BackCover


Back Cover

The MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure (Exam 70-293) Study Guide is a one-of-a-kind integration of text, and Web-based exam simulation and remediation. This system gives you 100% coverage of the official Microsoft 70-293 exam objectives.

  • Completely Guaranteed Coverage of All Exam Objectives
  • Fully Integrated Learning
  • Step-by-Step Exercises
  • Exam-Specific Chapter Elements
  • Test What You Learned


MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure—Exam 70-293 Study Guide

Martin Grasdal
Laura E. Hunter
Michael Cross

Laura Hunter Technical Reviewer
Debra Littlejohn Shinder Technical Editor
Dr. Thomas W. Shinder Technical Editor

Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work.

There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state.

In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files.

Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc. “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.

KEY

SERIAL NUMBER

001

TH33SLUGGY

002

Q2T4J9T7VA

003

82LPD8R7FF

004

Z6TDAA3HVY

005

P33JEET8MS

006

3SHX6SN$RK

007

CH3W7E42AK

008

9EU6V4DER7

009

SUPACM4NFH

010

5BVF3MEV2Z

PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370

Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide & DVD Training System

Copyright © 2003 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

Printed in the United States of America

1 2 3 4 5 6 7 8 9 0

ISBN: 1-931836-93-0

Technical Editors: Debra Littlejohn Shinder

Cover Designer: Michael Kavish

Dr. Thomas W. Shinder

Page Layout and Art by: John Vickers

Technical Reviewer: Laura E. Hunter

Copy Editor: Michelle Melani and Marilyn Smith

Acquisitions Editor: Jonathan Babcock

Indexer: Nara Wood

DVD Production: Michael Donovan

DVD Presenter: Laura Hunter

Acknowledgments

We would like to acknowledge the following people for their kindness and support in making this book possible.

Will Schmied, the President of Area 51 Partners, Inc. and moderator of www.mcseworld.com for sharing his considerable knowledge of Microsoft networking and certification.

Karen Cross, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin Votel, Kent Anderson, Frida Yara, Jon Mayes, John Mesjak, Peg O’Donnell, Sandra Patterson, Betty Redmond, Roy Remer, Ron Shapiro, Patricia Kelly, Andrea Tetrick, Jennifer Pascal, Doug Reil, David Dahl, Janis Carpenter, and Susan Fryer of Publishers Group West for sharing their incredible marketing experience and expertise.

The incredibly hard working team at Elsevier Science, including Jonathan Bunkell, AnnHelen Lindeholm, Duncan Enright, David Burton, Rosanna Ramacciotti, Robert Fairbrother, Miguel Sanchez, Klaus Beran, and Rosie Moss for making certain that our vision remains worldwide in scope.

David Buckland, Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive our books.

Kwon Sung June at Acorn Publishing for his support.

Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, Darlene Morrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates for all their help and enthusiasm representing our product in Canada.

Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at Jaguar Book Group for their help with distribution of Syngress books in Canada.

David Scott, Annette Scott, Delta Sams, Geoff Ebbs, Hedley Partis, and Tricia Herbert of Woodslane for distributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands.

Winston Lim of Global Publishing for his help and support with distribution of Syngress books in the Philippines.

A special thanks to Deb and Tom Shinder for going the extra mile on our core four MCSE 2003 guides. Thank you both for all your work.

Another special thanks to Daniel Bendell from Assurance Technology Management for his 24x7 care and feeding of the Syngress network. Dan manages our book network in a highly professional manner and under severe time constraints, but still keeps a good sense of humor.

