Mastering Windows Server 2003,9780470056455

Mastering Windows Server 2003

by ; ;
Edition: 1st
ISBN13: 9780470056455
ISBN10: 0470056452
Format: Paperback
Pub. Date: 2006-10-09
Publisher(s): Sybex
List Price: $39.99

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

New Book

We're Sorry
Sold Out

Used Book

We're Sorry
Sold Out

eBook

We're Sorry
Not Available

Summary

Get the In-depth coverage of SP1 and R2 you've been waiting for from one of the world's leading Windows authorities. Picking up where Mastering Windows Server 2003 left off, expert Mark Minasi (winner of CertCities.com Reader's Choice Award for Favorite Technical Author for the 4th year in a row!) and his co-authors return with a much-anticipated Upgrade Edition that delivers exactly the information you need. Their clear, hands-on instruction thoroughly covers features and changes that have been largely undocumented in the marketplace -- from SP1's critical security enhancements to R2's new management/administration tools, enhanced print controls, and more. If you manage, maintain, or depend on Windows Server 2003, this is the book you've been waiting for! Coverage includes: Getting and installing SP1 Hiding folders from prying eyes with ABE De-worming Windows? with Data Execution Prevention (DEP) Solving SP1/R2 incompatibilities Stopping spyware and locking up ports Stopping mobile thieves by blocking USB memory sticks Upgrading to R2 and getting to know its GUI Understanding R2's new Print Management Console Controlling folder usage with quotas and more Integrating Unix and Windows Working with Active Directory Coverage Focused Specifically on Critical SP1 and R2 Updates

Author Biography

Mark Minasi, MCSE, is one of the world's leading Windows authorities. He teaches classes in 15 countries and is a much sought-after speaker at conferences and industry gathering keynotes. His firm, MR&D, has taught tens of thousands of people to design and run Windows networks. Mark has written over 15 books for Sybex, including the market-leading Mastering Windows Server 2003 and The Complete PC Upgrade and Maintenance Guide.

Rhonda Layfield has been in the IT industry for 25 years and worked in every capacity, from running network cables in the US Navy to consulting with a number of Fortune 500 companies in a vast array of technologies. She enjoys sharing what she has learned, both by writing and presenting at national conferences.

Lisa Justice is a senior systems administrator and IT project manager with an employee-owned research corporation in Rockville, Maryland. She has been supporting, managing, and building Unix and Windows-based networks for over ten years. Occasionally, when Mark twists her arm, she also writes about them. Lisa is a coauthor of Mastering Windows Server 2003 and a contributor to Mastering Windows 2000 Server and Mastering Windows NT Server 4.

