Introduction
Part 1 Exam 70-219: Designing a Microsoft Windows 2000 Directory Services Infrastructure
Chapter 1 Defining Directory Services
Common Understanding of Directory Services
Directory Services and Meta-Information
History and Types of Directory Services
Predicting the Future: Meta-Directories
Active Directory 'from the Top Down
Forests
Trees
Domains
Organizational Units
Lower-Level Objects
Data and Attributes
Sites
Directory Services in Different Versions of Windows
Top Reasons to Implement Windows 20(X) and Active Directory
Top Reasons to Implement Windows 20(X),
Top Reasons to Implement Active Directory
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 2 Analyzing Business Requirements
Analyzing the Existing and Planned Business Models
Analyzing the Company Model and the Geographical Scope
Analyzing Company Processes
Management
Company Organization
Vendor Partner and Customer Relationships
Acquisition Plans
Analyzing Factors That Influence Company Strategies
Identifying Company Priorities
Identifying the Projected Growth and Growth Strategy
Identifying Relevant Laws and Regulations
Identifying the Company's Tolerance for Risk
Identifying the Total Cost of Operations
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 3 Analyzing Technical Requirements
Evaluating Existing and Planned Technical Environment
Analyzing Company Size and User and Resource Distribution
Assessing Available Connectivity
Assessing Net Available Bandwidth
Analyzing Performance Requirements
Analyzing Data- and System-Access Patterns
Analyzing Network Roles and Responsibilities
Analyzing Security Considerations
Analyzing the Impact of Active Directory
Assessing Existing Systems and Applications
Identifying Existing and Planned Upgrades and Rollouts
Analyzing the Technical Support Structure
Analyzing Existing and Planned Network and Systems Management
Analyzing the Business Requirements for Client-Desktop Management
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 4 Designing a Directory Service Architecture
Designing an Active Directory Forest and Domain
Designing a Forest and Schema Structure
Designing a Domain Structure
Analyzing and Optimizing Trust Relationships
Designing an Active Directory Naming Strategy
Establishing the Scope of the Active Directory
Designing the Namespace
Planning DNS Strategy
Designing and Planning Organization Units
Developing an OU Delegation Plan
Planning Group Policy Object Management
Planning Policy Management for Client Computers
Planning for Coexistence
Designing an Active Directory Site Topology
Designing a Replication Strategy
Defining Site Boundaries
Designing a Schema Modification Policy
Designing an Active Directory Implementation Plan
Single-Domain Windows NT System
Single-Master-Domain Windows NT System
Multiple-Master-Domain Windows NT System
Complete-Trust-Domain Windows NT System
A New Windows 2000 Domain
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 5 Designing Your Service Locations
Designing the Placement of Operations Masters
Understanding the Roles of Operations Masters
Schema Master
Domain Naming Master
Primary Domain Controller Emulator
Infrastructure Master
Relative Identifier Master
Role Placement
Permissions
Role Changing
Disaster Recovery
Designing the Placement of Global Catalog Servers
Global Catalog Servers
Global Catalog Server Placement Considerations
Designing the Placement of Domain Controller Servers
DNS Zone Planning
DNS Lookup Zones
DNS Zone Types
Where, Oh Where Should My DNS Go?
