 29.6.6. Malware Protection and Patching
      7. 29.6.7. Scripting Hyper-V
    7. 29.7. The Bottom Line
  34. 30. Advanced User Account Management and User Support
    1. 30.1. Experiencing the Flexible Desktop
    2. 30.2. Configuring Home Directories
      1. 30.2.1. Setting Up the Lab
      2. 30.2.2. Creating the Home Directories
      3. 30.2.3. Creating Home Directories: The Easy Way
      4. 30.2.4. Creating Home Directories: The Hard Way
      5. 30.2.5. Home Directory vs. Local Storage
    3. 30.3. Creating Roaming Profiles
      1. 30.3.1. Creating a Roaming Profiles Share: The Easy Way
      2. 30.3.2. Creating a Roaming Profiles Share: The Hard Way
      3. 30.3.3. Configuring Mandatory Profiles
        1. 30.3.3.1. Mandatory Profiles on Windows Vista
        2. 30.3.3.2. Mandatory Profiles on Windows 7
        3. 30.3.3.3. Completing the Mandatory Profiles
      4. 30.3.4. Configuring Super Mandatory Profiles
      5. 30.3.5. Configuring a Default Network Profile
    4. 30.4. Managing Roaming Profiles
      1. 30.4.1. Machine Settings
        1. 30.4.1.1. Cleaning Up Those Profiles
        2. 30.4.1.2. Multiple Sites and Roaming Profiles
        3. 30.4.1.3. Remote Desktop Services
        4. 30.4.1.4. Additional Roaming Profile GPO Settings
      2. 30.4.2. User Settings
    5. 30.5. Redirecting Folders
      1. 30.5.1. Basic Folder Redirection
      2. 30.5.2. Advanced Folder Redirection
      3. 30.5.3. Managing Folder Redirection
    6. 30.6. Managing the Desktop Using Group Policy
    7. 30.7. Managing Users with Logon Scripts
      1. 30.7.1. User Access Control and Logon Scripts
      2. 30.7.2. Multiple Logon Scripts
      3. 30.7.3. Managing Logon Scripts with Group Policy
      4. 30.7.4. Managing Shutdown Tasks with Logoff Scripts
    8. 30.8. The Bottom Line
  35. A. The Bottom Line
    1. A.1. Chapter 2: Installing and Upgrading to Windows Server 2008 R2
    2. A.2. Chapter 3: The New Server: Introduction to Server Core
    3. A.3. Chapter 4: Windows Server 2008 IPv4: What Has Changed?
    4. A.4. Chapter 5: DNS and Naming in Server 2008 and Active Directory
    5. A.5. Chapter 6: Creating the Simple Ad: The One-Domain, One-Location AD
    6. A.6. Chapter 7: Creating and Managing User Accounts
    7. A.7. Chapter 8: Group Policy: AD's Gauntlet
    8. A.8. Chapter 9: Active Directory Delegation
    9. A.9. Chapter 10: Files, Folders, and Shares
    10. A.10. Chapter 11: Creating and Managing Shared Folders
    11. A.11. Chapter 12: SYSVOL: Old and New
    12. A.12. Chapter 13: Sharing Printers on Windows Server 2008 R2 Networks
    13. A.13. Chapter 14: Remote Server Administration
    14. A.14. Chapter 15: Connecting Windows Clients to the Server
    15. A.15. Chapter 16: Working the Web with IIS 7.0 and 7.5
    16. A.16. Chapter 17: Watching Your System
    17. A.17. Chapter 18: Windows Server 2008 R2 and Active Directory Backup and Maintenance
    18. A.18. Chapter 19: Advanced IP: Routing with Windows
    19. A.19. Chapter 20: Getting From the Office to the Road: VPNs
    20. A.20. Chapter 21: Adding More Locations: Sites in Active Directory
    21. A.21. Chapter 22: The Third DC: Understanding Read-Only Domain Controllers
    22. A.22. Chapter 23: Creating Larger Active Directory Environments: Beyond One Domain
    23. A.23. Chapter 24: Migrating, Merging, and Modifying Your Active Directory
    24. A.24. Chapter 25: Installing, Using, and Administering Remote Desktop Services
    25. A.25. Chapter 26: Connecting Mac OS X Clients
    26. A.26. Chapter 27: Patch Management
    27. A.27. Chapter 28: File Shares Made Even Better: Windows SharePoint Services 3.0
    28. A.28. Chapter 29: Server Virtualization with Hyper-V
    29. A.29. Chapter 30: Advanced User Account Management and User Support