| |
| |
| Introduction | |
| |
| |
| |
| Installation: Planning and Execution | |
| |
| |
| Planning for Installation | |
| |
| |
| Planning TCP/IP | |
| |
| |
| Planning the Directory | |
| |
| |
| A Learning and Planning Roadmap | |
| |
| |
| Identifying a Windows 2000 Computer | |
| |
| |
| Windows 2000 Installation and Network Services | |
| |
| |
| Configuring Local Area Network Connections | |
| |
| |
| Using Network and Dial-Up Connections | |
| |
| |
| Configuring the Internet Protocol Component | |
| |
| |
| Configuring the NWLink (IPX/SPX) Protocol Component | |
| |
| |
| Installing Windows 2000 Components | |
| |
| |
| Using the Microsoft Management Console | |
| |
| |
| The Console Tree | |
| |
| |
| The Details Pane | |
| |
| |
| Creating Custom MMC Consoles | |
| |
| |
| Saving Custom Consoles | |
| |
| |
| Starting Consoles | |
| |
| |
| Creating Shortcuts for Consoles | |
| |
| |
| Modifying Consoles Saved in User Mode | |
| |
| |
| Installing the Windows Support Tools | |
| |
| |
| The Windows 2000 Server Resource Kit | |
| |
| |
| Microsoft Knowledge Base | |
| |
| |
| Now On with the Show | |
| |
| |
| |
| TCP/IP Protocol Concepts | |
| |
| |
| Obtaining TCP/IP Documentation | |
| |
| |
| The TCP/IP Protocol Stack | |
| |
| |
| The Internet Protocol Model | |
| |
| |
| The Network Access Layer | |
| |
| |
| SNAP Encapsulation | |
| |
| |
| Packet Delivery | |
| |
| |
| The Internet Layer | |
| |
| |
| The Host-to-Host Layer | |
| |
| |
| The Process/Application Layer | |
| |
| |
| IP Addressing | |
| |
| |
| IP Address Representation | |
| |
| |
| IP Address Classes | |
| |
| |
| Special IP Addresses | |
| |
| |
| Examples of Class-Based Addressing | |
| |
| |
| The Problem with IP Address Classes | |
| |
| |
| Subnetting | |
| |
| |
| Default Subnet Masks | |
| |
| |
| Supernetting | |
| |
| |
| Classless IP Addresses | |
| |
| |
| Obtaining IP Addresses | |
| |
| |
| The Dynamic Host Configuration Protocol | |
| |
| |
| Those Are the Basics | |
| |
| |
| |
| The Domain Name System | |
| |
| |
| DNS Architecture | |
| |
| |
| The Domain Hierarchy | |
| |
| |
| Domain Names | |
| |
| |
| Making DNS Queries | |
| |
| |
| Resource Records | |
| |
| |
| Deploying DNS Servers | |
| |
| |
| Servicing a Zone with Multiple Name Servers | |
| |
| |
| Delegating Authority | |
| |
| |
| Reducing WAN Traffic with Forwarding DNS Servers | |
| |
| |
| Reverse Lookup Zones | |
| |
| |
| Managing DNS in a Small Domain | |
| |
| |
| Installing the DNS Server Service | |
| |
| |
| Managing Remote DNS Servers | |
| |
| |
| Configuring the DNS Server | |
| |
| |
| Creating the Primary Forward Lookup Zone | |
| |
| |
| Creating the Primary Reverse Lookup Zone | |
| |
| |
| Creating a Secondary Forward Lookup Zone | |
| |
| |
| Creating a Secondary Reverse Lookup Zone | |
| |
| |
| Modifying Zone Properties | |
| |
| |
| Managing Resource Records | |
| |
| |
| Supporting Aliases | |
| |
| |
| Scaling DNS for Large Networks | |
| |
| |
| Supporting Round Robin Addressing | |
| |
| |
| Configuring Reverse Lookup Zones to Support Classless IP Addresses | |
| |
| |
| Importing and Exporting BIND Databases | |
| |
| |
| Importing Data from BIND | |
| |
| |
| Exporting Data to BIND | |
| |
| |
| BIND Database File Formats | |
| |
| |
| Reverse Lookup Database Files | |
| |
| |
| The Cache Database File | |
| |
