| |
| |
Introduction | |
| |
| |
| |
Installation: Planning and Execution | |
| |
| |
Planning for Installation | |
| |
| |
Planning TCP/IP | |
| |
| |
Planning the Directory | |
| |
| |
A Learning and Planning Roadmap | |
| |
| |
Identifying a Windows 2000 Computer | |
| |
| |
Windows 2000 Installation and Network Services | |
| |
| |
Configuring Local Area Network Connections | |
| |
| |
Using Network and Dial-Up Connections | |
| |
| |
Configuring the Internet Protocol Component | |
| |
| |
Configuring the NWLink (IPX/SPX) Protocol Component | |
| |
| |
Installing Windows 2000 Components | |
| |
| |
Using the Microsoft Management Console | |
| |
| |
The Console Tree | |
| |
| |
The Details Pane | |
| |
| |
Creating Custom MMC Consoles | |
| |
| |
Saving Custom Consoles | |
| |
| |
Starting Consoles | |
| |
| |
Creating Shortcuts for Consoles | |
| |
| |
Modifying Consoles Saved in User Mode | |
| |
| |
Installing the Windows Support Tools | |
| |
| |
The Windows 2000 Server Resource Kit | |
| |
| |
Microsoft Knowledge Base | |
| |
| |
Now On with the Show | |
| |
| |
| |
TCP/IP Protocol Concepts | |
| |
| |
Obtaining TCP/IP Documentation | |
| |
| |
The TCP/IP Protocol Stack | |
| |
| |
The Internet Protocol Model | |
| |
| |
The Network Access Layer | |
| |
| |
SNAP Encapsulation | |
| |
| |
Packet Delivery | |
| |
| |
The Internet Layer | |
| |
| |
The Host-to-Host Layer | |
| |
| |
The Process/Application Layer | |
| |
| |
IP Addressing | |
| |
| |
IP Address Representation | |
| |
| |
IP Address Classes | |
| |
| |
Special IP Addresses | |
| |
| |
Examples of Class-Based Addressing | |
| |
| |
The Problem with IP Address Classes | |
| |
| |
Subnetting | |
| |
| |
Default Subnet Masks | |
| |
| |
Supernetting | |
| |
| |
Classless IP Addresses | |
| |
| |
Obtaining IP Addresses | |
| |
| |
The Dynamic Host Configuration Protocol | |
| |
| |
Those Are the Basics | |
| |
| |
| |
The Domain Name System | |
| |
| |
DNS Architecture | |
| |
| |
The Domain Hierarchy | |
| |
| |
Domain Names | |
| |
| |
Making DNS Queries | |
| |
| |
Resource Records | |
| |
| |
Deploying DNS Servers | |
| |
| |
Servicing a Zone with Multiple Name Servers | |
| |
| |
Delegating Authority | |
| |
| |
Reducing WAN Traffic with Forwarding DNS Servers | |
| |
| |
Reverse Lookup Zones | |
| |
| |
Managing DNS in a Small Domain | |
| |
| |
Installing the DNS Server Service | |
| |
| |
Managing Remote DNS Servers | |
| |
| |
Configuring the DNS Server | |
| |
| |
Creating the Primary Forward Lookup Zone | |
| |
| |
Creating the Primary Reverse Lookup Zone | |
| |
| |
Creating a Secondary Forward Lookup Zone | |
| |
| |
Creating a Secondary Reverse Lookup Zone | |
| |
| |
Modifying Zone Properties | |
| |
| |
Managing Resource Records | |
| |
| |
Supporting Aliases | |
| |
| |
Scaling DNS for Large Networks | |
| |
| |
Supporting Round Robin Addressing | |
| |
| |
Configuring Reverse Lookup Zones to Support Classless IP Addresses | |
| |
| |
Importing and Exporting BIND Databases | |
| |
| |
Importing Data from BIND | |
| |
| |
Exporting Data to BIND | |
| |
| |
BIND Database File Formats | |
| |
| |
Reverse Lookup Database Files | |
| |
| |
The Cache Database File | |
| |
| |
