ebook img

MCSE planning a Windows Server 2003 network infrastructure (exam 70-293) PDF

418 Pages·2003·6.758 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview MCSE planning a Windows Server 2003 network infrastructure (exam 70-293)

This page intentionally left blank Color profile: Generic CMYK printer profiPPlaaessssppoorrtt// MMiikkee MMeeyyeerrss'' MMCCSSEE PPaassssppoorrtt // BBrroowwnn && MMccCCaaiinn // 222222556699--66 // Composite Default screen FFMM::ii MCSE Planning a Windows Server 2003 N e t w o r k I n f r a s t r u c t u r e MMaarrttiinn CC..BBrroowwnn CChhrriiss MMccCCaaiinn New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto P:\010Comp\Passport\569-6\fm.vp Wednesday, October 08, 2003 12:51:46 PM Color profile: Generic CMYK priPnatsers pporrotfi/ lMeike Meyers' MCSE Passport / Brown & McCain / 222569-6 / Chapteri Composite Default screen McGraw-Hill/Osborne 2100 Powell Street,10thFloor Emeryville,California 94608 U.S.A. Toarrangebulkpurchasediscountsforsalespromotions,premiums,orfund-raisers, please contact McGraw-Hill/Osborne at the above address. For information on translations or book distributors outside the U.S.A., please see the International ContactInformationpageimmediatelyfollowingtheindexofthisbook. Mike Meyers’ MCSE Planning a Windows® Server 2003 Network InfrastructureCertificationPassport (Exam 70-293) Copyright©2003byTheMcGraw-HillCompanies.Allrightsreserved.Printedin theUnitedStatesofAmerica.ExceptaspermittedundertheCopyrightActof1976, nopartofthispublicationmaybereproducedordistributedinanyformorbyany means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered,stored,andexecutedinacomputersystem,buttheymaynotbereproduced for publication. 1234567890 DOC DOC 019876543 Book p/n 0-07-222569-6 and CD p/n 0-07-222571-8 parts of ISBN 0-07-222570-X Publisher Proofreader Brandon A.Nordin Linda Medoff Vice President & Associate Publisher Indexer Scott Rogers Valerie Perry Senior Acquisitions Editor Composition Nancy Maragioglio Kelly Stanton-Scott and Tara A.Davis Project Manager Illustrators Betsy Manini Lyssa Wald,Kathleen Fay Edwards, Melinda Lytle and Jackie Sieben Project Editor Emily Rader Series Design epic,Peter F.Hancik and Acquisitions Coordinator Kelly Stanton-Scott Jessica Wilson Cover Series Design Technical Editor Ted Holladay Damir Bersinic Copy Editors Sally Engelfried,Bob Campbell and Andrea Boucher This book was composed with Corel VENTURA™ Publisher. InformationhasbeenobtainedbyMcGraw-Hill/Osbornefromsourcesbelievedtobereliable.However,because ofthepossibilityofhumanormechanicalerrorbyoursources,McGraw-Hill/Osborne,orothers,McGraw-Hill/ Osbornedoesnotguaranteetheaccuracy,adequacy,orcompletenessofanyinformationandisnotresponsiblefor any errors or omissions or the results obtained from the use ofsuch information. P:\010Comp\Passport\569-6\fm.vp Wednesday, October 08, 2003 1:56:47 PM Color profile: Generic CMYK printer profiPlaessport/ Mike Meyers' MCSE Passport / Brown & McCain / 222569-6 / Composite Default screen blind folioiii About the Authors MartinC.Brown,aprofessionalwriterforoverfouryears,istheauthorofboth thePerlandPython“AnnotatedArchives”and“CompleteReference”books(all fourpublishedbyOsborne/McGraw-Hill),iMacFYI(Muska&Lipman),and13 otherpublishedcomputingtitles.Hisexpertisespansmyriaddevelopmentlan- guagesandplatforms—Perl,Python,Java,JavaScript,Basic,Pascal,Modula-2,C, C++,Rebol,Gawk,Shellscript,Windows,Solaris,Linux,BeOS,Microsoft WP, MacOS,andmore—aswellaswebprogramming,andsystemsmanagementand integration. Brown has written columns for LinuxProgramming.com and ApacheToday.com.Heisalsoaregularwriterofwhitepapersand“howto”guides forMicrosoftonsubjectssuchasmigratingSolaris/Unix/Linuxdevelopmentand systemsadministrationtoWindows2000and2003Serverproductlines. Martin draws on a rich and varied background as founding member of a leadingUKISP,systemsmanagerandITconsultantforanadvertisingagency andanInternetsolutionsgroup,technicalspecialistforanintercontinentalISP network, database designer and programmer, and self-confessed compulsive consumer of computing hardware and software.In his formative pre-writing life,hespenttenyearsdesigningandmanagingmixed-platformenvironments. Asaresult,hehasdevelopedararetalentforconveyingthebenefitsandintrica- ciesofhissubjectwithequalmeasuresofenthusiasm,professionalism,in-depth knowledge,andinsight.Whennotwriting,hedevelopsdata-richwebsitesand web-basedapplicationsforclientssuchasHewlett-Packard,Oracle,andhisown venture,Foodware. ChrisMcCainisaMicrosofttrainerandconsultantspecializinginMicrosoft’s corenetworkoperatingsystemsandMicrosoftSQLServersolutions.Hisenthu- siasm for and expertise in these areas have led him to opportunities for authoringtrainingcourseware,inadditiontomanyconsultingprojects,which hehasundertaken.Chriscomplementstheteachingaspectofhiscareerwitha strongconsultingpracticeforwhichtheclientsarecompaniesofallsizes.From Fortune500companiestothetrendyretailshopsofBeverlyHills,Chrishasim- plemented networking and database solutions both large and small. In1999,Chrisstartedhisownconsultingfirm,andthenmovedtoNewYork