Index
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Z
A
Abstract object class, 558
Accelerators, type, in PowerShell, 441–442
Acceptable use policy, 664
Access control entries (ACEs), 21
Access control lists (ACLs), 14, 756
configuring, 529–530
in delegation, 21
in Kerberos authentication, 21
NTFS permissions and, 241
Access Control Settings, 370
Access points, wireless, 893–894
Access tokens, 348
Accidental deletion, of containers, 201
Account Operators Domain local group, 210
Account organizations, 472
Accounts, 779–784. See also Users
administrator, 780
domain password policies for, 781–784
installation security for, 766–767
lockout policies for, 6
logon events of, 358–359
management of, 359
standalone server password policies for, 781
Actions pane, in IIS, 1069
Actions properties, in Data Collection set, 1129
Active Directory
applications published in, 937
architecture of, 19–23
as chokepoint, 755
attributes in, 17
authentication by, 911
backup methods of, 271
containers in, 17
DFS folder published in, 268
distinguished names in, 18–19
domain controllers added to, 852
domain-based namespaces and, 259
features of, 15–16
file resource shares publication in, 256–257
namespaces and, 16, 268
objects in, 17
printer location naming and, 167, 170
schema in, 19
shared folders of, 239
trees and subtrees in, 17–18
UNIX identity management on, 923
upgrading and, 82–84
Active Directory Application Mode (ADAM), 15, 468
Active Directory Certificate Services, 473, 544, 810, 852, 861, 890
Active Directory Domain Services (AD DS), 227
AD LDS synchronization with, 531–533
auditing, 567–571
-configuring, 567–570
-enabling, 570–571
-objects of, 363–366
backing up, 541–545
-frequency of, 544–545
-need for, 543–544
-overview of, 541–543
-Windows Server Backup for, 545
database of, 535–541
-garbage collection in, 537
-location of, 541
-offline defragmentation of, 540–541
-online defragmentation of, 537–538
-restartable AD DS and, 538–539
-storage of, 535–536
DFS replication and, 262
groups and, 197
installing, 473–476, 495
operations masters roles and
-managing, 561–564
-seizing, 566
-transferring, 564–565
overview of, 5–6, 468
restoring, 546–552
-authoritative, 550–552
-nonauthoritative, 548–550
-Ntdsutil for domain controller removal in, 546–548
schema of, 552–566
-launching, 554–555
-modifying, 553–560
wireless deployment of remote access and, 889
Active Directory Domain Services Installation Wizard, 476–491
deployment configuration in, 478
domain controller addition and, 484
domain naming in, 479
file locations in, 482
install from media and, 486–487
installation completion by, 483
installation verification by, 484–485
operating system compatibility and, 477–478
Operations Master roles and, 565
options of, 485–486
RODC pre-creation by, 494
site objects created by, 515, 517
unattended installation and, 487–489
uninstalling AD DS by, 489–491
Windows Server 2008 functional level in, 480–482
Active Directory Domains and Trusts, 506–510
Active Directory Federation Services (AD FS), 472–473, 1103
Active Directory Lightweight Directory Services (AD LDS), 521–533
AD DS synchronization with, 531–533
features of, 522
instances and application partitions in, 523–526
managing, 526–530
overview of, 468–469
replication of, 530–531
Active Directory Restore Mode, 538
Active Directory Rights Management Services (AD RMS), 469–472
Active Directory Service Interface (ADSI), 15
Active Directory Sites and Services, 510–521
AD DS replication and, 513–514
launching, 515–521
overview of, 510–513
Active Directory Sites and Subnets Console, 169
Active Directory Users and Computers
attributes shown by, 560
computer objects and, 503
DFS folder publishing and, 268
for AD DS object viewing, 499–503
groups and, 204–206
namespace root publishing and, 268
object moving, renaming, and deleting with, 505
organizational unit deletion by, 202
PDC Emulator and Infrastructure Operations Master roles and, 566
printer publishing with, 504–505
Published Certificates viewed by, 223
remote computer management with, 504
shared folder publishing with, 504
software distribution and, 940
Adamsync synchronization, 532–533
Add Features Wizard, 816, 1018
Add Printer Wizard, 166
Add Role Wizard, 63, 134, 168, 770, 853, 966–967, 969, 1018
Add-Content cmdlet, 395, 416, 430
Address reservations, for DHCP, 590–591
Address Space Load Randomization (ASLR), 9
Admin Approval Mode (AAM), 348–349
Admin events, 370
administration.config files, 1098
Administrators Domain local group, 210
Admins group, 208, 543, 780
ADMINS special share, 255
Adprep tool, 83–84, 553
Advanced Configuration Power Interface (ACPI), 1204
Advanced mode, of Active Directory Users and Computers, 500–501
Advanced Simulation Options, 342
Advanced Technology Attachment (ATA), 618
Allocation unit, 616
Allowed RODC Password Replication Domain local group, 210
Allowed RODC Password Replication Group, 497
AMD processors, 962
American National Standards Institute (ANSI), 909
Anonymous authentication, 1090
Antivirus software, 81
AppCmd.exe command line tool, 1071–1072, 1086–1087
Application pools, 1083, 1086–1087
Application Server role, 842, 852, 854
applicationHost.config files, 1098
Applications. See also Interoperability
Active Directory Application Mode (ADAM) for, 15
Active Directory Lightweight Directory Services and, 523–526
chokepoints in, 755
delegating management of, in IIS, 1095–1097
development modules for, 1064
development settings for, 1076–1080
directory partition for, 490, 524, 562
directory-enabled, 522, 553
domain controller restoring and, 543
failed, 1118
failover clusters and, 720
generic application resource type for, 722–723
globalization of, 1077
Group Policy Objects for deployment of, 940–943
Internet Information Services (IIS) and, 1069–1070, 1093–1094
inventory of, 44
line-of-business, 493
logs of, 370–371
media pools for, 690
mission-critical, 703–704
noncompliant, 348
property changes in, 950–952
published versus assigned, 937–939
recovery of, 1169–1171, 1231–1233
Registry data and, 1196
site-aware, 511
Subsystem for UNIX, 385
troubleshooting printing from, 193–194
UAC prompts disabled to install, 350–351
user profile folder for, 231
Web portal, 469
WINS-dependent, 579
write-intensive, 1185
zap files to deploy, 936–937, 949–950
Architecture
hardware supported by, 85
in upgrading, 82
of Active Directory
-data model in, 20
-Directory System Agent (DSA) in, 19
-global catalog in, 22–23
-naming contexts and partitions in, 22
-naming formats in, 20
-schema implementation in, 20
-security model in, 21–22
Service-Oriented, 742
Archiving logs, 376
Arguments, in PowerShell, 435–436
Arithmetic operators, in scripts, 424
Arrays, in PowerShell, 422–423
ASP (Active Server Pages), 1077–1078
ASP.NET Framework, 1061–1062, 1077, 1090
Assignment operators, in scripts, 424
AT command, 378–379
AT&T, Inc., 911
Attacks
cache corruption, 602
denial of service (DoS), 358, 575, 748, 751, 756–757
dictionary, on passwords, 779
DNS poisoning, 602
MIME types and, 1076
phishing, 747, 837
surface for, 347
vectors for, 746
vulnerabilities to, 751
Attributes
added to classes, 559
AppCmd.exe and, 1071–1072
classes of, 555–557
container object moving and, 505
Directory Services events auditing and, 363
in Active Directory, 17
objectGUID, 17
Password Setting Object, 783–784
RODC filtered, 492
search by, 13–14
Audio files, screening, 664
Audit Directory Service Access, 362
Auditing
Active Directory Domain Services (AD DS)
-configuring, 567–570
-enabling, 570–571
-objects of, 363–366
categories of, 358–362
-account logon events in, 358–359
-account management in, 359
-directory service access in, 359–360
-logon events in, 360
-object access in, 360–361
-policy change in, 361
-privilege use in, 361
-system events in, 361–362
directory service events, 362–363
Dynamic Host Configuration Protocol (DHCP) logs for, 575
enabling, 367–370
for security, 796
global audit policy for, 366–367
policies for, 285, 357–358, 760
registry key security and, 1218
Auditpol.exe command line tool, 365–366, 567–568
AuthAnvil TFA provider, 784
Authentication. See also Remote access
Active Directory, 911
Active Directory Sites and Services and, 511
AD DS object auditing and, 363
certificate-based, 825
Challenge Handshake Authentication Protocol (CHAP) for, 674, 680
Directory Services Restore Mode (DSRM) for, 483
extranet store for, 469
for Terminal Services, 1014–1016
IIS configuration of, 1089–1091
Internet Authentication Service for, 807
iSCSI, 679–680
Kerberos, 21, 33, 359, 508
LanMan hashes and, 797
protocols for, 747
Server Authentication certificate for, 858–868
servers for user profiles and, 233
two-factor, 780, 784
UNIX interoperability and, 907
users and, 212
Workstation Authentication template for, 811
Author mode, of MMC, 353
Authoritative restore, 546, 550–552
Authorization, 603–605, 1016, 1091
Auto quotas, 658–660
Autoenrollment certificates, 890
Automatic restart option, 1145
Auto-remediation, in NAP deployment, 807, 818, 832
Auxiliary object class, 555, 558–560
Availability
as security principle, 748
clusters and, 699, 724–725
fault tolerance versus, 1175, 1188
HPC clusters and, 741
of printers, 182–184
Avenda third-party supplicant, 803
B
Back doors, security and, 757
Background processes, PowerShell scripts as, 387
Backing up, 1147–1174. See also Disaster planning; Restoring; Troubleshooting
Active Directory Domain Services (AD DS)
-database of, 486
-frequency of, 544–545
-need for, 543–544
-overview of, 541–543
-Windows Server Backup for, 545
Backup Once Wizard for, 1157–1159
Distributed File System (DFS) folder targets, 271
Group Policy Objects, 338
hot backups for, 575
in disaster planning, 1142
in Windows Server 2008, 8
installing service for, 1147–1149
PowerShell cmdlets for, 444
print servers, 190–191
Registry, 1221–1222
SANs and, 671
schedule for, 1149–1157
-creating, 1150–1153
-modifying, 1155–1156
-of volumes, 1149
-rotating, 1154–1155
-stopping, 1156–1157
-storage location for, 1149–1150
seeding branch member by, 277
server recovery and, 1165–1174
-applications and data in, 1169–1171
-backup catalog in, 1173–1174
-files and folders in, 1167–1169
-operating system in, 1171–1173
-volumes in, 1166–1167
upgrading and, 81
Wbadmin command for, 1159–1165
Backslash character, 441
Backtick character, 393, 404, 441
Backup Operators group, 208, 210, 543
Basic authentication, 1090
Basic disks, 616, 622–623
Basic tasks, 377–378
Bathtub curve, in electronic failure, 1176
Berkeley Internet Name Domain (BIND) DNS servers, 573, 595, 602, 609
Best practices
for AD DS naming, 479
for Default Domain Controllers Policy, 285
for Default Domain Policy, 285
for PKI deployment, 803
for schema changes, 553
Beta user deployment, of patches, 840
Binary operators, in scripts, 425
BIND. See Berkeley Internet Name Domain (BIND) DNS servers
Binding to instances, 527
Biometric readers, 784
BitLocker, for security, 773–779
encryption with, 9–10, 747, 776–778
features role installation in, 775–776
recovery with, 779
server data volume encryption in, 779
volumes set up in, 773–775
Blue screen of death (BSOD), 1145
Bluetooth devices, 850
BOD (bunch of disks), 617
Boot Configuration Data (BCD) store, 543
Boot failure, 72–74
Bottlenecks, 1111
Branch office deployments, 5, 258, 275–277, 642, 779. See also Read only domain controllers (RODC)
Brownouts, 1181
Buffer overflow vulnerability, 751
Burn-in phase, 1176
Business Desktop Deployment (BDD), 959
Business needs, deployment and, 41–42
C
Cache corruption attacks, on DNS, 602
Caching
at branch offices, 258
duration of, 268–269
in IIS, 1081
integrated disk, 621
System File Protection folder for, 959
Universal Group membership, 23
Capacity
of failover clusters, 726–727
of network load balancing clusters, 716–717
Capture images, 70–71
Case sensitivity, 387
Catalog Recovery Wizard, 1173
Catalog, backup, 1173–1174
Category, searching by, 13–14
Certificate Authority
Enterprise Root, 810
for NAP IPsec enforcement, 808, 810, 816–818
for Protected Extensible Authentication Protocol (PEAP), 890–892
remote access and, 854–855, 857
Root, 825, 877
security of, 889–890
Trusted Root, 879, 896
Certificate Import Wizard, 879
Certificate Services, 747
Group Policy management console and, 816–818
NAP server and, 813–816
overview of, 473
Registry data and, 1195
set up of, 809–813
Certificate Services DCOM Access Domain local group, 210
Certificates
Encrypting File System (EFS), 648
for servers, 1091–1092
for Terminal Services, 1015–1016
Group Policy to deploy, 894–897
Server Authentication, 858–868
software restrictions and, 956, 958
Certified for Windows Server 2008 logo requirements, 556, 1024–1025
CGI restrictions, 1091
Challenge Handshake Authentication Protocol (CHAP), 674, 680, 747
Change command, 1025–1027
Change management, rule of, 749
Checkpoint files, 536
Child partitions, 962, 964
Chokepoints, security, 754–755
Circular logging, 544
Citrix MetaFrame, 1038
Citrix XenServer virtualization, 1002–1003
Classes
auxiliary added to structural, 559–560
definition of, 399
of attributes, 555–557, 559
of objects, 558
WMI, 402
Classification, searching by, 14
Clean service shutdown, 9
Client Access License (CAL), 1042, 1044
Client Certificate Mapping authentication, 1090
Client failover, 258, 261, 269
Clients
Access Point resource type for, 721
connection, 877–881
namespace, 261