Designing the Placement of DNS Servers
Design 1
Design 2
Design 3
Design 4
Next Steps
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Part II Exam 70-220: Designing Security for a Microsoft Windows 2000
Chapter 6 Introduction to Security
Intruder Perspectives
The Business Case
Technical Tangents of Networking and Security
User and Group Account Management
Machine Security
Network and Communication Security
Public Key Infrastructure (PKI)
The Security Life Cycle
Discovery
Design
Testing
Deployment
Evaluation
Final Steps-Feedback
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 7 Analyzing Business and Technical Requirements
Defining Security in the Enterprise
Evaluating Business Factors That Affect Security Planning
Analyzing the Existing and Planned Business Models
Analyzing Business Factors That Influence Company Strategies
Evaluating Your Technology Options in Security Planning
Analyzing the Physical and Information-Security Models
Understanding the Logical Layout of Services and Applications
Understanding the People Factor in Security Planning
Analyzing Business and Security Requirements for the End User
Analyzing Network Roles and Responsibilities
Evaluating Specific Security Vulnerabilities
Lack of IT Staff Education
Ineffective, Incomplete, or Missing Corporate Security Policies
User Education
Proactive Anti-Hacking Measures
Disaster Recovery Plan
Security Hotspots
Catywhompus Construction Updates
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Additional Resources and Information
Chapter 8 Analyzing Security Requirements
Assessing Your Current Environment
Vulnerabilities
Creating a Baseline
Developing a Security Policy
Authenticating All User Access to System Resources
Applying Appropriate Access Control to All Resources
Establishing Appropriate Trust Relationships Between Multiple Domains
Enabling Data Protection for Sensitive Data
Setting Uniform Security Policies
Deploying Secure Applications
Managing Security Administration
Implementing Your Security Policy
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 9 Designing a Windows 2000 Security Solution
Windows 2000 Security Policies
Audit Policies
Delegation of Authority
Policy Inheritance
Encrypting File System (EFS)
Design an Authentication Strategy
Authentication Methods
Security Group Strategy
Design a Public Key Infrastructure
Certificate Authority Hierarchies
Certificate Server Roles
Managing Certificates
Third-Party Certificate Authorities
Design Windows 2000 Network Services Security
DNS Security
Remote Installation Services (RIS) Security
SNMP Security
Terminal Services Security
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 10 Designing a Security Solution for Access Between Networks
Accessing the Internet
Proxy Server
Firewall
Gateway
Internet Connection Server
Common Internet File System (CIFS)
IP Security (IPSec)
Windows 2000's Default IPSec Policies
Policy Configuration
Testing Your IPSec Configuration
Virtual Private Networks (VPNs)
The VPN Server
Installing a VPN Client
Lab Exercise 10.15: Install a VPN Client
Remote Access Service
Remote Access Authorization
Chapter Review
Questions
Answers.
Key Skill Sets
Key Terms
Chapter 11 Designing Security for Communication Channels
Common Communication Channel Attacks
Designing a Signing Solution with the Server Message Block Protocol
SMB Signing Implementation
Designing IP Layer Security
Selecting IPSec Mode
Planning IPSec Protocol Usage
Using Predefined IPSec Policies
IPSec Implementation Components
Designing an IPSec Management Strategy
Defining Security Levels
Designing Negotiation Policies
Designing Security Policies and Policy Management
Designing IPSec Encryption
Designing IPSec Filters
IPSec Best Practices
Verifying IPSec Communications
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Part III Exam 70-221: Designing a Microsoft Windows 2000 Network Infrastructure
Chapter 12 Overview of Designing a Network Infrastructure
Windows 2000 Networking Services Design Overview
The Networking Services Deployment Cycle
Designing the Networking Services
Testing the Design
Implementing the Design
Managing the Network Services
Microsoft Windows 2000 Networking Services
Lab Exercise 12. 1: Developing a Design Approach
The Network Foundation
Base Protocol Support-TCP/IP
Automated Client Configuration-DHCP
Resolving Host Names-DNS
Lab Exercise 12.2: Solving a Name Resolution Design Problem
Resolving NetBIOS Names-WINS
Designing Internet Connectivity
Network Address Translation-NAT
Microsoft Internet Security and Acceleration Server
Designing Routing and Remote-Access Connectivity
Remote Access
RADIUS and IAS
IP Routing
Putting It All Together: Integrating the Network Services Infrastructure
Creating Performance Monitor Log Files
Defining the Network Design Attributes
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 13 Analyzing Business and Technical Requirements
Analyzing the Business
Analyzing the Geographical Scope and Existing and Planned Business Models
Analyzing Company Processes