Contributors

Martin Grasdal (MCSE+I, MCSE/W2K MCT, CISSP, CTT+, A+) is an independent consultant with over 10 years experience in the computer industry. Martin has a wide range of networking and IT managerial experience. He has been an MCT since 1995 and an MCSE since 1996. His training and networking experience covers a number of products, including NetWare, Lotus Notes, Windows NT, Windows 2000, Windows 2003, Exchange Server, IIS, and ISA Server. As a manager, he served as Director of Web Sites and CTO for BrainBuzz.com, where he was also responsible for all study guide and technical content on the CramSession.com Web sit. Martin currently works actively as a consultant, author, and editor. His recent consulting experience includes contract work for Microsoft as a Technical Contributor to the MCP Program on projects related to server technologies. Martin lives in Edmonton, Alberta, Canada with his wife Cathy and their two sons. Martin’s past authoring and editing work with Syngress has included the following titles: Configuring and Troubleshooting Windows XP Professional (ISBN: 1-928994-80-6), Configuring ISA Server 2000: Building Firewalls for Windows 2000 (ISBN: 1-928994-29-6), and Dr. Tom Shinder’s ISA Server & Beyond: Real World Security Solutions for Microsoft Enterprise Networks (ISBN: 1-931836-66-3).

Van Varnell (Master CNE, MCSE, MCDBA) is a Senior Network Analyst for Appleton, Inc. His areas of expertise are development and maintenance of high-availability systems, storage area networks and storage platforms, performance monitoring systems, and data center operations. Van has held high-level positions in the industry over the 15 years of his career including that of Windows Systems Architect for Motorola and Senior Consultant for Integrated Information Systems. Van holds a bachelor’s degree in Computer Information Systems and currently resides in Wisconsin with his wife Lisa and five children (Brennan, Kyle, Katelyn, Kelsey, and Kevin). He wishes to thank his wife and kids for being his wife and kids, and Jon Babcock of Syngress for his patience and assistance.

Michael Cross (MCSE, MCP+I, CNA, Network+) is an Internet Specialist /Computer Forensic Analyst with the Niagara Regional Police Service. He performs computer forensic examinations on computers involved in criminal investigations, and has consulted and assisted in cases dealing with computer-related/Internet crimes. In addition to designing and maintaining their Web site at www.nrps.com and Intranet, he has also provided support in the areas of programming, hardware, and network administration. As part of an Information Technology team that provides support to a user base of over 800 civilian and uniform users, his theory is that when the users carry guns, you tend to be more motivated in solving their problems.

Michael also owns KnightWare (www.knightware.ca), which provides computer-related services like Web page design, and Bookworms (www.bookworms.ca), where you can purchase collectibles and other interesting items online. He has been a freelance writer for several years, and has been published over three dozen times in numerous books and anthologies. He currently resides in St. Catharines, Ontario Canada with his lovely wife Jennifer and his darling daughter Sara.

Paul M. Summitt (MCSE, CCNA, MCP+I, MCP) has a Masters degree in Mass Communication. Currently the IT Director for the Missouri County Employees’ Retirement Fund, Paul has served as network, exchange, and database administrator as well as Web and application developer. Paul has written previously on virtual reality and Web development and has served as technical editor for several books on Microsoft technologies. Paul lives in Columbia, Missouri with his life and writing partner Mary. To the Syngress editorial staff, my thanks for letting me be a part of this project. To my kids, adulthood is just the beginning of all the fun you can have.

Rob Amini (MCSE, MCDBA, MCT) is currently a systems manager for Marriott International in Salt Lake City, Utah. He has a Bachelor’s degree in computer science and has been breaking and fixing machines since the Atari 800 was considered state of the art. In 1993 he began his professional career by fixing IBM mainframes and various unix-flavored boxes. After a long stint as a technician and systems admin, he gained fabled notoriety as a pun-wielding Microsoft trainer. Rob has continued as an instructor for more than three years and although teaching is his first love, he tends to enjoy technical writing more than a well-adjusted person should. When actually not working with and programming a variety of electronic gizmos, Rob enjoys spending every minute he can with his beautiful wife Amy and the rest of his supportive family.