printer troubleshooting and, 191–192, 195
RADIUS, 892–893
upgrading, 88
Client-side extensions, 290
Clipboard, in Hyper-V Virtual Machines, 999–1000
Clocks, configuring, 99–100
Clusters, 699–742
description of, 699–701
DHCP server, 593
failover, 592, 718–740
-capacity of, 726–727
-concepts of, 718–720
-configuring, 724–725
-creating, 727–740
-defining, 723
-DFS replication and, 262
-overview of, 701–702
-resource types for, 720–723
for fault tolerance, 1190–1191
HPC (high performance computing), 740–742
in disaster planning, 1142
in Server Core, 702
network load balancing, 706–718
-capacity of, 716–717
-concepts of, 706–707
-creating, 709–716
-fault tolerance provided by, 717
-models of, 707–708
-optimizing, 717–718
print server, 191
private, 674
requirements for, 704–706
scenarios for, 703–704
Storage Manager connections to, 677
Cmd.exe commands, 391–392
Cmdlets, PowerShell, 5
definition of, 387
for data files, 430
for flow control, 431–432
for formatting, 433–434
Foreach-object, 392
Get-ChildItem, 443
Get-Command, 406–408
Get-Credential, 393
Get-Date, 447
Get-Help, 407–409
Get-Member, 407, 409–410, 446
Get-Process, 465
Get-Wmiobject, 402
list of, 394–398
Select-Object, 464
server backup, 444
Stop-Process, 465
tab completion of, 388
Code Red-Nimba worm, 763
Collaboration, DFS replication for, 258
Com+ Event System services, 767
Command line tools
AppCmd.exe, 1071–1072, 1086–1087
Auditpol.exe, 365–366, 567–568
Change command, 1025–1027
dcpromo.exe, 476–477
Dfsradmin, 273–274
Dfsradmin Bulk, 276
Dfsradmin ConnectionSet, 280
Dfsrdiag, 280
Diskpart.exe, 60, 623, 626, 630–631, 637, 685, 774
Diskraid.exe, 679, 687
dsacls, 529
for BitLocker installation, 776
for disk management, 623
for Dynamic Host Configuration Protocol (DHCP), 582, 595
for Roles and Features, 772
for server features, 144–145
for server roles, 135, 138
for Windows Firewall, 793–795
Fsutil.exe, 623, 645
installutil.exe, 414
mapadmin.exe, 915
Mountvol.exe, 623
Mstsc.exe, 427
Net session, 256
Net Share, 256
Net view, 256
netdom, 152
netsh, 151, 156, 392
Ntdsutil.exe, 548, 566
Oclist.exe, 444
Ocsetup.exe, 157, 160
printer management by, 181
Reg.exe, 1220
Regedit.exe, 1217
Rendom.exe, 562
RSM View, 693
ServerManagerCmd.exe, 445, 965
Sysprep.exe, 71
Wbadmin.exe, 541–542, 545, 1159–1165, 1221, 1235–1236
Wevtuil.exe, 392
Comments, in PowerShell scripts, 417–418
Common Engineering Criteria (CEC), 384
Common names (CNs), 18
Community Technology Preview (CTP) of PowerShell, 384, 386–387
Comparison operators, in scripts, 424
Compatibility, 40, 92–93, 477–478, 842, 1119
Complete Memory Dump option, 1145
Compliance solution, Network Access Quarantine as, 800
Component Object Model (COM), 405, 1202
Compression, 257, 263, 280, 447, 514, 609, 1081
Computer Authentication, 896
Computer objects, 503
Computer Security Institute (CSI), 748
Conditional statements, in PowerShell, 426–429
Confidentiality, 746–747
Configuration Tasks Wizard, 1023
Configure And Enable Routing and Remote Access Wizard, 869
Configuring installations, 95–119. See also Server Core
computer name and domain in, 103–106
error reporting in, 111
hardware in, 98–99
Initial Configuration Tasks Wizard in, 118–119
logon for, 97–98
networking in, 101–103
PowerShell addition in, 113–115
Remote Desktop enabling in, 116–117
tasks in, 96–97
time zone in, 99–100
update and feedback enabling in, 106–111
update downloading in, 112
Windows Firewall in, 117–118
Conflict detection, server-based, 593
Conflict resolution, 271–272
Connect To A Workplace Wizard, 881–882
Connect To Server Wizard, 1070
Connection manager, in IIS, 1069–1070
Connection objects, 513, 516–517
Connectivity, 43, 191, 908. See also Networks; Remote access
Consent, prompt for, 350
Consistency, namespaces polling for, 270
Consolidation solution, directory, 469
Consolidation, server. See Virtualization
Constant voltage transformer, 1180–1181
Constructor, definition of, 399
Consuming content, 471
Contacts, 206
Containers
in Active Directory, 17
organizational units as, 34
permissions applied to, 249–250
Content management, permissions for, 1097–1098
Control Panel, 306–335
data sources in, 306–307
devices in, 307–312
Internet settings in, 312–314
Local Users and Groups in, 314–317
Network Options in, 317–320
Power Options in, 320–321
printers in, 322–326
Regional Options in, 326–327
Scheduled Tasks in, 327–329
Services Group Policy Preferences in, 330–333
ConverTo-HTML cmdlet, 430
Cookies folder, in user profiles, 231
Coordinated Universal Time (UTC), 273, 275, 277
Copy-Item cmdlet, 395
Corruption of files, 74–75, 1185
Cost, of RAID configurations, 1189
Cost-benefit analysis, 45
Countdown, time, 449–450
Counters, performance. See also Reliability and Performance Monitor
Data Collection set to monitor, 1125–1126
Performance Monitor additions of, 1112–1113
remote computer to view, 1115
CPU usage
for Terminal Services, 1009
on Reliability and Performance Monitor, 1109
PowerShell to check, 455–456
virtualization and, 984–986
Crash dumps, 111
Create Cluster Wizard, 730
Create New Data Collector Set Wizard, 1121, 1123
Credentials. See also Authentication
caching of, 492
federated trusts and, 472
for trust verification, 509
PowerShell, 393
prompt for, 350
Critical updates, 833
Cross-reference objects, 562
Cross-training, 1140
Cryptocard TFA provider, 784
Cryptographic Operators group, 209–210
Cryptographic Services, 767
CSV (Comma-Separated Values) text, 654
Custom replication topology, 263
Customer Experience Improvement Program (CEIP) settings, 106, 110
Cyclic Redundancy Code (CRC), 75
D
Data
Control Panel sources of, 306–307
corruption of, 1185
integrity of, 747
managing collection of, 1128–1131
PowerShell display of, 410–412
recovery of, 1169–1171, 1231–1233
scheduling collection of, 1126–1128
XML-formatted, 463
Data Collector set, 1119–1126
manual construction of, 1123–1125
Performance Log Users and, 1120
Performance Monitor to create, 1123
template for, 1120–1122
to monitor performance counters, 1125–1126
Data mining, 6
Data model, in Active Directory, 20
Data Protection Manager 2007, 1152–1153
Data-based Registry keys, 1208
Databases, AD DS, 535–541
connection strings for, 1078
garbage collection in, 537
location of, 541
offline defragmentation of, 540–541
online defragmentation of, 537–538
restartable AD DS and, 538–539
storage of, 535–536
Datacenter edition, of Windows Server 2008, 10
Dates, PowerShell and, 447–449
dcpromo.exe command line tool, 476
Debugging, 371, 1145
Default Domain Controllers Policy, 284–285, 363, 366, 478, 568
Default domain NetBIOS name, 486
Default Domain Policy, 284–285, 957
Default execution policy, 416
Default rules, for software restriction, 956
Default user profile, 230
Default-First-Site-Name, 512, 515
Defense in depth, for security, 756, 839
Deferred enforcement, of NAP, 807
Defragmentation, 6, 88
offline, 540–541
online, 537–538
Delayed start, for services, 1238
Delegating
as security feature, 21–22
directory administration, 14
DNS authority, 603–605
in Internet Information Services (IIS)
-configuration store and, 1098–1099
-for content management, 1097–1098
-for site and application management, 1095–1097
-shared configuration and, 1099
permissions
-management, 270
-on Group Policy Objects, 335–336
read-only domain controller administration, 493–495
tasks, 380–381
Denial of service (DoS) attacks, 358, 575, 748, 751, 756–757
Denied RODC Password Replication Domain local group, 211
Denied RODC Passwod Replication Group, 497
Dependencies, 194, 726
Deployment, 39–48, 53–71
automating, 61–63
business needs and, 41–42
documenting network before, 42–45
image additions in, 69–71
information technology department and, 40
installation method in, 53
installation process in, 53–61
overview of, 39–40
roadmap for, 45–48
Windows Deployment Services for, 63–69
Derived file screens, 668
Derived quotas, 663
Desktop display resolution, 155–156
Desktop Experience, 1020
Desktop folder, in user profiles, 231
Destination disk, for backups, 1152
Destination logs, 373
Development environment, directory services for, 469
Device drivers, Registry data and, 1196
Device Manager, 98
Devices, on Control Panel, 307–312
Dfsradmin Bulk command line tool, 276
Dfsradmin command line tool, 273–274
Dfsradmin ConnectionSet command line tool, 280
Dfsrdiag command line tool, 280
DHTML (Dynamic Hypertext Markup Language), 654, 657
Diagnostic Report Wizard, 279
Dial-up networking (DUN), 317, 319–320, 589
Differencing disks, 986–991
Digest authentication, 1090
Digital certificates, 473
Digital signatures, 473
Directory Access Protocol (DAP), 15
Directory partition, 483, 561–562
Directory Service Access feature, 568
Directory Services, 13–23
Active Directory as, 15–21
-architecture of, 19–23
-attributes in, 17
-containers in, 17
-distinguished names in, 18–19
-features of, 15–16
-namespace and name resolution in, 16
-objects in, 17
-schema in, 19
-trees and subtrees in, 17–18
-auditing, 359–360, 362–363
browsing, 1074
-File Server Resource Manager (FSRM) and, 657–663
-File Transfer Protocol (FTP), 1102
-logs of, 537
-overview of, 13–14
-PowerShell and, 443–444
-recursive file copying and, 459
-replication of, 522
-Windows Deployment Services and, 68
-X.500 and, 15
Directory Services Restore Mode (DSRM), 6, 483, 539, 541, 548
Directory Services, installing and configuring, 467–533
Active Directory Certificate Services in, 473
Active Directory Domain Services (AD DS) in, 468, 473–476
Active Directory Domain Services Installation Wizard for, 476–491
-deployment configuration in, 478
-domain controller addition and, 484
-domain naming in, 479
-file locations in, 482
-install from media and, 486–487
-installation completion by, 483
-installation verification by, 484–485
-operating system compatibility and, 477–478
-options of, 485–486
-unattended installation and, 487–489
-uninstalling AD DS by, 489–491
-Windows Server 2008 functional level in, 480–482
Active Directory Domains and Trusts in, 506–510
Active Directory Federation Services (AD FS) in, 472–473
Active Directory Lightweight Directory Services (AD LDS) in, 468–469, 521–533
AD DS synchronization with, 531–533
features of, 522
instances and application partitions in, 523–526
managing, 526–530
replication of, 530–531
Active Directory Rights Management Services (AD RMS) in, 469–472
Active Directory Sites and Services in, 510–521
AD DS replication and, 513–514
launching, 515–521
overview of, 510–513
Active Directory Users and Computers in, 498–505
computer objects and, 503
for AD DS object viewing, 499–503
object moving, renaming, and deleting with, 505
printer publishing with, 504–505
remote computer management with, 504
shared folder publishing with, 504
read-only domain controllers (RODC) in, 492–498
-delegating, 493–495
-description of, 492–493
-password replication policies in, 496–498
-uses of, 493
Directory System Agents (DSAs), 17, 19
Directory-enabled applications, 522, 553
DisableNameChecking registry value, 190
Disaster planning, 1133–1145. See also Backing up; Restoring
backing up in, 544, 1142
fault-tolerant system for, 1141–1142
iterating in, 1140–1141
recovery options in, 1144–1145
resource identification in, 1135
responses in, 1136–1140
risk identification in, 1134–1135
system repair for, 1142–1144
Discretionary Access Control Lists (DACLs), 747
Disk management, 615–649
cluster disk resource type for, 723
command line for, 623
differencing, 988–991
disk additions and, 623–625
Disk Management console for, 620–621
dynamic disks in, 622–623
failures and, 1118
file encryption for, 647–649
for fault tolerance, 1183–1190
-hardware versus software, 1183
-hot-swap and hot-spare, 1189
-RAID levels for, 1183–1189
hardware RAID for, 621–622
in troubleshooting installations, 75–76
operating system recovery and, 1233
partitions and volumes in, 625–641
-creating, 626–631
-dynamic disk conversions and, 631–632
-GPT disk conversions and, 632–633
-logical drives on, 631
-mirror added to, 637–641
-size changes of, 633–637
PowerShell and, 458–459
quorum, 704
quotas for, 641–646
RAID (redundant array of independent disks) in, 619–620
Reliability and Performance Monitor and, 1110
remote management in, 622
software distribution and, 942
space requirements in, 81
terminology in, 616–619
virtualization and, 986–989
Windows operating system upgrades and, 948
witness, 704, 719–720
Diskpart.exe command line tool, 60, 623, 626, 630–631, 637, 685, 774
Diskraid.exe command line tool, 679, 687
Dismounting media, 695–696
Display resolution, desktop, 155–156
Distinguished names, 18–19
Distributed COM Users group, 209, 211
Distributed File System (DFS), 651, 721, 739. See also Namespaces; Storage
backing up and restoring folder targets of, 271
folders of, 239, 267–268
for fault tolerance, 1190
replication of, 271–280
-branch office group for, 275–277
-folders, 272–274, 511
-group for, 271–272
-managing groups for, 278–280
-multipurpose group for, 277–278
-overview of, 262–263
software distribution points and, 939
terminology of, 258–260
Distribution groups, 198–199
Do while and Do until statements, in PowerShell, 429
Documentation
in disaster planning, 1137–1138
network, 42–45
security, 754
Documents
default, 1074
folder redirection and, 340–341
in user profiles, 231
redirecting, 934
Dollar signs
in PowerShell, 435, 438–439
in share names, 256, 339
Domain Admins group, 343, 476
Domain controllers. See also Namespaces
