CONTENTS AT A GLANCEPart I Managing and Maintaining a Microsoft Windows Server 2003 Environment Exam 70-290.. 259 Part II Implementing, Managing, and Maintaining a Microsoft Windows Serv
Trang 2London • Madrid • Mexico City • Milan • New Delhi
San Juan • Seoul • Singapore • Sydney • Toronto
Trang 3Copyright © 2004 by The McGraw-Hill Companies All rights reserved Except as permitted under the United States Copyright Act of
1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher
ISBN: 978-0-07-163353-6
MHID: 0-07-163353-7
The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-222406-1, MHID: 0-07-222406-1
All trademarks are trademarks of their respective owners Rather than put a trademark symbol after every occurrence of a trademarkedname, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark Where such designations appear in this book, they have been printed with initial caps
McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate trainingprograms To contact a representative please visit the Contact Us page at www.mhprofessional.com
Information has been obtained by McGraw-Hill/Osborne from sources believed to be reliable However, because of the possibility ofhuman or mechanical error by our sources, McGraw-Hill/Osborne, or others, McGraw-Hill/Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use ofsuch information
TERMS OF USE
This is a copyrighted work and The McGraw-Hill Companies, Inc (“McGraw-Hill”) and its licensors reserve all rights in and to the work.Use of this work is subject to these terms Except as permitted under the Copyright Act of 1976 and the right to store and retrieve onecopy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, trans-mit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent You may use thework for your own noncommercial and personal use; any other use of the work is strictly prohibited Your right to use the work may beterminated if you fail to comply with these terms
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TOTHE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUD-ING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, ANDEXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WAR-RANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE McGraw-Hill and its licensors do not warrant
or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free.Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, inthe work or for any damages resulting therefrom McGraw-Hill has no responsibility for the content of any information accessed throughthe work Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, conse-quential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises
in contract, tort or otherwise
Disclaimer:
This eBook does not include the ancillary media that was
packaged with the original printed version of the book
Trang 4The logo of the CompTIA Authorized Quality Curriculum Program and the status of this
or other training material as “Authorized” under the CompTIA Authorized CurriculumProgram signifies that, in CompTIA’s opinion, such training material covers the content
of the CompTIA’s related certification exam CompTIA has not reviewed or approvedthe accuracy of the contents of this training material and specifically disclaims any war-ranties of merchantability or fitness for a particular purpose CompTIA makes no guar-antee concerning the success of persons using any such “Authorized” or other trainingmaterial in order to prepare for any CompTIA certification exam
The contents of this training material were created for the CompTIA A+ exams ing CompTIA certification exam objectives that were current as of September 2003
cover-How to Become CompTIA Certified
This training material can help you prepare for and pass a related CompTIA tion exam or exams In order to achieve CompTIA certification, you must register forand pass a CompTIA certification exam or exams
certifica-In order to become CompTIA certified, you must:
1 Select a certification exam provider For more information please visit http://
www.comptia.org/certification/test_locations.htm
2 Register for and schedule a time to take the CompTIA certification exam(s) at a
convenient location
3 Read and sign the Candidate Agreement, which will be presented at the time of
the exam(s) The text of the Candidate Agreement can be found at www.comptia.org/certification