| |
| Integrating DNS Zones with Active Directory | |
| |
| |
| Using NSLOOKUP | |
| |
| |
| Making Noninteractive Queries | |
| |
| |
| Making Interactive Queries | |
| |
| |
| Now, You're the DNS Master | |
| |
| |
| |
| Active Directory Concepts | |
| |
| |
| The Active Directory Architecture | |
| |
| |
| Objects, Attributes, Classes, and Schemas | |
| |
| |
| Security Principles | |
| |
| |
| Domains | |
| |
| |
| Domain Forests | |
| |
| |
| Global Catalogs | |
| |
| |
| Organizational Units | |
| |
| |
| Models for Managing Active Directory and DNS Domains | |
| |
| |
| Active Directory Using a Domain in the Internet Namespace | |
| |
| |
| Active Directory Using a Private DNS Namespace | |
| |
| |
| Active Directory and External DNS Using Separate Domains in the Internet Namespace | |
| |
| |
| Active Directory Using a Private DNS Namespace, External DNS Using the Internet Namespace | |
| |
| |
| Configuring Domain Controllers | |
| |
| |
| Creating the First DC in a New Domain | |
| |
| |
| AD Child Domains and Resource Records in DNS | |
| |
| |
| Adding a DC to a Domain | |
| |
| |
| Creating a Child Domain | |
| |
| |
| Configuring a Private DNS Root Name Server | |
| |
| |
| Creating a New Tree in an Existing Forest | |
| |
| |
| Demoting a Domain Controller | |
| |
| |
| Managing Organizational Units | |
| |
| |
| Creating OUs | |
| |
| |
| Delegating Control in OUs | |
| |
| |
| Managing Object Security | |
| |
| |
| Controlling Inheritance from the Parent Container | |
| |
| |
| Advanced Object Security | |
| |
| |
| Group Policy | |
| |
| |
| Group Policy Inheritance | |
| |
| |
| Overriding Group Policy Inheritance | |
| |
| |
| Managing Group Policy | |
| |
| |
| Managing Sites | |
| |
| |
| Defining Sites | |
| |
| |
| Defining Subnets | |
| |
| |
| Managing Servers | |
| |
| |
| Active Directory Afterthoughts | |
| |
| |
| |
| Dynamic Host Configuration Protocol | |
| |
| |
| DHCP Concepts | |
| |
| |
| DHCP Leases | |
| |
| |
| DHCP Relay Agents | |
| |
| |
| Scopes and Superscopes | |
| |
| |
| Managing the DHCP Service | |
| |
| |
| Managing DHCP Servers | |
| |
| |
| Creating and Managing Scopes | |
| |
| |
| Managing Reservations | |
| |
| |
| Managing DHCP Options | |
| |
| |
| Managing Superscopes | |
| |
| |
| Configuring Windows 2000 DHCP Clients | |
| |
| |
| The ipconfig Utility | |
| |
| |
| Building a Fault-Tolerant DHCP Service | |
| |
| |
| Splitting a Subnet Address Range Among Multiple DHCP Servers | |
| |
| |
| DHCP Fault Tolerance Using Address Conflict Detection | |
| |
| |
| DHCP Fault Tolerance Using Server Clusters | |
| |
| |
| DHCP on the Wire | |
| |
| |
| What a Relief! | |
| |
| |
| |
| NetBIOS Name Support: LMHOSTS and WINS | |
| |
| |
| NetBIOS Names | |
| |
| |
| The Structure of NetBIOS Names | |
| |
| |
| The NetBIOS Namespace | |
| |
| |
| NetBIOS Name Resolution Modes | |
| |
| |
| Name Resolution with LMHOSTS Files | |
| |
| |
| NetBIOS Naming with WINS | |
| |
| |
| Architecture of WINS | |
| |
| |
| The WINS Name Life Cycle | |
| |
| |
| When Name Resolution Fails | |
| |
| |
| Implementing a WINS Service | |
| |
| |
| Planning for WINS Installation | |
| |
| |
| Installing the WINS Server Service | |
| |
| |
| Configuring a Statically Addressed WINS Client | |
| |
| |
| Renewing a Client Registration | |
| |
| |
| Configuring WINS Proxies | |
| |