Integrating DNS Zones with Active Directory | |
| |
| |
Using NSLOOKUP | |
| |
| |
Making Noninteractive Queries | |
| |
| |
Making Interactive Queries | |
| |
| |
Now, You're the DNS Master | |
| |
| |
| |
Active Directory Concepts | |
| |
| |
The Active Directory Architecture | |
| |
| |
Objects, Attributes, Classes, and Schemas | |
| |
| |
Security Principles | |
| |
| |
Domains | |
| |
| |
Domain Forests | |
| |
| |
Global Catalogs | |
| |
| |
Organizational Units | |
| |
| |
Models for Managing Active Directory and DNS Domains | |
| |
| |
Active Directory Using a Domain in the Internet Namespace | |
| |
| |
Active Directory Using a Private DNS Namespace | |
| |
| |
Active Directory and External DNS Using Separate Domains in the Internet Namespace | |
| |
| |
Active Directory Using a Private DNS Namespace, External DNS Using the Internet Namespace | |
| |
| |
Configuring Domain Controllers | |
| |
| |
Creating the First DC in a New Domain | |
| |
| |
AD Child Domains and Resource Records in DNS | |
| |
| |
Adding a DC to a Domain | |
| |
| |
Creating a Child Domain | |
| |
| |
Configuring a Private DNS Root Name Server | |
| |
| |
Creating a New Tree in an Existing Forest | |
| |
| |
Demoting a Domain Controller | |
| |
| |
Managing Organizational Units | |
| |
| |
Creating OUs | |
| |
| |
Delegating Control in OUs | |
| |
| |
Managing Object Security | |
| |
| |
Controlling Inheritance from the Parent Container | |
| |
| |
Advanced Object Security | |
| |
| |
Group Policy | |
| |
| |
Group Policy Inheritance | |
| |
| |
Overriding Group Policy Inheritance | |
| |
| |
Managing Group Policy | |
| |
| |
Managing Sites | |
| |
| |
Defining Sites | |
| |
| |
Defining Subnets | |
| |
| |
Managing Servers | |
| |
| |
Active Directory Afterthoughts | |
| |
| |
| |
Dynamic Host Configuration Protocol | |
| |
| |
DHCP Concepts | |
| |
| |
DHCP Leases | |
| |
| |
DHCP Relay Agents | |
| |
| |
Scopes and Superscopes | |
| |
| |
Managing the DHCP Service | |
| |
| |
Managing DHCP Servers | |
| |
| |
Creating and Managing Scopes | |
| |
| |
Managing Reservations | |
| |
| |
Managing DHCP Options | |
| |
| |
Managing Superscopes | |
| |
| |
Configuring Windows 2000 DHCP Clients | |
| |
| |
The ipconfig Utility | |
| |
| |
Building a Fault-Tolerant DHCP Service | |
| |
| |
Splitting a Subnet Address Range Among Multiple DHCP Servers | |
| |
| |
DHCP Fault Tolerance Using Address Conflict Detection | |
| |
| |
DHCP Fault Tolerance Using Server Clusters | |
| |
| |
DHCP on the Wire | |
| |
| |
What a Relief! | |
| |
| |
| |
NetBIOS Name Support: LMHOSTS and WINS | |
| |
| |
NetBIOS Names | |
| |
| |
The Structure of NetBIOS Names | |
| |
| |
The NetBIOS Namespace | |
| |
| |
NetBIOS Name Resolution Modes | |
| |
| |
Name Resolution with LMHOSTS Files | |
| |
| |
NetBIOS Naming with WINS | |
| |
| |
Architecture of WINS | |
| |
| |
The WINS Name Life Cycle | |
| |
| |
When Name Resolution Fails | |
| |
| |
Implementing a WINS Service | |
| |
| |
Planning for WINS Installation | |
| |
| |
Installing the WINS Server Service | |
| |
| |
Configuring a Statically Addressed WINS Client | |
| |
| |
Renewing a Client Registration | |
| |
| |
Configuring WINS Proxies | |
| |
| |