4 Take and pass the CompTIA certification exam(s).
For more information about CompTIA’s certifications, such as their industry tance, benefits, or program news, please visit www.comptia.org/certification
accep-CompTIA is a non-profit information technology (IT) trade association accep-CompTIA’scertifications are designed by subject matter experts from across the IT industry EachCompTIA certification is vendor-neutral, covers multiple technologies, and requiresdemonstration of skills and knowledge widely sought after by the IT industry
To contact CompTIA with any questions or comments:
Please call + 1 630 268 1818
questions@comptia.org
Trang 5For Lt Colonel Lloyd W Smith, United States Air Force: thebravery it took to face what you did at Pearl Harbor, D-Day,and in Korea is quite literally beyond my comprehension.Thank you I hope my life honors the gift you helped provide.For happy Jen, for the sweet way you get indignant at the
thought of others editing my work
—B.C.This book is dedicated to family and friends whose patience
and understanding make all of the difference
—M.H.This book is dedicated to Lloyd Of all the lessons in life I wish
to teach you, the most important one is that you can doanything you set your mind to If your Dad can write a book,then you can become a marine biologist Or a baseball player
Or even play football for the Ducks
—J.B
Trang 6ABOUT THE AUTHORS
Brian Culp (MCT, MCSE, A+) worked for a small networking outfit called IBM where he
discovered why Dilbert is so popular He is the author of Mike Meyers’ MCSE Windows
2000 Professional Certification Passport and Mike Meyers’ MCSE Windows XP Professional Certification Passport He has also contributed to several other computer titles, including
books on Windows XP and Outlook 2003 He can be reached for questions or speakingengagements at bculp@everestkc.net
Mike Harwood (MCT, MCSE, A+, Server+) is a system manager for a multi-site network
and manages projects for a TecMetrix communications, a systems integration tancy He performs technical training, writes technical courseware, and is co-author ofseveral computer books
consul-Jason Berg is a full-time technical instructor and part-time writer This is his first book,
but definitely not his last He teaches hardware, networking, Cisco, and Microsoft ication courses Jason is the founder of 2weekmcse.com, a technical training companyspecializing in certification classes Jason is a graduate of the University of Oregon Hehas earned the MCSE, MCT, and MCDBA certifications from Microsoft and CCNA certif-ication from Cisco He lives in Portland, Oregon, with his wife, Rebecca, son Lloyd, anddog Shari You can reach Jason at jberg@2WeekMCSE.com or on his web site, www.2WeekMCSE.com
certif-About the Development Editor
Drew Bird has been working in the IT industry since 1988 In addition to writing
techni-cal books and exam study guides, he is an established technitechni-cal trainer with over 500days of in-classroom experience teaching Microsoft and Novell networking courses.Drew and his wife, Zoë, live in the hills outside of Kelowna, British Columbia, Canada
In his spare time Drew is an avid adventure racer, scuba diver, skier, and snowboarder
He also enjoys watching the odd film or two
About the Technical Reviewer
Matteo Rustico (MCSE, MCT, OCP, CNE) has ten years’ experience in the IT industry
and is currently working as an instructor and consultant for Destech Consulting and ucation in Toronto, Canada, as part the Oracle database and Microsoft Networking Im-plementation Teams
Trang 7Ed-About LearnKey
LearnKey provides self-paced learning content and multimedia delivery solutions to
en-hance personal skills and business productivity LearnKey claims the largest library ofrich streaming-media training content that engages learners in dynamic media-rich in-struction complete with video clips, audio, full motion graphics, and animated illustra-tions LearnKey can be found on the Web at www.LearnKey.com
Trang 8CONTENTS AT A GLANCE
Part I Managing and Maintaining a Microsoft Windows Server
2003 Environment (Exam 70-290) 1
Chapter 1 Managing and Maintaining Physical and Logical Devices 3
Chapter 2 Managing Users, Computers, and Groups 69
Chapter 3 Managing and Maintaining Access to Resources 145
Chapter 4 Managing and Maintaining a Server Environment 203
Chapter 5 Managing and Implementing Disaster Recovery 259
Part II Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam 70-291) 297
Chapter 6 Administering DNS in a Windows Server 2003 Network 299
Chapter 7 Implementing, Managing, and Maintaining IP Addressing 315
Chapter 8 Implementing, Managing, and Maintaining Name Resolution 357
Chapter 9 Implementing, Managing, and Maintaining Routing and Remote Access 387
Chapter 10 Managing Network Security 429
Chapter 11 Maintaining a Network Infrastructure 467