account logon events and, 358
AD DS Installation Wizard and, 481–482
addition of, 484
as schema operations masters, 553
audit policy settings for, 569–570
backing up, 543
backup, 563
default policy for, 284–285, 363, 366, 478, 568
fine-grained password policies and, 781
forced removal of, 491
Ntdsutil.exe to remove, 546–548
replication and, 486, 511
tombstones and, 537
user profiles and, 233
Windows Server 2008, 852
wireless remote access and, 889
Domain Group Policy Objects, 283
Domain local groups, 203, 210–212
Domain local scope, 198
Domain Name System (DNS)
AD DS installation prerequisites for, 475
description of, 573
read-only, 493
servers for, 14, 539, 595–613
-as Active Directory locator service, 16
-forwarders in, 610–613
-interoperating between, 609
-resource records added to, 605–608
-setting up, 596–602
-subdomains for, 603–605
-zone transfers in, 608–609
VPN gateway server and, 859
Domain Naming operations master role, 561–562, 564, 566
Domain profile, for Windows Firewall, 785–786
Domain-based namespaces, 259–260, 265
DomainDNSZones, 642
Domains, 32–38. See also Active Directory Domain Services (AD DS)
Active Directory Users and Computers to change, 501
authorization for, 917
default policy for
designing structure of, 34–35
forest root, 476, 478–479
Fully Qualified Domain Name (FQDN) for, 713
functional levels of, 94, 480, 506, 781
in configuration, 103–106
IPv4-based restrictions on, 1088–1089
multiple, 36–38
naming of, 479
NAP deployment and, 807–808
Network Information System (NIS), 926
object types for, 500
organizational units versus, 33–34, 36, 200
password policies in, 781–784
security for, 35–36
Server Core joining, 152–155
tree-root, 476
trust relationships between, 507–509
UNIX SMB servers for, 911
upgrading and, 87–88
users accounts in, 220–221
Door timeouts, for libraries, 694
DOS batch commands, 385, 391
Dot-sourcing, in PowerShell, 434–435
Downloads folder, in user profiles, 231
Drain Mode, Terminal Services, 8
Drive Maps, 291–293
Driveletter$ special share, 255
Drivers
NLB, 706
printer, 188–189
Registry data and, 1196
rolling back, 1226–1227
signed, 52, 82
troubleshooting, 1226
updated, 81
Drives, 980
failure of, 639–641
hidden shares for, 255
hot-swap and hot-spare, 621
in libraries, 694
installation to, 58–60
logical, 474, 616, 631
NTFS, 631
physical, 616
Storage Manager node for, 675
troubleshooting, 1226
virtualization and, 992–994
Dsacls command line tool, 529
Dsdbutil tool, 528–529
DSN (Database System Name), 1130
Dump, memory, 1145
Duplexing, mirror volumes and, 639
Dynamic disks, 616, 622–623, 631–632, 1183
Dynamic Host Configuration Protocol (DHCP), 14, 190, 356, 574–595, 721
address reservations for, 590–591, 893
authorizing server and activating scope for, 589–590
command line administration of, 595
deployment of, 802
description of, 573
Network Access Quarantine and, 800
network design for, 574–576
relay agent of, 593–595
Relay Agents of, 874–875
routing and remote access setup and, 874
scope creation for, 582–589
server role for, 576–582, 592–593
Dynamic RPC, 790
Dynamic updates, 600–602
Dynamically expanding disks, 986–987
E
Easy Print. See Terminal Services
Edb.chk checkpoint file, 536
Edb.log transaction log, 536
Edbres00001.jrs reserved log files, 536
Edbtmp.log temporary log, 536
Edge Traversal, 791
Edit.com, 909
Effective permissions, 1218
Elapsed time, 449–450
Elevation, 349–352. See also Privileges
plain-text, 837
PowerShell and, 446–447
scripts to verify address for, 422
SMTP, 1076, 1080
Emulation, as virtualization method, 1002
Encrypting File System (EFS), 473, 648–649, 747
Encryption
BitLocker for, 9–10, 776–778
data volume, 779
for wireless remote access, 849
in disk management, 647–649
in Terminal Services Gateway, 7
iSCSI, 679–680
machine key, 1078
of SMTP traffic, 519
Enterprise Admins group, 343, 476
Enterprise directory store, 469
Enterprise edition, of Windows Server 2008, 10
Enterprise features, 771–772
Enterprise roles, 770–771
Environment Group Policy Preference extensions, 293–294
Errors. See also Troubleshooting
Group Policy Preferences and, 305
IIS custom page for, 1075
PowerShell and, 391, 439–441
reporting of, 106, 109, 111
Escape character, 393, 442
Ethernet Jumbo Frames, 674
Ethernet switch, 672, 674
Event logs
Distributed File System, 279
managing, 375–377
PowerShell to check, 453–455
readers group for, 209, 211
security and, 760
warning events on, 186–187
Event trace providers, 1124
Event Viewer, 370–375
applications and services logs in, 370–371
custom views of, 371–372
forwarding and collecting events in, 372–373
on remote computer, 374
subscriptions in, 373–374
task running and, 375
Windows logs in, 370
Events
account logon, 358–359
auditable file system, 369–370
logon, 360
Shutdown Event Tracker for, 1241–1242
system, 362
Exceptions, in screening files, 666
Exchange Management Console (EMC), 385. See also Microsoft Exchange Server 2007
Execution policy, 115, 416
Expiration date, 218, 1127
Explicit permissions, 245, 284
Export-Clixml cmdlet, 430
Export-Csv cmdlet, 395, 430
Exporting
Network File System and, 917
quotas, 645–646, 663
Registry data, 1214–1215
Starter GPO, 288
templates, 1122
virtual machines, 1000–1002
Express Full technology, 1153
Extend Volume Wizard, 634
Extended partitions, 616, 631
Extended volume, 616, 622, 633–636
Extensible schemas, 522
Extensible storage engine (ESENT), 474
External connectivity, 43
External trusts, 508
External virtual networks, 969
Extranet authentication store, 469
F
Failback, 723
Failed request tracing rules, in IIs, 1081
Failover clusters, 592, 718–740
capacity of, 726–727
concepts of, 718–720
configuring, 724–725
creating, 727–740
defining, 723
DFS replication and, 262
HPC clusters and, 741
in disaster planning, 1142
mission-critical applications and, 703
overview of, 701–702
resource types for, 720–723
Failures
events as, 358–359, 362
mean time to, 1176–1177
to find hard disks, 75–76
Fast Logon Optimization, 946
FAT volumes, 81
Fault tolerance, 1175–1191
clustering for, 717, 1190–1191
disk arrays for, 1183–1190
-hardware versus software, 1183
-hot-swap and hot-spare, 1189
-RAID levels for, 1183–1189
Distributed File System for, 1190
for DHCP servers, 575
in disaster planning, 1141–1142
mean time to failure and recovery, 1176–1177
namespace servers for, 266
power supply protection for, 1177–1182
-local failure of, 1178–1179
-long-term outages in, 1182
-short-term outages in, 1182
-voltage variations in, 1179–1181
Favorites folder, in user profiles, 231
FBI Computer Crime Unit, 748
Features wizards, 770–772
Features, server. See Servers
Federation Services, 472–473
Feedback, enabling, 106–111
Fibre Channel, 671–672, 674, 677, 681, 722, 1011, 1190
File encryption, 647–649
File extensions, OLE and, 1202
File groups, 668–670
File permissions, 240–242
File Replication Service (FRS), 262–263, 539
File resources, 239–280
Active Directory publication of shares for, 256–257
advanced settings changes and, 268–271
Distributed File System (DFS) for
-backing up and restoring folder targets of, 271
-folders for, 267–268
-overview of, 257–258
-replication of, 262–263, 271–280
-terminology of, 258–260
inheritance and, 245–246
namespaces for
-client for, 261
-root for, 265–266
-server for, 260–261, 266–267
Net Share command line tool for, 256
NTFS permissions for, 242–244
ownership of, 250–252
permissions and
-assignments of, 247
-file, 241–242
-folder, 246–247
-operations of, 244–245
-share, 240
-special, 248–250
share and storage management for, 252–256
shared folders and, 252
shared types of, 239
File Screening Management, 664
File Server for MacIntosh (FSM), 932
File Server Resource Manager (FSRM)
directory quotas for, 657–663
installation and configuration of, 652–654
reports from, 654–657
screening files and, 663–670
File Server, as resource type, 721
File Services role, 157
File system events, 369–370
File Transfer Protocol (FTP)
for UNIX interoperability, 908
Internet Information Services (IIS) installation of, 1100–1103
PowerShell and, 445
File Type association settings, 311–312
File-type filtering, 646
Filtering
as function, 426
by ISAPI (Internet Server Application Programming Interface), 1083
file-type, 646
ingress and egress, 748
IP packet, 875–877
Windows Firewall, 785
Windows Management Instrumentation (WMI), 786–788
Fine grained group controls, 760
Fine-grained password policies, 6, 781
FIPS-certified, 909
Firewalls. See also Windows Firewall
FTP support of, 1102
host-based, 748
in defense-in-depth security, 756
Performance Logs and Alerts exception for, 1115
ports of, 917
Firmware, 81
Five-nines system, 1175
Fixed-size disks, 986–987
Flexible Single Master Operations (FSMO) roles, 83–84, 561
Flow control, in PowerShell, 431–432
Folders
Group Policy Preferences for, 296–297
permissions for, 246–247
quotas for, 646
redirection of, 282, 339–341
For statement, in PowerShell, 429
ForEach statement, in PowerShell, 429
ForEach-Object cmdlet, 392, 395, 431
Forest root domains, 476, 478–479
ForestDNSZones, 642
Forestrep utility, 553
Forests
creating, 37–38
DFS replication and, 262
functional levels of, 94, 480, 506
in namespace planning, 26–27
need for, 37
trusts of, 508
User Principal Name (UPN) suffixes for, 509–510
Formatting cmdlets, in PowerShell, 395, 412, 433–434
Forms authentication, 1090
Forwarders, DNS, 481, 602, 610–613
Fragmentation of disks, 986
Free media pools, 690
Fsutil.exe command line tool, 623, 645
Full mesh replication topology, 263, 273
Fully Qualified Domain Name (FQDN), 479, 713, 782, 809
Functions, in PowerShell, 425–426, 434
G
Garbage collection, 537
Gateway, Terminal Services. See Terminal Services
Generic application resource type, 722–723
Generic script resource type, 723
Generic service resource type, 723
Geographical naming convention, 29
Get-Alias cmdlet, 395
Get-ChildItem cmdlet, 395, 443
Get-Command cmdlet, 395, 406–408
Get-Content cmdlet, 395, 423
Get-Credential cmdlet, 393, 396
Get-Date cmdlet, 447
Get-Eventing cmdlet, 396
Get-Help cmdlet, 396, 407–409, 422
Get-Item cmdlet, 396
Get-Itemproperty cmdlet, 396
Get-Location cmdlet, 396
Get-Member cmdlet, 396, 407, 409–410, 418, 446
Get-Process cmdlet, 396, 431, 465
Get-Service cmdlet, 396, 411, 413
Get-Variable cmdlet, 396
Get-Wmiobject cmdlet, 396, 402
Gigabit Ethernet switch, 672
Global audit policy, 366–367
Global catalog (GC), 22–23, 482
Global local groups, 203, 212–213
Global scope, for groups, 198
Globalization, of applications, 1077
Globally unique identifiers (GUIDs), 17
GPT (GUID Partition Table) disks, 625, 632–633, 702
Group Policy. See also Group Policy Objects; Group Policy Preferences
applications updating and, 938–939
certificates and, 816–818, 894–897
components of, 282
Default Domain Controller, 366
for folder redirection, 339–341
for printer deployment, 176–179
for printer location tracking, 171
for software management, 935, 947–950, 952
for Windows Firewall, 786–788
groups and, 201
installation extension of
-application deployment GPO in, 940–943
-configuring, 943–947
-distribution point setup in, 939–940
-overview of, 933–935
new features of, 281–282
Object Editor for, 363
PDC Emulator operations master and, 564
refreshing, 337–338
Registry keys and, 1202
Resultant Set of Policy (RSoP) tool for, 341–343
Windows operating system upgrades and, 948
Windows XP processing of, 946
Group Policy Management Editor, 825
Group Policy Objects (GPOs). See also Group Policy Preferences
applications published and, 937
backing up, 338
container object moving and, 505
creating, 284
delegating permissions on, 335–336
deleting, 285
disabling branches of, 337
editing, 284–285
for application deployment, 934, 940–943
implementation order of, 282–283
inheritance order of, 283–284
IPsec boundaries and, 823–824
moving organizational units and, 202
restoring, 338–339
searching for, 285–286
Starter, 286–288
Group Policy Preferences, 288–335
as Group Policy component, 282
Drive Maps, 291–293
Environment, 293–294
Files, 294–295
Folders, 296–297
for Control Panel, 306–335
-data sources in, 306–307
-devices in, 307–312
-Internet settings in, 312–314
-Local Users and Groups in, 314–317
-Network Options in, 317–320
-Power Options in, 320–321
-printers in, 322–326
-Regional Options in, 326–327
-Scheduled Tasks in, 327–329
-Services in, 330–331
-Start Menu in, 331–333
-targeting items in, 333–335
Ini Files, 297–298
Network Shares, 298–300
options for, 305–306
overview of, 288–291
Registry, 300–303
Shortcuts, 303–305
Group Policy Results, 943
Group-Object cmdlet, 396
Groups, 197–213
Admin, 543
Allowed RODC Password Replication, 497
Backup Operators, 543
built-in domain local, 210–212
built-in global local, 212–213
built-in local, 208–210
creating, 204–205
deleting, 205
Denied RODC Password Replication, 497
Domain Admins, 380, 476
Enterprise Admins, 476
folder redirection and, 340–341
for Distributed File System (DFS) replication
-in branch offices, 275–277
-management of, 270, 278–280
-multipurpose, 277–278
-overview of, 271–272
for guests, 209
for security, 795–796
Full Control permission to, 244
in Control Panel, 314–317
in Terminal Services Manager, 1028–1030
organizations units for, 200–202
permission assigned to, 247
RADIUS server, 807, 829
Remediation Server, 832
remote access users, 888
Resultant Set of Policy and, 343
scopes of, 198–200
shadow, 781
strategy for, 202–203