| |
| Configuring DHCP Clients as WINS Clients | |
| |
| |
| Naming Versus Browsing | |
| |
| |
| Managing WINS Servers | |
| |
| |
| Maintaining the WINS Database | |
| |
| |
| Backing Up the Database | |
| |
| |
| Managing Remote WINS Servers Through Firewalls | |
| |
| |
| What's in a Name? | |
| |
| |
| |
| Routing with Routing and Remote Access Service | |
| |
| |
| Rules of Routing | |
| |
| |
| Routing with Two Networks | |
| |
| |
| Enabling Routing Support on a Windows 2000 Router | |
| |
| |
| Enabling Routing | |
| |
| |
| Testing the IP Routing Configuration | |
| |
| |
| Configuring IP Unicast Routing | |
| |
| |
| Configuring Default Gateways on Internets with Three Networks | |
| |
| |
| Configuring Default Gateways on Internets with More Than Three Networks | |
| |
| |
| Building Static Routing Tables | |
| |
| |
| Effective Use of a Default Router | |
| |
| |
| Routing with Multiple Default Gateways | |
| |
| |
| Managing Routing Tables with route | |
| |
| |
| Testing Routing with tracert | |
| |
| |
| Configuring RIP for IP | |
| |
| |
| Configuring OSPF | |
| |
| |
| Configuring IP Interfaces | |
| |
| |
| Configuring IP Multicast Routing | |
| |
| |
| Adding IGMP Multicast Support to RRAS | |
| |
| |
| Adding and Configuring IGMP Interfaces | |
| |
| |
| IGMP Interface Configuration: The Router Tab | |
| |
| |
| Displaying the Interface Group Table | |
| |
| |
| Configuring Interface Multicast Boundaries | |
| |
| |
| Configuring the DHCP Relay Agent | |
| |
| |
| Adding the DHCP Relay Agent to RRAS | |
| |
| |
| Adding and Configuring DHCP Relay Agent Interfaces | |
| |
| |
| Configuring DHCP Relay Agent Properties | |
| |
| |
| Configuring IPX Routing | |
| |
| |
| Adding and Configuring IPX Interfaces | |
| |
| |
| NetBIOS Broadcast Statistics | |
| |
| |
| Defining IPX Static Routes | |
| |
| |
| Defining IPX Static Services | |
| |
| |
| Defining Static NetBIOS Names | |
| |
| |
| Modifying RIP for IPX Properties | |
| |
| |
| Modifying RIP for IPX Interface Properties | |
| |
| |
| Modifying SAP for IPX Properties | |
| |
| |
| Modifying SAP for IPX Interface Properties | |
| |
| |
| Network Address Translation Firewalls | |
| |
| |
| Configuring Interfaces for NAT | |
| |
| |
| Adding Network Address Translation to RRAS | |
| |
| |
| Adding NAT Interfaces | |
| |
| |
| Building a High-Performance Routing Infrastructure | |
| |
| |
| |
| Supporting Dial-Up Connections with Routing and Remote Access Service | |
| |
| |
| Installing and Configuring Dial-Up Hardware | |
| |
| |
| Installing a Moderm | |
| |
| |
| Configuring Communications Ports | |
| |
| |
| Modem Properties | |
| |
| |
| Creating a Dial-Up Connection to the Internet | |
| |
| |
| Reviewing and Modifying Dial-Up Connection Properties | |
| |
| |
| Configuring RRAS Server Properties | |
| |
| |
| RRAS Server Properties: The General Tab | |
| |
| |
| RRAS Server Properties: The Security Tab | |
| |
| |
| RRAS Server Properties: The IP Tab | |
| |
| |
| RRAS Server Properties: The IPX Tab | |
| |
| |
| RRAS Server Properties: The AppleTalk Tab | |
| |
| |
| RRAS Server Properties: The PPP Tab | |
| |
| |
| RRAS Server Properties: The Event Logging Tab | |
| |
| |
| Configuring a RRAS Demand-Dial Interface | |
| |
| |
| Creating a New Demand-Dial Interface | |
| |
| |
| Configuring RRAS Dial-Out Credentials | |
| |