Dan Douglass (MCSE+I, MCDBA, MCSD, MCT) is a software developer and trainer with a cutting edge medical software company in Dallas, Texas. He currently provides software development skills, internal training and integration solutions, as well as peer guidance for technical skills development. His specialties include enterprise application integration and design, HL7, XML, XSL, Visual Basic, database design and administration, Back Office and .NET Server platforms, network design, Microsoft operating systems, and FreeBSD. Dan is a former US Navy Submariner and lives in Plano, TX with his very supportive and understanding wife, Tavish.

Jada Brock-Soldavini is a MCSE and holds a degree in Computer Information Systems. She has worked in the Information Technology Industry for over 7 years. She is working on her Cisco certification track currently and has contributed to over a dozen books and testing software for the Microsoft exam curriculum. She works for the State of Georgia as a Network Services Administrator. When she is not working on her technical skills she enjoys playing the violin. Jada is married and lives in the suburbs of Atlanta with her husband and children.

Michael Moncur is an MCSE and CNE. He is the author of several bestselling books about networking and the Internet, including MCSE In a Nutshell: The Windows 2000 Exams (O’Reilly and Associates). Michael lives in Salt Lake City with his wife, Laura.

Technical Reviewer, DVD Presenter, and Contributor

Laura E. Hunter (CISSP, MCSE, MCT, MCDBA, MCP, MCP+I, CCNA, A+, Network+, iNet+, CNE-4, CNE-5) is a Senior IT Specialist with the University of Pennsylvania, where she provides network planning, implementation and troubleshooting services for various business units and schools within the University. Her specialties include Microsoft Windows NT and 2000 design and implementation, troubleshooting and security topics. As an “MCSE Early Achiever” on Windows 2000, Laura was one of the first in the country to renew her Microsoft credentials under the Windows 2000 certification structure. Laura’s previous experience includes a position as the Director of Computer Services for the Salvation Army and as the LAN administrator for a medical supply firm. She also operates as an independent consultant for small businesses in the Philadelphia metropolitan area and is a regular contributor to the TechTarget family of websites.

Laura has previously contributed to the Syngress Publishing’s Configuring Symantec Antivirus, Corporate Edition (ISBN 1-931836-81-7). She has also contributed to several other exam guides in the Syngress Windows Server 2003 MCSE/MCSA DVD Guide and Training System series as a DVD presenter, contributing author, and technical reviewer.

Laura holds a bachelor’s degree from the University of Pennsylvania and is a member of the Network of Women in Computer Technology, the Information Systems Security Association, and InfraGard, a cooperative undertaking between the U.S. Government and other participants dedicated to increasing the security of United States critical infrastructures.

Technical Editors

Debra Littlejohn Shinder (MCSE) is a technology consultant, trainer, and writer who has authored a number of books on networking, including Scene of the Cybercrime: Computer Forensics Handbook published by Syngress Publishing (ISBN: 1-931836-65-5), and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband Dr. Thomas Shinder, of Troubleshooting Windows 2000 TCP/IP (ISBN: 1-928994-11-3), the best-selling Configuring ISA Server 2000 (ISBN: 1-928994-29-6), and ISA Server and Beyond (ISBN: 1-931836-66-3). Deb is also a technical editor and contributor to books on subjects such as the Windows 2000 MCSE exams, the CompTIA Security+ exam, and TruSecure’s ICSA certification. She edits the Brainbuzz A+ Hardware News and Sunbelt Software’s WinXP News and is regularly published in TechRepublic’s TechProGuild and Windowsecurity.com. Deb specializes in security issues and Microsoft products. She lives and works in the Dallas-Fort Worth area and can be contacted at deb@shinder.net or via the website at www.shinder.net.