users added to, 205–208
users rights and, 216–217
Guests, group for, 209
H
Handler Mappings, IIS, 1084
Hard disk space, 474
Hard faults, 1110
Hard links, 906–907
Hard quotas, 661
Hardware
failures of, 1118–1119
RAID for, 621–622, 671
virtualization and, 980–984
Hardware abstraction layer (HAL), 1204
Hardware Data Execution Protection (DEP), 964
Hash rules, for software restriction, 956, 958
Hashtables, in PowerShell, 424
Head utility, from UNIX, 464–466
Health and diagnostics modules, in IIS, 1064
Health Policy, for NAP, 804–808, 818–819
Health Registration Authority role, 814–815, 817–818
Here strings, in PowerShell, 420–421
High Security level, 767
HIPAA (Health Insurance Portability and Accountability Act), 800
History, of tasks, 378
Hives, Registry, 1208–1209, 1216
HKCR tree, in Registry, 1203
HKLM HARDWARE Registry subkey, 1203–1204
HKLM SAM Registry subkey, 1204
HKLM SECURITY Registry subkey, 1204
HKLM SOFTWARE Registry subkey, 1205
HKLM SOFTWARE Wow6432Node Registry subkey, 1205
HKLM SYSTEM CurrentControlSet, 1205–1206
HKLM SYSTEM MountedDevices, 1206
Home folders, 228–229
Host Bus Adapter (HBA), 672, 674
Host headers configuration, 1087–1088
Hosts
DNS server records for, 603
firewalls of, 748
NLB cluster and, 716
servers of, 672
Windows Communication Foundation (WCF), 742
Hot backups, 575
Hotfixes, 834
Hot-swap and hot-spare drives, 621, 1186, 1189
HP Array Configuration Utility Command Line Interface (HPACUCLLEXE), 1187
HPC (high performance computing) clusters, 740–742
HTTP downloads, 446
HTTP modules, in IIS, 1064
HTTP redirection, 1075
HTTP settings for servers, 1074–1076
HTTP URLs, 20
HTTP.sys, 1061–1063
Hub and spoke replication topology, 263, 273, 275, 277
Hybrid cluster infrastructure, 702
HyperSnap screen capture utility, 1000
Hypertext Markup Language (HTML), 16
Hypertext Transfer Protocol (HTTP), 16
Hyper-V virtualization, 86
alternatives to, 1002–1003
initial configuration for, 968–974
installation of, 965–968
overview of, 962–965
I
IDE controllers, 980, 986
IDE VHD, 977
Identity management, for UNIX, 914, 923–932
Identity mapping, 917
IEEE 802.x standards, 802, 827–830, 848, 850
Images
additions of, 69–71
corruption of, 74
Windows Image (WIM) files for, 53
Immediate and proper response, rule of, 751
Immediate Tasks, 329
Impersonation, 190, 1090
Import-Clixml cmdlet, 430
Import-Csv cmdlet, 396, 430
Importing
media pools, 690
quotas, 645–646, 663
Registry data, 1214–1215
Starter GPO, 288
templates, 1122
virtual machines, 1000–1002
Incoming Forest Trust Builders domain group, 211
Independent Computing Architecture (ICA) protocol, 1038
Independent software vendors (ISVs), 704
Indigo service-oriented framework, 1062
Inf settings, 298
Information Technology Infrastructure Library (ITIL), 62, 1175
Infrastructure Operations Master roles, 84, 564, 566
Inheritance
as security feature, 21–22
file resources and, 245–246
of Group Policy Objects, 283–284
vulnerability, 758
Ini Files, 297–298
Initial Configuration Tasks Wizard, 61, 775
closing, 118–119
computer settings and, 99
hardware configuration and, 98
server customizing and, 112–113, 116–117
update and feedback settings of, 106
update downloading and, 112
Initialize And Convert Disk Wizard, 623
Initialize TPM Security Hardware Wizard, 777
Inject-eject port timeouts, for libraries, 694
Input box creation, 405–406
Install from media (IMF), 486–487
Install Windows Wizard, 55–56, 92, 774, 1172
Installation. See Windows Server 2008, installing
Installutil.exe command line tool, 414
Instances, 523–527
Integrated Device Electronics (IDE), 618
Integrated disk caching, 621
Integration Services, for virtualization
Integrity principle of security, 747
Intel processors, 962
IntelliMirror, 934–935, 959
Interactivity, PowerShell, 390–391
Interconnects, networks as, 719
Internal virtual networks, 969
International Organization for Standardization Electrotechnical Commission (ISO-IEC), 15
International Telecommunications Union (ITU), 15, 555–557
Internet Assigned Numbers Authority (IANA), 811
Internet Authentication Service (IAS), 807, 848
Internet Explorer, 312–314, 657, 747, 753, 863, 868
Internet Explorer Enhanced Security Configuration (IE ESC), 780
Internet Group Multicast Protocol (IGMP) support, 718
Internet Information Server 6, 841–842
Internet Information Services (IIS), 908, 1061–1104, 1195
administration tools for, 1068–1073
-AppCmd.exe as, 1071–1072
-IIS Manager as, 1068–1070
-Windows Management Instrumentation as, 1073
architecture of, 1062–1065
delegation and permissions in, 1094–1099
-configuration store and, 1098–1099
-for content management, 1097–1098
-for site and application management, 1095–1097
-shared configuration and, 1099
Directory Services and, 16
FTP Publishing Service installed by, 1100–1103
installing, 1065–1067
remote administration by, 1099–1100
server management by, 1073–1084
-HTTP settings for, 1074–1076
-monitoring in, 1081–1082
-performance optimization in, 1081
-request processing in, 1082–1084
-Web application development settings for, 1076–1080
site management by, 1084–1093
-application pool configuration in, 1086–1087
-binding adding in, 1086
-host headers configuration in, 1087–1088
-security configuration in, 1088–1093
-site adding in, 1084–1086
-site viewing in, 1084
-stopping and starting, 1088
virtual directories management by, 1094
Web applications management by, 1093–1094
Internet Information Systems IUSRS group, 209, 211
Internet protocol address resource type, 722
Internet Protocol security (IPsec), 473, 674, 680, 747
Internet Security and Acceleration (ISA) server, 961
Internet settings, on Control Panel, 312–314
Internet Storage Name Server (iSNS), 126
Interoperability, 903–932
MacIntosh, 932
Network File System, 912–923
-legacy user name mapping for, 914–916
-server for, 916–923
UNIX, 903–912
-connectivity for, 908
-file listings for, 904–906
-file systems for, 910–911
-file transfer protocol for, 908
-identity management for, 923–932
-permissions and security for, 904
-printing for, 912
-privilege levels for, 907–908
-symbolic links for, 906–907
-Telnet for, 909–910
Intersite Messaging, 539
Intersite replication, 514
Inter-Site Transport container, 515, 518, 521
Intrasite replication, 513–514
Intrusion-detection sensors, 756
Inventorying libraries, 693–694
Invoke-Expression cmdlet, 396, 420
IP addresses, 573
DHCP scope and, 583–589
for Server Core, 151–152
range and exclusions of, 576
IP packet filtering, 875–877
IP security (IPsec), 800, 802, 819–821. See also Network Access Protection (NAP)
ipconfig command, 391
IPCS special share, 255
IPsecurity (IPsec), 785
ISAPI (Internet Server Application Programming Interface) filters, 1083, 1091
iSCSI
failover clustering and, 1190
Gigabit Ethernet switch and, 672
iSNSClusRes resource type for, 722
network considerations for, 673–674
security for, 679–680
Storage Manager and, 675, 677
support for, 670
targets of, 678–680
ISO 27002, 800
ISO Name Registration Authority, 556
Isolation, 824, 1102–1103
Itanium-Based Systems, 85
J
Job Scheduler, HPC, 742
K
Kaizen, in disaster planning, 1140–1141
Kerberos authentication, 21, 33, 359, 508, 747
Kerberos Key Distribution Center (KDC), 539
Kernel mode, 82
Keys, Registry
data-based, 1208
deleting, 301
removal of, 1214
renaming, 1216
search of, 1212–1213
security of, 1217–1219
updating, 301
volatile, 1208
Knowledge Consistency Checker (KCC), 513–514, 516–517
Korn Shell scripts, 385
L
LAN switch, 672
Language, 326–327, 377
LanMan hashes, 797
Laptops, scopes supporting, 589
Layer 2 Tunneling Protocol (L2TP), 848, 877
Layers, security, 755–756
Ldp.exe tool, 527–528
Lease durations, for networks, 589
Least privilege security theory, 241–242, 749, 760
Legacy hardware and software, 40, 44, 86
Legacy network adapters, 980, 984
Legacy user name mapping, 914–916
Libraries, removable storage and, 691, 693–695
Licenses, 470–471, 1014–1015, 1027, 1038, 1042–1044
Lightning strikes, 1179
Lightweight Directory Access Protocol (LDAP), 15, 19–20, 34, 468. See also Active Directory Lightweight Directory Services
Line -of-business applications, 493
Line Printer Remote (LPR) printer ports, 173
Linked Group Policy Objects, 283
Link-local addresses, 101
Links
hard, 906–907
in user profiles, 231
Mklink command for, 906–907
symbolic, 906–907
Linux systems, 435, 573, 722, 803
Load balancing, 8, 724–725, 850, 939, 1006. See also Network load balancing clusters
Load shedding, 725
Local Group Policy Editor, 365
Local groups, 208–210
Local profiles, 232
Local Security Policy console, 349
Local service account, 766
Local settings folder, in user profiles, 231
Local system account, 766–767
Local System Authority (LSA) subsystem, 19
Local user accounts, 221–222
Local user profiles, 230, 232
Location tracking, 169–172
Location-naming convention, for printers, 167–168, 170
Logical drives, 474, 616, 631
Logical operators, in scripts, 424
Logical Units (LUNs), 681–689
assigning, 684–687
description of, 673
extending, 687–689
full format of new volumes on, 687
in Provision Storage Wizard list, 683
MPIO software and, 677
Storage Manager node for, 675
types of, 682–683
Logical volume, 616
Logon events, 360
Logon rights, 213–216
Logon scripts, 176, 236
Logs
applications and services, 370–371
audit, 575
circular, 544
data, 1129–1131
destination, 373
Edb.log transaction, 536
event, 209, 211, 375–377
Internet Information Service (IIS), 1082
of Distributed File System events, 279
Performance, 209, 211
Performance Log Users and, 1114, 1120, 1125–1126
PowerShell to check, 453–455
Resultant Set of Policy mode for, 343
rotating, 460
transaction, 541
Windows, 370
Loopback processing, 342
Looping statements, in PowerShell, 429–430, 434
M
MAC (Media Access Control) addresses, 591, 983
Machine key encryption, 1078
machine.config files, 1098
MacIntosh interoperability, 932
Majority Node Set (MNS) cluster infrastructure, 702, 704
Mandatory user profiles, 230, 235
mapadmin.exe command line tool, 915
.maphosts file, 915
Master Boot Record (MBR) partition style, 625
Mean time to failure, 1176–1177
Mean time to recover, 1176–1177
Measure-Object cmdlet, 396
Media
physical, 695–696
pools of, 690, 695
removable storage identification of, 691
robotic libraries of, 690
states of, 691–693
Members, definition of, 399
Memory
Complete Memory Dump option for, 1145
failures of, 1118
on Reliability and Performance Monitor, 1110–1111
PowerShell to check, 455–456
virtualization and, 979, 984–986
Memory Manager, 9
Message Passing Interface (MPI), 741–742
Message Queuing, 126
Message routing, 511
Messaging Application Programming Interface (MAPI), 19
Methods, definition of, 399
Microsoft Advanced Server technology, 911
Microsoft Baseline Security Analyzer, 846
Microsoft Data Protection Manager 2007, 385
Microsoft Exchange 2003, 613
Microsoft Exchange Server 2007, 385, 511, 553, 1152
Microsoft iSCSI Initiator Control Panel tool, 677
Microsoft Management Console (MMC), 353–381, 841–842
AT command and, 378–379
auditing AD DS objects in, 363–366
auditing categories and, 358–362
-account logon events in, 358–359
-account management and, 359
-directory service access in, 359–360
-logon events in, 360
-object access in, 360–361
-policy change in, 361
-privilege use in, 361
-process tracking in, 361–362
-system events in, 362
auditing directory service events in, 362–363
auditing enabling by, 367–370
auditing policy and, 357–358
distributing, 356
event logs and, 375–377
Event Viewer and, 370–375
-applications and services logs in, 370–371
-custom views of, 371–372
-forwarding and collecting events in, 372–373
-on remote computer, 374
-subscriptions in, 373–374
-task running and, 375
-Windows logs in, 370
global audit policy in, 366–367
New Taskpad View Wizard for, 355–356
options for, 353–354
remote administration with, 356–357
Server Core administration and, 4
snap-ins to create, 354–355
task delegation with, 380–381
Task Scheduler and, 377–378
Microsoft MPIO Multipathing Support for iSCSI, 675
Microsoft Operations Framework (MOF), 62, 1175
Microsoft Operations Manager (MOM) 2007, 385
Microsoft Product Support Services, 834
Microsoft Report Viewer, 842
Microsoft Security Response Center (MSRC) Bulletin Severity Rating system, 805
Microsoft Solution Accelerator for Business Desktop Deployment (BDD), 959
Microsoft SQL Server 2008, 385
Microsoft System Center Configuration Manager (ConfigManager), 933, 935–936
Microsoft Virtual Machine Manager 2007, 385
Microsoft Virtual Server, 840, 848, 963
Microsoft Windows HPC Server 2008, 385
Migration, 47
MIME (Multipurpose Internet Mail Extensions) types, 1076
Mirror
hardware and software, 1183, 1185
SAN, 683
volume, 617, 622, 633, 635, 637–641
Mission-critical applications, 703–704
Mixed naming convention, 29
Mklink command, 906–907
Mobile systems, 589, 800–801. See also Remote access
Modified Field Modification (MFM) disk management, 618
Modules, IIS, 1063–1065, 1083
Monitoring, IIS, 1081–1082
Mounted volumes, 631
Mounting media, 695–696
Mountvol.exe command line tool, 623
Move-Item cmdlet, 397
MPICH2 specification, of Argonne National Laboratory, 742
MS Blaster worm attack, 763–764, 799–800
MS-ADLDS-Display Specifiers.ldf file, 529
MS-CHAP v2, 888
.msi files, 1053–1056
Mstsc.exe command line tool, 427
Multicast mode, network adapters in, 708, 718
Multicast scopes, 586
Multimaster replication system, 14, 513, 561
Multipath IO (MPIO) software, 674, 677