Table of Contents

Introduction xix
Part 1 Windows Server 2003 Service Pack 1
1(232)
Getting and Installing SP1
3(12)
Do I Have SP1 Already?
3(1)
Getting SP1
4(1)
Installing SP1
5(7)
SP1 from the GUI
5(3)
SP1 from the Command Line
8(4)
Rolling Out SP1 with a GPO
12(1)
Preinstalling SP1: ``Integrating''
12(1)
Summary
13(2)
Hiding Folders from Prying Eyes: Access-Based Enumeration (ABE)
15(10)
How ABE Works
15(1)
Does ABE Matter?
16(1)
Isn't ABE the Same As Hiding a Folder with ``$''?
17(1)
ABE Details
17(2)
ABE Must Be Enabled
18(1)
ABE Works on Both Files and Folders, and Only in Shares
18(1)
ABE Works On All Shares, or Some Shares
18(1)
What ABE Needs for Permissions
18(1)
An ABE Example, Part 1
19(1)
Installing and Configuring ABE
20(3)
Download ABE from Microsoft.com
20(1)
Install ABEUI.MSI
21(1)
Configuring ABE
21(2)
An ABE Example, Part 2
23(1)
Summary
23(2)
De-Worming Windows with Data Execution Prevention (DEP)
25(14)
A Different Kind of Malware
26(1)
Where the Worm Lives: Pieces of a Program
26(3)
Static Data and the Heap
27(1)
The Stack
28(1)
An Example Server Software: ICMP
29(1)
Watching What You Eat: Input Validation
29(2)
Launching the Buffer Overflow
31(1)
Buffer Overflows in Perspective
32(1)
Handling Buffer Overflows Before DEP
33(1)
Beyond Patching: How DEP De-worms Windows
34(2)
64-Bit Heap Protection: the NX Bit
34(1)
32-Bit Heap Protection: Cookies
35(1)
Saving the Stack
35(1)
Does All of This Stop Buffer Overflows?
35(1)
Controlling DEP
36(2)
Summary
38(1)
Stacking the Deck Against the Bad Guys...the IP Stack, That Is
39(8)
What's Wrong with TCP/IP?
39(1)
Raw Sockets and the New Stack
40(2)
Incomplete Connections and the New Stack
42(2)
Review: Worms and Propagation
42(1)
Throttling the Worms
43(1)
The Bad News
44(1)
Did Installing an Antispyware Program Kill Your IP Networking?
44(1)
Summary
45(2)
Solving SP1/R2 Incompatibilities: Understanding the ``De-anonymizers''
47(12)
Why De-anonymize?
47(2)
Remote Procedure Call (RPC) Changes
49(2)
Microsoft Distributed Transaction Coordinator (MSDTC) Changes
51(3)
What MSDTC Does
51(1)
Addressing MSDTC Compatibility Issues
52(2)
Distributed Common Object Modem (DCOM) Changes
54(2)
WebDAV Changes
56(2)
Summary
58(1)
Fine-Tuned Security Monitoring: Per-User Auditing
59(6)
Auditusr Overview
59(1)
Audituser Syntax
60(1)
Auditusr Example Applications
61(2)
Audit Just One User
61(1)
See Your System's Current Per-User Audits
62(1)
Export Per-User Settings
63(1)
Remove All User-Specific Settings
63(1)
Tracking Per-User Audit Settings
63(1)
Summary
64(1)
Stopping Spyware: Controlling ActiveX and Browser Helper Objects
65(10)
Spyware and the Service Packs
65(1)
Add-On Group Policy Settings Overview
66(1)
First, Get the Class ID
67(2)
Search and Internet
67(1)
Ask Manage Add-ons
67(1)
Find the CLSID in the HTML
68(1)
Look Up the ``Mystery'' CLSIDs in KB555235
69(1)
Creating a Whitelist via Group Policy
69(4)
Locate the Add-on Management GP Settings
69(2)
Block 'Em All: Make the List a Whitelist
71(2)
Now Turn the Tables---Everything but Toolbar Runs
73(1)
Summary
73(2)
Locking Up the Ports: Windows Firewall
75(48)
What Is Windows Firewall?
75(8)
What Firewalls Do
75(1)
How Firewalls Work
76(3)
Windows Firewall Basics
79(1)
The Specific WF ``Firewall Rules''
80(1)
WF's Role = DEP's Worm-Fighting Cousin
81(2)
When To Use (or Not Use) WF
83(3)
If the System is Protected with a Hardware Firewall, Use WF Anyway
83(1)
If Already Using a Software Firewall, Don't Use WF Usually
84(1)
Workstations Always Need Firewalls, Servers Almost Always
84(1)
Won't Enabling the Firewall Kill Domain Membership?
85(1)
If Connected Directly to the Internet, Enable a Firewall
85(1)
Enabling and Disabling Windows Firewall