Configuring DHCP Clients as WINS Clients | |
| |
| |
Naming Versus Browsing | |
| |
| |
Managing WINS Servers | |
| |
| |
Maintaining the WINS Database | |
| |
| |
Backing Up the Database | |
| |
| |
Managing Remote WINS Servers Through Firewalls | |
| |
| |
What's in a Name? | |
| |
| |
| |
Routing with Routing and Remote Access Service | |
| |
| |
Rules of Routing | |
| |
| |
Routing with Two Networks | |
| |
| |
Enabling Routing Support on a Windows 2000 Router | |
| |
| |
Enabling Routing | |
| |
| |
Testing the IP Routing Configuration | |
| |
| |
Configuring IP Unicast Routing | |
| |
| |
Configuring Default Gateways on Internets with Three Networks | |
| |
| |
Configuring Default Gateways on Internets with More Than Three Networks | |
| |
| |
Building Static Routing Tables | |
| |
| |
Effective Use of a Default Router | |
| |
| |
Routing with Multiple Default Gateways | |
| |
| |
Managing Routing Tables with route | |
| |
| |
Testing Routing with tracert | |
| |
| |
Configuring RIP for IP | |
| |
| |
Configuring OSPF | |
| |
| |
Configuring IP Interfaces | |
| |
| |
Configuring IP Multicast Routing | |
| |
| |
Adding IGMP Multicast Support to RRAS | |
| |
| |
Adding and Configuring IGMP Interfaces | |
| |
| |
IGMP Interface Configuration: The Router Tab | |
| |
| |
Displaying the Interface Group Table | |
| |
| |
Configuring Interface Multicast Boundaries | |
| |
| |
Configuring the DHCP Relay Agent | |
| |
| |
Adding the DHCP Relay Agent to RRAS | |
| |
| |
Adding and Configuring DHCP Relay Agent Interfaces | |
| |
| |
Configuring DHCP Relay Agent Properties | |
| |
| |
Configuring IPX Routing | |
| |
| |
Adding and Configuring IPX Interfaces | |
| |
| |
NetBIOS Broadcast Statistics | |
| |
| |
Defining IPX Static Routes | |
| |
| |
Defining IPX Static Services | |
| |
| |
Defining Static NetBIOS Names | |
| |
| |
Modifying RIP for IPX Properties | |
| |
| |
Modifying RIP for IPX Interface Properties | |
| |
| |
Modifying SAP for IPX Properties | |
| |
| |
Modifying SAP for IPX Interface Properties | |
| |
| |
Network Address Translation Firewalls | |
| |
| |
Configuring Interfaces for NAT | |
| |
| |
Adding Network Address Translation to RRAS | |
| |
| |
Adding NAT Interfaces | |
| |
| |
Building a High-Performance Routing Infrastructure | |
| |
| |
| |
Supporting Dial-Up Connections with Routing and Remote Access Service | |
| |
| |
Installing and Configuring Dial-Up Hardware | |
| |
| |
Installing a Moderm | |
| |
| |
Configuring Communications Ports | |
| |
| |
Modem Properties | |
| |
| |
Creating a Dial-Up Connection to the Internet | |
| |
| |
Reviewing and Modifying Dial-Up Connection Properties | |
| |
| |
Configuring RRAS Server Properties | |
| |
| |
RRAS Server Properties: The General Tab | |
| |
| |
RRAS Server Properties: The Security Tab | |
| |
| |
RRAS Server Properties: The IP Tab | |
| |
| |
RRAS Server Properties: The IPX Tab | |
| |
| |
RRAS Server Properties: The AppleTalk Tab | |
| |
| |
RRAS Server Properties: The PPP Tab | |
| |
| |
RRAS Server Properties: The Event Logging Tab | |
| |
| |
Configuring a RRAS Demand-Dial Interface | |
| |
| |
Creating a New Demand-Dial Interface | |
| |
| |
Configuring RRAS Dial-Out Credentials | |
| |