Music folder, in user profiles, 231
My Group, in Terminal Services, 1028–1030
N
Names
common (CNs), 18
computer, 103–106
conventions for, 68, 219
Database System, 1130
default domain NetBIOS, 486
Default-First-Site, 512, 515
distinguished, 18–19
duplication of, 71
for user accounts, 218
for virtual private network (VPN) connections, 882
formats for, 20
Fully Qualified Domain (FQDN), 713
group, 202–203
legacy user mapping for, 914–916
NetBIOS, 256, 926
Network Name resource and, 726
of domains, 479
of printers, 166–168
PowerShell for renaming files and, 460–461
publicly resolvable DNS, 859
Registry key and value, 1216
relative distinguished (RDNs), 18
renaming user accounts and, 226
resolution of, 16, 30–32
universal principal (UPN), 807–808
User Name Mapping Server for, 239
User Principal, 509–510
World Wide (WWN), 677
Namespaces. See also Distributed File System (DFS); Domains
.NET Framework and, 399
client for, 261
contiguous, for zones, 603
DFS Publishing page for, 739
in Active Directory, 16
management of, 270
planning, 25–32
-contiguous, 37
-for trees and forests, 26–27
-name resolution in, 30–32
-naming convention in, 27–29
polling settings for, 270–271
root for, 265–266
server for, 260–261, 266–267
terminology for, 258
Naming contexts, 22
Navigation toolbar, in IIS, 1069
.NET Framework
compilation in, 1076
globalization in, 1077
performance counters access by, 457
PowerShell and, 398–402
trust levels in, 1077
version 2.0 of, 841–842
Net session command line tool, 256
Net Share command line tool, 256
Net view command line tool, 256
NET.MSMQ protocol listener, 1062
NET.PIPE protocol listener, 1062
NET.TCP protocol listener, 1062
NetBIOS (Network Basic Input-Output System) names, 14, 256, 486, 926. See also Windows Internet Naming Service (WINS)
netdom command-line tool, 152
NetHood folder, in user profiles, 231
NETLOGON special share, 255
netsh command line tool, 151, 156, 392, 595, 793–795
Network Access Protection (NAP), 10, 759, 799–832
certificate server for, 809–818
-Group Policy management console and, 816–818
-NAP server and, 813–816
-set up of, 809–813
client settings for, 819–826
-IPsec boundaries for, 823–826
-IPsec enforcement enabling in, 819–821
-on workstations, 821–823
deployment planning for, 801–804
deployment politics and, 830–832
Health Policy for, 804–808
Health Policy server for, 818–819
IEEE 802.x standard and, 827–830
need for, 799–801
Secure Sockets Tunneling Protocol (SSTP) versus, 850
Network Access Quarantine Control (NAQ), 800
Network Access Translation (NAT) devices, 573, 871
Network and Sharing Center, 883
Network Attached Storage (NAS), 651, 671. See also Storage
Network Configuration Operators group, 209, 211
Network File System (NFS), 43. See also File resources
as resource type, 722, 737
folders for, 239
legacy user name mapping for, 914–916
mounted volumes and, 631
server for, 916–923
-client configuration for, 923
-configuring, 921–922
-NFS share connection to, 922
-NFS share on, 917–921
UNIX systems and, 240, 910
Network Information System (NIS), 923–924, 926
Network interface cards (NICs), 706, 741, 964
Network Load Balancing (NLB), 8, 1006
Network load balancing clusters
capacity of, 716–717
concepts of, 706–707
creating, 709–716
fault tolerance and, 717, 1189–1190
for redundancy, 703
models of, 707–708
optimizing, 717–718
overview of, 700
Network Name resource, 726
Network Policy Server (NPS), 807
for Terminal Services, 1007, 1018
network policy configuration for, 887–889
overview of, 848
per user configuration for, 887
planning for, 848–849
wireless deployment of remote access and, 890
Networks. See also Remote access; Virtualization
AD DS installation prerequisites for, 475
boot failure from distribution points of, 72–74
chokepoints in, 755
configuring, 101–103
Control Panel options for, 317–320
DHCP and, 574–576, 592
documenting, 42–45
failover clusters and, 719
Group Policy Preferences and, 298–300
IP addresses and, 518
iSCSI and, 673–674
lease durations for, 589
on Reliability and Performance Monitor, 1110
patch testing for, 839–840
performance of, 199
print server clusters on, 191
printers and, 169–170, 174–175
security for, 746
service account for, 766
site-aware services for, 511
slow connections of, 342
storage network switch and, 672
Terminal Services need for, 1010
troubleshooting, 191
virtual private, 473, 747–748
virtualization and, 991
WDS settings for, 69
Windows Server Update Services (WSUS) settings for, 844
wireless, 473
zone rules for software restriction in, 956, 958
New Connection Security Rule Wizard, 825
New Namespace Wizard, 265–266
New Replicated Folder Wizard, 280
New Replication Group Wizard, 275, 277
New Scope Wizard, 585, 587
New Taskpad View Wizard, 355–356
New Virtual Machine Wizard, 974–975, 978, 990
New Volume Wizard, 627
New-Alias cmdlet, 397
New-Item cmdlet, 397
New-Itemproperty cmdlet, 397
New-Object cmdlet, 397
New-Variable cmdlet, 397
Nfsmgmt.msc management console, 916
No auditing events, 358
No topology option, for replication topology, 273
Node Template Generation Wizard, 741
Nodes, in failover clusters, 719
Non Sensitive Privilege Use, 361
Nonauthoritative restore, 546, 548–550
Nonredundant storage, 631
Normal mode, of Active Directory Users and Computers, 500–501
Notification
area icon for, 7
standard escalation procedures for, 1139
thresholds for, 662
NT LAN Manager (NTLM) authentication, 747
Ntbackup.exe, 1148–1149
Ntds.dit file, 474
Ntdsutil.exe command line tool
for AD DS database moving, 541
for domain controller removal, 546–548
for DRSM administrator account password, 548
Operations Master roles and, 566
NTFS volumes, 631
content management permissions on, 1098
directory quotas and, 658
encryption available on, 647
permissions for, 240–244, 736, 738
software distribution points and, 940
Ntuser file, 230, 236
O
Obfuscation, security by, 780
Object IDs (OIDs), 556, 811
objectGUID attribute, 17
Objects
access to, 360–361
accidental deletion of, 543
Active Directory Domain Services, 499–503
Active Directory Users and Computers and, 503, 505
AppCmd.exe and, 1071–1072
auditing settings for, 368–370
auxiliary class of, 559–560
classes of, 558
connection, 513, 516–517
cross-reference, 562
Default-First-Site-Name, 515
definition of, 399
in Active Directory, 17
Password Setting, 748
permissions applied to, 249
replication, 515
server, 513, 516–517
site, 515–516
site link, 518–520
site link bridge, 520–521
structural class of, 559–560
subnet, 512, 517–518
System String
taking ownership of, 250–251
tombstones as, 537
Oclist.exe command line tool, 444
Ocsetup.exe command line tool, 157, 160
ODBC manager, 1130
Offline defragmentation, 540–541
OLE class identifiers, 945, 1202
One-time passwords, 784
Online Crash Analysis (OCA), 111
Online defragmentation, 537–538
On-media identifiers, 691
Open Database Connectivity (ODBC), 306
Open With preference items, 310–311
Operating system
compatibility of, 477–478
connectivity of, 43
network, 44
recovery of, 1171–1173, 1233–1234
Operational events, 371
Operations masters roles
managing, 561–564
seizing, 566
transferring, 564–565
Operator requests, removable storage and, 696–697
Operators, in PowerShell, 424–425, 441
Organizational naming convention, 28
Organizational units (OUs)
Active Directory and, 16, 18
Active Directory Users and Computers creation of, 498–499
domains versus, 33–34, 36
for groups, 200–202
Group Policy Objects of, 283
restoring hierarchy of, 552
server core installation and, 152
task delegation to, 380
Original equipment manufacturers (OEMs), 704
Out Of Box Experience (OOBE), 97
Outlook 2003, 837
Output caching, in IIS, 1081
Overhead network traffic, 43
Ownership, 244, 250–252
P
Packages, software management, 947–955
application properties changes and, 950–952
Group Policy and, 947–950
modifications to, 953–955
removing and redeploying, 955
upgrades for, 952–953
Packet filtering, 875–877
Page faults, 1110
Page table entries (PTEs), 1009
Param statement, in PowerShell, 436–438
Parameters, in PowerShell, 391, 412–414, 440–441, 457, 464
Parent disks, 988–989
Parent partitions, 962, 964
Partial failover, 725
Partitions, 625–641
Active Directory Lightweight Directory Services and, 523–526
BitLocker, 774
creating, 626–631
definition of, 616
directory, 483, 490, 522, 524, 561–562
drive options for, 59–60
dynamic disk conversions and, 631–632
extended, 616
GPT disk conversions and, 632–633
home folders on, 229
Hyper-V, 962, 964
in Active Directory, 22
logical drives on, 631
MBR versus GPT, 625
mirror volume and, 637–641
NTFS, 81
parent, 962, 964
primary, 616
volume size changes and, 633–637
Passphrase, 220
passthru parameter, in PowerShell, 464
Password Setting Objects (PSOs), 748, 781, 783–784
Passwords
dictionary attacks on, 779
domain local groups and, 210–211
DRSM administrator account, 548
for users accounts, 219–220
in scripts, 451
one-time, 784
policies for
-domain, 781–784
-fine-grained password, 6
-overview of, 680, 780
-replication, 496–498
-standalone server, 781
resetting, 227
rules for, 219–220
strong, 483
synchronization of, 923–924
theft of, 746
USB Flash drive for saving, 777
Patch management, 833–846
cycle of, 835–839
-assessment phase in, 836
-deployment phase in, 838
-evaluation phase in, 838
-identification phase in, 836–838
-repeat phase in, 839
deployment testing in, 839–841
importance of, 834–835
terminology in, 833–834
third-party products for, 845–846
update obtaining in, 841–845
-automatic, 841
-Systems Center Configuration Manager for, 845
-Windows Server Update Services for, 841–845
Path rules, for software restriction, 956, 958
Path-to-page name form, 20
PDC Emulator Operations Master roles, 563–564, 566
Peak usage for quotas, 660
Per-computer connections, 176
PerfectDisk (Raxco), 88
Performance. See also Reliability and Performance Monitor
counters for, 456–458
fault tolerance and, 1188–1189
HPC (high performance computing) clusters and, 740–742
IIS modules for, 1065
network, 199
of print servers, 187–188
of SANs with iSCSI protocol, 673–674
optimization of, 1081
storage and, 657
Performance Log Users group, 209, 211
Perl scripts, 385
Permissions. See also Authentication
AD DS installation prerequisites for, 476
assignments of, 247
delegating, 270, 335–336
Delegation Of Control Wizard and, 380
Encrypting File System (EFS) and, 649
explicit, 284
file, 240–242
folder, 246–247
for printers, 182
for UNIX interoperability, 904–905
in ASP.NET code access policy, 1077
in Internet Information Services (IIS)
-configuration store and, 1098–1099
-for content management, 1097–1098
-for site and application management, 1095–1097
-shared configuration and, 1099
limiting, 760
NTFS, 242–244, 736, 738, 940
Operations Master roles and, 561
operations of, 244–245
registry key security and, 1217–1219
share, 240, 252
special, 248–250
user rights and, 213
Persistent usage policies, 470
Personal digital assistants (PDAs), 589
Personal identification number (PIN), 773
Personalization data, 469
Per-user connections, 176
Per-user quotas, 643–645
Per-user rules, for Windows Firewall, 785
Phishing attacks, 747
Physical disks, 726
Physical states, of media, 692
Physical to virtual (P2V) conversions, 86
Pictures folder, in user profiles, 231
Pipeline, PowerShell, 387, 438–439
Plain-text e-mail handling, 837
Plug and Play Manager, 1204
Point-to-Point Tunnelling Protocol (PPTP), 848, 877
Poisoning attacks, on DNS, 602
Popup creation, 405–406
Ports, 464, 992–994
POSIX compliance, 928
Power supply, 1177–1182
local failure of, 1178–1179
long-term outages in, 1182
short-term outages in, 1182
voltage variations in, 1179–1181
Power users, 209, 1009
Power, Control Panel options for, 320–321
PowerShell, 904
as server feature, 126
backup scheduled by, 1147
basics of, 386–390
Cmd.exe commands and, 391–392
cmdlets in, 394–398
compressing files and, 447
configuring, 113–115
console input and, 450–451
data display in, 410–412
dates and, 447–449
DHCP administration and, 595
disk space usage checking with, 458–459
elapsed time and, 449–450
error avoidance in, 391
file or directory existence testing in, 443–444
file system tasks in, 442–443
File Transfer Protocol (FTP) and, 445
Flexible Single Master Operations (FSMO) identification by, 83–84
Get-Command cmdlet in, 406–408
Get-Help cmdlet in, 407–409
Get-Member cmdlet in, 407, 409–410
HTTP downloads and, 446
installation of, 541
interactivity in, 390–391
memory and CPU information and, 455–456
multiple targets and, 462–463
open port checking with, 464
overview of, 5, 384
parameters in, 412–414
performance counters access with, 456–458
Registry and, 459, 1219
renaming files with, 460–461
rotating logs with, 460
scheduling tasks with, 461–462
scripting in, 414–442
-.ps1 script creation in, 415–417
-arrays in, 422–423
-comments in, 417–418
-conditional statements in, 426–429
-dot-sourcing in, 434–435
-error handling in, 439–441
-escaping characters in, 442
-exiting from, 434
-flow control in, 431–432
-formatting cmdlets for, 433–434
-From and To files in, 430–431
-functions in, 425–426
-hashtables in, 424
-here strings in, 420–421
-looping statements in, 429–430
-operators in, 424–425
-overview of, 414–415
-param statement in, 436–438
-passing arguments to, 435–436
-pipeline in, 438–439
-redirection operators in, 441
-scope of, 418–419
-strings in, 419–420
-type accelerators in, 441–442
-variables in, 418
