You are previewing Windows Server® 2008 Bible.
O'Reilly logo
Windows Server® 2008 Bible

Book Description

This version of the Server Bible will be the largest yet, catering to what is certainly the most advanced operating system introduced by Microsoft. The book will cater to the needs of the server administration community and will be designed to be a critical reference. The book will extensively cover the most notable new feature of Windows Server known as the "Server Core." Server Core is a significantly scaled-back installation where no graphical shell (explorer.exe) is installed, and all configuration and maintenance is done entirely through the command-line windows, or by connecting to the machine remotely using Microsoft Management Console. Server Core will also not include the .NET Framework, Internet Explorer or many other features not related to core server features. A Server Core machine can be configured for four basic roles: Domain controller, DNS Server, DHCP Server, and file server. Chapters on setup and installation will also cover the new componentized operating system Image-based setup and deployment tools, using WIM.

In addition to the already extensive Active Directory support this book will now fully cover the "Read-Only Domain Controller" operation mode in Active Directory, intended for use in branch office scenarios where a domain controller may reside in a low physical security environment, was introduced in Windows Server 2003 R2 and will be extended in the 2008 version. Chapters covering policy-based networking, branch management and enhanced end user collaboration will be extended. Windows Server 2008 will also ship Internet Information Services 7 and the current chapters on IIS will thus be extended. Coverage of Windows SharePoint Services 3.0 will also be introduced into this part of the book. We will also include coverage of the improved hot patching technology, which is a feature that allows non-kernel patches to occur without the need for a reboot.

A significantly upgraded Terminal Services component, supporting RDP 6.0. will be covered in the chapter on terminal services. The most notable improvement is the ability to share a single application over a Remote Desktop connection, instead of the entire desktop. This will be added to an already extended chapter on this remote access technology. In addition to these new features the book will also carry over existing features brought over from (SP1/R2) of Server 2003. These include covering of new security features of the operating system, Group Policy management, change control and service level, and administration practices.

Table of Contents

  1. Copyright
  2. About the Author
  3. Credits
  4. Acknowledgments
  5. Introduction
    1. Who Should Read This Book
    2. How This Book Is Organized
      1. Part I: Windows Server 2008, Core, Configuration, Networking, and Communication Services
      2. Part II: File, Print, and Storage Services
      3. Part III: Security and Active Directory
      4. Part IV: Change Control and Workplace Management
  6. I. Windows Server 2008, Core, Configuration, Networking, and Communication Services
    1. 1. Installing Windows Server 2008
      1. 1.1. It's All About the Core
        1. 1.1.1. What Is Server Core?
      2. 1.2. Installation and Configuration Strategy
        1. 1.2.1. Getting psyched up about installing
        2. 1.2.2. Server recipes
          1. 1.2.2.1. Server Core or bare-bones system recipe
          2. 1.2.2.2. Small file and print server recipe
          3. 1.2.2.3. Application-server installation recipe
          4. 1.2.2.4. Terminal Services installation recipe
          5. 1.2.2.5. Line-of-business role-server installation recipe
          6. 1.2.2.6. High-road, or mission-critical recipe
          7. 1.2.2.7. Redundant or standby system recipe
          8. 1.2.2.8. Large systems, clusters, and Datacenter Server installations
      3. 1.3. Overview of Hardware
        1. 1.3.1. Hardware compatibility
      4. 1.4. Installing Windows Server 2008
        1. 1.4.1. Partitioning hard-disk drives
          1. 1.4.1.1. Option 1: One HDD
          2. 1.4.1.2. Option 2: Two HDDs
        2. 1.4.2. Performing a Server Core install
        3. 1.4.3. Performing an unattended Server Core install
        4. 1.4.4. Performing a basic install
          1. 1.4.4.1. Initial setup: Using the DVD
          2. 1.4.4.2. Running the Setup Wizard: Information to have handy
          3. 1.4.4.3. Windows network install
          4. 1.4.4.4. Final installation setup
        5. 1.4.5. Installing from the network
      5. 1.5. Roles, Features, and Applications
        1. 1.5.1. Standalone servers
        2. 1.5.2. Member servers
        3. 1.5.3. Role servers
          1. 1.5.3.1. Types of roles
          2. 1.5.3.2. Features
        4. 1.5.4. Windows Server 2008 as a domain controller
      6. 1.6. Windows Server 2008 as a Communications Server and Microsoft Exchange
        1. 1.6.1. Internet Information Services integration
        2. 1.6.2. Active Directory integration
        3. 1.6.3. Distributed services
        4. 1.6.4. Security
        5. 1.6.5. Single-seat and policy-based administration
        6. 1.6.6. SMTP message routing
        7. 1.6.7. Internet mail content
      7. 1.7. System Monitoring Using Windows Management Instrumentation
      8. 1.8. Windows Server 2008 for Database Services with SQL Server
      9. 1.9. Windows Server 2008 for IIS and ASP.NET
      10. 1.10. Windows Server 2008 for Application Services
      11. 1.11. Windows Server 2008 for Resolutions Services
        1. 1.11.1. DNS
          1. 1.11.1.1. Choosing your first DNS domain name
          2. 1.11.1.2. DNS namespace planning for Active Directory
        2. 1.11.2. DHCP
        3. 1.11.3. WINS
      12. 1.12. Summary
    2. 2. Configuring Windows Server 2008
      1. 2.1. Using the Microsoft Management Console
        1. 2.1.1. Understanding the function of the MMC
        2. 2.1.2. Opening the MMC
        3. 2.1.3. Using snap-ins
        4. 2.1.4. Getting to know taskpads
          1. 2.1.4.1. Creating a taskpad
          2. 2.1.4.2. Creating tasks
          3. 2.1.4.3. Modifying a taskpad
        5. 2.1.5. Other add-in tools
        6. 2.1.6. Customizing MMC to suit your needs
        7. 2.1.7. Control Panel versus MMC
      2. 2.2. Windows Firewall Changes for MMC Tools
      3. 2.3. Getting to Know the MMC Tools
        1. 2.3.1. Certification Authority
        2. 2.3.2. Failover Cluster Management
        3. 2.3.3. Component Services
        4. 2.3.4. Computer Management
        5. 2.3.5. Event Viewer
        6. 2.3.6. Reliability and Performance
        7. 2.3.7. Shared Folders
          1. 2.3.7.1. Device Manager
            1. 2.3.7.1.1. Driver changes
            2. 2.3.7.1.2. Resource assignment
          2. 2.3.7.2. Local Users and Groups
          3. 2.3.7.3. Disk Management
          4. 2.3.7.4. Disk Defragmenter
          5. 2.3.7.5. Removable Storage
          6. 2.3.7.6. Telephony
          7. 2.3.7.7. WMI Control
          8. 2.3.7.8. Services
            1. 2.3.7.8.1. Starting and stopping services
            2. 2.3.7.8.2. Setting General service properties