| |
Configuring RRAS Dial-Up Properties | |
| |
| |
Testing the Dial-Up Interface | |
| |
| |
Setting IP Demand-Dial Filters | |
| |
| |
Setting Dial-Out Hours | |
| |
| |
Configuring Remote-Access Logging | |
| |
| |
Enabling NAT Dial-Out Networking | |
| |
| |
Creating a Demand-Dial Interface to the Internet | |
| |
| |
Enabling a Demand-Dial NAT Interface | |
| |
| |
Creating a Default Route to the Demand-Dial Interface | |
| |
| |
Test the Demand-Dial Interface | |
| |
| |
RRAS Dial-In | |
| |
| |
Configuring the Remote Access Server | |
| |
| |
Dial-In User Authorization Models | |
| |
| |
RAS Client Authentication Models | |
| |
| |
Considerations for Remote Access Client and Server Configuration | |
| |
| |
Using Wizards to Configure the Dial-Up Client and Server | |
| |
| |
Configuring Dial-Up Router Connections | |
| |
| |
Configuring RRAS Server Properties for Demand-Dial Routing | |
| |
| |
Configuring RRAS Ports for Demand-Dial Routing | |
| |
| |
Creating the Demand-Dial Routing Interface | |
| |
| |
Testing the Demand-Dial Connection | |
| |
| |
Configuring Routes for Demand-Dial Connections | |
| |
| |
Remote Access Properties and Demand-Dial Connections | |
| |
| |
Testing Automatic Demand-Dial Connections | |
| |
| |
Persistent Connections | |
| |
| |
Controlling Demand-Dial Connections | |
| |
| |
RRAS Support for IPX | |
| |
| |
Managing the Internet Authentication Service | |
| |
| |
Installing IAS | |
| |
| |
Configuring IAS Server Properties | |
| |
| |
Adding IAS Clients | |
| |
| |
Registering the IAS Server in Active Directory | |
| |
| |
Managing IAS Remote Access Policies | |
| |
| |
Configuring RRAS for IAS Authentication and Accounting | |
| |
| |
IAS Logging | |
| |
| |
Onward to VPNs and Encryption | |
| |
| |
| |
Data Communication Security Concepts | |
| |
| |
The Tools of Digital Data Security | |
| |
| |
Message Digests | |
| |
| |
Secret Key Cryptography | |
| |
| |
Public Key Cryptography | |
| |
| |
Authentication | |
| |
| |
Kerberos | |
| |
| |
Key Distribution Center Services | |
| |
| |
Authorizing Client Access to Services | |
| |
| |
Configuring Kerberos Policy Settings | |
| |
| |
Configuring Password Policy Settings | |
| |
| |
Now That You Know the Concepts, Let's Get Busy | |
| |
| |
| |
Planning and Implementing a Public Key Infrastructure | |
| |
| |
Certification Authorities | |
| |
| |
Issuing Public Key Certificates | |
| |
| |
Validating the Certificate | |
| |
| |
CA Hierarchies | |
| |
| |
Cryptographic Service Providers | |
| |
| |
Policy Modules | |
| |
| |
Exit Modules | |
| |
| |
Certificate Templates | |
| |
| |
Installing and Managing a Certification Authority | |
| |
| |
Protecting CAs | |
| |
| |
Enterprise Versus Stand-Alone CAs | |
| |
| |
Managing Certificate Lifetimes | |
| |
| |
Planning CA Configuration Parameters | |
| |
| |
Installing a CA | |
| |
| |
Managing Certification Authorities | |
| |
| |
Automating Certificate Requests | |
| |
| |
Backing Up and Restoring the CA | |
| |
| |
Requesting Certificates | |
| |
| |
Requesting Certificates with the Certificate Request Wizard | |
| |
| |
Requesting Certificates with the Web Enrollment Pages | |
| |
| |
Managing Certificates | |
| |
| |