Analyzing the Existing and Planned Organizational Structures
Analyzing Factors That Influence Company Strategies
Analyzing the IT Management Structure
Business Requirements Analysis Checklist
Evaluating the Company's Technical Requirements
Documenting the Existing Infrastructure Design
Analyzing Client Computer Access Requirements
Analyzing the Existing Disaster-Recovery Strategy
Directions
Business Background
Current System
IT Management Sample Interviews
Envisioned System
Case Study Questions f BTI Analysis
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 14 Designing a Network Infrastructure Using TCP/IP
TCP/IP Background
TCP/IP Protocol Suite
TCP/IP Standards
TCP/IP Protocol Architecture
Key TCP/IP Design Considerations
Windows 2000 TCP/IP Features
Windows 2000 TCP/IP Services
Designing a Functional TCP/IP Solution
IP Addressing Review
Private Network IP Addressing
Subnet Requirements
IP Configuration Approaches
TCP/IP Design for Improving Availability
TCP/IP Design for Improving Performance
Optimizing IP Subnetting
Optimizing Traffic on an IP Network
Using QoS Mechanisms
TCP/IP Security Solutions
Packet Filtering Techniques
Data Encryption Design
IPSec Encryption Algorithms
IPSec Authentication Protocols
IPSec Internet Key Exchange
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 15 Designing an Automated IP Configuration Solution Using DHCP
Key DHCP Features
Management Features
Enhanced Monitoring and Statistical Reporting
DNS and WINS Integration
Rogue DHCP Server Detection
User-Specific and Vendor-Specific Option Support
DHCP Server Clustering
Multicast IP Address Allocation
DHCP Client Support
Automatic Client Configuration
Local Storage
BOOTP Client Support
Combining DHCP with Other Services
Active Directory Integration
Dynamic Updates in the DNS Namespace
Routing and Remote Access Integration
DHCP Design Choices
Functional Aspects of Designing a DHCP Solution
Using DHCP Servers on the Network
Configuring and Selecting TCPHP Options on the Network
Providing IP Configuration Management to BOOTP and Non-Microsoft Clients
DHCP Sample Design for a Single Subnet LAN
DHCP Example Design for a Large Enterprise Network
DHCP Example Design for a Routed Network
Relay Agent Deployment
DHCP and Routing and Remote Access
DHCP Server Placement
Creating a DHCP Solution to Ensure Service Availability
Distributed Scope Solution
Clustering Solution
Creating a DHCP Solution to Enhance Performance
Increasing Performance of Individual DHCP Servers
Increasing Performance by Adding DHCP Servers
Designing a Secure DHCP Solution
Preventing Unauthorized Windows 2000 Servers
Security Risks Using DHCP in DMZ Networks
Directions
Scenario
Design Requirements and Constraints
Envisioned System
Availability
Performance
Security
Proposed System
Chief Technology Officer's Comments
Case Study Questions
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 16 Creating a DNS Name-Resolution Design
The Domain Name System Solution
New Features in the Windows 2000 Implementation of DNS
Resolution Improvements
Key Components of DNS
DNS Resolution Process
Resource Load-Sharing Control
Collecting Information for the DNS Design Decisions
Creating a Functional Windows 2000 DNS Strategy
DNS Zones and Zone Types
DNS Server Placement and Zone Type Considerations
Integrating DNS and WINS
Integrating with BIND and Windows NT 4.0 DNS Servers
Internet Access Considerations
Existing Namespace Integration Issues
Hands-On Section Exercises
Availability Considerations in Windows 2000 DNS Designs
Optimization Strategies in Windows 2000 DNS Designs
Server Capacity Optimization
Monitoring Server Performance
Query Resolution Optimization
Reducing the Impact of Server-to-Server Traffic on the Network
Security Strategies in DNS Designs
Secured Dynamic Update
Controlling Update Access to Zones
DNS Dynamic Updates from DHCP and Windows 2000
DNS Zone Replication
DNS in Screened Subnets
Hands-On Section Exercises
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 17 Designing with WINS Services and DFS
The Microsoft WINS Solution
WINS Background
NetBIOS Name Resolution
Creating a WINS Design
Initial WINS Design Steps
Designing a Functional WINS Solution
Enhancing WINS Availability
Optimizing WINS Performance
Securing a WINS Solution
Designing a Distributed File System (DFS) Strategy
DFS Architecture
DFS Platform Compatibility
DFS Features
Key DFS Terms
Placing a DFS Root
DFS Root Replica Strategy for High Availability
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 18 Designing Internet and Extranet Connectivity Solutions
Firewalls
Common Firewall Technologies
Firewall Placement
Demilitarzed Zones or Screened Subnets
Routing and Remote Access
Windows 2000 Network Address Translation
Designing a Functional NAT Solution
Designing for NAT Availability and Performance
NAT Security Considerations
Outbound Internet Traffic
Inbound Internet Traffic
VPNs and Network Address Translators
Internet Connection Sharing
Web Caching with a Proxy Server
What Does a Proxy Server Do?