            3. 2.3.7.8.3. Configuring service logon
            4. 2.3.7.8.4. Configuring service recovery
            5. 2.3.7.8.5. Viewing dependencies
          9. 2.3.7.9. Indexing Service
            1. 2.3.7.9.1. Planning for the Indexing Service
            2. 2.3.7.9.2. Creating and configuring a catalog
            3. 2.3.7.9.3. Querying the catalog
            4. 2.3.7.9.4. Tuning performance
        8. 2.3.8. Using Event Viewer
          1. 2.3.8.1. Viewing and filtering events
          2. 2.3.8.2. Setting log properties
          3. 2.3.8.3. Saving and clearing logs
          4. 2.3.8.4. Viewing logs on another computer
          5. 2.3.8.5. Arranging the log view
        9. 2.3.9. Server extensions
      4. 2.4. Using the Security Configuration Wizard
      5. 2.5. Working with Data Sources (ODBC)
        1. 2.5.1. Defining DSNs
          1. 2.5.1.1. Defining a data source
          2. 2.5.1.2. Setting up an SQL Server data source
          3. 2.5.1.3. ODBC Component Checker
        2. 2.5.2. Viewing driver information
        3. 2.5.3. Tracing
        4. 2.5.4. Connection Pooling
      6. 2.6. Understanding Control Panel Applets
        1. 2.6.1. Ease of Access applet
        2. 2.6.2. Add Hardware applet
        3. 2.6.3. Default Programs applet
        4. 2.6.4. Administrative Tools applet
        5. 2.6.5. Windows Update
        6. 2.6.6. Date and Time applet
        7. 2.6.7. Display object . . . Personalization
        8. 2.6.8. Folder Options applet
        9. 2.6.9. Internet Options applet
        10. 2.6.10. Network and Sharing Center applet
        11. 2.6.11. Power Options applet
        12. 2.6.12. Printers Control Panel applet
        13. 2.6.13. System applet
          1. 2.6.13.1. Computer Name
          2. 2.6.13.2. Hardware page
          3. 2.6.13.3. Advanced page
          4. 2.6.13.4. User Profiles
            1. 2.6.13.4.1. Creating a profile
            2. 2.6.13.4.2. Copying profiles
            3. 2.6.13.4.3. Supporting roaming users
            4. 2.6.13.4.4. Creating a mandatory profile
            5. 2.6.13.4.5. Performance options
            6. 2.6.13.4.6. Environment Variables
            7. 2.6.13.4.7. Startup/Shutdown options
          5. 2.6.13.5. Remote tab
      7. 2.7. Windows PowerShell
      8. 2.8. Summary
    3. 3. Networking Windows Server 2008
      1. 3.1. TCP/IP on Windows Server 2008
      2. 3.2. TCP/IP Basics (IPv4)
        1. 3.2.1. IP addressing
        2. 3.2.2. Subnetting
        3. 3.2.3. Classless Interdomain Routing notation
        4. 3.2.4. Obtaining IP addresses
        5. 3.2.5. Gateways and routing
        6. 3.2.6. Dynamic Host Configuration Protocol (DHCP)
        7. 3.2.7. Domains and name resolution
          1. 3.2.7.1. DNS
          2. 3.2.7.2. WINS
          3. 3.2.7.3. Obtaining a domain name
        8. 3.2.8. Preparing for installation
      3. 3.3. Setting Up TCP/IP
        1. 3.3.1. Configuring TCP/IP
          1. 3.3.1.1. IP settings
          2. 3.3.1.2. DNS
          3. 3.3.1.3. WINS
      4. 3.4. Understanding and Using IPv6
        1. 3.4.1. IPv6 terms and concepts
          1. 3.4.1.1. Unicast addresses
          2. 3.4.1.2. Multicast addresses
          3. 3.4.1.3. Anycast addresses
        2. 3.4.2. Using IPv6 in Windows Server 2008
          1. 3.4.2.1. Installing and configuring IPv6
          2. 3.4.2.2. IPv6 address assignment
            1. 3.4.2.2.1. IPv6 address autoconfiguration
            2. 3.4.2.2.2. Static IPv6 address configuration
      5. 3.5. Troubleshooting TCP/IP
        1. 3.5.1. Common troubleshooting concepts
        2. 3.5.2. ping
          1. 3.5.2.1. ping and IPv6
        3. 3.5.3. ipconfig
        4. 3.5.4. netstat
        5. 3.5.5. hostname
        6. 3.5.6. tracert
        7. 3.5.7. arp
        8. 3.5.8. route
        9. 3.5.9. nbtstat
        10. 3.5.10. Legacy protocols
        11. 3.5.11. NetBEUI
        12. 3.5.12. IPX/SPX
        13. 3.5.13. DLC
      6. 3.6. SNMP
        1. 3.6.1. Understanding how SNMP works
        2. 3.6.2. Installing and configuring SNMP
          1. 3.6.2.1. Configuring agent properties
          2. 3.6.2.2. Configuring traps
          3. 3.6.2.3. Configuring security
          4. 3.6.2.4. Translating events to traps
            1. 3.6.2.4.1. Setting general properties
            2. 3.6.2.4.2. Exporting the trap list
      7. 3.7. Windows Firewall Configuration and Management
        1. 3.7.1. Overview of Windows Firewall changes
        2. 3.7.2. Configuring Windows Firewall
        3. 3.7.3. Managing Windows Firewall with Group Policy
        4. 3.7.4. Managing Windows Firewall from a console
        5. 3.7.5. Windows Firewall with Advanced Security
      8. 3.8. Summary
    4. 4. DHCP
      1. 4.1. Overview of DHCP
      2. 4.2. The Windows Server DHCP Service
        1. 4.2.1. Support for dynamic DNS
        2. 4.2.2. Vendor and user classes
        3. 4.2.3. Multicast address allocation
        4. 4.2.4. Unauthorized DHCP server detection
        5. 4.2.5. Automatic client configuration
        6. 4.2.6. Monitoring and reporting
      3. 4.3. Installing and Configuring the DHCP Server
        1. 4.3.1. Installing DHCP
        2. 4.3.2. Using the DHCP console
        3. 4.3.3. Creating scopes
        4. 4.3.4. Setting general scope options
          1. 4.3.4.1. Default gateway
          2. 4.3.4.2. Domain name and DNS servers
          3. 4.3.4.3. Domain name
          4. 4.3.4.4. Other scope properties
        5. 4.3.5. Configuring global DHCP options
        6. 4.3.6. Creating reservations
        7. 4.3.7. Setting global scope properties
        8. 4.3.8. Activating and deactivating a scope
        9. 4.3.9. Authorizing the server
      4. 4.4. Defining and Implementing User and Vendor Classes
        1. 4.4.1. Vendor classes
          1. 4.4.1.1. Creating a vendor class
          2. 4.4.1.2. Configuring vendor class options
        2. 4.4.2. User classes
          1. 4.4.2.1. Creating a user class
          2. 4.4.2.2. Configuring user class options
        3. 4.4.3. Configuring a client to use class IDs
      5. 4.5. Creating and Using Superscopes
        1. 4.5.1. Creating a superscope
        2. 4.5.2. Activating and deactivating a superscope
        3. 4.5.3. Removing scopes from a superscope
        4. 4.5.4. Deleting superscopes
      6. 4.6. Creating Multicast Scopes
      7. 4.7. Configuring Global DHCP Server Properties
      8. 4.8. Managing the DHCP Database
        1. 4.8.1. Backing up and restoring the DHCP database
        2. 4.8.2. Moving the DHCP database to another server
      9. 4.9. Configuring Windows DHCP Clients
        1. 4.9.1. Configuring DNS options for DHCP
      10. 4.10. Network Access Protection
      11. 4.11. Summary
    5. 5. Windows Name Services
      1. 5.1. Overview of the Domain Name Service
        1. 5.1.1. Understanding domain names
        2. 5.1.2. Today's DNS system
        3. 5.1.3. Resolvers, name servers, and forward lookup
        4. 5.1.4. Domain records and zone files
        5. 5.1.5. Reverse lookup
        6. 5.1.6. Delegation
        7. 5.1.7. Caching, forwarders, and slaves
        8. 5.1.8. Recursion, iteration, and referrals
      2. 5.2. Microsoft Domain Name Services