Thomas W. Shinder M.D. (MVP, MCSE) is a computing industry veteran who has worked as a trainer, writer, and a consultant for Fortune 500 companies including FINA Oil, Lucent Technologies, and Sealand Container Corporation. Tom was a Series Editor of the Syngress/Osborne Series of Windows 2000 Certification Study Guides and is author of the best selling books Configuring ISA Server 2000: Building Firewalls with Windows 2000 (Syngress Publishing, ISBN: 1-928994-29-6) and Dr. Tom Shinder’s ISA Server and Beyond (ISBN: 1-931836-66-3). Tom is the editor of the Brainbuzz.com Win2k News newsletter and is a regular contributor to TechProGuild. He is also content editor, contributor, and moderator for the World’s leading site on ISA Server 2000, www.isaserver.org. Microsoft recognized Tom’s leadership in the ISA Server community and awarded him their Most Valued Professional (MVP) award in December of 2001.

Jeffery A. Martin (MCSE, MCDBA, MCT, MCP+I, MCNE, CNI, CCNP, CCI, CCA, CTT, A+, Network+, I-Net+, Project+, Linux+, CIW, ADPM) has been working with computers and computer networks for over 15 years. Jeffery spends most of his time managing several companies that he owns and consulting for large multinational media companies. He also enjoys working as a technical instructor and training others in the use of technology.

MCSE 70-293 Exam Objectives Map and Table of Contents

All of Microsoft’s published objectives for the MCSE 70-293 Exam are covered in this book. To help you easily find the sections that directly support particular objectives, we’ve listed all of the exam objectives below, and mapped them to the number in which they are covered. We’ve also assigned numbers to each objective, which we use in the subsequent Table of Contents and again throughout the book to identify objective coverage. In some chapters, we’ve made the judgment that it is probably easier for the student to cover objectives in a slightly different sequence than the order of the published Microsoft objectives. By reading this study guide and following the corresponding objective list, you can be sure that you have studied 100% of Microsoft’s MCSE 70-293 Exam objectives.

Exam Objective Map

Objective Number

Objective

Chapter Number

1

Planning and Implementing Server Roles and Server Security

2

1.1

Configure security for servers that are assigned specific roles.

2

1.2

Plan a secure baseline installation.

2

1.2.1

Plan a strategy to enforce system default security settings on new systems.

2

1.2.2

Identify client operating system default security settings.

2

1.2.3

Identify all server operating system default security settings.

2

1.3

Plan security for servers that are assigned specific roles. Roles might include domain controllers, Web servers, database servers, and mail servers.

2

1.3.1

Deploy the security configuration for servers that are assigned specific roles.

2

Objective Number

Objective

Chapter Number

1.3.2

Create custom security templates based on server roles.

2

1.4

Evaluate and select the operating system to install on computers in an enterprise.

2

1.4.1

Identify the minimum configuration to satisfy security requirements.

2

2

Planning, Implementing, and Maintaining a Network Infrastructure

3, 4, 5

2.1

Plan a TCP/IP network infrastructure strategy.

3

2.1.1

Analyze IP addressing requirements.

3

2.1.2

Plan an IP routing solution.

3, 4

2.1.3

Create an IP subnet scheme.

3

2.2

Plan and modify a network topology.

3

2.2.1

Plan the physical placement of network resources.

3

2.2.2

Identify network protocols to be used.

3

2.3

Plan an Internet connectivity strategy.

5

2.4

Plan network traffic monitoring. Tools might include Network Monitor and System Monitor.

3

2.5

Troubleshoot connectivity to the Internet.

5

2.5.1

Diagnose and resolve issues related to Network Address Translation (NAT).

5

2.5.2

Diagnose and resolve issues related to name resolution cache information.

6

2.5.3

Diagnose and resolve issues related to client configuration.

4

2.6

Troubleshoot TCP/IP addressing.

3

2.6.1

Diagnose and resolve issues related to client computer configuration.

3

2.6.2

Diagnose and resolve issues related to DHCP server address assignment.

3

2.7

Plan a host name resolution strategy.

6

2.7.1

Plan a DNS namespace design.

6

2.7.2

Plan zone replication requirements.

6

2.7.3

Plan a forwarding configuration.

6

Objective Number

Objective

Chapter Number

2.7.4

Plan for DNS security.

6

2.7.5

Examine the interoperability of DNS with third- party DNS solutions.