Protecting the Network
Microsoft Proxy Server
Designing a Functional Proxy Server Solution
Designing for Proxy Server Availability and Performance
Proxy Server Security Considerations
Comparing Internet-Connection Sharing Solutions
Scenario
Case Study Question
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 19 Designing a Wide Area Network Infrastructure
Connecting Private Networks Using RRAS
Installing and Configuring RRAS
Routing for Connectivity Between Private Networks
Designing a Functional Routing Solution
Securing Private Network Connections
Optimizing a Router Design for Availability and Performance
RRAS Solutions Using Demand-Dial Routing
Designing Remote-User Connectivity
Designing a VPN Strategy
Designing Remote-Access Dial-Up Solutions
Designing a Dial-Up or VPN Solution in a Routed Network
Performance and Availability Design Considerations
Security Considerations
VPN Best Practices
Dial-Up Best Practices
Designing a Remote-Access Solution Using RADIUS
Integrating Authentication with RADIUS
Why Use IAS?
Designing a Functional RADIUS Solution
RADIUS Fault-Tolerance and Performance Solutions
Security Considerations for RADIUS
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Chapter 20 Designing a Management and Implementation
Strategy for Windows 20O0 Networking
Network Services Management Strategies
Identifying Management Processes
Monitoring the Network Services Status
Analyzing the Information
Reactive and Proactive Response Strategies
Combining Networking Services
Benefits of Combining Networking Services
Constraints on Combining Networking Services
Security Issues Related to Combining Services
Combining Networking Services That Are Cluster-Aware
Optimizing Performance by Combining Services
Chapter Review
Questions
Answers
Key Skill Sets
Key Terms
Part IV Bringing lt All Together
Chapter 21 The Holistic Windows 2000 Design Process
Building Blocks
Active Directory Active Directory
Security
Network Infrastructure
Common Elements
Next Steps-Life as an MCSE
Chapter Review
Part V Appendixes
Appendixes A More Case Study Analyses and Questions
Four Case Studies for Analysis
Exam Questions on the Topics Presented in this Book
Encrypting File System (Six Questions)
Auditing (Three Questions)
Public Key Infrastructure (11 Questions)
Internet Protocol Security (Six Questions)
Active Directory Services (27 Questions)
Appendixes B MCSE Certification Specifics
Microsoft's New Certification Track
Your Commitment to Getting Certified
Role of Real-World Experience
Opportunities for MCSEs
Compensation
Ongoing Certification Requirements
Life as an MCSE Professional
work
Continuing Education
Conferences
User Groups
Certification Exam Objectives
Exam 70-210: Installing, Configuring, and Administering
Microsoft Windows 2000 Professional
Exam 70-215: Installing, Configuring, and Administering
Microsoft Windows 2000 Server
Exam 70-216: Implementing and Administering a Microsoft
Windows 2000 Network Infrastructure
Exam 70-217: Implementing and Administering a Microsoft
Windows 2000 Directory Services Infrastructure
Exam 70-219: Designing a Microsoft Windows 200() Directory
Services Infrastructure
Exam 70-220: Designing Security for a Microsoft Windows 2000 Network
Exam 70-221: Designing a Microsoft Windows 2000 Network Infrastructure
Appendixes C Case Study Analysis Approach
Case Study Method
Management Value
How to Approach a Case