to join a major firm providing database consulting, data warehousing, and end-usertrainingtolargecorporateclients.In2001,Chrisbegantrainingthe iii P:\010Comp\Passport\569-6\fm.vp Wednesday, October 08, 2003 12:51:47 PM Color profile: Generic CMYK printer profPialsesport/ Mike Meyers' MCSE Passport / Brown & McCain / 222569-6 / Composite Default screen blind folioiv iv MCSEPlanningaWindowsServer2003NetworkInfrastructure coreMicrosoftexclusively.Todayheisbusytraining,writing,andconsulting,as wellasbeingafoundingmemberanddeveloperof theNationalInformation TechnologyTrainingandCertificationInstitute(NITTCI).NITTCIwasdevel- opedtoprovideastrongresourceforcertificationseekersandtocertifyindivid- ualswithatrueworkingknowledgeofinformationtechnologysubjectmatter. Asaseniormemberof NITTCI,Chrisisresponsibleforleadingthedevelop- ment of hands-on, job-task-based certifications for several industry-leading products.ChriscurrentlylivesinStPeterburg,FLwithhisfiancée,Stacy,and they are to be married in March of2004. About the Technical Editor DamirBersinicisanInfrastructureConsultantwithTrecataCorporation,asys- temintegrationconsultancyinToronto,Canada.Hehasmorethan20yearsof industryexperienceandhasworkedwitheveryWindowsversionsince1.0in onewayoranother.HeholdsseveralMicrosoftcertifications,includingMCSE, MCDBA,andMCT,andhasalsoprovidedassistancetoMicrosoftinthedevel- opmentprocessofMCPexams.DamirhasauthoredanumberoftitlesonSQL Server,Oracle,Windows,andActiveDirectory.Heisadatabasecolumnistfor certcities.comand a regular contributor toMCP Magazine. About LearnKey LearnKeyprovidesself-pacedlearningcontentande-learningsolutionstoen- hancepersonalskillsandbusinessproductivity.LearnKeyclaimsthelargestli- brary of rich streaming-media training content that engages learners in dynamicmedia-richinstructioncompletewithvideoclips,audio,fullmotion graphics, and animated illustrations. LearnKey can be found on the Web at www.LearnKey.com. P:\010Comp\Passport\569-6\fm.vp Wednesday, October 08, 2003 12:51:47 PM Color profile: Generic CMYK printer profiPlaessport/ Mike Meyers' MCSE Passport / Brown & McCain / 222569-6 / Composite Default screen blind foliov Dedication To Sharon,for being there. —Martin Tomymomanddad,whoforgedmypastandhelpedmegainthetoolsIneedto succeedinlife.AndtoStacyforhelpingmeforgemyfutureandhelpingmegain the tools I need to succeed in love. —Chris Acknowledgments Despitetheimpressionweauthorstrytogive,thereare,infact,manypeople whoworktogethertoproduceabook;andthisiswherewe,asauthors,gettolist them all. Formyownpart,I’dliketothankThomasWillinghamfirstforsuggesting andthenforrecommendingmefortheproject.I’dalsoliketothankhimforall hisworkintheearlystages,includinghishelpingettingadditionalinformation and guides from his contacts in the certification and training departments. Whilewe’reonthattopic,Ineedtothankallthosepeopleatthecertification and training department for their help, hospitality, and humor, and that in- cludesAmyandJim,thefolksatGrandmasters(RichardandRon),andtherest oftheSMEsImetwhilethere.Ishouldalsothankthereceptionistsatbuilding 118 for not once laughing at my passport photo every time I signed in! OveratOsborne,thebiggestthanksneedtogotoNancyMaragioglio,forbe- lievinginmeinthefirstplace,andforstickingwithmethroughtheprojectthat wassometimeslessthanplainsailing.AlsoatOsborne,JessicaWilson,forpush- ingandproddinginNancy’sabsence,EmilyRaderforturningmanuscriptinto printedpage,andtherestof theeditorialandproductionstaff thatsomehow turned what I typed into something readable. v P:\010Comp\Passport\569-6\fm.vp Wednesday, October 08, 2003 12:51:47 PM Color profile: Generic CMYK printer profPialsesport/ Mike Meyers' MCSE Passport / Brown & McCain / 222569-6 / Composite Default screen blind foliovi vi MCSEPlanningaWindowsServer2003NetworkInfrastructure Finally,Ineedtothankmyco-author,ChrisMcCain,whodidastunningjob on two chapters,in less than ideal circumstances. —MartinC.Brown ThankstothepublishersandeditorsMike,Jessica,Betsy,andNancyfortheop- portunitytoworkonsuchasuccessfulseriesofbooksandtomyfellowtrainers Paul,Bill,Sam,Andrew,andJeff,withoutwhomIcertainlywouldnotbeaswell informed.Aspecialthankstothosestudentsofminewhohavemademyclasses a learning experience for me as well. —Chris McCain P:\010Comp\Passport\569-6\fm.vp Wednesday, October 08, 2003 12:51:47 PM Color profile: Generic CMYK printer profiPlaessport/ Mike Meyers' MCSE Passport / Brown & McCain / 222569-6 / Composite Default screen blind foliovii Contents Check-In. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii I Server Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 Planning and Implementing Server Roles and Security . . . . . . . . . . . 3 Objective1.01 Evaluate and Select the Operating System to Install on Computers in an Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Windows Server 2003 Editions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Standard Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Enterprise Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Datacenter Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Web Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Server Edition Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Identifying Minimum Configurations for Satisfying Security Requirements . . . . . 