        1. 5.2.1. Installing DNS
        2. 5.2.2. Overview of the DNS console
        3. 5.2.3. Creating forward-lookup zones
        4. 5.2.4. Creating reverse-lookup zones
        5. 5.2.5. Creating resource records
          1. 5.2.5.1. Host records (A)
          2. 5.2.5.2. Alias (CNAME) records
          3. 5.2.5.3. Mail Exchanger records (MX)
          4. 5.2.5.4. Service Location records (SRV)
          5. 5.2.5.5. Other record types
        6. 5.2.6. Configuring zone properties
          1. 5.2.6.1. General zone properties
          2. 5.2.6.2. Start of Authority properties
          3. 5.2.6.3. Name servers properties
          4. 5.2.6.4. WINS properties
          5. 5.2.6.5. Zone transfer properties
      3. 5.3. Managing DNS Server Options and Behavior
        1. 5.3.1. Configuring multiple addresses on a DNS server
        2. 5.3.2. Using a forwarder
        3. 5.3.3. Configuring advanced settings
        4. 5.3.4. Setting root hints
        5. 5.3.5. Configuring logging
          1. 5.3.5.1. Configuring basic logging
          2. 5.3.5.2. Using debug logging
        6. 5.3.6. Monitoring and testing
        7. 5.3.7. Applying security
        8. 5.3.8. Managing the server and cache
      4. 5.4. Configuring Subdomains and Delegation
        1. 5.4.1. Setting up subdomains
        2. 5.4.2. Delegating a subdomain
      5. 5.5. DNS and Active Directory
      6. 5.6. Dynamic DNS
        1. 5.6.1. Configuring DDNS
        2. 5.6.2. Configuring scavenging
      7. 5.7. Windows Internet Name Service (WINS)
      8. 5.8. How WINS Works
        1. 5.8.1. WINS registration
        2. 5.8.2. Mapping renewal
      9. 5.9. WINS Forever
        1. 5.9.1. Persistent connections
        2. 5.9.2. Manual tombstoning
      10. 5.10. WINS Installation and Configuration
        1. 5.10.1. Installing WINS
        2. 5.10.2. Configuring WINS
          1. 5.10.2.1. Static entries
          2. 5.10.2.2. The proxy agent
      11. 5.11. Configuring Windows Clients for DNS and WINS
      12. 5.12. Using Hosts and LMHOSTS Files for Name Resolution
        1. 5.12.1. Using a Hosts file for name resolution
        2. 5.12.2. Using the LMHOSTS file for name resolution
      13. 5.13. Summary
    6. 6. Routing and Remote Access
      1. 6.1. Windows Server 2008 RAS and Telephony Services
        1. 6.1.1. Overview of Windows Server 2008 RRAS
        2. 6.1.2. New features of Windows Server 2008 RRAS
          1. 6.1.2.1. AD integration
          2. 6.1.2.2. Bandwidth Allocation Protocol and Bandwidth Allocation Control Protocol
          3. 6.1.2.3. MS-CHAP version 2
          4. 6.1.2.4. Extensible Authentication Protocol
          5. 6.1.2.5. RADIUS support
          6. 6.1.2.6. Network access policies
          7. 6.1.2.7. Account lockout
        3. 6.1.3. The Routing and Remote Access management console
      2. 6.2. RAS Connection Types and Protocols
        1. 6.2.1. Point-to-Point Protocol
        2. 6.2.2. Point-to-Point Multilink Protocol and BAP
        3. 6.2.3. Point-to-Point Tunneling Protocol
        4. 6.2.4. Layer Two Tunneling Protocol
        5. 6.2.5. Transport protocols
          1. 6.2.5.1. TCP/IP
      3. 6.3. Enabling and Configuring RRAS
      4. 6.4. IP Routing
        1. 6.4.1. IP routing overview
          1. 6.4.1.1. RIP
          2. 6.4.1.2. OSPF
        2. 6.4.2. Routing with RRAS
        3. 6.4.3. Configuring a basic router
          1. 6.4.3.1. Configuring the router address
          2. 6.4.3.2. Configuring static routes
          3. 6.4.3.3. Adding and configuring a demand-dial interface
            1. 6.4.3.3.1. Setting demand-dial filters
            2. 6.4.3.3.2. Setting permitted dial-out hours
            3. 6.4.3.3.3. Changing dial-out credentials
            4. 6.4.3.3.4. Setting dialing properties
            5. 6.4.3.3.5. Configuring security methods
            6. 6.4.3.3.6. Modifying network settings
          4. 6.4.3.4. Enabling or disabling routing
        4. 6.4.4. Dynamic routing
        5. 6.4.5. Adding and configuring RIP
          1. 6.4.5.1. General
          2. 6.4.5.2. Security
          3. 6.4.5.3. Neighbors
          4. 6.4.5.4. Advanced
          5. 6.4.5.5. General RIP properties
        6. 6.4.6. DHCP relay agent
        7. 6.4.7. IGMP – multicast forwarding
          1. 6.4.7.1. Overview of multicast forwarding
            1. 6.4.7.1.1. IGMP router mode
            2. 6.4.7.1.2. IGMP proxy mode
          2. 6.4.7.2. Setting up a multicast forwarder
        8. 6.4.8. Network address translation
        9. 6.4.9. Configuring NAT
      5. 6.5. Configuring Services and Ports
      6. 6.6. Configuring RAS for Inbound Connections
        1. 6.6.1. Enabling RRAS
          1. 6.6.1.1. Remote access (dial-up or VPN)
          2. 6.6.1.2. Network address translation
          3. 6.6.1.3. Virtual Private Network access and NAT
          4. 6.6.1.4. Secure connection between two private networks
          5. 6.6.1.5. Custom configuration
        2. 6.6.2. Configuring modems and ports
        3. 6.6.3. Configuring protocols
          1. 6.6.3.1. TCP/IP
            1. 6.6.3.1.1. Assigning addresses through DHCP
            2. 6.6.3.1.2. Using a static address pool
            3. 6.6.3.1.3. Allowing clients to use preassigned IP addresses
            4. 6.6.3.1.4. Enabling/disabling IP for RRAS
            5. 6.6.3.1.5. IP routing and restricting access to the RAS server
        4. 6.6.4. Configuring authentication
          1. 6.6.4.1. Configuring PPP
          2. 6.6.4.2. Configuring authentication
            1. 6.6.4.2.1. EAP
            2. 6.6.4.2.2. Configuring EAP-RADIUS
            3. 6.6.4.2.3. SPAP
            4. 6.6.4.2.4. PAP
            5. 6.6.4.2.5. Unauthenticated access
        5. 6.6.5. Disabling routing (Remote Access Server only)
        6. 6.6.6. RRAS logging and accounting
          1. 6.6.6.1. Using Windows accounting
          2. 6.6.6.2. Using RADIUS accounting
      7. 6.7. Configuring a VPN Server
        1. 6.7.1. Configuring VPN ports
        2. 6.7.2. Enabling L2TP for VPN
          1. 6.7.2.1. Obtaining and installing a certificate
          2. 6.7.2.2. Configuring L2TP over IPSec filters
      8. 6.8. Using Multilink and BAP
      9. 6.9. Policy Server
        1. 6.9.1. Creating a new policy
          1. 6.9.1.1. Dial-In Constraints
          2. 6.9.1.2. IP
          3. 6.9.1.3. Multilink
          4. 6.9.1.4. Authentication
          5. 6.9.1.5. Encryption
          6. 6.9.1.6. RADIUS
        2. 6.9.2. Prioritizing policies
      10. 6.10. Using RADIUS
        1. 6.10.1. Configuring RADIUS
        2. 6.10.2. Configuring accounting
      11. 6.11. Configuring Outgoing Dial-Up Networking Connections
        1. 6.11.1. Creating a connection
        2. 6.11.2. Configuring connection properties
          1. 6.11.2.1. Security and authentication
          2. 6.11.2.2. Configuring EAP
          3. 6.11.2.3. Configuring protocols
          4. 6.11.2.4. Multilink and BAP Revisited
        3. 6.11.3. Configuring dial-up networking to connect to the Internet
          1. 6.11.3.1. Controlling disconnects
          2. 6.11.3.2. Online security
      12. 6.12. Summary
    7. 7. Backup and Restore
      1. 7.1. Why Back Up Data?