86(3)
Example/Demonstration Setup
86(1)
Ensuring WF's Off
86(1)
Turning WF On ... and Off
86(3)
Making Server Applications Work with Windows Firewall
89(23)
Creating Port Exceptions
89(12)
Permitting Ping: ICMP Exceptions
101(3)
Creating a Program Exception
104(7)
Temporarily Halting All Exceptions
111(1)
Automatic Exceptions: IPsec Bypass
112(8)
What IPsec Bypass Can Do for You
112(1)
How IPsec Bypass Works, in Short
113(1)
How to Set Up IPsec Bypass
114(6)
Watching WF
120(2)
Configuring Logging From the GUI
120(1)
Configuring Logging from the Command Line
121(1)
Configuring Logging from Group Policies
121(1)
Summary
122(1)
Thwarting Mobile Thieves: Blocking USB Memory Sticks
123(4)
Making USB Devices Read-Only
124(1)
Is This of Any Value?
124(1)
Summary
125(2)
Supporting Clients with Windows Terminal Services
127(74)
Why Care about Terminal Services?
127(6)
Centralized Deployment of Applications
129(1)
Supporting Remote Users
130(1)
Supporting PC-Unfriendly Environments
130(2)
Fewer Hardware Refreshes
132(1)
Simplifying the User Interface
132(1)
Providing Help Desk Support
132(1)
The Terminal Server Processing Model
133(6)
Son of Mainframe?
133(1)
Anatomy of a Thin Client Session
134(5)
Server and Client Requirements
139(4)
Server Hardware
139(2)
Client Hardware
141(2)
Installing (or Removing) Support for Terminal Services
143(2)
Creating a New Terminal Server Client
145(3)
PC-Based RDP Clients
145(1)
Setting Up and Connecting a Windows-Based Terminal
145(2)
Setting Up a Handheld PC
147(1)
Creating, Deleting, and Modifying Connections
148(4)
Editing Client Account Settings
152(17)
Remote Control
153(2)
Session Time-Outs
155(2)
Setting Client Path Information
157(5)
Configuring Terminal Services for All Connections
162(7)
Terminal Services Licensing
169(8)
The Terminal Services Licensing Model
169(1)
Understanding Session Licensing
169(3)
The Terminal Server Licensing Tool
172(5)
Application Licensing
177(1)
Configuring Applications for a Multiuser Environment
177(8)
Choosing Applications
177(2)
Making Your Applications Play Well with Others
179(6)
Managing Terminal Sessions
185(10)
Introducing Command-Line Tools
185(2)
Using the Terminal Services Manager
187(8)
Troubleshooting Connection Problems
195(3)
Licensing Problems
195(2)
Permission Problems
197(1)
Network Problems
197(1)
Using Remote Administration Mode
198(2)
Enabling Remote Administration
198(1)
Connecting to Remote Servers Using the Remote Desktops Tool
198(1)
Questions about Using Remote Administration
199(1)
Summary
200(1)
Tightening Security with the Security Configuration Wizard
201(32)
Warning: Using SCW May Void Your Warranty!
201(1)
Building a Test System
202(1)
Installing Security Configuration Wizard
202(1)
SCW's Scope
202(1)
Running the Security Configuration Wizard
203(25)
Phase One: SCW Reads Its Database and Your System
203(3)
Phase Two: Which Services Can Go?
206(3)
Phase 3: Port Lockdown with WF and IPsec
209(6)
Tightening Security with Registry Settings
215(6)
Change Audit Settings? Perhaps Not
221(2)
Securing Internet Information Services (IIS)
223(3)
Finishing Up SCW
226(2)
Working with SCW Policies, Post-Wizard
228(4)
Looking at an SCW Policy
229(1)
Creating a GPO from an SCW Policy
229(1)
Applying an SCW Policy Remotely
229(3)
Summary
232(1)
Part 2 New to R2
233(450)
Setting Up Windows Server 2003 R2
235(12)
Two CDs, Four Names
235(1)
Upgrade Your AD Schema
236(1)
R2 Installation Options
237(1)
Hand-Installed Clean Builds of R2
237(4)
Installing R2, Part 1
238(1)
Installing R2, Part 2
238(2)
Manage Your Server
240(1)
Upgrading a 2003 SP1 System With Setup2.exe
241(2)
Where This Falls Down: Mixed Build Types
242(1)
Running Setup2.exe Unattended
243(1)