-wildcards and regular expressions in, 421–422
secure information storage and, 451
server backup cmdlets in, 444
Server Core management with, 444
server support of, 385
service and process checking with, 451–453
SMTP e-mail and, 446–447
snap-in for, 414
UNIX utilities and, 464–466
user credentials for, 393
Windows Event Log checking with, 453–455
Windows infrastructure for, 398–406
-.NET Framework in, 398–402
-Component Object Model (COM) in, 405
-popup and input boxes created in, 405–406
-Windows Management Instrumentation (WMI) in, 402–404
-Windows Remote Management (WRM) in, 404–405
XML and, 445, 463
PPP authentication, 852
Pre-boot Execution Environment PXE server, 64–65
Preferred DNS Server setting, 481
Preventative action, rule of, 750, 752
Preventative maintenance (PM) program, 1182
Pre-Windows 2000 Compatible Access domain group, 211
Primary domain controllers (PDCs), 16
Primary partition, 616
Primary zones, 598, 600–601
Principal name suffix, 218
Principal, in ACEs, 21
Print Operators group, 209, 211
Printer Migration Wizard, 172–173, 190
Printers, 165–195
Active Directory Users and Computers and, 504–505
availability of and group priorities for, 182–184
command line management for, 181
creating print server for, 168–169
deploying, 166–168
drivers for, 188–189
Group Policy for deploying, 176–179
installing, 174–175
job management for, 179–181
location tracking for, 169–172
MacIntosh interoperability and, 932
migrating servers for, 172–174
on Control Panel, 322–326
pools of, 189–190
print spooling and, 185–187, 721–722
security for, 182
separator pages for, 184–185
server failure and, 190–191
server performance and, 187–188
shared, 255
Terminal Services Easy Print for, 7, 1006
troubleshooting, 191–195
UNIX interoperability and, 912
WMI to install, 403–404
PrintHood folder, in user profiles, 231
Private networks, 719
Private profile, for Windows Firewall, 785–786, 824
Private virtual networks, 970
Private-key security, 21
Privileges
account lockout policies and, 6
applications installed with, 936
auditing and, 361
rule of least, 241–242, 749, 760
UNIX interoperability and, 907–908
Process Monitor, 457–458
Product Identification (PID) code, 53–54
Productivity, availability and, 748
Profiles. See also Users
for Windows Firewall, 785–786, 824
PowerShell default scripts for, 389
Promotion, of domain controllers, 473
Properties, definition of, 399
Protected Extensible Authentication Protocol (PEAP)-CHAP v2, 848, 888, 890–893, 896–898
Protocol listeners, 1062
Provider, PowerShell, 387
Provision A Shared Folder Wizard, 252, 918–920
Provision Storage Wizard, 681, 683, 685
Provisioning
SANS and, 671
Proxy settings, for WSUS, 844
.ps1 script creation, 415–417
Public key infrastructure (PKI)
Active Directory Certificate Services and, 473
best practices for, 803
remote access deployment and, 888
SMTP site links and, 519
Windows Server-based, 856, 868
wireless remote access deployment and, 889
Public networks, 719
Public profile, for Windows Firewall, 785–786, 824
Public-key security, 21
Pulse Frequency Modulation (PFM) disk management, 618
PushPrinterConnection.exe tool, 176–179
PXE server, 65, 68, 72–73
Q
Quorum disk, 704, 727
Quotas
disk management, 641–646
File Server Resource Manager (FSRM), 657–663
for shared folders, 253
software distribution and, 942
R
RADIUS
Network Policy Server (NPS) and, 1007
proxy for, 848
server for, 807, 829, 848, 889
wireless deployment of remote access for, 892–893
RAID (redundant array of independent disks)
for fault tolerance, 717, 1183–1189
for Terminal Services, 1011
in disk management, 617–622
in storage management, 683
virtualization and, 964
RAID-5 SAN, 683
RAID-5 volume, 617, 622, 630, 633, 635–636
RAM, for Terminal Services, 1009
.rdp files, 1053–1056
Read-Host cmdlet, 397
Read-only domain controllers (RODCs), 492–498
backup domain controller role of, 16, 33
delegating, 493–495
description of, 492–493
installation media for, 487
overview of, 5
password replication policies in, 496–498
security for, 798
upgrades and, 83
uses of, 493
Realm trusts, 508
Recent folder, in user profiles, 231
Recovery. See also Troubleshooting
in disaster planning, 1144–1145
mean time to, 1176–1177
of servers, 1227–1236
-applications and data in, 1231–1233
-files and folders in, 1229–1231
-operating system in, 1233–1234
-system state in, 1234–1236
-volumes in, 1227–1228
of services, 331
system, 1222, 1225–1227
Recovery Agent, 648
Recovery Wizard, 1166–1169
Recursion process, 610
Redirection
configuration for, 1098
folder, 282, 339–341
HTTP, 1075
in IntelliMirror, 934
in Registry, 1199
PowerShell operators for, 441
Redundancy
domain-based namespaces and, 259
HPC clusters and, 741
in disaster planning, 1142
mounted volumes for, 631
multiple DHCP servers for, 592–593
of volumes, 636, 641
RAID for, 617
secondary DNS servers for, 596
staff, 760
Web server clustering for, 703
Reflections for Secure IT, 909
Refreshing Group Policy, 337–338
.reg files, 1215
Reg.exe command line tool, 1220
Regedit.exe, 1217
Regedt32, 1211
Regeneration, mirror volumes and, 638–639
Regional Options, on Control Panel, 326–327
Registrars, Internet, 479
Registry, 1193–1222
backing up and restoring, 1221–1222
damaged, 1239
Group Policy Preference extensions for, 300–303
origin of, 1194–1195
PowerShell and, 459
Registry Editors for, 1211–1220
-data importing and exporting by, 1214–1215
-hive loading and unloading by, 1216
-key security and, 1217–1219
-keys and values and, 1212–1214, 1216
-overview of, 1211–1212
-Reg.exe in, 1220
-Regedt32 and, 1211
-remote connection by, 1216
-value contents editing by, 1213
Registry Wizard for, 1209–1210
structure of, 1198–1209
-data storage in, 1206–1209
-root keys in, 1201–1203
-sixty-four and thirty-two bit keys in, 1199–1201
-subkeys in, 1203–1206
troubleshooting, 1226
use of, 1195–1196
virtualization of, 348–349
Windows Server 2008 changes in, 1196–1198
Regular expressions, in PowerShell, 421–422
Relational security, 756–759
Relative distinguished names (RDNs), 18
Relay agents, DHCP, 592–595, 874–875
Reliability, 639, 671
Reliability and Performance Monitor, 1107–1132
data collection managing in, 1128–1131
data collection scheduling in, 1126–1128
Data Collector set in, 1119–1126
-manual construction of, 1123–1125
-Performance Log Users and, 1120
-Performance Monitor to create, 1123
-template for, 1120–1122
-to monitor performance counters, 1125–1126
Performance Monitor in, 1111–1115
Reliability Monitor in, 1115–1119
reports of, 1131–1132
Resource View of, 1107–1111
Remediation Server Group, 832
Remote access, 160, 847–899
clustering and, 703
configuring, 116–117
disk management and, 622, 685
Event Viewer and, 374
for Reliability Monitor viewing, 1116–1117
Internet Information Services (IIS) for, 1099–1100
Microsoft Management Console (MMC) for, 356–357
Network Policy Server (NPS) for
-network policy configuration for, 887–889
-overview of, 848
-per user configuration for, 887
-planning for, 848–849
Performance Monitor for, 1115
policies for, 849–850
PowerShell and, 386, 427–429
Registry Editors for, 1194, 1216
Resultant Set of Policy and, 343
Secure Sockets Tunnelling Protocol (SSTP) for, 850–886
-configuring, 852–857
-connection clients for, 877–881
-connection troubleshooting for, 883–886
-connections for, 881–883
-process of, 851–852
-routing and remote access installation for, 868–877
-Server Authentication certificate for, 858–868
Server Core management and, 4, 156
support for, 850
Terminal Services for, 1008
Windows Management Instrumentation (WMI) and, 455–456
wireless deployment of, 889–898
-access points for, 893–894
-for RADIUS clients, 892–893
-overview of, 889–890
-prerequisites for, 890–892
-secure configuration for, 894–898
Remote Authentication Dial-In User Service (RADIUS). See RADIUS
Remote Data Protocol (RDP), 1038–1042
Remote Desktop Protocol (RDP), 116. See also Terminal Services
Remote Desktop Users group, 209, 211
Remote Desktop Web Connection, 1057–1058
Remote differential compression (RDC) algorithm, 257, 263, 280
Remote Web Workplace, 1055
RemoteApps. See TS RemoteApps
Removable storage
libraries and, 693–695
media pools and, 695
operator requests and, 696–697
physical media and, 695–696
terminology for, 689–693
work queue and, 696
Remove Access VPN connections, 802
Remove-Item cmdlet, 397
Rendom.exe command line tool, 562
Repair, system, 1142–1144
Replicate Folder Wizard, 272
Replication
Active Directory Sites and Services and, 511
domain as unit of, 34
DSA connections for, 19
multimaster, 14, 561, 608
objects of, 515
of Active Directory Domain Services, 513–514
of Active Directory Lightweight Directory Services, 530–531
of directory, 522
of directory partition, 483
of Distributed File System (DFS), 271–280
-branch office group for, 275–277
-folders, 272–274
-for collaboration, 258
-for synchronization, 258
-groups for, 270–272
-managing groups for, 278–280
-multipurpose group for, 277–278
-overview of, 262–263
of domain controllers, 473, 486
of passwords, 496–498
software distribution points and, 939
unidirectional, 492
ReplicationSourceDC value, 159
Replicator group, 209, 211
Reporting mode, 830
Reports
File Server Resource Manager (FSRM), 654–657
of Starter GPO settings, 287
Reliability and Performance Monitor, 1131–1132
Request processing, in IIS, 1082–1084
Reservations, for DHCP address, 590–591, 893
Reserved variable, in PowerShell, 435
Resistance to change, deployment and, 40
Resource organizations, 472
Resources. See also File resources
as Server Core installation benefit, 149
creating clustered, 732–740
DNS records of, 605–608
failover cluster types of, 720–723
identification of, 1135
Resource View for, 1107–1111
standard escalation procedures for, 1139
Responses, in disaster planning, 1136–1140
Responsibility division, for security, 759–761
Restartable Active Directory Domain Services, 6, 538–539
Restoring. See also Backing up; Disaster planning
Active Directory Domain Services (AD DS), 546–552
-authoritative, 550–552
-nonauthoritative, 548–550
-Ntdsutil for domain controller removal in, 546–548
Distributed File System (DFS) folder targets, 271
Group Policy Objects, 338–339
Registry, 1221–1222
seeding branch member by, 277
Restriction policies for software, 955–959
Resultant Set of Policy (RSoP), 341–343, 943
Resynching, mirror volumes and, 638
Retention policy, for logs, 376–377
Return on investment (ROI), 41, 45
RFC 822 names, 20
RID Operations Master roles, 562–564
Rights Management Services, 469–472, 747
Rights, user. See Users
Risks
identification of, 1134–1135
in clusters, 705
in deployment, 47–48
UAC turn off and, 352
Roadmap for deployment, 45–48
Roaming profiles, 230, 232–235, 339, 935
Robotic media libraries, 690–691, 693, 695
Role separation, of administrators, 493
Roles wizards, 770–772
Roles, server. See Servers
Roll Back Driver button, 1226–1227
Rollback semantics, 474
Rolling upgrade, 723
Rollup, update, 834
Root Certificate Authority, 825, 877, 889–890
Root domains, 35, 37
Root hints, 481
Root keys, Registry, 1198, 1201–1203
Root namespace, 258, 265–266
Root users, 908
Routing and Remote Access Service (RRAS), 868–877
RPC Endpoint Mapper, 790–791
RSA SecureII TFA provider, 784
RSM View command line tool, 693
S
Safe Mode, 1238
Sags, in power voltage, 1181
Samba SMB-based UNIX solution, 910–911
SAN (Storage Area Network) Manager
advantages and disadvantages of, 671–672
console for, 675–676
installing, 674–675
iSCSI security for, 679–680
iSCSI targets for, 678–680
logical units (LUNs) for, 681–689
server connections for, 676–677
terminology for, 672–674
Sarbanes-Oxley Act of 2002, 800
Saved Games folder, in user profiles, 231
Saving event logs, 377
Savlik NetChk Protect updating, 111
Scalability, 270, 700
Scheduled Tasks
on Control Panel, 327–329
PowerShell for, 461–462
Volume Shadow Copy Service and, 657, 723
Schema
extensible, 522
Group Policy printer deployment and, 175
in Active Directory, 19–20
in Active Directory Domain Services (AD DS), 552–566
-launching, 554–555
-modifying, 553–560
-Operations Master Roles management in, 561–566
Schema Admins group, 83
Schema Operations Master roles, 83, 553, 561, 564
Scope
DHCP
-activating, 589–590
-creating, 582–589
group, 198–200, 206
in splitting address space, 592
of PowerShell, 418–419
Screen capture utilities, 470, 1000
Screening files, 663–670
audio and video, 664
creating screens for, 664–665
exceptions for, 666
file groups and, 668–670
templates for, 667–668
Scripts. See also PowerShell
DiskPart.exe command line tool and, 630
for printer connections, 176
for user profiles, 236
generic script resource type for, 723
in Group Policy, 282
in Visual Basic, 157
initial Server Core configuration, 153–155
server-side, 1077–1078
SCSI (Small Computer System Interface), 618, 980, 986, 1003, 1011
Searches folder, in user profiles, 231
Searching, 13–14, 174–175
Secondary DNS servers, 596–597
Secondary zones, 598, 601
Secure Shell (SSH), 909
Secure Sockets Layer (SSL), 473, 747, 1091, 1093, 1102
Secure Sockets Tunnelling Protocol (SSTP), 850–886
configuring, 852–857
connection clients for, 877–881
connection troubleshooting for, 883–886
connections for, 881–883
process of, 851–852
routing and remote access installation for, 868–877
Server Authentication certificate for, 858–868
VPNs of, 848
Secured Password (EAP-MSCHAP v2), 888, 893
Secure-Multipurpose Internet Mail Extensions (S-MIME), 473