      2. 7.2. What to Back Up
      3. 7.3. Understanding Backup
        1. 7.3.1. Understanding archive bits
        2. 7.3.2. What is a backup?
        3. 7.3.3. What is a restore?
        4. 7.3.4. Understanding how a backup works
      4. 7.4. Removable Storage and Media Pools
        1. 7.4.1. The Removable Storage Service
        2. 7.4.2. The Removable Storage database
        3. 7.4.3. Physical locations
        4. 7.4.4. Media pools
          1. 7.4.4.1. System pools
          2. 7.4.4.2. Application pools
          3. 7.4.4.3. Multilevel media pools
        5. 7.4.5. Work Queue and Operator Requests
          1. 7.4.5.1. Work queue
          2. 7.4.5.2. Operator requests
          3. 7.4.5.3. Labeling media
        6. 7.4.6. Practicing scratch and save
      5. 7.5. Establishing Quality of Support Baselines for Data Backup/Restore
      6. 7.6. Establishing Quality of Capture
        1. 7.6.1. Best backup time of the day
        2. 7.6.2. Length of backup
        3. 7.6.3. Backup of servers and workstations
        4. 7.6.4. The open files dilemma
      7. 7.7. Backup Procedure
      8. 7.8. Performing a Backup
        1. 7.8.1. Creating a media pool
        2. 7.8.2. Understanding rights and permissions
        3. 7.8.3. Understanding source and destination
        4. 7.8.4. Setting up schedules
      9. 7.9. Rotation Schemes
      10. 7.10. Restoring Data
      11. 7.11. Tape Location
      12. 7.12. Backup Bandwidth
      13. 7.13. Working with Shadow Copies
      14. 7.14. Summary
    8. 8. Disaster Recovery
      1. 8.1. Disaster Recovery Planning
        1. 8.1.1. Policy and protocol
        2. 8.1.2. Documentation
        3. 8.1.3. Disaster recovery training and action planning
      2. 8.2. Identifying Resources
      3. 8.3. Developing Response Plans
      4. 8.4. Testing Response Plans
      5. 8.5. Mock Disaster Programs
        1. 8.5.1. Understanding fault tolerance
      6. 8.6. Identifying the Weak Links
      7. 8.7. Recovery from Backup
        1. 8.7.1. Recovery of base operating systems
        2. 8.7.2. Recovery of configuration
      8. 8.8. Mirrored Services, Data, and Hardware
      9. 8.9. Recovery of Key Services
        1. 8.9.1. Active Directory
        2. 8.9.2. DNS
        3. 8.9.3. Registry
      10. 8.10. Crash Analysis
      11. 8.11. Summary
    9. 9. The Registry
      1. 9.1. The Purpose of the Registry
      2. 9.2. The Registry Structure
        1. 9.2.1. Registry hive files
          1. 9.2.1.1. HKEY_LOCAL_MACHINE
          2. 9.2.1.2. HKEY_USERS
          3. 9.2.1.3. HKEY_CURRENT_USER
          4. 9.2.1.4. HKEY_CLASSES_ROOT
          5. 9.2.1.5. HKEY_CURRENT_CONFIG
        2. 9.2.2. Keys and values
      3. 9.3. The Registry Editor
        1. 9.3.1. Regedit.exe
        2. 9.3.2. Modifying the registry
          1. 9.3.2.1. Creating and modifying values
          2. 9.3.2.2. Creating and deleting keys
        3. 9.3.3. Importing and exporting keys
        4. 9.3.4. Editing a remote registry
        5. 9.3.5. Loading and unloading hives
      4. 9.4. Securing the Registry
        1. 9.4.1. Preventing access to the registry
        2. 9.4.2. Applying permissions to registry keys
        3. 9.4.3. Auditing registry access
        4. 9.4.4. Securing remote registry access
      5. 9.5. Summary
    10. 10. Auditing Windows Server 2008
      1. 10.1. Auditing Overview
      2. 10.2. Configuring Auditing
        1. 10.2.1. Enabling audit policies
        2. 10.2.2. Auditing object access
      3. 10.3. Examining the Audit Reports
        1. 10.3.1. Using the Event Viewer
        2. 10.3.2. Using other tools
      4. 10.4. Strategies for Auditing
        1. 10.4.1. Leaving auditing off
        2. 10.4.2. Turning all auditing on
        3. 10.4.3. Auditing problem users
        4. 10.4.4. Auditing administrators
        5. 10.4.5. Auditing critical files and folders
      5. 10.5. Summary
    11. 11. .NET Framework Services
      1. 11.1. Introduction to the .NET Framework
        1. 11.1.1. 64-bit platform support
        2. 11.1.2. Access control list
        3. 11.1.3. ADO.NET and LINQ
        4. 11.1.4. Asynchronous processing
      2. 11.2. Understanding the .NET Initiative
        1. 11.2.1. The Common Language Runtime
        2. 11.2.2. Common Type System
        3. 11.2.3. .NET security
        4. 11.2.4. Application domains
        5. 11.2.5. Garbage collection
        6. 11.2.6. .NET vs. the JVM
        7. 11.2.7. Configuring the Global Assembly Cache
      3. 11.3. Summary
  7. II. File, Print, and Storage Services
    1. 12. Print Services
      1. 12.1. Print Services
      2. 12.2. Understanding Windows Server Printer Services
        1. 12.2.1. Printer services: the logical environment
          1. 12.2.1.1. Print routers
          2. 12.2.1.2. Printer drivers
          3. 12.2.1.3. The spooler service stack
          4. 12.2.1.4. Spooler output files
          5. 12.2.1.5. Print queues
          6. 12.2.1.6. The print processor
          7. 12.2.1.7. Ports
          8. 12.2.1.8. Print monitors
          9. 12.2.1.9. Local print monitor
          10. 12.2.1.10. LPR print monitor (TCP/IP printing)
          11. 12.2.1.11. Standard TCP/IP print monitor
          12. 12.2.1.12. Third-party print monitors
        2. 12.2.2. Printer services: the physical environment
          1. 12.2.2.1. Print servers
          2. 12.2.2.2. Print devices
          3. 12.2.2.3. Network interface devices
      3. 12.3. Print Services Strategy
        1. 12.3.1. Printer taxonomy
        2. 12.3.2. Creating print groups
        3. 12.3.3. Creating a print network
        4. 12.3.4. Keeping drivers current
      4. 12.4. Installing and Setting Up Printers
        1. 12.4.1. Installing the local printer
      5. 12.5. Publishing Printers
        1. 12.5.1. Locating printers
          1. 12.5.1.1. Locating the printer in Active Directory
          2. 12.5.1.2. Locating printers over the Web
        2. 12.5.2. Hiding printers
        3. 12.5.3. Printer pools
        4. 12.5.4. Loading printer ports
      6. 12.6. Printer Administration
        1. 12.6.1. Printer management
          1. 12.6.1.1. Setting separator pages
          2. 12.6.1.2. Mixing and matching forms and trays
        2. 12.6.2. Job management
        3. 12.6.3. Advanced spool options
          1. 12.6.3.1. Available time
          2. 12.6.3.2. To spool or not to spool
          3. 12.6.3.3. Holding mismatched documents
          4. 12.6.3.4. Printing spooled documents first
          5. 12.6.3.5. Keeping printed documents
        4. 12.6.4. Access control
          1. 12.6.4.1. Assigning permissions according to role
          2. 12.6.4.2. Delegating printer and document administration
          3. 12.6.4.3. Taking ownership
      7. 12.7. Troubleshooting
        1. 12.7.1. Server-side print problems
        2. 12.7.2. Client-side print problems
        3. 12.7.3. Enabling bi-directional printing
      8. 12.8. Auditing Printer Usage and Management
      9. 12.9. Summary
    2. 13. Storage Management
      1. 13.1. Overview of Storage
      2. 13.2. Storage Management
        1. 13.2.1. Performance and capacity