Performing a Complete Unattended R2 Install
244(1)
Installing the R2 Admin Pack on XP
244(1)
Summary
245(2)
Using MMC 3.0, R2's New Interface
247(4)
MMC Feature 1: The Actions Pane
247(2)
MMC Feature 2: Add/Remove Snap-ins
249(1)
Summary
249(2)
Print Management Gets Easier: Print Management Console
251(14)
The Print Management Console: An Overview
251(1)
Installing the Print Management Console
252(1)
Adding New Printers
253(2)
Automatically Detecting Network Printers
253(1)
Manually Installing New Printers
253(1)
Deploying Printers to the Masses
254(1)
Configuring and Viewing Settings and Resources
255(3)
Managing Printer Drivers
255(2)
Viewing and Editing Port Settings
257(1)
Viewing Forms
257(1)
Monitoring Print Job Status and Creating Alerts
258(4)
Monitoring Printers and Job Status
258(1)
Using Custom Filters
258(4)
Managing Printer Queues from the PMC
262(1)
Adding Remote Print Servers to the PMC
263(1)
Summary
264(1)
Watching Your Disks with Storage Reports Management
265(14)
Installing File Server Resource Manager
265(2)
Configuring File Server Resource Manager to Email Reports
267(1)
Generating Your First Storage Report
268(4)
Report Output
270(2)
Report Formats
272(1)
Let's Meet the Other Reports
272(1)
Scheduling Reports to Run
273(2)
Finding Saved Reports
275(2)
Customizing Your Reports
276(1)
Problems Customizing Reports
276(1)
Deleting Scheduled Report Tasks
277(1)
Summary
277(2)
Controlling Folder Usage: Quotas and File Screens
279(28)
Quota Management
279(13)
Creating a Quota
280(7)
Quota Templates
287(4)
Exporting and Importing Quota Templates
291(1)
Viewing Quota Details
291(1)
File Screens
292(8)
Creating a File Screen
293(6)
Creating File Screen Exceptions
299(1)
Creating and Editing File Groups
300(5)
File Screen Templates
302(1)
Using, Creating, and Updating File Screen Templates
302(2)
Exporting and Importing File Screen Templates and File Groups
304(1)
Summary
305(2)
R2's New Distributed File System Namespace (DFSN) and Distributed File System Replication (DFSR)
307(54)
First Things First---Installing the DFS Management Snap-in
307(3)
Terminology
309(1)
Creating DFS Namespace and Folders
310(20)
Creating the DFS Namespace
310(5)
Adding Folders to the DFS Namespace
315(2)
Clients Accessing the DFS Namespace
317(2)
What Is a Target?
319(1)
Creating a Root Target
319(2)
Clients Accessing the DFS Namespace Now
321(5)
Delegating Management Permissions
326(1)
Maintenance of Folder Targets
327(1)
Mixing OSes
328(2)
DFS Replication
330(18)
Creating a Replication Group
332(16)
What's New on the Namespace Servers Now?
348(1)
The DFSR Process
349(8)
Step 1: \\Server1\Budget\File1.Doc Is Created
349(5)
Step 2: File Is Replicated from Server1 to Server2
354(1)
Monitoring DFSR
355(2)
Troubleshooting Conflicts, Morphs, and Journal Wraps, Oh No!
357(3)
Journal Wraps
358(2)
Summary
360(1)
Communicating and Collaborating with Windows SharePoint Services
361(194)
SharePoint Services: The Wizard Behind the Curtain
363(3)
About SharePoint's Two Initial Websites
364(1)
About SharePoint's Two, Coinciding, Initial Databases
364(1)
About WMSDE
365(1)
About User Account Modes
365(1)
About SharePoint's Dependence on Email
366(1)
About FrontPage Extensions (Just Say No)
366(1)
About SharePoint Services Hardware Requirements
366(1)
On to the Installation
366(9)
Typical Install
368(7)
Windows SharePoint Services---Using SharePoint Out of the Box
375(96)
Web Parts
377(13)
Quick Launch Bar (and Other Navigational Goodies)
390(2)
Lists
392(39)
Document Libraries
431(21)
Workspaces and Subsites
452(19)
Administration
471(69)
Central Administration
472(12)
Virtual Server Settings
484(14)
Top-Level Site Administration
498(14)
Site Settings
512(6)
Working with Permissions