| |
| Configuring RRAS Dial-Up Properties | |
| |
| |
| Testing the Dial-Up Interface | |
| |
| |
| Setting IP Demand-Dial Filters | |
| |
| |
| Setting Dial-Out Hours | |
| |
| |
| Configuring Remote-Access Logging | |
| |
| |
| Enabling NAT Dial-Out Networking | |
| |
| |
| Creating a Demand-Dial Interface to the Internet | |
| |
| |
| Enabling a Demand-Dial NAT Interface | |
| |
| |
| Creating a Default Route to the Demand-Dial Interface | |
| |
| |
| Test the Demand-Dial Interface | |
| |
| |
| RRAS Dial-In | |
| |
| |
| Configuring the Remote Access Server | |
| |
| |
| Dial-In User Authorization Models | |
| |
| |
| RAS Client Authentication Models | |
| |
| |
| Considerations for Remote Access Client and Server Configuration | |
| |
| |
| Using Wizards to Configure the Dial-Up Client and Server | |
| |
| |
| Configuring Dial-Up Router Connections | |
| |
| |
| Configuring RRAS Server Properties for Demand-Dial Routing | |
| |
| |
| Configuring RRAS Ports for Demand-Dial Routing | |
| |
| |
| Creating the Demand-Dial Routing Interface | |
| |
| |
| Testing the Demand-Dial Connection | |
| |
| |
| Configuring Routes for Demand-Dial Connections | |
| |
| |
| Remote Access Properties and Demand-Dial Connections | |
| |
| |
| Testing Automatic Demand-Dial Connections | |
| |
| |
| Persistent Connections | |
| |
| |
| Controlling Demand-Dial Connections | |
| |
| |
| RRAS Support for IPX | |
| |
| |
| Managing the Internet Authentication Service | |
| |
| |
| Installing IAS | |
| |
| |
| Configuring IAS Server Properties | |
| |
| |
| Adding IAS Clients | |
| |
| |
| Registering the IAS Server in Active Directory | |
| |
| |
| Managing IAS Remote Access Policies | |
| |
| |
| Configuring RRAS for IAS Authentication and Accounting | |
| |
| |
| IAS Logging | |
| |
| |
| Onward to VPNs and Encryption | |
| |
| |
| |
| Data Communication Security Concepts | |
| |
| |
| The Tools of Digital Data Security | |
| |
| |
| Message Digests | |
| |
| |
| Secret Key Cryptography | |
| |
| |
| Public Key Cryptography | |
| |
| |
| Authentication | |
| |
| |
| Kerberos | |
| |
| |
| Key Distribution Center Services | |
| |
| |
| Authorizing Client Access to Services | |
| |
| |
| Configuring Kerberos Policy Settings | |
| |
| |
| Configuring Password Policy Settings | |
| |
| |
| Now That You Know the Concepts, Let's Get Busy | |
| |
| |
| |
| Planning and Implementing a Public Key Infrastructure | |
| |
| |
| Certification Authorities | |
| |
| |
| Issuing Public Key Certificates | |
| |
| |
| Validating the Certificate | |
| |
| |
| CA Hierarchies | |
| |
| |
| Cryptographic Service Providers | |
| |
| |
| Policy Modules | |
| |
| |
| Exit Modules | |
| |
| |
| Certificate Templates | |
| |
| |
| Installing and Managing a Certification Authority | |
| |
| |
| Protecting CAs | |
| |
| |
| Enterprise Versus Stand-Alone CAs | |
| |
| |
| Managing Certificate Lifetimes | |
| |
| |
| Planning CA Configuration Parameters | |
| |
| |
| Installing a CA | |
| |
| |
| Managing Certification Authorities | |
| |
| |
| Automating Certificate Requests | |
| |
| |
| Backing Up and Restoring the CA | |
| |
| |
| Requesting Certificates | |
| |
| |
| Requesting Certificates with the Certificate Request Wizard | |
| |
| |
| Requesting Certificates with the Web Enrollment Pages | |
| |
| |
| Managing Certificates | |
| |
| |