          1. 13.2.1.1. Windows Server 2008 and SANs
        2. 13.2.2. High availability
        3. 13.2.3. Recoverability
        4. 13.2.4. Issues with legacy systems
      3. 13.3. Disk Management
      4. 13.4. Partition Styles
        1. 13.4.1. MBR disks
        2. 13.4.2. GPT disks
      5. 13.5. Removable Storage
      6. 13.6. Remote Storage and HSM
      7. 13.7. The Disk Management Snap-in
      8. 13.8. Basic Storage
        1. 13.8.1. Primary partitions
        2. 13.8.2. Extended partitions
        3. 13.8.3. Basic volumes
      9. 13.9. Dynamic Volumes and Fault Tolerance
        1. 13.9.1. Dynamic disks
        2. 13.9.2. RAID-1: Disk mirroring
        3. 13.9.3. RAID-5: Fault-tolerant striping with parity
      10. 13.10. Hardware RAID
      11. 13.11. Dynamic Storage Management
        1. 13.11.1. Converting basic disks to dynamic
        2. 13.11.2. Creating simple volumes
        3. 13.11.3. Extending simple volumes and spanned volumes
        4. 13.11.4. Creating and managing RAID-0 volumes (striping)
        5. 13.11.5. Creating and managing RAID-1 volumes
        6. 13.11.6. Creating and managing RAID-5 volumes
        7. 13.11.7. Importing disks
      12. 13.12. Managing Storage with Disk Quotas
        1. 13.12.1. Why you need disk quotas
          1. 13.12.1.1. Ownership
          2. 13.12.1.2. Caveats of quota systems
          3. 13.12.1.3. Disk space/quota analysis
        2. 13.12.2. Setting disk quotas
          1. 13.12.2.1. Adding disk quota entries
        3. 13.12.3. Common-sense disk quota management
      13. 13.13. Troubleshooting
        1. 13.13.1. Disk and volume states
        2. 13.13.2. Fixing RAID redundancy failures
      14. 13.14. Storage Explorer
      15. 13.15. Summary
    3. 14. Windows Server 2008 File Systems
      1. 14.1. An Overview of Disk Structure
      2. 14.2. FAT16 and FAT32
      3. 14.3. NTFS
        1. 14.3.1. NTFS structure
        2. 14.3.2. Disk quotas
        3. 14.3.3. Reparse points
        4. 14.3.4. Encrypting File System
        5. 14.3.5. Hierarchical Storage Management
        6. 14.3.6. Directory junctions
        7. 14.3.7. Mounted volumes
        8. 14.3.8. Transactional NTFS
      4. 14.4. Choosing a File System
      5. 14.5. Optimizing Storage Capacity
        1. 14.5.1. Optimizing cluster size
        2. 14.5.2. Defragmenting volumes
        3. 14.5.3. Using disk compression in NTFS
          1. 14.5.3.1. Enabling and disabling compression
          2. 14.5.3.2. Performance considerations
      6. 14.6. Managing the Distributed File System
        1. 14.6.1. DFS structure and terminology
        2. 14.6.2. Domain-based DFS namespace vs. standalone DFS namespaces
        3. 14.6.3. Client support
        4. 14.6.4. Replication with DFS
        5. 14.6.5. Replication with DFS-R
        6. 14.6.6. Client-side caching
        7. 14.6.7. Working with the DFS Management console
          1. 14.6.7.1. Terminology and key features
          2. 14.6.7.2. Client failback
          3. 14.6.7.3. Target priority
          4. 14.6.7.4. Delegation
          5. 14.6.7.5. Namespace restructuring
          6. 14.6.7.6. Managing namespaces
          7. 14.6.7.7. Managing replication
      7. 14.7. Working with Mounted Volumes
        1. 14.7.1. Mounting a volume
        2. 14.7.2. Unmounting a volume
      8. 14.8. Services for Network File System
        1. 14.8.1. NFS overview
          1. 14.8.1.1. Configuring authentication
          2. 14.8.1.2. Configuring logging
          3. 14.8.1.3. Configuring file locking
          4. 14.8.1.4. Configuring filename translation
          5. 14.8.1.5. Setting authentication renewal and case sensitivity
          6. 14.8.1.6. Sharing a folder
      9. 14.9. Summary
    4. 15. Sharing and Securing Files and Folders
      1. 15.1. Sharing and Securing Your Data
      2. 15.2. Ownership
      3. 15.3. Configuring the File Server Role
        1. 15.3.1. File Server Resource Management console
          1. 15.3.1.1. Quota Management
          2. 15.3.1.2. File Screening Management
          3. 15.3.1.3. Storage Reports Management
      4. 15.4. Publishing Shares in Active Directory
      5. 15.5. Creating a Share
        1. 15.5.1. Sharing a local folder
        2. 15.5.2. Establishing shares by using the Share and Storage Management console
      6. 15.6. Share Attributes
        1. 15.6.1. Deny
        2. 15.6.2. Accumulation of share permissions
        3. 15.6.3. Moving or copying folders
        4. 15.6.4. Intradomain shares
        5. 15.6.5. Who can share folders
        6. 15.6.6. Hidden shares
        7. 15.6.7. Connecting to shares
        8. 15.6.8. Connecting users to published shares
        9. 15.6.9. Mapping out the DFS namespace for users
      7. 15.7. Administrative Shares
      8. 15.8. Commonsense Strategies for Sharing Folders
        1. 15.8.1. Restricting shares
        2. 15.8.2. Setting up application sharepoints
        3. 15.8.3. Setting up data sharepoints
      9. 15.9. Offline Access (Caching)
        1. 15.9.1. Offline attributes
        2. 15.9.2. Synchronizing cached resources
      10. 15.10. Securing Files and Folders by Using Permissions
      11. 15.11. Permission Types
      12. 15.12. Permissions Attributes
      13. 15.13. Inheritance
      14. 15.14. Taking Ownership
      15. 15.15. Copying and Moving
      16. 15.16. Strategies for Managing Permissions
      17. 15.17. Securing Files by Using the Encrypting File System
        1. 15.17.1. How EFS works
        2. 15.17.2. Recoverability and the encryption recovery policy
        3. 15.17.3. Using EFS
          1. 15.17.3.1. Recovery policy
          2. 15.17.3.2. Encrypting and decrypting through Windows Explorer
          3. 15.17.3.3. Encrypting and decrypting using the command prompt
        4. 15.17.4. Copying, moving, or renaming encrypted files
        5. 15.17.5. Accessing encrypted data remotely
        6. 15.17.6. Sharing encrypted data
        7. 15.17.7. Encrypting files for multiple users
        8. 15.17.8. Backing up and recovering encrypted data
        9. 15.17.9. Configuring and using a recovery policy
          1. 15.17.9.1. Securing the default recovery key—workgroup/standalone computer
          2. 15.17.9.2. Securing the default recovery key—domain
          3. 15.17.9.3. Obtaining a file-recovery certificate
          4. 15.17.9.4. Defining a domainwide recovery policy
          5. 15.17.9.5. Defining a recovery policy for an organizational unit
          6. 15.17.9.6. Forcing EFS use
          7. 15.17.9.7. Disabling EFS
      18. 15.18. Summary
  8. III. Security and Active Directory
    1. 16. Windows Server 2008 Security
      1. 16.1. An Overview of Windows Server 2008 Security
        1. 16.1.1. The need for security
        2. 16.1.2. Data input
        3. 16.1.3. Data transport
        4. 16.1.4. Why the threat exists
          1. 16.1.4.1. The external environment
          2. 16.1.4.2. The internal environment
      2. 16.2. Rising to the Security Challenge
      3. 16.3. Security Enhancements in Server Roles
        1. 16.3.1. Active Directory Domain Controller role service
        2. 16.3.2. The DHCP Server Role