13 Objective1.02 Plan a Secure Baseline Installation . . . . . . . . . . . . . . . . . . 15 Enforcing System Default Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Security Settings, Templates, and Default Security . . . . . . . . . . . . . . . . . . . . . . . 17 External Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Default Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Objective1.03 Plan Security for Servers That Are Assigned Specific Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Deploying Security Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Creating Custom Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Security Template Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Account Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Objective1.04 Configure Security for Servers That Are Assigned Specific Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Evaluating Security for Individual Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Securing Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Application Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 IIS Server Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 File and Printer Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Infrastructure Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Creating an Active Directory Structure and Deploying the Security Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 vii P:\010Comp\Passport\569-6\fm.vp Wednesday, October 08, 2003 12:51:48 PM Color profile: Generic CMYK printer profPialsesport/ Mike Meyers' MCSE Passport / Brown & McCain / 222569-6 / Composite Default screen blind folioviii viii MCSEPlanningaWindowsServer2003NetworkInfrastructure Objective1.05 Plan a Security Update Infrastructure . . . . . . . . . . . . . . . . . 31 Microsoft Baseline Security Analyzer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Patches and Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Patch/Update Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Windows Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Automatic Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Microsoft Software Update Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 CHECKPOINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 REVIEW QUESTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 REVIEW ANSWERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 2 Planning and Implementing TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Objective2.01 Designing a TCP/IP Network . . . . . . . . . . . . . . . . . . . . . . . . 50 TCP/IP Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 The IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 IP Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Private Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Subnet Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Variable-Length Subnet Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Default Gateways and Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 TCP/IP Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Designing a Structured Addressing Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Addressing Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Public and Private Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Security Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 IP Multicasting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Understanding IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Objective2.02 Designing a DHCP Infrastructure . . . . . . . . . . . . . . . . . . . . 72 Benefits of DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Manual IP Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 DHCP Mechanics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Dynamic Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Reserved Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Deploying DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 DHCP Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Server Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Server Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Supporting Multiple Subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 IP Allocation with APIPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 CHECKPOINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 REVIEW QUESTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 REVIEW ANSWERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 3 Planning a Host Resolution Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Objective3.01 Planning a DNS Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Overview of DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Domain Zone Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 P:\010Comp\Passport\569-6\fm.vp Wednesday, October 08, 2003 12:51:48 PM

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.