Security, 745–761, 763–798. See also Network Access Protection (NAP); Patch management
access control lists (ACLs) for, 14
at installation, 764–767
-default services in, 764–766
-system account roles in, 766–767
auditing for, 796
availability principle of, 748
BitLocker for startup, 773–779
-encryption enabling in, 776–778
-features role installation in, 775–776
-recovery with, 779
-server data volume encryption in, 779
-volumes set up in, 773–775
chokepoints for, 754–755
Code Access Security Policy for
confidentiality principle of, 746–747
connection sharing and, 882
delegating permissions and, 336
directory browsing and, 1074
Directory Service Changes feature and, 567
for accounts, 779–784
-disabling administrator account in, 780
-domain password policies for, 781–784
-standalone server password policies for, 781
for domains, 35–36
for Dynamic Host Configuration Protocol (DHCP), 575–576
for Internet Explorer, 863, 868
for iSCSI, 679–680
for PowerShell, 386–387
for printers, 182, 190
for Server Core, 148, 767–769
for site management, 1088–1093
for UNIX interoperability, 904, 907, 911
for wireless deployment of remote access, 894–898
forwarders and, 610
Group Policy settings for, 282
groups for, 795–796
IIS modules for, 1065
in Active Directory architecture, 21–22
in mirror volumes, 639
integrity principle of, 747
LanMan hashes and authentication for, 797
layers of, 755–756
least privilege theory for, 241–242
Local Security Policy console for, 349
Local Security Policy MMC snap-in for, 1120
Microsoft Baseline Security Analyzer for, 846
of certificates, 889
of Registry keys, 1217–1219
of SANs with iSCSI protocol, 673–674
password policies for, 680
read-only domain controllers and, 5, 798
relational, 756–759
responsibility division for, 759–761
roles and features wizards and, 770–773
rules of, 748–751
Schema Admins group and, 83, 554
shared printer preference items and, 324
SMBv2 for, 797
software restriction policies and
SQL Slammer worm and, 751–752
updates for, 833, 837
User Policy Option for, 305
Windows Firewall for, 785–795
-command line management of, 793–795
-Group Policy for, 786–788
-policy for, 791–793
-rule basics for, 788–789
-rule definitions for, 789–791
Windows Server 2008 overview of, 9–10
WMI to update, 403
WPA2 wireless, 848
zones for, 753–754
Security access control lists (SACLs), 1194
Security Accounts Manager (SAM), 14, 1204
Security Functionality Triad, 746
Security groups, 198
Security Identifier (SID), 21, 71, 562, 914
Security principal name (SPN), 218
Select-Object cmdlet, 397, 464
Select-String cmdlet, 397
Semi-trusted (DMZ) zone, for security, 753
SendTo folder, in user profiles, 231
Sensitive Privilege Use, 361
Separation, rule of, 750
Separator pages, for printers, 184–185
Serial Advanced Technology Attachment (SATA), 618, 621, 672
Serially Attached SCSI (SAS), 618–619, 672, 1011, 1141, 1189–1190
Server Authentication certificate, 858–868
Server Core, 147–164. See also Windows Server 2008, installing
backups of, 1148
benefits of, 148–149
clusters in, 702
Dynamic Host Configuration Protocol (DHCP) server for, 589
Hyper-V virtualization on, 963
initial configuration of, 150–160
-activating, 157
-desktop display resolution in, 155–156
-domain joining in, 152–155
-example settings for, 150–151
-IP Address in, 151–152
-remote management enabling in, 156
-roles installation in, 157–160
installing, 4, 149–150
managing, 160–163
-remote shell for, 162
-task workarounds for, 160–161
-Terminal Server RemoteApp for, 162–163
netsh command for, 794
PowerShell management of, 444
security for, 767–769
server role installation on, 521
WINS and, 574
Server Manager
AD DS installation and, 476
Diskmgmt.msc in, 620
for roles and features installation, 121–122, 130
overview of, 8
printer troubleshooting and, 194
to add roles, 131–135
to add server features, 143
to remove roles, 136–138
to remove server features, 144–145
Server Message Block (SMB), 253, 477, 910–912
Server Message Block-Common Internet File System (SMB-CIFS) protocol, 671, 738
Server objects, 513, 516–517
Server operators group, 211
Server Roles Wizard, 1065–1066
ServerManagerCmd.exe command line tool, 445, 965
Servers, 121–145. See also Domain Name System (DNS); Dynamic Host Configuration Protocol (DHCP); Virtualization
certificates for, 1091–1092
data volume encryption in, 779
delegation of, 1095–1096
features of
-adding, 143–144
-list of, 127–129
-removing, 144–145
for PowerShell, 385
home folders created on, 228–229
host, 672
Internet Information Services (IIS) and, 1073–1084
-connections to, 1069–1070
-HTTP settings for, 1074–1076
-monitoring in, 1081–1082
-performance optimization in, 1081
-request processing in, 1082–1084
-Web application development settings for, 1076–1080
Internet Security and Acceleration (ISA), 961
ISAPI (Internet Server Application Programmiing Interface), 1083
load balancing for, 1006
namespace, 258, 260–261, 266–267
Network Access Policy, 848
Network Access Protection (NAP)
-needs for, 802–803
-placement of, 807
-setting up, 813–816
Network File System (NFS)
-client configuration for, 923
-configuring, 921–922
-share connection to, 922
-share on, 917–921
NPS on member, 808
password policies for, 781
PowerShell backup cmdlets for, 444
Pre-boot Execution Environment PXE, 64–65
-creating, 168–169
-failure of, 190–191
-migrating, 172–174
-performance of, 187–188
-troubleshooting, 191–195
RADIUS, 848
recovery of, 1227–1236
-applications and data in, 1169–1171, 1231–1233
-backup catalog in, 1173–1174
-files and folders in, 1167–1169, 1229–1231
-operating system in, 1171–1173, 1233–1234
-system state in, 1234–1236
-volumes in, 1166–1167, 1227–1228
Resource Manager for, 646
roles of
-adding, 131–135
-adding services to, 139–141
-list of, 122–126
-removing, 135–138
-removing services from, 141–142
-value of, 130
SAN (Storage Area Network) Manager connected to, 676–677
starting and stopping, 1070
UNIX SMB domain, 911
User Name Mapping, 239
virtualization and, 45
Web, 703
Server-side scripting, 1077–1078
Service Level Agreements (SLAs), 110, 1175
Service packs, 834
Service-Oriented Architecture (SOA), 742
Services
failover clusters and, 720
for software management, 935–939
generic service resource type for, 723
installation default, 764–766
logs of, 370–371
on Control Panel, 330–331
PowerShell to check, 451–453
status verification of, 1236–1239
Services for UNIX (SFU), 909, 914
Set-Alias cmdlet, 397
Set-Content cmdlet, 397
Set-Item cmdlet, 397
Set-Itemproperty cmdlet, 397
Set-Location cmdlet, 397
Set-Variable cmdlet, 398
Shadow command, 1036
Shadow group, of global security group, 781
Shadow service, 657, 723, 1169, 1231
Share and Storage Management tool, 252–256
Share names, 166
Share or Publish Replicated Folder Wizard, 280
Share permissions, 240, 252. See also File resources
Shared configuration, 1099
Shared documents folder, in user profiles, 231
Shared Folder Wizard, 735
Shared folders, 239, 252, 504–505
Shared nothing clustering, 703
Shared secret, 893
SharePoint Server, 258, 262, 1152
Shavlik's NetChk Protect, 846, 938
Shortcut trusts, 508
Shortcuts, as Group Policy Preferences, 303–305
Shoulder surfing, 746
Shutdown Event Tracker, 1241–1242
Shutting down, 9
Side states, of media, 692–693
Simple Main Transport Protocol (SMTP) site links, 519
Simple SAN, 683
Simple volume, 616
Simulation options, 342
Single point of failure, 639, 755
Single Quorum cluster infrastructure, 702
Single sign-on access, 473
Site link bridge objects, 520–521
Site link objects, 518–520
Site management, 1084–1093. See also Active Directory Sites and Services
application pool configuration in, 1086–1087
bindings added in, 1086
delegating, in IIS, 1095–1097
geographical naming convention and, 29
host headers configuration in, 1087–1088
IIS connections and, 1069–1070
in Advanced Simulation Options, 342
organizational naming convention and, 28
security configuration in, 1088–1093
site adding in, 1084–1086
site viewing in, 1084
stopping and starting, 1088
Site objects, 515–516
Site-aware network services, 511
Site-specific service locator (SRV) records, 511
Sixty-four bit environment, 11
Sixty-four bit keys, Registry, 1199–1201
SLED (single large expensive disk), 617
slmgr.vbs-ipk command line, 54
Smart cards, 473, 784, 888, 893
SMBv2, 797
SMTP e-mail, 446–447, 1076, 1080
Snap-in, PowerShell, 387, 414
Snapshot files, 657, 995, 998–999
Social engineering, 746
Software management, 933–959
Group Policy installation extension for
-application deployment GPO in, 940–943
-configuring, 943–947
-distribution point setup in, 939–940
-overview of, 933–935
Group Policy settings for, 282
packages for, 947–955
-application properties changes and, 950–952
-Group Policy and, 947–950
-modifications to, 953–955
-removing and redeploying, 955
-upgrades for, 952–953
restriction policies in, 955–959
-creating, 957–959
-operations of, 956–957
services for, 935–939
troubleshooting, 1226
updates and, 834
Windows Deployment Services (WDS) for, 959
Sort-Object cmdlet, 398
Source integrity, for security, 747
Spanned SAN, 683
Spanned volume, 617, 622, 628, 633, 635–636
Special permissions, 248–250
Specialized Security-Limited Functionality guidelines, 766–767
Spikes, in power voltage, 1179–1180
Spooling, print, 185–188, 194, 721–722
Spyware, 837
SQL Server, 841, 1152
SQL Slammer worm, 751–752, 758
Staging folder, 279
Stand-alone namespaces, 259–260
Standard edition, of Windows Server 2008, 10
Standard escalation procedures (SEPs), 751, 1136, 1138–1139
Standard operating procedures (SOPs), 1136–1138
Standard Port Monitor, 173
Start Menu, 231, 331–333
Start Terminal Server Licensing Wizard, 1044
Starter Group Policy Objects, 286–288
Start-Process cmdlet, 398
Start-Service cmdlet, 398
Start-Transcript cmdlet, 398
Startup Repair tool, in WRE, 1162
Startup Repair Wizard, 1143
Start-up scripts, 176
States, of Active Directory Domain Services, 539
Static IPv6 address, 475, 482
Stop errors, 76
Stop-Process cmdlet, 465
Stop-Service cmdlet, 398
Stop-Transcript cmdlet, 398
Storage, 651–697. See also Disk management
File Server Resource Manager and, 651–670
-directory quotas for, 657–663
-installation and configuration of, 652–654
-reports from, 654–657
-screening files and, 663–670
of AD DS databases, 535–536
of file resources, 252–256
of Registry data, 1206–1209
PowerShell and, 451
removable, 689–697
-libraries and, 693–695
-media pools and, 695
-operator requests and, 696–697
-physical media and, 695–696
-terminology for, 689–693
-work queue and, 696
SAN (Storage Area Network) Manager for, 670–689
-console for, 675–676
-installing, 674–675
-iSCSI security for, 679–680
-iSCSI targets for, 678–680
-logical units (LUNs) for, 681–689
-SAN advantages and disadvantages and, 671–672
-server connections for, 676–677
-terminology for, 672–674
Share and Storage Management tool for, 252–256
Strings, 419–421, 433, 1078
Striped SAN, 683
Striped volume, 617, 622, 633
Striped with Parity SAN, 683
Strong secrets, 680
Structural object class, 558–560
Stub zones, 598, 601
Subdomains, 603–605
Subkeys, Registry, 1198, 1203–1206
Subnet objects, 512, 517–518
Subscriptions, 372–374
Subsystem for UNIX Applications (SUA), 43, 903, 908, 928–932
Subsystems, Storage Manager node for, 675
Subtractive permissions, 240
Subtrees, in Active Directory, 17–18
Success events, 358–360, 362–363
Suffixes, User Principal Name (UPN), 509–510
Super users, 908
Superscopes, 586, 592
Surge protectors, 1179, 1181–1182
Surges, in power voltage, 1180–1181
Switch statements, in PowerShell, 429
Symbolic links, 906–907
Synchronization, 844–845
DFS replication for, 258
of AD DS with AD LDS, 531–533
of AD LDS and metadirectories, 469
password, 923–924
Sysprep.exe command line tool, 71
System Access Control Lists (SACLs), 359–360, 363, 570
System Center Configuration Manager (SCCM), 111, 806, 1006
System Center Operations Manager (OpsManager), 670, 936
System Center Virtual Machine Manager, 86, 974
System configuration utility, 1239–1240
System file checker, 1240
System File Protection cache folder, 959
System recovery, 1222
System Stability Index, 1115, 1117–1119
System String object
Systems Center Configuration Manager, 836, 845
SYSVOL shares, 255, 474, 482
T
Tab completion, of PowerShell cmdlets, 388
Tail utility, from UNIX, 464–466
Taskpad View Wizard, New, 355–356
Tasks. See also Internet Information Services (IIS)
delegation of, 380–381
event occurrences and, 375
Immediate, 329
PowerShell for scheduling, 461–462
Task Scheduler for, 327–329, 377–378, 449, 657, 723
TCP Offload Engines (TOE), 674
Tee utility, from UNIX, 464–466
Telnet, 909–910
Temp. edb temporary files, 536
Templates
for Data Collector set, 1120–1122
for screening files, 667–668
HPC Node Template Generation Wizard for, 741
quota, 658, 660–663
user profile folder for, 231
Workstation Authentication, 811
Terminal emulation, 909
Terminal Servers License Servers group, 212
Terminal Services, 1005–1059
as chokepoint, 755
clustering and, 703
concepts of, 1007–1008
configuration of, 1037–1042
installation of, 1011–1027
-program installation and, 1024–1027
-remote desktop for administration of, 1023–1024
-steps in, 1011–1020
-user experience improvement and, 1020–1023
licensing of, 1042–1044
overview of, 7–8, 1005–1007
RemoteApps in, 1044–1056
-adding, 1050–1052
-deploying, 1052–1056
-for Server Core, 162–163