        3. 16.3.3. The DNS Server Role
      4. 16.4. Understanding Encryption Basics
      5. 16.5. Getting to Know Cryptography
        1. 16.5.1. Cryptography Next Generation
        2. 16.5.2. Keys
        3. 16.5.3. Private keys
        4. 16.5.4. Public keys
        5. 16.5.5. Session keys
        6. 16.5.6. Key certificates
        7. 16.5.7. Digital signatures
      6. 16.6. Understanding Kerberos
        1. 16.6.1. Kerberos and the Single Sign-On initiative
        2. 16.6.2. Psst... this is how Kerberos works
        3. 16.6.3. Time authentication
        4. 16.6.4. Key distribution
        5. 16.6.5. Session tickets
        6. 16.6.6. Kerberos and trusts
        7. 16.6.7. Locating KDCs
      7. 16.7. Getting to Know IPSec
      8. 16.8. SSL/TLS
      9. 16.9. Understanding Active Directory Certificate Services
        1. 16.9.1. Public Key Infrastructure
        2. 16.9.2. Digital certificates
        3. 16.9.3. Creating the PKI with active directory certificate services
      10. 16.10. Support for Legacy NTLM
      11. 16.11. Smart Cards
      12. 16.12. Domains
      13. 16.13. Logon and Authentication
        1. 16.13.1. Windows Server 2008 logon
        2. 16.13.2. Bi-factorial and mono-factorial authentication
      14. 16.14. Trusts
      15. 16.15. Access Control
      16. 16.16. Auditing
      17. 16.17. Security Planning
      18. 16.18. Firewalls
      19. 16.19. Active Directory Security Policy
      20. 16.20. Secure Sockets
      21. 16.21. Firewalls, Proxies, and Bastions
      22. 16.22. Introduction to the Public Key Infrastructure
      23. 16.23. Setting up and Configuring Active Directory Certificate Services
      24. 16.24. Understanding Active Directory Certificate Services
      25. 16.25. Setting Up and Configuring a Certificate Authority
      26. 16.26. Deploying a PKI
        1. 16.26.1. Trust model
          1. 16.26.1.1. Certificate Policy
          2. 16.26.1.2. Certificate Practice Statement
          3. 16.26.1.3. CA keys and certificate safety
          4. 16.26.1.4. Certificate validation
          5. 16.26.1.5. Active Directory integration
          6. 16.26.1.6. Certificate enrollment architecture
          7. 16.26.1.7. The restricted enrollment agent
          8. 16.26.1.8. Group Policy
          9. 16.26.1.9. Certificate revocation architecture
          10. 16.26.1.10. Online Certificate Status Protocol support
          11. 16.26.1.11. User certificates
      27. 16.27. Summary
    2. 17. Windows 2008 and Active Directory
      1. 17.1. The Omniscient Active Directory
        1. 17.1.1. Why do we need directories?
          1. 17.1.1.1. Single Sign-On and distributed security
          2. 17.1.1.2. Change management
          3. 17.1.1.3. Distributed administration
          4. 17.1.1.4. Application management
        2. 17.1.2. What Is Active Directory?
        3. 17.1.3. The grandfather of the modern directory: The X.500 specification
        4. 17.1.4. The father of the modern directory: LDAP
        5. 17.1.5. After X.500
        6. 17.1.6. The open Active Directory
        7. 17.1.7. How the registry fits in
      2. 17.2. The Elements of Active Directory
        1. 17.2.1. Namespaces and naming schemes
          1. 17.2.1.1. RFC822 names
          2. 17.2.1.2. LDAP and X.500 names
        2. 17.2.2. Active Directory and the Internet
        3. 17.2.3. Active Directory everywhere
      3. 17.3. Inside Active Directory
        1. 17.3.1. If it walks like a duck ...
        2. 17.3.2. The Active Directory database structure
        3. 17.3.3. Active Directory objects
        4. 17.3.4. Active Directory schema
        5. 17.3.5. Object attributes
        6. 17.3.6. Walking the Active Directory
        7. 17.3.7. Naming conventions
        8. 17.3.8. Domain objects
        9. 17.3.9. Organizational units
        10. 17.3.10. Trees
        11. 17.3.11. Forests
        12. 17.3.12. Trusts
        13. 17.3.13. The global catalog
        14. 17.3.14. My active directory
      4. 17.4. Bridging the Divide: Legacy Windows and Windows Server 2008
        1. 17.4.1. Single point of access and administration
        2. 17.4.2. Domains and more domains
        3. 17.4.3. Intra-domain trust relationships
        4. 17.4.4. Access control lists and access tokens
      5. 17.5. Summary
    3. 18. Planning for Active Directory
      1. 18.1. Active Directory Overview
      2. 18.2. Basic Design Principles
      3. 18.3. Active Directory Structure
        1. 18.3.1. A domain plan
        2. 18.3.2. Site topology
        3. 18.3.3. A forest plan
        4. 18.3.4. A trust plan
        5. 18.3.5. An organizational unit plan
      4. 18.4. Planning for the Active Directory Enterprise
        1. 18.4.1. Naming strategy plan
        2. 18.4.2. Domain and organizational units plan
        3. 18.4.3. Branch office plan
          1. 18.4.3.1. Structural planning
          2. 18.4.3.2. Replication planning
          3. 18.4.3.3. Hub site planning
          4. 18.4.3.4. Site staging planning
          5. 18.4.3.5. Domain controller planning
      5. 18.5. Administration Planning
        1. 18.5.1. Delegating administration
        2. 18.5.2. Delegating forests, trees, and organizational units
        3. 18.5.3. Implementing object security
          1. 18.5.3.1. Simple and multilevel inheritance
          2. 18.5.3.2. Defining object visibility in Active Directory
        4. 18.5.4. Administrative roles
          1. 18.5.4.1. Efficient enterprisewide group nesting
          2. 18.5.4.2. Building the administrative hierarchy
      6. 18.6. Migration Planning
        1. 18.6.1. Upgrade plan
        2. 18.6.2. Restructuring plan
        3. 18.6.3. Migration tools
        4. 18.6.4. Test-lab plan
        5. 18.6.5. Backup and recovery plan
      7. 18.7. Deploying the Plan
      8. 18.8. Summary
    4. 19. Organizing a Logical Domain Structure
      1. 19.1. Keepers of the New Order
      2. 19.2. Active Directory Infrastructure Planning
      3. 19.3. Planning for the Logical Domain Structure
        1. 19.3.1. Preparing yourself mentally
          1. 19.3.1.1. Forget about conversion
          2. 19.3.1.2. Stay out of Active Directory
        2. 19.3.2. Assembling the team
        3. 19.3.3. The domain planning committee
        4. 19.3.4. Domain management
        5. 19.3.5. Change control management
        6. 19.3.6. Domain security
        7. 19.3.7. Intradomain communication
        8. 19.3.8. Education and information
        9. 19.3.9. Surveying the enterprise
        10. 19.3.10. Enterprise analysis
        11. 19.3.11. Enterprise environments
          1. 19.3.11.1. The external environment
          2. 19.3.11.2. The internal environment
          3. 19.3.11.3. The extra environment
        12. 19.3.12. Working with organizational charts
        13. 19.3.13. Identifying the Key Management Entities
        14. 19.3.14. Strategic drivers
        15. 19.3.15. Identifying the logical units
        16. 19.3.16. Identifying the physical units
        17. 19.3.17. Documentation
        18. 19.3.18. Administrative modeling
          1. 19.3.18.1. Centralized administration