Certificate Stores | |
| |
| |
Organizing Certificates in the Certificates Console | |
| |
| |
Examining Certificate Contents | |
| |
| |
Viewing and Modifying Certificate Properties | |
| |
| |
Exporting Certificates | |
| |
| |
Importing Certificates | |
| |
| |
Renewing Certificates | |
| |
| |
Concluding Remarks Regarding Certification Services | |
| |
| |
| |
Securing IP Communication | |
| |
| |
Secure Sockets Layer/Transport Layer Security | |
| |
| |
SSL and the Internet Protocol Stack | |
| |
| |
SSL/TLS Functionality | |
| |
| |
SSL/TLS Operation | |
| |
| |
Distinctions Between SSL Version 3.0 and TLS | |
| |
| |
Enabling Support for SSL/TLS | |
| |
| |
Conclusions About SSL/TLS | |
| |
| |
The IP Security Service (IPSec) | |
| |
| |
IPSec Security Protocols | |
| |
| |
Security Associations and Key Management | |
| |
| |
The Internet Key Exchange | |
| |
| |
IPSec Policies | |
| |
| |
Applying IP Security: A Simple Example | |
| |
| |
Scaling IPSec | |
| |
| |
Troubleshooting IPSec | |
| |
| |
Some Concluding Remarks Regarding IPSec | |
| |
| |
Configuring IPSec Tunnels and Virtual Private Networks | |
| |
| |
Protocol Layering and Tunneling Protocols | |
| |
| |
Tunneling Protocols | |
| |
| |
IPSec Tunneling | |
| |
| |
VPN Configuration | |
| |
| |
Supporting Client-to-Server VPN Connections | |
| |
| |
We Finally Can Say Goodbye to RRAS | |
| |
| |
| |
Managing and Monitoring Connections | |
| |
| |
Network Monitor | |
| |
| |
Network Monitor and Systems Management Server | |
| |
| |
Installing Network Monitor | |
| |
| |
Network Monitor Security | |
| |
| |
Capturing Network Frames | |
| |
| |
Creating an Address Database | |
| |
| |
Selecting the Network to be Monitored | |
| |
| |
Managing the Capture Buffer | |
| |
| |
Avoiding Dropped Frames | |
| |
| |
Using Capture Filters | |
| |
| |
Using Capture Triggers | |
| |
| |
Saving Capture Data | |
| |
| |
Examining Captured Data | |
| |
| |
Monitoring TCP/IP with System Monitor | |
| |
| |
The Simple Network Management Protocol | |
| |
| |
Organization of SNMP Management | |
| |
| |
The Management Information Base | |
| |
| |
Network Management Stations | |
| |
| |
Configuring SNMP Support on Windows 2000 | |
| |
| |
Troubleshooting Utilities | |
| |
| |
ARP | |
| |
| |
TRACERT | |
| |
| |
NETDIAG | |
| |
| |
NETSTAT | |
| |
| |
Management. Not Glamorous, but Essential | |
| |
| |
| |
Interoperating with Non-Windows Environments | |
| |
| |
Interoperating with UNIX | |
| |
| |
Services for UNIX 2.0 | |
| |
| |
Services for UNIX Features | |
| |
| |
Services for UNIX Requirements | |
| |
| |
Installing Services for UNIX | |
| |
| |
MKS Demoware | |
| |
| |
Password Synchronization | |
| |
| |
Uninstalling Services for UNIX | |
| |
| |
How Do I Purchase Services for UNIX 2.0? | |
| |
| |
Interoperating with NetWare | |
| |
| |
Gateway Services for NetWare | |
| |
| |
Services for NetWare 5.0 | |
| |
| |
Interoperating with Macintosh | |
| |
| |
File and Print Services for Macintosh | |
| |
| |
Sharing Folders for Macintosh Clients | |
| |
| |
Creating Printers for Macintosh Clients | |
| |
| |
Windows 2000's Interoperating Solutions | |
| |
| |
Additional Online Resources | |
| |
| |
Index | |