518(22)
Backup and Recovery
540(14)
Backing up a Site Using a Template
540(6)
Using STSADM.EXE Command-line Tool to Back up and Restore Site Collections
546(5)
Backup and Restore using SMIGRATE.EXE
551(3)
Summary
554(1)
Unix and Windows 1: Network File System
555(36)
NFS Concepts
556(2)
Connecting to NFS Shares
556(1)
NFS Access and Authentication
556(1)
NFS Under the Hood
557(1)
Installing and Configuring Services for NFS
558(6)
Authentication Options
559(1)
Installing Services for NFS
560(1)
Configuring Services for NFS
561(3)
Active Directory Lookups for NFS
564(3)
User Name Mapping
567(10)
Configuring User Name Mapping
568(4)
Accepting Remote Mapping Requests
572(1)
Configuring Multiple UNM Servers
573(1)
Creating a UNM Pool
574(1)
Command-Line UNM Administration: MAPADMIN
575(2)
Creating NFS Shares
577(4)
Creating NFS Shares in Explorer
577(2)
Using NFSSHARE
579(1)
Creating Client Groups
580(1)
Connecting to NFS Shares from Unix Clients
581(2)
NFS and NTFS Permissions
583(1)
NFS Clients for All: R2 and Services for Unix 3.5
584(6)
Configuring the NFS Client
585(1)
Mounting NFS Shares
586(3)
Command-Line Administration
589(1)
Summary
590(1)
Unix and Windows II: Network Information Service (NIS)
591(34)
NIS Concepts
591(3)
Services for NIS on Windows Server 2003 R2
594(1)
Setting up Services for NIS
595(5)
Extend the Active Directory Schema
595(1)
Install and R2 DC in the Domain
595(1)
Install Identity Management for Unix on the R2 DC
596(4)
Map Migration
600(12)
Trial Migration with the Migration Wizard
600(7)
Associating AD and Unix Accounts: The Whole Story
607(2)
Map Migration with NIS2AD
609(1)
Post-Migration Tour and Testing
610(2)
Staging the Coup: Taking Over as NIS Master
612(2)
Managing Subordinate NIS Servers
614(4)
Adding and Removing Subordinate NIS Servers
615(1)
Promoting an R2 Subordinate to an NIS Master
615(1)
Propagating Maps to Unix Subordinates
616(2)
Care and Feeding of NIS Maps
618(5)
Create and Migrate Nonstandard Maps
618(2)
Modifying the NIS Map Data
620(3)
Summary
623(2)
Unix and Windows III: Password Synchronization
625(24)
Password Synchronization Concepts
626(2)
Install Password Synchronization on All DCs
626(1)
Password Policies
627(1)
User Names
627(1)
Supported Unix Platforms
628(1)
Windows to Unix Synchronization Options
628(2)
AD NIS Synchronization
628(1)
Synchronize Windows Passwords with a Unix NIS Master
628(1)
Synchronize Windows Passwords with Unix Hosts
629(1)
Unix to Windows Synchronization Options
630(2)
Two-Way Synchronization
631(1)
Using Multiple Password Synchronization Options
632(1)
Installing and Configuring the Password Synchronization Components
632(15)
Install and Configure PSWDSYNC
632(6)
Configure Windows to Unix Synchronization
638(6)
Unix to Windows Synchronization
644(2)
Synchronizing Password Changes from NIS to Windows
646(1)
Summary
647(2)
Active Directory Federation Services (ADFS)
649(18)
The Technology behind Identity Federation
650(2)
Understanding the Web Services Federation Standards---XML, SAML, and WS-Federation
650(2)
Designing an ADFS Deployment
652(2)
The Different Pieces of ADFS
653(1)
Installing and Deploying ADFS
654(12)
Installation Requirements for ADFS
655(1)
Installing ADFS
655(10)
Putting ADFS to Work
665(1)
Summary
666(1)
Active Directory Application Mode (ADAM)
667(16)
The Capabilities of ADAM
667(2)
How ADAM Is Different from AD
669(1)
Installing ADAM
669(4)
Managing ADAM
673(4)
Using ADAM ADSIEdit to Add Objects
673(2)
Viewing and Modifying ADAM Permissions
675(1)
Querying ADAM
676(1)
Integrating AD with ADAM
677(5)
Adding AD Data to ADAM
679(2)
Authenticating to ADAM
681(1)
Summary
682(1)
Index 683

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.