          2. 19.3.18.2. Decentralized administration
          3. 19.3.18.3. The good, the bad, and the unwise
      4. 19.4. Logical Domain Structure: The Blueprint
        1. 19.4.1. The top-level domain
          1. 19.4.1.1. Naming the root
          2. 19.4.1.2. The function of the root
        2. 19.4.2. DNS naming practices
          1. 19.4.2.1. Use Internet DNS names
          2. 19.4.2.2. Make sure that namespaces are unique
          3. 19.4.2.3. Keep legacy clients in mind
        3. 19.4.3. Second-level domains
          1. 19.4.3.1. Managing separated departments
          2. 19.4.3.2. Managing replication overhead and network latency
          3. 19.4.3.3. Managing the decentralized administration models
          4. 19.4.3.4. Managing autonomous divisions
          5. 19.4.3.5. Managing a diversity of domain policy
          6. 19.4.3.6. Managing international partitions
          7. 19.4.3.7. Managing security requirements
          8. 19.4.3.8. Managing information hiding and resource publishing
          9. 19.4.3.9. Constructive partitioning of the directory
      5. 19.5. Partitioning the Domain
        1. 19.5.1. Organizational units
        2. 19.5.2. Working with groups
        3. 19.5.3. Securing the partitions
      6. 19.6. Summary
    5. 20. Active Directory Physical Architecture
      1. 20.1. Past, Present, and Future
      2. 20.2. Forests and Trusts
        1. 20.2.1. Forest choice design implications
      3. 20.3. Domain Controllers and Global Catalogs
        1. 20.3.1. Domain controllers
        2. 20.3.2. Global catalogs
        3. 20.3.3. The DC and GC locator services
        4. 20.3.4. Design decisions
          1. 20.3.4.1. Architecture
      4. 20.4. Sites
        1. 20.4.1. Replication within sites
        2. 20.4.2. Site links
        3. 20.4.3. Site link bridges
        4. 20.4.4. Connection objects between sites
      5. 20.5. Active Directory Replication
        1. 20.5.1. How replication works
      6. 20.6. Directory Synchronization
      7. 20.7. Active Directory Site Design and Configuration
        1. 20.7.1. Topology
        2. 20.7.2. Creating DC sites
        3. 20.7.3. Deploying domain controllers
        4. 20.7.4. Securing domain controllers
          1. 20.7.4.1. Schema Master
          2. 20.7.4.2. Domain Naming Master
          3. 20.7.4.3. RID (Relative Identifier) Master
          4. 20.7.4.4. PDC (Primary Domain Controller) Emulator
          5. 20.7.4.5. Infrastructure Master
          6. 20.7.4.6. Miscellaneous roles for domain controllers
        5. 20.7.5. Deploying GC servers
        6. 20.7.6. Deploying DNS servers
        7. 20.7.7. A DDNS architecture
        8. 20.7.8. Hub sites
        9. 20.7.9. Deploying WINS servers
          1. 20.7.9.1. Best practices
        10. 20.7.10. Deploying DHCP servers
      8. 20.8. A Site Architecture
        1. 20.8.1. Architecture
        2. 20.8.2. Site link cost
          1. 20.8.2.1. Site links cost factor charts
          2. 20.8.2.2. The AD replication schedule and notification
          3. 20.8.2.3. Transports
          4. 20.8.2.4. Connection objects
          5. 20.8.2.5. Site link bridge
          6. 20.8.2.6. Site layout and topology
      9. 20.9. Time
        1. 20.9.1. Time service architecture
          1. 20.9.1.1. Best practice
      10. 20.10. Summary
    6. 21. Active Directory Installation and Deployment
      1. 21.1. Getting Ready to Deploy
      2. 21.2. Millennium City Active Directory Deployment Plan
      3. 21.3. Executive Summary
        1. 21.3.1. MCITY network
        2. 21.3.2. The GENESIS domain
          1. 21.3.2.1. Physical location of GENESIS
          2. 21.3.2.2. Network specifics of GENESIS
          3. 21.3.2.3. GENESIS site object specifics
          4. 21.3.2.4. GENESIS subnet object specifics
          5. 21.3.2.5. Domain health and security
        3. 21.3.3. The CITYHALL domain
          1. 21.3.3.1. Physical location of CITYHALL
          2. 21.3.3.2. Network specifics of CITYHALL
          3. 21.3.3.3. CITYHALL site object specifics
          4. 21.3.3.4. CITYHALL subnet object specifics
          5. 21.3.3.5. Domain health and security
        4. 21.3.4. The DITT domain
          1. 21.3.4.1. Network specifics of DITT
        5. 21.3.5. The MCPD domain
          1. 21.3.5.1. Network specifics of DITT
      4. 21.4. Installing and Testing the Active Directory Domain Controllers
        1. 21.4.1. Installing the DC machine
          1. 21.4.1.1. Server name
          2. 21.4.1.2. Server IP address
          3. 21.4.1.3. Choosing a workgroup
          4. 21.4.1.4. Services
          5. 21.4.1.5. Choosing a Terminal Services mode
        2. 21.4.2. Promoting to domain controller
        3. 21.4.3. Establishing in DNS/WINS
          1. 21.4.3.1. Testing DNS and WINS
          2. 21.4.3.2. Testing Active Directory domains and trusts
        4. 21.4.4. Creating sites
          1. 21.4.4.1. The site object
          2. 21.4.4.2. Creating server objects
          3. 21.4.4.3. Creating the subnet objects
          4. 21.4.4.4. Creating the site link objects
          5. 21.4.4.5. Creating the site link bridge object
        5. 21.4.5. Creating organizational units (OUs)
        6. 21.4.6. Delegating OU administration
        7. 21.4.7. Securing the DC and following disaster recovery protocol
      5. 21.5. Implementation
        1. 21.5.1. Install
        2. 21.5.2. IP address reservations
        3. 21.5.3. Installation of the root domain, MCITY.US
        4. 21.5.4. Quality assurance
      6. 21.6. Summary
    7. 22. Active Directory Management
      1. 22.1. Installing New Directory Services into an Existing Infrastructure
      2. 22.2. Replication Management
      3. 22.3. Installing New Domain Controllers
      4. 22.4. Installing New Catalog Servers
      5. 22.5. Protecting Active Directory from Corruption
        1. 22.5.1. Online and offline database defragmentation
        2. 22.5.2. Ensuring database integrity
      6. 22.6. Moving Active Directory
      7. 22.7. Integrating Active Directory with Other Services
        1. 22.7.1. Active Directory and SQL Server
        2. 22.7.2. Active Directory and Microsoft Exchange
      8. 22.8. Logon without the Global Catalog
      9. 22.9. Active Directory and DNS
      10. 22.10. Active Directory Administration Architecture
        1. 22.10.1. Architecture
        2. 22.10.2. Windows Server 2008 group membership
        3. 22.10.3. Network services administration
        4. 22.10.4. Administration of Enterprise Service Servers
        5. 22.10.5. Remote workstation administration architecture
        6. 22.10.6. Terminal Services policy
        7. 22.10.7. Secure administration
          1. 22.10.7.1. Administrator account abuse
          2. 22.10.7.2. Using admin accounts
          3. 22.10.7.3. Secure administrative workstations
          4. 22.10.7.4. Console access
          5. 22.10.7.5. Member server/workstation management
      11. 22.11. Summary
  9. IV. Change Control and Workplace Management
    1. 23. Managing Users and Groups
      1. 23.1. The Windows Server 2008 Account: A User's Resource
        1. 23.1.1. What is a user?