| Certificate Stores | |
| |
| |
| Organizing Certificates in the Certificates Console | |
| |
| |
| Examining Certificate Contents | |
| |
| |
| Viewing and Modifying Certificate Properties | |
| |
| |
| Exporting Certificates | |
| |
| |
| Importing Certificates | |
| |
| |
| Renewing Certificates | |
| |
| |
| Concluding Remarks Regarding Certification Services | |
| |
| |
| |
| Securing IP Communication | |
| |
| |
| Secure Sockets Layer/Transport Layer Security | |
| |
| |
| SSL and the Internet Protocol Stack | |
| |
| |
| SSL/TLS Functionality | |
| |
| |
| SSL/TLS Operation | |
| |
| |
| Distinctions Between SSL Version 3.0 and TLS | |
| |
| |
| Enabling Support for SSL/TLS | |
| |
| |
| Conclusions About SSL/TLS | |
| |
| |
| The IP Security Service (IPSec) | |
| |
| |
| IPSec Security Protocols | |
| |
| |
| Security Associations and Key Management | |
| |
| |
| The Internet Key Exchange | |
| |
| |
| IPSec Policies | |
| |
| |
| Applying IP Security: A Simple Example | |
| |
| |
| Scaling IPSec | |
| |
| |
| Troubleshooting IPSec | |
| |
| |
| Some Concluding Remarks Regarding IPSec | |
| |
| |
| Configuring IPSec Tunnels and Virtual Private Networks | |
| |
| |
| Protocol Layering and Tunneling Protocols | |
| |
| |
| Tunneling Protocols | |
| |
| |
| IPSec Tunneling | |
| |
| |
| VPN Configuration | |
| |
| |
| Supporting Client-to-Server VPN Connections | |
| |
| |
| We Finally Can Say Goodbye to RRAS | |
| |
| |
| |
| Managing and Monitoring Connections | |
| |
| |
| Network Monitor | |
| |
| |
| Network Monitor and Systems Management Server | |
| |
| |
| Installing Network Monitor | |
| |
| |
| Network Monitor Security | |
| |
| |
| Capturing Network Frames | |
| |
| |
| Creating an Address Database | |
| |
| |
| Selecting the Network to be Monitored | |
| |
| |
| Managing the Capture Buffer | |
| |
| |
| Avoiding Dropped Frames | |
| |
| |
| Using Capture Filters | |
| |
| |
| Using Capture Triggers | |
| |
| |
| Saving Capture Data | |
| |
| |
| Examining Captured Data | |
| |
| |
| Monitoring TCP/IP with System Monitor | |
| |
| |
| The Simple Network Management Protocol | |
| |
| |
| Organization of SNMP Management | |
| |
| |
| The Management Information Base | |
| |
| |
| Network Management Stations | |
| |
| |
| Configuring SNMP Support on Windows 2000 | |
| |
| |
| Troubleshooting Utilities | |
| |
| |
| ARP | |
| |
| |
| TRACERT | |
| |
| |
| NETDIAG | |
| |
| |
| NETSTAT | |
| |
| |
| Management. Not Glamorous, but Essential | |
| |
| |
| |
| Interoperating with Non-Windows Environments | |
| |
| |
| Interoperating with UNIX | |
| |
| |
| Services for UNIX 2.0 | |
| |
| |
| Services for UNIX Features | |
| |
| |
| Services for UNIX Requirements | |
| |
| |
| Installing Services for UNIX | |
| |
| |
| MKS Demoware | |
| |
| |
| Password Synchronization | |
| |
| |
| Uninstalling Services for UNIX | |
| |
| |
| How Do I Purchase Services for UNIX 2.0? | |
| |
| |
| Interoperating with NetWare | |
| |
| |
| Gateway Services for NetWare | |
| |
| |
| Services for NetWare 5.0 | |
| |
| |
| Interoperating with Macintosh | |
| |
| |
| File and Print Services for Macintosh | |
| |
| |
| Sharing Folders for Macintosh Clients | |
| |
| |
| Creating Printers for Macintosh Clients | |
| |
| |
| Windows 2000's Interoperating Solutions | |
| |
| |
| Additional Online Resources | |
| |
| |
| Index | |