Part III Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam 70-293) 499
Chapter 12 Implementing Server Security 501
Chapter 13 Planning, Implementing, and Maintaining a Network Infrastructure 541
Chapter 14 Planning, Implementing, and Maintaining Routing and Remote Access 589
Chapter 15 Maintaining Server Availability 619
Chapter 16 Planning and Maintaining Network Security 659
Chapter 17 Planning and Maintaining a Security Infrastructure 695
vii
Trang 9Part IV Planning, Implementing, and Maintaining a Microsoft
Windows Server 2003 Active Directory Infrastructure
(Exam 70-294) 729
Chapter 18 About Directory Services 731
Chapter 19 Planning and Implementing an Active Directory Infrastructure 751
Chapter 20 Planning and Implementing User, Computer, and Group Strategies 791
Chapter 21 Managing and Maintaining an Active Directory Infrastructure 839
Chapter 22 Planning and Implementing Group Policy 875
Chapter 23 Managing and Maintaining Group Policy 921
Appendix About the CD 967
Index 971
MCSE Windows Server 2003 All-in-One Exam Guide
viii
Trang 10Acknowledgments xxvii
Introduction xxxi
Part I Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) 1
Chapter 1 Managing and Maintaining Physical and Logical Devices 3
Installing, Configuring, and Troubleshooting Devices 4
Installing Devices Using Plug-and-Play 4
Installing Hardware Detected by Server 2003 5
Installing Devices Using the Add Hardware Wizard 7
Lab Exercise 1.1: Installing a New Device Using the Add Hardware Wizard 7
Using the Help and Support Center to Install Hardware 10
Using Device Manager 12
Updating Drivers Using Device Manager 12
Managing Device Properties 13
Hardware Profiles 15
Driver Signing 16
Signature Verification 18
Windows Update and Automatic Update 18
Installing Multiple Processors 19
Managing Ports 20
Installing and Managing Printers 21
Installing a Network Printer 21
Installing a Local Printer 22
Lab Exercise 1.2: Installing a Local Printer 22
Configuring Printers 24
Installing Ports 24
Lab Exercise 1.3: Adding a Unix Printer to a Windows 2003 Print Server 25
Loading Additional Drivers 27
Allowing Access to Printers 27
Sharing a Printer 27
Print Priorities and Availability 28
Printer Pooling 29
Managing Printers 30
Managing Printers Using Internet Explorer 30
ix
Trang 11MCSE Windows Server 2003 All-in-One Exam Guide
x
Redirecting Print Jobs 32
Troubleshooting Printers 33
Physical Disks 33
SCSI 33
IDE 33
ARC Path Designation 34
Using Disk Management 35
Lab Exercise 1.4: Creating a Custom Console 36
Basic vs Dynamic Disks 38
Basic Disks 38
Dynamic Disks 39
Disk Management Tools and Tasks 43
Hardware RAID 44
Installing a Physical Disk 45
Moving a Disk 46
Lab Exercise 1.5: Rescanning a Disk from the Command Prompt 48
Upgrading to Dynamic Disks 48
Hot Swappable Drives 48
Converting FAT Volumes to NTFS 49
File Systems 49
FAT 50
NTFS 51
Compression 51
Lab Exercise 1.6: Using Compression 53
Encryption 55
Chapter Review 60
Questions 61
Answers 66
Chapter 2 Managing Users, Computers, and Groups 69
User Accounts 70
Local User Accounts 71
Built-in Accounts 72
Built-in Groups 74
Local Groups 75
Active Directory 76
Domain User Accounts 78
Built-in Domain User Accounts 79
Creating a Domain User Account 81
Lab Exercise 2.1: Creating a Domain User Account 81
Configuring User Account Properties 83
Configuring User Information 84
Configuring Logon Options 85
Configuring Logon Hours 86
Limiting Users to Certain Computers 86
Trang 12Configuring Account and Password Options 88
Configuring User Profiles and Home Folders 89
Lab Exercise 2.2: Creating a Roaming Profile 90
Configuring Organizational Relationships 92
Configuring Terminal Services for User Accounts 93
Configuring Group Membership 97
Configuring Remote Access 98
Configuring Account Permissions 101
Viewing the User’s Canonical Name 102
Implementing Certificates for User Accounts 102
User Account Administrative Tasks 103
Resetting Passwords 103
Unlocking User Accounts 104
Disabling and Enabling User Accounts 104
Renaming User Accounts 105
Moving a User Account 107
Lab Exercise 2.3: Moving a User Account 107
Implementing Security for User Accounts 108
Configuring a Password Policy 108
Configuring a Lockout Policy 110
Renaming the Administrator and Guest Accounts 110
Auditing Account Logon Attempts 111
Computer Accounts 112
Creating Computer Accounts 112
Configuring Computer Account Properties 114
Viewing Operating System Information 114
Configuring Group Membership 114
Configuring Location 114
Configuring Computer Management 115
Viewing the Computer’s Common Name 115
Configuring Account Permissions 116
Configuring Remote Install Options 116
Contacts 119
Creating and Modifying Objects Using Automation 120
Comma-Separated Value Directory Exchange (csvde) 120
LDAP Data Interchange Format Directory Exchange (ldifde) 122
Troubleshooting Logons 124
Computer Account Is Not valid 124
Domain Controller Cannot Be Found 125