-TS Gateway settings for, 1046–1047
-TS Web Access to distribute, 1047–1050
requirements of, 1009–1011
Terminal Services Manager for, 1027–1037
-connections managed by, 1030–1037
-My Group in, 1028–1030
-overview of, 1028
TS Web Access in, 1056–1059
Terminal Services connection authorization policy (TS CAP), 1016
Terminal Services resource authorization policy (TS RAP), 1016
Terminal Services Session Broker, 8, 703
Testing, 223, 1139–1140. See also Virtualization
Test-Path cmdlet, 398
Thirty-two bit keys, Registry, 1199–1201
Three-fold process, rule of, 750
Time, setting, 99–100, 449–450. See also Coordinated Universal Time (UTC)
Tombstones, 537
Total cost of ownership (TCO), 41
Touch utility, from UNIX, 464–466
TPM-based mode, 777–778
Tracking printer locations, 169–172
Transaction logs, locations of, 541
Transforms, package modifications as, 953–955
Transitive trust relationships, 33–34
Transitive two-way trusts, 507
Transmission Control Protocol-Internet Protocol (TCP-IP), 102, 573–614
Domain Name System (DNS) Servers and, 595–613
-forwarders in, 610–613
-interoperating between, 609
-resource records added to, 605–608
-setting up, 596–602
-subdomains for, 603–605
-zone transfers in, 608–609
Dynamic Host Configuration Protocol (DHCP) and, 574–595
-address reservations for, 590–591
-authorizing server and activating scope for, 589–590
-command line administration of, 595
-network design for, 574–576
-relay agent of, 593–595
-scope creation for, 582–589
-server role for, 576–582, 592–593
printers and, 174–175, 324–327
Windows Internet Naming Service (WINS) and, 613
Transport Layer Security (TLS), 473
Tree-root domains, 476
Trees
in Active Directory, 17–18
in multiple domain structure, 35
in namespace planning, 26
in single domain structure, 35
Troubleshooting, 1223–1242. See also Recovery
installations, 72–76
-boot failure, 72–74
-corrupt files, 74–75
-failure to find hard disks, 75–76
-stop errors, 76
printers, 191–195
priorities in, 1223–1225
scripts, 425
Secure Sockets Tunnelling Protocol (SSTP), 883–886
server recovery, 1227–1236
-applications and data in, 1231–1233
-files and folders in, 1229–1231
-operating system in, 1233–1234
-system state in, 1234–1236
-volumes in, 1227–1228
service status verification for, 1236–1239
Shutdown Event Tracker for, 1241–1242
system configuration utility for, 1239–1240
system file checker for, 1240
system information for, 1236
systems recovery, 1225–1227
Terminal Services sessions, 1035
Trust levels, 1077
Trust relationships, 33–34, 507–509
Trust, rule of, 749, 760
Trusted computing base (TCB), 21
Trusted entities, 470
Trusted Root Certificate Authority, 879, 896
Trusted zone, for security, 753
TS Easy Print, 1006
TS Gateway, 1007, 1012, 1046–1047
TS RemoteApps, 7, 1044–1056
adding, 1050–1052
deploying, 1052–1056
for Server Core, 162–163
TS Gateway settings for, 1046–1047
TS Web Access programs in, 1058–1059
TS Web Access to distribute, 1047–1050
TS Session Broker, 1006
TS Web Access, 7, 1006, 1012, 1047–1050, 1052–1053, 1056–1059
Two-factor authentication, 780, 784
Type accelerators, in PowerShell, 441–442
Type. definition of, 399
U
Ultra-Wideband IEEE 802.15.3 technology, 850
Unattend.xml file, 150
Unattended installation and, 487–489
Unicast mode, network adapters in, 706, 708, 718
Uniform Naming Convention (UNC), 20
Uniform Resource Locators (URLs), 20
Uninterruptible power supply (UPS), 1142, 1177, 1180–1181
Universal groups, 22, 203
Universal principal names (UPN), 807–808
Universal scope, for groups, 199
Universal Serial Bus (USB), 722
UNIX systems
backslash character in, 441
file systems based on, 240
interoperability of
-connectivity for, 43, 908
-file listings for, 904–906
-file systems for, 910–911
-file transfer protocol for, 908
-identity management for, 923–932
-permissions and security for, 904
-printing for, 912
-privilege levels for, 907–908
-symbolic links for, 906–907
-Telnet for, 909–910
man command of, 408
Network File System (NFS) resource type and, 722, 737
PowerShell and, 385
sourcing files in, 435
Subsystem for Applications of, 385
systems of, 573
utilities of, 464–466
Unknown Publisher warning, 1058
Unrecognized media pools, 690
Untrusted zone, for security, 753
Update sequence number (USN), 263, 551
Updates. See also Patch management
downloading, 112
dynamic, 600–602
enabling, 106–111
installation and, 93
Upgrading, 79–94
Active Directory, 83–84
architecture in, 82
business results of, 41
clients, 88
domain and computer preparation for, 87–88
hardware support for, 85–86
matrix for, 79–80
performing, 88–94
pre-upgrade steps in, 81–82
rolling, 723
software management packages, 952–953
software support for, 86–87
UPS devices, 81
USB Flash drive, 773, 777
USB keys, security and, 759
User Account Control (UAC), 88, 347–353
Admin Approval Mode (AAM) in, 348
disabling aspect of, 349–352
least privilege security theory in, 241–242
ownership and, 250
registry virtualization and, 348–349
turning off, 352–353
User Datagram Protocol (UDP), 910
User experience improvement, 1020–1023
User mode, of MMC, 354
User Name Mapping Server, 239, 915
User Principal Name (UPN), 509–510
Users
accounts for, 218–223
-deleting, 226
-disabling and enabling, 225–226
-domain, 220–221
-finding, 224–225
-local, 221–222
-moving, 226
-naming, 218
-options for, 218–219
-passwords for, 219–220, 227
-properties of, 222–223
-renaming, 226
-testing, 223
-unlocking, 227–228
groups for, 205–209, 212
home folders for, 228–229
in Control Panel, 314–317
PowerShell credentials for, 393
profiles for, 230–236
-folders in, 230–231
-local, 232
-logon script assigned to, 236
-roaming, 232–235, 339, 935
rights of, 213–217
-group assignment of, 216–217
-local assignment of, 217
-logon, 214–217
V
Validate A Configuration Wizard, 730
Validation tool, for clusters, 701, 718
Values, Registry
contents of, 1213
definition of, 1198
deleting, 301
removal of, 1214
renaming, 1216
search of, 1212–1213
updating, 301
Variables, PowerShell, 418, 435
VBScripts, 385, 405–406, 462
VDS hardware, 675
Version-control system, 1138
Video files, screening, 664
Videos folder, in user profiles, 231
Virtual directories, 1094
Virtual Local Area Networks (VLANs), 674
Virtual PC 2007, 1002
Virtual private networks (VPNs), 473
gateway server name for, 859
meaningful name for, 882
Network Access Protection and, 800, 802
Network Access Translation (NAT) and, 871
Network Options preference item and, 317–319
Root Certificate Authority certificate of, 877
Secure Sockets Tunnelling Protocol (SSTP) and, 848, 850
security for, 747–748
terminal services gateway versus, 7
Virtual Server 2005 R2, 1002
VirtualBox virtualization, 1002–1003
VirtualIron virtualization, 1002
Virtualization, 961–1003
basic virtual machine for, 974–978
for legacy servers, 86
for network configuration testing, 848, 852
Hyper-V for
-alternatives to, 1002–1003
-initial configuration for, 968–974
-installation of, 965–968
-overview of, 962–965
in failover cluster configuration, 725
machine settings for, 978–994
-differencing disks and, 988–991
-for COM ports and floppy drives, 992–994
-for disks and controllers, 986–988
-for hardware additions, 980–984
-for memory and CPU, 984–986
-for network adapters, 991
-overview of, 978–980
management settings for, 994–997
of legacy applications, 44
overview of, 4
patch testing and, 839
Registry, 348–349
server load and, 45
Windows Server Virtualization for, 750
Windows Virtualization Technology for, 619
working with, 998–1002
Virus infection, 1239
Visual Basic scripts, 157
VMware virtualization, 1002–1003
VMware Workstation, 839–840
Volatile Registry keys, 1208
Voltage variations, in power supply, 1179–1181
Volume Shadow Copy Service (VSS), 657, 723, 1169, 1231
Volumes, 625–641
backing up, 1149, 1151, 1154, 1156
BitLocker, 773–775
creating, 626–631
critical, 543
definition of, 616
dynamic disk conversions and, 631–632
encryption of data, 779
extended, 616
GPT disk conversions and, 632–633
hidden shares for, 255
logical, 616
mirror, 617, 637–641
partition logical drives and, 631
RAID-5, 617
recovery of, 1166–1167, 1227–1228
simple, 616
size changes of, 633–637
spanned, 617
striped, 617
Vulnerability to attacks, 751, 758
W
Wbadmin.exe command line tool
features of, 541–542
for Registry backup, 1221
for troubleshooting, 1235–1236
in backing up, 545, 1159–1165
Weakest link, rule of, 750
Web applications
development settings for, 1076–1080
Internet Information Services (IIS) and, 1093–1094
portal, 469
Web edition, of Windows Server 2008, 10
Web enrollment certificate, 877
Web Server (IIS) Support role service, 842
Web server clusters, 703
web.config files, 1098
Wevtuil.exe command line tool, 392
whatif parameter, in PowerShell, 391, 457
Where-Object cmdlet, 398, 431–432
While statement, in PowerShell, 429
Wide Area Network (WAN) connectivity, 43
Wildcards, in PowerShell, 421–422
Windows authentication, 1090
Windows Authorization Access group, 212
Windows Communication Foundation (WCF) Hosts, 742
Windows Complete PC Restore Wizard, 1233
Windows Compute Cluster Server (CCS), 740
Windows Deployment Services (WDS), 53, 62–69
components of, 62–63
configuration for, 64–67
for automating deployment, 62
for software management, 935, 959
in Windows HPC Server, 741
installation steps for, 63–64
Remote Installation Services (RIS) versus, 62
setting properties for, 68–69
WinPE connecting to, 74
Windows Event Collector service, 373
Windows Explorer, 231, 644, 648, 1152
Windows Firewall, 785–795
automatic enabling of, 764
command line management of, 793–795
configuring, 117–118
Group Policy for, 786–788
in Vista, 88
Network Access Protocol (NAP) and, 824–825
overview of, 10
policy for, 791–793
rule basics for, 788–789
rule definitions for, 789–791
software distribution and, 943
Windows Image (WIM) files, 53
Windows Installer packages, 936
Windows Internal Database, 841–842
Windows Internet Naming Service (WINS), 14, 190, 573–574, 579, 613, 721
Windows Kernel Trace provider, 1109
Windows Load Balancing, 706
Windows logs, 370
Windows Management Instrumentation (WMI)
for Windows Firewall, 786–788
Internet Information Services (IIS) and, 1073
PowerShell and, 402–404
PushPrinterConnections.exe tool and, 178–179
remote use of, 455–456
Resultant Set of Policy and, 343
scheduling tasks with, 462
Windows Package Manager, 1066–1067
Windows Process Activation Service (WAS), 1061–1063
Windows Recovery Environment (WRE), 1160, 1162, 1171
Windows Remote Management (WRM), 404–405
Windows Remote Shell, 162
Windows Scripting Host (WSH), 405
Windows Security Health Agent (SHA), 804, 806
Windows Security Health Validator (WSHV), 804, 806, 818
Windows Server 2008, 3–11
Active Directory Domain Services in, 5–6
backup feature of, 8
functional level of, 480–482
PowerShell and, 5
read-only domain controllers (RODCs) of, 5
Registry changes in, 1196–1198
security features of, 9–10
Server Core of, 4
Server Manager of, 8
shutting down, 9
Terminal Services in, 7–8
versions of, 10–11
virtualization with, 4
Windows Server 2008, installing, 51–77
deployment environment for, 53–71
-automating deployment in, 61–63
-image additions in, 69–71
-installation method in, 53
-installation process in, 53–61
-Windows Deployment Services in, 63–69
system requirements for, 51–52
troubleshooting, 72–76
-boot failure, 72–74
-corrupt files, 74–75
-failure to find hard disks, 75–76
-stop errors, 76
Windows Server Backup
for AD DS, 545
for Registry, 1221
for system state data, 542
Windows Server Update Services (WSUS), 93, 111, 841–845, 936
as trusted source, 837
configuration of, 844–845
installing, 841
prerequisites for, 842–844
Setup Wizard for, 843
Windows Server Virtualization, 750, 839–840, 848
Windows Small Business Server 2003, 1055
Windows Software Update Services, 803
Windows System Resource Manager (WSRM), 1018
Windows Virtualization Technology, 619
Windows Vista, 3
Folder Options items for, 309–310
Group Policy and, 938, 946
IEEE 802.1x enforcement and, 829
Network Access Protection (NAP) on, 759
PushPrinterConnection.exe tool and, 178–179
Remote Desktop Client in, 116
Secure Sockets Tunnelling Protocol (SSTP) and, 848
SMBv2 supported by, 797
SSTP VPN requirements of, 877
Start Menu items for, 331–332
upgrading clients to, 88
wireless client configuration for, 896
Windows XP
Folder Options items for, 308–309
Group Policy and, 938, 946
Immediate Task Items of, 329
Power Options item for, 320–321
Power Scheme item for, 321
Start Menu items for, 332–333
Winnt32.msi package, 948
WinPE, 73–74
WinRM service type, 372
Wire Equivalent Privacy (WEP), 850
Wireless deployment of remote access, 889–898
access points for, 893–894
for RADIUS clients, 892–893
overview of, 889–890
prerequisites for, 890–892
secure configuration for, 894–898
Wireless networks, 473
Witness disk, 704, 719–720
Work queue, 696
Worker processes, in IIS, 1082
Workgroup security, for UNIX, 911
Workspace, in IIS, 1069
Workstation Authentication template, 811
World Wide Name (WWN), 677
World Wide Web Publishing Service, 1061–1063
WOW64, 87
WPA2 wireless security, 848–849, 896–898
Write-Host cmdlet, 398, 416
X
X.{five}500 standard, 15, 18
XML, 411, 445, 463, 654
Z
Zap files, for applications deployment, 936–939, 949–950
Zones
contiguous namespace for, 603
for redundancy, 600–601
network rules for, 956, 958
security, 753–754
transfers of, in DNS, 608–609
© Microsoft. All Rights Reserved.