        2. 23.1.2. What are contacts?
        3. 23.1.3. Local users and "local users"
        4. 23.1.4. What is a group?
          1. 23.1.4.1. Groups versus organizational units
          2. 23.1.4.2. A network from the viewpoint of users and groups
        5. 23.1.5. Exploring the Users and Computers management tools
        6. 23.1.6. Windows Server 2008 user accounts
          1. 23.1.6.1. Domain accounts
          2. 23.1.6.2. Local accounts
          3. 23.1.6.3. Predefined accounts
          4. 23.1.6.4. Administrator account
          5. 23.1.6.5. Guest account
          6. 23.1.6.6. The Internet user account
        7. 23.1.7. Account policy
        8. 23.1.8. Security principals and the logon authentication process
        9. 23.1.9. Security identifiers
        10. 23.1.10. SAM and LSA authentication
      2. 23.2. User Accounts in Action
        1. 23.2.1. Getting familiar with RunAs
        2. 23.2.2. Naming user accounts
        3. 23.2.3. Passwords
        4. 23.2.4. Understanding logon
        5. 23.2.5. Granting remote access
        6. 23.2.6. Creating a user account
          1. 23.2.6.1. The User Principal Name
          2. 23.2.6.2. Setting properties
            1. 23.2.6.2.1. General tab properties
            2. 23.2.6.2.2. Account tab properties
            3. 23.2.6.2.3. Logon hours
            4. 23.2.6.2.4. Profile tab properties
            5. 23.2.6.2.5. Organization tab properties
            6. 23.2.6.2.6. Member Of tab properties
            7. 23.2.6.2.7. Dial-in tab properties
        7. 23.2.7. Renaming user accounts
        8. 23.2.8. Deleting and disabling user accounts
        9. 23.2.9. Copying accounts
      3. 23.3. Computer Accounts
      4. 23.4. Group Accounts
        1. 23.4.1. The scope of groups
        2. 23.4.2. The elements of groups
        3. 23.4.3. Installing predefined groups
        4. 23.4.4. Groups on member servers
        5. 23.4.5. Nesting groups
        6. 23.4.6. Group creation
          1. 23.4.6.1. Setting up the group
            1. 23.4.6.1.1. General tab
            2. 23.4.6.1.2. Members tab
            3. 23.4.6.1.3. Member Of tab
            4. 23.4.6.1.4. Managed By tab
          2. 23.4.6.2. More about adding users to groups
        7. 23.4.7. Managing groups
        8. 23.4.8. Rights and permissions
          1. 23.4.8.1. Privileges
          2. 23.4.8.2. Logon rights
        9. 23.4.9. Mixed mode versus native mode
      5. 23.5. The Zen of Managing Users and Groups
        1. 23.5.1. Delegating responsibility
      6. 23.6. User and Group Management Strategies
        1. 23.6.1. Keep your eye on TCO
          1. 23.6.1.1. Don't manage users, manage groups
          2. 23.6.1.2. Refuse new group requests
        2. 23.6.2. Determine the access and privileges needed
        3. 23.6.3. Determine the security level
        4. 23.6.4. Protect resources and lessen the load by using Local groups
        5. 23.6.5. Delegate with care
        6. 23.6.6. Keep changes to a minimum
      7. 23.7. Summary
    2. 24. Change Control, Group Policy, and Workspace Management
      1. 24.1. What Is Change Control?
      2. 24.2. Understanding Change Management
        1. 24.2.1. The user
        2. 24.2.2. The computer
      3. 24.3. Taking Control
        1. 24.3.1. Applications
        2. 24.3.2. Security
        3. 24.3.3. Operating-system environment
        4. 24.3.4. Workstation lockdown
        5. 24.3.5. Getting ready for change-control policy
      4. 24.4. Understanding Group Policy
        1. 24.4.1. Types of Group Policy
        2. 24.4.2. The elements of Group Policy
          1. 24.4.2.1. The Group Policy Object
          2. 24.4.2.2. Active Directory containers
          3. 24.4.2.3. Group Policy links
          4. 24.4.2.4. The policy
          5. 24.4.2.5. Explain text
          6. 24.4.2.6. The Group Policy Editor
          7. 24.4.2.7. Computer Configuration and User Configuration
        3. 24.4.3. Where GPOs live
          1. 24.4.3.1. Group Policy Template structure
          2. 24.4.3.2. The gpt.ini file
      5. 24.5. How Group Policy Works
        1. 24.5.1. Local or nonlocal Group Policy Objects
        2. 24.5.2. Group Policy application
        3. 24.5.3. Filtering policy
        4. 24.5.4. Delegating control of GP
        5. 24.5.5. Security at the local Group Policy Objects
        6. 24.5.6. How Group Policy is processed
          1. 24.5.6.1. Merge mode
          2. 24.5.6.2. Replace mode
          3. 24.5.6.3. GP processing streams
          4. 24.5.6.4. Group Policy refresh rate
          5. 24.5.6.5. Optional Group Policy processing
          6. 24.5.6.6. Group Policy processing over low bandwidth
          7. 24.5.6.7. Specifying domain controllers for GP
      6. 24.6. Putting Group Policy to Work
        1. 24.6.1. The software policies
        2. 24.6.2. Security policies
      7. 24.7. Group Policy and Change Management: Putting It All Together
        1. 24.7.1. Don't accept the default policy
        2. 24.7.2. Establishing a GP attack plan
        3. 24.7.3. Dealing with computer accounts
      8. 24.8. Getting Started
        1. 24.8.1. Customizing logon/logoff
        2. 24.8.2. Locking down the desktop
        3. 24.8.3. Controlling the Start menu
        4. 24.8.4. Folder redirection
        5. 24.8.5. Older versions of Windows
      9. 24.9. Change Control Management for Group Policy
        1. 24.9.1. From development to production with Group Policy
        2. 24.9.2. Change control for Group Policy
        3. 24.9.3. Planning and troubleshooting GP by using the Group Policy Results Wizard
      10. 24.10. Architecting Group Policy
        1. 24.10.1. Password policy
        2. 24.10.2. Account lockout policy
        3. 24.10.3. Audit policy
        4. 24.10.4. Event log
        5. 24.10.5. Locking down Domain Admins
      11. 24.11. Summary
    3. 25. Service Level
      1. 25.1. Understanding Service Level
        1. 25.1.1. Service level: example 1
        2. 25.1.2. Service level: example 2
        3. 25.1.3. The service level agreement
      2. 25.2. Service Level Management
        1. 25.2.1. Problem detection
        2. 25.2.2. Performance management
        3. 25.2.3. Availability
        4. 25.2.4. SLM by design
      3. 25.3. SLM and Windows Server 2008
      4. 25.4. Windows Server 2008 System Monitoring Architecture
        1. 25.4.1. Understanding rate and throughput
        2. 25.4.2. Understanding queues
        3. 25.4.3. Understanding response time
        4. 25.4.4. How performance objects work
        5. 25.4.5. System monitoring tools
      5. 25.5. Task Manager
      6. 25.6. Reliability and Performance Console
        1. 25.6.1. Performance Monitor
        2. 25.6.2. Performance Logs and Alerts
        3. 25.6.3. Creating Data Collector Sets
      7. 25.7. Getting to Know Your Servers
        1. 25.7.1. Monitoring for bottlenecks
        2. 25.7.2. Understanding server workload
      8. 25.8. Performance Monitoring Overhead
      9. 25.9. Service Level with Microsoft Systems Center Operations Manager
      10. 25.10. Summary