6

2.8

Plan a NetBIOS name resolution strategy.

6

2.8.1

Plan a WINS replication strategy.

6

2.8.2

Plan NetBIOS name resolution by using the Lmhosts file.

6

2.9

Troubleshoot host name resolution.

6

2.9.1

Diagnose and resolve issues related to DNS services.

6

2.9.2

Diagnose and resolve issues related to client computer configuration.

6

3

Planning, Implementing, and Maintaining Routing and Remote Access

4, 7

3.1

Plan a routing strategy.

4

3.1.1

Identify routing protocols to use in a specified environment.

4

3.1.2

Plan routing for IP multicast traffic.

4

3.2

Plan security for remote access users.

7

3.2.1

Plan remote access policies.

7

3.2.2

Analyze protocol security requirements.

7

3.2.3

Plan authentication methods for remote access clients.

7

3.3

Implement secure access between private networks.

7

3.3.1

Create and implement an IPSec policy.

10

3.4

Troubleshoot TCP/IP routing. Tools might include the route, tracert, ping, pathping, and netsh commands and Network Monitor.

4

4

Planning, Implementing, and Maintaining Server Availability

8

4.1

Plan services for high availability.

8

4.1.1

Plan a high availability solution that uses clustering services.

9

Objective Number

Objective

Chapter Number

4.1.2

Plan a high availability solution that uses Network Load Balancing.

9

4.2

Identify system bottlenecks, including memory, processor, disk, and network related bottlenecks.

8

4.2.1

Identify system bottlenecks by using System Monitor.

8

4.3

Implement a cluster server.

9

4.3.1

Recover from cluster node failure.

9

4.4

Manage Network Load Balancing. Tools might include the Network Load Balancing Monitor Microsoft Management Console (MMC) snap-in and the WLBS cluster control utility.

9

4.5

Plan a backup and recovery strategy.

8

4.5.1

Identify appropriate backup types. Methods include full, incremental, and differential.

8

4.5.2

Plan a backup strategy that uses volume shadow copy.

8

4.5.3

Plan system recovery that uses Automated System Recovery (ASR).

8

5

Planning and Maintaining Network Security

10, 11

5.1

Configure network protocol security.

10

5.1.1

Configure protocol security in a heterogeneous client computer environment.

10

5.1.2

Configure protocol security by using IPSec policies.

10

5.2

Configure security for data transmission.

10

5.2.1

Configure IPSec policy settings.

10

5.3

Plan for network protocol security.

10

5.3.1

Specify the required ports and protocols for specified services.

4

5.3.2

Plan an IPSec policy for secure network communications.

10

5.4

Plan secure network administration methods.

11

5.4.1

Create a plan to offer Remote Assistance to client computers.

7

Objective Number

Objective

Chapter Number

5.4.2

Plan for remote administration by using Terminal Services.

7

5.5

Plan security for wireless networks.

11

5.6

Plan security for data transmission.

10

5.6.1

Secure data transmission between client computers to meet security requirements.

10

5.6.2

Secure data transmission by using IPSec.

10

5.7

Troubleshoot security for data transmission. Tools might include the IP Security Monitor MMC snap-in and the Resultant Set of Policy (RSoP) MMC snap-in.

10

6

Planning, Implementing, and Maintaining Security Infrastructure.

11, 12

6.1

Configure Active Directory directory service for certificate publication.

12

6.2

Plan a public key infrastructure (PKI) that uses Certificate Services.

12

6.2.1

Identify the appropriate type of certificate authority to support certificate issuance requirements.

12

6.2.2

Plan the enrollment and distribution of certificates.

12

6.2.3

Plan for the use of smart cards for authentication.

12

6.3

Plan a framework for planning and implementing security.

11

6.3.1

Plan for security monitoring.

11

6.3.2

Plan a change and configuration management framework for security.

11

6.4

Plan a security update infrastructure. Tools might include Microsoft Baseline Security Analyzer and Microsoft Software Update Services.

11