|
p-node (peer node), 419, 465
packet event logging, 755–756
packet filtering
choices for, 268–269
firewall, 762
methods of RRAS, 279
packet header structure, 230
Packet Signature and Encryption field, 721
Packet Signature with the AH Header field, 721
packets
described, 149, 569
IPSec, 710–711, 728
in NAT process, 296–297
Padding field, ESP trailer, 720
Padding Length field, ESP trailer, 720
page files, 561–562
PAP (Password Authentication Protocol), 509–511
parent domain
delegating authority to child domain, 347
DNS and AD, 361–362
name, choosing, 358–359
parity block, 623
partitions, 120, 602
See also application directory partition
passive hubs, 240
password
adding to InetOrgPerson accounts, 86
administrative password for WAP, 814
in custom security template, 132, 134
with DSN, 128
for IAS server, 312
user account security, 798–799
Password Authentication Protocol (PAP), 509–511
password-based authentication methods, 509–511
Password Expiration problem, 835–836
password must meet complexity requirement, 825
password policies
applying to all clients, 852
Group Policy to enforce, 785
options of, 824–825
passwords
Connection Manager security and, 325
PDC emulator and, 61
strong passwords, 118–119
patches
importance of, 831
with Software Update Services, 837–847
from Windows Update Web site, 115–117
pathping command, 272
PDC (primary domain controller) emulator, 61
PEAP (Protected Extensible Authentication Protocol), 810–811
peer node (p-node), 419, 465
perfect forward secrecy (PFS), 743
performance
baseline for server cluster, 657
network planning and, 16
optimizing network, 198–199
of WINS, 444–449
Performance console, 415–416
performance counters
commonly referenced, 572–573
data, assessing, 576–578
log files, 574–578
System Monitor, 196
for WINS, 445
Performance Logs and Alerts function, 573–574, 578
Performance Monitor, 45
perimeter network, 257, 258
period (.), 345
Permcopy.exe, 830–831
permissions
Active Directory, 786, 787–788
for database server security, 127–128
NTFS, 22, 669, 788–789
printer, 124–125
with rootsec template, 96
share, 789–790
supported by AD, 783–784
for terminal servers, 130
user rights vs., 826
persistent connections, 306, 431
personal identification number (PIN), 897
PFS (perfect forward secrecy), 743
phone lines, 488
phone number, 525
Physical Disk resource, 642
Physical layer, OSI model, 237, 239
physical printer, 24
physical security
of domain controllers, 790
of NLB, 691
of print servers, 124
of server cluster, 667
of servers, 113–114
PIN (personal identification number), 897
PING
ICMP and, 162
IPv6 parameters, 191–192
testing TCP/IP connections with, 271, 279
PKCS (Public Key Cryptography Standard), 864
PKI. See Public Key Infrastructure (PKI)
plan
network, documenting, 36–38
test network, 29–30
planning mode, 765, 768
Point-to-Point network, 232
Point-to-Point Protocol (PPP), 314, 488
Point-to-Point Tunneling Protocol (PPTP)
described, 307
packet filters, 269
for VPN remote access, 496–497
pointer record (PTR)
for DNS server, adding, 356
of resource record, 342
for reverse lookup zones, 352
update with DNS/DHCP interaction, 387–389
policies, IPSec
AD based, 747–749
assigning/applying in Group Policy, 746–747
custom, 734–746
default, 732–734
managing, 772
policy
assignment information, 752
enabling remote access by, 494–495
See also password policies; remote access policies; security policies
POP3 (Post Office Protocol), 68–69
port rules
filtering modes, 679–680
in NLB cluster creation, 694–695, 698
Port Rules window, 694
ports
DNS ports and security, 412
of hubs, 239
port switching, 243
positive answer, 351
Possible Owners property, 648, 649–650
Post Office Protocol (POP3), 68–69
power-management features, 662
power sources, redundant, 625
PPP (Point-to-Point Protocol), 314, 488
PPTP. See Point-to-Point Tunneling Protocol (PPTP)
pre-shared keys, 716, 763–764
#PRE tag, 420
predefined templates, 95–97
Preferred Owners property
failover ring order and, 651
setting, 649, 650
Presentation layer, OSI model, 238
primary domain controller (PDC) emulator, 61
primary master server, 373
primary server, 347
Print permission, 124, 125
print queue, 24–25
print servers
defined, 57
securing, 122, 124–125
print services, 24–25
printer permissions, 124–125
printer pool, 24
printer servers, 62
priority, 564
privacy, 802
private DNS namespace, 357
private IP addresses
address blocks defined as, 214
uses of, 174–175
private key
in Public Key Infrastructure, 69–70
of Server 2003, 865
private root zone, 408
privileges, 827
processor affinity, 564
processors
performance and, 563–564
requirements for Windows OSs, 80
project collaboration, 19–21
Properties dialog box, 295–296
property set, 788
Protected Extensible Authentication Protocol (PEAP), 810–811
protocol field, 218
protocols
authentication, 810–812
multiprotocol environments, 153–156
network testing and, 31
NLB support of, 689
nonroutable transport protocols, 150
requirements, identifying, 149–151
routable, 152
Server 2003 supported, 569
supported by Windows, 153
VPN protocols, 306–307, 496–497
Web server protocols, 66
See also routing protocols; specific protocol names
protocols, IPSec
AH, 721–722
IPSec ESP, 719–720
ISAKMP/IKE, 722–724
overview of, 718
primary, 712
proxy servers
internal DNS root zone with, 367–368
IPSec/IKE traffic and, 723
redundancy with, 620
PTR. See pointer record (PTR)
public DNS namespace, 357
public key, 69–70
Public Key Cryptography Standard (PKCS), 864
Public Key Infrastructure (PKI)
CAs, implementing, 875–887, 908–909
CAs, overview of, 870–872
certificates, enrollment/distribution of, 887–897, 909–910
components of, 867–868
cryptography, 864–867
described, 69–70
digital certificates, 868–870
function of, 867
for L2TP, 497
Microsoft certificate services, 872–875
overview of, 863–864
purpose of, 907
Server 2003 certificate-based, 862–863, 908
Smart Card authentication, 897–906
Public Key Interoperability, 871
public keys, 865
pull-only replication, 433
pull replication partnership
convergence time and, 427
push replication vs., 474
settings, 432–433
troubleshooting, 460
pull request, 430
push notification, 430–431, 434
push-only replication partnership, 432
push partnerships
manually starting push notification, 431–432
process of, 430
settings, 431
push/pull replication partnership
convergence time and, 427
described, 433–434
push replication partnership
convergence time and, 427
pull replication vs., 474
troubleshooting, 460
|