Domain Groups 125
Domain Local Group 127
Global Groups 128
Universal Groups 128
Contents
xi
Trang 13MCSE Windows Server 2003 All-in-One Exam Guide
xii
Lab Exercise 2.4: Creating Groups and Adding Members
to Groups 129
Granting Access Between Domains 131
Trust Relationships 131
How Groups Are Used to Grant Access to Resources 133
Windows 2000 and 2003 Group Rules 133
Chapter Review 135
Questions 136
Answers 142
Chapter 3 Managing and Maintaining Access to Resources 145
Implementing File and Folder NTFS Permissions 146
ACLs and ACEs 146
Permissions 147
NTFS Folder Permissions 148
NTFS File Permissions 150
Share Permissions 151
Combining NTFS and Share Permission 152
Lab Exercise 3.1: Solving Permissions Problems 153
Special (Specific) Permissions 154
Assigning and Modifying Permissions 157
Lab Exercise 3.2: Assigning NTFS Permissions 158
Lab Exercise 3.3: Assigning Special Permissions 159
Transferring Ownership 160
Permission Inheritance 162
Default Permissions 163
Blocking Inheritance 164
Lab Exercise 3.4: Setting Permissions on the Root Drive 166
Viewing a User’s Effective Permissions 167
Creating and Managing Shares 168
Creating and Managing Shares from the Shared Folders Snap-In 168
Creating Shares from Windows Explorer 169
Creating Shares Using the Roles Wizard 170
Lab Exercise 3.5: Creating a Shared Folder Using the Manage Your Server Wizard 170
Creating Shares Using the Command Line 172
Sharing Folders Using Web Sharing 172
Offline Caching 173
Lab Exercise 3.6: Configuring Offline Settings in Group Policy 176
Implementing Shadow Copies 178
Implementing and Managing the Distributed File System (DFS) 183
Lab Exercise 3.7: Creating a DFS Hierarchy 184
Domain-Based Root 185
Standalone Root 185
Trang 14xiii
Auditing Access to Resources 186
Enabling Auditing 186
Installing and Configuring Terminal Services 188
Installing and Configuring Terminal Services 189
Terminal Services Licensing 189
Remote Desktop Connection (Terminal Services Client) 190
The Remote Desktop Protocol 193
Lab Exercise 3.8: Installing the Remote Desktop Client and Connecting to a Terminal Server 193
Chapter Review 195
Questions 195
Answers 201
Chapter 4 Managing and Maintaining a Server Environment 203
Monitoring Performance and System Events 204
Using Task Manager to Monitor and Improve System Performance 204
Using the Event Viewer 209
Configuring Event Viewer Settings in Group Policy 212
Using System Monitor 212
Using Performance Logs and Alerts 213
Lab Exercise 4.1: Using System Monitor and Performance Logs 217
Increasing Performance by Modifying Virtual Memory 219
Allocating Virtual Memory 219
Moving the Paging File 220
Modifying Processor and Memory Performance 221
Windows Update and Automatic Updates 222
Maintaining Software by Using Software Update Services 222
Managing Servers Remotely Using Terminal Services (Remote Desktop) 224 Managing File and Print Servers 226
Using Quotas 226
Using Disk Defragmenter 228
Using Disk Cleanup 231
Monitoring and Managing Print Jobs 232
Implementing and Managing Internet Information Services (IIS) 6.0 232
Installing and Configuring IIS 233
Installing Internet Information Services 6.0 233
Lab Exercise 4.2: Installing IIS 6.0 234
Configuring Web Sites 235
Lab Exercise 4.3: Creating a New Web Site 237
Lab Exercise 4.4: Configuring a Virtual Directory 242
Monitoring Web Sites 246
Securing Web Sites 247
How Delta Airlines Uses Web Certificates 251
Trang 15MCSE Windows Server 2003 All-in-One Exam Guide
xiv
Chapter Review 253
Questions 253
Answers 257
Chapter 5 Managing and Implementing Disaster Recovery 259
Developing a Backup and Recovery Solution 260
Document, Document, Document 260
Build a Disaster Recovery Kit 260
Developing a Backup Strategy 261
What Should Be Backed Up? 261
What Is the Recovery Point? 262
What Is the Time Frame for Recovery? 263
What Is the Risk Tolerance? 263
How Critical Is this Server to My Enterprise? 264
Implementing Your Backup and Recovery Plan 266
Test the Solution 266
Backup Types 267
Using Backup Utility for Windows 268
Using the Backup Wizard 269
Performing a Backup Using Advanced Mode 271
Scheduling Backups 275
Backing Up the System State 277
Lab Exercise 5.1: Backing Up and Verifying the System State Data 278
Restoring Data 278
Restoring Data Using the Restore Wizard 279
Restoring Data Manually 280
Restoring the System State 280
Lab Exercise 5.2: Performing an Authoritative Restore 283
Troubleshooting Boot Failures 284
Safe Mode 285
Safe Mode with Networking 285
Safe Mode with Command Prompt 285
Enable Boot Logging 286
Enable VGA Mode 286
Last Known Good Configuration 286
Debugging Mode 287
Recovery Console 287
Directory Services Restore Mode 288
Creating an Automated System Recovery 288
Lab Exercise 5.3: Creating an Automatic System Recovery 289
Restoring from the ASR 289
Lab Exercise 5.4: Using ASR to Recover a Failed System 290